diff options
| author | Peter Lei <peterlei@netflix.com> | 2021-12-03 20:38:12 +0000 |
|---|---|---|
| committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2021-12-03 20:38:12 +0000 |
| commit | 4c018b5aed41d96831c4a76848c0671b3d56fd7b (patch) | |
| tree | 2b626f46ea27a63821aa25c369896b713bf8adab | |
| parent | f32357be53d07622603049f9855be2d66ca6dc2b (diff) | |
| download | src-4c018b5aed41d96831c4a76848c0671b3d56fd7b.tar.gz src-4c018b5aed41d96831c4a76848c0671b3d56fd7b.zip | |
in_pcb: limit the effect of wraparound in TCP random port allocation check
The check to see if TCP port allocation should change from random to
sequential port allocation mode may incorrectly cause a false positive
due to negative wraparound.
Example:
V_ipport_tcpallocs = 2147483585 (0x7fffffc1)
V_ipport_tcplastcount = 2147483553 (0x7fffffa1)
V_ipport_randomcps = 100
The original code would compare (2147483585 <= -2147483643) and thus
incorrectly move to sequential allocation mode.
Compute the delta first before comparing against the desired limit to
limit the wraparound effect (since tcplastcount is always a snapshot
of a previous tcpallocs).
| -rw-r--r-- | sys/netinet/in_pcb.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index a894163ed5a6..0a44eae0d908 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -2577,8 +2577,8 @@ ipport_tick(void *xtp) VNET_LIST_RLOCK_NOSLEEP(); VNET_FOREACH(vnet_iter) { CURVNET_SET(vnet_iter); /* XXX appease INVARIANTS here */ - if (V_ipport_tcpallocs <= - V_ipport_tcplastcount + V_ipport_randomcps) { + if (V_ipport_tcpallocs - V_ipport_tcplastcount <= + V_ipport_randomcps) { if (V_ipport_stoprandom > 0) V_ipport_stoprandom--; } else |