summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2014-09-04 19:21:31 +0400
committerDavid S. Miller <davem@davemloft.net>2014-09-06 04:40:33 +0400
commitd546c621542df9e45eedc91f35356e887ac63b7b (patch)
treebcf28df1dafdf743cdbad9230986a5a413e08a26
parent18a47e6d8af01db1b691802a6bb8eae73d83ad9e (diff)
downloadlinux-d546c621542df9e45eedc91f35356e887ac63b7b.tar.xz
ipv4: harden fnhe_hashfun()
Lets make this hash function a bit secure, as ICMP attacks are still in the wild. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/ip_fib.h3
-rw-r--r--net/ipv4/route.c8
2 files changed, 6 insertions, 5 deletions
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
index f30fd554127e..dc9d2a27c315 100644
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -65,7 +65,8 @@ struct fnhe_hash_bucket {
struct fib_nh_exception __rcu *chain;
};
-#define FNHE_HASH_SIZE 2048
+#define FNHE_HASH_SHIFT 11
+#define FNHE_HASH_SIZE (1 << FNHE_HASH_SHIFT)
#define FNHE_RECLAIM_DEPTH 5
struct fib_nh {
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 44b0cbdd76f1..234a43e233dc 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -596,12 +596,12 @@ static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
static inline u32 fnhe_hashfun(__be32 daddr)
{
+ static u32 fnhe_hashrnd __read_mostly;
u32 hval;
- hval = (__force u32) daddr;
- hval ^= (hval >> 11) ^ (hval >> 22);
-
- return hval & (FNHE_HASH_SIZE - 1);
+ net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
+ hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
+ return hash_32(hval, FNHE_HASH_SHIFT);
}
static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)