Module Name: src Committed By: tls Date: Mon Apr 7 02:24:31 UTC 2014
Modified Files: src/sys/net [tls-earlyentropy]: if_ethersubr.c Log Message: Increase unpredictability of early output: mix in the headers of the first 100 Ethernet packets received by the system (if we are really short of entropy, keep mixing them though we don't count any entropy from them; such systems are particularly likely to have guessable outputs). To generate a diff of this commit: cvs rdiff -u -r1.196 -r1.196.2.1 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.196 src/sys/net/if_ethersubr.c:1.196.2.1 --- src/sys/net/if_ethersubr.c:1.196 Tue Feb 25 22:42:06 2014 +++ src/sys/net/if_ethersubr.c Mon Apr 7 02:24:31 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.196 2014/02/25 22:42:06 pooka Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.196.2.1 2014/04/07 02:24:31 tls Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.196 2014/02/25 22:42:06 pooka Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.196.2.1 2014/04/07 02:24:31 tls Exp $"); #include "opt_inet.h" #include "opt_atalk.h" @@ -91,6 +91,7 @@ __KERNEL_RCSID(0, "$NetBSD: if_ethersubr #include <sys/cpu.h> #include <sys/intr.h> #include <sys/device.h> +#include <sys/rnd.h> #include <net/if.h> #include <net/netisr.h> @@ -577,6 +578,7 @@ ether_input(struct ifnet *ifp, struct mb uint16_t etype; struct ether_header *eh; size_t ehlen; + static int earlypkts; #if defined (LLC) || defined(NETATALK) struct llc *l; #endif @@ -593,6 +595,11 @@ ether_input(struct ifnet *ifp, struct mb etype = ntohs(eh->ether_type); ehlen = sizeof(*eh); + if(__predict_false(earlypkts < 100 || !rnd_initial_entropy)) { + rnd_add_data(NULL, eh, ehlen, 0); + earlypkts++; + } + /* * Determine if the packet is within its size limits. */