[NETFILTER]: NAT: optional source port randomization support

This patch adds support to NAT to randomize source ports. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Leblond <eric@inl.fr> 2007-02-07 15:10:09 -0800
committer: David S. Miller <davem@sunset.davemloft.net> 2007-02-08 12:39:17 -0800
commit: 41f4689a7c8cd76b77864461b3c58fde8f322b2c (patch)
tree: 29be7597bc02158ca41261f365ebcbd8047dd56f /net/ipv4/netfilter/nf_nat_proto_udp.c
parent: cdd289a2f833b93e65b9a09a02c37f47a58140a8 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/nf_nat_proto_udp.c b/net/ipv4/netfilter/nf_nat_proto_udp.c
index ab0ce4c8699..8cae6e063bb 100644
--- a/net/ipv4/netfilter/nf_nat_proto_udp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_udp.c
@@ -8,6 +8,7 @@
 
 #include <linux/types.h>
 #include <linux/init.h>
+#include <linux/random.h>
 #include <linux/ip.h>
 #include <linux/udp.h>
 
@@ -73,6 +74,9 @@ udp_unique_tuple(struct nf_conntrack_tuple *tuple,
 		range_size = ntohs(range->max.udp.port) - min + 1;
 	}
 
+	if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
+		port = net_random();
+
 	for (i = 0; i < range_size; i++, port++) {
 		*portptr = htons(min + port % range_size);
 		if (!nf_nat_used_tuple(tuple, ct))
author	Eric Leblond <eric@inl.fr>	2007-02-07 15:10:09 -0800
committer	David S. Miller <davem@sunset.davemloft.net>	2007-02-08 12:39:17 -0800
commit	41f4689a7c8cd76b77864461b3c58fde8f322b2c (patch)
tree	29be7597bc02158ca41261f365ebcbd8047dd56f /net/ipv4/netfilter/nf_nat_proto_udp.c
parent	cdd289a2f833b93e65b9a09a02c37f47a58140a8 (diff)