netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Florian Westphal <fw@strlen.de>	2018-12-13 18:01:27 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-12-18 01:32:36 +0300
commit	912da924a29fc6bd466b98a8791d6f7cf74caf61 (patch)
tree	755dea0c481c601888c262c31dcf7d2906581ad8 /net/ipv6/protocol.c
parent	df7043bed47e0f525224c55c2e005c97f958d80d (diff)
download	linux-912da924a29fc6bd466b98a8791d6f7cf74caf61.tar.xz

netfilter: remove NF_NAT_RANGE_PROTO_RANDOM support

Historically this was net_random() based, and was then converted to a hash based algorithm (private boot seed + hash of endpoint addresses) due to concerns of leaking net_random() bits. RANDOM_FULLY mode was added later to avoid problems with hash based mode (see commit 34ce324019e76, "netfilter: nf_nat: add full port randomization support" for details). Just make prandom_u32() the default search starting point and get rid of ->secure_port() altogether. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/ipv6/protocol.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: