From mboxrd@z Thu Jan 1 00:00:00 1970 Received: by passt.top (Postfix, from userid 1000) id 085BA5A0272; Thu, 16 Jul 2026 09:22:23 +0200 (CEST) From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH v2 4/4] ndp: Use high quality entropy in NDP timer even if not needed Date: Thu, 16 Jul 2026 09:22:22 +0200 Message-ID: <20260716072222.1819811-5-sbrivio@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260716072222.1819811-1-sbrivio@redhat.com> References: <20260716072222.1819811-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: JRLJRPAIRZRA6MGRI6AXKKF4ECBT7YXR X-Message-ID-Hash: JRLJRPAIRZRA6MGRI6AXKKF4ECBT7YXR X-MailFrom: sbrivio@passt.top X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: ...instead of calling random(), to make static checkers happy. I don't think that an attacker could actually gain anything by making router advertisement intervals predictable, but a doubt remains, and this is cheap enough that we might just want to do this to get rid of the noise from static checkers informing us that random() shouldn't be used. Signed-off-by: Stefano Brivio --- v2: Turn random_part to uint32_t and cast to time_t before using it, to avoid using negative values ndp.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ndp.c b/ndp.c index 1f2bcb0..439fc0c 100644 --- a/ndp.c +++ b/ndp.c @@ -413,6 +413,7 @@ void ndp_timer(const struct ctx *c, const struct timespec *now) { time_t max_rtr_adv_interval = DEFAULT_MAX_RTR_ADV_INTERVAL; time_t min_rtr_adv_interval, interval; + uint32_t random_part; if (!tap_is_ready(c) || c->no_ra || now->tv_sec < next_ra) return; @@ -433,15 +434,18 @@ void ndp_timer(const struct ctx *c, const struct timespec *now) * and causing flurries of RAs at the same time. * * This random doesn't need to be cryptographically strong, so random(3) - * is fine. Other routers on the link also want to avoid - * synchronisation, and anything malicious has much easier ways to cause - * trouble. + * would be fine. Other routers on the link also want to avoid + * synchronisation, and anything malicious would have much easier ways + * to cause trouble. However, for the sake of static checkers, use high + * quality entropy as provided by raw_random(). * * The modulus also makes this not strictly a uniform distribution, but, * again, it's close enough for our purposes. */ + raw_random(&random_part, sizeof(random_part)); interval = min_rtr_adv_interval + - random() % (max_rtr_adv_interval - min_rtr_adv_interval); + (time_t)random_part % (max_rtr_adv_interval - + min_rtr_adv_interval); if (!next_ra) goto first; -- 2.43.0