commit | d1c0df123b3b3afef7df9a9a08cda4601ed751d8 | [log] [tgz] |
---|---|---|
author | Bhasker Hariharan <bhaskerh@google.com> | Mon Sep 30 13:54:03 2019 -0700 |
committer | gVisor bot <gvisor-bot@google.com> | Mon Sep 30 13:54:29 2019 -0700 |
tree | 9ef66f0751ef2c31ffd1135f542b5ebeb5a531e4 | |
parent | 37d7a98dc6f6a342b87e8be506ffa30b2dbd8e2b [diff] |
Fix bugs in PickEphemeralPort for TCP. Netstack always picks a random start point everytime PickEphemeralPort is called. While this is required for UDP so that DNS requests go out through a randomized set of ports it is not required for TCP. Infact Linux explicitly hashes the (srcip, dstip, dstport) and a one time secret initialized at start of the application to get a random offset. But to ensure it doesn't start from the same point on every scan it uses a static hint that is incremented by 2 in every call to pick ephemeral ports. The reason for 2 is Linux seems to split the port ranges where active connects seem to use even ones while odd ones are used by listening sockets. This CL implements a similar strategy where we use a hash + hint to generate the offset to start the search for a free Ephemeral port. This ensures that we cycle through the available port space in order for repeated connects to the same destination and significantly reduces the chance of picking a recently released port. PiperOrigin-RevId: 272058370
Netstack is a network stack written in Go.
Try it out on Linux by installing the tun_tcp_echo demo:
go install github.com/google/netstack/tcpip/sample/tun_tcp_echo
Create a TUN device with:
[sudo] ip tuntap add user <username> mode tun <device-name> [sudo] ip link set <device-name> up [sudo] ip addr add <ipv4-address>/<mask-length> dev <device-name>
Then run with:
tun_tcp_echo <device-name> <ipv4-address> <port>
Please see CONTRIBUTING.md for more details.
Netstack is primarily developed as part of gVisor and any issues/bugs should be filed against the gVisor repository as this repo is not actively monitored for bug reports.
This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.