netfilter: Enhance the codes used to get random once

There are some codes which are used to get one random once in netfilter. We could use net_get_random_once to simplify these codes. Signed-off-by: Gao Feng <fgao@ikuai8.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Gao Feng <fgao@ikuai8.com> 2016-09-17 22:52:25 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-09-23 03:30:36 -0400
commit: 7bdc66242de7f9cbe8dbb01757042dd18744d800 (patch)
tree: 6994143546494084ca28057c9af41b9a0dd079f4
parent: a20877b5edec4d2b62560b5245199af04846476c (diff)
3 files changed, 4 insertions, 17 deletions
diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c
index 515131f9e021..dbd6c4a12b97 100644
--- a/net/netfilter/xt_RATEEST.c
+++ b/net/netfilter/xt_RATEEST.c
@@ -24,7 +24,6 @@ static DEFINE_MUTEX(xt_rateest_mutex);
 #define RATEEST_HSIZE   16
 static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;
 static unsigned int jhash_rnd __read_mostly;
-static bool rnd_inited __read_mostly;
 static unsigned int xt_rateest_hash(const char *name)
 {
@@ -99,10 +98,7 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
        } cfg;
        int ret;
-        if (unlikely(!rnd_inited)) {
+        net_get_random_once(&jhash_rnd, sizeof(jhash_rnd));
-                get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
-                rnd_inited = true;
-        }
        est = xt_rateest_lookup(info->name);
        if (est) {
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 99bbc829868d..b6dc322593a3 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -366,14 +366,8 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par)
        unsigned int i;
        int ret;
-        if (unlikely(!connlimit_rnd)) {
+        net_get_random_once(&connlimit_rnd, sizeof(connlimit_rnd));
-                u_int32_t rand;
-                do {
-                        get_random_bytes(&rand, sizeof(rand));
-                } while (!rand);
-                cmpxchg(&connlimit_rnd, 0, rand);
-        }
        ret = nf_ct_l3proto_try_module_get(par->family);
        if (ret < 0) {
                pr_info("cannot load conntrack support for "
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index d725a27743a1..e3b7a09b103e 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -110,7 +110,6 @@ static const struct file_operations recent_old_fops, recent_mt_fops;
 #endif
 static u_int32_t hash_rnd __read_mostly;
-static bool hash_rnd_inited __read_mostly;
 static inline unsigned int recent_entry_hash4(const union nf_inet_addr *addr)
 {
@@ -340,10 +339,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
        int ret = -EINVAL;
        size_t sz;
-        if (unlikely(!hash_rnd_inited)) {
+        net_get_random_once(&hash_rnd, sizeof(hash_rnd));
-                get_random_bytes(&hash_rnd, sizeof(hash_rnd));
-                hash_rnd_inited = true;
-        }
        if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
                pr_info("Unsupported user space flags (%08x)\n",
                        info->check_set);
author	Gao Feng <fgao@ikuai8.com>	2016-09-17 22:52:25 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-09-23 03:30:36 -0400
commit	7bdc66242de7f9cbe8dbb01757042dd18744d800 (patch)
tree	6994143546494084ca28057c9af41b9a0dd079f4
parent	a20877b5edec4d2b62560b5245199af04846476c (diff)

diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c index 515131f9e021..dbd6c4a12b97 100644 --- a/net/netfilter/xt_RATEEST.c +++ b/net/netfilter/xt_RATEEST.c
@@ -24,7 +24,6 @@ static DEFINE_MUTEX(xt_rateest_mutex);
24	#define RATEEST_HSIZE 16	24	#define RATEEST_HSIZE 16
25	static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;	25	static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;
26	static unsigned int jhash_rnd __read_mostly;	26	static unsigned int jhash_rnd __read_mostly;
27	static bool rnd_inited __read_mostly;
28		27
29	static unsigned int xt_rateest_hash(const char *name)	28	static unsigned int xt_rateest_hash(const char *name)
30	{	29	{
@@ -99,10 +98,7 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
99	} cfg;	98	} cfg;
100	int ret;	99	int ret;
101		100
102	if (unlikely(!rnd_inited)) {	101	net_get_random_once(&jhash_rnd, sizeof(jhash_rnd));
103	get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
104	rnd_inited = true;
105	}
106		102
107	est = xt_rateest_lookup(info->name);	103	est = xt_rateest_lookup(info->name);
108	if (est) {	104	if (est) {


diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index 99bbc829868d..b6dc322593a3 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c
@@ -366,14 +366,8 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par)
366	unsigned int i;	366	unsigned int i;
367	int ret;	367	int ret;
368		368
369	if (unlikely(!connlimit_rnd)) {	369	net_get_random_once(&connlimit_rnd, sizeof(connlimit_rnd));
370	u_int32_t rand;
371		370
372	do {
373	get_random_bytes(&rand, sizeof(rand));
374	} while (!rand);
375	cmpxchg(&connlimit_rnd, 0, rand);
376	}
377	ret = nf_ct_l3proto_try_module_get(par->family);	371	ret = nf_ct_l3proto_try_module_get(par->family);
378	if (ret < 0) {	372	if (ret < 0) {
379	pr_info("cannot load conntrack support for "	373	pr_info("cannot load conntrack support for "


diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index d725a27743a1..e3b7a09b103e 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c
@@ -110,7 +110,6 @@ static const struct file_operations recent_old_fops, recent_mt_fops;
110	#endif	110	#endif
111		111
112	static u_int32_t hash_rnd __read_mostly;	112	static u_int32_t hash_rnd __read_mostly;
113	static bool hash_rnd_inited __read_mostly;
114		113
115	static inline unsigned int recent_entry_hash4(const union nf_inet_addr *addr)	114	static inline unsigned int recent_entry_hash4(const union nf_inet_addr *addr)
116	{	115	{
@@ -340,10 +339,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
340	int ret = -EINVAL;	339	int ret = -EINVAL;
341	size_t sz;	340	size_t sz;
342		341
343	if (unlikely(!hash_rnd_inited)) {	342	net_get_random_once(&hash_rnd, sizeof(hash_rnd));
344	get_random_bytes(&hash_rnd, sizeof(hash_rnd));	343
345	hash_rnd_inited = true;
346	}
347	if (info->check_set & ~XT_RECENT_VALID_FLAGS) {	344	if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
348	pr_info("Unsupported user space flags (%08x)\n",	345	pr_info("Unsupported user space flags (%08x)\n",
349	info->check_set);	346	info->check_set);