Commit 7bdc6624 authored by Gao Feng's avatar Gao Feng Committed by Pablo Neira Ayuso

netfilter: Enhance the codes used to get random once

There are some codes which are used to get one random once in netfilter.
We could use net_get_random_once to simplify these codes.
Signed-off-by: default avatarGao Feng <fgao@ikuai8.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a20877b5
...@@ -24,7 +24,6 @@ static DEFINE_MUTEX(xt_rateest_mutex); ...@@ -24,7 +24,6 @@ static DEFINE_MUTEX(xt_rateest_mutex);
#define RATEEST_HSIZE 16 #define RATEEST_HSIZE 16
static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly; static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;
static unsigned int jhash_rnd __read_mostly; static unsigned int jhash_rnd __read_mostly;
static bool rnd_inited __read_mostly;
static unsigned int xt_rateest_hash(const char *name) static unsigned int xt_rateest_hash(const char *name)
{ {
...@@ -99,10 +98,7 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par) ...@@ -99,10 +98,7 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
} cfg; } cfg;
int ret; int ret;
if (unlikely(!rnd_inited)) { net_get_random_once(&jhash_rnd, sizeof(jhash_rnd));
get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
rnd_inited = true;
}
est = xt_rateest_lookup(info->name); est = xt_rateest_lookup(info->name);
if (est) { if (est) {
......
...@@ -366,14 +366,8 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par) ...@@ -366,14 +366,8 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par)
unsigned int i; unsigned int i;
int ret; int ret;
if (unlikely(!connlimit_rnd)) { net_get_random_once(&connlimit_rnd, sizeof(connlimit_rnd));
u_int32_t rand;
do {
get_random_bytes(&rand, sizeof(rand));
} while (!rand);
cmpxchg(&connlimit_rnd, 0, rand);
}
ret = nf_ct_l3proto_try_module_get(par->family); ret = nf_ct_l3proto_try_module_get(par->family);
if (ret < 0) { if (ret < 0) {
pr_info("cannot load conntrack support for " pr_info("cannot load conntrack support for "
......
...@@ -110,7 +110,6 @@ static const struct file_operations recent_old_fops, recent_mt_fops; ...@@ -110,7 +110,6 @@ static const struct file_operations recent_old_fops, recent_mt_fops;
#endif #endif
static u_int32_t hash_rnd __read_mostly; static u_int32_t hash_rnd __read_mostly;
static bool hash_rnd_inited __read_mostly;
static inline unsigned int recent_entry_hash4(const union nf_inet_addr *addr) static inline unsigned int recent_entry_hash4(const union nf_inet_addr *addr)
{ {
...@@ -340,10 +339,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par, ...@@ -340,10 +339,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
int ret = -EINVAL; int ret = -EINVAL;
size_t sz; size_t sz;
if (unlikely(!hash_rnd_inited)) { net_get_random_once(&hash_rnd, sizeof(hash_rnd));
get_random_bytes(&hash_rnd, sizeof(hash_rnd));
hash_rnd_inited = true;
}
if (info->check_set & ~XT_RECENT_VALID_FLAGS) { if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
pr_info("Unsupported user space flags (%08x)\n", pr_info("Unsupported user space flags (%08x)\n",
info->check_set); info->check_set);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment