Commit 02a9098e authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller

net_sched: sfq: always randomize hash perturbation

SFQ q->perturbation is used in sfq_hash() as an input to Jenkins hash.

We currently randomize this 32bit value only if a perturbation timer is
setup.

Its much better to always initialize it to defeat attackers, or else
they can predict very well what kind of packets they have to forge to
hit a particular flow.
Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent bd16a6cc
...@@ -591,12 +591,12 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt) ...@@ -591,12 +591,12 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt)
q->cur_depth = 0; q->cur_depth = 0;
q->tail = NULL; q->tail = NULL;
q->divisor = SFQ_DEFAULT_HASH_DIVISOR; q->divisor = SFQ_DEFAULT_HASH_DIVISOR;
if (opt == NULL) { q->quantum = psched_mtu(qdisc_dev(sch));
q->quantum = psched_mtu(qdisc_dev(sch)); q->scaled_quantum = SFQ_ALLOT_SIZE(q->quantum);
q->scaled_quantum = SFQ_ALLOT_SIZE(q->quantum); q->perturb_period = 0;
q->perturb_period = 0; q->perturbation = net_random();
q->perturbation = net_random();
} else { if (opt) {
int err = sfq_change(sch, opt); int err = sfq_change(sch, opt);
if (err) if (err)
return err; return err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment