On Thu, Apr 18, 2019 at 09:07:11PM +0000, Amit Klein wrote:
Patch 355b98553789b646ed97ad801a619ff898471b92 makes net_hash_mix() return true 32 bits of entropy. When used in the IP ID generation algorithm, this has the effect of extending the IP ID generation key from 32 bits to 64 bits. However, net_hash_mix() is only used for IP ID generation starting with kernel version 4.1. Therefore, earlier kernels remain with 32-bit key. The patch addresses this issue by explicitly extending the key to 64 bits for kernels v<4.1.
Signed-off-by: Amit Klein aksecurity@gmail.com
net/ipv4/route.c | 4 +++- net/ipv6/ip6_output.c | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-)
I've queued this patch up for the next 3.18.y release, which should happen sometime next week or so. I've cc:ed Ben on the patch as well, so that he can pick it up for the next 3.16.y release. Those usually only happen every other month it seems.
thanks, again for doing this!
greg k-h