git: kernel - Try to fix tcp ISN generator

Matthew Dillon dillon at crater.dragonflybsd.org
Mon Feb 24 15:05:44 PST 2020


commit b1811c4b7d91376599263680fa249a2b0e59818f
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Mon Feb 24 15:00:00 2020 -0800

    kernel - Try to fix tcp ISN generator
    
    * The ISN generator couldn't stand the test of time.  Very fast port
      reuse can catch the destination host inpcb still in a TIME_WAIT
      state and a bad ISN results in the destination ignoring the new SYN.
      The old ISN generator could wind up returning the same sequence
      number for fast reconnects occuring within the same tick.
    
      Reimplement the ISN generator and also make it SMP friendly and
      cache friendly.  Because... it really wasn't before.  Also attempt
      to modernize the monotonic sequence space algorithm, reseed the
      secret every 20 seconds, and make the reseeding non-disruptive to
      sequence space monotonicity.
    
    * Change the TH_SYN + TIME_WAIT state handling.  Generally speaking it
      is inteded that a new SYN when the inpcb is in TIME_WAIT recycle the
      port/address pair and allow the new connection.
    
      The sequence space checks for the TH_SYN may have been too strict.
      Change the check to allow the recycling of the port/address pair
      as long as the SYN has a different sequence number as the previous
      connection.
    
      I believe this is relatively safe since the recycling can only happen
      if the socket is already in a TIME_WAIT state, but consider the code
      still under test.

Summary of changes:
 sys/netinet/tcp_input.c | 38 ++++++++++---------
 sys/netinet/tcp_subr.c  | 99 ++++++++++++++++++++++++++++++++-----------------
 2 files changed, 87 insertions(+), 50 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/b1811c4b7d91376599263680fa249a2b0e59818f


-- 
DragonFly BSD source repository



More information about the Commits mailing list