On Thu, Oct 27, 2016 at 07:07:50PM +0200, Pablo Neira Ayuso wrote: > On Sat, Oct 22, 2016 at 11:34:15PM +0200, Laura Garcia Liebana wrote: > > The hash expression requires a seed attribute to call the jhash > > operation, eg. > > > > # nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2 \ > > seed 0xdeadbeef > > > > With this patch the seed attribute is optional and it's generated by a > > random function from userspace, eg. > > > > # nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2 > > > > To generate a secure random number it has been included the libbsd > > library dependency by default, that implements the arc4random() > > function generator. But it's possible to get rid of this dependency > > applying the option --without-arc4random during the configure of the > > package. > > > > Suggested-by: Pablo Neira Ayuso <pa...@netfilter.org> > > Signed-off-by: Laura Garcia Liebana <nev...@gmail.com> > > --- > > configure.ac | 14 +++++++++++++- > > include/hash.h | 10 ++++++++++ > > src/parser_bison.y | 5 +++++ > > tests/py/ip/hash.t | 2 ++ > > 4 files changed, 30 insertions(+), 1 deletion(-) > > > > diff --git a/configure.ac b/configure.ac > > index 7e0b75c..8c93981 100644 > > --- a/configure.ac > > +++ b/configure.ac > > @@ -108,6 +108,17 @@ AC_DEFINE([HAVE_LIBXTABLES], [1], [0]) > > AC_SUBST(with_libxtables) > > AM_CONDITIONAL([BUILD_XTABLES], [test "x$with_libxtables" == xyes]) > > > > +AC_ARG_WITH([arc4random], [AS_HELP_STRING([--without-arc4random], > > + [disable arc4random (libbsd dev support)])], > > + [], [with_arc4random=yes]) > > +AS_IF([test "x$with_arc4random" != xno], [ > > +AC_CHECK_LIB([bsd], [arc4random], , > > + AC_MSG_ERROR([No suitable version of libbsd dev found])) > > +AC_DEFINE([HAVE_LIBBSD], [1], []) > > +]) > > +AC_SUBST(with_arc4random) > > +AM_CONDITIONAL([BUILD_ARC4RANDOM], [test "x$with_arc4random" != xno]) > > We have getrandom() already around for a while: > > https://lwn.net/Articles/605828/ > > Main problem is that your libc version may not yet support this. But > in case HAVE_GETRANDOM is not set, otherwise fallback on the poorman > version by now.
I mean, we can add this to configure.ac: AC_CHECK_FUNCS(getrandom) So config.h will define HAVE_GETRANDOM if available. This constant will tell us what implementation we can use for this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
