| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200905091611.20321.opurdila@ixiacom.com> Date: Sat, 9 May 2009 16:11:19 +0300 From: Octavian Purdila <opurdila@...acom.com> To: Eric Dumazet <dada1@...mosbay.com> Cc: netdev@...r.kernel.org Subject: Re: ports beeing reused too fast On Saturday 09 May 2009 09:58:25 Eric Dumazet wrote: > > I've looked over the code and it looks right, so maybe net_random() is > > not random enough? Or maybe there are side effects because of the % > > port_range? > > Random is random :) > Probability a port can be reused pretty fast is not nul. > Thinking again about it... you are right :) > So yes, behavior you discovered is expected, when we switched port > selection from a sequential one (not very secure btw) to a random one. > > Any strong reason why a firewall would drop a SYN because ports were used > in a previous session ? We don't know why the firewall (Cisco FWSM) is dropping the packets, may be a bug, limitation or miss-configuration. We are trying to track this down with the firewall vendor. > Previous mode can be restored by application itself, using a bind() before > connect(), if this application knows it has a very high rate of connections > from a particular host to a particular host. (source ports range being > small anyway, so your firewall could complain again) Do you mean bind() with port != 0 ? Because I am already using bind() before connect(). Thanks, tavi -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists