diff options
author | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2008-05-07 05:51:13 +0000 |
---|---|---|
committer | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2008-05-07 05:51:13 +0000 |
commit | 2a4b30b87039ac2f778756d352f7935d8317f8cd (patch) | |
tree | 838fe3d2c9b7eccb32786f4725455f2d83f295c2 /sys/net | |
parent | 8370a3080477e7b676b11cf6420090354ccc2e6a (diff) |
Prevent virtual interfaces from adding to the random pool.
Also move the sampling into ether_input() where it can happen
at the interrupt and not within splnet() processing, which might
be less random. Discussed with mickey.
OK markus@, mcbride@
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/if.c | 10 | ||||
-rw-r--r-- | sys/net/if_ethersubr.c | 9 | ||||
-rw-r--r-- | sys/net/if_tun.c | 5 | ||||
-rw-r--r-- | sys/net/netisr.h | 7 | ||||
-rw-r--r-- | sys/net/netisr_dispatch.h | 4 |
5 files changed, 17 insertions, 18 deletions
diff --git a/sys/net/if.c b/sys/net/if.c index 84a5f0409a9..2d226cc12d4 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.169 2008/04/10 23:15:45 dlg Exp $ */ +/* $OpenBSD: if.c,v 1.170 2008/05/07 05:51:12 mpf Exp $ */ /* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */ /* @@ -87,8 +87,6 @@ #include <net/route.h> #include <net/netisr.h> -#include <dev/rndvar.h> - #ifdef INET #include <netinet/in.h> #include <netinet/in_var.h> @@ -1998,9 +1996,3 @@ sysctl_ifq(int *name, u_int namelen, void *oldp, size_t *oldlenp, } /* NOTREACHED */ } - -void -netrndintr(void) -{ - add_net_randomness(0); -} diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index c39d5f3a5e7..2e345c7a92d 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.118 2008/04/23 10:55:14 norby Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.119 2008/05/07 05:51:12 mpf Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -104,6 +104,8 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>. #include <netinet/if_ether.h> #include <netinet/ip_ipsp.h> +#include <dev/rndvar.h> + #if NBPFILTER > 0 #include <net/bpf.h> #endif @@ -563,6 +565,11 @@ ether_input(ifp0, eh, m) etype = ntohs(eh->ether_type); + if (!(netisr & (1 << NETISR_RND_DONE))) { + add_net_randomness(etype); + atomic_setbits_int(&netisr, (1 << NETISR_RND_DONE)); + } + #if NVLAN > 0 if (etype == ETHERTYPE_VLAN && (vlan_input(eh, m) == 0)) return; diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c index 390a1b16ae3..417c350a13f 100644 --- a/sys/net/if_tun.c +++ b/sys/net/if_tun.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_tun.c,v 1.92 2008/05/06 07:18:09 krw Exp $ */ +/* $OpenBSD: if_tun.c,v 1.93 2008/05/07 05:51:12 mpf Exp $ */ /* $NetBSD: if_tun.c,v 1.24 1996/05/07 02:40:48 thorpej Exp $ */ /* @@ -857,6 +857,9 @@ tunwrite(dev_t dev, struct uio *uio, int ioflag) #endif if (tp->tun_flags & TUN_LAYER2) { + /* quirk to not add randomness from a virtual device */ + atomic_setbits_int(&netisr, (1 << NETISR_RND_DONE)); + ether_input_mbuf(ifp, top); ifp->if_ipackets++; /* ibytes are counted in ether_input */ return (0); diff --git a/sys/net/netisr.h b/sys/net/netisr.h index 1ee79a8e39b..2b75c7d7ead 100644 --- a/sys/net/netisr.h +++ b/sys/net/netisr.h @@ -1,4 +1,4 @@ -/* $OpenBSD: netisr.h,v 1.31 2008/04/23 10:55:14 norby Exp $ */ +/* $OpenBSD: netisr.h,v 1.32 2008/05/07 05:51:12 mpf Exp $ */ /* $NetBSD: netisr.h,v 1.12 1995/08/12 23:59:24 mycroft Exp $ */ /* @@ -52,7 +52,7 @@ * interrupt used for scheduling the network code to calls * on the lowest level routine of each protocol. */ -#define NETISR_RND 1 +#define NETISR_RND_DONE 1 #define NETISR_IP 2 /* same as AF_INET */ #define NETISR_TX 3 /* for if_snd processing */ #define NETISR_ATALK 16 /* same as AF_APPLETALK */ @@ -70,7 +70,6 @@ #ifdef _KERNEL extern int netisr; /* scheduling bits for network */ -void netrndintr(void); void nettxintr(void); void arpintr(void); void ipintr(void); @@ -87,7 +86,7 @@ void mplsintr(void); #include <machine/atomic.h> #define schednetisr(anisr) \ do { \ - atomic_setbits_int(&netisr, (1 << (anisr)) | (1 << NETISR_RND));\ + atomic_setbits_int(&netisr, (1 << (anisr))); \ setsoftnet(); \ } while (0) #endif diff --git a/sys/net/netisr_dispatch.h b/sys/net/netisr_dispatch.h index a56187f2d1a..c2de9b2751b 100644 --- a/sys/net/netisr_dispatch.h +++ b/sys/net/netisr_dispatch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: netisr_dispatch.h,v 1.15 2008/04/23 10:55:14 norby Exp $ */ +/* $OpenBSD: netisr_dispatch.h,v 1.16 2008/05/07 05:51:12 mpf Exp $ */ /* $NetBSD: netisr_dispatch.h,v 1.2 2000/07/02 04:40:47 cgd Exp $ */ /* @@ -34,8 +34,6 @@ * their prototypes in <net/netisr.h> (if necessary). */ - DONETISR(NETISR_RND,netrndintr); - #ifdef INET #if NETHER > 0 DONETISR(NETISR_ARP,arpintr); |