lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 16 Dec 2009 21:24:31 +0200
From:	Lucian Adrian Grijincu <lgrijincu@...acom.com>
To:	netdev@...r.kernel.org
CC:	Octavian Purdila <opurdila@...acom.com>
Subject: [RFC 1/2] udp: add non-linear uniform port allocation scheme option
 /proc/sys/net/ipv4/udp_port_randomization


When we allocate ports with a (really) high frequency, randomization
does more harm as some values tend to repeat with a higher frequency
than they would if allocated uniformly, while others are selected more
rarely.

This patch does not allocate ports linearly as older kernels used to do,
but it allocates the port with an uniform frequency.

For example: assuming UDP_HTABLE_SIZE=8, hint=3, low=0, high=32
This leads to:
> first=3, last=3+8=11, rand=(1 | 1) * UDP_HTABLE_SIZE=8

The port selection code is similar to:
> for first in [3..11):
>     snum = first
>     do if (!good(snum)) snum+=8 while(snum!=first)

Will give the following sequence for snum (skipping `modulo 32` for brevity)
   3,  3+8,  3+8+8,  3+8+8+8,
   4,  4+8,  4+8+8,  4+8+8+8,
  ...
   9,  9+8,  9+8+8,  9+8+8+8,
  10, 10+8, 10+8+8, 10+8+8+8,

This will generate all numbers in the [low..high) interval with the
same frequency. This leads to better performance when most ports are
already allocated.

Randomization is still enabled by default for normal setups that will
most likely not encounter such situations.

Signed-off-by: Lucian Adrian Grijincu <lgrijincu@...acom.com>
---
  include/net/udp.h          |    1 +
  net/ipv4/sysctl_net_ipv4.c |    7 +++++++
  net/ipv4/udp.c             |   18 +++++++++++++++---
  3 files changed, 23 insertions(+), 3 deletions(-)



View attachment "0001-udp-add-non-linear-uniform-port-allocation-scheme-op.patch" of type "text/x-patch" (2365 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ