git: DragonFly_RELEASE_5_8 kernel - Try to fix tcp ISN generator
Matthew Dillon
dillon at crater.dragonflybsd.org
Mon Feb 24 16:57:06 PST 2020
commit a91b933cce9ff09aeb3a2d9b746276db3c1be364
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Mon Feb 24 15:00:00 2020 -0800
kernel - Try to fix tcp ISN generator
* The ISN generator couldn't stand the test of time. Very fast port
reuse can catch the destination host inpcb still in a TIME_WAIT
state and a bad ISN results in the destination ignoring the new SYN.
The old ISN generator could wind up returning the same sequence
number for fast reconnects occuring within the same tick.
Reimplement the ISN generator and also make it SMP friendly and
cache friendly. Because... it really wasn't before. Also attempt
to modernize the monotonic sequence space algorithm, reseed the
secret every 20 seconds, and make the reseeding non-disruptive to
sequence space monotonicity.
* Change the TH_SYN + TIME_WAIT state handling. Generally speaking it
is inteded that a new SYN when the inpcb is in TIME_WAIT recycle the
port/address pair and allow the new connection.
The sequence space checks for the TH_SYN may have been too strict.
Change the check to allow the recycling of the port/address pair
as long as the SYN has a different sequence number as the previous
connection.
I believe this is relatively safe since the recycling can only happen
if the socket is already in a TIME_WAIT state, but consider the code
still under test.
Summary of changes:
sys/netinet/tcp_input.c | 38 ++++++++++---------
sys/netinet/tcp_subr.c | 99 ++++++++++++++++++++++++++++++++-----------------
2 files changed, 87 insertions(+), 50 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a91b933cce9ff09aeb3a2d9b746276db3c1be364
--
DragonFly BSD source repository
More information about the Commits
mailing list