aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/char/random.c1
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_common.c8
2 files changed, 7 insertions, 2 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index e0d0e371909c..1838aa3d24fe 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1571,6 +1571,7 @@ u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
1571 1571
1572 return half_md4_transform(hash, keyptr->secret); 1572 return half_md4_transform(hash, keyptr->secret);
1573} 1573}
1574EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral);
1574 1575
1575#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1576#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1576u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, 1577u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
diff --git a/net/ipv4/netfilter/nf_nat_proto_common.c b/net/ipv4/netfilter/nf_nat_proto_common.c
index 91537f11273f..6c4f11f51446 100644
--- a/net/ipv4/netfilter/nf_nat_proto_common.c
+++ b/net/ipv4/netfilter/nf_nat_proto_common.c
@@ -73,9 +73,13 @@ bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
73 range_size = ntohs(range->max.all) - min + 1; 73 range_size = ntohs(range->max.all) - min + 1;
74 } 74 }
75 75
76 off = *rover;
77 if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) 76 if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
78 off = net_random(); 77 off = secure_ipv4_port_ephemeral(tuple->src.u3.ip, tuple->dst.u3.ip,
78 maniptype == IP_NAT_MANIP_SRC
79 ? tuple->dst.u.all
80 : tuple->src.u.all);
81 else
82 off = *rover;
79 83
80 for (i = 0; i < range_size; i++, off++) { 84 for (i = 0; i < range_size; i++, off++) {
81 *portptr = htons(min + off % range_size); 85 *portptr = htons(min + off % range_size);
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-20 08:49:04 -0500