DragonFlyBSD Kernel Audit
← dashboard
DF-0485

IPv6 syncache hash uses only 64/128 address bits with 32-bit secret: attacker-guaranteed bucket collisions

Summary

hash_secret is u_int(32-bit) from karc4random(:157,:336). SYNCACHE_HASH(:194-198) trivial XOR fold faddr+faddr>>16+ports. SYNCACHE_HASH6(:200-204) weaker: XORs only s6_addr32[0]+s6_addr32[3] = 64 of 128 bits. Attacker controls all 128 source bits on SYN, holds addr32[0]+addr32[3]+ports fixed varies addr32[1]/[2] -> IDENTICAL hash regardless of secret yet distinct entry (ENDPTS6_EQ memcmp 128-bit). All pile into one bucket -> bucket_limit eviction thrash -> targeted half-open connections dropped. Bounded by bucket_limit/cache_limit. Fix: siphash24/Jenkins keyed hash over full 4-tuple.