lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1432744246.4060.406.camel@edumazet-glaptop2.roam.corp.google.com>
Date:	Wed, 27 May 2015 09:30:46 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Crestez Dan Leonard <cdleonard@...il.com>
Cc:	netdev@...r.kernel.org
Subject: Re: __inet_hash_connect port_offset parameter

On Wed, 2015-05-27 at 09:18 -0700, Eric Dumazet wrote:
> On Wed, 2015-05-27 at 18:25 +0300, Crestez Dan Leonard wrote:
> > Hello,
> > 
> > I'm confused about the port_offset parameter to __inet_hash_connect.
> > 
> > When allocating the local port for an outgoing TCP connection the port
> > search looks something like this:
> > 
> >     static u32 hint;
> >     u32 offset = hint + port_offset;
> > 
> >     inet_get_local_port_range(net, &low, &high);
> >     remaining = (high - low) + 1;
> > 
> >     for (i = 1; i <= remaining; i++) {
> >         port = low + (i + offset) % remaining;
> >         /* check port is free */
> > 
> > The port_offset is calculated for v4 and v6 based on a hash of src/dst
> > addresses, presumably in order to improve security.
> > 
> > I see a few issues with this:
> >  - The port_offset is calculated even if the local port was already
> > assigned via bind. This wastes a few cycles.
> 
> OK. Not a big deal I guess.

Patch for IPv4 would be :

diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 185efef0f1251ba9d45fabb3ed51777a8be097a6..be4bac368b6bfb8a1eca429cce415da99adc5515 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -594,7 +594,11 @@ out:
 int inet_hash_connect(struct inet_timewait_death_row *death_row,
 		      struct sock *sk)
 {
-	return __inet_hash_connect(death_row, sk, inet_sk_port_offset(sk),
+	u32 port_offset = 0;
+
+	if (!inet_sk(sk)->inet_num)
+		port_offset = inet_sk_port_offset(sk);
+	return __inet_hash_connect(death_row, sk, port_offset,
 				   __inet_check_established);
 }
 EXPORT_SYMBOL_GPL(inet_hash_connect);


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ