linux-hardened/net/ipv4
Stephen Hemminger 227b60f510 [INET]: local port range robustness
Expansion of original idea from Denis V. Lunev <den@openvz.org>

Add robustness and locking to the local_port_range sysctl.
1. Enforce that low < high when setting.
2. Use seqlock to ensure atomic update.

The locking might seem like overkill, but there are
cases where sysadmin might want to change value in the
middle of a DoS attack.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 17:30:46 -07:00
..
ipvs [NET]: Make core networking code use seq_open_private 2007-10-10 16:55:33 -07:00
netfilter [NETFILTER]: Make netfilter code use the seq_open_private 2007-10-10 16:55:34 -07:00
af_inet.c [IPV4]: Add ICMPMsgStats MIB (RFC 4293) 2007-10-10 16:51:28 -07:00
ah4.c [IPSEC]: Move IP protocol setting from transforms into xfrm4_input.c 2007-10-10 16:55:56 -07:00
arp.c [NET]: Make core networking code use seq_open_private 2007-10-10 16:55:33 -07:00
cipso_ipv4.c [CIPSO]: remove duplicated code in the cipso_v4_*_getattr() functions 2007-10-10 16:51:17 -07:00
datagram.c [IPV4]: Fix "ipOutNoRoutes" counter error for TCP and UDP 2007-06-03 18:08:50 -07:00
devinet.c [IPV4]: When possible test for IFF_LOOPBACK and not dev == loopback_dev 2007-10-10 16:52:48 -07:00
esp4.c [IPSEC]: Move IP protocol setting from transforms into xfrm4_input.c 2007-10-10 16:55:56 -07:00
fib_frontend.c [NETLINK]: Introduce nested and byteorder flag to netlink attribute 2007-10-10 16:49:16 -07:00
fib_hash.c [NET]: Make core networking code use seq_open_private 2007-10-10 16:55:33 -07:00
fib_lookup.h [RTNETLINK]: Fix sending netlink message when replace route. 2007-05-24 16:36:53 -07:00
fib_rules.c [IPV4/IPV6/DECNET]: Small cleanup for fib rules. 2007-10-10 16:51:22 -07:00
fib_semantics.c [NETLINK]: Introduce nested and byteorder flag to netlink attribute 2007-10-10 16:49:16 -07:00
fib_trie.c [NET]: Make core networking code use seq_open_private 2007-10-10 16:55:33 -07:00
icmp.c [IPV4]: Add ICMPMsgStats MIB (RFC 4293) 2007-10-10 16:51:28 -07:00
igmp.c [NET]: Make core networking code use seq_open_private 2007-10-10 16:55:33 -07:00
inet_connection_sock.c [INET]: local port range robustness 2007-10-10 17:30:46 -07:00
inet_diag.c [NETLINK]: Avoid pointer in netlink_run_queue 2007-10-10 16:51:24 -07:00
inet_hashtables.c [INET]: local port range robustness 2007-10-10 17:30:46 -07:00
inet_lro.c [NET]: sparse warning fixes 2007-10-10 16:54:48 -07:00
inet_timewait_sock.c [NET]: DIV_ROUND_UP cleanup (part two) 2007-10-10 16:48:37 -07:00
inetpeer.c [IPV4]: Fix inetpeer gcc-4.2 warnings 2007-07-20 19:39:17 -07:00
ip_forward.c [IPV4] IPSEC: Omit redirect for tunnelled packet. 2007-10-10 16:48:33 -07:00
ip_fragment.c [NET]: Make the device list and device lookups per namespace. 2007-10-10 16:49:10 -07:00
ip_gre.c [NET]: Move hardware header operations out of netdevice. 2007-10-10 16:52:52 -07:00
ip_input.c [NET]: Make packet reception network namespace safe 2007-10-10 16:49:08 -07:00
ip_options.c [IPV4] ip_options.c: kmalloc + memset conversion to kzalloc 2007-07-31 14:06:45 -07:00
ip_output.c [NET]: Move hardware header operations out of netdevice. 2007-10-10 16:52:52 -07:00
ip_sockglue.c [NET]: sparse warning fixes 2007-10-10 16:54:48 -07:00
ipcomp.c [IPSEC]: Move IP protocol setting from transforms into xfrm4_input.c 2007-10-10 16:55:56 -07:00
ipconfig.c [NET]: Wrap netdevice hardware header creation. 2007-10-10 16:52:50 -07:00
ipip.c [NET]: Nuke SET_MODULE_OWNER macro. 2007-10-10 16:51:13 -07:00
ipmr.c [NET]: Make core networking code use seq_open_private 2007-10-10 16:55:33 -07:00
Kconfig [NET]: Generic Large Receive Offload for TCP traffic 2007-10-10 16:47:46 -07:00
Makefile [NET]: Generic Large Receive Offload for TCP traffic 2007-10-10 16:47:46 -07:00
netfilter.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
proc.c [NET]: sparse warning fixes 2007-10-10 16:54:48 -07:00
protocol.c [IPV4]: align inet_protos[] on SMP 2007-04-25 22:28:20 -07:00
raw.c [NET]: Make core networking code use seq_open_private 2007-10-10 16:55:33 -07:00
route.c [NET]: Make core networking code use seq_open_private 2007-10-10 16:55:33 -07:00
syncookies.c [SK_BUFF]: Introduce tcp_hdr(), remove skb->h.th 2007-04-25 22:25:26 -07:00
sysctl_net_ipv4.c [INET]: local port range robustness 2007-10-10 17:30:46 -07:00
tcp.c [TCP]: Return useful listenq info in tcp_info and INET_DIAG_INFO. 2007-10-10 16:51:35 -07:00
tcp_bic.c [TCP]: Remove num_acked>0 checks from cong.ctrl mods pkts_acked 2007-10-10 16:47:55 -07:00
tcp_cong.c [TCP]: remove unused argument to cong_avoid op 2007-07-18 01:46:58 -07:00
tcp_cubic.c [TCP]: Remove num_acked>0 checks from cong.ctrl mods pkts_acked 2007-10-10 16:47:55 -07:00
tcp_diag.c [TCP]: Return useful listenq info in tcp_info and INET_DIAG_INFO. 2007-10-10 16:51:35 -07:00
tcp_highspeed.c [TCP]: remove unused argument to cong_avoid op 2007-07-18 01:46:58 -07:00
tcp_htcp.c [TCP]: H-TCP maxRTT estimation at startup 2007-08-07 18:29:05 -07:00
tcp_hybla.c [TCP]: remove unused argument to cong_avoid op 2007-07-18 01:46:58 -07:00
tcp_illinois.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_input.c [TCP]: Separate lost_retrans loop into own function 2007-10-10 16:55:51 -07:00
tcp_ipv4.c [INET]: local port range robustness 2007-10-10 17:30:46 -07:00
tcp_lp.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_minisocks.c [TCP]: Move sack_ok access to obviously named funcs & cleanup 2007-10-10 16:48:00 -07:00
tcp_output.c [TCP]: Fix two off-by-one errors in fackets_out adjusting logic 2007-10-10 16:54:47 -07:00
tcp_probe.c [NET]: Make /proc/net per network namespace 2007-10-10 16:49:06 -07:00
tcp_scalable.c [TCP]: remove unused argument to cong_avoid op 2007-07-18 01:46:58 -07:00
tcp_timer.c [TCP]: Move sack_ok access to obviously named funcs & cleanup 2007-10-10 16:48:00 -07:00
tcp_vegas.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_vegas.h [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_veno.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_westwood.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_yeah.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tunnel4.c [IPSEC]: Changing API of xfrm4_tunnel_register. 2007-02-13 12:54:47 -08:00
udp.c [INET]: local port range robustness 2007-10-10 17:30:46 -07:00
udp_impl.h [UDP]: Randomize port selection. 2007-10-10 16:48:31 -07:00
udplite.c [UDP]: Randomize port selection. 2007-10-10 16:48:31 -07:00
xfrm4_input.c [IPSEC]: Move IP protocol setting from transforms into xfrm4_input.c 2007-10-10 16:55:56 -07:00
xfrm4_mode_beet.c [IPSEC]: Move IP length/checksum setting out of transforms 2007-10-10 16:55:56 -07:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c [IPSEC]: Move IP length/checksum setting out of transforms 2007-10-10 16:55:56 -07:00
xfrm4_output.c [IPSEC]: Move IP length/checksum setting out of transforms 2007-10-10 16:55:56 -07:00
xfrm4_policy.c [NET]: Make the loopback device per network namespace. 2007-10-10 16:52:49 -07:00
xfrm4_state.c [IPSEC]: exporting xfrm_state_afinfo 2007-02-08 12:39:00 -08:00
xfrm4_tunnel.c [IPSEC]: Move IP protocol setting from transforms into xfrm4_input.c 2007-10-10 16:55:56 -07:00