This reverts commit
a42b99a6e329654d376b330de057eff87686d890.
Hannes Frederic Sowa reported some problems with this patch, more specifically
that prandom_u32() may not be ready at boot time, see:
http://marc.info/?l=linux-netdev&m=
138896532403533&w=2
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
#include <linux/proc_fs.h>
#include <linux/security.h>
#include <linux/list.h>
+#include <linux/jhash.h>
+#include <linux/random.h>
#include <linux/slab.h>
#include <net/sock.h>
#include <net/netfilter/nf_log.h>
};
#define INSTANCE_BUCKETS 16
+static unsigned int hash_init;
static int nfnl_log_net_id __read_mostly;
{
int status = -ENOMEM;
+ /* it's not really all that important to have a random value, so
+ * we can do this from the init function, even if there hasn't
+ * been that much entropy yet */
+ get_random_bytes(&hash_init, sizeof(hash_init));
+
netlink_register_notifier(&nfulnl_rtnl_notifier);
status = nfnetlink_subsys_register(&nfulnl_subsys);
if (status < 0) {
unsigned int cnt, i;
if (unlikely(!nft_hash_rnd_initted)) {
- nft_hash_rnd = prandom_u32();
+ get_random_bytes(&nft_hash_rnd, 4);
nft_hash_rnd_initted = true;
}
int ret;
if (unlikely(!rnd_inited)) {
- jhash_rnd = prandom_u32();
+ get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
rnd_inited = true;
}
u_int32_t rand;
do {
- rand = prandom_u32();
+ get_random_bytes(&rand, sizeof(rand));
} while (!rand);
cmpxchg(&connlimit_rnd, 0, rand);
}
/* initialize hash with random val at the time we allocate
* the first hashtable entry */
if (unlikely(!ht->rnd_initialized)) {
- ht->rnd = prandom_u32();
+ get_random_bytes(&ht->rnd, sizeof(ht->rnd));
ht->rnd_initialized = true;
}
size_t sz;
if (unlikely(!hash_rnd_inited)) {
- hash_rnd = prandom_u32();
+ get_random_bytes(&hash_rnd, sizeof(hash_rnd));
hash_rnd_inited = true;
}
if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
projects / GitHub / exynos8895 / android_kernel_samsung_universal8895.git / commitdiff