Google Git
Sign in
fuchsia / third_party / netstack / d1c0df123b3b3afef7df9a9a08cda4601ed751d8
commitd1c0df123b3b3afef7df9a9a08cda4601ed751d8[log] [tgz]
authorBhasker Hariharan <bhaskerh@google.com>Mon Sep 30 13:54:03 2019 -0700
committergVisor bot <gvisor-bot@google.com>Mon Sep 30 13:54:29 2019 -0700
tree9ef66f0751ef2c31ffd1135f542b5ebeb5a531e4
parent37d7a98dc6f6a342b87e8be506ffa30b2dbd8e2b [diff]
Fix bugs in PickEphemeralPort for TCP.

Netstack always picks a random start point everytime PickEphemeralPort
is called. While this is required for UDP so that DNS requests go
out through a randomized set of ports it is not required for TCP. Infact
Linux explicitly hashes the (srcip, dstip, dstport) and a one time secret
initialized at start of the application to get a random offset. But to
ensure it doesn't start from the same point on every scan it uses a static
hint that is incremented by 2 in every call to pick ephemeral ports.

The reason for 2 is Linux seems to split the port ranges where active connects
seem to use even ones while odd ones are used by listening sockets.

This CL implements a similar strategy where we use a hash + hint to generate
the offset to start the search for a free Ephemeral port.

This ensures that we cycle through the available port space in order for
repeated connects to the same destination and significantly reduces the
chance of picking a recently released port.

PiperOrigin-RevId: 272058370
4 files changed
tree: 9ef66f0751ef2c31ffd1135f542b5ebeb5a531e4
  1. gate/
  2. ilist/
  3. rand/
  4. sleep/
  5. tcpip/
  6. tmutex/
  7. waiter/
  8. AUTHORS
  9. CONTRIBUTING.md
  10. LICENSE
  11. README.md
README.md

Netstack

Netstack is a network stack written in Go.

Getting started

Try it out on Linux by installing the tun_tcp_echo demo:

go install github.com/google/netstack/tcpip/sample/tun_tcp_echo

Create a TUN device with:

[sudo] ip tuntap add user <username> mode tun <device-name>
[sudo] ip link set <device-name> up
[sudo] ip addr add <ipv4-address>/<mask-length> dev <device-name>

Then run with:

tun_tcp_echo <device-name> <ipv4-address> <port>

Contributions

Please see CONTRIBUTING.md for more details.

Issues/Bug Reports

Netstack is primarily developed as part of gVisor and any issues/bugs should be filed against the gVisor repository as this repo is not actively monitored for bug reports.

Disclaimer

This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.