netfilter: nft_hash: get random bytes if seed is not specified

If the user doesn't specify a seed, generate one at configuration time. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2016-11-03 17:52:19 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-11-09 23:41:09 +0100
commit: f86dab3aa6fef724456ba7e3fae3e2f02414ae86 (patch)
tree: 66522288484f98d5040d1baf91f9295ece8780b5
parent: netfilter: handle NF_REPEAT from nf_conntrack_in() (diff)
download: linux-f86dab3aa6fef724456ba7e3fae3e2f02414ae86.tar.xz
linux-f86dab3aa6fef724456ba7e3fae3e2f02414ae86.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index baf694de3935..97ad8e30e4b4 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -57,7 +57,6 @@ static int nft_hash_init(const struct nft_ctx *ctx,
 	if (!tb[NFTA_HASH_SREG] ||
 	    !tb[NFTA_HASH_DREG] ||
 	    !tb[NFTA_HASH_LEN]  ||
-	    !tb[NFTA_HASH_SEED] ||
 	    !tb[NFTA_HASH_MODULUS])
 		return -EINVAL;
 
@@ -80,7 +79,10 @@ static int nft_hash_init(const struct nft_ctx *ctx,
 	if (priv->offset + priv->modulus - 1 < priv->offset)
 		return -EOVERFLOW;
 
-	priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
+	if (tb[NFTA_HASH_SEED])
+		priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
+	else
+		get_random_bytes(&priv->seed, sizeof(priv->seed));
 
 	return nft_validate_register_load(priv->sreg, len) &&
 	       nft_validate_register_store(ctx, priv->dreg, NULL,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-03 17:52:19 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-09 23:41:09 +0100
commit	f86dab3aa6fef724456ba7e3fae3e2f02414ae86 (patch)
tree	66522288484f98d5040d1baf91f9295ece8780b5
parent	netfilter: handle NF_REPEAT from nf_conntrack_in() (diff)
download	linux-f86dab3aa6fef724456ba7e3fae3e2f02414ae86.tar.xz linux-f86dab3aa6fef724456ba7e3fae3e2f02414ae86.zip