| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200912171716.56066.opurdila@ixiacom.com> Date: Thu, 17 Dec 2009 17:16:55 +0200 From: Octavian Purdila <opurdila@...acom.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Lucian Adrian Grijincu <lgrijincu@...acom.com>, netdev@...r.kernel.org Subject: Re: [RFC 1/2] udp: add non-linear uniform port allocation scheme option /proc/sys/net/ipv4/udp_port_randomization On Thursday 17 December 2009 16:07:55 you wrote: > Le 16/12/2009 20:24, Lucian Adrian Grijincu a écrit : > > When we allocate ports with a (really) high frequency, randomization > > does more harm as some values tend to repeat with a higher frequency > > than they would if allocated uniformly, while others are selected more > > rarely. > > > > This patch does not allocate ports linearly as older kernels used to do, > > but it allocates the port with an uniform frequency. > > > > For example: assuming UDP_HTABLE_SIZE=8, hint=3, low=0, high=32 > > > > This leads to: > >> first=3, last=3+8=11, rand=(1 | 1) * UDP_HTABLE_SIZE=8 > > > > The port selection code is similar to: > >> for first in [3..11): > >> snum = first > >> do if (!good(snum)) snum+=8 while(snum!=first) > > > > Will give the following sequence for snum (skipping `modulo 32` for > > brevity) > > 3, 3+8, 3+8+8, 3+8+8+8, > > 4, 4+8, 4+8+8, 4+8+8+8, > > ... > > 9, 9+8, 9+8+8, 9+8+8+8, > > 10, 10+8, 10+8+8, 10+8+8+8, > > > > This will generate all numbers in the [low..high) interval with the > > same frequency. This leads to better performance when most ports are > > already allocated. > > > > Randomization is still enabled by default for normal setups that will > > most likely not encounter such situations. > > I dont like this patch, I am not convinced at all by your example. > > Your example is flawed, since UDP_HTABLE_SIZE >= 128 (128 is the minimum > hash size) > > I cannot understand why chosing a "one" increment instead of a "random odd" > increment can give a more uniform allocation frequency. > > If port randomization is not good enough, please make it better, not > reverting to plain sequential old behavior... (your application can do its > own port allocation by the way) > Thanks for reviewing Eric. In this thread http://kerneltrap.org/mailarchive/linux-netdev/2009/5/8/5667204 (ports being reused too fast) Stephen observed that port randomization effects on same port allocation frequency are explained by the birthday paradox. The RFC suggesting port randomization recognizes this issue and suggest a way to overcome it, but on a first glance it looks expensive. Adding a sysctl to sequencial port allocation might not be the best option, but we thought of kicking the discussion about this issue with this patch. > BTW, net-next-2.6 is not yet open, this is not the right time to submit non > bug fixes patches. Yes, we know that, but we are still learning the details. For instance, should we refrain from sending RFC patches (as in patches we are not sure that are right and want to get early feedback on) as well during the merge window? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists