git: 4c018b5aed41 - main - in_pcb: limit the effect of wraparound in TCP random port allocation check
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 03 Dec 2021 20:38:26 UTC
The branch main has been updated by glebius:
URL: https://cgit.FreeBSD.org/src/commit/?id=4c018b5aed41d96831c4a76848c0671b3d56fd7b
commit 4c018b5aed41d96831c4a76848c0671b3d56fd7b
Author: Peter Lei <peterlei@netflix.com>
AuthorDate: 2021-12-03 20:38:12 +0000
Commit: Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2021-12-03 20:38:12 +0000
in_pcb: limit the effect of wraparound in TCP random port allocation check
The check to see if TCP port allocation should change from random to
sequential port allocation mode may incorrectly cause a false positive
due to negative wraparound.
Example:
V_ipport_tcpallocs = 2147483585 (0x7fffffc1)
V_ipport_tcplastcount = 2147483553 (0x7fffffa1)
V_ipport_randomcps = 100
The original code would compare (2147483585 <= -2147483643) and thus
incorrectly move to sequential allocation mode.
Compute the delta first before comparing against the desired limit to
limit the wraparound effect (since tcplastcount is always a snapshot
of a previous tcpallocs).
---
sys/netinet/in_pcb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index a894163ed5a6..0a44eae0d908 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -2577,8 +2577,8 @@ ipport_tick(void *xtp)
VNET_LIST_RLOCK_NOSLEEP();
VNET_FOREACH(vnet_iter) {
CURVNET_SET(vnet_iter); /* XXX appease INVARIANTS here */
- if (V_ipport_tcpallocs <=
- V_ipport_tcplastcount + V_ipport_randomcps) {
+ if (V_ipport_tcpallocs - V_ipport_tcplastcount <=
+ V_ipport_randomcps) {
if (V_ipport_stoprandom > 0)
V_ipport_stoprandom--;
} else