Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d546c621 authored Sep 04, 2014 by Eric Dumazet Committed by David S. Miller Sep 05, 2014

ipv4: harden fnhe_hashfun()



Lets make this hash function a bit secure, as ICMP attacks are still
in the wild.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 18a47e6d

include/net/ip_fib.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -65,7 +65,8 @@ struct fnhe_hash_bucket {
		struct fib_nh_exception __rcu *chain;
		};

		#define FNHE_HASH_SIZE 2048
		#define FNHE_HASH_SHIFT 11
		#define FNHE_HASH_SIZE (1 << FNHE_HASH_SHIFT)
		#define FNHE_RECLAIM_DEPTH 5

		struct fib_nh {

net/ipv4/route.c

+4 −4

Original line number	Diff line number	Diff line
		@@ -596,12 +596,12 @@ static struct fib_nh_exception fnhe_oldest(struct fnhe_hash_bucket hash)

		static inline u32 fnhe_hashfun(__be32 daddr)
		{
		static u32 fnhe_hashrnd __read_mostly;
		u32 hval;

		hval = (__force u32) daddr;
		hval ^= (hval >> 11) ^ (hval >> 22);

		return hval & (FNHE_HASH_SIZE - 1);
		net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
		hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
		return hash_32(hval, FNHE_HASH_SHIFT);
		}

		static void fill_route_from_fnhe(struct rtable rt, struct fib_nh_exception fnhe)