ipv4: use siphash instead of Jenkins in fnhe_hashfun()
A group of security researchers brought to our attention
the weakness of hash function used in fnhe_hashfun().
Lets use siphash instead of Jenkins Hash, to considerably
reduce security risks.
Also remove the inline keyword, this really is distracting.
Fixes: d546c62154
("ipv4: harden fnhe_hashfun()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Keyu Man <kman001@ucr.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
4785305c05
commit
6457378fe7
|
@ -600,14 +600,14 @@ static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
|
|||
return oldest;
|
||||
}
|
||||
|
||||
static inline u32 fnhe_hashfun(__be32 daddr)
|
||||
static u32 fnhe_hashfun(__be32 daddr)
|
||||
{
|
||||
static u32 fnhe_hashrnd __read_mostly;
|
||||
u32 hval;
|
||||
static siphash_key_t fnhe_hash_key __read_mostly;
|
||||
u64 hval;
|
||||
|
||||
net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
|
||||
hval = jhash_1word((__force u32)daddr, fnhe_hashrnd);
|
||||
return hash_32(hval, FNHE_HASH_SHIFT);
|
||||
net_get_random_once(&fnhe_hash_key, sizeof(fnhe_hash_key));
|
||||
hval = siphash_1u32((__force u32)daddr, &fnhe_hash_key);
|
||||
return hash_64(hval, FNHE_HASH_SHIFT);
|
||||
}
|
||||
|
||||
static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
|
||||
|
|
Loading…
Reference in New Issue