diff --git a/bin/lwresd/main.c b/bin/lwresd/main.c index 9af83d81ab..ead0ec42da 100644 --- a/bin/lwresd/main.c +++ b/bin/lwresd/main.c @@ -340,7 +340,7 @@ main(int argc, char **argv) { * Create a dispatch manager. */ dispatchmgr = NULL; - result = dns_dispatchmgr_create(mem, &dispatchmgr); + result = dns_dispatchmgr_create(mem, NULL, &dispatchmgr); INSIST(result == ISC_R_SUCCESS); /* diff --git a/bin/named/main.c b/bin/named/main.c index 8742b0d474..aa32c5103a 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -364,7 +364,7 @@ create_managers(void) { return (ISC_R_UNEXPECTED); } - result = dns_dispatchmgr_create(ns_g_mctx, &ns_g_dispatchmgr); + result = dns_dispatchmgr_create(ns_g_mctx, NULL, &ns_g_dispatchmgr); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, "dns_dispatchmgr_create() failed: %s", diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c index 1809bc00eb..1503699967 100644 --- a/lib/dns/dispatch.c +++ b/lib/dns/dispatch.c @@ -19,6 +19,7 @@ #include +#include #include #include #include @@ -49,6 +50,8 @@ struct dns_dispatchmgr { isc_mempool_t *epool; /* memory pool for events */ isc_mempool_t *rpool; /* memory pool request/reply */ isc_mempool_t *dpool; /* dispatch allocations */ + + isc_entropy_t *entropy; /* entropy source */ }; #define MGR_SHUTTINGDOWN 0x00000001U @@ -227,10 +230,22 @@ request_log(dns_dispatch_t *disp, dns_dispentry_t *resp, static void reseed_lfsr(isc_lfsr_t *lfsr, void *arg) { - UNUSED(arg); + dns_dispatch_t *disp = (dns_dispatch_t *)arg; + dns_dispatchmgr_t *mgr = disp->mgr; + isc_result_t result; + isc_uint32_t val; + + if (mgr->entropy != NULL) { + result = isc_entropy_getdata(mgr->entropy, &val, sizeof val, + NULL, 0); + if (result == ISC_R_SUCCESS) { + lfsr->count = (val & 0x1f) + 32; + lfsr->state = val; + return; + } + } lfsr->count = (random() & 0x1f) + 32; /* From 32 to 63 states */ - lfsr->state = random(); } @@ -505,6 +520,11 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { return; } + + dispatch_log(disp, LVL(10), + "odd socket result in udp_recv(): %s\n", + ev->result); + /* * otherwise, on strange error, log it and restart. * XXXMLG @@ -914,6 +934,9 @@ destroy_mgr(dns_dispatchmgr_t **mgrp) { isc_mutex_destroy(&mgr->pool_lock); + if (mgr->entropy != NULL) + isc_entropy_detach(&mgr->entropy); + isc_mem_put(mctx, mgr, sizeof(dns_dispatchmgr_t)); isc_mem_detach(&mctx); } @@ -946,7 +969,9 @@ create_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, */ isc_result_t -dns_dispatchmgr_create(isc_mem_t *mctx, dns_dispatchmgr_t **mgrp) { +dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy, + dns_dispatchmgr_t **mgrp) +{ dns_dispatchmgr_t *mgr; isc_result_t result; @@ -1005,6 +1030,10 @@ dns_dispatchmgr_create(isc_mem_t *mctx, dns_dispatchmgr_t **mgrp) { mgr->state = 0; ISC_LIST_INIT(mgr->list); + mgr->entropy = NULL; + if (entropy != NULL) + isc_entropy_attach(entropy, &mgr->entropy); + *mgrp = mgr; return (ISC_R_SUCCESS); @@ -1448,7 +1477,8 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, isc_sockaddr_t *localaddr, unsigned int buffersize, unsigned int maxbuffers, unsigned int maxrequests, unsigned int buckets, unsigned int increment, - unsigned int attributes, dns_dispatch_t **dispp) + unsigned int attributes, + dns_dispatch_t **dispp) { isc_result_t result; dns_dispatch_t *disp; diff --git a/lib/dns/include/dns/dispatch.h b/lib/dns/include/dns/dispatch.h index 945ae5b6ce..a4d173cd88 100644 --- a/lib/dns/include/dns/dispatch.h +++ b/lib/dns/include/dns/dispatch.h @@ -53,6 +53,7 @@ #include #include #include +#include #include @@ -119,10 +120,9 @@ struct dns_dispatchevent { #define DNS_DISPATCHATTR_MAKEQUERY 0x00000040U #define DNS_DISPATCHATTR_CONNECTED 0x00000080U -ISC_LANG_BEGINDECLS - isc_result_t -dns_dispatchmgr_create(isc_mem_t *mctx, dns_dispatchmgr_t **mgrp); +dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy, + dns_dispatchmgr_t **mgrp); /* * Creates a new dispatchmgr object. * @@ -131,6 +131,10 @@ dns_dispatchmgr_create(isc_mem_t *mctx, dns_dispatchmgr_t **mgrp); * * mgrp != NULL && *mgrp == NULL * + * "entropy" may be NULL, in which case an insecure random generator + * will be used. If it is non-NULL, it must be a valid entropy + * source. + * * Returns: * ISC_R_SUCCESS -- all ok *