netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH RFC xtables-addons] build: support for linux 6.1
@ 2022-10-23  3:22 John Thomson
  2022-10-24  9:58 ` [xtables-addons PATCH v1] " John Thomson
  0 siblings, 1 reply; 3+ messages in thread
From: John Thomson @ 2022-10-23  3:22 UTC (permalink / raw)
  To: netfilter-devel; +Cc: John Thomson

6.1 commit de492c83cae0 ("prandom: remove unused functions") removed
prandom_u32, which was replaced and deprecated for get_random_u32 in
5.19 d4150779e60f ("random32: use real rng for non-deterministic
 randomness"). get_random_u32 was introduced in 4.11 c440408cf690
("random: convert get_random_int/long into get_random_u32/u64")

Use the cocci script from 81895a65ec63 ("treewide: use prandom_u32_max()
when possible, part 1"), along with a best guess for _max changes, introduced:
3.14 f337db64af05 ("random32: add prandom_u32_max and convert open coded users")

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
---
RFC due to:
only compile tested aarch64 6.1rc1
not sure about the change for htonl(prandom_u32_max(~oth->seq + 1));
---
 extensions/xt_CHAOS.c  | 8 ++++++++
 extensions/xt_TARPIT.c | 6 +++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c
index 69d2082..5db8431 100644
--- a/extensions/xt_CHAOS.c
+++ b/extensions/xt_CHAOS.c
@@ -67,7 +67,11 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par)
 		ret = xm_tcp->match(skb, &local_par);
 		hotdrop = local_par.hotdrop;
 	}
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,11,0)
+	if (!ret || hotdrop || (unsigned int)get_random_u32() > delude_percentage)
+#else
 	if (!ret || hotdrop || (unsigned int)prandom_u32() > delude_percentage)
+#endif
 		return;
 
 	destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
@@ -94,7 +98,11 @@ chaos_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	const struct xt_chaos_tginfo *info = par->targinfo;
 	const struct iphdr *iph = ip_hdr(skb);
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,11,0)
+	if ((unsigned int)get_random_u32() <= reject_percentage) {
+#else
 	if ((unsigned int)prandom_u32() <= reject_percentage) {
+#endif
 		struct xt_action_param local_par;
 		local_par.state    = par->state;
 		local_par.target   = xt_reject;
diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
index 9a7ae5c..22e6125 100644
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -107,8 +107,8 @@ static bool xttarpit_honeypot(struct tcphdr *tcph, const struct tcphdr *oth,
 		tcph->syn     = true;
 		tcph->ack     = true;
 		tcph->window  = oth->window &
-			((prandom_u32() & 0x1f) - 0xf);
-		tcph->seq     = htonl(prandom_u32() & ~oth->seq);
+			(prandom_u32_max(0x20) - 0xf);
+		tcph->seq     = htonl(prandom_u32_max(~oth->seq + 1));
 		tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn);
 	}
 
@@ -117,7 +117,7 @@ static bool xttarpit_honeypot(struct tcphdr *tcph, const struct tcphdr *oth,
 		tcph->syn     = false;
 		tcph->ack     = true;
 		tcph->window  = oth->window &
-			((prandom_u32() & 0x1f) - 0xf);
+			(prandom_u32_max(0x20) - 0xf);
 		tcph->ack_seq = payload > 100 ?
 			htonl(ntohl(oth->seq) + payload) :
 			oth->seq;
-- 
2.37.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-10-25  8:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-23  3:22 [PATCH RFC xtables-addons] build: support for linux 6.1 John Thomson
2022-10-24  9:58 ` [xtables-addons PATCH v1] " John Thomson
2022-10-25  8:46   ` Jan Engelhardt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).