From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: passt-dev@passt.top
Subject: Re: [PATCH 4/4] ndp: Use high quality entropy in NDP timer even if not needed
Date: Thu, 16 Jul 2026 09:22:44 +0200 (CEST) [thread overview]
Message-ID: <20260716092243.0ad556c4@elisabeth> (raw)
In-Reply-To: <alhv7-U348663cg9@zatzit>
On Thu, 16 Jul 2026 15:45:30 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:
> On Thu, Jul 16, 2026 at 01:25:23AM +0200, Stefano Brivio wrote:
> > ...instead of calling random(), to make static checkers happy.
> >
> > I don't think that an attacker could actually gain anything by making
> > router advertisement intervals predictable, but a doubt remains, and
> > this is cheap enough that we might just want to do this to get rid of
> > the noise from static checkers informing us that random() shouldn't be
> > used.
> >
> > Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> > ---
> > ndp.c | 11 +++++++----
> > 1 file changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/ndp.c b/ndp.c
> > index 1f2bcb0..43457b3 100644
> > --- a/ndp.c
> > +++ b/ndp.c
> > @@ -413,6 +413,7 @@ void ndp_timer(const struct ctx *c, const struct timespec *now)
> > {
> > time_t max_rtr_adv_interval = DEFAULT_MAX_RTR_ADV_INTERVAL;
> > time_t min_rtr_adv_interval, interval;
> > + long random_part;
> >
> > if (!tap_is_ready(c) || c->no_ra || now->tv_sec < next_ra)
> > return;
> > @@ -433,15 +434,17 @@ void ndp_timer(const struct ctx *c, const struct timespec *now)
> > * and causing flurries of RAs at the same time.
> > *
> > * This random doesn't need to be cryptographically strong, so random(3)
> > - * is fine. Other routers on the link also want to avoid
> > - * synchronisation, and anything malicious has much easier ways to cause
> > - * trouble.
> > + * would be fine. Other routers on the link also want to avoid
> > + * synchronisation, and anything malicious would have much easier ways
> > + * to cause trouble. However, for the sake of static checkers, use high
> > + * quality entropy as provided by raw_random().
> > *
> > * The modulus also makes this not strictly a uniform distribution, but,
> > * again, it's close enough for our purposes.
> > */
> > + raw_random(&random_part, sizeof(random_part));
> > interval = min_rtr_adv_interval +
> > - random() % (max_rtr_adv_interval - min_rtr_adv_interval);
> > + random_part % (max_rtr_adv_interval - min_rtr_adv_interval);
>
> Although it returns a signed long, random() is explicitly defined to
> only return values between 0 and 2^31-1.
Oops, I missed that part. I would have naturally used uint32_t here but
then I looked (too quickly) at the prototype of random() and concluded
it would be better to make it equivalent... except it's not.
> Using raw_random() means we
> can get anything in the full range of a 'long', including negative
> numbers. Is that going to mess up our calculations here?
I don't think in any catastrophic way, but it might, yes.
> Might be safer to make random_part a uint32_t, then cast it to a
> time_t for the arithmetic.
Right, v2 does that.
--
Stefano
next prev parent reply other threads:[~2026-07-16 7:22 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-15 23:25 [PATCH 0/4] Assorted fixes, address a static checker warning Stefano Brivio
2026-07-15 23:25 ` [PATCH 1/4] CONTRIBUTING.md: The tag is "Link:", regardless of how many we have Stefano Brivio
2026-07-16 5:26 ` David Gibson
2026-07-15 23:25 ` [PATCH 2/4] dhcp: Make option parsing more robust, explicitly handle options 0 and 255 Stefano Brivio
2026-07-16 5:37 ` David Gibson
2026-07-16 7:22 ` Stefano Brivio
2026-07-15 23:25 ` [PATCH 3/4] passt.1, pesto.1: ::1 is an address, not a port Stefano Brivio
2026-07-16 5:38 ` David Gibson
2026-07-15 23:25 ` [PATCH 4/4] ndp: Use high quality entropy in NDP timer even if not needed Stefano Brivio
2026-07-16 5:45 ` David Gibson
2026-07-16 7:22 ` Stefano Brivio [this message]
2026-07-16 7:38 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260716092243.0ad556c4@elisabeth \
--to=sbrivio@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).