From owner-svn-src-all@freebsd.org Sat Apr 11 20:45:46 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3B54527A834; Sat, 11 Apr 2020 20:45:46 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from forward500j.mail.yandex.net (forward500j.mail.yandex.net [5.45.198.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4906N96Cjnz45pP; Sat, 11 Apr 2020 20:45:45 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from mxback22g.mail.yandex.net (mxback22g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:322]) by forward500j.mail.yandex.net (Yandex) with ESMTP id 587AE11C2166; Sat, 11 Apr 2020 23:45:42 +0300 (MSK) Received: from localhost (localhost [::1]) by mxback22g.mail.yandex.net (mxback/Yandex) with ESMTP id ZCXOxUhjsq-jfhmbsbA; Sat, 11 Apr 2020 23:45:41 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfw.ru; s=mail; t=1586637941; bh=8RuWnKBM570O+3jf6FgwaRlHXB1hdQwBdYypGG69ELI=; h=Message-Id:Cc:Subject:In-Reply-To:Date:References:To:From; b=XA5OWbicQi7GgNvN837OnrMicWSJk/TTxXx//szLgRfleCRPOHnp+UBhBSge//Vz+ xWFob2EAhNfsQMiPQd+OrXmjdtPM+451a7W+aZgZzW5M9gy3kPTbgdO5aFxqOHeiP3 GwkQlK2VrH7gho9hCJJe2emUKLg0MuvxTTLUclyI= Received: by sas2-2d551da8e887.qloud-c.yandex.net with HTTP; Sat, 11 Apr 2020 23:45:41 +0300 From: Alexander V. Chernikov Envelope-From: melifaro@ipfw.ru To: "cem@freebsd.org" Cc: svn-src-all , svn-src-head , src-committers In-Reply-To: References: <202004110737.03B7b8cS067986@repo.freebsd.org> Subject: Re: svn commit: r359797 - in head/sys: net netinet netinet6 MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Sat, 11 Apr 2020 21:45:41 +0100 Message-Id: <6140881586636906@vla5-dcf36e533bf7.qloud-c.yandex.net> Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=utf-8 X-Rspamd-Queue-Id: 4906N96Cjnz45pP X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; REPLY(-4.00)[] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Apr 2020 20:45:46 -0000 11.04.2020, 21:02, "Conrad Meyer" : > Hi Alexander, Hi Conrad, > > On Sat, Apr 11, 2020 at 12:37 AM Alexander V. Chernikov > wrote: >>  Author: melifaro >>  Date: Sat Apr 11 07:37:08 2020 >>  New Revision: 359797 >>  URL: https://svnweb.freebsd.org/changeset/base/359797 >> >>  Log: >>    Remove per-AF radix_mpath initializtion functions. >> >>    Split their functionality by moving random seed allocation >>     to SYSINIT and calling (new) generic multipath function from >>     standard IPv4/IPv5 RIB init handlers. >>  ... >>  --- head/sys/net/radix_mpath.c Sat Apr 11 07:31:16 2020 (r359796) >>  +++ head/sys/net/radix_mpath.c Sat Apr 11 07:37:08 2020 (r359797) >>  @@ -290,38 +290,18 @@ rtalloc_mpath_fib(struct route *ro, uint32_t hash, u_i >>  ... >>  +static void >>  +mpath_init(void) >>   { >>  - struct rib_head *rnh; >> >>          hashjitter = arc4random(); >>  - if (in6_inithead(head, off, fibnum) == 1) { >>  - rnh = (struct rib_head *)*head; >>  - rnh->rnh_multipath = 1; >>  - return 1; >>  - } else >>  - return 0; >>   } >>  +SYSINIT(mpath_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, mpath_init, NULL); > > This is pretty early in boot to be asking for random numbers. We > don't have interrupts yet, for example. If the system doesn't have a > saved /boot/entropy loaded (PPC, or installer, or some other embedded > system perhaps), we will either deadlock boot or get not especially > random numbers here (depending on availability behavior of arc4random > — currently we err on the side of low quality random numbers). Got it, that's a good datapoint! > > If this number is predictable to an attacker, is it easier to DoS the > system? Do we need the random number before userspace starts? (I > would imagine networking does not really start chatting with remote > hosts prior to userspace boot, but this is just a guess.) This number only affects selection of the outbound path in presence of multiple paths available for the same prefix. It means to mitigate hash polarization in the network ( https://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/116376-technote-cef-00.html contains somewhat relevant description). I don't think it that knowing the number make DoSing of the particular system easier. However, better quality randomness is always good. Speaking of "when" it is needed - you're right, it is needed pretty late in the boot process, after the userland starts. Will moving the order to SI_SUB_LAST help or I need to trigger number generation by different means? > > Best, > Conrad