From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 43ECE5A026E
	for <passt-dev@passt.top>; Wed, 16 Nov 2022 05:42:25 +0100 (CET)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4NBr4R3ZNkz4xyB; Wed, 16 Nov 2022 15:42:15 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1668573735;
	bh=D2HhVaK85kbSa2cO6/i8MuLsA6HUK+CLQCfO90M8PLc=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=HWaa3hsIOUEDrhDbdd4Kg9oRt1vjJsgcXVnBJZgL6oRCewfzuEYVZdwW9S0y6hM4Z
	 Tie1ZUj0e+Qze+RxkHumOGspVndE6eR0riedaPfwWViKcL4GhbT7A+64h6+QPjDaUl
	 /Q88qK5DGYITwi4eM5KeZD9TnwvYGSL2PSOJBv/s=
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH 25/32] tcp: Fix small errors in tcp_seq_init() time handling
Date: Wed, 16 Nov 2022 15:42:05 +1100
Message-Id: <20221116044212.3876516-26-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <20221116044212.3876516-1-david@gibson.dropbear.id.au>
References: <20221116044212.3876516-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: J6FPYGMXPSVVEMFRL2UPICB7YHYUH6EN
X-Message-ID-Hash: J6FPYGMXPSVVEMFRL2UPICB7YHYUH6EN
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.3
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20221116044212.3876516-26-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/J6FPYGMXPSVVEMFRL2UPICB7YHYUH6EN/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

It looks like tcp_seq_init() is supposed to advance the sequence number
by one every 32ns.  However we only right shift the ns part of the timespec
not the seconds part, meaning that we'll advance by an extra 32 steps on
each second.

I don't know if that's exploitable in any way, but it doesn't appear to be
the intent, nor what RFC 6528 suggests.

In addition, we convert from seconds to nanoseconds with a multiplication
by '1E9'.  In C '1E9' is a floating point constant, forcing a conversion
to floating point and back for what should be an integer calculation
(confirmed with objdump and Makefile default compiler flags).  Spell out
1000000000 in full to avoid that.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 tcp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tcp.c b/tcp.c
index 7156246..0513b3b 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1957,8 +1957,8 @@ static void tcp_seq_init(const struct ctx *c, struct tcp_tap_conn *conn,
 
 	seq = siphash_36b((uint8_t *)&in, c->tcp.hash_secret);
 
-	ns = now->tv_sec * 1E9;
-	ns += now->tv_nsec >> 5; /* 32ns ticks, overflows 32 bits every 137s */
+	/* 32ns ticks, overflows 32 bits every 137s */
+	ns = (now->tv_sec * 1000000000 + now->tv_nsec) >> 5;
 
 	conn->seq_to_tap = seq + ns;
 }
-- 
2.38.1