lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[TCP/DCCP]: Randomize port selection

Browse Source 
This patch randomizes the port selected on bind() for connections
to help with possible security attacks. It should also be faster
in most cases because there is no need for a global lock.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
This commit is contained in:
Stephen Hemminger
2005-11-03 16:33:23 -08:00
committed by Arnaldo Carvalho de Melo
parent 6151b31c96
commit 6df716340d
6 changed files with 10 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
net/ipv4/inet_connection_sock.c
View File

@ -78,17 +78,9 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
int low = sysctl_local_port_range[0];
int high = sysctl_local_port_range[1];
int remaining = (high - low) + 1;
int rover;
int rover = net_random() % (high - low) + low;
spin_lock(&hashinfo->portalloc_lock);
if (hashinfo->port_rover < low)
rover = low;
else
rover = hashinfo->port_rover;
do {
rover++;
if (rover > high)
rover = low;
head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
spin_lock(&head->lock);
inet_bind_bucket_for_each(tb, node, &head->chain)
@ -97,9 +89,9 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
break;
next:
spin_unlock(&head->lock);
if (++rover > high)
rover = low;
} while (--remaining > 0);
hashinfo->port_rover = rover;
spin_unlock(&hashinfo->portalloc_lock);
/* Exhausted local port range during search? It is not
* possible for us to be holding one of the bind hash