Reputation: 1148
Why does the Linux IPv4 stack need random numbers?
I'd like to ask a question about the IPv4 fragment manager in the Linux kernel (net/ipv4/inet_fragment.c). I don't understand why the structure inet_frags (include/net/inet_frag.h) has got an "rnd" field, which is obviously filled in with random numbers. I mean, I don't expect my IPv4 stack to reassemble my packets in a random order ^^.
Could you help me plz? Thx in advance. (Kernel 3.4.4)
Upvotes: 2
Views: 195
Answers (1)
Reputation: 136286
The implementation uses a hash to store IP datagram fragments. Hash tables with a fixed hash function are prone to denial of service hash collision attack. So, they add a random seed to each hash function to protect from the attack.
See http://www.iss.net/security_center/reference/vuln/linux-kernel-packets-dos.htm :
The Linux Kernel is vulnerable to a denial of service, caused by improper handling of TCP/IP fragment reassembly. A remote attacker could send specially-crafted packets that would cause a large number of hash table collisions, which would consume all available CPU resources.
Upvotes: 6
Related Questions
- Why the version" field of IPv4 protocol is set to the higher 4-bits of the first byte?
- Is the IP ID Sequence Number purely for application use or will it have system side effects?
- Why is IPV4 represented in base 10
- Is there a system call for random numbers?
- IPv6: Why are IPv4-mapped addresses a security risk?
- Why are linux's IPv4 address taking 16 bytes instead of 4
- Generate random number in kernel module
- Setting Linux IP with C/C++
- Determining size of IP header. Why is it different from others?
- Why the base addresses of 4 segments are identical in the Linux kernel?