tcp: secure_seq: add back ports to TS offset - kernel - Hosts the 0x221E linux distro kernel.

diff options

author	Eric Dumazet <edumazet@google.com>	2026-03-02 20:55:27 +0000
committer	Sasha Levin <sashal@kernel.org>	2026-03-12 07:09:58 -0400
commit	eae2f14ab2efccdb7480fae7d42c4b0116ef8805 (patch)
tree	652c207bb3c65abe340ca1b87f207cfa659f5134 /include/net/aligned_data.h
parent	8314944cc3bdeaa5a73e6f8a8cf0d94822e625cb (diff)

tcp: secure_seq: add back ports to TS offset

[ Upstream commit 165573e41f2f66ef98940cf65f838b2cb575d9d1 ] This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") tcp_tw_recycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways. One of them is to bring back TCP ports in TS offset randomization. As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset. Fixes: 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") Reported-by: Zhouyan Deng <dengzhouyan_nwpu@163.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com> Acked-by: Florian Westphal <fw@strlen.de> Link: https://patch.msgid.link/20260302205527.1982836-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'include/net/aligned_data.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: