From owner-svn-src-head@freebsd.org  Thu Jun  7 14:13:49 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 572F4FEFC18
 for <svn-src-head@mailman.ysv.freebsd.org>;
 Thu,  7 Jun 2018 14:13:49 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com
 [IPv6:2607:f8b0:4001:c06::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D9B5C6B49F
 for <svn-src-head@freebsd.org>; Thu,  7 Jun 2018 14:13:48 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-io0-x22b.google.com with SMTP id t6-v6so11968908iob.10
 for <svn-src-head@freebsd.org>; Thu, 07 Jun 2018 07:13:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=ras5Jhzmi+sZ9smxGdAdBHDqAOeGiRFY1HdtfGlZXbQ=;
 b=pYDxVupFMdqRLCIEY+dsJd1VnRijYVcbks1Ac7BdoG+Deh29Iefm7JTJTBM3WQJ/q0
 3Qn7viX9CgfBVRlU1cu27tC3BSlOoTs0yVFm3JjEZn7iVhoBI4qETX4T6LGee6XJuHwv
 cYjQRfNk+lV96M6o7x+rSzEMkh8wxggA2P4BahWEIUy/gQXiChfsDqrhq1unbyJqupQi
 a/tZOoopg9p0liUBI4gnc+2FdtT62R6+ZTzZu6dGjKyJk+DUoFhGLtjOclmSUOM5WVUP
 drSjfPSHfR/qP44OdMLcQGaNB4ghPmAirvQ7dPkLiMaIzicdxkd6OGb8rYo8guIUXp8D
 kiTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=ras5Jhzmi+sZ9smxGdAdBHDqAOeGiRFY1HdtfGlZXbQ=;
 b=ejrmj3+LtADnvfIoHR6qEPcktLqP2eNOahD/Jfy/bJLoI+H04by/o2qttdPjXX5fFo
 CcxtUIFYTQov7kIeP9+LGEEgDaZg25zQFyoER3wDJhECs/JNN3lEZanD1GOymZrqxANo
 8GgNT51KOHeegmwNdeoby57sT3Uu7/xCIAf1Qbzdg5dPnVKKGXEZqfWiEJrmY/jhI8v1
 4K4EHj29WhIQsIHekmiASdzGhzNoKpIxGfFDPemt2sKPw2DfjZdhu4Xd3Of0bxqNp4KS
 iB0g32uFbAj4V6hSQ0Vf9pFM1YTALNewDGv8HAGf7rISx6mzVj7/e6cG5Xrlsvdj8YVV
 iS0w==
X-Gm-Message-State: APt69E09x5tJfOhpOgu9IKawh86Nb1ZGzrNL+bjTWtsjoV8855tO2okZ
 kLLJPkB2mYaVAeosg0315aCCCQ==
X-Google-Smtp-Source: ADUXVKLXyf0fpc2p4OUEzbPVdhlRA3gBDj4lFCIcwda311dgZg+D1Ydd3e55aP/VI5JedMSUDeuOmg==
X-Received: by 2002:a6b:882a:: with SMTP id
 k42-v6mr1697703iod.137.1528380828085; 
 Thu, 07 Jun 2018 07:13:48 -0700 (PDT)
Received: from mutt-hbsd ([137.122.64.159])
 by smtp.gmail.com with ESMTPSA id y79-v6sm9931881iof.47.2018.06.07.07.13.46
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 07 Jun 2018 07:13:46 -0700 (PDT)
Date: Thu, 7 Jun 2018 10:13:31 -0400
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Sean Bruno <sbruno@FreeBSD.org>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org, Johannes Lundberg <johalun0@gmail.com>
Subject: Re: svn commit: r334719 - in head: cddl/lib/libdtrace lib/libc/sys
 sys/kern sys/netinet sys/netinet6 sys/sys
Message-ID: <20180607141331.gaej4q6m2irqwnek@mutt-hbsd>
References: <201806061545.w56Fjv3e076880@repo.freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="ut6p25yqm73ezncy"
Content-Disposition: inline
In-Reply-To: <201806061545.w56Fjv3e076880@repo.freebsd.org>
X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT FreeBSD 12.0-CURRENT 
X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE
User-Agent: NeoMutt/20180323
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2018 14:13:49 -0000


--ut6p25yqm73ezncy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 06, 2018 at 03:45:57PM +0000, Sean Bruno wrote:
> Author: sbruno
> Date: Wed Jun  6 15:45:57 2018
> New Revision: 334719
> URL: https://svnweb.freebsd.org/changeset/base/334719
>=20
> Log:
>   Load balance sockets with new SO_REUSEPORT_LB option.
>  =20
>   This patch adds a new socket option, SO_REUSEPORT_LB, which allow multi=
ple
>   programs or threads to bind to the same port and incoming connections w=
ill be
>   load balanced using a hash function.
>  =20
>   Most of the code was copied from a similar patch for DragonflyBSD.
>  =20
>   However, in DragonflyBSD, load balancing is a global on/off setting and=
 can not
>   be set per socket. This patch allows for simultaneous use of both the c=
urrent
>   SO_REUSEPORT and the new SO_REUSEPORT_LB options on the same system.
>  =20
>   Required changes to structures:
>   Globally change so_options from 16 to 32 bit value to allow for more op=
tions.
>   Add hashtable in pcbinfo to hold all SO_REUSEPORT_LB sockets.
>  =20
>   Limitations:
>   As DragonflyBSD, a load balance group is limited to 256 pcbs (256 progr=
ams or
>   threads sharing the same socket).
>  =20
>   This is a substantially different contribution as compared to its origi=
nal
>   incarnation at svn r332894 and reverted at svn r332967.  Thanks to rwat=
son@
>   for the substantive feedback that is included in this commit.
>  =20
>   Submitted by:	Johannes Lundberg <johalun0@gmail.com>
>   Obtained from:	DragonflyBSD
>   Relnotes:	Yes
>   Sponsored by:	Limelight Networks
>   Differential Revision:	https://reviews.freebsd.org/D11003

Hey Sean,

This is a rather interesting and useful feature. Thank you for
committing it. It seems there are some security trade-offs being made
for applications that opt-in to this feature: third-party
applications, potentially malicious, could bind to the port.

I wonder if we could prevent malicious abuse of this feature by
introducing a random cookie. When a developer sets this option, the
developer must specify a random value as a cookie. Applications who
want to share the port, then, must also specify the cookie (perhaps
via another socket option?).

What are your thoughts? I'm CC'ing Johannes to get his thoughts as
well.

Thanks,

--=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
Tor+XMPP+OTR:        lattera@is.a.hacker.sx
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

--ut6p25yqm73ezncy
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlsZPYcACgkQaoRlj1JF
bu6aTRAAyP8aMIYYj55WmxTn/+ZPrdxMfmHMVMIUT4GLB7j2CocNJbvZV34JIzTx
5HKXHntPmHjbYlKuomDLXMaypezp0vrL1ZuryEAa24kSd/0jRJqi3LzWnmkfaPvW
uBKTa3soPlBHErRBpc4ND1VAYYIQ793OZBDwTlfBUFh+xu5DXFKHPNW4+CqhpcAT
Q8lgV7/yYU3XXvUI8DgwhJRq8WBtjAl6y3MJvEh4bmvs/DaVLrRU/zwGHHjef7vT
Do4qUqAFrPxS6vCxqA1i8b0O/4lTZ3o94obFhqCgFiUt6UzPvGeG7/COnqUE3fnt
lX/Gm+tzknLgrSF8ksMs/UrcexhXmB1m0xYWdre4Hj5DpK4A+2CZVSZw0vkWs8Tx
MgGmtF1jRfDYjvfUy2tFyQOcAUPJ2oB7fGrZ0woe/EVmhsiqoN6M46kakLoCwkeR
TBSauphH4nvnlYbw4a+DvnVBgtEfC+OJM1k1XsCvamdH7p3sn39T0sZA0Lo/FYD1
B9jWAxynzFdoZBqNGT9iNa4KhFAiaJekLTZplT1uDnFPt9H4z67phgpPot9yQtVQ
HtKf8JNza79JrU/l1Gd5WdOLvynlew8Z5DRmmn/PWKumfKP+DzItSj25gbcApWD5
gY/tgKL3wtJ1Zjd7f18DqmtVd87li3qzBR7gv1L0GkoNZ4M0lbA=
=Y5uN
-----END PGP SIGNATURE-----

--ut6p25yqm73ezncy--