Subject: kern/4226: make initial TCP port a little random
To: None <gnats-bugs@gnats.netbsd.org>
From: Michael C. Richardson <mcr@sandelman.ottawa.on.ca>
List: netbsd-bugs
Date: 10/06/1997 12:27:30
>Number: 4226
>Category: kern
>Synopsis: first TCP port is always 1025, which may be old.
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Oct 6 09:35:02 1997
>Last-Modified:
>Originator: Michael C. Richardson
>Organization:
:!mcr!: | Network security programming, currently
Michael Richardson | on contract with SSH IPSEC (http://www.ssh.fi/)
WWW: mcr@sandelman.ottawa.on.ca. PGP key available.
>Release: 1.2
>Environment:
System: NetBSD istari.sandelman.ottawa.on.ca 1.2G NetBSD 1.2G (SSW) #2: Sat Oct 4 00:21:22 EDT 1997 mcr@istari.sandelman.ottawa.on.ca:/j/netbsd/src/sys/arch/i386/compile/SSW i386
Architecture: i386
>Description:
If a machine reboots quickly, or often (kernel development), its first
TCP connection outbound may wind up duplicating an existing
(and not yet dead) TCP connection's port numbers.
>How-To-Repeat:
boot machine to single user mode, ssh to host A.
hit the reset button, boot machine to single user mode,
ssh to host A again.
>Fix:
Note: this fix solves the case when you use ssh with
FallBackToRsh set to false, since otherwise SSH uses
bindresvport(), which does its own port allocation. A fix to
bindresvport() may also be valuable.
*** /w/netbsd/src/sys/netinet/in_pcb.c Tue Sep 23 07:35:07 1997
--- /usr/src/sys/netinet/in_pcb.c Sun Oct 5 21:02:05 1997
***************
*** 46,51 ****
--- 46,52 ----
#include <sys/errno.h>
#include <sys/time.h>
#include <sys/proc.h>
+ #include <sys/kernel.h>
#include <net/if.h>
#include <net/route.h>
***************
*** 82,88 ****
hashinit(bindhashsize, M_PCB, &table->inpt_bindhash);
table->inpt_connecthashtbl =
hashinit(connecthashsize, M_PCB, &table->inpt_connecthash);
! table->inpt_lastport = IPPORT_RESERVED;
}
int
--- 83,91 ----
hashinit(bindhashsize, M_PCB, &table->inpt_bindhash);
table->inpt_connecthashtbl =
hashinit(connecthashsize, M_PCB, &table->inpt_connecthash);
!
! /* ramdomize just a bit */
! table->inpt_lastport = IPPORT_RESERVED+(boottime.tv_sec & 0xfff);
}
int
>Audit-Trail:
>Unformatted: