diff options
author | Eric Dumazet <edumazet@google.com> | 2014-09-04 08:21:31 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-09-05 17:40:33 -0700 |
commit | d546c621542df9e45eedc91f35356e887ac63b7b (patch) | |
tree | bcf28df1dafdf743cdbad9230986a5a413e08a26 /net | |
parent | 18a47e6d8af01db1b691802a6bb8eae73d83ad9e (diff) |
ipv4: harden fnhe_hashfun()
Lets make this hash function a bit secure, as ICMP attacks are still
in the wild.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/route.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 44b0cbdd76f1..234a43e233dc 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -596,12 +596,12 @@ static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash) static inline u32 fnhe_hashfun(__be32 daddr) { + static u32 fnhe_hashrnd __read_mostly; u32 hval; - hval = (__force u32) daddr; - hval ^= (hval >> 11) ^ (hval >> 22); - - return hval & (FNHE_HASH_SIZE - 1); + net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd)); + hval = jhash_1word((__force u32) daddr, fnhe_hashrnd); + return hash_32(hval, FNHE_HASH_SHIFT); } static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe) |