Module Name: src
Committed By: tls
Date: Mon Apr 7 02:24:31 UTC 2014
Modified Files:
src/sys/net [tls-earlyentropy]: if_ethersubr.c
Log Message:
Increase unpredictability of early output: mix in the headers of the
first 100 Ethernet packets received by the system (if we are really
short of entropy, keep mixing them though we don't count any entropy from
them; such systems are particularly likely to have guessable outputs).
To generate a diff of this commit:
cvs rdiff -u -r1.196 -r1.196.2.1 src/sys/net/if_ethersubr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_ethersubr.c
diff -u src/sys/net/if_ethersubr.c:1.196 src/sys/net/if_ethersubr.c:1.196.2.1
--- src/sys/net/if_ethersubr.c:1.196 Tue Feb 25 22:42:06 2014
+++ src/sys/net/if_ethersubr.c Mon Apr 7 02:24:31 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ethersubr.c,v 1.196 2014/02/25 22:42:06 pooka Exp $ */
+/* $NetBSD: if_ethersubr.c,v 1.196.2.1 2014/04/07 02:24:31 tls Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.196 2014/02/25 22:42:06 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.196.2.1 2014/04/07 02:24:31 tls Exp $");
#include "opt_inet.h"
#include "opt_atalk.h"
@@ -91,6 +91,7 @@ __KERNEL_RCSID(0, "$NetBSD: if_ethersubr
#include <sys/cpu.h>
#include <sys/intr.h>
#include <sys/device.h>
+#include <sys/rnd.h>
#include <net/if.h>
#include <net/netisr.h>
@@ -577,6 +578,7 @@ ether_input(struct ifnet *ifp, struct mb
uint16_t etype;
struct ether_header *eh;
size_t ehlen;
+ static int earlypkts;
#if defined (LLC) || defined(NETATALK)
struct llc *l;
#endif
@@ -593,6 +595,11 @@ ether_input(struct ifnet *ifp, struct mb
etype = ntohs(eh->ether_type);
ehlen = sizeof(*eh);
+ if(__predict_false(earlypkts < 100 || !rnd_initial_entropy)) {
+ rnd_add_data(NULL, eh, ehlen, 0);
+ earlypkts++;
+ }
+
/*
* Determine if the packet is within its size limits.
*/
