From mboxrd@z Thu Jan 1 00:00:00 1970 Received: by passt.top (Postfix, from userid 1000) id D0B195A0619; Thu, 16 Jul 2026 01:25:23 +0200 (CEST) From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH 4/4] ndp: Use high quality entropy in NDP timer even if not needed Date: Thu, 16 Jul 2026 01:25:23 +0200 Message-ID: <20260715232523.3372714-5-sbrivio@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260715232523.3372714-1-sbrivio@redhat.com> References: <20260715232523.3372714-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: HUSERFNQTJVUAA33EZVMN34V6GKZO5UN X-Message-ID-Hash: HUSERFNQTJVUAA33EZVMN34V6GKZO5UN X-MailFrom: sbrivio@passt.top X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: ...instead of calling random(), to make static checkers happy. I don't think that an attacker could actually gain anything by making router advertisement intervals predictable, but a doubt remains, and this is cheap enough that we might just want to do this to get rid of the noise from static checkers informing us that random() shouldn't be used. Signed-off-by: Stefano Brivio --- ndp.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ndp.c b/ndp.c index 1f2bcb0..43457b3 100644 --- a/ndp.c +++ b/ndp.c @@ -413,6 +413,7 @@ void ndp_timer(const struct ctx *c, const struct timespec *now) { time_t max_rtr_adv_interval = DEFAULT_MAX_RTR_ADV_INTERVAL; time_t min_rtr_adv_interval, interval; + long random_part; if (!tap_is_ready(c) || c->no_ra || now->tv_sec < next_ra) return; @@ -433,15 +434,17 @@ void ndp_timer(const struct ctx *c, const struct timespec *now) * and causing flurries of RAs at the same time. * * This random doesn't need to be cryptographically strong, so random(3) - * is fine. Other routers on the link also want to avoid - * synchronisation, and anything malicious has much easier ways to cause - * trouble. + * would be fine. Other routers on the link also want to avoid + * synchronisation, and anything malicious would have much easier ways + * to cause trouble. However, for the sake of static checkers, use high + * quality entropy as provided by raw_random(). * * The modulus also makes this not strictly a uniform distribution, but, * again, it's close enough for our purposes. */ + raw_random(&random_part, sizeof(random_part)); interval = min_rtr_adv_interval + - random() % (max_rtr_adv_interval - min_rtr_adv_interval); + random_part % (max_rtr_adv_interval - min_rtr_adv_interval); if (!next_ra) goto first; -- 2.43.0