From: David Miller <davem@davemloft.net>
To: dada1@cosmosbay.com
Cc: nikb@webmaster.com, netdev@vger.kernel.org
Subject: Re: RFC: Established connections hash function
Date: Fri, 23 Mar 2007 00:11:26 -0700 (PDT) [thread overview]
Message-ID: <20070323.001126.40983698.davem@davemloft.net> (raw)
In-Reply-To: <4602FD18.7060902@cosmosbay.com>
From: Eric Dumazet <dada1@cosmosbay.com>
Date: Thu, 22 Mar 2007 23:03:04 +0100
> David Miller a écrit :
> > From: "Nikolaos D. Bougalis" <nikb@webmaster.com>
> > Date: Thu, 22 Mar 2007 12:44:09 -0700
> >
> >> People _have_ had problems. _I_ have had problems. And when
> >> someone with a few thousand drones under his control hoses your
> >> servers because he can do math and he leaves you with 20000-item
> >> long chains, _you_ will have problems.
> >
> > No need to further argue this point, the people that matter
> > (ie. me :-) understand it, don't worry..
>
> Yes, I recall having one big server hit two years ago by an attack on tcp hash
> function. David sent me the patch to use jhash. It's performing well :)
>
> Welcome to the club :)
Ok, how about we put something like the following into 2.6.21?
I'm not looking for the hash perfectionist analysis, please bug the
heck off if that's what your reply is going to be about, don't bother
hitting the reply button I will ignore you.
I want to hear instead if this makes attackability markedly _HARDER_
than what we have now and I am sure beyond a shadow of a doubt that it
does.
The secret is inialized when the first ehash-using socket is created,
that's not perfect (bug off!) but it's better than doing the
initialization in inet_init() or {tcp,dccp}_init() as we'll have a
chance of at least some entropy when that first such socket is
created. We definitely can't do it for the first AF_INET socket
creation, because icmp creates a bunch of SOCK_RAW inet sockets at
init time which would defeat the whole purpose of deferring this. :)
Thanks.
diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h
index c28e424..668056b 100644
--- a/include/net/inet6_hashtables.h
+++ b/include/net/inet6_hashtables.h
@@ -19,6 +19,9 @@
#include <linux/in6.h>
#include <linux/ipv6.h>
#include <linux/types.h>
+#include <linux/jhash.h>
+
+#include <net/inet_sock.h>
#include <net/ipv6.h>
@@ -28,12 +31,11 @@ struct inet_hashinfo;
static inline unsigned int inet6_ehashfn(const struct in6_addr *laddr, const u16 lport,
const struct in6_addr *faddr, const __be16 fport)
{
- unsigned int hashent = (lport ^ (__force u16)fport);
+ u32 ports = (lport ^ (__force u16)fport);
- hashent ^= (__force u32)(laddr->s6_addr32[3] ^ faddr->s6_addr32[3]);
- hashent ^= hashent >> 16;
- hashent ^= hashent >> 8;
- return hashent;
+ return jhash_3words((__force u32)laddr->s6_addr32[3],
+ (__force u32)faddr->s6_addr32[3],
+ ports, inet_ehash_secret);
}
static inline int inet6_sk_ehashfn(const struct sock *sk)
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h
index ce6da97..62daf21 100644
--- a/include/net/inet_sock.h
+++ b/include/net/inet_sock.h
@@ -19,6 +19,7 @@
#include <linux/string.h>
#include <linux/types.h>
+#include <linux/jhash.h>
#include <net/flow.h>
#include <net/sock.h>
@@ -167,13 +168,15 @@ static inline void inet_sk_copy_descendant(struct sock *sk_to,
extern int inet_sk_rebuild_header(struct sock *sk);
+extern u32 inet_ehash_secret;
+extern void build_ehash_secret(void);
+
static inline unsigned int inet_ehashfn(const __be32 laddr, const __u16 lport,
const __be32 faddr, const __be16 fport)
{
- unsigned int h = ((__force __u32)laddr ^ lport) ^ ((__force __u32)faddr ^ (__force __u32)fport);
- h ^= h >> 16;
- h ^= h >> 8;
- return h;
+ return jhash_2words((__force __u32) laddr ^ (__force __u32) faddr,
+ ((__u32) lport) << 16 | (__force __u32)fport,
+ inet_ehash_secret);
}
static inline int inet_sk_ehashfn(const struct sock *sk)
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index cf358c8..308318a 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -87,6 +87,7 @@
#include <linux/init.h>
#include <linux/poll.h>
#include <linux/netfilter_ipv4.h>
+#include <linux/random.h>
#include <asm/uaccess.h>
#include <asm/system.h>
@@ -217,6 +218,16 @@ out:
return err;
}
+u32 inet_ehash_secret;
+EXPORT_SYMBOL(inet_ehash_secret);
+
+void build_ehash_secret(void)
+{
+ while (!inet_ehash_secret)
+ get_random_bytes(&inet_ehash_secret, 4);
+}
+EXPORT_SYMBOL(build_ehash_secret);
+
/*
* Create an inet socket.
*/
@@ -233,6 +244,11 @@ static int inet_create(struct socket *sock, int protocol)
int try_loading_module = 0;
int err;
+ if (sock->type != SOCK_RAW &&
+ sock->type != SOCK_DGRAM &&
+ !inet_ehash_secret)
+ build_ehash_secret();
+
sock->state = SS_UNCONNECTED;
/* Look for the requested type/protocol pair. */
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 5cac14a..0de723f 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -98,6 +98,11 @@ static int inet6_create(struct socket *sock, int protocol)
int try_loading_module = 0;
int err;
+ if (sock->type != SOCK_RAW &&
+ sock->type != SOCK_DGRAM &&
+ !inet_ehash_secret)
+ build_ehash_secret();
+
/* Look for the requested type/protocol pair. */
answer = NULL;
lookup_protocol:
next prev parent reply other threads:[~2007-03-23 7:11 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-22 15:39 RFC: Established connections hash function Nikolaos D. Bougalis
2007-03-22 15:52 ` Evgeniy Polyakov
2007-03-22 17:32 ` Nikolaos D. Bougalis
2007-03-22 18:21 ` Evgeniy Polyakov
2007-03-22 19:44 ` Nikolaos D. Bougalis
2007-03-22 19:56 ` Evgeniy Polyakov
2007-03-22 20:53 ` Nikolaos D. Bougalis
2007-03-23 7:52 ` Evgeniy Polyakov
2007-03-22 20:58 ` David Miller
2007-03-22 22:03 ` Eric Dumazet
2007-03-23 7:11 ` David Miller [this message]
2007-03-23 8:00 ` Eric Dumazet
2007-03-23 18:46 ` David Miller
2007-03-23 8:07 ` Evgeniy Polyakov
2007-03-23 8:17 ` Eric Dumazet
2007-03-23 8:33 ` Evgeniy Polyakov
2007-03-23 9:10 ` Evgeniy Polyakov
2007-03-23 11:58 ` XOR hash beauty solved [Was: RFC: Established connections hash function] Evgeniy Polyakov
2007-03-23 12:51 ` Nikolaos D. Bougalis
2007-03-23 12:45 ` RFC: Established connections hash function Nikolaos D. Bougalis
2007-03-27 14:11 ` Andi Kleen
2007-03-28 5:01 ` Nikolaos D. Bougalis
2007-03-28 6:29 ` David Miller
2007-03-28 9:29 ` Andi Kleen
2007-03-28 10:45 ` Evgeniy Polyakov
2007-03-28 14:14 ` Andi Kleen
2007-03-28 13:50 ` Eric Dumazet
2007-03-28 14:52 ` Andi Kleen
2007-03-29 9:18 ` Evgeniy Polyakov
2007-03-28 14:17 ` RFC: Established connections hash function II Andi Kleen
2007-03-28 19:04 ` RFC: Established connections hash function David Miller
2007-03-28 20:12 ` Andi Kleen
-- strict thread matches above, loose matches on Subject: below --
2007-03-24 12:26 linux
2007-03-24 13:29 ` Evgeniy Polyakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070323.001126.40983698.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=dada1@cosmosbay.com \
--cc=netdev@vger.kernel.org \
--cc=nikb@webmaster.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).