korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 12:28:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

udp: Improve port randomization

Browse Source 
Current UDP port allocation is suboptimal.
We select the shortest chain to chose a port (out of 512)
that will hash in this shortest chain.

First, it can lead to give not so ramdom ports and ease
give attackers more opportunities to break the system.

Second, it can consume a lot of CPU to scan all table
in order to find the shortest chain.

Third, in some pathological cases we can fail to find
a free port even if they are plenty of them.

This patch zap the search for a short chain and only
use one random seed. Problem of getting long chains
should be addressed in another way, since we can
obtain long chains with non random ports.

Based on a report and patch from Vitaly Mayatskikh

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Dumazet 2008-10-08 11:44:17 -07:00 committed by David S. Miller
parent 53e9150349
commit 9088c56095
1 changed files with 12 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
net/ipv4/udp.c
View File

@ -155,55 +155,23 @@ int udp_lib_get_port(struct sock *sk, unsigned short snum,
write_lock_bh(&udp_hash_lock);
if (!snum) {
int i, low, high, remaining;
unsigned rover, best, best_size_so_far;
int low, high, remaining;
unsigned rand;
unsigned short first;
inet_get_local_port_range(&low, &high);
remaining = (high - low) + 1;
best_size_so_far = UINT_MAX;
best = rover = net_random() % remaining + low;
/* 1st pass: look for empty (or shortest) hash chain */
for (i = 0; i < UDP_HTABLE_SIZE; i++) {
int size = 0;
head = &udptable[udp_hashfn(net, rover)];
if (hlist_empty(head))
goto gotit;
sk_for_each(sk2, node, head) {
if (++size >= best_size_so_far)
goto next;
}
best_size_so_far = size;
best = rover;
next:
/* fold back if end of range */
if (++rover > high)
rover = low + ((rover - low)
& (UDP_HTABLE_SIZE - 1));
rand = net_random();
snum = first = rand % remaining + low;
rand |= 1;
while (__udp_lib_lport_inuse(net, snum, udptable)) {
do {
snum = snum + rand;
} while (snum < low || snum > high);
if (snum == first)
goto fail;
}
/* 2nd pass: find hole in shortest hash chain */
rover = best;
for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) {
if (! __udp_lib_lport_inuse(net, rover, udptable))
goto gotit;
rover += UDP_HTABLE_SIZE;
if (rover > high)
rover = low + ((rover - low)
& (UDP_HTABLE_SIZE - 1));
}
/* All ports in use! */
goto fail;
gotit:
snum = rover;
} else {
head = &udptable[udp_hashfn(net, snum)];