Module Name: src
Committed By: martin
Date: Tue Mar 9 15:56:51 UTC 2021
Modified Files:
src/sys/netinet [netbsd-8]: in_var.h tcp_subr.c tcp_timer.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1662):
sys/netinet/tcp_subr.c: revision 1.286
sys/netinet/tcp_timer.c: revision 1.96
sys/netinet/in_var.h: revision 1.102
sys/netinet/in_var.h: revision 1.99
Don't increment the iss sequence on each connection because it exposes
information (Amit Klein)
Add some randomness to the iss offset
Use a random IPv4 ID because the shuffling algorithm used before could expose
information (Amit Klein)
mv <sys/cprng.h> include to the kernel portion
To generate a diff of this commit:
cvs rdiff -u -r1.95 -r1.95.2.1 src/sys/netinet/in_var.h
cvs rdiff -u -r1.270.6.2 -r1.270.6.3 src/sys/netinet/tcp_subr.c
cvs rdiff -u -r1.91.8.1 -r1.91.8.2 src/sys/netinet/tcp_timer.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/in_var.h
diff -u src/sys/netinet/in_var.h:1.95 src/sys/netinet/in_var.h:1.95.2.1
--- src/sys/netinet/in_var.h:1.95 Fri May 12 17:53:54 2017
+++ src/sys/netinet/in_var.h Tue Mar 9 15:56:51 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: in_var.h,v 1.95 2017/05/12 17:53:54 ryo Exp $ */
+/* $NetBSD: in_var.h,v 1.95.2.1 2021/03/09 15:56:51 martin Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -374,6 +374,7 @@ struct in_multi {
#ifdef _KERNEL
#include <net/pktqueue.h>
+#include <sys/cprng.h>
extern pktqueue_t *ip_pktq;
@@ -450,7 +451,8 @@ ip_newid_range(const struct in_ifaddr *i
if (ip_do_randomid) {
/* XXX ignore num */
- return ip_randomid(ip_ids, ia ? ia->ia_idsalt : 0);
+ id = (uint16_t)cprng_fast32();
+ return id ? id : 1;
}
/* Never allow an IP ID of 0 (detect wrap). */
Index: src/sys/netinet/tcp_subr.c
diff -u src/sys/netinet/tcp_subr.c:1.270.6.2 src/sys/netinet/tcp_subr.c:1.270.6.3
--- src/sys/netinet/tcp_subr.c:1.270.6.2 Sun Mar 7 19:13:24 2021
+++ src/sys/netinet/tcp_subr.c Tue Mar 9 15:56:51 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_subr.c,v 1.270.6.2 2021/03/07 19:13:24 martin Exp $ */
+/* $NetBSD: tcp_subr.c,v 1.270.6.3 2021/03/09 15:56:51 martin Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.270.6.2 2021/03/07 19:13:24 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.270.6.3 2021/03/09 15:56:51 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -2301,7 +2301,6 @@ tcp_new_iss1(void *laddr, void *faddr, u
* XXX Use `addin'?
* XXX TCP_ISSINCR too large to use?
*/
- tcp_iss_seq += TCP_ISSINCR;
#ifdef TCPISS_DEBUG
printf("ISS hash 0x%08x, ", tcp_iss);
#endif
@@ -2337,7 +2336,6 @@ tcp_new_iss1(void *laddr, void *faddr, u
} else {
tcp_iss &= TCP_ISS_RANDOM_MASK;
tcp_iss += tcp_iss_seq;
- tcp_iss_seq += TCP_ISSINCR;
#ifdef TCPISS_DEBUG
printf("ISS %08x\n", tcp_iss);
#endif
Index: src/sys/netinet/tcp_timer.c
diff -u src/sys/netinet/tcp_timer.c:1.91.8.1 src/sys/netinet/tcp_timer.c:1.91.8.2
--- src/sys/netinet/tcp_timer.c:1.91.8.1 Sat Feb 3 22:07:26 2018
+++ src/sys/netinet/tcp_timer.c Tue Mar 9 15:56:51 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_timer.c,v 1.91.8.1 2018/02/03 22:07:26 snj Exp $ */
+/* $NetBSD: tcp_timer.c,v 1.91.8.2 2021/03/09 15:56:51 martin Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_timer.c,v 1.91.8.1 2018/02/03 22:07:26 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_timer.c,v 1.91.8.2 2021/03/09 15:56:51 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -111,6 +111,7 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_timer.c,
#include <sys/kernel.h>
#include <sys/callout.h>
#include <sys/workqueue.h>
+#include <sys/cprng.h>
#include <net/if.h>
@@ -261,7 +262,7 @@ tcp_slowtimo_work(struct work *wk, void
{
mutex_enter(softnet_lock);
- tcp_iss_seq += TCP_ISSINCR; /* increment iss */
+ tcp_iss_seq += TCP_ISSINCR + (TCP_ISS_RANDOM_MASK & cprng_fast32());
tcp_now++; /* for timestamps */
mutex_exit(softnet_lock);
