首頁 探索 說明
登入
GfA
/
linux_kernel
5
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

netfilter: Enhance the codes used to get random once

There are some codes which are used to get one random once in netfilter.
We could use net_get_random_once to simplify these codes.

Signed-off-by: Gao Feng <fgao@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Gao Feng 9 年之前
父節點
a20877b5ed
當前提交
7bdc66242d
共有 3 個文件被更改,包括 4 次插入17 次删除
分割檢視 顯示文件統計
  1. 1 5
      net/netfilter/xt_RATEEST.c
  2. 1 7
      net/netfilter/xt_connlimit.c
  3. 2 5
      net/netfilter/xt_recent.c

+ 1 - 5
net/netfilter/xt_RATEEST.c
查看文件 

@@ -24,7 +24,6 @@ static DEFINE_MUTEX(xt_rateest_mutex);
 
 #define RATEEST_HSIZE	16
 
 static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;
 
 static unsigned int jhash_rnd __read_mostly;
 
-static bool rnd_inited __read_mostly;
 
 
 static unsigned int xt_rateest_hash(const char *name)
 
 {
 
@@ -99,10 +98,7 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
 
 	} cfg;
 
 	int ret;
 
 
-	if (unlikely(!rnd_inited)) {
 
-		get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
 
-		rnd_inited = true;
 
-	}
 
+	net_get_random_once(&jhash_rnd, sizeof(jhash_rnd));
 
 
 	est = xt_rateest_lookup(info->name);
 
 	if (est) {

+ 1 - 7
net/netfilter/xt_connlimit.c
查看文件 

@@ -366,14 +366,8 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par)
 
 	unsigned int i;
 
 	int ret;
 
 
-	if (unlikely(!connlimit_rnd)) {
 
-		u_int32_t rand;
 
+	net_get_random_once(&connlimit_rnd, sizeof(connlimit_rnd));
 
 
-		do {
 
-			get_random_bytes(&rand, sizeof(rand));
 
-		} while (!rand);
 
-		cmpxchg(&connlimit_rnd, 0, rand);
 
-	}
 
 	ret = nf_ct_l3proto_try_module_get(par->family);
 
 	if (ret < 0) {
 
 		pr_info("cannot load conntrack support for "

+ 2 - 5
net/netfilter/xt_recent.c
查看文件 

@@ -110,7 +110,6 @@ static const struct file_operations recent_old_fops, recent_mt_fops;
 
 #endif
 
 
 static u_int32_t hash_rnd __read_mostly;
 
-static bool hash_rnd_inited __read_mostly;
 
 
 static inline unsigned int recent_entry_hash4(const union nf_inet_addr *addr)
 
 {
 
@@ -340,10 +339,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
 
 	int ret = -EINVAL;
 
 	size_t sz;
 
 
-	if (unlikely(!hash_rnd_inited)) {
 
-		get_random_bytes(&hash_rnd, sizeof(hash_rnd));
 
-		hash_rnd_inited = true;
 
-	}
 
+	net_get_random_once(&hash_rnd, sizeof(hash_rnd));
 
+
 
 	if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
 
 		pr_info("Unsupported user space flags (%08x)\n",
 
 			info->check_set);