diff options
author | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-06-08 11:56:59 +0200 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-07-01 08:16:40 +0200 |
commit | fce6971fe3673e8269414188fda0ce3b28b5cf03 (patch) | |
tree | 607c53e0006cd7b8e8033325c34d7ddd2926dda9 /openbsc/src | |
parent | 8a8df80772a4bac0f3cb4d384f45a5d4c463fe11 (diff) |
nat: Provide access to /dev/urandom for the code
Instead of doing open/read/close all the time, open the
FD in the beginning and keep it open. To scare me even
more I have seen /dev/urandom actually providing a short
read and then blocking but it seems to be the best way
to get the random byes we need for authentication.
So one should/could run the cheap random generator on
the system (e.g. haveged) or deal with the NAT process
to block.
Diffstat (limited to 'openbsc/src')
-rw-r--r-- | openbsc/src/osmo-bsc_nat/bsc_nat.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c index 841262c5a..82562ba17 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c @@ -21,6 +21,8 @@ * */ #include <sys/socket.h> +#include <sys/types.h> +#include <sys/stat.h> #include <netinet/in.h> #include <netinet/tcp.h> #include <arpa/inet.h> @@ -31,6 +33,7 @@ #include <stdlib.h> #include <time.h> #include <unistd.h> +#include <fcntl.h> #define _GNU_SOURCE #include <getopt.h> @@ -1534,6 +1537,12 @@ int main(int argc, char **argv) /* We need to add mode-set for amr codecs */ nat->sdp_ensure_amr_mode_set = 1; + nat->random_fd = open("/dev/random", O_RDONLY); + if (nat->random_fd < 0) { + fprintf(stderr, "Failed to open /dev/urandom.\n"); + return -5; + } + vty_info.copyright = openbsc_copyright; vty_init(&vty_info); logging_vty_add_cmds(&log_info); |