On Tue, Feb 07, 2012 at 08:21:55PM +0800, Marek Lindner wrote:
> On Tuesday, February 07, 2012 20:12:00 Andrew Lunn wrote:
> > Does this sequence number have any security relevance? Does it make
> > sense to use the TCP sequence number generation code?
>
> There is no security relevance I know of. The idea was simply to start with
> random number. Random is a bit better than 1. ;-)
>
> Where can I find the TCP sequence number code you are referring to ?
I had to go find it, since i've never looked at it before.
net/core/secure_seq.c:
__u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
__be16 sport, __be16 dport)
but it does not look very re-usable, since it takes all these
addresses. What might be usable is:
__u32 secure_ip_id(__be32 daddr)
{
u32 hash[MD5_DIGEST_WORDS];
hash[0] = (__force __u32) daddr;
hash[1] = net_secret[13];
hash[2] = net_secret[14];
hash[3] = net_secret[15];
md5_transform(hash, net_secret);
return hash[0];
}
passing it the last four bytes of the originator MAC address?
Andrew
