6.1 commit de492c83cae0 ("prandom: remove unused functions") removed
prandom_u32, which was replaced and deprecated for get_random_u32 in
5.19 d4150779e60f ("random32: use real rng for non-deterministic
randomness"). get_random_u32 was introduced in 4.11 c440408cf690
("random: convert get_random_int/long into get_random_u32/u64")
Use the cocci script from 81895a65ec63 ("treewide: use prandom_u32_max()
when possible, part 1"), along with a best guess for _max changes, introduced:
3.14 f337db64af05 ("random32: add prandom_u32_max and convert open coded users")
Signed-off-by: John Thomson <git@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
---
RFC due to:
only compile tested aarch64 6.1rc1
not sure about the change for htonl(prandom_u32_max(~oth->seq + 1));
---
extensions/xt_CHAOS.c | 8 ++++++++
extensions/xt_TARPIT.c | 6 +++---
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c
index 69d2082..5db8431 100644
--- a/extensions/xt_CHAOS.c
+++ b/extensions/xt_CHAOS.c
@@ -67,7 +67,11 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par)
ret = xm_tcp->match(skb, &local_par);
hotdrop = local_par.hotdrop;
}
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,11,0)
+ if (!ret || hotdrop || (unsigned int)get_random_u32() > delude_percentage)
+#else
if (!ret || hotdrop || (unsigned int)prandom_u32() > delude_percentage)
+#endif
return;
destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
@@ -94,7 +98,11 @@ chaos_tg(struct sk_buff *skb, const struct xt_action_param *par)
const struct xt_chaos_tginfo *info = par->targinfo;
const struct iphdr *iph = ip_hdr(skb);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,11,0)
+ if ((unsigned int)get_random_u32() <= reject_percentage) {
+#else
if ((unsigned int)prandom_u32() <= reject_percentage) {
+#endif
struct xt_action_param local_par;
local_par.state = par->state;
local_par.target = xt_reject;
diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
index 9a7ae5c..22e6125 100644
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -107,8 +107,8 @@ static bool xttarpit_honeypot(struct tcphdr *tcph, const struct tcphdr *oth,
tcph->syn = true;
tcph->ack = true;
tcph->window = oth->window &
- ((prandom_u32() & 0x1f) - 0xf);
- tcph->seq = htonl(prandom_u32() & ~oth->seq);
+ (prandom_u32_max(0x20) - 0xf);
+ tcph->seq = htonl(prandom_u32_max(~oth->seq + 1));
tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn);
}
@@ -117,7 +117,7 @@ static bool xttarpit_honeypot(struct tcphdr *tcph, const struct tcphdr *oth,
tcph->syn = false;
tcph->ack = true;
tcph->window = oth->window &
- ((prandom_u32() & 0x1f) - 0xf);
+ (prandom_u32_max(0x20) - 0xf);
tcph->ack_seq = payload > 100 ?
htonl(ntohl(oth->seq) + payload) :
oth->seq;
--
2.37.2
