On 12/19/2013 02:40 PM, Hannes Frederic Sowa wrote:
Don't use per destination incrementing port allocation in NF_NAT_RANGE_PROTO_RANDOM mode as advised in <https://sites.google.com/site/hayashulman/files/NIC-derandomisation.pdf>. This is especially important for UDP/DNS. Cc: Patrick McHardy <kaber@xxxxxxxxx> Cc: Daniel Borkmann <dborkman@xxxxxxxxxx> Signed-off-by: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
I would have liked a more elaborate commit message ;) but anyway, lgtm, now that we also have periodic reseeding in prandom: Reviewed-by: Daniel Borkmann <dborkman@xxxxxxxxxx> The referenced paper in section 5 is also available here: http://arxiv.org/pdf/1205.5190v1.pdf -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
