From: Florian Westphal <fw@strlen.de>
To: Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, fw@strlen.de
Subject: Re: [PATCH 01/12] netfilter: avoid get_random_bytes calls
Date: Mon, 6 Jan 2014 12:54:36 +0100 [thread overview]
Message-ID: <20140106115436.GE28854@breakpoint.cc> (raw)
In-Reply-To: <20140105234157.GB29910@order.stressinduktion.org>
Hannes Frederic Sowa <hannes@stressinduktion.org> wrote:
> On Mon, Jan 06, 2014 at 12:12:55AM +0100, Pablo Neira Ayuso wrote:
> > From: Florian Westphal <fw@strlen.de>
> >
> > All these users need an initial seed value for jhash, prandom is
> > perfectly fine. This avoids draining the entropy pool where
> > its not strictly required.
>
> Secrets protecting hash tables should be rather strong.
Yes, which is why e.g. conntrack hash is not converted.
> prandom_u32() has two seeding points at boot-up. One is at late_initcall.
Yes. None of these locations are executed via initcalls, they are all
in _checkentry (i.e., run when userspace iptables inserts a rule using
the target/match), except hashlimit where its delayed until the first
address is stored (so its even later).
> Thanks to parallel boot-up this gets executed fairly early. The other one is
> when the RNG nonblocking pool is fully initialized. Only after this point we
> can assume prandom_u32() returns truely random values. In between, only
> get_random_bytes or net_get_random_once are safe for use.
Can you elaborate? If entropy estimate is really really low
(because we're booting up), why would get_random_bytes() be a better
choice [ i understand net_get_random_once() is for delaying
the actual random_bytes call until a later point in time where we've
hopefully collected more entropy ]
> To get the impression when prandom_u32 gets truely seeded, watch out
> for the message "random: nonblocking pool is initialized" in dmesg. ;)
It happens very very early on my machine, even before / is remounted
rw. I would be more interested in what happens on small embedded
boxes...
> Hmm, some of them look like good candidates for net_get_random_once. I don't
> see such a problem with draining entropy pool, especially as they don't run
> that early and they don't request so many random bits.
I specifically did not use net_get_random_once once because checkentry is
not a hotpath.
I don't see why get_random_bytes use increases the security margin, especially
considering none of these hashes have periodic run-time rehashing?
But sure, if you think this change is a problem, Pablo can just revert it.
next prev parent reply other threads:[~2014-01-06 11:54 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-05 23:12 [PATCH 00/12] netfilter updates for net-next Pablo Neira Ayuso
2014-01-05 23:12 ` [PATCH 01/12] netfilter: avoid get_random_bytes calls Pablo Neira Ayuso
2014-01-05 23:41 ` Hannes Frederic Sowa
2014-01-06 11:54 ` Florian Westphal [this message]
2014-01-06 12:43 ` Hannes Frederic Sowa
2014-01-06 12:58 ` Pablo Neira Ayuso
2014-01-06 13:04 ` Florian Westphal
2014-01-06 13:06 ` Pablo Neira Ayuso
2014-01-06 13:07 ` Florian Westphal
2014-01-05 23:12 ` [PATCH 02/12] netfilter: ctnetlink: honor CTA_MARK_MASK when setting ctmark Pablo Neira Ayuso
2014-01-05 23:12 ` [PATCH 03/12] netfilter: nfnetlink_queue: enable UID/GID socket info retrieval Pablo Neira Ayuso
2014-01-06 15:32 ` Eric Dumazet
2014-01-06 16:36 ` Pablo Neira Ayuso
2014-01-06 18:36 ` David Miller
2014-01-05 23:12 ` [PATCH 04/12] netfilter: add IPv4/6 IPComp extension match support Pablo Neira Ayuso
2014-01-05 23:12 ` [PATCH 05/12] ipvs: Remove unused variable ret from sync_thread_master() Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 06/12] netfilter: nf_nat: add full port randomization support Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 07/12] netfilter: ipset: remove unused code Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 08/12] netfilter: nf_conntrack: remove dead code Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 09/12] netfilter: xt_CT: fix error value in xt_ct_tg_check() Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 10/12] net: net_cls: move cgroupfs classid handling into core Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 11/12] net: netprio: rename config to be more consistent with cgroup configs Pablo Neira Ayuso
2014-01-05 23:13 ` [PATCH 12/12] netfilter: x_tables: lightweight process control group matching Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2014-01-05 23:09 [PATCH 00/12] netfilter/IPVS updates for net-next Pablo Neira Ayuso
2014-01-05 23:09 ` [PATCH 01/12] netfilter: avoid get_random_bytes calls Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140106115436.GE28854@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).