Commit 3a91961d authored by Eric Dumazet's avatar Eric Dumazet Committed by Zheng Zengkai
Browse files

tcp: resalt the secret every 10 seconds 

stable inclusion
from stable-v5.10.117
commit d254309aab27fdcdc68e6bc9c663e51f3e7b37dc
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5L66B

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d254309aab27fdcdc68e6bc9c663e51f3e7b37dc



--------------------------------

[ Upstream commit 4dfa9b43 ]

In order to limit the ability for an observer to recognize the source
ports sequence used to contact a set of destinations, we should
periodically shuffle the secret. 10 seconds looks effective enough
without causing particular issues.

Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: default avatarWilly Tarreau <w@1wt.eu>
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
Acked-by: default avatarXie XiuQi <xiexiuqi@huawei.com>
parent cbb7da79
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment