git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 13 Dec 2018 15:01:27 +0000 (16:01 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 17 Dec 2018 22:32:36 +0000 (23:32 +0100)
commit	8bc7f128d14bd055ada893d19bb1014e14dd1438
tree	755dea0c481c601888c262c31dcf7d2906581ad8	tree \| snapshot
parent	279f9c92e08cbb8073c89d3f22c2b1f9b505ddbc	commit \| diff

netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support

Historically this was net_random() based, and was then converted to
a hash based algorithm (private boot seed + hash of endpoint addresses)
due to concerns of leaking net_random() bits.

RANDOM_FULLY mode was added later to avoid problems with hash
based mode (see commit 8c737b16da4ab,
"netfilter: nf_nat: add full port randomization support" for details).

Just make prandom_u32() the default search starting point and get rid of
->secure_port() altogether.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_nat_l3proto.h		diff \| blob \| history
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c		diff \| blob \| history
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c		diff \| blob \| history
net/netfilter/nf_nat_proto_common.c		diff \| blob \| history