Commit d546c621 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller

ipv4: harden fnhe_hashfun()

Lets make this hash function a bit secure, as ICMP attacks are still
in the wild.
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 18a47e6d
...@@ -65,7 +65,8 @@ struct fnhe_hash_bucket { ...@@ -65,7 +65,8 @@ struct fnhe_hash_bucket {
struct fib_nh_exception __rcu *chain; struct fib_nh_exception __rcu *chain;
}; };
#define FNHE_HASH_SIZE 2048 #define FNHE_HASH_SHIFT 11
#define FNHE_HASH_SIZE (1 << FNHE_HASH_SHIFT)
#define FNHE_RECLAIM_DEPTH 5 #define FNHE_RECLAIM_DEPTH 5
struct fib_nh { struct fib_nh {
......
...@@ -596,12 +596,12 @@ static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash) ...@@ -596,12 +596,12 @@ static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
static inline u32 fnhe_hashfun(__be32 daddr) static inline u32 fnhe_hashfun(__be32 daddr)
{ {
static u32 fnhe_hashrnd __read_mostly;
u32 hval; u32 hval;
hval = (__force u32) daddr; net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
hval ^= (hval >> 11) ^ (hval >> 22); hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
return hash_32(hval, FNHE_HASH_SHIFT);
return hval & (FNHE_HASH_SIZE - 1);
} }
static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe) static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment