netfilter: xtables: do not grab random bytes at __init

author Jan Engelhardt <jengelh@medozas.de>

Mon, 4 Jan 2010 15:27:25 +0000 (16:27 +0100)

committer Patrick McHardy <kaber@trash.net>

Mon, 4 Jan 2010 15:27:25 +0000 (16:27 +0100)
author Jan Engelhardt <jengelh@medozas.de>
Mon, 4 Jan 2010 15:27:25 +0000 (16:27 +0100)
committer Patrick McHardy <kaber@trash.net>
Mon, 4 Jan 2010 15:27:25 +0000 (16:27 +0100)
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c

index f28f6a5..12dcd70 100644 (file)
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -28,6 +28,7 @@ MODULE_ALIAS("ip6t_NFQUEUE");
  MODULE_ALIAS("arpt_NFQUEUE");
  
  static u32 jhash_initval __read_mostly;
+static bool rnd_inited __read_mostly;
  
  static unsigned int
  nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par)
@@ -90,6 +91,10 @@ static bool nfqueue_tg_v1_check(const struct xt_tgchk_param *par)
         const struct xt_NFQ_info_v1 *info = par->targinfo;
         u32 maxid;
  
+       if (unlikely(!rnd_inited)) {
+               get_random_bytes(&jhash_initval, sizeof(jhash_initval));
+               rnd_inited = true;
+       }
         if (info->queues_total == 0) {
                 pr_err("NFQUEUE: number of total queues is 0\n");
                 return false;
@@ -135,7 +140,6 @@ static struct xt_target nfqueue_tg_reg[] __read_mostly = {
  
  static int __init nfqueue_tg_init(void)
  {
-       get_random_bytes(&jhash_initval, sizeof(jhash_initval));
         return xt_register_targets(nfqueue_tg_reg, ARRAY_SIZE(nfqueue_tg_reg));
  }
  
diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c

index d80b819..87ae97e 100644 (file)
--- a/net/netfilter/xt_RATEEST.c
+++ b/net/netfilter/xt_RATEEST.c
@@ -23,6 +23,7 @@ static DEFINE_MUTEX(xt_rateest_mutex);
  #define RATEEST_HSIZE  16
  static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;
  static unsigned int jhash_rnd __read_mostly;
+static bool rnd_inited __read_mostly;
  
  static unsigned int xt_rateest_hash(const char *name)
  {
@@ -93,6 +94,11 @@ static bool xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
                 struct gnet_estimator   est;
         } cfg;
  
+       if (unlikely(!rnd_inited)) {
+               get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
+               rnd_inited = true;
+       }
+
         est = xt_rateest_lookup(info->name);
         if (est) {
                 /*
@@ -164,7 +170,6 @@ static int __init xt_rateest_tg_init(void)
         for (i = 0; i < ARRAY_SIZE(rateest_hash); i++)
                 INIT_HLIST_HEAD(&rateest_hash[i]);
  
-       get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
         return xt_register_target(&xt_rateest_tg_reg);
  }
author	Jan Engelhardt <jengelh@medozas.de>
	Mon, 4 Jan 2010 15:27:25 +0000 (16:27 +0100)
committer	Patrick McHardy <kaber@trash.net>
	Mon, 4 Jan 2010 15:27:25 +0000 (16:27 +0100)
net/netfilter/xt_NFQUEUE.c		patch \| blob \| history
net/netfilter/xt_RATEEST.c		patch \| blob \| history