On Mon, Apr 3, 2017 at 10:34 AM, Liping Zhang wrote:
>
> From: Liping Zhang
>
> This can prevent the nft utility from printing out the auto generated
> seed to the user, which is unnecessary and confusing.
>
> Signed-off-by: Liping Zhang
> ---
> net/netfilter/nft_hash.c | 10 +++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
> index eb2721a..c4dad12 100644
> --- a/net/netfilter/nft_hash.c
> +++ b/net/netfilter/nft_hash.c
> @@ -21,6 +21,7 @@ struct nft_hash {
> enum nft_registers sreg:8;
> enum nft_registers dreg:8;
> u8 len;
> + boolautogen_seed:1;
Hi Liping, I don't think that hiding the seed value would be useful, and
even adding this attribute doesn't worth it just to hide the seed.
> u32 modulus;
> u32 seed;
> u32 offset;
> @@ -82,10 +83,12 @@ static int nft_hash_init(const struct nft_ctx *ctx,
> if (priv->offset + priv->modulus - 1 < priv->offset)
> return -EOVERFLOW;
>
> - if (tb[NFTA_HASH_SEED])
> + if (tb[NFTA_HASH_SEED]) {
> priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
> - else
> + } else {
> + priv->autogen_seed = true;
> get_random_bytes(>seed, sizeof(priv->seed));
> + }
>
> return nft_validate_register_load(priv->sreg, len) &&
>nft_validate_register_store(ctx, priv->dreg, NULL,
> @@ -105,7 +108,8 @@ static int nft_hash_dump(struct sk_buff *skb,
> goto nla_put_failure;
> if (nla_put_be32(skb, NFTA_HASH_MODULUS, htonl(priv->modulus)))
> goto nla_put_failure;
> - if (nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed)))
> + if (!priv->autogen_seed &&
> + nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed)))
> goto nla_put_failure;
> if (priv->offset != 0)
> if (nla_put_be32(skb, NFTA_HASH_OFFSET, htonl(priv->offset)))
> --
> 2.5.5
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html