Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1127388pxj; Sat, 29 May 2021 04:10:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxcmMDutkz6VibvC7sxfqmv4PMwUa6VeaUm0Ejgwl7eiWDn4skao+U00mIkk1ESWbP+mA6e X-Received: by 2002:a05:6e02:13ad:: with SMTP id h13mr10528273ilo.169.1622286629967; Sat, 29 May 2021 04:10:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622286629; cv=none; d=google.com; s=arc-20160816; b=GyNhB779sEYzYxFoG4pLn1nj2UtVcyPsPlufJzejIQNJwk0QeG4g6Hg9fFvmcizn91 kpGdnqb/lmjeJnEgCdO/UdpooMMfG4+kcmCIw4xxib2vL9YAWIye9PTyB+Tl5un8BFNz fHyvN4SF42nWaArt/SPBnS8rQH3Zx6YIlEeOK9ok8oc5hPg24FQlPsEtZ7Pdy9tFMoY5 sEHrecXhMGy9uLp1H8P6nbDiPpEPoQNvWeyhQWXUtzGu0pvJyIam8K8f/cyVExhoiiJ0 D8/lV2uSJSdqlhhZcT39ScF6Z1OD75IeQrJmJ8RjBfshmO+bfzxUKgzo/+2soN1Dmrhq dJWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=ar19A/qAgsPB2tj3BLZlsEaYZ5XRXUUyU0K3aeKEEQQ=; b=sgJJMdrKgh5yWrvFUixvJvdcOoGYmd7wK595mVmiPf03+0U0Wggf5alBI2tjP2ef1l gq7Ec1xHpLzSLipqwpAbqw7neiY2aY/KlxtjCGVA5+ScJMs5pxvCtQsV38Mw85nTA029 V/5DIKCe/e5z5JArOoj0E8sY7p23DHbsbMlSfXe2cVwOpr1vxxafigDHUFHlZvJbgvrM hXePCT6VB6q7dDjWOmFrCy1kLvCz7YVXiM2xiKehpNFlM1Y1vmdwXBjcv6nrep54bsZY VNkSr6wKl1OJgOl4MtRFIoYoCCvYwtWh6gkau3b1sVlE3cMM08chJKX5D3yrAO1JsNv6 ZKVg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t3si8203536jaj.67.2021.05.29.04.10.16; Sat, 29 May 2021 04:10:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229693AbhE2LKX (ORCPT + 99 others); Sat, 29 May 2021 07:10:23 -0400 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:55420 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229614AbhE2LKU (ORCPT ); Sat, 29 May 2021 07:10:20 -0400 Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 14TB8017006838; Sat, 29 May 2021 13:08:00 +0200 From: Willy Tarreau To: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: David Miller , Jakub Kicinski , Alexey Kuznetsov , Hideaki YOSHIFUJI , Amit Klein , Willy Tarreau , Eric Dumazet Subject: [PATCH net-next] ipv6: use prandom_u32() for ID generation Date: Sat, 29 May 2021 13:07:46 +0200 Message-Id: <20210529110746.6796-1-w@1wt.eu> X-Mailer: git-send-email 2.17.5 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is a complement to commit aa6dd211e4b1 ("inet: use bigger hash table for IP ID generation"), but focusing on some specific aspects of IPv6. Contary to IPv4, IPv6 only uses packet IDs with fragments, and with a minimum MTU of 1280, it's much less easy to force a remote peer to produce many fragments to explore its ID sequence. In addition packet IDs are 32-bit in IPv6, which further complicates their analysis. On the other hand, it is often easier to choose among plenty of possible source addresses and partially work around the bigger hash table the commit above permits, which leaves IPv6 partially exposed to some possibilities of remote analysis at the risk of weakening some protocols like DNS if some IDs can be predicted with a good enough probability. Given the wide range of permitted IDs, the risk of collision is extremely low so there's no need to rely on the positive increment algorithm that is shared with the IPv4 code via ip_idents_reserve(). We have a fast PRNG, so let's simply call prandom_u32() and be done with it. Performance measurements at 10 Gbps couldn't show any difference with the previous code, even when using a single core, because due to the large fragments, we're limited to only ~930 kpps at 10 Gbps and the cost of the random generation is completely offset by other operations and by the network transfer time. In addition, this change removes the need to update a shared entry in the idents table so it may even end up being slightly faster on large scale systems where this matters. The risk of at least one collision here is about 1/80 million among 10 IDs, 1/850k among 100 IDs, and still only 1/8.5k among 1000 IDs, which remains very low compared to IPv4 where all IDs are reused every 4 to 80ms on a 10 Gbps flow depending on packet sizes. Reported-by: Amit Klein Cc: Eric Dumazet Signed-off-by: Willy Tarreau --- net/ipv6/output_core.c | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c index af36acc1a644..2880dc7d9a49 100644 --- a/net/ipv6/output_core.c +++ b/net/ipv6/output_core.c @@ -15,29 +15,11 @@ static u32 __ipv6_select_ident(struct net *net, const struct in6_addr *dst, const struct in6_addr *src) { - const struct { - struct in6_addr dst; - struct in6_addr src; - } __aligned(SIPHASH_ALIGNMENT) combined = { - .dst = *dst, - .src = *src, - }; - u32 hash, id; - - /* Note the following code is not safe, but this is okay. */ - if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key))) - get_random_bytes(&net->ipv4.ip_id_key, - sizeof(net->ipv4.ip_id_key)); - - hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key); - - /* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve, - * set the hight order instead thus minimizing possible future - * collisions. - */ - id = ip_idents_reserve(hash, 1); - if (unlikely(!id)) - id = 1 << 31; + u32 id; + + do { + id = prandom_u32(); + } while (!id); return id; } -- 2.17.5