Le lun. 6 juin 2022, 19:25, Vladimir 'phcoder' Serbinenko <phco...@gmail.com> a écrit :
> 256 is a bad modulo. A prime would be a much better one for those > purposes. Also get_time_ms counts up from arbitrary point in time, often > boot. I suggest using some combination of etc > RTC, not etc > > and get_time to seed an LFSR algorithm > > Le lun. 6 juin 2022, 18:37, Robert LeBlanc <rob...@leblancnet.us> a > écrit : > >> GRUB uses a static source TCP port and increments for each new >> connection. When rapidly restarting GRUB this can cause issues with some >> firewalls that suspect that a reply attack is happening. In addition >> GRUB does not ACK the last FIN,ACK when booting the kernel and initrd >> from HTTP for example. This cause the remote HTTP server to keep the TCP >> session in TIME_WAIT and reject new connections from the same port >> combination when restarted quickly. This helps to work around both >> problems by shifting the source port by a small amount based on time. >> >> The missing final ACK should also be addressed, but I'm not sure how to >> resolve that. >> >> Signed-off-by: Robert LeBlanc <rob...@leblancnet.us> >> --- >> grub-core/net/tcp.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/grub-core/net/tcp.c b/grub-core/net/tcp.c >> index 93dee0caa..2eefd3168 100644 >> --- a/grub-core/net/tcp.c >> +++ b/grub-core/net/tcp.c >> @@ -569,7 +569,7 @@ grub_net_tcp_open (char *server, >> struct grub_net_network_level_interface *inf; >> grub_net_network_level_address_t gateway; >> grub_net_tcp_socket_t socket; >> - static grub_uint16_t in_port = 21550; >> + grub_uint16_t in_port = 21550 + grub_get_time_ms () % 256; >> struct grub_net_buff *nb; >> struct tcphdr *tcph; >> int i; >> @@ -603,7 +603,7 @@ grub_net_tcp_open (char *server, >> socket->inf = inf; >> socket->out_nla = addr; >> socket->ll_target_addr = ll_target_addr; >> - socket->in_port = in_port++; >> + socket->in_port = in_port; >> socket->recv_hook = recv_hook; >> socket->error_hook = error_hook; >> socket->fin_hook = fin_hook; >> -- >> 2.35.1 >> >> >> _______________________________________________ >> Grub-devel mailing list >> Grub-devel@gnu.org >> https://lists.gnu.org/mailman/listinfo/grub-devel >> >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
