summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/transport/tcp/BUILD
diff options
context:
space:
mode:
authorBhasker Hariharan <bhaskerh@google.com>2019-09-30 13:54:03 -0700
committergVisor bot <gvisor-bot@google.com>2019-09-30 13:55:22 -0700
commit61f6fbd0ced1b0294334ddb3cd4999242140a3e8 (patch)
tree78cf30327d7c69f1317cf8f6cf834a63de26474e /pkg/tcpip/transport/tcp/BUILD
parent3ad17ff5977bc639418f5409396fac8b3ceb370b (diff)
Fix bugs in PickEphemeralPort for TCP.
Netstack always picks a random start point everytime PickEphemeralPort is called. While this is required for UDP so that DNS requests go out through a randomized set of ports it is not required for TCP. Infact Linux explicitly hashes the (srcip, dstip, dstport) and a one time secret initialized at start of the application to get a random offset. But to ensure it doesn't start from the same point on every scan it uses a static hint that is incremented by 2 in every call to pick ephemeral ports. The reason for 2 is Linux seems to split the port ranges where active connects seem to use even ones while odd ones are used by listening sockets. This CL implements a similar strategy where we use a hash + hint to generate the offset to start the search for a free Ephemeral port. This ensures that we cycle through the available port space in order for repeated connects to the same destination and significantly reduces the chance of picking a recently released port. PiperOrigin-RevId: 272058370
Diffstat (limited to 'pkg/tcpip/transport/tcp/BUILD')
-rw-r--r--pkg/tcpip/transport/tcp/BUILD1
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/tcpip/transport/tcp/BUILD b/pkg/tcpip/transport/tcp/BUILD
index 39a839ab7..a42e1f4a2 100644
--- a/pkg/tcpip/transport/tcp/BUILD
+++ b/pkg/tcpip/transport/tcp/BUILD
@@ -49,6 +49,7 @@ go_library(
"//pkg/sleep",
"//pkg/tcpip",
"//pkg/tcpip/buffer",
+ "//pkg/tcpip/hash/jenkins",
"//pkg/tcpip/header",
"//pkg/tcpip/iptables",
"//pkg/tcpip/seqnum",