[NETFILTER]: hashlimit match: fix random initialization

hashlimit does:

        if (!ht->rnd)
                get_random_bytes(&ht->rnd, 4);

ignoring that 0 is also a valid random number.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c
index 85edfb79469a739120e3b5298e79b10615506ffe..92980ab8ce489dacaad95a4c259c19855e0cfd01 100644 (file)
--- a/net/ipv4/netfilter/ipt_hashlimit.c
+++ b/net/ipv4/netfilter/ipt_hashlimit.c
@@ -80,6 +80,7 @@ struct ipt_hashlimit_htable {
        /* used internally */
        spinlock_t lock;                /* lock for list_head */
        u_int32_t rnd;                  /* random seed for hash */
+       int rnd_initialized;
        struct timer_list timer;        /* timer for gc */
        atomic_t count;                 /* number entries in table */
 
@@ -134,8 +135,10 @@ __dsthash_alloc_init(struct ipt_hashlimit_htable *ht, struct dsthash_dst *dst)
 
        /* initialize hash with random val at the time we allocate
         * the first hashtable entry */
-       if (!ht->rnd)
+       if (!ht->rnd_initialized) {
                get_random_bytes(&ht->rnd, 4);
+               ht->rnd_initialized = 1;
+       }
 
        if (ht->cfg.max &&
            atomic_read(&ht->count) >= ht->cfg.max) {
@@ -214,7 +217,7 @@ static int htable_create(struct ipt_hashlimit_info *minfo)
 
        atomic_set(&hinfo->count, 0);
        atomic_set(&hinfo->use, 1);
-       hinfo->rnd = 0;
+       hinfo->rnd_initialized = 0;
        spin_lock_init(&hinfo->lock);
        hinfo->pde = create_proc_entry(minfo->name, 0, hashlimit_procdir);
        if (!hinfo->pde) {