path: root/openbsc/src
diff options
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2015-06-08 11:56:59 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2015-07-01 08:16:40 +0200
commitfce6971fe3673e8269414188fda0ce3b28b5cf03 (patch)
tree607c53e0006cd7b8e8033325c34d7ddd2926dda9 /openbsc/src
parent8a8df80772a4bac0f3cb4d384f45a5d4c463fe11 (diff)
nat: Provide access to /dev/urandom for the code
Instead of doing open/read/close all the time, open the FD in the beginning and keep it open. To scare me even more I have seen /dev/urandom actually providing a short read and then blocking but it seems to be the best way to get the random byes we need for authentication. So one should/could run the cheap random generator on the system (e.g. haveged) or deal with the NAT process to block.
Diffstat (limited to 'openbsc/src')
1 files changed, 9 insertions, 0 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 841262c5a..82562ba17 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -21,6 +21,8 @@
#include <sys/socket.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
@@ -31,6 +33,7 @@
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
+#include <fcntl.h>
#define _GNU_SOURCE
#include <getopt.h>
@@ -1534,6 +1537,12 @@ int main(int argc, char **argv)
/* We need to add mode-set for amr codecs */
nat->sdp_ensure_amr_mode_set = 1;
+ nat->random_fd = open("/dev/random", O_RDONLY);
+ if (nat->random_fd < 0) {
+ fprintf(stderr, "Failed to open /dev/urandom.\n");
+ return -5;
+ }
vty_info.copyright = openbsc_copyright;