1703 – 端口table_perturb[] 表较小，可能导致源端口被预测

Bug 1703 - 端口table_perturb[] 表较小，可能导致源端口被预测

Summary: 端口table_perturb[] 表较小，可能导致源端口被预测

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 4.19 Dev
Classification:	ANCK
Component:	net (show other bugs)	net
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	XuanZhuo
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-07-22 13:15 UTC by kangjie
Modified:	2023-01-17 11:59 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description kangjie 2022-07-22 13:15:37 UTC

Description of problem:

It's a problem reported by in CVE-2022-32296.

In a not-yet published paper, Moshe Kol, Amit Klein, and Yossi Gilad
report being able to accurately identify a client by forcing it to emit
only 40 times more connections than the number of entries in the
table_perturb[] table, which is indexed by hashing the connection tuple.
The current 2^8 setting allows them to perform that attack with only 10k
connections, which is not hard to achieve in a few seconds.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
https://lwn.net/ml/linux-kernel/20220427065233.2075-1-w@1wt.eu/

Comment 1 Shiloong admin

2022-09-28 15:25:39 UTC

https://gitee.com/anolis/cloud-kernel/pulls/548

Comment 2 maqiao alibaba_cloud_group

2023-01-17 11:59:41 UTC

merged: https://gitee.com/anolis/cloud-kernel/pulls/548