[PATCH] Optionally let Net Devices feed Entropy

Robert Love (rml@tech9.net)
16 Aug 2001 00:36:43 -0400


(patches will be attached in subsequent emails. there is a set for
2.4.9-pre4 and another for 2.4.8-ac5. Patch #1 includes the core code
changes, configure changes, etc. Patch #2 includes some updated network
drivers).

Its a long standing debate whether to allow network drivers to
contribute to the kernel entropy pool. This e-mail is not to convince
anyone of anything, but give users a choice.

Right now, a very small number of network devices add to /dev/random.
The majority of them don't, presumably because of the fear of an
external attacker manipulating the kernel entropy pool.

The following patches allow the user to configure at compile-time
whether or not network devices should be allowed to feed the pool. For
those of us who don't fear external attackers, this is a nice addition
of entropy. It is also useful for those who are on a headless system
and need some more sources of entropy.

A new configure statement is available in Network Devices. Enabling it
enables CONFIG_NET_RANDOM which sets a new request_irq flag,
SA_SAMPLE_RANDOM_NET. If enabled, that flag is defined as
SA_SAMPLE_RANDOM. If disabled, the flag is defined as 0. Thus there is
no additional code after compile.

The idea, then, should be to add SA_SAMPLE_RANDOM_NET to each network
devices request_irq call.

Patch #2 does this for some devices: 3c501, 3c505, 3c509, 3c523, 3c59x,
8139too, cs89x0, eepro, eepro100, eexpress, ibmlana, ne2k-pci, pcnet_cs,
xircom_tulic_cb, sk_mca, smc9194, tulic_core, and wavelan. All of the
devices which already contribute entropy have been updated.

-- 
Robert M. Love
rml at ufl.edu
rml at tech9.net

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/