git.osdn.net Git - uclinux-h8/linux.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 13 Dec 2018 15:01:27 +0000 (16:01 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 17 Dec 2018 22:32:36 +0000 (23:32 +0100)
commit	912da924a29fc6bd466b98a8791d6f7cf74caf61
tree	755dea0c481c601888c262c31dcf7d2906581ad8	tree \| snapshot
parent	df7043bed47e0f525224c55c2e005c97f958d80d	commit \| diff

netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support

Historically this was net_random() based, and was then converted to
a hash based algorithm (private boot seed + hash of endpoint addresses)
due to concerns of leaking net_random() bits.

RANDOM_FULLY mode was added later to avoid problems with hash
based mode (see commit 34ce324019e76,
"netfilter: nf_nat: add full port randomization support" for details).

Just make prandom_u32() the default search starting point and get rid of
->secure_port() altogether.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_nat_l3proto.h		diff \| blob \| history
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c		diff \| blob \| history
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c		diff \| blob \| history
net/netfilter/nf_nat_proto_common.c		diff \| blob \| history