diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2022-11-17 16:59:01 +1100 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2022-11-25 01:35:45 +0100 |
commit | 7f1f2f3f518eace6ee08a00158189aaf571f3dcb (patch) | |
tree | 14156f2e292be816461c8e09bd526ee27b6e9ced /tcp.c | |
parent | e7bae5bafdd1c8c061c6c319488b48a4e2536236 (diff) | |
download | passt-7f1f2f3f518eace6ee08a00158189aaf571f3dcb.tar passt-7f1f2f3f518eace6ee08a00158189aaf571f3dcb.tar.gz passt-7f1f2f3f518eace6ee08a00158189aaf571f3dcb.tar.bz2 passt-7f1f2f3f518eace6ee08a00158189aaf571f3dcb.tar.lz passt-7f1f2f3f518eace6ee08a00158189aaf571f3dcb.tar.xz passt-7f1f2f3f518eace6ee08a00158189aaf571f3dcb.tar.zst passt-7f1f2f3f518eace6ee08a00158189aaf571f3dcb.zip |
tcp: Fix small errors in tcp_seq_init() time handling
It looks like tcp_seq_init() is supposed to advance the sequence number
by one every 32ns. However we only right shift the ns part of the timespec
not the seconds part, meaning that we'll advance by an extra 32 steps on
each second.
I don't know if that's exploitable in any way, but it doesn't appear to be
the intent, nor what RFC 6528 suggests.
In addition, we convert from seconds to nanoseconds with a multiplication
by '1E9'. In C '1E9' is a floating point constant, forcing a conversion
to floating point and back for what should be an integer calculation
(confirmed with objdump and Makefile default compiler flags). Spell out
1000000000 in full to avoid that.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tcp.c')
-rw-r--r-- | tcp.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1957,8 +1957,8 @@ static void tcp_seq_init(const struct ctx *c, struct tcp_tap_conn *conn, seq = siphash_36b((uint8_t *)&in, c->tcp.hash_secret); - ns = now->tv_sec * 1E9; - ns += now->tv_nsec >> 5; /* 32ns ticks, overflows 32 bits every 137s */ + /* 32ns ticks, overflows 32 bits every 137s */ + ns = (now->tv_sec * 1000000000 + now->tv_nsec) >> 5; conn->seq_to_tap = seq + ns; } |