summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorMarco Pfatschbacher <mpf@cvs.openbsd.org>2008-05-07 05:51:13 +0000
committerMarco Pfatschbacher <mpf@cvs.openbsd.org>2008-05-07 05:51:13 +0000
commit2a4b30b87039ac2f778756d352f7935d8317f8cd (patch)
tree838fe3d2c9b7eccb32786f4725455f2d83f295c2 /sys/net
parent8370a3080477e7b676b11cf6420090354ccc2e6a (diff)
Prevent virtual interfaces from adding to the random pool.
Also move the sampling into ether_input() where it can happen at the interrupt and not within splnet() processing, which might be less random. Discussed with mickey. OK markus@, mcbride@
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/if.c10
-rw-r--r--sys/net/if_ethersubr.c9
-rw-r--r--sys/net/if_tun.c5
-rw-r--r--sys/net/netisr.h7
-rw-r--r--sys/net/netisr_dispatch.h4
5 files changed, 17 insertions, 18 deletions
diff --git a/sys/net/if.c b/sys/net/if.c
index 84a5f0409a9..2d226cc12d4 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if.c,v 1.169 2008/04/10 23:15:45 dlg Exp $ */
+/* $OpenBSD: if.c,v 1.170 2008/05/07 05:51:12 mpf Exp $ */
/* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */
/*
@@ -87,8 +87,6 @@
#include <net/route.h>
#include <net/netisr.h>
-#include <dev/rndvar.h>
-
#ifdef INET
#include <netinet/in.h>
#include <netinet/in_var.h>
@@ -1998,9 +1996,3 @@ sysctl_ifq(int *name, u_int namelen, void *oldp, size_t *oldlenp,
}
/* NOTREACHED */
}
-
-void
-netrndintr(void)
-{
- add_net_randomness(0);
-}
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index c39d5f3a5e7..2e345c7a92d 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_ethersubr.c,v 1.118 2008/04/23 10:55:14 norby Exp $ */
+/* $OpenBSD: if_ethersubr.c,v 1.119 2008/05/07 05:51:12 mpf Exp $ */
/* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */
/*
@@ -104,6 +104,8 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>.
#include <netinet/if_ether.h>
#include <netinet/ip_ipsp.h>
+#include <dev/rndvar.h>
+
#if NBPFILTER > 0
#include <net/bpf.h>
#endif
@@ -563,6 +565,11 @@ ether_input(ifp0, eh, m)
etype = ntohs(eh->ether_type);
+ if (!(netisr & (1 << NETISR_RND_DONE))) {
+ add_net_randomness(etype);
+ atomic_setbits_int(&netisr, (1 << NETISR_RND_DONE));
+ }
+
#if NVLAN > 0
if (etype == ETHERTYPE_VLAN && (vlan_input(eh, m) == 0))
return;
diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c
index 390a1b16ae3..417c350a13f 100644
--- a/sys/net/if_tun.c
+++ b/sys/net/if_tun.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_tun.c,v 1.92 2008/05/06 07:18:09 krw Exp $ */
+/* $OpenBSD: if_tun.c,v 1.93 2008/05/07 05:51:12 mpf Exp $ */
/* $NetBSD: if_tun.c,v 1.24 1996/05/07 02:40:48 thorpej Exp $ */
/*
@@ -857,6 +857,9 @@ tunwrite(dev_t dev, struct uio *uio, int ioflag)
#endif
if (tp->tun_flags & TUN_LAYER2) {
+ /* quirk to not add randomness from a virtual device */
+ atomic_setbits_int(&netisr, (1 << NETISR_RND_DONE));
+
ether_input_mbuf(ifp, top);
ifp->if_ipackets++; /* ibytes are counted in ether_input */
return (0);
diff --git a/sys/net/netisr.h b/sys/net/netisr.h
index 1ee79a8e39b..2b75c7d7ead 100644
--- a/sys/net/netisr.h
+++ b/sys/net/netisr.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: netisr.h,v 1.31 2008/04/23 10:55:14 norby Exp $ */
+/* $OpenBSD: netisr.h,v 1.32 2008/05/07 05:51:12 mpf Exp $ */
/* $NetBSD: netisr.h,v 1.12 1995/08/12 23:59:24 mycroft Exp $ */
/*
@@ -52,7 +52,7 @@
* interrupt used for scheduling the network code to calls
* on the lowest level routine of each protocol.
*/
-#define NETISR_RND 1
+#define NETISR_RND_DONE 1
#define NETISR_IP 2 /* same as AF_INET */
#define NETISR_TX 3 /* for if_snd processing */
#define NETISR_ATALK 16 /* same as AF_APPLETALK */
@@ -70,7 +70,6 @@
#ifdef _KERNEL
extern int netisr; /* scheduling bits for network */
-void netrndintr(void);
void nettxintr(void);
void arpintr(void);
void ipintr(void);
@@ -87,7 +86,7 @@ void mplsintr(void);
#include <machine/atomic.h>
#define schednetisr(anisr) \
do { \
- atomic_setbits_int(&netisr, (1 << (anisr)) | (1 << NETISR_RND));\
+ atomic_setbits_int(&netisr, (1 << (anisr))); \
setsoftnet(); \
} while (0)
#endif
diff --git a/sys/net/netisr_dispatch.h b/sys/net/netisr_dispatch.h
index a56187f2d1a..c2de9b2751b 100644
--- a/sys/net/netisr_dispatch.h
+++ b/sys/net/netisr_dispatch.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: netisr_dispatch.h,v 1.15 2008/04/23 10:55:14 norby Exp $ */
+/* $OpenBSD: netisr_dispatch.h,v 1.16 2008/05/07 05:51:12 mpf Exp $ */
/* $NetBSD: netisr_dispatch.h,v 1.2 2000/07/02 04:40:47 cgd Exp $ */
/*
@@ -34,8 +34,6 @@
* their prototypes in <net/netisr.h> (if necessary).
*/
- DONETISR(NETISR_RND,netrndintr);
-
#ifdef INET
#if NETHER > 0
DONETISR(NETISR_ARP,arpintr);