From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 3 Nov 2016 16:52:19 +0000 (+0100)
Subject: netfilter: nft_hash: get random bytes if seed is not specified
X-Git-Tag: v4.14-rc1~1973^2~281^2~28
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f86dab3aa6fef724456ba7e3fae3e2f02414ae86;p=platform%2Fkernel%2Flinux-rpi3.git

netfilter: nft_hash: get random bytes if seed is not specified

If the user doesn't specify a seed, generate one at configuration time.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index baf694d..97ad8e3 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -57,7 +57,6 @@ static int nft_hash_init(const struct nft_ctx *ctx,
 	if (!tb[NFTA_HASH_SREG] ||
 	    !tb[NFTA_HASH_DREG] ||
 	    !tb[NFTA_HASH_LEN]  ||
-	    !tb[NFTA_HASH_SEED] ||
 	    !tb[NFTA_HASH_MODULUS])
 		return -EINVAL;
 
@@ -80,7 +79,10 @@ static int nft_hash_init(const struct nft_ctx *ctx,
 	if (priv->offset + priv->modulus - 1 < priv->offset)
 		return -EOVERFLOW;
 
-	priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
+	if (tb[NFTA_HASH_SEED])
+		priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
+	else
+		get_random_bytes(&priv->seed, sizeof(priv->seed));
 
 	return nft_validate_register_load(priv->sreg, len) &&
 	       nft_validate_register_store(ctx, priv->dreg, NULL,