From: abutcher-gh <abutcher-gh@noreply.users.codeberg.org>
Date: Sat, 25 Jan 2025 12:07:26 +0000 (+0100)
Subject: xt_pknock: use walltime for building hash
X-Git-Tag: v3.28~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=397b282dba9a8bb52933950693f57d22ba73ac21;p=thirdparty%2Fxtables-addons.git

xt_pknock: use walltime for building hash

References: https://codeberg.org/jengelh/xtables-addons/issues/21
---

diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index 1ac54fb..2901646 100644
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -718,7 +718,6 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
 	unsigned int hexa_size;
 	int ret;
 	bool fret = false;
-	uint64_t x;
 	unsigned int epoch_min;
 	/* Concurrent use fenced off by a caller which holds list_lock. */
 	struct shash_desc *shash = (void *)crypto.desc; // SHASH_DESC_ON_STACK part 2
@@ -733,9 +732,13 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
 	hexresult = kzalloc(hexa_size, GFP_ATOMIC);
 	if (hexresult == NULL)
 		return false;
-	x = ktime_get_seconds();
-	do_div(x, 60);
-	epoch_min = x;
+
+	/* Time needs to be in minutes relative to epoch. */
+	{
+		time64_t t = ktime_get_real_seconds();
+		do_div(t, 60);
+		epoch_min = t;
+	}
 
 	ret = crypto_shash_setkey(crypto.tfm, secret, secret_len);
 	if (ret != 0) {