[TCP/DCCP]: Randomize port selection

This patch randomizes the port selected on bind() for connections to help with possible security attacks. It should also be faster in most cases because there is no need for a global lock. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
author: Stephen Hemminger <shemminger@osdl.org> 2005-11-03 19:33:23 -0500
committer: Arnaldo Carvalho de Melo <acme@mandriva.com> 2005-11-05 18:23:15 -0500
commit: 6df716340da3a6fdd33d73d7ed4c6f7590ca1c42 (patch)
tree: 1b3ba3d1a0a08b9b4eaa624a66414b87a70b6fe9 /net/ipv4
parent: 6151b31c9616d71f714fc7ef8e2306f67f3b94c3 (diff)
3 files changed, 3 insertions, 14 deletions
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 94468a76c5b4..3fe021f1a566 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -78,17 +78,9 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
                int low = sysctl_local_port_range[0];
                int high = sysctl_local_port_range[1];
                int remaining = (high - low) + 1;
-                int rover;
+                int rover = net_random() % (high - low) + low;
-                spin_lock(&hashinfo->portalloc_lock);
-                if (hashinfo->port_rover < low)
-                        rover = low;
-                else
-                        rover = hashinfo->port_rover;
                do {
-                        rover++;
-                        if (rover > high)
-                                rover = low;
                        head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
                        spin_lock(&head->lock);
                        inet_bind_bucket_for_each(tb, node, &head->chain)
@@ -97,9 +89,9 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
                        break;
                next:
                        spin_unlock(&head->lock);
+                        if (++rover > high)
+                                rover = low;
                } while (--remaining > 0);
-                hashinfo->port_rover = rover;
-                spin_unlock(&hashinfo->portalloc_lock);
                /* Exhausted local port range during search?  It is not
                 * possible for us to be holding one of the bind hash
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f3f0013a9580..72b7c22e1ea5 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2112,7 +2112,6 @@ void __init tcp_init(void)
                sysctl_tcp_max_orphans >>= (3 - order);
                sysctl_max_syn_backlog = 128;
        }
-        tcp_hashinfo.port_rover = sysctl_local_port_range[0] - 1;
        sysctl_tcp_mem[0] =  768 << order;
        sysctl_tcp_mem[1] = 1024 << order;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index c85819d8474b..49d67cd75edd 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -93,8 +93,6 @@ struct inet_hashinfo __cacheline_aligned tcp_hashinfo = {
        .lhash_lock     = RW_LOCK_UNLOCKED,
        .lhash_users    = ATOMIC_INIT(0),
        .lhash_wait     = __WAIT_QUEUE_HEAD_INITIALIZER(tcp_hashinfo.lhash_wait),
-        .portalloc_lock = SPIN_LOCK_UNLOCKED,
-        .port_rover     = 1024 - 1,
 };
 static int tcp_v4_get_port(struct sock *sk, unsigned short snum)
author	Stephen Hemminger <shemminger@osdl.org>	2005-11-03 19:33:23 -0500
committer	Arnaldo Carvalho de Melo <acme@mandriva.com>	2005-11-05 18:23:15 -0500
commit	6df716340da3a6fdd33d73d7ed4c6f7590ca1c42 (patch)
tree	1b3ba3d1a0a08b9b4eaa624a66414b87a70b6fe9 /net/ipv4
parent	6151b31c9616d71f714fc7ef8e2306f67f3b94c3 (diff)