Skip to content

Commit

Permalink
netfilter: xtables: do not grab random bytes at __init
Browse files Browse the repository at this point in the history 
"It is deliberately not done in the init function, since we might not
have sufficient random while booting."

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
  • Loading branch information
Jan Engelhardt authored and Patrick McHardy committed Jan 4, 2010
1 parent 89bc7a0 commit 5191d50
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
6 changes: 5 additions & 1 deletion net/netfilter/xt_NFQUEUE.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ MODULE_ALIAS("ip6t_NFQUEUE");
MODULE_ALIAS("arpt_NFQUEUE");

static u32 jhash_initval __read_mostly;
static bool rnd_inited __read_mostly;

static unsigned int
nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par)
Expand Down Expand Up @@ -90,6 +91,10 @@ static bool nfqueue_tg_v1_check(const struct xt_tgchk_param *par)
const struct xt_NFQ_info_v1 *info = par->targinfo;
u32 maxid;

if (unlikely(!rnd_inited)) {
get_random_bytes(&jhash_initval, sizeof(jhash_initval));
rnd_inited = true;
}
if (info->queues_total == 0) {
pr_err("NFQUEUE: number of total queues is 0\n");
return false;
Expand Down Expand Up @@ -135,7 +140,6 @@ static struct xt_target nfqueue_tg_reg[] __read_mostly = {

static int __init nfqueue_tg_init(void)
{
get_random_bytes(&jhash_initval, sizeof(jhash_initval));
return xt_register_targets(nfqueue_tg_reg, ARRAY_SIZE(nfqueue_tg_reg));
}

Expand Down
7 changes: 6 additions & 1 deletion net/netfilter/xt_RATEEST.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ static DEFINE_MUTEX(xt_rateest_mutex);
#define RATEEST_HSIZE 16
static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;
static unsigned int jhash_rnd __read_mostly;
static bool rnd_inited __read_mostly;

static unsigned int xt_rateest_hash(const char *name)
{
Expand Down Expand Up @@ -93,6 +94,11 @@ static bool xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
struct gnet_estimator est;
} cfg;

if (unlikely(!rnd_inited)) {
get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
rnd_inited = true;
}

est = xt_rateest_lookup(info->name);
if (est) {
/*
Expand Down Expand Up @@ -164,7 +170,6 @@ static int __init xt_rateest_tg_init(void)
for (i = 0; i < ARRAY_SIZE(rateest_hash); i++)
INIT_HLIST_HEAD(&rateest_hash[i]);

get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
return xt_register_target(&xt_rateest_tg_reg);
}

Expand Down

0 comments on commit 5191d50

Please sign in to comment.