From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH v3 15/16] tcp: "TCP" hash secret doesn't need to be TCP specific
Date: Thu, 30 Nov 2023 13:02:21 +1100 [thread overview]
Message-ID: <20231130020222.4056647-16-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20231130020222.4056647-1-david@gibson.dropbear.id.au>
The TCP state structure includes a 128-bit hash_secret which we use for
SipHash calculations to mitigate attacks on the TCP hash table and initial
sequence number.
We have plans to use SipHash in places that aren't TCP related, and there's
no particular reason they'd need their own secret. So move the hash_secret
to the general context structure.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
passt.c | 40 ++++++++++++++++++++++++++++++++++++++++
passt.h | 2 ++
tcp.c | 35 ++---------------------------------
tcp.h | 2 --
4 files changed, 44 insertions(+), 35 deletions(-)
diff --git a/passt.c b/passt.c
index 8ddd9b3..0246b04 100644
--- a/passt.c
+++ b/passt.c
@@ -35,6 +35,9 @@
#include <syslog.h>
#include <sys/prctl.h>
#include <netinet/if_ether.h>
+#ifdef HAS_GETRANDOM
+#include <sys/random.h>
+#endif
#include "util.h"
#include "passt.h"
@@ -103,6 +106,41 @@ static void post_handler(struct ctx *c, const struct timespec *now)
#undef CALL_PROTO_HANDLER
}
+/**
+ * secret_init() - Create secret value for SipHash calculations
+ * @c: Execution context
+ */
+static void secret_init(struct ctx *c)
+{
+#ifndef HAS_GETRANDOM
+ int dev_random = open("/dev/random", O_RDONLY);
+ unsigned int random_read = 0;
+
+ while (dev_random && random_read < sizeof(c->hash_secret)) {
+ int ret = read(dev_random,
+ (uint8_t *)&c->hash_secret + random_read,
+ sizeof(c->hash_secret) - random_read);
+
+ if (ret == -1 && errno == EINTR)
+ continue;
+
+ if (ret <= 0)
+ break;
+
+ random_read += ret;
+ }
+ if (dev_random >= 0)
+ close(dev_random);
+ if (random_read < sizeof(c->hash_secret)) {
+#else
+ if (getrandom(&c->hash_secret, sizeof(c->hash_secret),
+ GRND_RANDOM) < 0) {
+#endif /* !HAS_GETRANDOM */
+ perror("TCP initial sequence getrandom");
+ exit(EXIT_FAILURE);
+ }
+}
+
/**
* timer_init() - Set initial timestamp for timer runs to current time
* @c: Execution context
@@ -237,6 +275,8 @@ int main(int argc, char **argv)
tap_sock_init(&c);
+ secret_init(&c);
+
clock_gettime(CLOCK_MONOTONIC, &now);
if ((!c.no_udp && udp_init(&c)) || (!c.no_tcp && tcp_init(&c)))
diff --git a/passt.h b/passt.h
index 33b493f..c74887a 100644
--- a/passt.h
+++ b/passt.h
@@ -211,6 +211,7 @@ struct ip6_ctx {
* @fd_tap: AF_UNIX socket, tuntap device, or pre-opened socket
* @mac: Host MAC address
* @mac_guest: MAC address of guest or namespace, seen or configured
+ * @hash_secret: 128-bit secret for siphash functions
* @ifi4: Index of template interface for IPv4, 0 if IPv4 disabled
* @ip: IPv4 configuration
* @dns_search: DNS search list
@@ -265,6 +266,7 @@ struct ctx {
int fd_tap;
unsigned char mac[ETH_ALEN];
unsigned char mac_guest[ETH_ALEN];
+ uint64_t hash_secret[2];
unsigned int ifi4;
struct ip4_ctx ip4;
diff --git a/tcp.c b/tcp.c
index 24aba44..74d06bf 100644
--- a/tcp.c
+++ b/tcp.c
@@ -279,9 +279,6 @@
#include <stddef.h>
#include <string.h>
#include <sys/epoll.h>
-#ifdef HAS_GETRANDOM
-#include <sys/random.h>
-#endif
#include <sys/socket.h>
#include <sys/timerfd.h>
#include <sys/types.h>
@@ -1172,7 +1169,7 @@ static int tcp_hash_match(const struct tcp_tap_conn *conn,
static unsigned int tcp_hash(const struct ctx *c, const union inany_addr *faddr,
in_port_t eport, in_port_t fport)
{
- struct siphash_state state = SIPHASH_INIT(c->tcp.hash_secret);
+ struct siphash_state state = SIPHASH_INIT(c->hash_secret);
uint64_t hash;
inany_siphash_feed(&state, faddr);
@@ -1780,7 +1777,7 @@ static void tcp_tap_window_update(struct tcp_tap_conn *conn, unsigned wnd)
static void tcp_seq_init(const struct ctx *c, struct tcp_tap_conn *conn,
const struct timespec *now)
{
- struct siphash_state state = SIPHASH_INIT(c->tcp.hash_secret);
+ struct siphash_state state = SIPHASH_INIT(c->hash_secret);
union inany_addr aany;
uint64_t hash;
uint32_t ns;
@@ -3088,34 +3085,6 @@ static void tcp_sock_refill_init(const struct ctx *c)
*/
int tcp_init(struct ctx *c)
{
-#ifndef HAS_GETRANDOM
- int dev_random = open("/dev/random", O_RDONLY);
- unsigned int random_read = 0;
-
- while (dev_random && random_read < sizeof(c->tcp.hash_secret)) {
- int ret = read(dev_random,
- (uint8_t *)&c->tcp.hash_secret + random_read,
- sizeof(c->tcp.hash_secret) - random_read);
-
- if (ret == -1 && errno == EINTR)
- continue;
-
- if (ret <= 0)
- break;
-
- random_read += ret;
- }
- if (dev_random >= 0)
- close(dev_random);
- if (random_read < sizeof(c->tcp.hash_secret)) {
-#else
- if (getrandom(&c->tcp.hash_secret, sizeof(c->tcp.hash_secret),
- GRND_RANDOM) < 0) {
-#endif /* !HAS_GETRANDOM */
- perror("TCP initial sequence getrandom");
- exit(EXIT_FAILURE);
- }
-
if (c->ifi4)
tcp_sock4_iov_init(c);
diff --git a/tcp.h b/tcp.h
index c8b738d..27b1166 100644
--- a/tcp.h
+++ b/tcp.h
@@ -52,7 +52,6 @@ union tcp_listen_epoll_ref {
/**
* struct tcp_ctx - Execution context for TCP routines
- * @hash_secret: 128-bit secret for hash functions, ISN and hash table
* @port_to_tap: Ports bound host-side, packets to tap or spliced
* @fwd_in: Port forwarding configuration for inbound packets
* @fwd_out: Port forwarding configuration for outbound packets
@@ -61,7 +60,6 @@ union tcp_listen_epoll_ref {
* @pipe_size: Size of pipes for spliced connections
*/
struct tcp_ctx {
- uint64_t hash_secret[2];
struct port_fwd fwd_in;
struct port_fwd fwd_out;
struct timespec timer_run;
--
@@ -52,7 +52,6 @@ union tcp_listen_epoll_ref {
/**
* struct tcp_ctx - Execution context for TCP routines
- * @hash_secret: 128-bit secret for hash functions, ISN and hash table
* @port_to_tap: Ports bound host-side, packets to tap or spliced
* @fwd_in: Port forwarding configuration for inbound packets
* @fwd_out: Port forwarding configuration for outbound packets
@@ -61,7 +60,6 @@ union tcp_listen_epoll_ref {
* @pipe_size: Size of pipes for spliced connections
*/
struct tcp_ctx {
- uint64_t hash_secret[2];
struct port_fwd fwd_in;
struct port_fwd fwd_out;
struct timespec timer_run;
--
2.43.0
next prev parent reply other threads:[~2023-11-30 2:02 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-30 2:02 [PATCH v3 00/16] Introduce unified flow table, first steps David Gibson
2023-11-30 2:02 ` [PATCH v3 01/16] treewide: Add messages to static_assert() calls David Gibson
2023-11-30 2:02 ` [PATCH v3 02/16] flow, tcp: Generalise connection types David Gibson
2023-11-30 2:02 ` [PATCH v3 03/16] flow, tcp: Move TCP connection table to unified flow table David Gibson
2023-11-30 2:02 ` [PATCH v3 04/16] flow, tcp: Consolidate flow pointer<->index helpers David Gibson
2023-11-30 2:02 ` [PATCH v3 05/16] util: MAX_FROM_BITS() should be unsigned David Gibson
2023-11-30 2:02 ` [PATCH v3 06/16] flow: Make unified version of flow table compaction David Gibson
2023-11-30 2:02 ` [PATCH v3 07/16] flow, tcp: Add logging helpers for connection related messages David Gibson
2023-11-30 2:02 ` [PATCH v3 08/16] flow: Introduce 'sidx' type to represent one side of one flow David Gibson
2023-12-02 4:35 ` Stefano Brivio
2023-11-30 2:02 ` [PATCH v3 09/16] tcp: Remove unneccessary bounds check in tcp_timer_handler() David Gibson
2023-11-30 2:02 ` [PATCH v3 10/16] flow,tcp: Generalise TCP epoll_ref to generic flows David Gibson
2023-11-30 2:02 ` [PATCH v3 11/16] tcp_splice: Use unsigned to represent side David Gibson
2023-11-30 2:02 ` [PATCH v3 12/16] flow,tcp: Use epoll_ref type including flow and side David Gibson
2023-11-30 2:02 ` [PATCH v3 13/16] test: Avoid hitting guestfish command length limits David Gibson
2023-11-30 2:02 ` [PATCH v3 14/16] pif: Add helpers to get the name of a pif David Gibson
2023-11-30 12:45 ` Stefano Brivio
2023-12-01 0:08 ` David Gibson
2023-11-30 2:02 ` David Gibson [this message]
2023-11-30 2:02 ` [PATCH v3 16/16] tcp: Don't defer hash table removal David Gibson
2023-11-30 12:45 ` Stefano Brivio
2023-12-01 0:07 ` David Gibson
2023-12-02 4:34 ` Stefano Brivio
2023-12-04 0:43 ` David Gibson
2023-12-04 9:54 ` [PATCH v3 00/16] Introduce unified flow table, first steps Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231130020222.4056647-16-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).