Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-8]: src/sys/netinet Pull up following revision(s) (requested by c...



details:   https://anonhg.NetBSD.org/src/rev/a876a547f5b6
branches:  netbsd-8
changeset: 953463:a876a547f5b6
user:      martin <martin%NetBSD.org@localhost>
date:      Tue Mar 09 15:56:51 2021 +0000

description:
Pull up following revision(s) (requested by christos in ticket #1662):

        sys/netinet/tcp_subr.c: revision 1.286
        sys/netinet/tcp_timer.c: revision 1.96
        sys/netinet/in_var.h: revision 1.102
        sys/netinet/in_var.h: revision 1.99

Don't increment the iss sequence on each connection because it exposes
information (Amit Klein)

Add some randomness to the iss offset

Use a random IPv4 ID because the shuffling algorithm used before could expose
information (Amit Klein)

mv <sys/cprng.h> include to the kernel portion

diffstat:

 sys/netinet/in_var.h    |  6 ++++--
 sys/netinet/tcp_subr.c  |  6 ++----
 sys/netinet/tcp_timer.c |  7 ++++---
 3 files changed, 10 insertions(+), 9 deletions(-)

diffs (96 lines):

diff -r d8e9c4b7998a -r a876a547f5b6 sys/netinet/in_var.h
--- a/sys/netinet/in_var.h      Sun Mar 07 19:14:54 2021 +0000
+++ b/sys/netinet/in_var.h      Tue Mar 09 15:56:51 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: in_var.h,v 1.95 2017/05/12 17:53:54 ryo Exp $  */
+/*     $NetBSD: in_var.h,v 1.95.2.1 2021/03/09 15:56:51 martin Exp $   */
 
 /*-
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -374,6 +374,7 @@
 #ifdef _KERNEL
 
 #include <net/pktqueue.h>
+#include <sys/cprng.h>
 
 extern pktqueue_t *ip_pktq;
 
@@ -450,7 +451,8 @@
 
        if (ip_do_randomid) {
                /* XXX ignore num */
-               return ip_randomid(ip_ids, ia ? ia->ia_idsalt : 0);
+               id = (uint16_t)cprng_fast32();
+               return id ? id : 1;
        }
 
        /* Never allow an IP ID of 0 (detect wrap). */
diff -r d8e9c4b7998a -r a876a547f5b6 sys/netinet/tcp_subr.c
--- a/sys/netinet/tcp_subr.c    Sun Mar 07 19:14:54 2021 +0000
+++ b/sys/netinet/tcp_subr.c    Tue Mar 09 15:56:51 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tcp_subr.c,v 1.270.6.2 2021/03/07 19:13:24 martin Exp $        */
+/*     $NetBSD: tcp_subr.c,v 1.270.6.3 2021/03/09 15:56:51 martin Exp $        */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.270.6.2 2021/03/07 19:13:24 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.270.6.3 2021/03/09 15:56:51 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -2301,7 +2301,6 @@
                 * XXX Use `addin'?
                 * XXX TCP_ISSINCR too large to use?
                 */
-               tcp_iss_seq += TCP_ISSINCR;
 #ifdef TCPISS_DEBUG
                printf("ISS hash 0x%08x, ", tcp_iss);
 #endif
@@ -2337,7 +2336,6 @@
                } else {
                        tcp_iss &= TCP_ISS_RANDOM_MASK;
                        tcp_iss += tcp_iss_seq;
-                       tcp_iss_seq += TCP_ISSINCR;
 #ifdef TCPISS_DEBUG
                        printf("ISS %08x\n", tcp_iss);
 #endif
diff -r d8e9c4b7998a -r a876a547f5b6 sys/netinet/tcp_timer.c
--- a/sys/netinet/tcp_timer.c   Sun Mar 07 19:14:54 2021 +0000
+++ b/sys/netinet/tcp_timer.c   Tue Mar 09 15:56:51 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tcp_timer.c,v 1.91.8.1 2018/02/03 22:07:26 snj Exp $   */
+/*     $NetBSD: tcp_timer.c,v 1.91.8.2 2021/03/09 15:56:51 martin Exp $        */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,7 +93,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_timer.c,v 1.91.8.1 2018/02/03 22:07:26 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_timer.c,v 1.91.8.2 2021/03/09 15:56:51 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -111,6 +111,7 @@
 #include <sys/kernel.h>
 #include <sys/callout.h>
 #include <sys/workqueue.h>
+#include <sys/cprng.h>
 
 #include <net/if.h>
 
@@ -261,7 +262,7 @@
 {
 
        mutex_enter(softnet_lock);
-       tcp_iss_seq += TCP_ISSINCR;                     /* increment iss */
+       tcp_iss_seq += TCP_ISSINCR + (TCP_ISS_RANDOM_MASK & cprng_fast32());
        tcp_now++;                                      /* for timestamps */
        mutex_exit(softnet_lock);
 



Home | Main Index | Thread Index | Old Index