bugzilla-daemon at bugzilla.netfilter.org
2009-Nov-14 23:08 UTC
[Bug 621] New: xt_recent recent_entry_hash function
http://bugzilla.netfilter.org/show_bug.cgi?id=621 Summary: xt_recent recent_entry_hash function Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P1 Component: ip_tables (kernel) AssignedTo: laforge at netfilter.org ReportedBy: kondratev.pavel at gmail.com translate.google.com helps me to write this message. the module xt_recent, check to initialize the initial hash is made constantly when adding / finding ip IMO should be moved to initialize the initial hash in recent_mt_init, and remove the check is not necessary. ------------patch----------------- --- xt_recent.orig 2009-11-15 04:04:14.785353036 +0500 +++ xt_recent.new 2009-11-15 04:06:09.022851724 +0500 @@ -95,20 +95,12 @@ static unsigned int recent_entry_hash4(const union nf_inet_addr *addr) { - if (!hash_rnd_initted) { - get_random_bytes(&hash_rnd, sizeof(hash_rnd)); - hash_rnd_initted = true; - } return jhash_1word((__force u32)addr->ip, hash_rnd) & (ip_list_hash_size - 1); } static unsigned int recent_entry_hash6(const union nf_inet_addr *addr) { - if (!hash_rnd_initted) { - get_random_bytes(&hash_rnd, sizeof(hash_rnd)); - hash_rnd_initted = true; - } return jhash2((u32 *)addr->ip6, ARRAY_SIZE(addr->ip6), hash_rnd) & (ip_list_hash_size - 1); } @@ -645,6 +637,8 @@ return -EINVAL; ip_list_hash_size = 1 << fls(ip_list_tot); + get_random_bytes(&hash_rnd, sizeof(hash_rnd)); + err = xt_register_matches(recent_mt_reg, ARRAY_SIZE(recent_mt_reg)); #ifdef CONFIG_PROC_FS if (err) ------------end patch----------------- -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at bugzilla.netfilter.org
2009-Nov-16 12:05 UTC
[Bug 621] xt_recent recent_entry_hash function
http://bugzilla.netfilter.org/show_bug.cgi?id=621 kondratev.pavel at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at bugzilla.netfilter.org
2009-Nov-19 14:29 UTC
[Bug 621] xt_recent recent_entry_hash function
http://bugzilla.netfilter.org/show_bug.cgi?id=621 kaber at trash.net changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|laforge at netfilter.org |kaber at trash.net Status|ASSIGNED |NEW ------- Comment #1 from kaber at trash.net 2009-11-19 15:29 ------- Its deliberately not done in the init function since we might not have sufficient random while booting. But you could move it to the checkentry function. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. You are the assignee for the bug, or are watching the assignee.