Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-9]: src/sys/netinet Pull up following revision(s) (requested by c...



details:   https://anonhg.NetBSD.org/src/rev/3e17d76dc33c
branches:  netbsd-9
changeset: 1002200:3e17d76dc33c
user:      martin <martin%NetBSD.org@localhost>
date:      Tue Mar 09 15:54:32 2021 +0000

description:
Pull up following revision(s) (requested by christos in ticket #1229):

        sys/netinet/tcp_subr.c: revision 1.286
        sys/netinet/tcp_timer.c: revision 1.96
        sys/netinet/in_var.h: revision 1.102
        sys/netinet/in_var.h: revision 1.99

Don't increment the iss sequence on each connection because it exposes
information (Amit Klein)

Add some randomness to the iss offset

Use a random IPv4 ID because the shuffling algorithm used before could expose
information (Amit Klein)

mv <sys/cprng.h> include to the kernel portion

diffstat:

 sys/netinet/in_var.h    |  6 ++++--
 sys/netinet/tcp_subr.c  |  6 ++----
 sys/netinet/tcp_timer.c |  7 ++++---
 3 files changed, 10 insertions(+), 9 deletions(-)

diffs (96 lines):

diff -r e1fbbc0ef10d -r 3e17d76dc33c sys/netinet/in_var.h
--- a/sys/netinet/in_var.h      Tue Mar 09 15:47:07 2021 +0000
+++ b/sys/netinet/in_var.h      Tue Mar 09 15:54:32 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: in_var.h,v 1.97 2018/11/29 09:51:20 ozaki-r Exp $      */
+/*     $NetBSD: in_var.h,v 1.97.4.1 2021/03/09 15:54:32 martin Exp $   */
 
 /*-
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -374,6 +374,7 @@
 #ifdef _KERNEL
 
 #include <net/pktqueue.h>
+#include <sys/cprng.h>
 
 extern pktqueue_t *ip_pktq;
 
@@ -461,7 +462,8 @@
 
        if (ip_do_randomid) {
                /* XXX ignore num */
-               return ip_randomid(ip_ids, ia ? ia->ia_idsalt : 0);
+               id = (uint16_t)cprng_fast32();
+               return id ? id : 1;
        }
 
        /* Never allow an IP ID of 0 (detect wrap). */
diff -r e1fbbc0ef10d -r 3e17d76dc33c sys/netinet/tcp_subr.c
--- a/sys/netinet/tcp_subr.c    Tue Mar 09 15:47:07 2021 +0000
+++ b/sys/netinet/tcp_subr.c    Tue Mar 09 15:54:32 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tcp_subr.c,v 1.282.4.2 2021/03/07 19:04:31 martin Exp $        */
+/*     $NetBSD: tcp_subr.c,v 1.282.4.3 2021/03/09 15:54:32 martin Exp $        */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.282.4.2 2021/03/07 19:04:31 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.282.4.3 2021/03/09 15:54:32 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -2220,7 +2220,6 @@
                 * XXX Use `addin'?
                 * XXX TCP_ISSINCR too large to use?
                 */
-               tcp_iss_seq += TCP_ISSINCR;
 #ifdef TCPISS_DEBUG
                printf("ISS hash 0x%08x, ", tcp_iss);
 #endif
@@ -2256,7 +2255,6 @@
                } else {
                        tcp_iss &= TCP_ISS_RANDOM_MASK;
                        tcp_iss += tcp_iss_seq;
-                       tcp_iss_seq += TCP_ISSINCR;
 #ifdef TCPISS_DEBUG
                        printf("ISS %08x\n", tcp_iss);
 #endif
diff -r e1fbbc0ef10d -r 3e17d76dc33c sys/netinet/tcp_timer.c
--- a/sys/netinet/tcp_timer.c   Tue Mar 09 15:47:07 2021 +0000
+++ b/sys/netinet/tcp_timer.c   Tue Mar 09 15:54:32 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tcp_timer.c,v 1.95 2018/05/03 07:13:48 maxv Exp $      */
+/*     $NetBSD: tcp_timer.c,v 1.95.6.1 2021/03/09 15:54:32 martin Exp $        */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,7 +93,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_timer.c,v 1.95 2018/05/03 07:13:48 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_timer.c,v 1.95.6.1 2021/03/09 15:54:32 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -111,6 +111,7 @@
 #include <sys/kernel.h>
 #include <sys/callout.h>
 #include <sys/workqueue.h>
+#include <sys/cprng.h>
 
 #include <net/if.h>
 
@@ -257,7 +258,7 @@
 {
 
        mutex_enter(softnet_lock);
-       tcp_iss_seq += TCP_ISSINCR;                     /* increment iss */
+       tcp_iss_seq += TCP_ISSINCR + (TCP_ISS_RANDOM_MASK & cprng_fast32());
        tcp_now++;                                      /* for timestamps */
        mutex_exit(softnet_lock);
 



Home | Main Index | Thread Index | Old Index