diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2010-01-04 16:27:25 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-01-04 16:27:25 +0100 |
commit | 5191d50192ec1281e51cbcb5248cb2667ff4d896 (patch) | |
tree | ea3b76594fb980d51f135024462658b84f1f78ae /net/netfilter/xt_NFQUEUE.c | |
parent | 89bc7a0f64de7bed2e0bc68a23d75699a610cd37 (diff) | |
download | op-kernel-dev-5191d50192ec1281e51cbcb5248cb2667ff4d896.zip op-kernel-dev-5191d50192ec1281e51cbcb5248cb2667ff4d896.tar.gz |
netfilter: xtables: do not grab random bytes at __init
"It is deliberately not done in the init function, since we might not
have sufficient random while booting."
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/xt_NFQUEUE.c')
-rw-r--r-- | net/netfilter/xt_NFQUEUE.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c index f28f6a5..12dcd70 100644 --- a/net/netfilter/xt_NFQUEUE.c +++ b/net/netfilter/xt_NFQUEUE.c @@ -28,6 +28,7 @@ MODULE_ALIAS("ip6t_NFQUEUE"); MODULE_ALIAS("arpt_NFQUEUE"); static u32 jhash_initval __read_mostly; +static bool rnd_inited __read_mostly; static unsigned int nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par) @@ -90,6 +91,10 @@ static bool nfqueue_tg_v1_check(const struct xt_tgchk_param *par) const struct xt_NFQ_info_v1 *info = par->targinfo; u32 maxid; + if (unlikely(!rnd_inited)) { + get_random_bytes(&jhash_initval, sizeof(jhash_initval)); + rnd_inited = true; + } if (info->queues_total == 0) { pr_err("NFQUEUE: number of total queues is 0\n"); return false; @@ -135,7 +140,6 @@ static struct xt_target nfqueue_tg_reg[] __read_mostly = { static int __init nfqueue_tg_init(void) { - get_random_bytes(&jhash_initval, sizeof(jhash_initval)); return xt_register_targets(nfqueue_tg_reg, ARRAY_SIZE(nfqueue_tg_reg)); } |