summaryrefslogtreecommitdiffstats
path: root/drivers/char
diff options
context:
space:
mode:
authorStephen Hemminger <shemminger@vyatta.com>2008-08-19 06:32:32 +0200
committerDavid S. Miller <davem@davemloft.net>2008-08-19 06:32:32 +0200
commit9f593653742d1dd816c4e94c6e5154a57ccba6d1 (patch)
tree1e71181cc80da8dc3d6e1da202943482b9eb5500 /drivers/char
parentnetfilter: ctnetlink: sleepable allocation with spin lock bh (diff)
downloadlinux-9f593653742d1dd816c4e94c6e5154a57ccba6d1.tar.xz
linux-9f593653742d1dd816c4e94c6e5154a57ccba6d1.zip
nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization
Use incoming network tuple as seed for NAT port randomization. This avoids concerns of leaking net_random() bits, and also gives better port distribution. Don't have NAT server, compile tested only. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> [ added missing EXPORT_SYMBOL_GPL ] Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/char')
-rw-r--r--drivers/char/random.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index e0d0e371909c..1838aa3d24fe 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1571,6 +1571,7 @@ u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
return half_md4_transform(hash, keyptr->secret);
}
+EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral);
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,