nat: Provide access to /dev/urandom for the code
Instead of doing open/read/close all the time, open the FD in the beginning and keep it open. To scare me even more I have seen /dev/urandom actually providing a short read and then blocking but it seems to be the best way to get the random byes we need for authentication. So one should/could run the cheap random generator on the system (e.g. haveged) or deal with the NAT process to block.
This commit is contained in:
parent
8a8df80772
commit
fce6971fe3
|
@ -304,6 +304,9 @@ struct bsc_nat {
|
|||
|
||||
/* control interface */
|
||||
struct ctrl_handle *ctrl;
|
||||
|
||||
/* for random values */
|
||||
int random_fd;
|
||||
};
|
||||
|
||||
struct bsc_nat_ussd_con {
|
||||
|
|
|
@ -21,6 +21,8 @@
|
|||
*
|
||||
*/
|
||||
#include <sys/socket.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <arpa/inet.h>
|
||||
|
@ -31,6 +33,7 @@
|
|||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
#define _GNU_SOURCE
|
||||
#include <getopt.h>
|
||||
|
@ -1534,6 +1537,12 @@ int main(int argc, char **argv)
|
|||
/* We need to add mode-set for amr codecs */
|
||||
nat->sdp_ensure_amr_mode_set = 1;
|
||||
|
||||
nat->random_fd = open("/dev/random", O_RDONLY);
|
||||
if (nat->random_fd < 0) {
|
||||
fprintf(stderr, "Failed to open /dev/urandom.\n");
|
||||
return -5;
|
||||
}
|
||||
|
||||
vty_info.copyright = openbsc_copyright;
|
||||
vty_init(&vty_info);
|
||||
logging_vty_add_cmds(&log_info);
|
||||
|
|
Loading…
Reference in New Issue