+ LIST_ENTRY(inpcb) inp_lhash; /* locol port hash */
Shouldn't this read 'local'?
Regards!
El jue., 13 sept. 2018 a las 23:12, Alexander Bluhm (<
alexander.bl...@gmx.net>) escribió:
> Hi,
>
> In general it is a bad idea to use one random secret for two things.
> The inet PCB uses one hash with local and foreign addresses, and
> one with local port numbers. Give both hashes separate keys. Also
> document the struct fields.
>
> ok?
>
> bluhm
>
> Index: netinet/in_pcb.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/in_pcb.c,v
> retrieving revision 1.244
> diff -u -p -r1.244 in_pcb.c
> --- netinet/in_pcb.c 13 Sep 2018 19:53:58 -0000 1.244
> +++ netinet/in_pcb.c 13 Sep 2018 20:53:22 -0000
> @@ -148,7 +148,7 @@ in_pcblhash(struct inpcbtable *table, in
> SIPHASH_CTX ctx;
> u_int32_t nrdom = htonl(rdom);
>
> - SipHash24_Init(&ctx, &table->inpt_key);
> + SipHash24_Init(&ctx, &table->inpt_lkey);
> SipHash24_Update(&ctx, &nrdom, sizeof(nrdom));
> SipHash24_Update(&ctx, &lport, sizeof(lport));
>
> @@ -171,6 +171,7 @@ in_pcbinit(struct inpcbtable *table, int
> table->inpt_count = 0;
> table->inpt_size = hashsize;
> arc4random_buf(&table->inpt_key, sizeof(table->inpt_key));
> + arc4random_buf(&table->inpt_lkey, sizeof(table->inpt_lkey));
> }
>
> /*
> @@ -999,6 +1000,7 @@ in_pcbresize(struct inpcbtable *table, i
> table->inpt_lmask = nlmask;
> table->inpt_size = hashsize;
> arc4random_buf(&table->inpt_key, sizeof(table->inpt_key));
> + arc4random_buf(&table->inpt_lkey, sizeof(table->inpt_lkey));
>
> TAILQ_FOREACH(inp, &table->inpt_queue, inp_queue) {
> in_pcbrehash(inp);
> Index: netinet/in_pcb.h
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/in_pcb.h,v
> retrieving revision 1.111
> diff -u -p -r1.111 in_pcb.h
> --- netinet/in_pcb.h 13 Sep 2018 19:53:58 -0000 1.111
> +++ netinet/in_pcb.h 13 Sep 2018 21:09:33 -0000
> @@ -90,10 +90,10 @@ union inpaddru {
> * control block.
> */
> struct inpcb {
> - LIST_ENTRY(inpcb) inp_hash;
> - LIST_ENTRY(inpcb) inp_lhash; /* extra hash for lport */
> - TAILQ_ENTRY(inpcb) inp_queue;
> - struct inpcbtable *inp_table;
> + LIST_ENTRY(inpcb) inp_hash; /* local and foreign hash
> */
> + LIST_ENTRY(inpcb) inp_lhash; /* locol port hash */
> + TAILQ_ENTRY(inpcb) inp_queue; /* inet PCB queue */
> + struct inpcbtable *inp_table; /* inet queue/hash table */
> union inpaddru inp_faddru; /* Foreign address. */
> union inpaddru inp_laddru; /* Local address. */
> #define inp_faddr inp_faddru.iau_a4u.inaddr
> @@ -149,11 +149,12 @@ struct inpcb {
> LIST_HEAD(inpcbhead, inpcb);
>
> struct inpcbtable {
> - TAILQ_HEAD(inpthead, inpcb) inpt_queue;
> - struct inpcbhead *inpt_hashtbl, *inpt_lhashtbl;
> - SIPHASH_KEY inpt_key;
> - u_long inpt_mask, inpt_lmask;
> - int inpt_count, inpt_size;
> + TAILQ_HEAD(inpthead, inpcb) inpt_queue; /* inet PCB queue */
> + struct inpcbhead *inpt_hashtbl; /* local and foreign hash
> */
> + struct inpcbhead *inpt_lhashtbl; /* local port hash */
> + SIPHASH_KEY inpt_key, inpt_lkey; /* secrets for hashes */
> + u_long inpt_mask, inpt_lmask; /* hash masks */
> + int inpt_count, inpt_size; /* queue count, hash size
> */
> };
>
> /* flags in inp_flags: */
>
>
