From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id EBEBE5A026A
	for <passt-dev@passt.top>; Tue,  8 Nov 2022 02:02:13 +0100 (CET)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4N5qZB2Cq0z4xFs; Tue,  8 Nov 2022 12:02:10 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1667869330;
	bh=3VfUNfPFb0hjFjkXhFu+Y61wLlLQaUh+If8Ai3t/xdo=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=edRfTE3hQNq92KzGg9LXYS4t3xG7YhoQ44x9UqLP8TwzcZ2+456XtGoUL4it3a448
	 LMnWbrI69r5NEpVK7IFs74mzuaDJGUJFJ389CXLCPd02Jnczs7Th8CJ/nkuvKqV8BB
	 zhgVRvkEDQ8UMoq2ehHXe7iHGwExfK6USKMXFgz8=
Date: Tue, 8 Nov 2022 11:59:23 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH 10/10] tcp: Fix small error in tcp_seq_init() time
 handling
Message-ID: <Y2mp6/83xSyuWRWH@yekko>
References: <20221104084333.3761760-1-david@gibson.dropbear.id.au>
 <20221104084333.3761760-11-david@gibson.dropbear.id.au>
 <20221107190846.32ece8ac@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="9dLO0Uif7RAApYZC"
Content-Disposition: inline
In-Reply-To: <20221107190846.32ece8ac@elisabeth>
Message-ID-Hash: G3MS43JIGCHC7UPIQDTSBMNOS3SOOXU7
X-Message-ID-Hash: G3MS43JIGCHC7UPIQDTSBMNOS3SOOXU7
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.3
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <>
Archived-At: <https://archives.passt.top/passt-dev/Y2mp6/83xSyuWRWH@yekko/>
List-Archive: <>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--9dLO0Uif7RAApYZC
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 07, 2022 at 07:08:46PM +0100, Stefano Brivio wrote:
> On Fri,  4 Nov 2022 19:43:33 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > It looks like tcp_seq_init() is supposed to advance the sequence number
> > by one every 32ns.  However we only right shift the ns part of the time=
spec
> > not the seconds part, meaning that we'll advance by an extra 32 steps on
> > each second.
> >=20
> > I don't know if that's exploitable in any way, but it doesn't appear to=
 be
> > the intent, nor what RFC 6528 suggests.
>=20
> Oh, oops, nice catch.
>=20
> Well, as long as the step, modulo 32 bits, is not 0, it's still
> arguably the 250 KHz / 4 =B5s period clock from RFC 793, so there's no

Well, except for the fact it's a 31.24 MHz / 32 ns clock.  I assumed
there was a good reason for that.

> practical difference (other than the overflow period). See also the
> note in RFC 1948:
>=20
>    More precisely, RFC 793 specifies that the 32-bit counter be
>    incremented by 1 in the low-order position about every 4
>    microseconds.  Instead, Berkeley-derived kernels increment it by a
>    constant every second [...]
>=20
> I kind of wonder if adding a time non-linearity like the unintended one
> I added actually increases entropy.

Right, I don't know.

> But indeed ~4 seconds overflow is also not intended, and we should just
> stick to RFC 6528.

Well... 4s overflow, yes, but not I think a 4s period before
repeating.  Again, I don't know enough about this stuff to analyze
whether that's important or not.

>=20
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> >  tcp.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >=20
> > diff --git a/tcp.c b/tcp.c
> > index 59e03ff..941fafb 100644
> > --- a/tcp.c
> > +++ b/tcp.c
> > @@ -2027,8 +2027,8 @@ static void tcp_seq_init(const struct ctx *c, str=
uct tcp_conn *conn,
> > =20
> >  	seq =3D siphash_36b((uint8_t *)&in, c->tcp.hash_secret);
> > =20
> > -	ns =3D now->tv_sec * 1E9;
> > -	ns +=3D now->tv_nsec >> 5; /* 32ns ticks, overflows 32 bits every 137=
s */
> > +	/* 32ns ticks, overflows 32 bits every 137s */
> > +	ns =3D (now->tv_sec * 1E9 + now->tv_nsec) >> 5;
> > =20
> >  	conn->seq_to_tap =3D seq + ns;
> >  }
>=20

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--9dLO0Uif7RAApYZC
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoULxWu4/Ws0dB+XtgypY4gEwYSIFAmNpqeQACgkQgypY4gEw
YSJjIA//RUQ9dcaV9DLGULSh7jDVG3+uu4871uZEABHTczeispSg8eVGsn99YXsS
4kDYXp0FFLs/ZxnSbKV0j4HeivSzwKXT9+rP9dkL35hEhVeQVjnQ2Slm7i7xx0GH
WX3oy8QFDbEnCWwKrWjb+aW4twG0e8lxM2GSwvvYV5IDWDkJR4Z3ZbKi5esX7Egt
0nlPgXGklwmQPrbeQS8FhzkT0EyjZPQK5VK8IeGrEunjK3x+DD6wgpyjeB0CI8Pl
jj7YH/RDYjr2g2Xx0cXdKVZ3erc7n/1BhaVfRwlksO5EN4anSCLqpEtj+0zlA15w
V45WbGvRPyWpDhjDcA+C6hFBjUMNH7rcUY+kVKgQ2rZB3u5Utq75nqnFXKMfgJrE
aqUscVCDpZ9loESDZQIDk7TdTvZtAegwfzYYyyms/CEOlGCJVXEexKTEmNYEK0t6
Nelqs3FGilDGG9a6OyMLhNj90AJluh+7KOQWr+zlsaM4nHaJnU63fCYru7RLJOAX
ulMGxsB+72ZgdgztOc0/+9xF6FRduRKA6qmb8OmrhQ4QWEy/X+5jI3eC/TM3F17y
OLTVpuRy11QVsZ3e0urQKh2hspJ1MsWTMfK0gkQyWZoCLutq+G3JTaFStJE1vEjy
cHPCzJJs0x7mRP5x0U7E1t+VOUhDBNiQ0OrnPEMawqSpRFTNrX0=
=lZR1
-----END PGP SIGNATURE-----

--9dLO0Uif7RAApYZC--