HomeFreeBSD
Diffusion FreeBSD src repository cd91df3292bf

icmp: use per rate limit randomized jitter
cd91df3292bf
Actions

Description

icmp: use per rate limit randomized jitter

Using the same random jitter for multiple rate limits allows an
attacker to use one rate limiter to figure out the current jitter
and then use this knowledge to de-randomize the other rate limiters.
This can be mitigated by using a separate randomized jitter for each
rate limiter.
This issue was reported as issue number 10 in Keyu Man et al.:
SCAD: Towards a Universal and Automated Network Side-Channel
Vulnerability Detection

Reviewed by: rrs, Peter Lei, glebius
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48804
Approved by: re (cperciva)

(cherry picked from commit 923c223f27e792e51ca13c476428adbbf6887551)
(cherry picked from commit e1dd07ede92382bdcc52b3093e8f2ec5d9c88467)

Details

Provenance
tuexenAuthored on Mon, Feb 10, 9:16 PM
Reviewer
rrs
Differential Revision
D48804: icmp: use per rate limit randomized jitter
Parents
rG5f2744d520e9: icmp: improve INVARIANTS check
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
netinet/
netinet6/

rGcd91df3292bf

View Options

sys/netinet/ip_icmp.c

Loading...
View Options

sys/netinet6/icmp6.c

Loading...