[En-Nut-Discussion] local tcp port randomisation

Nathan Moore nategoose at gmail.com
Wed Jul 4 04:10:44 CEST 2012


On Jul 3, 2012 5:33 PM, "Ulrich Prinz" <ulrich.prinz at googlemail.com> wrote:
>
> Hi!
>
> port += (uint16_t)NutGetMillis();
> port |= 0xC000;
>
> That saves some instructions and should be sufficient:
> 1) port must not be initialized as it's value should be random

I think that the distinction between random and undefined needs to be
made.  My guess is that most systems would produce very predictable values
for this.

>
> 2) adding a value from 0..15 or adding the whole timer doesn't make a
> difference. In both cases it is possible to hit the same port if one
> figures out the right time frame.
>
> 3) port is ored with 0xC000 resulting in a valid value according IANA
> regardless how uninitialized it was before.
>
> Remark for 1) Some architectures initialize all RAM segments with 0x00
> so there is no imminent random start value.
>
> If real random ports are needed, use the internal temperature diode,
> read its ADC and add the value to ports, or sample a reverse PN junction
> of a transistor on your ADC input.
>
> In any case you need to track, which ports are used to avoid opening an
> already in-use port a second time.
>
> Best regards
> Ulrich
>
> Am 03.07.2012 16:30, schrieb Harald Kipp:
> > Hi Nathan,
> >
> > On 03.07.2012 16:13, Nathan Moore wrote:
> >> Is there any reason not to just use the negative port numbers (if you
> >> interpret them as signed int so top bit = 1) as the ephemeral ports?
> >> The range testing is greatly simplified.
> >
> > Let me resend my code fragment:
> >
> >   ticks = (uint16_t) NutGetMillis();
> >   if (first)
> >    port = ticks;
> >   else
> >    port += ticks & 0x000F;
> >   port |= 0xC000;
> >
> > Where do you think that signed interpretation combined with a increased
range of 32768 to 65535 could simplify the code above. Note, that the IANA
range of 49152 to 65535 includes all shorts with two MSBs set.
> >
> > Regards,
> >
> > Harald
> >
> > _______________________________________________
> > http://lists.egnite.de/mailman/listinfo/en-nut-discussion
> >
>
> _______________________________________________
> http://lists.egnite.de/mailman/listinfo/en-nut-discussion



More information about the En-Nut-Discussion mailing list