From: "David S. Miller" <davem@redhat.com>
To: c-d.hailfinger.kernel.2003@gmx.net
Cc: fw@deneb.enyo.de, linux-kernel@vger.kernel.org,
kuznet@ms2.inr.ac.ru, hadi@cyberus.ca, robert.olsson@data.slu.se
Subject: Re: must-fix list for 2.6.0
Date: Fri, 02 May 2003 14:14:15 -0700 (PDT) [thread overview]
Message-ID: <20030502.141415.59652168.davem@redhat.com> (raw)
In-Reply-To: <3EB29CC8.1030305@gmx.net>
From: Carl-Daniel Hailfinger <c-d.hailfinger.kernel.2003@gmx.net>
Date: Fri, 02 May 2003 18:28:56 +0200
David S. Miller wrote:
>>Shall I post the exploit?
>
> You can't expect us to act on anything based upon vague references
> to "dst cache DoS" and things like that.
http://marc.theaimsgroup.com/?l=linux-kernel&m=104956079213417
Yes, that thing. We're working on a fix.
And, please, don't be silly wrt. exploit posting. One exists
publicly for some time, just google for juno-z.101f.c All the
script kiddies know where this thing is and what it does. So if you
have something better, just post it.
Current patch looks something like this (there will be changes):
--- net/ipv4/route.c.~1~ Thu May 1 06:18:00 2003
+++ net/ipv4/route.c Thu May 1 10:30:13 2003
@@ -194,19 +194,46 @@ struct rt_hash_bucket {
static struct rt_hash_bucket *rt_hash_table;
static unsigned rt_hash_mask;
static int rt_hash_log;
+static unsigned int rt_hash_rnd;
struct rt_cache_stat rt_cache_stat[NR_CPUS];
static int rt_intern_hash(unsigned hash, struct rtable *rth,
struct rtable **res);
-static __inline__ unsigned rt_hash_code(u32 daddr, u32 saddr, u8 tos)
+/* This bit mixing code is by Bob Jenkins. He has a great set of documents
+ * about hash function analysis at:
+ *
+ * http://burtleburtle.net/bob/hash/
+ */
+
+#define __mix(a, b, c) \
+{ \
+ a -= b; a -= c; a ^= (c>>13); \
+ b -= c; b -= a; b ^= (a<<8); \
+ c -= a; c -= b; c ^= (b>>13); \
+ a -= b; a -= c; a ^= (c>>12); \
+ b -= c; b -= a; b ^= (a<<16); \
+ c -= a; c -= b; c ^= (b>>5); \
+ a -= b; a -= c; a ^= (c>>3); \
+ b -= c; b -= a; b ^= (a<<10); \
+ c -= a; c -= b; c ^= (b>>15); \
+}
+
+static unsigned int rt_hash_code(u32 daddr, u32 saddr, u8 tos)
{
- unsigned hash = ((daddr & 0xF0F0F0F0) >> 4) |
- ((daddr & 0x0F0F0F0F) << 4);
- hash ^= saddr ^ tos;
- hash ^= (hash >> 16);
- return (hash ^ (hash >> 8)) & rt_hash_mask;
+ u32 a, b, c;
+
+ a = b = 0x9e3779b9;
+ c = rt_hash_rnd;
+
+ a += daddr;
+ b += saddr;
+ c += (u32) tos;
+
+ __mix(a, b, c);
+
+ return (c & rt_hash_mask);
}
static int rt_cache_get_info(char *buffer, char **start, off_t offset,
@@ -2461,6 +2488,9 @@ static int ip_rt_acct_read(char *buffer,
void __init ip_rt_init(void)
{
int i, order, goal;
+
+ rt_hash_rnd = (int) ((num_physpages ^ (num_physpages>>8)) ^
+ (jiffies ^ (jiffies >> 7)));
#ifdef CONFIG_NET_CLS_ROUTE
for (order = 0;
--- net/ipv4/netfilter/ip_conntrack_core.c.~1~ Thu May 1 09:24:17 2003
+++ net/ipv4/netfilter/ip_conntrack_core.c Thu May 1 16:48:57 2003
@@ -104,20 +104,45 @@ ip_conntrack_put(struct ip_conntrack *ct
nf_conntrack_put(&ct->infos[0]);
}
-static inline u_int32_t
+/* This bit mixing code is by Bob Jenkins. He has a great set of documents
+ * about hash function analysis at:
+ *
+ * http://burtleburtle.net/bob/hash/
+ */
+
+#define __mix(a, b, c) \
+{ \
+ a -= b; a -= c; a ^= (c>>13); \
+ b -= c; b -= a; b ^= (a<<8); \
+ c -= a; c -= b; c ^= (b>>13); \
+ a -= b; a -= c; a ^= (c>>12); \
+ b -= c; b -= a; b ^= (a<<16); \
+ c -= a; c -= b; c ^= (b>>5); \
+ a -= b; a -= c; a ^= (c>>3); \
+ b -= c; b -= a; b ^= (a<<10); \
+ c -= a; c -= b; c ^= (b>>15); \
+}
+
+static int ip_conntrack_hash_rnd;
+
+static u_int32_t
hash_conntrack(const struct ip_conntrack_tuple *tuple)
{
+ unsigned int a, b, c;
+
#if 0
dump_tuple(tuple);
#endif
- /* ntohl because more differences in low bits. */
- /* To ensure that halves of the same connection don't hash
- clash, we add the source per-proto again. */
- return (ntohl(tuple->src.ip + tuple->dst.ip
- + tuple->src.u.all + tuple->dst.u.all
- + tuple->dst.protonum)
- + ntohs(tuple->src.u.all))
- % ip_conntrack_htable_size;
+ a = b = 0x9e3779b9;
+ c = ip_conntrack_hash_rnd;
+
+ a += tuple->src.ip;
+ b += (tuple->dst.ip ^ tuple->dst.protonum);
+ c += (tuple->src.u.all | (tuple->dst.u.all << 16));
+
+ __mix(a, b, c);
+
+ return (c % ip_conntrack_htable_size);
}
inline int
@@ -1411,6 +1436,9 @@ int __init ip_conntrack_init(void)
{
unsigned int i;
int ret;
+
+ ip_conntrack_hash_rnd = (int) ((num_physpages ^ (num_physpages>>8)) ^
+ (jiffies ^ (jiffies >> 7)));
/* Idea from tcp.c: use 1/16384 of memory. On i386: 32MB
* machine has 256 buckets. >= 1GB machines have 8192 buckets. */
next prev parent reply other threads:[~2003-05-02 22:08 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030429231009$1e6b@gated-at.bofh.it>
2003-04-30 4:55 ` must-fix list for 2.6.0 Florian Weimer
2003-04-30 10:18 ` Maciej Soltysiak
2003-05-01 11:24 ` David S. Miller
2003-05-01 11:27 ` Florian Weimer
2003-05-01 12:03 ` David S. Miller
2003-05-01 12:05 ` David S. Miller
2003-05-02 16:28 ` Carl-Daniel Hailfinger
2003-05-02 21:14 ` David S. Miller [this message]
[not found] <20030429155731.07811707.akpm@digeo.com.suse.lists.linux.kernel>
2003-04-30 1:36 ` Andi Kleen
2003-04-30 18:09 ` Pavel Machek
2003-04-30 18:15 ` Andi Kleen
2003-04-30 19:11 ` Pavel Machek
2003-04-29 22:57 Andrew Morton
2003-04-29 23:22 ` John Bradford
2003-04-29 23:37 ` Andrew Morton
2003-04-30 3:19 ` William Lee Irwin III
2003-04-30 4:45 ` Andrew Morton
2003-04-30 4:52 ` William Lee Irwin III
2003-05-01 4:32 ` William Lee Irwin III
2003-04-30 8:30 ` Benjamin Herrenschmidt
2003-04-30 10:16 ` Maciej Soltysiak
2003-04-30 19:11 ` Andrew Morton
2003-04-30 23:11 ` Rick Lindsley
2003-04-30 23:21 ` Andrew Morton
2003-04-30 23:47 ` viro
2003-04-30 23:59 ` Andrew Morton
2003-05-01 6:27 ` Christoph Hellwig
2003-05-01 5:49 ` Shawn
2003-05-01 10:14 ` Christoph Hellwig
2003-05-01 9:47 ` Alan Cox
2003-05-01 15:44 ` Robert Love
2003-05-01 0:09 ` Robert Love
2003-05-01 0:51 ` Gerrit Huizenga
2003-05-01 5:40 ` Dave Hansen
2003-05-01 11:57 ` Bill Huey
2003-04-30 23:53 ` Robert Love
2003-05-01 8:36 ` Arjan van de Ven
2003-05-01 8:42 ` Andrew Morton
2003-05-01 8:47 ` Arjan van de Ven
2003-04-30 23:41 ` Robert Love
2003-05-01 16:50 ` Hubertus Franke
2003-05-01 3:21 ` Mike Galbraith
2003-05-01 6:26 ` Mike Galbraith
2003-05-01 14:33 ` Christoph Hellwig
2003-05-01 18:42 ` Andrew Morton
2003-05-01 18:47 ` Christoph Hellwig
2003-05-02 1:57 ` Andreas Boman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030502.141415.59652168.davem@redhat.com \
--to=davem@redhat.com \
--cc=c-d.hailfinger.kernel.2003@gmx.net \
--cc=fw@deneb.enyo.de \
--cc=hadi@cyberus.ca \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=robert.olsson@data.slu.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox