RNG hadning in SRV lookups for public root peers#5307
Open
Savissy wants to merge 1 commit intoIntersectMBO:mainfrom
Open
RNG hadning in SRV lookups for public root peers#5307Savissy wants to merge 1 commit intoIntersectMBO:mainfrom
Savissy wants to merge 1 commit intoIntersectMBO:mainfrom
Conversation
Contributor
|
I don't see a way this can be viably exploited or what actual risk this will mitigate. |
Contributor
|
We've discussed internally and agreed that adding this change won't hurt. Please fix the build failures first. |
coot
reviewed
Feb 11, 2026
Comment on lines
-82
to
+85
| requestPublicRootPeers resourceVar _numRequested = do | ||
| requestPublicRootPeers resourceVar rngVar _numRequested = do |
Collaborator
There was a problem hiding this comment.
Indentation
Suggested change
| requestPublicRootPeers resourceVar _numRequested = do | |
| requestPublicRootPeers resourceVar rngVar _numRequested = do | |
| requestPublicRootPeers resourceVar rngVar _numRequested = do |
coot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation:
The public root peers provider used the same StdGen seed for all DNS lookups, causing SRV weighted-sampling to reuse the same RNG and produce correlated/identical selections across domains.
The change aims to provide independent RNGs per domain lookup so SRV selection becomes varied and correct.
Description:
Add a mutable RNG StrictTVar (rngVar) initialized from the supplied StdGen and thread it into the request path for publicRootPeersProvider by changing the local requestPublicRootPeers signature to accept the RNG var.
Generate one split RNG per domain with replicateM + stateTVar rngVar split and zip those RNGs with the domain list, then pass each domain-specific RNG into dnsLookupWithTTL so lookups (including srvRecordLookupWithTTL) use independent RNGs.
Import replicateM from Control.Monad and create rngVar via newTVarIO near the resolver resource initialization.