From: Florian Westphal <fw@strlen.de>
To: Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, fw@strlen.de
Subject: Re: [PATCH 01/12] netfilter: avoid get_random_bytes calls
Date: Mon, 6 Jan 2014 12:54:36 +0100 [thread overview]
Message-ID: <20140106115436.GE28854@breakpoint.cc> (raw)
In-Reply-To: <20140105234157.GB29910@order.stressinduktion.org>
Hannes Frederic Sowa <hannes@stressinduktion.org> wrote:
> On Mon, Jan 06, 2014 at 12:12:55AM +0100, Pablo Neira Ayuso wrote:
> > From: Florian Westphal <fw@strlen.de>
> >
> > All these users need an initial seed value for jhash, prandom is
> > perfectly fine. This avoids draining the entropy pool where
> > its not strictly required.
>
> Secrets protecting hash tables should be rather strong.
Yes, which is why e.g. conntrack hash is not converted.
> prandom_u32() has two seeding points at boot-up. One is at late_initcall.
Yes. None of these locations are executed via initcalls, they are all
in _checkentry (i.e., run when userspace iptables inserts a rule using
the target/match), except hashlimit where its delayed until the first
address is stored (so its even later).
> Thanks to parallel boot-up this gets executed fairly early. The other one is
> when the RNG nonblocking pool is fully initialized. Only after this point we
> can assume prandom_u32() returns truely random values. In between, only
> get_random_bytes or net_get_random_once are safe for use.
Can you elaborate? If entropy estimate is really really low
(because we're booting up), why would get_random_bytes() be a better
choice [ i understand net_get_random_once() is for delaying
the actual random_bytes call until a later point in time where we've
hopefully collected more entropy ]
> To get the impression when prandom_u32 gets truely seeded, watch out
> for the message "random: nonblocking pool is initialized" in dmesg. ;)
It happens very very early on my machine, even before / is remounted
rw. I would be more interested in what happens on small embedded
boxes...
> Hmm, some of them look like good candidates for net_get_random_once. I don't
> see such a problem with draining entropy pool, especially as they don't run
> that early and they don't request so many random bits.
I specifically did not use net_get_random_once once because checkentry is
not a hotpath.
I don't see why get_random_bytes use increases the security margin, especially
considering none of these hashes have periodic run-time rehashing?
But sure, if you think this change is a problem, Pablo can just revert it.
next prev parent reply other threads:[~2014-01-06 11:54 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-05 23:12 [PATCH 00/12] netfilter updates for net-next Pablo Neira Ayuso
2014-01-05 23:12 ` [PATCH 01/12] netfilter: avoid get_random_bytes calls Pablo Neira Ayuso
2014-01-05 23:41 ` Hannes Frederic Sowa
2014-01-06 11:54 ` Florian Westphal [this message]
2014-01-06 12:43 ` Hannes Frederic Sowa
2014-01-06 12:58 ` Pablo Neira Ayuso
2014-01-06 13:04 ` Florian Westphal
2014-01-06 13:06 ` Pablo Neira Ayuso
2014-01-06 13:07 ` Florian Westphal
2014-01-05 23:12 ` [PATCH 02/12] netfilter: ctnetlink: honor CTA_MARK_MASK when setting ctmark Pablo Neira Ayuso
2014-01-05 23:12 ` [PATCH 03/12] netfilter: nfnetlink_queue: enable UID/GID socket info retrieval Pablo Neira Ayuso
2014-01-06 15:32 ` Eric Dumazet
2014-01-06 16:36 ` Pablo Neira Ayuso
2014-01-06 18:36 ` David Miller
2014-01-05 23:12 ` [PATCH 04/12] netfilter: add IPv4/6 IPComp extension match support Pablo Neira Ayuso
2014-01-05 23:12 ` [PATCH 05/12] ipvs: Remove unused variable ret from sync_thread_master() Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 06/12] netfilter: nf_nat: add full port randomization support Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 07/12] netfilter: ipset: remove unused code Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 08/12] netfilter: nf_conntrack: remove dead code Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 09/12] netfilter: xt_CT: fix error value in xt_ct_tg_check() Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 10/12] net: net_cls: move cgroupfs classid handling into core Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 11/12] net: netprio: rename config to be more consistent with cgroup configs Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 12/12] netfilter: x_tables: lightweight process control group matching Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2014-01-05 23:09 [PATCH 00/12] netfilter/IPVS updates for net-next Pablo Neira Ayuso
2014-01-05 23:09 ` [PATCH 01/12] netfilter: avoid get_random_bytes calls Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140106115436.GE28854@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.