upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-05-26 11:20:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 12
haproxy/include
History
Willy Tarreau 9b6389c8a0 BUG/MEDIUM: tools: insert an XXH64 layer on the PRNG output 
Consuming randoms in pairs directly exposes the internal PRNG's state
on moderately idle system. It can allow to predict next (or previous)
UUIDs, QUIC retry tokens, and WS keys for example. Let's insert an XXH64
call on the ha_random64() output to avoid this. We expand the boot seed
as the secret at boot, and use now_ns as the seed for each call. The
original ha_random64() function was renamed to ha_random64_internal()
for use cases where it's not a problem to directly use the internal
state.

The performance loss is only measurable when single-threaded. It drops
from 7.32M UUID per second to 7.16M. Above that there is no longer any
difference due to the DWCAS loop which reaches up to 98.5% CPU at 20
threads.

This will need to be backported to stable releases after a period of
observation.
2026-05-26 13:13:24 +02:00
..
haproxy BUG/MEDIUM: tools: insert an XXH64 layer on the PRNG output 2026-05-26 13:13:24 +02:00
import MINOR: mjson: reintroduce mjson_next() 2026-04-14 10:57:21 +02:00
make BUILD: makefile: add a qinfo macro to pass info in quiet mode 2025-01-08 11:26:05 +01:00