From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202606 header.b=U32AkLnF; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 73D0D5A026E for ; Thu, 16 Jul 2026 07:45:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202606; t=1784180743; bh=Rmvx9/gBYNJpCbQNyHgs6HzbqojFesQzd2Jk6z49YrA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=U32AkLnFwlyNpjdUMbtpvDHO87B95VAbvEW9qzzg80U9z/rx1c46GAvN/pUMoG0Ye h6c0sX/BSVeWNNb3JQ3b32ZsAkFsd4XHTdgNQq+ZM97Miq6x8MirI4jtq4M3hf6ldm D6yQmU9uvWdcY4zI67k8B3lT5xocJ43yE+wTG2jvJ5pnXnJsoXx0y/5IvYBg06ydBm 2NBxRmner3ot4X7ajPtyagu1mdWW+p+mjt+kEYs5mok38t/RkJ8Jc1oj74PHu4PO62 MjBCy51RLprpFYnbA4/WSLl9iqdBinkW3ncVlNQH2oiiSTF+QrVwc4FwOqK9+d3zhu IGcLN7gLcRKVw== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4h12870fmqz4wCZ; Thu, 16 Jul 2026 15:45:43 +1000 (AEST) Date: Thu, 16 Jul 2026 15:45:30 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH 4/4] ndp: Use high quality entropy in NDP timer even if not needed Message-ID: References: <20260715232523.3372714-1-sbrivio@redhat.com> <20260715232523.3372714-5-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xUWvIBpk2F1dTzBH" Content-Disposition: inline In-Reply-To: <20260715232523.3372714-5-sbrivio@redhat.com> Message-ID-Hash: U7JOOW63EZ55IYMXRGWPYWHUWYGPUVPE X-Message-ID-Hash: U7JOOW63EZ55IYMXRGWPYWHUWYGPUVPE X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --xUWvIBpk2F1dTzBH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 16, 2026 at 01:25:23AM +0200, Stefano Brivio wrote: > ...instead of calling random(), to make static checkers happy. >=20 > I don't think that an attacker could actually gain anything by making > router advertisement intervals predictable, but a doubt remains, and > this is cheap enough that we might just want to do this to get rid of > the noise from static checkers informing us that random() shouldn't be > used. >=20 > Signed-off-by: Stefano Brivio > --- > ndp.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) >=20 > diff --git a/ndp.c b/ndp.c > index 1f2bcb0..43457b3 100644 > --- a/ndp.c > +++ b/ndp.c > @@ -413,6 +413,7 @@ void ndp_timer(const struct ctx *c, const struct time= spec *now) > { > time_t max_rtr_adv_interval =3D DEFAULT_MAX_RTR_ADV_INTERVAL; > time_t min_rtr_adv_interval, interval; > + long random_part; > =20 > if (!tap_is_ready(c) || c->no_ra || now->tv_sec < next_ra) > return; > @@ -433,15 +434,17 @@ void ndp_timer(const struct ctx *c, const struct ti= mespec *now) > * and causing flurries of RAs at the same time. > * > * This random doesn't need to be cryptographically strong, so random(3) > - * is fine. Other routers on the link also want to avoid > - * synchronisation, and anything malicious has much easier ways to cause > - * trouble. > + * would be fine. Other routers on the link also want to avoid > + * synchronisation, and anything malicious would have much easier ways > + * to cause trouble. However, for the sake of static checkers, use high > + * quality entropy as provided by raw_random(). > * > * The modulus also makes this not strictly a uniform distribution, but, > * again, it's close enough for our purposes. > */ > + raw_random(&random_part, sizeof(random_part)); > interval =3D min_rtr_adv_interval + > - random() % (max_rtr_adv_interval - min_rtr_adv_interval); > + random_part % (max_rtr_adv_interval - min_rtr_adv_interval); Although it returns a signed long, random() is explicitly defined to only return values between 0 and 2^31-1. Using raw_random() means we can get anything in the full range of a 'long', including negative numbers. Is that going to mess up our calculations here? Might be safer to make random_part a uint32_t, then cast it to a time_t for the arithmetic. > =20 > if (!next_ra) > goto first; > --=20 > 2.43.0 >=20 --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --xUWvIBpk2F1dTzBH Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmpYb+8ACgkQzQJF27ox 2Gc7vw//Yn7v2atVnjCW+EtGl+eVdLSObw2r7RbTv7ZrPRfPJJv5phbB2RqQi1rk qW4bXnN1QqWl2/3FVLedykl9hXWnh7EbpIVhDXt/cW7Aiz+hdtjVLNEXJZH+HWqr 3Ezxlz5DLwlOqlrdabWHlv9HYlsSIkZUQRVRvGIbAW24Ik7aYBjfageytBbtBtSO AM18Djr6KTsygEYv3eW2n9B20MT0Lctu0fnTTaLwOqq5TtZs4eql/D69AJzgvZ1G 63iUT5jWjHm/ekL1Q9DbIxTBX7wo68XNHNAlcOE+8XVdpdSxohF2XU+8wnxgLn/4 quOT28wzVgQFH2W3PCQYknHfzjgcNfxka/jPGFTEYnzazf9KGvmGLvUOjVRL0syU 8xe6H2RGnQJ06W5+yLaEPn8DsdAZ8Q5yAUoLromhLZAXoJfBGbD95C2I13olprvN +/inAYsr2FygQvuE7rFRMpt0JqusVPP5lNu60vqGL3w1hoJysVgtyGb6tRrn4iBl kq5vhYJTLSS1LAgiFt83RT64imp8iVOcwaZNDb5AsvdDQ0/uLRDU5iGG1YZB3Sg2 AgvZsqDSlxz0UhVh3WoQPWML/3JLIblvXVbYIN4jTRfKwYzEks0kRc2kZ50UcvL8 ol3QfsoR+PS997E9dISij3SqpU97RyXCFqy+unToL6cmHQlk0Fo= =XCau -----END PGP SIGNATURE----- --xUWvIBpk2F1dTzBH--