diff options
author | Eric Leblond <eric@inl.fr> | 2007-02-07 23:10:09 (GMT) |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-02-08 20:39:17 (GMT) |
commit | 41f4689a7c8cd76b77864461b3c58fde8f322b2c (patch) | |
tree | 29be7597bc02158ca41261f365ebcbd8047dd56f /net/ipv4/netfilter/ip_nat_proto_tcp.c | |
parent | cdd289a2f833b93e65b9a09a02c37f47a58140a8 (diff) | |
download | linux-fsl-qoriq-41f4689a7c8cd76b77864461b3c58fde8f322b2c.tar.xz |
[NETFILTER]: NAT: optional source port randomization support
This patch adds support to NAT to randomize source ports.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/ip_nat_proto_tcp.c')
-rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_tcp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c index b586d18..14ff24f 100644 --- a/net/ipv4/netfilter/ip_nat_proto_tcp.c +++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c @@ -8,6 +8,7 @@ #include <linux/types.h> #include <linux/init.h> +#include <linux/random.h> #include <linux/netfilter.h> #include <linux/ip.h> #include <linux/tcp.h> @@ -75,6 +76,10 @@ tcp_unique_tuple(struct ip_conntrack_tuple *tuple, range_size = ntohs(range->max.tcp.port) - min + 1; } + /* Start from random port to avoid prediction */ + if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) + port = net_random(); + for (i = 0; i < range_size; i++, port++) { *portptr = htons(min + port % range_size); if (!ip_nat_used_tuple(tuple, conntrack)) { |