Re: [PATCH net 3/7] tcp: resalt the secret every 10 seconds

From: Willy Tarreau
Date: Wed Apr 27 2022 - 12:25:18 EST


Hi Stephen,

On Wed, Apr 27, 2022 at 08:56:21AM -0700, Stephen Hemminger wrote:
> On Wed, 27 Apr 2022 08:52:29 +0200
> Willy Tarreau <w@xxxxxx> wrote:
>
> > From: Eric Dumazet <edumazet@xxxxxxxxxx>
> >
> > In order to limit the ability for an observer to recognize the source
> > ports sequence used to contact a set of destinations, we should
> > periodically shuffle the secret. 10 seconds looks effective enough
> > without causing particular issues.
> >
> > Cc: Moshe Kol <moshe.kol@xxxxxxxxxxxxxxx>
> > Cc: Yossi Gilad <yossi.gilad@xxxxxxxxxxxxxxx>
> > Cc: Amit Klein <aksecurity@xxxxxxxxx>
> > Tested-by: Willy Tarreau <w@xxxxxx>
> > Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> > ---
> > net/core/secure_seq.c | 12 +++++++++---
> > 1 file changed, 9 insertions(+), 3 deletions(-)
> >
> > diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c
> > index 2cdd43a63f64..200ab4686275 100644
> > --- a/net/core/secure_seq.c
> > +++ b/net/core/secure_seq.c
> > @@ -22,6 +22,8 @@
> > static siphash_aligned_key_t net_secret;
> > static siphash_aligned_key_t ts_secret;
> >
>
> Rather than hard coding, why not have a sysctl knob for this?
> That way the tinfoil types can set it smaller.

It's a legit question. First I think that there's no good value; before
it used to be infinite, and now we're trying to figure a reasonable value
that make the attack impractical without going too close to the risk of
occasionally failing to establish a connection. I'm really not convinced
that there's any benefit in fiddling with that, except for breaking one's
stack by resalting too often and complaining about stupid network issues
with ACK or RST being sent in response to a SYN.

And stupidly, dividing jiffies by a constant known at build time is
slightly cheaper than dividing by a variable. I know it's a detail but
we tried hard to limit the accumulation of details here :-/

Just my two cents,
Willy