summaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2007-03-23 11:40:27 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2007-04-25 22:28:06 -0700
commitb3da2cf37c5c6e47698957a25ab43a7223dbb90f (patch)
treee8892392aaf7e3d3544ede23c21791e2317b177d /net/ipv4
parentd30045a0bcf144753869175dd9d840f7ceaf4aba (diff)
downloadlinux-b3da2cf37c5c6e47698957a25ab43a7223dbb90f.tar.gz
linux-b3da2cf37c5c6e47698957a25ab43a7223dbb90f.tar.bz2
linux-b3da2cf37c5c6e47698957a25ab43a7223dbb90f.zip
[INET]: Use jhash + random secret for ehash.
The days are gone when this was not an issue, there are folks out there with huge bot networks that can be used to attack the established hash tables on remote systems. So just like the routing cache and connection tracking hash, use Jenkins hash with random secret input. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/af_inet.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index f011390f19c9..b7b7278d801c 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -87,6 +87,7 @@
#include <linux/init.h>
#include <linux/poll.h>
#include <linux/netfilter_ipv4.h>
+#include <linux/random.h>
#include <asm/uaccess.h>
#include <asm/system.h>
@@ -217,6 +218,16 @@ out:
return err;
}
+u32 inet_ehash_secret;
+EXPORT_SYMBOL(inet_ehash_secret);
+
+void build_ehash_secret(void)
+{
+ while (!inet_ehash_secret)
+ get_random_bytes(&inet_ehash_secret, 4);
+}
+EXPORT_SYMBOL(build_ehash_secret);
+
/*
* Create an inet socket.
*/
@@ -233,6 +244,11 @@ static int inet_create(struct socket *sock, int protocol)
int try_loading_module = 0;
int err;
+ if (sock->type != SOCK_RAW &&
+ sock->type != SOCK_DGRAM &&
+ !inet_ehash_secret)
+ build_ehash_secret();
+
sock->state = SS_UNCONNECTED;
/* Look for the requested type/protocol pair. */