net/core/secure_seq.c
Source file repositories/reference/linux-study-clean/net/core/secure_seq.c
File Facts
- System
- Linux kernel
- Corpus path
net/core/secure_seq.c- Extension
.c- Size
- 3678 bytes
- Lines
- 137
- Domain
- Networking Core
- Bucket
- Sockets, Protocols, Packet Path, And Network Policy
- Inferred role
- Networking Core: exported/initcall integration point
- Status
- integration implementation candidate
Why This File Exists
Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Exports symbols or registers init work; inspect boot/module ordering and who consumes the exported contract.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/kernel.hlinux/init.hlinux/module.hlinux/cache.hlinux/random.hlinux/hrtimer.hlinux/ktime.hlinux/string.hlinux/net.hlinux/siphash.hnet/secure_seq.hlinux/in6.hnet/tcp.h
Detected Declarations
function net_secret_initfunction seq_scalefunction secure_tcpv6_seq_and_ts_offfunction secure_ipv6_port_ephemeralfunction secure_tcp_seq_and_ts_offfunction secure_ipv4_port_ephemeralexport secure_tcpv6_seq_and_ts_offexport secure_ipv6_port_ephemeralexport secure_tcp_seq_and_ts_offexport secure_ipv4_port_ephemeral
Annotated Snippet
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (C) 2016 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
*/
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/cache.h>
#include <linux/random.h>
#include <linux/hrtimer.h>
#include <linux/ktime.h>
#include <linux/string.h>
#include <linux/net.h>
#include <linux/siphash.h>
#include <net/secure_seq.h>
#if IS_ENABLED(CONFIG_IPV6) || IS_ENABLED(CONFIG_INET)
#include <linux/in6.h>
#include <net/tcp.h>
static siphash_aligned_key_t net_secret;
#define EPHEMERAL_PORT_SHUFFLE_PERIOD (10 * HZ)
static __always_inline void net_secret_init(void)
{
net_get_random_once(&net_secret, sizeof(net_secret));
}
#endif
#ifdef CONFIG_INET
static u32 seq_scale(u32 seq)
{
/*
* As close as possible to RFC 793, which
* suggests using a 250 kHz clock.
* Further reading shows this assumes 2 Mb/s networks.
* For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
* For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
* we also need to limit the resolution so that the u32 seq
* overlaps less than one time per MSL (2 minutes).
* Choosing a clock of 64 ns period is OK. (period of 274 s)
*/
return seq + (ktime_get_real_ns() >> 6);
}
#endif
#if IS_ENABLED(CONFIG_IPV6)
union tcp_seq_and_ts_off
secure_tcpv6_seq_and_ts_off(const struct net *net, const __be32 *saddr,
const __be32 *daddr, __be16 sport, __be16 dport)
{
const struct {
struct in6_addr saddr;
struct in6_addr daddr;
__be16 sport;
__be16 dport;
} __aligned(SIPHASH_ALIGNMENT) combined = {
.saddr = *(struct in6_addr *)saddr,
.daddr = *(struct in6_addr *)daddr,
.sport = sport,
.dport = dport
};
union tcp_seq_and_ts_off st;
net_secret_init();
st.hash64 = siphash(&combined, offsetofend(typeof(combined), dport),
&net_secret);
if (READ_ONCE(net->ipv4.sysctl_tcp_timestamps) != 1)
st.ts_off = 0;
st.seq = seq_scale(st.seq);
return st;
}
EXPORT_SYMBOL(secure_tcpv6_seq_and_ts_off);
u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
__be16 dport)
{
const struct {
struct in6_addr saddr;
struct in6_addr daddr;
unsigned int timeseed;
__be16 dport;
} __aligned(SIPHASH_ALIGNMENT) combined = {
.saddr = *(struct in6_addr *)saddr,
.daddr = *(struct in6_addr *)daddr,
Annotation
- Immediate include surface: `linux/kernel.h`, `linux/init.h`, `linux/module.h`, `linux/cache.h`, `linux/random.h`, `linux/hrtimer.h`, `linux/ktime.h`, `linux/string.h`.
- Detected declarations: `function net_secret_init`, `function seq_scale`, `function secure_tcpv6_seq_and_ts_off`, `function secure_ipv6_port_ephemeral`, `function secure_tcp_seq_and_ts_off`, `function secure_ipv4_port_ephemeral`, `export secure_tcpv6_seq_and_ts_off`, `export secure_ipv6_port_ephemeral`, `export secure_tcp_seq_and_ts_off`, `export secure_ipv4_port_ephemeral`.
- Atlas domain: Networking Core / Sockets, Protocols, Packet Path, And Network Policy.
- Implementation status: integration implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.