aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Dumazet <eric.dumazet@gmail.com>2012-01-04 01:23:01 -0500
committerDavid S. Miller <davem@davemloft.net>2012-01-04 14:12:48 -0500
commit02a9098ede0dc7e28c16a03fa7fba86a05219478 (patch)
tree689df90e53168b72b8f2f418853830747bba8e90
parentbd16a6cce2a7f169b559abc5672fd2c66e91fb36 (diff)
net_sched: sfq: always randomize hash perturbation
SFQ q->perturbation is used in sfq_hash() as an input to Jenkins hash. We currently randomize this 32bit value only if a perturbation timer is setup. Its much better to always initialize it to defeat attackers, or else they can predict very well what kind of packets they have to forge to hit a particular flow. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/sched/sch_sfq.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index 16feb88503af..843018154a5c 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -591,12 +591,12 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt)
591 q->cur_depth = 0; 591 q->cur_depth = 0;
592 q->tail = NULL; 592 q->tail = NULL;
593 q->divisor = SFQ_DEFAULT_HASH_DIVISOR; 593 q->divisor = SFQ_DEFAULT_HASH_DIVISOR;
594 if (opt == NULL) { 594 q->quantum = psched_mtu(qdisc_dev(sch));
595 q->quantum = psched_mtu(qdisc_dev(sch)); 595 q->scaled_quantum = SFQ_ALLOT_SIZE(q->quantum);
596 q->scaled_quantum = SFQ_ALLOT_SIZE(q->quantum); 596 q->perturb_period = 0;
597 q->perturb_period = 0; 597 q->perturbation = net_random();
598 q->perturbation = net_random(); 598
599 } else { 599 if (opt) {
600 int err = sfq_change(sch, opt); 600 int err = sfq_change(sch, opt);
601 if (err) 601 if (err)
602 return err; 602 return err;