---

yaml --- r: 108845 b: refs/heads/master c: 9f59365 h: refs/heads/master i: 108843: 783e114 v: v3
git-mirror · Aug 19, 2008 · e7688ed · e7688ed
1 parent 36cb188
commit e7688ed
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: fab00c5d15091546be681426c60b2ed2c10513bf
+refs/heads/master: 9f593653742d1dd816c4e94c6e5154a57ccba6d1
diff --git a/trunk/drivers/char/random.c b/trunk/drivers/char/random.c
@@ -1571,6 +1571,7 @@ u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
 
 	return half_md4_transform(hash, keyptr->secret);
 }
+EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral);
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,

diff --git a/trunk/net/ipv4/netfilter/nf_nat_proto_common.c b/trunk/net/ipv4/netfilter/nf_nat_proto_common.c
@@ -73,9 +73,13 @@ bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
 		range_size = ntohs(range->max.all) - min + 1;
 	}
 
-	off = *rover;
 	if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
-		off = net_random();
+		off = secure_ipv4_port_ephemeral(tuple->src.u3.ip, tuple->dst.u3.ip,
+						 maniptype == IP_NAT_MANIP_SRC
+						 ? tuple->dst.u.all
+						 : tuple->src.u.all);
+	else
+		off = *rover;
 
 	for (i = 0; i < range_size; i++, off++) {
 		*portptr = htons(min + off % range_size);