diff options
| author | Eric Dumazet <edumazet@google.com> | 2014-09-04 11:21:31 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-09-05 20:40:33 -0400 |
| commit | d546c621542df9e45eedc91f35356e887ac63b7b (patch) | |
| tree | bcf28df1dafdf743cdbad9230986a5a413e08a26 /net/ipv4 | |
| parent | 18a47e6d8af01db1b691802a6bb8eae73d83ad9e (diff) | |
ipv4: harden fnhe_hashfun()
Lets make this hash function a bit secure, as ICMP attacks are still
in the wild.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/route.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 44b0cbdd76f1..234a43e233dc 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
| @@ -596,12 +596,12 @@ static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash) | |||
| 596 | 596 | ||
| 597 | static inline u32 fnhe_hashfun(__be32 daddr) | 597 | static inline u32 fnhe_hashfun(__be32 daddr) |
| 598 | { | 598 | { |
| 599 | static u32 fnhe_hashrnd __read_mostly; | ||
| 599 | u32 hval; | 600 | u32 hval; |
| 600 | 601 | ||
| 601 | hval = (__force u32) daddr; | 602 | net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd)); |
| 602 | hval ^= (hval >> 11) ^ (hval >> 22); | 603 | hval = jhash_1word((__force u32) daddr, fnhe_hashrnd); |
| 603 | 604 | return hash_32(hval, FNHE_HASH_SHIFT); | |
| 604 | return hval & (FNHE_HASH_SIZE - 1); | ||
| 605 | } | 605 | } |
| 606 | 606 | ||
| 607 | static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe) | 607 | static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe) |