| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Mar 2016 13:01:33 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Rick Jones <rick.jones2@....com> Cc: Eric Dumazet <edumazet@...gle.com>, "David S . Miller" <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Tom Herbert <tom@...bertland.com> Subject: Re: [RFC net-next 2/2] udp: No longer use SLAB_DESTROY_BY_RCU On Mon, 2016-03-28 at 12:11 -0700, Rick Jones wrote: > I was under the impression that individual DNS queries were supposed to > have not only random DNS query IDs but also originate from random UDP > source ports. https://tools.ietf.org/html/rfc5452 4.5 at least touches > on the topic but I don't see it making it hard and fast. By section 10 > though it is more explicit: > > This document recommends the use of UDP source port number > randomization to extend the effective DNS transaction ID beyond the > available 16 bits. > > That being the case, if indeed there were to be 30000-odd concurrent > requests outstanding "upstream" from that location there'd have to be > 30000 ephemeral ports in play. Sure, so these heavy duty programs have to consider the randomness implications already, when picking a port in their pool. Using the kernel and force socket()/bind()/close() in the hope to get random values is safe, but never had been optimal for performance. Note : file structures got RCU freeing back in 2.6.14, and I do not think named users ever complained about added cost ;)
Powered by blists - more mailing lists