nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization - linux

diff options

author	Stephen Hemminger <shemminger@vyatta.com>	2008-08-19 06:32:32 +0200
committer	David S. Miller <davem@davemloft.net>	2008-08-19 06:32:32 +0200
commit	9f593653742d1dd816c4e94c6e5154a57ccba6d1 (patch)
tree	1e71181cc80da8dc3d6e1da202943482b9eb5500 /net/sched
parent	netfilter: ctnetlink: sleepable allocation with spin lock bh (diff)
download	linux-9f593653742d1dd816c4e94c6e5154a57ccba6d1.tar.xz linux-9f593653742d1dd816c4e94c6e5154a57ccba6d1.zip

nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization

Use incoming network tuple as seed for NAT port randomization. This avoids concerns of leaking net_random() bits, and also gives better port distribution. Don't have NAT server, compile tested only. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> [ added missing EXPORT_SYMBOL_GPL ] Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/sched')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: