Implementing RFC 6056

Implementing RFC 6056

[Arjun S R]

Hi,
I would like implement RFC 6506 in linux kernel. It seems no one has
implemented it.

Its mainly about Transport protocol port randomisation. The fixed
order[sequence of predictable randomness] of allocation of ephemeral
port to application on request can cause malicious users to hijack
connections based on time spent by the tcp ip api in various states.

I have read the standards and is willing to go forward. Please post comments.
--
Arjun S R

Implementing RFC 6056

[Arjun S R]

Link to the RFC --> http://www.rfc-editor.org/rfc/rfc6056.txt
--
Arjun S R

Implementing RFC 6056

[Greg KH]

On Wed, Jun 01, 2011 at 12:38:34AM +0530, Arjun S R wrote:
> Hi,
> I would like implement RFC 6506 in linux kernel. It seems no one has
> implemented it.
> 
> Its mainly about Transport protocol port randomisation. The fixed
> order[sequence of predictable randomness] of allocation of ephemeral
> port to application on request can cause malicious users to hijack
> connections based on time spent by the tcp ip api in various states.
> 
> I have read the standards and is willing to go forward. Please post comments.

Post your patches on the netdev mailing list and see what they say about
it there.  You might find that this isn't really needed as we already
handle this properly through other means...

Implementing RFC 6056

[Arjun S R]

On Wed, Jun 1, 2011 at 03:11, Greg KH <greg@kroah.com> wrote:
> On Wed, Jun 01, 2011 at 12:38:34AM +0530, Arjun S R wrote:
>> Hi,
>> I would like implement RFC 6506 in linux kernel. It seems no one has
>> implemented it.
>>
>> Its mainly about Transport protocol port randomisation. The fixed
>> order[sequence of predictable randomness] of allocation of ephemeral
>> port to application on request can cause malicious users to hijack
>> connections based on time spent by the tcp ip api in various states.
>>
>> I have read the standards and is willing to go forward. Please post comments.
>
> Post your patches on the netdev mailing list and see what they say about
> it there. ?You might find that this isn't really needed as we already
> handle this properly through other means...
>

Thanks, could you please suggest the files in the kernel source tree
that I should go through for the task?
--
Arjun S R
College Of Engineering,Trivandrum
Facebook : http://www.facebook.com/Arjun.S.R
Twitter: http://twitter.com/Arjun_S_R

Implementing RFC 6056

[Arjun S R]

On Wed, Jun 1, 2011 at 03:11, Greg KH <greg@kroah.com> wrote:
> Post your patches on the netdev mailing list and see what they say about
> it there. ?You might find that this isn't really needed as we already
> handle this properly through other means...
>

Sorry, gmail is making something weird that makes this quoted text
shrink. Please excuse me for that.
--
Arjun S R
College Of Engineering,Trivandrum
Facebook : http://www.facebook.com/Arjun.S.R
Twitter: http://twitter.com/Arjun_S_R

Implementing RFC 6056

[Greg KH]

On Thu, Jun 02, 2011 at 10:58:40PM +0530, Arjun S R wrote:
> On Wed, Jun 1, 2011 at 03:11, Greg KH <greg@kroah.com> wrote:
> > On Wed, Jun 01, 2011 at 12:38:34AM +0530, Arjun S R wrote:
> >> Hi,
> >> I would like implement RFC 6506 in linux kernel. It seems no one has
> >> implemented it.
> >>
> >> Its mainly about Transport protocol port randomisation. The fixed
> >> order[sequence of predictable randomness] of allocation of ephemeral
> >> port to application on request can cause malicious users to hijack
> >> connections based on time spent by the tcp ip api in various states.
> >>
> >> I have read the standards and is willing to go forward. Please post comments.
> >
> > Post your patches on the netdev mailing list and see what they say about
> > it there. ?You might find that this isn't really needed as we already
> > handle this properly through other means...
> >
> 
> Thanks, could you please suggest the files in the kernel source tree
> that I should go through for the task?

Have you looked in net/*

Yes it's a lot, but that would be where you need to make changes if you
were to implement such a thing.

good luck,

greg k-h