diff options
| author | Greg Kroah-Hartman <gregkh@google.com> | 2022-02-03 10:00:04 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@google.com> | 2022-02-03 10:00:04 +0100 |
| commit | 875c0cc8115381f702b12d41de293807f47cdac9 (patch) | |
| tree | 10431bbf56af73e59e2568b7ddd2ef272912fd96 /net/ipv4/ip_output.c | |
| parent | f9409de296c8aa14f421677325bc741b8256e017 (diff) | |
| parent | a09b2d8f61ea0e9ae735c400399b97966a9418d6 (diff) | |
Merge 4.4.302 into android-4.4-p
Changes in 4.4.302
can: bcm: fix UAF of bcm op
Bluetooth: refactor malicious adv data check
s390/hypfs: include z/VM guests with access control group set
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
udf: Restore i_lenAlloc when inode expansion fails
udf: Fix NULL ptr deref when converting from inline format
PM: wakeup: simplify the output logic of pm_show_wakelocks()
serial: stm32: fix software flow control transfer
tty: n_gsm: fix SW flow control encoding/handling
tty: Add support for Brainboxes UC cards.
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
USB: core: Fix hang in usb_kill_urb by adding memory barriers
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
ipv6_tunnel: Rate limit warning messages
net: fix information leakage in /proc/net/ptype
ipv4: avoid using shared IP generator for connected sockets
net-procfs: show net devices bound packet types
drm/msm: Fix wrong size calculation
hwmon: (lm90) Reduce maximum conversion rate for G781
ipv4: raw: lock the socket in raw_bind()
ipv4: tcp: send zero IPID in SYNACK messages
Bluetooth: MGMT: Fix misplaced BT_HS check
Revert "drm/radeon/ci: disable mclk switching for high refresh rates (v2)"
Revert "tc358743: fix register i2c_rd/wr function fix"
KVM: x86: Fix misplaced backport of "work around leak of uninitialized stack contents"
Input: i8042 - Fix misplaced backport of "add ASUS Zenbook Flip to noselftest list"
Linux 4.4.302
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5191d3cb4df0fa8de60170d2fedf4a3c51380fdf
Diffstat (limited to 'net/ipv4/ip_output.c')
| -rw-r--r-- | net/ipv4/ip_output.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index aad369b767f9..080470394612 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -155,12 +155,19 @@ int ip_build_and_send_pkt(struct sk_buff *skb, const struct sock *sk, iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr); iph->saddr = saddr; iph->protocol = sk->sk_protocol; - if (ip_dont_fragment(sk, &rt->dst)) { + /* Do not bother generating IPID for small packets (eg SYNACK) */ + if (skb->len <= IPV4_MIN_MTU || ip_dont_fragment(sk, &rt->dst)) { iph->frag_off = htons(IP_DF); iph->id = 0; } else { iph->frag_off = 0; - __ip_select_ident(net, iph, 1); + /* TCP packets here are SYNACK with fat IPv4/TCP options. + * Avoid using the hashed IP ident generator. + */ + if (sk->sk_protocol == IPPROTO_TCP) + iph->id = (__force __be16)prandom_u32(); + else + __ip_select_ident(net, iph, 1); } if (opt && opt->opt.optlen) { |