netfilter: Enhance the codes used to get random once

There are some codes which are used to get one random once in netfilter.
We could use net_get_random_once to simplify these codes.

Signed-off-by: Gao Feng <fgao@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c
index 515131f9e021a659d5305fe9b7455db7fc74c57e..dbd6c4a12b97435d2937c92fd79a035fd5828965 100644 (file)
--- a/net/netfilter/xt_RATEEST.c
+++ b/net/netfilter/xt_RATEEST.c
@@ -24,7 +24,6 @@ static DEFINE_MUTEX(xt_rateest_mutex);
 #define RATEEST_HSIZE  16
 static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly;
 static unsigned int jhash_rnd __read_mostly;
-static bool rnd_inited __read_mostly;
 
 static unsigned int xt_rateest_hash(const char *name)
 {
@@ -99,10 +98,7 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
        } cfg;
        int ret;
 
-       if (unlikely(!rnd_inited)) {
-               get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
-               rnd_inited = true;
-       }
+       net_get_random_once(&jhash_rnd, sizeof(jhash_rnd));
 
        est = xt_rateest_lookup(info->name);
        if (est) {

diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 99bbc829868d5042ab5dbcbc02dc70c8e57f6b85..b6dc322593a34586aa7b0a0b73b23fcf9c47f5d2 100644 (file)
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -366,14 +366,8 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par)
        unsigned int i;
        int ret;
 
-       if (unlikely(!connlimit_rnd)) {
-               u_int32_t rand;
+       net_get_random_once(&connlimit_rnd, sizeof(connlimit_rnd));
 
-               do {
-                       get_random_bytes(&rand, sizeof(rand));
-               } while (!rand);
-               cmpxchg(&connlimit_rnd, 0, rand);
-       }
        ret = nf_ct_l3proto_try_module_get(par->family);
        if (ret < 0) {
                pr_info("cannot load conntrack support for "

diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index d725a27743a169fc80cc00f38dd2278696be3365..e3b7a09b103e490a2c85364d8938b47565b9c66c 100644 (file)
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -110,7 +110,6 @@ static const struct file_operations recent_old_fops, recent_mt_fops;
 #endif
 
 static u_int32_t hash_rnd __read_mostly;
-static bool hash_rnd_inited __read_mostly;
 
 static inline unsigned int recent_entry_hash4(const union nf_inet_addr *addr)
 {
@@ -340,10 +339,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
        int ret = -EINVAL;
        size_t sz;
 
-       if (unlikely(!hash_rnd_inited)) {
-               get_random_bytes(&hash_rnd, sizeof(hash_rnd));
-               hash_rnd_inited = true;
-       }
+       net_get_random_once(&hash_rnd, sizeof(hash_rnd));
+
        if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
                pr_info("Unsupported user space flags (%08x)\n",
                        info->check_set);