Daniel Borkmann <[email protected]> wrote: > On 02/16/2016 02:19 PM, Florian Westphal wrote: > >Daniel Borkmann <[email protected]> wrote: > >>>+ case NFT_META_PRANDOM: > >>>+ if (!prand_inited) { > >>>+ prandom_seed_full_state(&nft_prandom_state); > >>>+ prand_inited = true; > >>>+ } > >> > >>Should this be: prandom_init_once() ? > > > >Thought about that but this is slowpath so I considered > >the use of static key magic a bit overkill.... > > > >I don't mind, if you think prandom_init_once is prefereable I'll respin. > > You'd have the benefit that the prng init would be race free. > nft_meta_get_init() > could be called in parallel from multiple CPUs, right?
We're serialized by nftables' nfnetlink mutex. I guess I'll just send a V2 and use prandom_init_once after all. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
