aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2010-01-04 10:27:25 -0500
committerPatrick McHardy <kaber@trash.net>2010-01-04 10:27:25 -0500
commit5191d50192ec1281e51cbcb5248cb2667ff4d896 (patch)
treeea3b76594fb980d51f135024462658b84f1f78ae
parent89bc7a0f64de7bed2e0bc68a23d75699a610cd37 (diff)
netfilter: xtables: do not grab random bytes at __init
"It is deliberately not done in the init function, since we might not have sufficient random while booting." Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat
-rw-r--r--net/netfilter/xt_NFQUEUE.c6
-rw-r--r--net/netfilter/xt_RATEEST.c7
2 files changed, 11 insertions, 2 deletions
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index f28f6a5fc02d..12dcd7007c3e 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -28,6 +28,7 @@ MODULE_ALIAS("ip6t_NFQUEUE");
28MODULE_ALIAS("arpt_NFQUEUE"); 28MODULE_ALIAS("arpt_NFQUEUE");
29 29
30static u32 jhash_initval __read_mostly; 30static u32 jhash_initval __read_mostly;
31static bool rnd_inited __read_mostly;
31 32
32static unsigned int 33static unsigned int
33nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par) 34nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par)
@@ -90,6 +91,10 @@ static bool nfqueue_tg_v1_check(const struct xt_tgchk_param *par)
90 const struct xt_NFQ_info_v1 *info = par->targinfo; 91 const struct xt_NFQ_info_v1 *info = par->targinfo;
91 u32 maxid; 92 u32 maxid;
92 93
94 if (unlikely(!rnd_inited)) {
95 get_random_bytes(&jhash_initval, sizeof(jhash_initval));
96 rnd_inited = true;
97 }
93 if (info->queues_total == 0) { 98 if (info->queues_total == 0) {
94 pr_err("NFQUEUE: number of total queues is 0\n"); 99 pr_err("NFQUEUE: number of total queues is 0\n");
95 return false; 100 return false;
@@ -135,7 +140,6 @@ static struct xt_target nfqueue_tg_reg[] __read_mostly = {
135 140
136static int __init nfqueue_tg_init(void) 141static int __init nfqueue_tg_init(void)
137{ 142{
138 get_random_bytes(&jhash_initval, sizeof(jhash_initval));
139 return xt_register_targets(nfqueue_tg_reg, ARRAY_SIZE(nfqueue_tg_reg)); 143 return xt_register_targets(nfqueue_tg_reg, ARRAY_SIZE(nfqueue_tg_reg));
140} 144}
141 145
diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c
index d80b8192e0d4..87ae97e5516f 100644
--- a/net/netfilter/xt_RATEEST.c
+++ b/net/netfilter/xt_RATEEST.c
@@ -23,6 +23,7 @@ static DEFINE_MUTEX(xt_rateest_mutex);
23#define RATEEST_HSIZE 16 23#define RATEEST_HSIZE 16
24static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly; 24static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;
25static unsigned int jhash_rnd __read_mostly; 25static unsigned int jhash_rnd __read_mostly;
26static bool rnd_inited __read_mostly;
26 27
27static unsigned int xt_rateest_hash(const char *name) 28static unsigned int xt_rateest_hash(const char *name)
28{ 29{
@@ -93,6 +94,11 @@ static bool xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
93 struct gnet_estimator est; 94 struct gnet_estimator est;
94 } cfg; 95 } cfg;
95 96
97 if (unlikely(!rnd_inited)) {
98 get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
99 rnd_inited = true;
100 }
101
96 est = xt_rateest_lookup(info->name); 102 est = xt_rateest_lookup(info->name);
97 if (est) { 103 if (est) {
98 /* 104 /*
@@ -164,7 +170,6 @@ static int __init xt_rateest_tg_init(void)
164 for (i = 0; i < ARRAY_SIZE(rateest_hash); i++) 170 for (i = 0; i < ARRAY_SIZE(rateest_hash); i++)
165 INIT_HLIST_HEAD(&rateest_hash[i]); 171 INIT_HLIST_HEAD(&rateest_hash[i]);
166 172
167 get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
168 return xt_register_target(&xt_rateest_tg_reg); 173 return xt_register_target(&xt_rateest_tg_reg);
169} 174}
170 175
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-03 05:00:05 -0500