diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2023-11-30 13:02:21 +1100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-12-04 09:51:32 +0100 |
| commit | e21b6d69b1e65b341d6c2177258ee2b38c5f6374 (patch) | |
| tree | 497e59d20ef6a1751b0094d42425e8ad2c34e109 /tcp.h | |
| parent | cf83988e967405e898f85bec3da04714b1557397 (diff) | |
| download | passt-e21b6d69b1e65b341d6c2177258ee2b38c5f6374.tar passt-e21b6d69b1e65b341d6c2177258ee2b38c5f6374.tar.gz passt-e21b6d69b1e65b341d6c2177258ee2b38c5f6374.tar.bz2 passt-e21b6d69b1e65b341d6c2177258ee2b38c5f6374.tar.lz passt-e21b6d69b1e65b341d6c2177258ee2b38c5f6374.tar.xz passt-e21b6d69b1e65b341d6c2177258ee2b38c5f6374.tar.zst passt-e21b6d69b1e65b341d6c2177258ee2b38c5f6374.zip | |
tcp: "TCP" hash secret doesn't need to be TCP specific
The TCP state structure includes a 128-bit hash_secret which we use for
SipHash calculations to mitigate attacks on the TCP hash table and initial
sequence number.
We have plans to use SipHash in places that aren't TCP related, and there's
no particular reason they'd need their own secret. So move the hash_secret
to the general context structure.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tcp.h')
| -rw-r--r-- | tcp.h | 2 |
1 files changed, 0 insertions, 2 deletions
@@ -52,7 +52,6 @@ union tcp_listen_epoll_ref { /** * struct tcp_ctx - Execution context for TCP routines - * @hash_secret: 128-bit secret for hash functions, ISN and hash table * @port_to_tap: Ports bound host-side, packets to tap or spliced * @fwd_in: Port forwarding configuration for inbound packets * @fwd_out: Port forwarding configuration for outbound packets @@ -61,7 +60,6 @@ union tcp_listen_epoll_ref { * @pipe_size: Size of pipes for spliced connections */ struct tcp_ctx { - uint64_t hash_secret[2]; struct port_fwd fwd_in; struct port_fwd fwd_out; struct timespec timer_run; |