This is a _very_ good idea and one I suspect most people won't find
Personally, I want entropy gathering enabled for my network devices.
While I disagree that there is any chance in hell that a remote intruder
can influence the entropy pool in a manner where the returned hash is
able to be determined, I understand some people don't want entropy
gathering enabled on their NICs.
There are two approaches to this. Neither idea would be too hard.
Method one, your idea, would have us add SA_SAMPLE_NET_RANDOM to each
NIC's request_irq call. The random gatherer would then need to be made
aware of the sysctl and check and add/remove interripts derived from
NICs as needed. This would require a bit of recoding (take a look at
request_irq and random.c)
Note we can't do the check once in request_irq because this is only
called once. Anything loaded before the sysctl was set would be out of
luck (note this is anything not a module). Additionally, we wouldn't be
able to change the sysctl on the fly and have the NICs start/stop adding
An easier, although less robust idea (although one I like) is a
configure statement "Gather entropy using Network Devices". Then we add
SA_SAMPLE_NET_RANDOM to each NIC's request_irq flags and define it like
#define SA_SAMPLE_NET_RANDOM SA_SAMPLE_RANDOM
#define SA_SAMPLE_NET_RANDOM 0
and voila. No extra code after compile, everyone can choose, and who
would complain? Those who want the entropy, will get it.
-- Robert M. Love rml at ufl.edu rml at tech9.net
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to email@example.com More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/