Coverity flags the random() call in ndp_timer() with the dont_call checker, warning that it should not be used for security-related applications. This is a false positive: random() is used here to jitter the interval between unsolicited Router Advertisements as required by RFC 4861, to prevent synchronisation between routers on a link. No cryptographic strength is needed. Suppress the warning with an inline Coverity annotation. Signed-off-by: Laurent Vivier --- ndp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ndp.c b/ndp.c index 1f2bcb0cc7ea..614932ac5829 100644 --- a/ndp.c +++ b/ndp.c @@ -441,6 +441,7 @@ void ndp_timer(const struct ctx *c, const struct timespec *now) * again, it's close enough for our purposes. */ interval = min_rtr_adv_interval + + /* coverity[dont_call:FALSE] */ random() % (max_rtr_adv_interval - min_rtr_adv_interval); if (!next_ra) -- 2.54.0