net_sched: sfq: always randomize hash perturbation
authorEric Dumazet <eric.dumazet@gmail.com>
Wed, 4 Jan 2012 06:23:01 +0000 (06:23 +0000)
committerDavid S. Miller <davem@davemloft.net>
Wed, 4 Jan 2012 19:12:48 +0000 (14:12 -0500)
SFQ q->perturbation is used in sfq_hash() as an input to Jenkins hash.

We currently randomize this 32bit value only if a perturbation timer is
setup.

Its much better to always initialize it to defeat attackers, or else
they can predict very well what kind of packets they have to forge to
hit a particular flow.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sched/sch_sfq.c

index 16feb88503afcf22cc1b378db06a3a3212918e37..843018154a5c9eae03b3d6bba577d8960fd88890 100644 (file)
@@ -591,12 +591,12 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt)
        q->cur_depth = 0;
        q->tail = NULL;
        q->divisor = SFQ_DEFAULT_HASH_DIVISOR;
-       if (opt == NULL) {
-               q->quantum = psched_mtu(qdisc_dev(sch));
-               q->scaled_quantum = SFQ_ALLOT_SIZE(q->quantum);
-               q->perturb_period = 0;
-               q->perturbation = net_random();
-       } else {
+       q->quantum = psched_mtu(qdisc_dev(sch));
+       q->scaled_quantum = SFQ_ALLOT_SIZE(q->quantum);
+       q->perturb_period = 0;
+       q->perturbation = net_random();
+
+       if (opt) {
                int err = sfq_change(sch, opt);
                if (err)
                        return err;