├── COPYING
├── LICENSE
├── Makefile
├── README.md
├── build.sh
├── changelog.upstream
├── debian
    ├── 30-tirdad.conf
    ├── 30_tirdad.conf
    ├── changelog
    ├── control
    ├── copyright
    ├── make-helper-overrides.bsh
    ├── rules
    ├── source
    │   ├── format
    │   └── lintian-overrides
    ├── tirdad-dkms.dkms
    ├── tirdad-dkms.install
    ├── tirdad-dkms.triggers
    ├── tirdad.install
    └── watch
├── legacy
    └── tirdad.c
└── module
    ├── Makefile
    └── tirdad.c


/COPYING:
--------------------------------------------------------------------------------
 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 2 | 
 3 | Files: *
 4 | Copyright: Copyright (c) 2015-2018 Sirus Shahini
 5 | License: GPL-3
 6 |  This package is free software; you can redistribute it and/or modify
 7 |  it under the terms of the GNU General Public License as published by
 8 |  the Free Software Foundation; either version 3 of the License, or
 9 |  (at your option) any later version.
10 |  .
11 |  This package is distributed in the hope that it will be useful,
12 |  but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  GNU General Public License for more details.
15 |  .
16 |  You should have received a copy of the GNU General Public License
17 |  along with this package; if not, write to the Free Software
18 |  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
19 |  .
20 |  On Debian systems, the complete text of the GNU General
21 |  Public License can be found in `/usr/share/common-licenses/GPL-3'.
22 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | This program is available under the terms of GPLv3 license.
2 | Refer to COPYING for more information.
3 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | ifneq ($(KERNELRELEASE),)
 2 | 	KERNELDIR ?= /lib/modules/$(KERNELRELEASE)/build
 3 | else
 4 | 	## KERNELRELEASE not set.
 5 | 	KERNELDIR ?= /lib/modules/$(shell uname -r)/build
 6 | endif
 7 | 
 8 | pwd := $(shell pwd)/module
 9 | 
10 | all:
11 | 	@echo "KERNELDIR: $(KERNELDIR)"
12 | 	cd module; make -C $(KERNELDIR) M=$(pwd)
13 | 
14 | clean:
15 | 	rm -r -f \
16 | 		module/tirdad.ko \
17 | 		module/modules.order \
18 | 		module/.tirdad.ko.cmd \
19 | 		module/.tirdad.mod.o.cmd \
20 | 		module/.tirdad.o.cmd \
21 | 		module/.tirdad.o.d \
22 | 		module/.tmp_versions \
23 | 		module/Module.symvers \
24 | 		module/tirdad.mod.c \
25 | 		module/tirdad.mod.o \
26 | 		module/tirdad.o
27 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # TCP ISN CPU Information Leak Protection #
  2 | 
  3 | TCP Initial Sequence Numbers Randomization to prevent TCP ISN based CPU
  4 | Information Leaks.
  5 | 
  6 | The Linux kernel has a side-channel information leak bug.
  7 | It is leaked in any outgoing traffic.
  8 | This can allow side-channel attacks because sensitive information about
  9 | a system's CPU activity is leaked.
 10 | 
 11 | It may prove very dangerous for long-running cryptographic operations. [A]
 12 | 
 13 | Research has demonstrated that it can be used for de-anonymization of
 14 | location-hidden services. [1]
 15 | 
 16 | Clock skew,
 17 | 
 18 | - is leaked through TCP ISNs (Initial Sequence Number) by the Linux kernel.
 19 | - can be remotely detected through observing ISNs.
 20 | - can be induced by an attacker through producing load on the victim machine.
 21 | 
 22 | Quote Security researcher Steven J. Murdoch
 23 | (University of Cambridge, Cambridge, UK) [B]
 24 | 
 25 | "What the Linux ISN leaks is the difference between two timestamps, not the
 26 | timestamp itself. A difference lets you work out drift and skew, which can
 27 | help someone fingerprint the computer hardware, its environment and load. Of
 28 | course that only works if you can probe a computer, and maintain the same
 29 | source/destination port and IP address."
 30 | 
 31 | Quote Mike Perry, developer at The Tor Project [A]:
 32 | 
 33 | "... it is worth complaining to the kernel developers for the simple
 34 | reason that adding the 64ns timer post-hash probably *does* leak side channels
 35 | about CPU activity, and that may prove very dangerous for long-running
 36 | cryptographic operations (along the lines of the hot-or-not issue).
 37 | Unfortunately, someone probably needs to produce more research papers before
 38 | they will listen."
 39 | 
 40 | tirdad is a kernel module to hot-patch the Linux kernel
 41 | to generate random TCP Initial Sequence Numbers for IPv4 TCP connections.
 42 | 
 43 | You can refer to this bog post to get familiar with the original issue:
 44 | 
 45 | - An analysis of TCP secure SN generation in Linux and its privacy issues
 46 | - https://bitguard.wordpress.com/?p=982
 47 | 
 48 | This metapackage depends on tirdad-dkms.
 49 | 
 50 | References:
 51 | 
 52 |   - [1] https://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf
 53 |   - [2] http://caia.swin.edu.au/talks/CAIA-TALK-080728A.pdf
 54 |   - [3] http://www.cl.cam.ac.uk/~sjm217/papers/ih05coverttcp.pdf
 55 |   - [4] https://stackoverflow.com/a/12232126
 56 |   - [5] http://lxr.free-electrons.com/source/net/core/secure_seq.c?v=3.16
 57 |   - [6] https://trac.torproject.org/projects/tor/ticket/16659
 58 |   - [7] https://phabricator.whonix.org/T543
 59 |   - [A] https://trac.torproject.org/projects/tor/ticket/16659#comment:10
 60 |   - [B] https://trac.torproject.org/projects/tor/ticket/16659#comment:18
 61 | ## How to install `tirdad` using apt-get ##
 62 | 
 63 | 1\. Download [Whonix's Signing Key]().
 64 | 
 65 | ```
 66 | wget https://www.whonix.org/patrick.asc
 67 | ```
 68 | 
 69 | Users can [check Whonix Signing Key](https://www.whonix.org/wiki/Whonix_Signing_Key) for better security.
 70 | 
 71 | 2\. Add Whonix's signing key.
 72 | 
 73 | ```
 74 | sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg add ~/patrick.asc
 75 | ```
 76 | 
 77 | 3\. Add Whonix's APT repository.
 78 | 
 79 | ```
 80 | echo "deb https://deb.whonix.org bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list
 81 | ```
 82 | 
 83 | 4\. Update your package lists.
 84 | 
 85 | ```
 86 | sudo apt-get update
 87 | ```
 88 | 
 89 | 5\. Install `tirdad`.
 90 | 
 91 | ```
 92 | sudo apt-get install tirdad
 93 | ```
 94 | 
 95 | ## How to Build deb Package ##
 96 | 
 97 | Any standard Debian build tools can be used. For example. Quick and easy.
 98 | 
 99 | ```
100 | dpkg-buildpackage -b
101 | ```
102 | 
103 | ## Contact ##
104 | 
105 | * [Free Forum Support](https://forums.whonix.org)
106 | * [Professional Support](https://www.whonix.org/wiki/Professional_Support)
107 | 
108 | ## Donate ##
109 | 
110 | `tirdad` requires [donations](https://www.whonix.org/wiki/Donate) to stay alive!
111 | 


--------------------------------------------------------------------------------
/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | ## For CodeQL autobuild
 4 | 
 5 | set -x
 6 | set -e
 7 | 
 8 | #sudo --non-interactive apt-get update --error-on=any
 9 | #sudo --non-interactive apt-get install --yes dkms
10 | 
11 | sudo --non-interactive make
12 | 


--------------------------------------------------------------------------------
/changelog.upstream:
--------------------------------------------------------------------------------
   1 | commit 6185610014d6b75cacc0ca106be5aa69db278b00
   2 | Author: Patrick Schleizer <adrelanos@whonix.org>
   3 | Date:   Fri Jan 24 08:23:42 2025 -0500
   4 | 
   5 |     fork version numbers
   6 | 
   7 | commit a8fa1b4cc51a595fae2053de59d92f669aeb43eb
   8 | Author: Patrick Schleizer <adrelanos@whonix.org>
   9 | Date:   Fri Jan 24 11:11:05 2025 +0000
  10 | 
  11 |     bumped changelog version
  12 | 
  13 | commit 4cb6c0c80c0d61c06acdb752ad10f5f52c505b79
  14 | Author: Patrick Schleizer <adrelanos@whonix.org>
  15 | Date:   Thu Jan 23 11:12:53 2025 -0500
  16 | 
  17 |     copyright
  18 | 
  19 | commit 7bf182e238eb8a64e1ce61cbc5abe9abc152ba91
  20 | Author: Patrick Schleizer <adrelanos@whonix.org>
  21 | Date:   Mon Jan 6 12:04:12 2025 +0000
  22 | 
  23 |     bumped changelog version
  24 | 
  25 | commit 029d0bb0990dd3bf576dee96e3b246d5a8a4109b
  26 | Author: Patrick Schleizer <adrelanos@whonix.org>
  27 | Date:   Mon Jan 6 07:02:42 2025 -0500
  28 | 
  29 |     declare tirdad-dkms only available for Intel/AMD64
  30 |     
  31 |     https://forums.whonix.org/t/tcp-isn-cpu-information-leak-protection-tirdad/8552/33
  32 | 
  33 | commit 35f8e503605cb0493d15b7611bdceb80813783fc
  34 | Author: Patrick Schleizer <adrelanos@whonix.org>
  35 | Date:   Tue Dec 31 19:19:27 2024 +0000
  36 | 
  37 |     bumped changelog version
  38 | 
  39 | commit c3fa5b1bdac17734dd1aec1d8a67df6629bcd0c5
  40 | Author: Patrick Schleizer <adrelanos@whonix.org>
  41 | Date:   Tue Dec 31 13:26:23 2024 -0500
  42 | 
  43 |     copyright
  44 | 
  45 | commit 5a8ffcce54abbf85f95f5104ce634de9a3c40982
  46 | Author: Patrick Schleizer <adrelanos@whonix.org>
  47 | Date:   Sun Dec 29 13:09:32 2024 +0000
  48 | 
  49 |     bumped changelog version
  50 | 
  51 | commit 29267ea5b4080d26075217e3aa76a27458bf64d2
  52 | Author: Patrick Schleizer <adrelanos@whonix.org>
  53 | Date:   Sun Dec 29 08:08:25 2024 -0500
  54 | 
  55 |     declare tirdad only available for Intel/AMD64
  56 |     
  57 |     https://forums.whonix.org/t/tcp-isn-cpu-information-leak-protection-tirdad/8552/33
  58 | 
  59 | commit 0d5a3a6e306e7a3c6d37dfe9a8b3542ddffebb54
  60 | Author: Patrick Schleizer <adrelanos@whonix.org>
  61 | Date:   Wed Oct 16 10:58:52 2024 +0000
  62 | 
  63 |     bumped changelog version
  64 | 
  65 | commit 891c14034a4b35e19da3da991d551b0093b83509
  66 | Author: Patrick Schleizer <adrelanos@whonix.org>
  67 | Date:   Wed Oct 16 06:54:59 2024 -0400
  68 | 
  69 |     architecture support:
  70 |     - update packaging to reflect that tirdad should now in principle be compatible
  71 |     with any architecture
  72 |     - Linux only
  73 |     - this does not change architecture support status
  74 |     - a contributor (porter), proper porting and testing still required
  75 | 
  76 | commit b6a3196e9fae7ae1e03407dcd20c957e81bd4a75
  77 | Author: Patrick Schleizer <adrelanos@whonix.org>
  78 | Date:   Wed Oct 16 10:25:03 2024 +0000
  79 | 
  80 |     bumped changelog version
  81 | 
  82 | commit 2276edfb360d22e1d3d46113e8f4103391c4c20f
  83 | Author: Patrick Schleizer <adrelanos@whonix.org>
  84 | Date:   Wed Oct 16 09:39:30 2024 +0000
  85 | 
  86 |     bumped changelog version
  87 | 
  88 | commit a52e5f35f468db7a592b5d94dd9fe77c64525ff3
  89 | Author: Patrick Schleizer <adrelanos@whonix.org>
  90 | Date:   Wed Oct 16 05:37:51 2024 -0400
  91 | 
  92 |     signed commit
  93 | 
  94 | commit 2c9a0712b9c2eaf3c0eab6508e3fbbec261a2022
  95 | Merge: 85802a1 2301b1c
  96 | Author: Patrick Schleizer <adrelanos@whonix.org>
  97 | Date:   Wed Oct 16 04:25:31 2024 -0400
  98 | 
  99 |     Merge remote-tracking branch 'ArrayBolt3/master'
 100 | 
 101 | commit 2301b1c1413d8013b5c3b30976732bbf23d2f9ac
 102 | Merge: 85802a1 b6b0c9b
 103 | Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
 104 | Date:   Tue Oct 15 16:22:45 2024 -0500
 105 | 
 106 |     Merge branch 'master' of github.com:0xsirus/tirdad
 107 | 
 108 | commit b6b0c9b208a4055fc541a919a9214292f46fc85c
 109 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 110 | Date:   Mon Oct 14 23:27:12 2024 -0700
 111 | 
 112 |     Update readme
 113 | 
 114 | commit 1dbfba5af0f9313e2b121204838ae33a949cc77b
 115 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 116 | Date:   Mon Oct 14 23:23:19 2024 -0700
 117 | 
 118 |     Update readme
 119 | 
 120 | commit 823baca10229f9e8983317eaeb8d670c87c15128
 121 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 122 | Date:   Mon Oct 14 23:12:49 2024 -0700
 123 | 
 124 |     Easy patching using livepatch
 125 |     
 126 |     Move previous code to ./legacy
 127 | 
 128 | commit 85802a157c0206a626a4dee2d7b5e0bd7e5bd3dd
 129 | Author: Patrick Schleizer <adrelanos@whonix.org>
 130 | Date:   Tue Oct 8 09:19:52 2024 +0000
 131 | 
 132 |     bumped changelog version
 133 | 
 134 | commit f77ad6a655eb8319f187cbbda8b424ff8c71f298
 135 | Merge: 59e770a 2be8d0f
 136 | Author: Patrick Schleizer <adrelanos@whonix.org>
 137 | Date:   Tue Oct 8 05:15:06 2024 -0400
 138 | 
 139 |     Merge branch 'rewrite'
 140 | 
 141 | commit 2be8d0fbe82cc709e6dc6f9720889c28455b937d
 142 | Merge: 3376e40 59e770a
 143 | Author: Patrick Schleizer <adrelanos@whonix.org>
 144 | Date:   Tue Oct 8 05:14:29 2024 -0400
 145 | 
 146 |     Merge branch 'master' into rewrite
 147 | 
 148 | commit 3376e40f20b61b3ca7c92c9f4554e1e51c2a28e8
 149 | Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
 150 | Date:   Tue Oct 8 01:30:12 2024 -0500
 151 | 
 152 |     Update README
 153 | 
 154 | commit ac76d487202eec5b8263b4c5b4c9dc8ac18ddea1
 155 | Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
 156 | Date:   Tue Oct 8 01:21:33 2024 -0500
 157 | 
 158 |     Fix alignment in a couple of comments
 159 | 
 160 | commit 51aff3cf2ea04f91f509a4af843cc2625b7088ea
 161 | Merge: f03f8aa 4ced5ae
 162 | Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
 163 | Date:   Tue Oct 8 01:16:29 2024 -0500
 164 | 
 165 |     Merge branch 's_out_safety' into arraybolt3/rewrite
 166 | 
 167 | commit f03f8aae101349157e09063056483769fbb824b9
 168 | Merge: 36ec065 9fb67ae
 169 | Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
 170 | Date:   Tue Oct 8 01:16:16 2024 -0500
 171 | 
 172 |     Merge branch 'generator-safety' into arraybolt3/rewrite
 173 | 
 174 | commit 4ced5aeceb33697053e9b5309419a7894342c424
 175 | Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
 176 | Date:   Mon Oct 7 18:23:22 2024 -0500
 177 | 
 178 |     Make _s_out safer
 179 | 
 180 | commit 9fb67aeca1dcc5f53d3426fe1312e8b3a7b5d148
 181 | Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
 182 | Date:   Mon Oct 7 16:47:40 2024 -0500
 183 | 
 184 |     Return random 32-bit numbers in ISN generation routines
 185 | 
 186 | commit 36ec0651d7023e8d6e67d2b1cbef5038c00ed1eb
 187 | Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
 188 | Date:   Mon Oct 7 16:19:51 2024 -0500
 189 | 
 190 |     Use kernel live patching API
 191 | 
 192 | commit 4720311ff21c3f71cc5e3670caf5dfde2b31c5f8
 193 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 194 | Date:   Wed Mar 6 19:06:18 2024 -0700
 195 | 
 196 |     Update for newer kernels
 197 | 
 198 | commit 59e770afb3e62284db37cc8f8093ef12399dbfca
 199 | Author: Patrick Schleizer <adrelanos@whonix.org>
 200 | Date:   Mon Dec 25 18:43:45 2023 +0000
 201 | 
 202 |     bumped changelog version
 203 | 
 204 | commit dd422816d66559de5ec1dd1564383ca545558baa
 205 | Author: Patrick Schleizer <adrelanos@whonix.org>
 206 | Date:   Mon Dec 25 13:15:58 2023 -0500
 207 | 
 208 |     activate-noawait update-initramfs
 209 | 
 210 | commit 29960300df0eaffe12bda929d439fcab82e402e2
 211 | Author: Patrick Schleizer <adrelanos@whonix.org>
 212 | Date:   Sat Nov 11 20:26:21 2023 +0000
 213 | 
 214 |     bumped changelog version
 215 | 
 216 | commit 9981fcfac80444572aacee051cd72512c61f227c
 217 | Author: Patrick Schleizer <adrelanos@whonix.org>
 218 | Date:   Sat Nov 11 14:43:09 2023 -0500
 219 | 
 220 |     copyright
 221 | 
 222 | commit cfd0611077f9c50c2782781dbb5186bb9748f645
 223 | Author: Patrick Schleizer <adrelanos@whonix.org>
 224 | Date:   Fri Nov 10 12:51:14 2023 -0500
 225 | 
 226 |     CodeQL
 227 | 
 228 | commit 110e7a5f1e5a0fc594cfae2a46f2228a92d4e1cd
 229 | Merge: 4ccbaa6 0777c22
 230 | Author: Patrick Schleizer <adrelanos@whonix.org>
 231 | Date:   Fri Nov 10 12:48:25 2023 -0500
 232 | 
 233 |     Merge remote-tracking branch '0xsirus/master'
 234 | 
 235 | commit 0777c2204c2ae25d1cb665c0b1885cd0e2e81072
 236 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 237 | Date:   Mon Aug 14 20:50:28 2023 -0600
 238 | 
 239 |     Update README
 240 | 
 241 | commit 562fc97f7eb7ce1a51bb5259c712f794c9ab7230
 242 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 243 | Date:   Mon Aug 14 20:48:59 2023 -0600
 244 | 
 245 |     Update README
 246 | 
 247 | commit 4ccbaa6eb785e87c160d15fb96c7098aab5d5340
 248 | Author: Patrick Schleizer <adrelanos@whonix.org>
 249 | Date:   Mon Jul 17 11:51:02 2023 -0400
 250 | 
 251 |     bumped changelog version
 252 | 
 253 | commit f40d8126f749dccfe24408c8e69d2621d3816858
 254 | Author: Patrick Schleizer <adrelanos@whonix.org>
 255 | Date:   Mon Jul 17 11:20:02 2023 -0400
 256 | 
 257 |     Kicksecure
 258 | 
 259 | commit 2301bc92eb140907904756074cf2fc41e643b5b9
 260 | Author: Patrick Schleizer <adrelanos@whonix.org>
 261 | Date:   Mon Jul 17 11:12:22 2023 -0400
 262 | 
 263 |     Kicksecure
 264 | 
 265 | commit 894632ad891dded54a006b8b2c47d587df784c9b
 266 | Author: Patrick Schleizer <adrelanos@whonix.org>
 267 | Date:   Thu Jul 13 09:32:43 2023 -0400
 268 | 
 269 |     bumped changelog version
 270 | 
 271 | commit 0ded04ea9f024f76e5388c944f8f18e32876431a
 272 | Merge: 66406ce 746c0ce
 273 | Author: Patrick Schleizer <adrelanos@whonix.org>
 274 | Date:   Thu Jul 13 09:25:36 2023 -0400
 275 | 
 276 |     Merge remote-tracking branch '0xsirus/master'
 277 | 
 278 | commit 746c0cecb776d36c2cfc6709dc19e3620def0471
 279 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 280 | Date:   Wed Jul 12 22:00:46 2023 -0600
 281 | 
 282 |     Minor edits
 283 | 
 284 | commit 62402503a9560efb757e9e74ad8477d130a8a0d7
 285 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 286 | Date:   Tue Jul 11 19:35:34 2023 -0600
 287 | 
 288 |     Add support for IPv6
 289 | 
 290 | commit 66406cee028298e02bdc46bf5c00feebd493e0dc
 291 | Author: Patrick Schleizer <adrelanos@whonix.org>
 292 | Date:   Wed Jun 21 09:39:47 2023 +0000
 293 | 
 294 |     bumped changelog version
 295 | 
 296 | commit a3ca0737b53227bfc3d9eca49622132caa99d98a
 297 | Author: Patrick Schleizer <adrelanos@whonix.org>
 298 | Date:   Wed Jun 21 09:11:32 2023 +0000
 299 | 
 300 |     bookworm
 301 | 
 302 | commit d8b3d6c87738d54d9c197ac12d41ad988c29eea8
 303 | Author: Patrick Schleizer <adrelanos@whonix.org>
 304 | Date:   Wed Jun 14 10:02:17 2023 +0000
 305 | 
 306 |     bumped changelog version
 307 | 
 308 | commit d498f45bf865474a9c810ce4229b70f33d8c0314
 309 | Author: Patrick Schleizer <adrelanos@whonix.org>
 310 | Date:   Tue Jun 13 08:46:00 2023 +0000
 311 | 
 312 |     signed commit
 313 | 
 314 | commit 5f1ce83f2f7423a26d10825a702853c926b598e0
 315 | Author: Patrick Schleizer <adrelanos@whonix.org>
 316 | Date:   Mon Jun 12 18:08:51 2023 +0000
 317 | 
 318 |     bumped changelog version
 319 | 
 320 | commit 49c7640ea53def04723fcfcd6d55e8bf6805ecfd
 321 | Author: Patrick Schleizer <adrelanos@whonix.org>
 322 | Date:   Mon Jun 12 17:41:50 2023 +0000
 323 | 
 324 |     bookworm
 325 | 
 326 | commit d78f3d9b445708079f2369e1d8ed4f837de7be66
 327 | Author: Patrick Schleizer <adrelanos@whonix.org>
 328 | Date:   Mon Jun 12 16:22:34 2023 +0000
 329 | 
 330 |     Standards-Version: 4.6.1.0
 331 | 
 332 | commit 6e870d34680fdb6099843862bf543868b30b0c92
 333 | Author: Patrick Schleizer <adrelanos@whonix.org>
 334 | Date:   Mon Jun 12 15:34:59 2023 +0000
 335 | 
 336 |     bumped changelog version
 337 | 
 338 | commit 696d183d2741684960ddcae4e3dae30c3f975703
 339 | Author: Patrick Schleizer <adrelanos@whonix.org>
 340 | Date:   Mon Jun 12 14:52:02 2023 +0000
 341 | 
 342 |     update copyright year
 343 | 
 344 | commit 890a3a351cc95e3085d28af9422129f60e5f9f93
 345 | Author: Patrick Schleizer <adrelanos@whonix.org>
 346 | Date:   Wed Jun 8 11:11:03 2022 -0400
 347 | 
 348 |     bumped changelog version
 349 | 
 350 | commit 1636e289beb9542f4bd21f28410860585337dca1
 351 | Author: Patrick Schleizer <adrelanos@whonix.org>
 352 | Date:   Wed Jun 8 09:23:59 2022 -0400
 353 | 
 354 |     remove unicode
 355 | 
 356 | commit 7741fd02852746f8d82084f55d2c587b3154206f
 357 | Author: Patrick Schleizer <adrelanos@whonix.org>
 358 | Date:   Wed Jun 8 09:17:44 2022 -0400
 359 | 
 360 |     remove unicode
 361 | 
 362 | commit c6bd0b646e7346d213a4e7f9adbc5a57ce890422
 363 | Author: Patrick Schleizer <adrelanos@whonix.org>
 364 | Date:   Wed May 25 06:07:32 2022 -0400
 365 | 
 366 |     bumped changelog version
 367 | 
 368 | commit 3254c41eafb5b22abd647ffdf48f7f80e3b3483e
 369 | Author: Patrick Schleizer <adrelanos@whonix.org>
 370 | Date:   Fri May 20 14:46:41 2022 -0400
 371 | 
 372 |     copyright
 373 | 
 374 | commit 1742ca6923584782fd4cead854dc616d3a0efbcb
 375 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 376 | Date:   Thu Dec 9 11:12:03 2021 -0700
 377 | 
 378 |     Fix typos.
 379 | 
 380 | commit e6647ba2f2ce5220db69136bf9b42580e84c4966
 381 | Author: Patrick Schleizer <adrelanos@whonix.org>
 382 | Date:   Sat Aug 28 14:01:13 2021 -0400
 383 | 
 384 |     bumped changelog version
 385 | 
 386 | commit eebabcf3126d311d7626d2729ae805df9c8ca149
 387 | Author: Patrick Schleizer <adrelanos@whonix.org>
 388 | Date:   Fri Aug 6 16:44:53 2021 -0400
 389 | 
 390 |     bumped changelog version
 391 | 
 392 | commit 0837222321ac2337e02a8e928d41bf5b202116f3
 393 | Author: Patrick Schleizer <adrelanos@whonix.org>
 394 | Date:   Fri Aug 6 16:41:36 2021 -0400
 395 | 
 396 |     remove `Depends: bsdmainutils`
 397 |     
 398 |     since package no longer uses `hexdump`
 399 |     
 400 |     and since package `bsdmainutils` is only a transitional package in Debian bullseye
 401 | 
 402 | commit a1f4491faaca288e1febad6bd788a02e8d3fb043
 403 | Author: Patrick Schleizer <adrelanos@whonix.org>
 404 | Date:   Thu Aug 5 17:09:46 2021 -0400
 405 | 
 406 |     bumped changelog version
 407 | 
 408 | commit 286ef8d97a9dbd20b1ea25a24ba1a86a21393e79
 409 | Author: Patrick Schleizer <adrelanos@whonix.org>
 410 | Date:   Tue Aug 3 05:48:28 2021 -0400
 411 | 
 412 |     bullseye
 413 | 
 414 | commit ce4eeb10b6083691bdb0e4e02932f492019e4914
 415 | Author: Patrick Schleizer <adrelanos@whonix.org>
 416 | Date:   Sun Aug 1 16:37:17 2021 -0400
 417 | 
 418 |     readme
 419 | 
 420 | commit 52ac95984b0deccf86455951062032390274070d
 421 | Author: Patrick Schleizer <adrelanos@whonix.org>
 422 | Date:   Wed May 5 08:42:20 2021 -0400
 423 | 
 424 |     bumped changelog version
 425 | 
 426 | commit 2fc3c726dd09dbf9cfe0ad51a327d02ce392a16b
 427 | Author: Patrick Schleizer <adrelanos@whonix.org>
 428 | Date:   Thu Apr 29 11:04:49 2021 -0400
 429 | 
 430 |     Load tirdad before LKRG so LKRG does not judge tirdad to be malicious.
 431 |     
 432 |     `/etc/modprobe.d/30-tirdad.conf`
 433 |     
 434 |     `softdep p_lkrg pre: tirdad`
 435 |     
 436 |     Imported from `lkrg` package since it does not belong there and since Debian
 437 |     packaging for LKRG is now provided by upstream.
 438 | 
 439 | commit c1580634bcb3c3c459d7c9ed2ca5e94ed2b6bffe
 440 | Author: Patrick Schleizer <adrelanos@whonix.org>
 441 | Date:   Wed Mar 17 12:40:36 2021 -0400
 442 | 
 443 |     bumped changelog version
 444 | 
 445 | commit b14ab267b8137f339caefe1850eff3e205060ed7
 446 | Author: Patrick Schleizer <adrelanos@whonix.org>
 447 | Date:   Wed Mar 17 09:45:23 2021 -0400
 448 | 
 449 |     copyright
 450 | 
 451 | commit 3df7ef70a3120c1bda3b61135e8a7744bdfff4b5
 452 | Author: Patrick Schleizer <adrelanos@riseup.net>
 453 | Date:   Sun Sep 27 11:47:13 2020 -0400
 454 | 
 455 |     bumped changelog version
 456 | 
 457 | commit 29182a338dbc497f9a6399058f8b528139954d38
 458 | Merge: df399ee 9a0e137
 459 | Author: Patrick Schleizer <adrelanos@riseup.net>
 460 | Date:   Sun Sep 27 06:44:41 2020 -0400
 461 | 
 462 |     Merge remote-tracking branch '0xsirus/master'
 463 | 
 464 | commit 9a0e137ae05dd1aa05c20750975598e4dac77dbf
 465 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 466 | Date:   Sat Sep 26 13:05:33 2020 -0600
 467 | 
 468 |     Push a signed commit.
 469 | 
 470 | commit 8ee74f1a5345fba667175520ca06239c8e196c21
 471 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 472 | Date:   Wed Sep 23 17:46:24 2020 -0600
 473 | 
 474 |     Remove an include header.
 475 | 
 476 | commit ecb10cfef473bfbc9d9439da1322ed0a49a487a2
 477 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 478 | Date:   Wed Sep 23 13:02:32 2020 -0600
 479 | 
 480 |     Some minor indentation fixes.
 481 | 
 482 | commit 26280b61982e1b90d0aff0f0cc812f06115e0a73
 483 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 484 | Date:   Wed Sep 23 12:50:55 2020 -0600
 485 | 
 486 |     Module updated to work consistently on the newest kernel.
 487 | 
 488 | commit df399ee8218c0644b560a2ab8d891cd212c1a18f
 489 | Author: Patrick Schleizer <adrelanos@riseup.net>
 490 | Date:   Thu Apr 2 08:04:13 2020 -0400
 491 | 
 492 |     bumped changelog version
 493 | 
 494 | commit 5e0024894a301ec6126b601cf6e59378d74d6b23
 495 | Author: Patrick Schleizer <adrelanos@riseup.net>
 496 | Date:   Wed Apr 1 16:34:15 2020 -0400
 497 | 
 498 |     add debian install file
 499 | 
 500 | commit c3578467fbcfaf2303d65499c998da66f689d31c
 501 | Author: Patrick Schleizer <adrelanos@riseup.net>
 502 | Date:   Wed Apr 1 11:04:59 2020 -0400
 503 | 
 504 |     bumped changelog version
 505 | 
 506 | commit b0c99f8a4afeed6698cb67b31a3f5422538239ea
 507 | Author: Patrick Schleizer <adrelanos@riseup.net>
 508 | Date:   Wed Apr 1 09:15:15 2020 -0400
 509 | 
 510 |     copyright
 511 | 
 512 | commit c7b9a626cda83e33b684696140439b3c9b866b4f
 513 | Author: Patrick Schleizer <adrelanos@riseup.net>
 514 | Date:   Wed Apr 1 08:50:00 2020 -0400
 515 | 
 516 |     update copyright year
 517 | 
 518 | commit db8bf121aa0d9880a235ca391b2d726b4a27b1ce
 519 | Merge: 4c2b6d3 693ce1e
 520 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 521 | Date:   Fri Feb 14 23:30:51 2020 -0700
 522 | 
 523 |     Merge pull request #8 from adrelanos/patch-3
 524 |     
 525 |     fix DKMS re-compilation when new kernel gets installed
 526 | 
 527 | commit ccedf4a357caff670f5fcf5858d6c405a82304ff
 528 | Author: Patrick Schleizer <adrelanos@riseup.net>
 529 | Date:   Fri Feb 14 02:27:32 2020 -0500
 530 | 
 531 |     bumped changelog version
 532 | 
 533 | commit 693ce1e96273e72e9ac441e7785c6dda9e26008a
 534 | Author: Patrick Schleizer <adrelanos@riseup.net>
 535 | Date:   Fri Feb 14 07:02:43 2020 +0000
 536 | 
 537 |     fix DKMS re-compilation when new kernel gets installed
 538 |     
 539 |     by adding support for variable KERNELRELEASE to makefile
 540 |     fixes https://github.com/0xsirus/tirdad/issues/7
 541 |     
 542 |     make clean: also remove module/.tirdad.o.d
 543 | 
 544 | commit 1e3c06d502f6a80c4d7ada6cabe03fd33b12e41d
 545 | Author: Patrick Schleizer <adrelanos@riseup.net>
 546 | Date:   Fri Feb 14 02:00:43 2020 -0500
 547 | 
 548 |     make clean: also remove module/.tirdad.o.d
 549 | 
 550 | commit 67b157247004bac1ffa2f975a5e69a83db395175
 551 | Author: Patrick Schleizer <adrelanos@riseup.net>
 552 | Date:   Fri Feb 14 01:58:39 2020 -0500
 553 | 
 554 |     fix DKMS re-compilation when new kernel gets installed
 555 |     
 556 |     by adding support for variable KERNELRELEASE to makefile
 557 |     
 558 |     https://github.com/0xsirus/tirdad/issues/7
 559 | 
 560 | commit b9f49510638a5ac09883d5e1cc2fd911113de106
 561 | Author: Patrick Schleizer <adrelanos@riseup.net>
 562 | Date:   Wed Jan 22 06:41:11 2020 -0500
 563 | 
 564 |     bumped changelog version
 565 | 
 566 | commit 8d4d5a480c76df8e5647c0da19767a121c6afade
 567 | Author: Patrick Schleizer <adrelanos@riseup.net>
 568 | Date:   Wed Jan 22 06:37:00 2020 -0500
 569 | 
 570 |     Depends: linux-headers-amd64 [linux-amd64] | linux-headers-generic,
 571 |     
 572 |     https://forums.whonix.org/t/lkrg-on-ubuntu-18-04/8823
 573 | 
 574 | commit 489666bdbd9f674ef8a7684e8b99f6f19a595af6
 575 | Author: Patrick Schleizer <adrelanos@riseup.net>
 576 | Date:   Wed Jan 22 06:26:43 2020 -0500
 577 | 
 578 |     refactoring
 579 | 
 580 | commit 05dd769e5e709c1061a2f0449e10983430f72132
 581 | Author: Patrick Schleizer <adrelanos@riseup.net>
 582 | Date:   Sat Jan 11 15:20:19 2020 -0500
 583 | 
 584 |     bumped changelog version
 585 | 
 586 | commit 1b7f0dac32318bb314c8827be0f886838e2a4097
 587 | Merge: 43ca4c8 4c2b6d3
 588 | Author: Patrick Schleizer <adrelanos@riseup.net>
 589 | Date:   Sat Jan 11 15:12:23 2020 -0500
 590 | 
 591 |     Merge remote-tracking branch '0xsirus/master'
 592 | 
 593 | commit 4c2b6d3a02402923edfe211f1c05360f1c9c5d34
 594 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 595 | Date:   Sat Jan 11 11:34:31 2020 -0700
 596 | 
 597 |     Cleaned the code a little bit
 598 | 
 599 | commit 43ca4c8d2fff5c93cb4581dd8d7872af12205dbc
 600 | Author: Patrick Schleizer <adrelanos@riseup.net>
 601 | Date:   Sat Jan 11 05:26:04 2020 -0500
 602 | 
 603 |     bumped changelog version
 604 | 
 605 | commit 07a9578a7e662bb97a93f1ea75f1bd6f4656c644
 606 | Author: Patrick Schleizer <adrelanos@riseup.net>
 607 | Date:   Sat Jan 11 05:06:48 2020 -0500
 608 | 
 609 |     delete no longer needed systemd unit file debian/tirdad-dkms.service
 610 | 
 611 | commit e4a234c9333744e13f90653cee71ebc266de9f70
 612 | Author: Patrick Schleizer <adrelanos@riseup.net>
 613 | Date:   Sat Jan 11 04:44:18 2020 -0500
 614 | 
 615 |     load trough /usr/lib/modules-load.d/30_tirdad.conf
 616 | 
 617 | commit bcb4b5a00bb3790d223d228173d70e44397f0458
 618 | Author: Patrick Schleizer <adrelanos@riseup.net>
 619 | Date:   Fri Jan 10 05:19:27 2020 -0500
 620 | 
 621 |     remove user space loader
 622 | 
 623 | commit de93b8b9a8ac86f23e56d9ad4bd167346fd5d762
 624 | Merge: 91863d1 7bad8db
 625 | Author: Patrick Schleizer <adrelanos@riseup.net>
 626 | Date:   Fri Jan 10 05:08:24 2020 -0500
 627 | 
 628 |     Merge remote-tracking branch '0xsirus/master'
 629 | 
 630 | commit 7bad8db79ab9a2ab1a0c4b5ab07531a5c0e733d9
 631 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 632 | Date:   Thu Jan 9 15:39:51 2020 -0700
 633 | 
 634 |     Removed user space loader
 635 | 
 636 | commit 91863d18ec938beb0b5d4e540f19bb0bb85a0c68
 637 | Author: Patrick Schleizer <adrelanos@riseup.net>
 638 | Date:   Wed Jan 1 06:18:03 2020 -0500
 639 | 
 640 |     bumped changelog version
 641 | 
 642 | commit bfee437c9229a92cba0be7765b3b037b30a3ec98
 643 | Author: Patrick Schleizer <adrelanos@riseup.net>
 644 | Date:   Wed Jan 1 06:07:09 2020 -0500
 645 | 
 646 |     comment
 647 | 
 648 | commit 2f66ddd6e1e04b4d25e7399dafeb1fd0594873ef
 649 | Author: Patrick Schleizer <adrelanos@riseup.net>
 650 | Date:   Wed Jan 1 06:06:33 2020 -0500
 651 | 
 652 |     comment
 653 | 
 654 | commit f778d137645cd38d9bb2acbaa91ac2879164b5e7
 655 | Author: Patrick Schleizer <adrelanos@riseup.net>
 656 | Date:   Wed Jan 1 06:01:32 2020 -0500
 657 | 
 658 |     bumped changelog version
 659 | 
 660 | commit 7229d9e2e041c158ee56a4be28890dbf41f6ebba
 661 | Author: Patrick Schleizer <adrelanos@riseup.net>
 662 | Date:   Wed Jan 1 05:38:14 2020 -0500
 663 | 
 664 |     fix, Before=lkrg-dkms.service
 665 | 
 666 | commit 2f519d48d8c6f993eaaee1786e2dc424a636b0f5
 667 | Author: Patrick Schleizer <adrelanos@riseup.net>
 668 | Date:   Wed Jan 1 05:37:11 2020 -0500
 669 | 
 670 |     work on LKRG compatibility
 671 |     
 672 |     https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG
 673 |     
 674 |     make loader wait until "Installing tirdad hook succeeded"
 675 |     
 676 |     https://github.com/0xsirus/tirdad/issues/5
 677 | 
 678 | commit e5c46b7ce26201db6d1fbfc112d37d15640e887e
 679 | Author: Patrick Schleizer <adrelanos@riseup.net>
 680 | Date:   Tue Dec 24 18:36:40 2019 -0500
 681 | 
 682 |     bumped changelog version
 683 | 
 684 | commit 7229ec63b9b9cfd25a58e991b2f2554ccd2f4bf2
 685 | Author: Patrick Schleizer <adrelanos@riseup.net>
 686 | Date:   Tue Dec 24 17:56:57 2019 -0500
 687 | 
 688 |     support not loading through setting kernel parameter notirdad
 689 |     
 690 |     Before=lkrg.service
 691 | 
 692 | commit b725e91798a3b170c52451408dcbe23af70dde2b
 693 | Author: Patrick Schleizer <adrelanos@riseup.net>
 694 | Date:   Tue Dec 24 10:00:57 2019 -0500
 695 | 
 696 |     remove "Should start before LKRG." / "Before=systemd-modules-load.service"
 697 |     
 698 |     because
 699 |     
 700 |     sudo systemd-analyze verify default.target
 701 |     
 702 |     qubes-sysinit.service: Found ordering cycle on systemd-modules-load.service/start
 703 |     qubes-sysinit.service: Found dependency on tirdad-dkms.service/start
 704 |     qubes-sysinit.service: Found dependency on local-fs.target/start
 705 |     qubes-sysinit.service: Found dependency on qubes-mount-dirs.service/start
 706 |     qubes-sysinit.service: Found dependency on qubes-sysinit.service/start
 707 |     qubes-sysinit.service: Job systemd-modules-load.service/start deleted to break ordering cycle starting with qubes-sysinit.service/start
 708 | 
 709 | commit 997ab7bc47a66a5f5f2de9120b09d9ac0ec05676
 710 | Author: Patrick Schleizer <adrelanos@riseup.net>
 711 | Date:   Tue Dec 24 08:08:46 2019 -0500
 712 | 
 713 |     bumped changelog version
 714 | 
 715 | commit 7a4ba8f2265f612d23294fb608fab6b24e697bf1
 716 | Author: Patrick Schleizer <adrelanos@riseup.net>
 717 | Date:   Tue Dec 24 07:19:44 2019 -0500
 718 | 
 719 |     WantedBy=multi-user.target
 720 | 
 721 | commit 736cbcdcc486735fe4fab6c990ab58ba959709c8
 722 | Author: Patrick Schleizer <adrelanos@riseup.net>
 723 | Date:   Tue Dec 24 07:19:10 2019 -0500
 724 | 
 725 |     actually no need to start Before=sysinit.target
 726 | 
 727 | commit 31a616dfcac081f3bdbe8a8d55867c0ef37d286f
 728 | Author: Patrick Schleizer <adrelanos@riseup.net>
 729 | Date:   Sun Dec 8 04:06:22 2019 -0500
 730 | 
 731 |     bumped changelog version
 732 | 
 733 | commit b16308a10ecca66826695f00ce38534b5be79c97
 734 | Author: Patrick Schleizer <adrelanos@riseup.net>
 735 | Date:   Sat Dec 7 12:07:07 2019 -0500
 736 | 
 737 |     Should start before LKRG.
 738 |     
 739 |     Before=systemd-modules-load.service
 740 | 
 741 | commit 99eb6fe3a2aa4ff001a9b336531ec572df41a4ef
 742 | Merge: 55cbd1d 9b0448e
 743 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 744 | Date:   Fri Dec 6 19:05:43 2019 -0700
 745 | 
 746 |     Merge pull request #4 from adrelanos/patch-1
 747 |     
 748 |     syntax fix
 749 | 
 750 | commit a827987f7ef0709dae7ce3a662c00652da6f9d63
 751 | Author: Patrick Schleizer <adrelanos@riseup.net>
 752 | Date:   Fri Dec 6 10:29:21 2019 -0500
 753 | 
 754 |     bumped changelog version
 755 | 
 756 | commit c9ea2bf964243f1e630f5cae4ff57d5b10935bf4
 757 | Author: Patrick Schleizer <adrelanos@riseup.net>
 758 | Date:   Fri Dec 6 10:27:50 2019 -0500
 759 | 
 760 |     use debhelper dh-systemd automatic installation of systemd unit file
 761 |     
 762 |     no longer use debian/tirdad-dkms.install to install systemd unit file
 763 |     
 764 |     fix lintian error binaries-have-file-conflict
 765 | 
 766 | commit 2ca71de657b5bf565c3d88b029e9181de624b04f
 767 | Author: Patrick Schleizer <adrelanos@riseup.net>
 768 | Date:   Fri Dec 6 10:20:34 2019 -0500
 769 | 
 770 |     bumped changelog version
 771 | 
 772 | commit 8aa185f7fb337d1d3cb1c3e6145eb59c63c919ae
 773 | Author: Patrick Schleizer <adrelanos@riseup.net>
 774 | Date:   Fri Dec 6 10:16:57 2019 -0500
 775 | 
 776 |     syntax fix
 777 | 
 778 | commit 9b0448e9727592681ed2f519cec4938602356f68
 779 | Author: Patrick Schleizer <adrelanos@riseup.net>
 780 | Date:   Fri Dec 6 15:15:51 2019 +0000
 781 | 
 782 |     syntax fix
 783 | 
 784 | commit adde77c1b8c71b5df00e99fc037fafc848177ef1
 785 | Author: Patrick Schleizer <adrelanos@riseup.net>
 786 | Date:   Fri Dec 6 10:12:57 2019 -0500
 787 | 
 788 |     bumped changelog version
 789 | 
 790 | commit 48f7901231f8d3837602d5d6b843b974accfd38a
 791 | Author: Patrick Schleizer <adrelanos@riseup.net>
 792 | Date:   Wed Dec 4 01:03:19 2019 -0500
 793 | 
 794 |     comment
 795 | 
 796 | commit 0b27eaed8fb135831d8a2743c917bf1dfe364e9a
 797 | Author: Patrick Schleizer <adrelanos@riseup.net>
 798 | Date:   Tue Dec 3 09:35:22 2019 -0500
 799 | 
 800 |     sysinit.target compatibility
 801 | 
 802 | commit 6b7c83d4df58e47917281bddf7d3202996590ad8
 803 | Author: Patrick Schleizer <adrelanos@riseup.net>
 804 | Date:   Tue Dec 3 09:28:24 2019 -0500
 805 | 
 806 |     run during sysinit-target since we might temporarily set kernel.kptr_restrict=1
 807 |     
 808 |     for better security
 809 | 
 810 | commit 396cfb55bf30895a1ad77308d618cf4f1222b2d4
 811 | Author: Patrick Schleizer <adrelanos@riseup.net>
 812 | Date:   Tue Dec 3 09:24:06 2019 -0500
 813 | 
 814 |     exit codes
 815 | 
 816 | commit f14c536a16d373acf5f8913a9deb491d44967367
 817 | Author: Patrick Schleizer <adrelanos@riseup.net>
 818 | Date:   Tue Dec 3 09:22:32 2019 -0500
 819 | 
 820 |     exit codes
 821 | 
 822 | commit 178a52826f2bae6d00d028b6d3ccfac92d53d762
 823 | Author: Patrick Schleizer <adrelanos@riseup.net>
 824 | Date:   Tue Dec 3 09:21:40 2019 -0500
 825 | 
 826 |     check string length of secure_tcp_seq
 827 | 
 828 | commit f5517b096c5c697dbaea7fa306b9cd2811ce85f8
 829 | Merge: 10a2abe 55cbd1d
 830 | Author: Patrick Schleizer <adrelanos@riseup.net>
 831 | Date:   Tue Dec 3 01:34:30 2019 -0500
 832 | 
 833 |     Merge remote-tracking branch '0xsirus/master'
 834 | 
 835 | commit 55cbd1d28ea0a2b890402835231eabad85dea3af
 836 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 837 | Date:   Sun Dec 1 15:36:22 2019 -0700
 838 | 
 839 |     Removed trailing spaces
 840 | 
 841 | commit 10a2abe2dd1e5d769497a5cbaa955c10ae265629
 842 | Author: Patrick Schleizer <adrelanos@riseup.net>
 843 | Date:   Sun Dec 1 02:10:51 2019 -0500
 844 | 
 845 |     remove trailing spaces
 846 | 
 847 | commit 10864b5183a32894444cb543172015434b8e6b36
 848 | Merge: 1f36310 6bc9c54
 849 | Author: Patrick Schleizer <adrelanos@riseup.net>
 850 | Date:   Sun Dec 1 02:10:17 2019 -0500
 851 | 
 852 |     Merge remote-tracking branch '0xsirus/master'
 853 | 
 854 | commit 6bc9c548f2f9ca59a2aa9503b5cd44d507c43fb7
 855 | Author: Sirus Shahini <sirus.shahini@gmail.com>
 856 | Date:   Sat Nov 30 11:02:27 2019 -0700
 857 | 
 858 |     Added minor formatting improvements.
 859 |     Sync with Whonix.
 860 | 
 861 | commit 1f363101b1141af81b250a137c86dee6c598ef7a
 862 | Author: Patrick Schleizer <adrelanos@riseup.net>
 863 | Date:   Sat Nov 30 02:31:37 2019 -0500
 864 | 
 865 |     move loader and tirdad.service to /debian folder
 866 |     
 867 |     to make diff with upstream more contained to /debian folder
 868 |     
 869 |     git diff --stat 0xsirus/master load.c
 870 | 
 871 | commit e3987c98b612d8f9f28d318a2ced3e52b5aac07a
 872 | Author: Patrick Schleizer <adrelanos@riseup.net>
 873 | Date:   Sat Nov 30 02:29:06 2019 -0500
 874 | 
 875 |     re-add upstream load.c but not use it
 876 |     
 877 |     to make diff with upstream smaller
 878 | 
 879 | commit 230d312532c224150b2b6a62ae17bc65b3f9aa9f
 880 | Author: Patrick Schleizer <adrelanos@riseup.net>
 881 | Date:   Fri Nov 29 08:12:13 2019 -0500
 882 | 
 883 |     bumped changelog version
 884 | 
 885 | commit 4b94fca1ed6d5a68d9776189eff1f78fc42962aa
 886 | Author: Patrick Schleizer <adrelanos@riseup.net>
 887 | Date:   Fri Nov 29 07:14:48 2019 -0500
 888 | 
 889 |     copyright
 890 | 
 891 | commit 71fdaf734eb1b16888754d11fb3f06a21f2c414f
 892 | Author: Patrick Schleizer <adrelanos@riseup.net>
 893 | Date:   Fri Nov 29 07:13:35 2019 -0500
 894 | 
 895 |     Documentation=https://github.com/Whonix/tirdad
 896 | 
 897 | commit 2882b262dba5dea6358e9ffa436f2e7dc40b8233
 898 | Author: Patrick Schleizer <adrelanos@riseup.net>
 899 | Date:   Fri Nov 29 06:50:21 2019 -0500
 900 | 
 901 |     copyright
 902 | 
 903 | commit a1ad5a17df98dc05897815f1880b61d30aba8a1b
 904 | Author: Patrick Schleizer <adrelanos@riseup.net>
 905 | Date:   Fri Nov 29 06:49:59 2019 -0500
 906 | 
 907 |     Disable debugging since we do not want random and secure_tcp_seq in systemd journal log.
 908 | 
 909 | commit 6b28bf4be748d33bacf05db344200c9b27340ec1
 910 | Author: Patrick Schleizer <adrelanos@riseup.net>
 911 | Date:   Fri Nov 29 06:47:54 2019 -0500
 912 | 
 913 |     sanity test: check string length of random string to be exactly 32
 914 | 
 915 | commit 966244faf686635f70b4ecc675cc2dc2eee101f6
 916 | Author: Patrick Schleizer <adrelanos@riseup.net>
 917 | Date:   Fri Nov 29 06:43:21 2019 -0500
 918 | 
 919 |     silence
 920 | 
 921 | commit 34fb61942585f87efccd7d8ff53b918d47f4eba7
 922 | Author: Patrick Schleizer <adrelanos@riseup.net>
 923 | Date:   Fri Nov 29 06:42:21 2019 -0500
 924 | 
 925 |     sanity test
 926 | 
 927 | commit 4dd5fcfbec6bbc8b2c5a6b8b6ce55ee308a29d26
 928 | Author: Patrick Schleizer <adrelanos@riseup.net>
 929 | Date:   Fri Nov 29 06:41:28 2019 -0500
 930 | 
 931 |     sanity test
 932 | 
 933 | commit 2f49a2d91ee0d53bf024e82d6a4440f26a047806
 934 | Author: Patrick Schleizer <adrelanos@riseup.net>
 935 | Date:   Fri Nov 29 06:40:47 2019 -0500
 936 | 
 937 |     improve debugging
 938 | 
 939 | commit 1535b2eff2284709896744c503711c5a8aef6d94
 940 | Author: Patrick Schleizer <adrelanos@riseup.net>
 941 | Date:   Fri Nov 29 06:39:23 2019 -0500
 942 | 
 943 |     more sanity tests
 944 | 
 945 | commit a2c97964c45a10410b17b5ffabe17535df7edc8c
 946 | Author: Patrick Schleizer <adrelanos@riseup.net>
 947 | Date:   Fri Nov 29 06:37:42 2019 -0500
 948 | 
 949 |     more sanity tests
 950 | 
 951 | commit 848d6b0f1895769107914d11c975bb0b086f63fd
 952 | Author: Patrick Schleizer <adrelanos@riseup.net>
 953 | Date:   Fri Nov 29 06:36:04 2019 -0500
 954 | 
 955 |     fix
 956 | 
 957 | commit bc34b564a59e31c38592c7427d0283bd421f6a0b
 958 | Author: Patrick Schleizer <adrelanos@riseup.net>
 959 | Date:   Fri Nov 29 06:35:16 2019 -0500
 960 | 
 961 |     improve exit codes for easier debugging
 962 | 
 963 | commit 2ae96e325186d0ce6923612caf752ec571c49f7d
 964 | Author: Patrick Schleizer <adrelanos@riseup.net>
 965 | Date:   Fri Nov 29 06:34:37 2019 -0500
 966 | 
 967 |     sanity test
 968 | 
 969 | commit f40058b243e9a82c1999b93b2dcc292171681f9e
 970 | Author: Patrick Schleizer <adrelanos@riseup.net>
 971 | Date:   Fri Nov 29 06:33:56 2019 -0500
 972 | 
 973 |     sanity test
 974 | 
 975 | commit de0815a15119172e1d53ac6ef923ca2ace9bf3a8
 976 | Author: Patrick Schleizer <adrelanos@riseup.net>
 977 | Date:   Fri Nov 29 06:33:27 2019 -0500
 978 | 
 979 |     depend on bsdmainutils since it contains hexdump
 980 | 
 981 | commit 21f6baad46a7d423cec2214adb48b0becd92002f
 982 | Author: Patrick Schleizer <adrelanos@riseup.net>
 983 | Date:   Fri Nov 29 06:32:23 2019 -0500
 984 | 
 985 |     use /dev/random instead
 986 |     
 987 |     https://www.whonix.org/wiki/Dev/Entropy#Viewpoint:_better_use_.2Fdev.2Frandom
 988 |     
 989 |     https://forums.whonix.org/t/dev-random-vs-dev-urandom/8571
 990 | 
 991 | commit 877bb049b8bf79cea70104a890de78d923ef1831
 992 | Author: Patrick Schleizer <adrelanos@riseup.net>
 993 | Date:   Fri Nov 29 05:11:17 2019 -0500
 994 | 
 995 |     fix, reset kernel.kptr_restrict before erroring out in case of error
 996 | 
 997 | commit 49bab393caa59f284e0a1e62ba0d33b6ccaa4c15
 998 | Author: Patrick Schleizer <adrelanos@riseup.net>
 999 | Date:   Fri Nov 29 05:05:49 2019 -0500
1000 | 
1001 |     code simplification: abolish C based loader and dkms hacks replace bash
1002 | 
1003 | commit 67b1f553016120b3c2bd002c220dfd54cc4b68dd
1004 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1005 | Date:   Thu Nov 28 15:02:05 2019 -0700
1006 | 
1007 |     Fix typo
1008 | 
1009 | commit b0fe64402b81945016669d15db6ef53d31cdfdc1
1010 | Author: Patrick Schleizer <adrelanos@riseup.net>
1011 | Date:   Thu Nov 28 10:23:30 2019 -0500
1012 | 
1013 |     bumped changelog version
1014 | 
1015 | commit 36a47e4d6db5b3173731299a448a61e413dae213
1016 | Author: Patrick Schleizer <adrelanos@riseup.net>
1017 | Date:   Thu Nov 28 09:38:44 2019 -0500
1018 | 
1019 |     description
1020 | 
1021 | commit 3a42d14cb3a51cc5119748d5e344867d9081d142
1022 | Author: Patrick Schleizer <adrelanos@riseup.net>
1023 | Date:   Thu Nov 28 09:11:14 2019 -0500
1024 | 
1025 |     readme
1026 | 
1027 | commit 89c053d0baa17df86845b775a88cc8407d80ed72
1028 | Author: Patrick Schleizer <adrelanos@riseup.net>
1029 | Date:   Thu Nov 28 09:10:59 2019 -0500
1030 | 
1031 |     description
1032 | 
1033 | commit ab2a5e6fbeca49d602003a7d4a6a7330fa4283c3
1034 | Author: Patrick Schleizer <adrelanos@riseup.net>
1035 | Date:   Thu Nov 28 09:01:55 2019 -0500
1036 | 
1037 |     readme
1038 | 
1039 | commit bba7fdc948d82dcc248639120c6d7057ba049989
1040 | Author: Patrick Schleizer <adrelanos@riseup.net>
1041 | Date:   Thu Nov 28 09:01:42 2019 -0500
1042 | 
1043 |     description
1044 | 
1045 | commit 10008b1a036a316d30f7e69b18a79bf38052fc5e
1046 | Author: Patrick Schleizer <adrelanos@riseup.net>
1047 | Date:   Thu Nov 28 09:00:22 2019 -0500
1048 | 
1049 |     readme
1050 | 
1051 | commit 58959bb190d93c5987cac59ab97f05e873d55c7c
1052 | Author: Patrick Schleizer <adrelanos@riseup.net>
1053 | Date:   Thu Nov 28 09:00:08 2019 -0500
1054 | 
1055 |     description
1056 | 
1057 | commit 059bcecd6f9cbc136068c2fc4c3d191978b960e0
1058 | Author: Patrick Schleizer <adrelanos@riseup.net>
1059 | Date:   Thu Nov 28 08:58:11 2019 -0500
1060 | 
1061 |     readme
1062 | 
1063 | commit 6f5d0dc49fa40a0208eaf1fdc857a6919fe3633b
1064 | Author: Patrick Schleizer <adrelanos@riseup.net>
1065 | Date:   Thu Nov 28 08:57:58 2019 -0500
1066 | 
1067 |     description
1068 | 
1069 | commit 86de611d162b08b4aa6d3d9668fdf487e10f8486
1070 | Author: Patrick Schleizer <adrelanos@riseup.net>
1071 | Date:   Thu Nov 28 08:57:21 2019 -0500
1072 | 
1073 |     readme
1074 | 
1075 | commit f5d3ebc834c1a6524775d9fe04cb3710328ee4ca
1076 | Author: Patrick Schleizer <adrelanos@riseup.net>
1077 | Date:   Thu Nov 28 08:57:06 2019 -0500
1078 | 
1079 |     description
1080 | 
1081 | commit 66743ce0b86e6824eb78b5463a9f16723efbc5cf
1082 | Author: Patrick Schleizer <adrelanos@riseup.net>
1083 | Date:   Thu Nov 28 08:55:08 2019 -0500
1084 | 
1085 |     description
1086 | 
1087 | commit a625bca963b2f0e473e89f35946a1457a8151140
1088 | Author: Patrick Schleizer <adrelanos@riseup.net>
1089 | Date:   Thu Nov 28 08:53:32 2019 -0500
1090 | 
1091 |     readme
1092 | 
1093 | commit 615c0a8d1cc13533fd51ce0b8fd494754e71e839
1094 | Author: Patrick Schleizer <adrelanos@riseup.net>
1095 | Date:   Thu Nov 28 08:52:50 2019 -0500
1096 | 
1097 |     description
1098 | 
1099 | commit 4694afe3e7fd4220b6c48d2c554bd2d88d4b8923
1100 | Author: Patrick Schleizer <adrelanos@riseup.net>
1101 | Date:   Thu Nov 28 08:10:00 2019 -0500
1102 | 
1103 |     description
1104 | 
1105 | commit 5f3719e3e01994192c484d2dcef94ed9f580f17c
1106 | Author: Patrick Schleizer <adrelanos@riseup.net>
1107 | Date:   Thu Nov 28 08:06:47 2019 -0500
1108 | 
1109 |     description
1110 | 
1111 | commit f967fce9fe835ba80b42bd4dad9e94ce2908a984
1112 | Author: Patrick Schleizer <adrelanos@riseup.net>
1113 | Date:   Thu Nov 28 07:45:52 2019 -0500
1114 | 
1115 |     readme
1116 | 
1117 | commit 7eec7305a9bba46817f9a974f63cde24d4b009d7
1118 | Author: Patrick Schleizer <adrelanos@riseup.net>
1119 | Date:   Thu Nov 28 07:36:12 2019 -0500
1120 | 
1121 |     silent
1122 | 
1123 | commit 67bf3b2e3e75be68c24fb3073a3791a60507f5e2
1124 | Author: Patrick Schleizer <adrelanos@riseup.net>
1125 | Date:   Thu Nov 28 07:35:43 2019 -0500
1126 | 
1127 |     load kernel module at boot time through systemd
1128 | 
1129 | commit 24522939ebd23519403a1323c25b0abe0417f9c8
1130 | Author: Patrick Schleizer <adrelanos@riseup.net>
1131 | Date:   Thu Nov 28 07:14:01 2019 -0500
1132 | 
1133 |     loader-uninstallation
1134 | 
1135 | commit 94326bc7ede977aeffcc7fdf0cf63c79a3e44729
1136 | Author: Patrick Schleizer <adrelanos@riseup.net>
1137 | Date:   Thu Nov 28 07:08:36 2019 -0500
1138 | 
1139 |     use "path agnostic" modprobe rather than insmod
1140 | 
1141 | commit 3ac8ee2015607bff7f00d0daa9404244f76b8c16
1142 | Author: Patrick Schleizer <adrelanos@riseup.net>
1143 | Date:   Thu Nov 28 07:08:19 2019 -0500
1144 | 
1145 |     loader installation
1146 | 
1147 | commit 1e4da0185d0c0c9b27ea9eb0b0963e4520ccdee1
1148 | Author: Patrick Schleizer <adrelanos@riseup.net>
1149 | Date:   Thu Nov 28 06:31:35 2019 -0500
1150 | 
1151 |     fix path
1152 | 
1153 | commit 30316f6c7ac711bbe28c53b7a20b8a2b6c75cca2
1154 | Author: Patrick Schleizer <adrelanos@riseup.net>
1155 | Date:   Thu Nov 28 06:28:45 2019 -0500
1156 | 
1157 |     fix, add load.c
1158 | 
1159 | commit 5861dedf44503caf3966ef7d8be58a541459df51
1160 | Author: Patrick Schleizer <adrelanos@riseup.net>
1161 | Date:   Thu Nov 28 06:26:15 2019 -0500
1162 | 
1163 |     add changelog.upstream
1164 | 
1165 | commit 3342934a443bb1153d96125fc269e4df9c33ae08
1166 | Author: Patrick Schleizer <adrelanos@riseup.net>
1167 | Date:   Thu Nov 28 06:26:02 2019 -0500
1168 | 
1169 |     initial packaging
1170 | 
1171 | commit de53b1489cc9829a87e9a4e295c6e2b892408793
1172 | Author: Patrick Schleizer <adrelanos@riseup.net>
1173 | Date:   Thu Nov 28 04:47:03 2019 -0500
1174 | 
1175 |     complete make clean
1176 | 
1177 | commit 27b119fea34f63168dff3e9571900e270c7bc846
1178 | Author: Patrick Schleizer <adrelanos@riseup.net>
1179 | Date:   Thu Nov 28 04:42:54 2019 -0500
1180 | 
1181 |     add module/modules.order to make clean
1182 | 
1183 | commit 6360b6932c236c41cfe2a83992bb4d6e168d53ed
1184 | Author: Patrick Schleizer <adrelanos@riseup.net>
1185 | Date:   Thu Nov 28 04:41:16 2019 -0500
1186 | 
1187 |     use `rm` with `-f` in Makefile to make the script idempotent
1188 |     
1189 |     and not exit non-zero (error) in case there are no files to be deleted
1190 | 
1191 | commit 7d2b22638e0f38ce58b69ba2222b9f4de02c2c70
1192 | Author: Patrick Schleizer <adrelanos@riseup.net>
1193 | Date:   Thu Nov 28 04:40:21 2019 -0500
1194 | 
1195 |     typo
1196 | 
1197 | commit 734cedf66169887a764488158ca1782a5e9f767c
1198 | Author: Patrick Schleizer <adrelanos@riseup.net>
1199 | Date:   Thu Nov 28 04:39:15 2019 -0500
1200 | 
1201 |     remove trailing spaces
1202 | 
1203 | commit 4b9784732807e60045b2953391c1ed1ea9813326
1204 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1205 | Date:   Sun Nov 17 10:02:52 2019 -0700
1206 | 
1207 |     Update README.md
1208 | 
1209 | commit 576f2b81fb98732101c6321fa75e7d056c9f3b6d
1210 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1211 | Date:   Sat Nov 16 15:55:47 2019 -0700
1212 | 
1213 |     Update Makefile
1214 | 
1215 | commit 5ff3e68ad527e8350e16857104532364145e8a96
1216 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1217 | Date:   Sat Nov 16 15:53:28 2019 -0700
1218 | 
1219 |     Update Makefile
1220 | 
1221 | commit bedebcacf9c4956908862ba60b85a36dc7133dac
1222 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1223 | Date:   Sat Nov 16 15:51:56 2019 -0700
1224 | 
1225 |     Update README.md
1226 | 
1227 | commit 3941b9ee92229992d33190154134670567ad314c
1228 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1229 | Date:   Sat Nov 16 15:48:27 2019 -0700
1230 | 
1231 |     Rename MakeFile to Makefile
1232 | 
1233 | commit b49a3bdebdd01ad1207e88323bbc758215ba346c
1234 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1235 | Date:   Sat Nov 16 15:46:37 2019 -0700
1236 | 
1237 |     Delete compile.sh
1238 | 
1239 | commit 5fe6d995bdc6bf613d0cb221adc9495facc58a94
1240 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1241 | Date:   Sat Nov 16 15:45:43 2019 -0700
1242 | 
1243 |     Update load.c
1244 | 
1245 | commit 0ee2dfd780ff9b47e46a3b88c199f01a376332f1
1246 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1247 | Date:   Sat Nov 16 15:45:10 2019 -0700
1248 | 
1249 |     Update MakeFile
1250 | 
1251 | commit d78a22a86b4bd72e685be2a60b88729ca480c543
1252 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1253 | Date:   Sat Nov 16 15:44:31 2019 -0700
1254 | 
1255 |     Delete tirdad.c
1256 | 
1257 | commit 6711409bb5c177034e93c2ecb3f2536be649eab0
1258 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1259 | Date:   Sat Nov 16 15:44:04 2019 -0700
1260 | 
1261 |     Create Makefile
1262 | 
1263 | commit 43ed155a341ba95d83f7d0f73ab4496b0545f31a
1264 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1265 | Date:   Sat Nov 16 15:43:36 2019 -0700
1266 | 
1267 |     initial release
1268 | 
1269 | commit 93420b7a282536a64cd4a1ae5cd045c6470f03e9
1270 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1271 | Date:   Sat Nov 16 14:17:50 2019 -0700
1272 | 
1273 |     Create COPYING
1274 | 
1275 | commit f92d1a87a4b665a4577b0dbb50a64a7107ebfe55
1276 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1277 | Date:   Sat Nov 16 14:16:25 2019 -0700
1278 | 
1279 |     Create LICENSE
1280 | 
1281 | commit a0592b8147b03b6416abf6514500ec78a936a7a3
1282 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1283 | Date:   Sat Nov 16 00:19:37 2019 -0700
1284 | 
1285 |     Fix formatting
1286 | 
1287 | commit ffb8f62aadea1936af9b80359dd4276f8ebc3cac
1288 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1289 | Date:   Sat Nov 16 00:17:34 2019 -0700
1290 | 
1291 |     Create load.c
1292 | 
1293 | commit 7f050f45ef1704a59590b62a05f06bc03ed74db7
1294 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1295 | Date:   Sat Nov 16 00:15:40 2019 -0700
1296 | 
1297 |     Fix formating - initial release
1298 | 
1299 | commit 90c893e33f609bd96ca5d4e0c7360071dac8b735
1300 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1301 | Date:   Fri Nov 15 19:26:01 2019 -0700
1302 | 
1303 |     Update README.md
1304 | 
1305 | commit 71ad0f6fd0ed1898c5ac26ec098ed2eb1227b4b4
1306 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1307 | Date:   Fri Nov 15 19:24:40 2019 -0700
1308 | 
1309 |     Update README.md
1310 | 
1311 | commit 43deb8073521ed7dce4e369fbbf45c37ae7559be
1312 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1313 | Date:   Fri Nov 15 19:18:27 2019 -0700
1314 | 
1315 |     Update README.md
1316 | 
1317 | commit fe1477e7f4c365ebaf353ab4de78cd3bf49f7f96
1318 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1319 | Date:   Fri Nov 15 19:17:48 2019 -0700
1320 | 
1321 |     Create MakeFile
1322 | 
1323 | commit afee61c8e1931cc83a85f713213fddebe03a9349
1324 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1325 | Date:   Fri Nov 15 19:17:21 2019 -0700
1326 | 
1327 |     Compile the loader and the module
1328 | 
1329 | commit 5fbbd9527eb7a44cc61b15bb83ec4a16edd0d57b
1330 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1331 | Date:   Fri Nov 15 19:16:37 2019 -0700
1332 | 
1333 |     Initial release
1334 | 
1335 | commit e8327bb78ef8d8e8b0c7449341e5593fae19de9c
1336 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1337 | Date:   Fri Nov 15 19:12:12 2019 -0700
1338 | 
1339 |     Update README.md
1340 | 
1341 | commit 22047244c597e6f7ce978c26708ce4629b05424b
1342 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1343 | Date:   Fri Nov 15 19:11:46 2019 -0700
1344 | 
1345 |     Update README.md
1346 | 
1347 | commit 9c3269102425c1d1ad23a7a683c548357a452540
1348 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1349 | Date:   Fri Nov 15 19:10:24 2019 -0700
1350 | 
1351 |     Update README.md
1352 | 
1353 | commit e2686b04b9df361e0b30abcf223d996a373be420
1354 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1355 | Date:   Fri Nov 15 19:04:19 2019 -0700
1356 | 
1357 |     Update README.md
1358 | 
1359 | commit 986a776cfad6083bd909374930e1ce3fa6887902
1360 | Author: Sirus Shahini <sirus.shahini@gmail.com>
1361 | Date:   Fri Nov 15 19:03:57 2019 -0700
1362 | 
1363 |     Initial commit
1364 | 


--------------------------------------------------------------------------------
/debian/30-tirdad.conf:
--------------------------------------------------------------------------------
1 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
2 | ## See the file COPYING for copying conditions.
3 | 
4 | ## Gets copied to:
5 | ## /etc/modprobe.d/30-tirdad.conf
6 | 
7 | ## Load tirdad before LKRG so LKRG does not judge tirdad to be malicious.
8 | softdep p_lkrg pre: tirdad
9 | 


--------------------------------------------------------------------------------
/debian/30_tirdad.conf:
--------------------------------------------------------------------------------
1 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
2 | ## See the file COPYING for copying conditions.
3 | 
4 | ## /usr/lib/modules-load.d/30_tirdad.conf
5 | 
6 | tirdad
7 | 


--------------------------------------------------------------------------------
/debian/changelog:
--------------------------------------------------------------------------------
  1 | tirdad (0:0.2.0-1) unstable; urgency=medium
  2 | 
  3 |   * New upstream version (local package).
  4 | 
  5 |  -- Patrick Schleizer <adrelanos@whonix.org>  Fri, 24 Jan 2025 13:24:16 +0000
  6 | 
  7 | tirdad (0:0.1.34-1) unstable; urgency=medium
  8 | 
  9 |   * New upstream version (local package).
 10 | 
 11 |  -- Patrick Schleizer <adrelanos@whonix.org>  Fri, 24 Jan 2025 11:11:05 +0000
 12 | 
 13 | tirdad (0:0.1.33-1) unstable; urgency=medium
 14 | 
 15 |   * New upstream version (local package).
 16 | 
 17 |  -- Patrick Schleizer <adrelanos@whonix.org>  Mon, 06 Jan 2025 12:04:12 +0000
 18 | 
 19 | tirdad (0:0.1.32-1) unstable; urgency=medium
 20 | 
 21 |   * New upstream version (local package).
 22 | 
 23 |  -- Patrick Schleizer <adrelanos@whonix.org>  Tue, 31 Dec 2024 19:19:27 +0000
 24 | 
 25 | tirdad (0:0.1.31-1) unstable; urgency=medium
 26 | 
 27 |   * New upstream version (local package).
 28 | 
 29 |  -- Patrick Schleizer <adrelanos@whonix.org>  Sun, 29 Dec 2024 13:09:32 +0000
 30 | 
 31 | tirdad (0:0.1.30-1) unstable; urgency=medium
 32 | 
 33 |   * New upstream version (local package).
 34 | 
 35 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 16 Oct 2024 10:58:52 +0000
 36 | 
 37 | tirdad (0:0.1.29-1) unstable; urgency=medium
 38 | 
 39 |   * New upstream version (local package).
 40 | 
 41 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 16 Oct 2024 10:25:03 +0000
 42 | 
 43 | tirdad (0:0.1.29-1) unstable; urgency=medium
 44 | 
 45 |   * New upstream version (local package).
 46 | 
 47 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 16 Oct 2024 09:39:29 +0000
 48 | 
 49 | tirdad (0:0.1.28-1) unstable; urgency=medium
 50 | 
 51 |   * New upstream version (local package).
 52 | 
 53 |  -- Patrick Schleizer <adrelanos@whonix.org>  Tue, 08 Oct 2024 09:19:52 +0000
 54 | 
 55 | tirdad (0:0.1.27-1) unstable; urgency=medium
 56 | 
 57 |   * New upstream version (local package).
 58 | 
 59 |  -- Patrick Schleizer <adrelanos@whonix.org>  Mon, 25 Dec 2023 18:43:44 +0000
 60 | 
 61 | tirdad (0:0.1.26-1) unstable; urgency=medium
 62 | 
 63 |   * New upstream version (local package).
 64 | 
 65 |  -- Patrick Schleizer <adrelanos@whonix.org>  Sat, 11 Nov 2023 20:26:21 +0000
 66 | 
 67 | tirdad (0:0.1.25-1) unstable; urgency=medium
 68 | 
 69 |   * New upstream version (local package).
 70 | 
 71 |  -- Patrick Schleizer <adrelanos@whonix.org>  Mon, 17 Jul 2023 15:51:02 +0000
 72 | 
 73 | tirdad (0:0.1.24-1) unstable; urgency=medium
 74 | 
 75 |   * New upstream version (local package).
 76 | 
 77 |  -- Patrick Schleizer <adrelanos@whonix.org>  Thu, 13 Jul 2023 13:32:43 +0000
 78 | 
 79 | tirdad (0:0.1.23-1) unstable; urgency=medium
 80 | 
 81 |   * New upstream version (local package).
 82 | 
 83 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 21 Jun 2023 09:39:47 +0000
 84 | 
 85 | tirdad (0:0.1.22-3) unstable; urgency=medium
 86 | 
 87 |   * New upstream version (local package).
 88 | 
 89 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 14 Jun 2023 10:02:17 +0000
 90 | 
 91 | tirdad (0:0.1.22-2) unstable; urgency=medium
 92 | 
 93 |   * New upstream version (local package).
 94 | 
 95 |  -- Patrick Schleizer <adrelanos@whonix.org>  Mon, 12 Jun 2023 18:08:51 +0000
 96 | 
 97 | tirdad (0:0.1.22-2) unstable; urgency=medium
 98 | 
 99 |   * New upstream version (local package).
100 | 
101 |  -- Patrick Schleizer <adrelanos@whonix.org>  Mon, 12 Jun 2023 15:34:59 +0000
102 | 
103 | tirdad (0:0.1.22-1) unstable; urgency=medium
104 | 
105 |   * New upstream version (local package).
106 | 
107 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 08 Jun 2022 15:11:03 +0000
108 | 
109 | tirdad (0:0.1.21-1) unstable; urgency=medium
110 | 
111 |   * New upstream version (local package).
112 | 
113 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 25 May 2022 10:07:32 +0000
114 | 
115 | tirdad (0:0.1.20-1) unstable; urgency=medium
116 | 
117 |   * New upstream version (local package).
118 | 
119 |  -- Patrick Schleizer <adrelanos@whonix.org>  Sat, 28 Aug 2021 18:00:46 +0000
120 | 
121 | tirdad (0:0.1.19-3) unstable; urgency=medium
122 | 
123 |   * New upstream version (local package).
124 | 
125 |  -- Patrick Schleizer <adrelanos@whonix.org>  Fri, 06 Aug 2021 20:44:53 +0000
126 | 
127 | tirdad (0:0.1.19-2) unstable; urgency=medium
128 | 
129 |   * New upstream version (local package).
130 | 
131 |  -- Patrick Schleizer <adrelanos@whonix.org>  Thu, 05 Aug 2021 21:09:46 +0000
132 | 
133 | tirdad (0:0.1.19-1) unstable; urgency=medium
134 | 
135 |   * New upstream version (local package).
136 | 
137 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 05 May 2021 12:42:20 +0000
138 | 
139 | tirdad (0:0.1.18-1) unstable; urgency=medium
140 | 
141 |   * New upstream version (local package).
142 | 
143 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 17 Mar 2021 16:40:36 +0000
144 | 
145 | tirdad (0:0.1.17-1) unstable; urgency=medium
146 | 
147 |   * New upstream version (local package).
148 | 
149 |  -- Patrick Schleizer <adrelanos@whonix.org>  Sun, 27 Sep 2020 15:47:13 +0000
150 | 
151 | tirdad (0:0.1.16-1) unstable; urgency=medium
152 | 
153 |   * New upstream version (local package).
154 | 
155 |  -- Patrick Schleizer <adrelanos@whonix.org>  Thu, 02 Apr 2020 12:04:13 +0000
156 | 
157 | tirdad (0:0.1.15-1) unstable; urgency=medium
158 | 
159 |   * New upstream version (local package).
160 | 
161 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 01 Apr 2020 15:04:58 +0000
162 | 
163 | tirdad (0:0.1.14-1) unstable; urgency=medium
164 | 
165 |   * New upstream version (local package).
166 | 
167 |  -- Patrick Schleizer <adrelanos@whonix.org>  Fri, 14 Feb 2020 07:27:32 +0000
168 | 
169 | tirdad (0:0.1.13-1) unstable; urgency=medium
170 | 
171 |   * New upstream version (local package).
172 | 
173 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 22 Jan 2020 11:41:11 +0000
174 | 
175 | tirdad (0:0.1.12-1) unstable; urgency=medium
176 | 
177 |   * New upstream version (local package).
178 | 
179 |  -- Patrick Schleizer <adrelanos@whonix.org>  Sat, 11 Jan 2020 20:20:19 +0000
180 | 
181 | tirdad (0:0.1.11-1) unstable; urgency=medium
182 | 
183 |   * New upstream version (local package).
184 | 
185 |  -- Patrick Schleizer <adrelanos@whonix.org>  Sat, 11 Jan 2020 10:26:04 +0000
186 | 
187 | tirdad (0:0.1.10-1) unstable; urgency=medium
188 | 
189 |   * New upstream version (local package).
190 | 
191 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 01 Jan 2020 11:18:03 +0000
192 | 
193 | tirdad (0:0.1.9-1) unstable; urgency=medium
194 | 
195 |   * New upstream version (local package).
196 | 
197 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 01 Jan 2020 11:01:31 +0000
198 | 
199 | tirdad (0:0.1.8-1) unstable; urgency=medium
200 | 
201 |   * New upstream version (local package).
202 | 
203 |  -- Patrick Schleizer <adrelanos@whonix.org>  Tue, 24 Dec 2019 23:36:40 +0000
204 | 
205 | tirdad (0:0.1.7-1) unstable; urgency=medium
206 | 
207 |   * New upstream version (local package).
208 | 
209 |  -- Patrick Schleizer <adrelanos@whonix.org>  Tue, 24 Dec 2019 13:08:46 +0000
210 | 
211 | tirdad (0:0.1.6-1) unstable; urgency=medium
212 | 
213 |   * New upstream version (local package).
214 | 
215 |  -- Patrick Schleizer <adrelanos@whonix.org>  Sun, 08 Dec 2019 09:06:22 +0000
216 | 
217 | tirdad (0:0.1.5-1) unstable; urgency=medium
218 | 
219 |   * New upstream version (local package).
220 | 
221 |  -- Patrick Schleizer <adrelanos@whonix.org>  Fri, 06 Dec 2019 15:29:21 +0000
222 | 
223 | tirdad (0:0.1.4-1) unstable; urgency=medium
224 | 
225 |   * New upstream version (local package).
226 | 
227 |  -- Patrick Schleizer <adrelanos@whonix.org>  Fri, 06 Dec 2019 15:20:34 +0000
228 | 
229 | tirdad (0:0.1.3-1) unstable; urgency=medium
230 | 
231 |   * New upstream version (local package).
232 | 
233 |  -- Patrick Schleizer <adrelanos@whonix.org>  Fri, 06 Dec 2019 15:12:57 +0000
234 | 
235 | tirdad (0:0.1.2-1) unstable; urgency=medium
236 | 
237 |   * New upstream version (local package).
238 | 
239 |  -- Patrick Schleizer <adrelanos@whonix.org>  Fri, 29 Nov 2019 13:12:13 +0000
240 | 
241 | tirdad (0:0.1.1-1) unstable; urgency=medium
242 | 
243 |   * New upstream version (local package).
244 | 
245 |  -- Patrick Schleizer <adrelanos@whonix.org>  Thu, 28 Nov 2019 15:23:30 +0000
246 | 
247 | tirdad (0:0.1.0-1) unstable; urgency=medium
248 | 
249 |   * New upstream version (local package).
250 | 
251 |  -- Patrick Schleizer <adrelanos@whonix.org>  Wed, 13 Nov 2019 08:56:09 +0000
252 | 
253 | tirdad (0:0.0-1) unstable; urgency=medium
254 | 
255 |   * Initial release (local package).
256 | 
257 |  -- Patrick Schleizer <adrelanos@whonix.org>  Tue, 12 Nov 2019 23:55:32 +0000
258 | 


--------------------------------------------------------------------------------
/debian/control:
--------------------------------------------------------------------------------
 1 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@kicksecure.com>
 2 | ## See the file COPYING for copying conditions.
 3 | 
 4 | Source: tirdad
 5 | Section: kernel
 6 | Priority: optional
 7 | Maintainer: Patrick Schleizer <adrelanos@kicksecure.com>
 8 | Build-Depends: debhelper (>= 13), debhelper-compat (= 13), dkms, dh-dkms
 9 | Homepage: https://github.com/0xsirus/tirdad
10 | Vcs-Browser: https://github.com/Kicksecure/tirdad
11 | Vcs-Git: https://github.com/Kicksecure/tirdad.git
12 | Standards-Version: 4.6.2
13 | Rules-Requires-Root: no
14 | 
15 | Package: tirdad
16 | Architecture: linux-amd64
17 | Depends: tirdad-dkms, ${misc:Depends}
18 | Description: TCP ISN CPU Information Leak Protection
19 |  TCP Initial Sequence Numbers Randomization to prevent TCP ISN based CPU
20 |  Information Leaks.
21 |  .
22 |  The Linux kernel has a side-channel information leak bug.
23 |  It is leaked in any outgoing traffic.
24 |  This can allow side-channel attacks because sensitive information about
25 |  a system's CPU activity is leaked.
26 |  .
27 |  It may prove very dangerous for long-running cryptographic operations. [A]
28 |  .
29 |  Research has demonstrated that it can be used for de-anonymization of
30 |  location-hidden services. [1]
31 |  .
32 |  Clock skew,
33 |  .
34 |   - is leaked through TCP ISNs (Initial Sequence Number) by the Linux kernel.
35 |   - can be remotely detected through observing ISNs.
36 |   - can be induced by an attacker through producing load on the victim machine.
37 |  .
38 |  Quote Security researcher Steven J. Murdoch
39 |  (University of Cambridge, Cambridge, UK) [B]
40 |  .
41 |  "What the Linux ISN leaks is the difference between two timestamps, not the
42 |  timestamp itself. A difference lets you work out drift and skew, which can
43 |  help someone fingerprint the computer hardware, its environment and load. Of
44 |  course that only works if you can probe a computer, and maintain the same
45 |  source/destination port and IP address."
46 |  .
47 |  Quote Mike Perry, developer at The Tor Project [A]:
48 |  .
49 |  "... it is worth complaining to the kernel developers for the simple
50 |  reason that adding the 64ns timer post-hash probably *does* leak side channels
51 |  about CPU activity, and that may prove very dangerous for long-running
52 |  cryptographic operations (along the lines of the hot-or-not issue).
53 |  Unfortunately, someone probably needs to produce more research papers before
54 |  they will listen."
55 |  .
56 |  tirdad is a kernel module to hot-patch the Linux kernel
57 |  to generate random TCP Initial Sequence Numbers for IPv4 TCP connections.
58 |  .
59 |  You can refer to this bog post to get familiar with the original issue:
60 |  .
61 |   - An analysis of TCP secure SN generation in Linux and its privacy issues
62 |   - https://bitguard.wordpress.com/?p=982
63 |  .
64 |  This metapackage depends on tirdad-dkms.
65 |  .
66 |  References:
67 |  .
68 |   - [1] https://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf
69 |   - [2] http://caia.swin.edu.au/talks/CAIA-TALK-080728A.pdf
70 |   - [3] http://www.cl.cam.ac.uk/~sjm217/papers/ih05coverttcp.pdf
71 |   - [4] https://stackoverflow.com/a/12232126
72 |   - [5] http://lxr.free-electrons.com/source/net/core/secure_seq.c?v=3.16
73 |   - [6] https://trac.torproject.org/projects/tor/ticket/16659
74 |   - [7] https://phabricator.whonix.org/T543
75 |   - [A] https://trac.torproject.org/projects/tor/ticket/16659#comment:10
76 |   - [B] https://trac.torproject.org/projects/tor/ticket/16659#comment:18
77 | 
78 | Package: tirdad-dkms
79 | Architecture: linux-amd64
80 | Depends: linux-headers-generic, ${shlibs:Depends}, ${misc:Depends}
81 | Description: TCP Initial Sequence Numbers Randomization - Source Code and DKMS
82 |  tirdad is a kernel module to hot-patch the Linux kernel
83 |  to generate random TCP Initial Sequence Numbers for IPv4 TCP connections.
84 |  .
85 |  This package uses DKMS to automatically build the tirdad kernel
86 |  module.
87 | 


--------------------------------------------------------------------------------
/debian/copyright:
--------------------------------------------------------------------------------
 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 2 | 
 3 | Files: *
 4 | Copyright: Copyright (c) 2015-2018 Sirus Shahini
 5 | License: GPL-3
 6 |  This package is free software; you can redistribute it and/or modify
 7 |  it under the terms of the GNU General Public License as published by
 8 |  the Free Software Foundation; either version 3 of the License, or
 9 |  (at your option) any later version.
10 |  .
11 |  This package is distributed in the hope that it will be useful,
12 |  but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  GNU General Public License for more details.
15 |  .
16 |  You should have received a copy of the GNU General Public License
17 |  along with this package; if not, write to the Free Software
18 |  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
19 |  .
20 |  On Debian systems, the complete text of the GNU General
21 |  Public License can be found in `/usr/share/common-licenses/GPL-3'.
22 | 


--------------------------------------------------------------------------------
/debian/make-helper-overrides.bsh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
4 | ## See the file COPYING for copying conditions.
5 | 
6 | #version_numbers_by_upstream=true
7 | 


--------------------------------------------------------------------------------
/debian/rules:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/make -f
 2 | 
 3 | ## Copyright (C) 2016 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
 4 | ## See the file COPYING for copying conditions.
 5 | 
 6 | #export DH_VERBOSE=1
 7 | 
 8 | export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 9 | DPKG_EXPORT_BUILDFLAGS = 1
10 | include /usr/share/dpkg/buildflags.mk
11 | 
12 | %:
13 | 	dh $@ --with dkms
14 | 
15 | override_dh_installchangelogs:
16 | 	dh_installchangelogs changelog.upstream upstream
17 | 
18 | override_dh_auto_build:
19 | 	true
20 | 
21 | override_dh_auto_clean:
22 | 	true
23 | 
24 | override_dh_auto_install:
25 | 	true
26 | 


--------------------------------------------------------------------------------
/debian/source/format:
--------------------------------------------------------------------------------
1 | 3.0 (quilt)
2 | 


--------------------------------------------------------------------------------
/debian/source/lintian-overrides:
--------------------------------------------------------------------------------
1 | ## https://phabricator.whonix.org/T277
2 | debian-watch-does-not-check-openpgp-signature
3 | 


--------------------------------------------------------------------------------
/debian/tirdad-dkms.dkms:
--------------------------------------------------------------------------------
 1 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
 2 | ## See the file COPYING for copying conditions.
 3 | 
 4 | PACKAGE_NAME="tirdad"
 5 | 
 6 | ## TODO: how?
 7 | #PACKAGE_VERSION="#MODULE_VERSION#"
 8 | 
 9 | PACKAGE_VERSION="0.1"
10 | 
11 | BUILT_MODULE_LOCATION[0]="module"
12 | BUILT_MODULE_NAME[0]="tirdad"
13 | 
14 | DEST_MODULE_LOCATION[0]="/extra"
15 | DEST_MODULE_NAME[0]="tirdad"
16 | 
17 | AUTOINSTALL="yes"
18 | 
19 | MAKE[0]="make all"
20 | CLEAN[0]="make clean"
21 | 


--------------------------------------------------------------------------------
/debian/tirdad-dkms.install:
--------------------------------------------------------------------------------
 1 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
 2 | ## See the file COPYING for copying conditions.
 3 | 
 4 | ## TODO: do not hardcode 0.1
 5 | 
 6 | module/* usr/src/tirdad-0.1/module
 7 | Makefile usr/src/tirdad-0.1/
 8 | 
 9 | debian/30_tirdad.conf usr/lib/modules-load.d/
10 | debian/30-tirdad.conf etc/modprobe.d/
11 | 


--------------------------------------------------------------------------------
/debian/tirdad-dkms.triggers:
--------------------------------------------------------------------------------
 1 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
 2 | ## See the file COPYING for copying conditions.
 3 | 
 4 | #### meta start
 5 | #### project Kicksecure
 6 | #### category security
 7 | #### description
 8 | 
 9 | ## Let dracut import new MOK after using:
10 | ## sudo mokutil --import /var/lib/dkms/mok.pub
11 | activate-noawait update-initramfs
12 | 
13 | #### meta end
14 | 


--------------------------------------------------------------------------------
/debian/tirdad.install:
--------------------------------------------------------------------------------
1 | ## Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
2 | ## See the file COPYING for copying conditions.
3 | 
4 | ## This file was generated using genmkfile 'make debinstfile'.
5 | 
6 | 


--------------------------------------------------------------------------------
/debian/watch:
--------------------------------------------------------------------------------
1 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
2 | ## See the file COPYING for copying conditions.
3 | 
4 | version=4
5 | opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/tirdad-$1\.tar\.gz/ \
6 |   https://github.com/Whonix/tirdad/tags .*/v?(\d\S+)\.tar\.gz
7 | 


--------------------------------------------------------------------------------
/legacy/tirdad.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |     By Sirus Shahini
  3 |     ~cyn
  4 | 
  5 | 
  6 |     This is the original implementation of the module.
  7 |     This version is not maintained anymore and is replaced with a simpler implementation.
  8 |     As of October 2024 this code is stable and runs normally on recent kernels.
  9 | 
 10 | */
 11 | 
 12 | #include <linux/init.h>
 13 | #include <linux/kernel.h>
 14 | #include <linux/module.h>
 15 | #include <linux/list.h>
 16 | #include <linux/string.h>
 17 | #include <linux/types.h>
 18 | #include <linux/slab.h>
 19 | #include <linux/mm_types.h>
 20 | #include <linux/page-flags.h>
 21 | #include <linux/mmzone.h>
 22 | #include <linux/gfp.h>
 23 | #include <linux/pfn.h>
 24 | #include <linux/hugetlb.h>
 25 | #include <linux/syscalls.h>
 26 | #include <asm/cacheflush.h>
 27 | #include <asm/uaccess.h>
 28 | #include <linux/utsname.h>
 29 | #include <linux/moduleparam.h>
 30 | #include <linux/siphash.h>
 31 | #include <linux/random.h>
 32 | #include <linux/kprobes.h>
 33 | #include <linux/in6.h>
 34 | 
 35 | siphash_key_t seq_secret;
 36 | siphash_key_t last_secret;
 37 | 
 38 | 
 39 | #define AGGREGATE_KEY_SIZE	16
 40 | #define FUSION_SIZE		12
 41 | 
 42 | 
 43 | struct target_vals{
 44 | 	unsigned long adr;
 45 | 	unsigned long hook_adr;
 46 | 	u8 backup_bytes[FUSION_SIZE];
 47 | 
 48 | 	/*
 49 | 	 *	We expect the two target functions to be
 50 | 	 *	placed on the same page but we treat them
 51 | 	 *	independently anyways.
 52 | 	*/
 53 | 	u8 p_bits;
 54 | } seqv4,seqv6;
 55 | 
 56 | 
 57 | #ifdef COLORED_OUTP
 58 | #define CNORM				"\x1b[0m"
 59 | #define CRED				"\x1b[1;31m"
 60 | #define CGREEN				"\x1b[1;32m"
 61 | #else
 62 | #define CNORM				""
 63 | #define CRED				""
 64 | #define CGREEN				""
 65 | #endif
 66 | 
 67 | 
 68 | void _s_out(u8 err, char *fmt, ...);
 69 | siphash_key_t *get_secret(void);
 70 | u32 secure_tcp_seq_hooked(__be32 , __be32 , __be16 , __be16 );
 71 | u32 secure_tcpv6_seq_hooked(const __be32 *, const __be32 *,__be16 , __be16 );
 72 | int store_p_bits(unsigned long , unsigned char );
 73 | int install_hook_on(struct target_vals *);
 74 | void recover_one(struct target_vals *);
 75 | int get_kasln_adr(void);
 76 | int hook_init(void);
 77 | void hook_exit(void);
 78 | int preh_hk(struct kprobe * kp, struct pt_regs *);
 79 | void posth_hk(struct kprobe * kp, struct pt_regs *,unsigned long);
 80 | 
 81 | 
 82 | #ifdef pte_offset_map
 83 | #define _pte_direct pte_offset_map
 84 | #else
 85 | #define _pte_direct __pte_map
 86 | #endif
 87 | 
 88 | 
 89 | u64 kasln_adr=0;
 90 | 
 91 | void _s_out(u8 err, char *fmt, ...){
 92 |     va_list argp;
 93 |     char msg_fmt[255];
 94 | 
 95 | 
 96 |     if (err){
 97 | 		strcpy(msg_fmt,CRED"[!] TIRDAD: "CNORM);
 98 |     }else{
 99 | 		strcpy(msg_fmt,CGREEN"[-] TIRDAD: "CNORM);
100 |     }
101 |     strcat(msg_fmt,fmt);
102 |     strcat(msg_fmt,"\n");
103 |     va_start(argp,fmt);
104 |     vprintk(msg_fmt,argp);
105 |     va_end(argp);
106 | }
107 | 
108 | siphash_key_t *get_secret(void){
109 | 	u32 temp;
110 | 
111 | 	temp = *((u32*)(&seq_secret.key[0]));
112 | 	temp>>=8;
113 | 	last_secret.key[0] += temp;
114 | 	temp = *((u32*)(&seq_secret.key[1]));
115 | 	temp>>=8;
116 | 	last_secret.key[1] += temp;
117 | 
118 | 	return &last_secret;
119 | }
120 | 
121 | 
122 | u32 secure_tcp_seq_hooked(__be32 saddr, __be32 daddr,
123 | 		   __be16 sport, __be16 dport)
124 | {
125 | 	u32 hash;
126 | 
127 | 	hash = siphash_3u32((__force u32)saddr, (__force u32)daddr,
128 | 			        (__force u32)sport << 16 | (__force u32)dport,
129 | 			        get_secret());
130 | 	return hash;
131 | }
132 | 
133 | 
134 | u32 secure_tcpv6_seq_hooked(const __be32 *saddr, const __be32 *daddr,
135 | 		     __be16 sport, __be16 dport)
136 | {
137 | 	const struct {
138 | 		struct in6_addr saddr;
139 | 		struct in6_addr daddr;
140 | 		__be16 sport;
141 | 		__be16 dport;
142 | 	} __aligned(SIPHASH_ALIGNMENT) combined = {
143 | 		.saddr = *(struct in6_addr *)saddr,
144 | 		.daddr = *(struct in6_addr *)daddr,
145 | 		.sport = sport,
146 | 		.dport = dport
147 | 	};
148 | 	u32 hash;
149 | 
150 | 	hash = siphash(&combined, offsetofend(typeof(combined), dport),
151 | 		       get_secret());
152 | 	return hash;
153 | }
154 | 
155 | int store_p_bits(unsigned long address, unsigned char bits){
156 | 	pgd_t *pgd;
157 | 	pud_t *pud;
158 | 	pmd_t *pmd;
159 | 	pte_t *ptep;
160 | 	p4d_t *p4d;
161 | 	unsigned long ent_val;
162 | 	struct mm_struct *mm;
163 | 
164 | 	unsigned short ps = 1 << 7;
165 | 	u8 cbit;
166 | 	u8 op_num;
167 | 
168 | 	mm = current->mm;
169 | 	pgd = pgd_offset(mm, address);
170 | 
171 | 	if (pgd_none(*pgd) || unlikely(pgd_bad(*pgd))){
172 | 		return -1;
173 | 	}
174 | 	ent_val = *((unsigned long*)pgd);
175 | 	op_num = 1;
176 | 	cbit = bits & op_num;
177 | 	if (cbit){
178 | 	    ent_val = ent_val | 2;
179 | 	}else{
180 | 	    ent_val = ent_val & ~((u8)2);
181 | 	}
182 | 	*((unsigned long*)pgd) = ent_val;
183 | 
184 | 	p4d = p4d_offset(pgd,address);
185 | 	pud = pud_offset(p4d, address);
186 | 
187 | 	ent_val = *((unsigned long*)pud);
188 | 	op_num = 2;
189 | 	cbit = bits & op_num;
190 | 	if (cbit){
191 | 	    ent_val = ent_val | 2;
192 | 	}else{
193 | 	    ent_val = ent_val & ~((u8)2);
194 | 	}
195 | 	*((unsigned long*)pud) = ent_val;
196 | 	if (!!( ps & ent_val ) == 1){
197 | 	    return 1;
198 | 	}
199 | 	pmd = pmd_offset(pud, address);
200 | 	/*
201 | 	 *	We don't have to check for this
202 | 	 *	but if this macro triggers a bug
203 | 	 *	here there's already something wrong
204 | 	 *	with mappings.
205 | 	 *	I leave it to stay here for the
206 | 	 *	sake of completeness.
207 | 	*/
208 | 	VM_BUG_ON(pmd_trans_huge(*pmd));
209 | 	ent_val = *((unsigned long*)pmd);
210 | 
211 | 	op_num = 4;
212 | 	cbit = bits & op_num;
213 | 	if (cbit){
214 | 	    ent_val = ent_val | 2;
215 | 	}else{
216 | 	    ent_val = ent_val & ~((u8)2);
217 | 	}
218 | 	*((unsigned long*)pmd) = ent_val;
219 | 	if (!!( ps & ent_val ) == 1){
220 | 	    return 1;
221 | 	}
222 | 	ptep=_pte_direct(pmd, address);
223 | 	if (!ptep){
224 | 		return -1;
225 | 	}
226 | 	ent_val = *((unsigned long*)(ptep));
227 | 	op_num = 8;
228 | 	cbit = bits & op_num;
229 | 	if (cbit){
230 | 	    ent_val = ent_val | 2;
231 | 	}else{
232 | 	    ent_val = ent_val & ~((u8)2);
233 | 	}
234 | 	*((unsigned long*)ptep) = ent_val;
235 | 	return 1;
236 | }
237 | 
238 | int install_hook_on(struct target_vals *target){
239 | 	char payload[] = "\x48\xB8\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xE0";
240 | 	u8* payload_adr;
241 | 	pgd_t *pgd;
242 | 	p4d_t *p4d;
243 | 	pud_t *pud;
244 | 	pmd_t *pmd;
245 | 	pte_t *ptep;
246 | 	unsigned long ent_val;
247 | 	struct mm_struct *mm;
248 | 	unsigned short ps = 1 << 7;
249 | 	u8 cbit;
250 | 	u8 p_bits;
251 | 
252 | 	p_bits=0;
253 | 
254 | 	mm = current->mm;
255 | 	pgd = pgd_offset(mm, target->adr);
256 | 
257 | 	if (pgd_none(*pgd) || unlikely(pgd_bad(*pgd))){
258 | 		_s_out(1,"FATAL: Page tables not accessible.");
259 | 		return -1;
260 | 	}
261 | 
262 | 	ent_val = *((unsigned long*)pgd);
263 | 	cbit = ent_val & 2;
264 | 	if (cbit) p_bits = 1;
265 | 	p4d = p4d_offset(pgd,target->adr);
266 | 
267 | 	pud = pud_offset(p4d, target->adr);
268 | 	ent_val = *((unsigned long*)pud);
269 | 	cbit = ent_val & 2;
270 | 	if (cbit) p_bits = p_bits | 2;
271 | 
272 | 	if (!!( ps & ent_val ) == 1){
273 | 	    goto install;
274 | 	}
275 | 
276 | 	pmd = pmd_offset(pud, target->adr);
277 | 	VM_BUG_ON(pmd_trans_huge(*pmd));
278 | 	ent_val = *((unsigned long*)pmd);
279 | 	cbit = ent_val & 2;
280 | 	if (cbit) p_bits = p_bits | 4;
281 | 
282 | 	if (!!( ps & ent_val ) == 1){
283 | 	    goto install;
284 | 	}
285 | 
286 | 	ptep=_pte_direct(pmd, target->adr);
287 | 
288 | 	if (!ptep){
289 | 		_s_out(1,"FATAL: Page table entry not accessible.");
290 | 		return -1;
291 | 	}
292 | 
293 | 	ent_val = *((unsigned long*)(ptep));
294 | 	cbit = ent_val & 2;
295 | 	if (cbit) p_bits = p_bits | 8;
296 | 
297 | install:
298 | 
299 | 	store_p_bits(target->adr,0x0F);
300 | 
301 | 	payload_adr = (u8*) target->adr;
302 | 	memcpy(target->backup_bytes,(void*)target->adr,FUSION_SIZE);
303 | 	memcpy((void*)target->adr,payload,FUSION_SIZE);
304 | 	*((unsigned long*)&payload_adr[2]) = target->hook_adr;
305 | 
306 | 	/*
307 | 	 * Revert entries to original values.
308 | 	*/
309 | 	store_p_bits(target->adr,p_bits);
310 | 
311 | 	target->p_bits=p_bits;
312 | 
313 | 	return 0;
314 | }
315 | 
316 | void recover_one(struct target_vals *target){
317 | 	store_p_bits(target->adr,0x0F);
318 | 	memcpy((void*)target->adr,target->backup_bytes,FUSION_SIZE);
319 | 	store_p_bits(target->adr,target->p_bits);
320 | }
321 | 
322 | #define SYMBOL_LOOKUP(s) (((u64 (*)(const char *))(kasln_adr))(s))
323 | #define HANDLER(t,l,ret,...) t l ## h_hk(struct kprobe * kp, struct pt_regs * r\
324 | 					__VA_OPT__(,) __VA_ARGS__){\
325 | 						ret;\
326 | 					}
327 | 
328 | HANDLER(int,pre,return 0)
329 | HANDLER(void,post,return,unsigned long flags)
330 | 
331 | int get_kasln_adr(void){
332 | 	struct kprobe h_kprobe;
333 | 	int r;
334 | 
335 | 	memset(&h_kprobe, 0, sizeof(h_kprobe));
336 | 	h_kprobe.pre_handler = preh_hk;
337 | 	h_kprobe.post_handler = posth_hk;
338 | 	h_kprobe.symbol_name = "kallsyms_lookup_name";
339 | 	r = register_kprobe(&h_kprobe);
340 | 	if (!r){
341 | 		kasln_adr=(u64)h_kprobe.addr;
342 | 	}
343 | 	unregister_kprobe(&h_kprobe);
344 | 
345 | 	return r;
346 | }
347 | 
348 | 
349 | int hook_init(void){
350 | 	int i;
351 | 
352 | 	if (get_kasln_adr()){
353 | 		_s_out(1,"FATAL: Can't find kallsyms_lookup_name.");
354 | 		return -1;
355 | 	}
356 | 
357 | #if !IS_ENABLED(CONFIG_IPV6)
358 | 
359 | 	/*
360 | 	 *	A fail-safe for an extremely unlikely situation.
361 | 	 *	If you have a strange custom kernel without IPv6 support,
362 | 	 *	revert to the older versions of tirdad (like commit: 1742ca6).
363 | 	*/
364 | 
365 | 	_s_out(1,"IPv6 is not supported in your system.");
366 | 	return -1;
367 | #endif
368 | 
369 | 	seqv4.adr = 0;
370 | 	seqv6.adr = 0;
371 | 
372 | 	memset(&seq_secret.key,0,AGGREGATE_KEY_SIZE);
373 | 
374 | 	/*
375 | 	 *	Find our function of interest and
376 | 	 *	read some random bytes
377 | 	 *	We don't directly call kallsyms_lookup_name()
378 | 	 *	as it's not exported in newer kernels.
379 | 	*/
380 | 
381 | 	seqv4.adr = SYMBOL_LOOKUP("secure_tcp_seq");
382 | 	seqv4.hook_adr=(u64)&secure_tcp_seq_hooked;
383 | 
384 | 	seqv6.adr = SYMBOL_LOOKUP("secure_tcpv6_seq");
385 | 	seqv6.hook_adr=(u64)&secure_tcpv6_seq_hooked;
386 | 
387 | 	if (!seqv4.adr || !seqv6.adr){
388 | 		_s_out(1,"FATAL: Name lookup failed.");
389 | 		return -1; //EPERM but we use it as a generic error number
390 | 	}
391 | 
392 | 	if (wait_for_random_bytes()){
393 | 		_s_out(1,"FATAL: Can't get random bytes form kernel.");
394 | 		return -1;
395 | 	}
396 | 
397 | 	get_random_bytes(&seq_secret.key,AGGREGATE_KEY_SIZE);
398 | 
399 | 	for (i=0;i<32;i++){
400 | 		if ( *( ((u8*)(&seq_secret.key)) + i ) !=0)
401 | 			break;
402 | 	}
403 | 
404 | 	if (i==32){
405 | 		_s_out(1,"FATAL: Random bytes are not valid.");
406 | 		return -1;
407 | 	}
408 | 
409 | 	memcpy(&last_secret,&seq_secret,AGGREGATE_KEY_SIZE);
410 | 
411 | 	/*
412 | 	 *	Ok, initialization must have succeeded.
413 | 	 *	Prepare the page tables and install the hook
414 | 	*/
415 | 
416 | 	if (install_hook_on(&seqv4) ||
417 | 		install_hook_on(&seqv6))
418 | 	{
419 | 		_s_out(1,"FATAL: Operation failed.");
420 | 		return -1;
421 | 	}
422 | 
423 | 	_s_out(0,"Hooks are ready. Operation completed without errors.");
424 | 
425 | 	return 0;
426 | }
427 | 
428 | void hook_exit(void){
429 | 	recover_one(&seqv4);
430 | 	recover_one(&seqv6);
431 | 
432 | 	_s_out(0,"Removed hooks. Exiting normally.");
433 | }
434 | module_init(hook_init);
435 | module_exit(hook_exit);
436 | 
437 | MODULE_LICENSE("GPL");
438 | MODULE_AUTHOR("Sirus Shahini <sirus.shahini@gmail.com>");
439 | MODULE_DESCRIPTION("Tirdad hook for TCP ISN generator");
440 | 


--------------------------------------------------------------------------------
/module/Makefile:
--------------------------------------------------------------------------------
1 | obj-m := tirdad.o
2 | 


--------------------------------------------------------------------------------
/module/tirdad.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |     By Sirus Shahini
  3 |     ~cyn
  4 | 
  5 |     Streamline patching as suggested by ArrayBolt3.
  6 | */
  7 | 
  8 | #include <linux/init.h>
  9 | #include <linux/kernel.h>
 10 | #include <linux/module.h>
 11 | #include <linux/string.h>
 12 | #include <linux/types.h>
 13 | #include <linux/siphash.h>
 14 | #include <linux/random.h>
 15 | #include <linux/in6.h>
 16 | #include <linux/livepatch.h>
 17 | 
 18 | #ifdef COLORED_OUTP
 19 | #define CNORM				"\x1b[0m"
 20 | #define CRED				"\x1b[1;31m"
 21 | #define CGREEN				"\x1b[1;32m"
 22 | #else
 23 | #define CNORM				""
 24 | #define CRED				""
 25 | #define CGREEN				""
 26 | #endif
 27 | 
 28 | void _s_out(u8 err, char *fmt, ...);
 29 | u32 secure_tcp_seq_hooked(__be32 , __be32 , __be16 , __be16 );
 30 | u32 secure_tcpv6_seq_hooked(const __be32 *, const __be32 *,__be16 , __be16 );
 31 | int hook_init(void);
 32 | void hook_exit(void);
 33 | 
 34 | 
 35 | void _s_out(u8 err, char *fmt, ...){
 36 | 	va_list argp;
 37 | 	char msg_fmt[255];
 38 | 
 39 | 	if (err){
 40 | 		snprintf(msg_fmt, 255, CRED"[!] TIRDAD: "CNORM"%s\n", fmt);
 41 | 	}else{
 42 | 		snprintf(msg_fmt, 255, CGREEN"[-] TIRDAD: "CNORM"%s\n", fmt);
 43 | 	}
 44 | 
 45 | 	va_start(argp,fmt);
 46 | 	vprintk(msg_fmt,argp);
 47 | 	va_end(argp);
 48 | }
 49 | 
 50 | u32 secure_tcp_seq_hooked(__be32 saddr, __be32 daddr,
 51 | 		   __be16 sport, __be16 dport)
 52 | {
 53 | 	u32 hash;
 54 | 	get_random_bytes(((char *)&hash), sizeof(u32));
 55 | 	return hash;
 56 | }
 57 | 
 58 | 
 59 | u32 secure_tcpv6_seq_hooked(const __be32 *saddr, const __be32 *daddr,
 60 | 		     __be16 sport, __be16 dport)
 61 | {
 62 | 	u32 hash;
 63 | 	get_random_bytes(((char *)&hash), sizeof(u32));
 64 | 	return hash;
 65 | }
 66 | 
 67 | static struct klp_func funcs[] = {
 68 |  	{
 69 |  		.old_name = "secure_tcp_seq",
 70 | 		.new_func = secure_tcp_seq_hooked,
 71 | 	},
 72 | 	{
 73 | 		.old_name = "secure_tcpv6_seq",
 74 | 		.new_func = secure_tcpv6_seq_hooked,
 75 | 	}, { }
 76 | };
 77 | 
 78 | static struct klp_object objs[] = {
 79 | 	{
 80 | 	.funcs = funcs,
 81 | 	}, { }
 82 | };
 83 | 
 84 | static struct klp_patch patch = {
 85 | 	.mod = THIS_MODULE,
 86 | 	.objs = objs,
 87 | };
 88 | 
 89 | int hook_init(void){
 90 | #if !IS_ENABLED(CONFIG_IPV6)
 91 | 
 92 | 	/*
 93 | 	 *	A fail-safe for an extremely unlikely situation.
 94 | 	 *	If you have a strange custom kernel without IPv6 support,
 95 | 	 *	revert to the older versions of tirdad (like commit: 1742ca6).
 96 | 	*/
 97 | 
 98 | 	_s_out(1,"IPv6 is not supported in your system.");
 99 | 	return -1;
100 | #endif
101 | 
102 | 	/*
103 | 	 *	ensure RNG is initialized
104 | 	 */
105 | 
106 | 	if (wait_for_random_bytes()){
107 | 		_s_out(1,"FATAL: Can't get random bytes from kernel.");
108 | 		return -1;
109 | 	}
110 | 
111 | 	/*
112 | 	 *	Ok, initialization must have succeeded.
113 | 	 *	Install the hook
114 | 	 */
115 | 
116 | 	_s_out(0,"Installing hooks via Livepatch.");
117 | 
118 | 	return klp_enable_patch(&patch);
119 | }
120 | 
121 | void hook_exit(void){
122 | 	_s_out(0,"Removed hooks. Exiting normally.");
123 | }
124 | 
125 | module_init(hook_init);
126 | module_exit(hook_exit);
127 | 
128 | MODULE_LICENSE("GPL");
129 | MODULE_AUTHOR("Sirus Shahini <sirus.shahini@gmail.com>");
130 | MODULE_DESCRIPTION("Tirdad hook for TCP ISN generator");
131 | MODULE_INFO(livepatch, "Y");
132 | 
133 | 


--------------------------------------------------------------------------------