Thanks. I had trouble using the clock to seed the random number generator due to some dependency issues. I'm not strong enough in C to figure that out with the limited GRUB libraries (since standard libraries are not used), so I did what I could to show the intended behavior. Please feel free to submit a much better patch as I don't have the expertise to do so.
Thank you, Robert LeBlanc Sent from a mobile device, please excuse any typos. On Mon, Jun 6, 2022, 11:27 AM Vladimir 'phcoder' Serbinenko < phco...@gmail.com> wrote: > > > Le lun. 6 juin 2022, 19:25, Vladimir 'phcoder' Serbinenko < > phco...@gmail.com> a écrit : > >> 256 is a bad modulo. A prime would be a much better one for those >> purposes. Also get_time_ms counts up from arbitrary point in time, often >> boot. I suggest using some combination of etc >> > RTC, not etc > >> >> and get_time to seed an LFSR algorithm >> >> Le lun. 6 juin 2022, 18:37, Robert LeBlanc <rob...@leblancnet.us> a >> écrit : >> >>> GRUB uses a static source TCP port and increments for each new >>> connection. When rapidly restarting GRUB this can cause issues with some >>> firewalls that suspect that a reply attack is happening. In addition >>> GRUB does not ACK the last FIN,ACK when booting the kernel and initrd >>> from HTTP for example. This cause the remote HTTP server to keep the TCP >>> session in TIME_WAIT and reject new connections from the same port >>> combination when restarted quickly. This helps to work around both >>> problems by shifting the source port by a small amount based on time. >>> >>> The missing final ACK should also be addressed, but I'm not sure how to >>> resolve that. >>> >>> Signed-off-by: Robert LeBlanc <rob...@leblancnet.us> >>> --- >>> grub-core/net/tcp.c | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/grub-core/net/tcp.c b/grub-core/net/tcp.c >>> index 93dee0caa..2eefd3168 100644 >>> --- a/grub-core/net/tcp.c >>> +++ b/grub-core/net/tcp.c >>> @@ -569,7 +569,7 @@ grub_net_tcp_open (char *server, >>> struct grub_net_network_level_interface *inf; >>> grub_net_network_level_address_t gateway; >>> grub_net_tcp_socket_t socket; >>> - static grub_uint16_t in_port = 21550; >>> + grub_uint16_t in_port = 21550 + grub_get_time_ms () % 256; >>> struct grub_net_buff *nb; >>> struct tcphdr *tcph; >>> int i; >>> @@ -603,7 +603,7 @@ grub_net_tcp_open (char *server, >>> socket->inf = inf; >>> socket->out_nla = addr; >>> socket->ll_target_addr = ll_target_addr; >>> - socket->in_port = in_port++; >>> + socket->in_port = in_port; >>> socket->recv_hook = recv_hook; >>> socket->error_hook = error_hook; >>> socket->fin_hook = fin_hook; >>> -- >>> 2.35.1 >>> >>> >>> _______________________________________________ >>> Grub-devel mailing list >>> Grub-devel@gnu.org >>> https://lists.gnu.org/mailman/listinfo/grub-devel >>> >> _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
