From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>, netdev <netdev@vger.kernel.org>
Subject: Re: [RFC] tcp: randomize TCP source ports
Date: Fri, 8 Nov 2013 15:28:56 +0100 [thread overview]
Message-ID: <20131108142856.GA28330@order.stressinduktion.org> (raw)
In-Reply-To: <1383919418.9412.234.camel@edumazet-glaptop2.roam.corp.google.com>
On Fri, Nov 08, 2013 at 06:03:38AM -0800, Eric Dumazet wrote:
> On Fri, 2013-11-08 at 14:02 +0100, Hannes Frederic Sowa wrote:
>
> > If I understand the code correctly the UDP ports are fully randomized? This
> > is good as per-peer randomization and then incrementation seems to be
> > theoretically broken:
> >
> > <https://sites.google.com/site/hayashulman/files/NIC-derandomisation.pdf>
> >
> > Looking at the code I somehow would like to check the use of net_random there.
> > The prandom function is reseeded as late_initcall and then only seeded by some
> > network addresses.
> >
> > At the time the late_initcall reseeds the PRNG my tests have shown that
> > the nonblockingpool was still not fully initialized where the PRNG gets
> > reseeded from.
> >
> > Hm, I propose a patch which does reseed the pool as soon as the nonblocking
> > pool got credited enough entropy in credit_entropy_bits. This should help
> > later binds().
>
> Or even better have a reseed every XX seconds.
Yes, that's even better.
>
> Something like :
>
> diff --git a/lib/random32.c b/lib/random32.c
> index 52280d5526be..4af2d72281e3 100644
> --- a/lib/random32.c
> +++ b/lib/random32.c
> @@ -60,6 +60,8 @@ u32 prandom_u32_state(struct rnd_state *state)
> }
> EXPORT_SYMBOL(prandom_u32_state);
>
> +static DEFINE_PER_CPU(unsigned long, net_rand_shuffle);
> +
> /**
> * prandom_u32 - pseudo random number generator
> *
> @@ -71,6 +73,19 @@ u32 prandom_u32(void)
> {
> unsigned long r;
> struct rnd_state *state = &get_cpu_var(net_rand_state);
> +
> + if (unlikely(time_after(jiffies, net_rand_shuffle))) {
> + unsigned long delay;
> + u32 entropy;
> +
> + get_random_bytes_arch(&entropy, sizeof(entropy));
What do you think about using a timer to keep the reseed out of fast-path
and switch to the non-arch get_random_bytes instead?
Thanks,
Hannes
next prev parent reply other threads:[~2013-11-08 14:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-08 0:54 [RFC] tcp: randomize TCP source ports Eric Dumazet
2013-11-08 1:07 ` Rick Jones
2013-11-08 2:04 ` Eric Dumazet
2013-11-08 23:26 ` Rick Jones
2013-11-08 23:42 ` Eric Dumazet
2013-11-08 23:57 ` Rick Jones
2013-11-08 13:02 ` Hannes Frederic Sowa
2013-11-08 14:03 ` Eric Dumazet
2013-11-08 14:28 ` Hannes Frederic Sowa [this message]
2013-11-08 15:11 ` Eric Dumazet
2013-11-08 17:39 ` Hannes Frederic Sowa
2013-11-09 4:47 ` Hannes Frederic Sowa
2013-11-09 15:26 ` Loganaden Velvindron
2013-11-09 18:16 ` Daniel Borkmann
2013-11-09 20:54 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131108142856.GA28330@order.stressinduktion.org \
--to=hannes@stressinduktion.org \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox