forked from Minki/linux
netfilter: xtables: do not grab random bytes at __init
"It is deliberately not done in the init function, since we might not have sufficient random while booting." Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
89bc7a0f64
commit
5191d50192
@ -28,6 +28,7 @@ MODULE_ALIAS("ip6t_NFQUEUE");
|
||||
MODULE_ALIAS("arpt_NFQUEUE");
|
||||
|
||||
static u32 jhash_initval __read_mostly;
|
||||
static bool rnd_inited __read_mostly;
|
||||
|
||||
static unsigned int
|
||||
nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
@ -90,6 +91,10 @@ static bool nfqueue_tg_v1_check(const struct xt_tgchk_param *par)
|
||||
const struct xt_NFQ_info_v1 *info = par->targinfo;
|
||||
u32 maxid;
|
||||
|
||||
if (unlikely(!rnd_inited)) {
|
||||
get_random_bytes(&jhash_initval, sizeof(jhash_initval));
|
||||
rnd_inited = true;
|
||||
}
|
||||
if (info->queues_total == 0) {
|
||||
pr_err("NFQUEUE: number of total queues is 0\n");
|
||||
return false;
|
||||
@ -135,7 +140,6 @@ static struct xt_target nfqueue_tg_reg[] __read_mostly = {
|
||||
|
||||
static int __init nfqueue_tg_init(void)
|
||||
{
|
||||
get_random_bytes(&jhash_initval, sizeof(jhash_initval));
|
||||
return xt_register_targets(nfqueue_tg_reg, ARRAY_SIZE(nfqueue_tg_reg));
|
||||
}
|
||||
|
||||
|
@ -23,6 +23,7 @@ static DEFINE_MUTEX(xt_rateest_mutex);
|
||||
#define RATEEST_HSIZE 16
|
||||
static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;
|
||||
static unsigned int jhash_rnd __read_mostly;
|
||||
static bool rnd_inited __read_mostly;
|
||||
|
||||
static unsigned int xt_rateest_hash(const char *name)
|
||||
{
|
||||
@ -93,6 +94,11 @@ static bool xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
|
||||
struct gnet_estimator est;
|
||||
} cfg;
|
||||
|
||||
if (unlikely(!rnd_inited)) {
|
||||
get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
|
||||
rnd_inited = true;
|
||||
}
|
||||
|
||||
est = xt_rateest_lookup(info->name);
|
||||
if (est) {
|
||||
/*
|
||||
@ -164,7 +170,6 @@ static int __init xt_rateest_tg_init(void)
|
||||
for (i = 0; i < ARRAY_SIZE(rateest_hash); i++)
|
||||
INIT_HLIST_HEAD(&rateest_hash[i]);
|
||||
|
||||
get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
|
||||
return xt_register_target(&xt_rateest_tg_reg);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user