netfilter buglog - Nov 2009 - [Bug 621] New: xt_recent recent_entry_hash function

http://bugzilla.netfilter.org/show_bug.cgi?id=621

           Summary: xt_recent recent_entry_hash function
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P1
         Component: ip_tables (kernel)
        AssignedTo: laforge at netfilter.org
        ReportedBy: kondratev.pavel at gmail.com


translate.google.com helps me to write this message.

the module xt_recent, check to initialize the initial hash is made constantly
when adding / finding ip

IMO should be moved to initialize the initial hash in recent_mt_init, and
remove the check is not necessary.

------------patch-----------------
--- xt_recent.orig      2009-11-15 04:04:14.785353036 +0500
+++ xt_recent.new       2009-11-15 04:06:09.022851724 +0500
@@ -95,20 +95,12 @@

 static unsigned int recent_entry_hash4(const union nf_inet_addr *addr)
 {
-       if (!hash_rnd_initted) {
-               get_random_bytes(&hash_rnd, sizeof(hash_rnd));
-               hash_rnd_initted = true;
-       }
        return jhash_1word((__force u32)addr->ip, hash_rnd) &
               (ip_list_hash_size - 1);
 }

 static unsigned int recent_entry_hash6(const union nf_inet_addr *addr)
 {
-       if (!hash_rnd_initted) {
-               get_random_bytes(&hash_rnd, sizeof(hash_rnd));
-               hash_rnd_initted = true;
-       }
        return jhash2((u32 *)addr->ip6, ARRAY_SIZE(addr->ip6), hash_rnd)
&
               (ip_list_hash_size - 1);
 }
@@ -645,6 +637,8 @@
                return -EINVAL;
        ip_list_hash_size = 1 << fls(ip_list_tot);

+       get_random_bytes(&hash_rnd, sizeof(hash_rnd));
+
        err = xt_register_matches(recent_mt_reg, ARRAY_SIZE(recent_mt_reg));
 #ifdef CONFIG_PROC_FS
        if (err)
------------end patch-----------------


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.netfilter.org/show_bug.cgi?id=621


kondratev.pavel at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED




-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.netfilter.org/show_bug.cgi?id=621


kaber at trash.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|laforge at netfilter.org       |kaber at trash.net
             Status|ASSIGNED                    |NEW




------- Comment #1 from kaber at trash.net  2009-11-19 15:29 -------
Its deliberately not done in the init function since we might not have
sufficient random while booting. But you could move it to the checkentry
function.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the assignee for the bug, or are watching the assignee.