From bb7476246e2f0bd974aec854de975cefec858362 Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Sun, 6 Dec 2020 16:02:22 +0100
Subject: ipcpd: Use 64-bit flow endpoint IDs for DT

The EIDs are now 64-bit. This makes it a tad harder to guess them
(think of port scanning). The implementation has only the most
significant 32 bits random to quickly map EIDs to N+1 flows. While
this is equivalent to a random cookie as a check on flows, the
rationale is that valid endpoint IDs should be pretty hard to guess
(and thus be 64-bit random at least). Ideally one would use
content-addressable memory for this kind of mapping.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/ipcpd/unicast/dht.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/ipcpd/unicast/dht.c')

diff --git a/src/ipcpd/unicast/dht.c b/src/ipcpd/unicast/dht.c
index b964ca08..b048580d 100644
--- a/src/ipcpd/unicast/dht.c
+++ b/src/ipcpd/unicast/dht.c
@@ -239,7 +239,7 @@ struct dht {
 
         pthread_rwlock_t lock;
 
-        uint32_t         eid;
+        uint64_t         eid;
 
         struct tpm *     tpm;
 
@@ -2815,6 +2815,9 @@ struct dht * dht_create(uint64_t addr)
                 goto fail_tpm_start;
 
         dht->eid   = dt_reg_comp(dht, &dht_post_packet, DHT);
+        if ((int) dht->eid < 0)
+                goto fail_tpm_start;
+
         notifier_reg(handle_event, dht);
 #else
         (void) handle_event;
-- 
cgit v1.2.3