> On 19. Aug 2018, at 18:35, Conrad Meyer <c...@freebsd.org> wrote: > > On Sun, Aug 19, 2018 at 7:56 AM, Michael Tuexen <tue...@freebsd.org> wrote: >> Author: tuexen >> Date: Sun Aug 19 14:56:10 2018 >> New Revision: 338053 >> URL: https://svnweb.freebsd.org/changeset/base/338053 >> >> Log: >> … a keyed hash function taking >> the source and destination addresses and port numbers into account. >> The keyed hash function is the same a used for the initial TSN. >> ... >> Modified: head/sys/netinet/tcp_subr.c >> ============================================================================== >> --- head/sys/netinet/tcp_subr.c Sun Aug 19 14:48:32 2018 (r338052) >> +++ head/sys/netinet/tcp_subr.c Sun Aug 19 14:56:10 2018 (r338053) >> @@ -233,6 +233,9 @@ VNET_DEFINE(uma_zone_t, sack_hole_zone); >> ... >> >> +static uint32_t >> +tcp_keyed_hash(struct in_conninfo *inc, u_char *key) >> +{ >> + MD5_CTX ctx; >> + uint32_t hash[4]; >> >> + MD5Init(&ctx); >> + MD5Update(&ctx, &inc->inc_fport, sizeof(uint16_t)); >> + MD5Update(&ctx, &inc->inc_lport, sizeof(uint16_t)); >> + switch (inc->inc_flags & INC_ISIPV6) { >> +#ifdef INET >> + case 0: >> + MD5Update(&ctx, &inc->inc_faddr, sizeof(struct in_addr)); >> + MD5Update(&ctx, &inc->inc_laddr, sizeof(struct in_addr)); >> + break; >> +#endif >> +#ifdef INET6 >> + case INC_ISIPV6: >> + MD5Update(&ctx, &inc->inc6_faddr, sizeof(struct in6_addr)); >> + MD5Update(&ctx, &inc->inc6_laddr, sizeof(struct in6_addr)); >> + break; >> +#endif >> + } >> + MD5Update(&ctx, key, 32); >> + MD5Final((unsigned char *)hash, &ctx); >> + >> + return (hash[0]); > > Hi Michael, > > How was this particular keyed hash function construction chosen? > (Yes, I see it is the same initial TSN, but how was that selected?) You mean:
Why is FreeBSD using the MD5 with secret suffix as the keyed hash function? I don't know, I have not implemented that. However, https://tools.ietf.org/html/rfc6528#section-3 suggests this, OpenBSD uses a similar computation, but uses SHA512 instead of MD5, NetBSD seem to use the same computation as FreeBSD. I guess using MD5 was an acceptable choice at the time the choice was made. When preparing this patch I was about to choose a different keyed hash function, but decided to separate * Using a keyed has functions as the offset for the TCP time stamp. * Choose a good keyed hash function. That is why I isolated the keyed hash function. So it is simple to replace it with a different one. I think it would be good to change this keyed hash function to SIP-HASH (both for the initial sequence number and the time stamp). Opinions? Best regards Michael > > Thanks, > Conrad _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
