[ewg] [PATCH 2/2] Improve XID generation
sebastien dugue
sebastien.dugue at bull.net
Tue May 18 06:08:33 PDT 2010
From: Matthieu Hautreux <matthieu.hautreux at cea.fr>
One major drawback of DHCP over IB is the requirement to use broadcasted
replies. The only way for a IB dhclient to find its own reply is by
looking for matching xid (transaction ID). xid are generated using
random() in dhclient. random() is initialized using
srandom(seed+cur_time). Nethertheless, when hw address hlen is 1, the
processed seed is roughly always the same. As a result, IB nodes that
uses dhclient to configure IB interfaces at the same time share the same
xid and as a result use any of the broadcasted replies. The protocol is
then broken.
The proposed patch build a "backup seed" using all the interfaces available
on the machine and use it if it can not find a good seed for the required
interfaces during real DHCP process. If backup seed construction fails (no
interfaces providing a hw address long enough for seed construction), it try
to build a seed using gethostid().
Signed-off-by: Sebastien Dugue <sebastien.dugue at bull.net>
dhclient.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 53 insertions(+), 11 deletions(-)
Index: dhcp-4.1.0p1/client/dhclient.c
===================================================================
--- dhcp-4.1.0p1.orig/client/dhclient.c 2010-05-17 16:03:33.000000000 +0200
+++ dhcp-4.1.0p1/client/dhclient.c 2010-05-17 16:04:08.000000000 +0200
@@ -906,6 +906,26 @@
}
}
+ /* We create a backup seed before rediscovering interfaces in order to
+ have a seed built using all of the available interfaces
+ It's interesting if required interfaces doesn't let us defined
+ a really unique seed due to a lack of valid HW addr later
+ (this is the case with DHCP over IB)
+ We only use the last device as using a sum could broke the
+ uniqueness of the seed among multiple nodes
+ */
+ unsigned backup_seed = 0;
+ for (ip = interfaces; ip; ip = ip -> next) {
+ int junk;
+ if ( ip -> hw_address.hlen <= sizeof seed )
+ continue;
+ memcpy (&junk,
+ &ip -> hw_address.hbuf [ip -> hw_address.hlen -
+ sizeof seed], sizeof seed);
+ backup_seed = junk;
+ }
+
+
/* At this point, all the interfaces that the script thinks
are relevant should be running, so now we once again call
discover_interfaces(), and this time ask it to actually set
@@ -920,14 +940,36 @@
Not much entropy, but we're booting, so we're not likely to
find anything better. */
seed = 0;
+ int seed_flag = 0;
for (ip = interfaces; ip; ip = ip->next) {
int junk;
+ if ( ip -> hw_address.hlen <= sizeof seed )
+ continue;
memcpy(&junk,
&ip->hw_address.hbuf[ip->hw_address.hlen -
sizeof seed], sizeof seed);
seed += junk;
+ seed_flag = 1;
}
- srandom(seed + cur_time);
+ if ( seed_flag == 0 ) {
+ if ( backup_seed != 0 ) {
+ seed = backup_seed;
+ log_info ("xid: rand init seed (%u) built using all"
+ " available interfaces",seed);
+ }
+ else {
+ seed = cur_time^((unsigned) gethostid()) ;
+ log_info ("xid: warning: no netdev with useable HWADDR found"
+ " for seed's uniqueness enforcement");
+ log_info ("xid: rand init seed (%u) built using gethostid",
+ seed);
+ }
+ /* we only use seed and no current time as a broadcast reply */
+ /* will certainly be used by the hwaddrless interface */
+ srandom(seed);
+ }
+ else
+ srandom(seed + cur_time);
/* Setup specific Infiniband options */
for (ip = interfaces; ip; ip = ip->next) {
@@ -1423,7 +1465,7 @@
return;
}
- log_info ("DHCPACK from %s", piaddr (packet -> client_addr));
+ log_info ("DHCPACK from %s (xid=%u)", piaddr (packet -> client_addr), client -> xid);
lease = packet_to_lease (packet, client);
if (!lease) {
@@ -2123,7 +2165,7 @@
return;
}
- log_info ("DHCPNAK from %s", piaddr (packet -> client_addr));
+ log_info ("DHCPNAK from %s (xid=%u)", piaddr (packet -> client_addr), client -> xid);
if (!client -> active) {
#if defined (DEBUG)
@@ -2249,10 +2291,10 @@
client -> packet.secs = htons (65535);
client -> secs = client -> packet.secs;
- log_info ("DHCPDISCOVER on %s to %s port %d interval %ld",
+ log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=%u)",
client -> name ? client -> name : client -> interface -> name,
inet_ntoa (sockaddr_broadcast.sin_addr),
- ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval));
+ ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval), client -> xid);
/* Send out a packet. */
result = send_packet (client -> interface, (struct packet *)0,
@@ -2524,10 +2566,10 @@
client -> packet.secs = htons (65535);
}
- log_info ("DHCPREQUEST on %s to %s port %d",
+ log_info ("DHCPREQUEST on %s to %s port %d (xid=%u)",
client -> name ? client -> name : client -> interface -> name,
inet_ntoa (destination.sin_addr),
- ntohs (destination.sin_port));
+ ntohs (destination.sin_port), client -> xid);
if (destination.sin_addr.s_addr != INADDR_BROADCAST &&
fallback_interface)
@@ -2557,10 +2599,10 @@
int result;
- log_info ("DHCPDECLINE on %s to %s port %d",
+ log_info ("DHCPDECLINE on %s to %s port %d (xid=%u)",
client -> name ? client -> name : client -> interface -> name,
inet_ntoa (sockaddr_broadcast.sin_addr),
- ntohs (sockaddr_broadcast.sin_port));
+ ntohs (sockaddr_broadcast.sin_port), client -> xid);
/* Send out a packet. */
result = send_packet (client -> interface, (struct packet *)0,
@@ -2600,10 +2642,10 @@
return;
}
- log_info ("DHCPRELEASE on %s to %s port %d",
+ log_info ("DHCPRELEASE on %s to %s port %d (xid=%u)",
client -> name ? client -> name : client -> interface -> name,
inet_ntoa (destination.sin_addr),
- ntohs (destination.sin_port));
+ ntohs (destination.sin_port), client -> xid);
if (fallback_interface)
result = send_packet (fallback_interface,
More information about the ewg
mailing list