Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 3 Dec 2021 20:38:26 GMT
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 4c018b5aed41 - main - in_pcb: limit the effect of wraparound in TCP random port allocation check
Message-ID:  <202112032038.1B3KcQ4v038699@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=4c018b5aed41d96831c4a76848c0671b3d56fd7b

commit 4c018b5aed41d96831c4a76848c0671b3d56fd7b
Author:     Peter Lei <peterlei@netflix.com>
AuthorDate: 2021-12-03 20:38:12 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2021-12-03 20:38:12 +0000

    in_pcb: limit the effect of wraparound in TCP random port allocation check
    
    The check to see if TCP port allocation should change from random to
    sequential port allocation mode may incorrectly cause a false positive
    due to negative wraparound.
    Example:
        V_ipport_tcpallocs = 2147483585 (0x7fffffc1)
        V_ipport_tcplastcount = 2147483553 (0x7fffffa1)
        V_ipport_randomcps = 100
    The original code would compare (2147483585 <= -2147483643) and thus
    incorrectly move to sequential allocation mode.
    
    Compute the delta first before comparing against the desired limit to
    limit the wraparound effect (since tcplastcount is always a snapshot
    of a previous tcpallocs).
---
 sys/netinet/in_pcb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index a894163ed5a6..0a44eae0d908 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -2577,8 +2577,8 @@ ipport_tick(void *xtp)
 	VNET_LIST_RLOCK_NOSLEEP();
 	VNET_FOREACH(vnet_iter) {
 		CURVNET_SET(vnet_iter);	/* XXX appease INVARIANTS here */
-		if (V_ipport_tcpallocs <=
-		    V_ipport_tcplastcount + V_ipport_randomcps) {
+		if (V_ipport_tcpallocs - V_ipport_tcplastcount <=
+		    V_ipport_randomcps) {
 			if (V_ipport_stoprandom > 0)
 				V_ipport_stoprandom--;
 		} else

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202112032038.1B3KcQ4v038699>