diff options
| author | Stephen Hemminger <shemminger@osdl.org> | 2005-11-03 19:33:23 -0500 |
|---|---|---|
| committer | Arnaldo Carvalho de Melo <acme@mandriva.com> | 2005-11-05 18:23:15 -0500 |
| commit | 6df716340da3a6fdd33d73d7ed4c6f7590ca1c42 (patch) | |
| tree | 1b3ba3d1a0a08b9b4eaa624a66414b87a70b6fe9 /net/ipv6 | |
| parent | 6151b31c9616d71f714fc7ef8e2306f67f3b94c3 (diff) | |
[TCP/DCCP]: Randomize port selection
This patch randomizes the port selected on bind() for connections
to help with possible security attacks. It should also be faster
in most cases because there is no need for a global lock.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index d693cb988b78..d746d3b27efb 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -114,16 +114,9 @@ static int tcp_v6_get_port(struct sock *sk, unsigned short snum) | |||
| 114 | int low = sysctl_local_port_range[0]; | 114 | int low = sysctl_local_port_range[0]; |
| 115 | int high = sysctl_local_port_range[1]; | 115 | int high = sysctl_local_port_range[1]; |
| 116 | int remaining = (high - low) + 1; | 116 | int remaining = (high - low) + 1; |
| 117 | int rover; | 117 | int rover = net_random() % (high - low) + low; |
| 118 | 118 | ||
| 119 | spin_lock(&tcp_hashinfo.portalloc_lock); | 119 | do { |
| 120 | if (tcp_hashinfo.port_rover < low) | ||
| 121 | rover = low; | ||
| 122 | else | ||
| 123 | rover = tcp_hashinfo.port_rover; | ||
| 124 | do { rover++; | ||
| 125 | if (rover > high) | ||
| 126 | rover = low; | ||
| 127 | head = &tcp_hashinfo.bhash[inet_bhashfn(rover, tcp_hashinfo.bhash_size)]; | 120 | head = &tcp_hashinfo.bhash[inet_bhashfn(rover, tcp_hashinfo.bhash_size)]; |
| 128 | spin_lock(&head->lock); | 121 | spin_lock(&head->lock); |
| 129 | inet_bind_bucket_for_each(tb, node, &head->chain) | 122 | inet_bind_bucket_for_each(tb, node, &head->chain) |
| @@ -132,9 +125,9 @@ static int tcp_v6_get_port(struct sock *sk, unsigned short snum) | |||
| 132 | break; | 125 | break; |
| 133 | next: | 126 | next: |
| 134 | spin_unlock(&head->lock); | 127 | spin_unlock(&head->lock); |
| 128 | if (++rover > high) | ||
| 129 | rover = low; | ||
| 135 | } while (--remaining > 0); | 130 | } while (--remaining > 0); |
| 136 | tcp_hashinfo.port_rover = rover; | ||
| 137 | spin_unlock(&tcp_hashinfo.portalloc_lock); | ||
| 138 | 131 | ||
| 139 | /* Exhausted local port range during search? It is not | 132 | /* Exhausted local port range during search? It is not |
| 140 | * possible for us to be holding one of the bind hash | 133 | * possible for us to be holding one of the bind hash |