diff options
author | Bhasker Hariharan <bhaskerh@google.com> | 2019-09-30 13:54:03 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-09-30 13:55:22 -0700 |
commit | 61f6fbd0ced1b0294334ddb3cd4999242140a3e8 (patch) | |
tree | 78cf30327d7c69f1317cf8f6cf834a63de26474e /pkg/tcpip/transport/tcp/BUILD | |
parent | 3ad17ff5977bc639418f5409396fac8b3ceb370b (diff) |
Fix bugs in PickEphemeralPort for TCP.
Netstack always picks a random start point everytime PickEphemeralPort
is called. While this is required for UDP so that DNS requests go
out through a randomized set of ports it is not required for TCP. Infact
Linux explicitly hashes the (srcip, dstip, dstport) and a one time secret
initialized at start of the application to get a random offset. But to
ensure it doesn't start from the same point on every scan it uses a static
hint that is incremented by 2 in every call to pick ephemeral ports.
The reason for 2 is Linux seems to split the port ranges where active connects
seem to use even ones while odd ones are used by listening sockets.
This CL implements a similar strategy where we use a hash + hint to generate
the offset to start the search for a free Ephemeral port.
This ensures that we cycle through the available port space in order for
repeated connects to the same destination and significantly reduces the
chance of picking a recently released port.
PiperOrigin-RevId: 272058370
Diffstat (limited to 'pkg/tcpip/transport/tcp/BUILD')
-rw-r--r-- | pkg/tcpip/transport/tcp/BUILD | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/tcpip/transport/tcp/BUILD b/pkg/tcpip/transport/tcp/BUILD index 39a839ab7..a42e1f4a2 100644 --- a/pkg/tcpip/transport/tcp/BUILD +++ b/pkg/tcpip/transport/tcp/BUILD @@ -49,6 +49,7 @@ go_library( "//pkg/sleep", "//pkg/tcpip", "//pkg/tcpip/buffer", + "//pkg/tcpip/hash/jenkins", "//pkg/tcpip/header", "//pkg/tcpip/iptables", "//pkg/tcpip/seqnum", |