On Thu, Dec 13, 2018 at 04:01:27PM +0100, Florian Westphal wrote: > Historically this was net_random() based, and was then converted to > a hash based algorithm (private boot seed + hash of endpoint addresses) > due to concerns of leaking net_random() bits. > > RANDOM_FULLY mode was added later to avoid problems with hash > based mode (see commit 34ce324019e76, > "netfilter: nf_nat: add full port randomization support" for details). > > Just make prandom_u32() the default search starting point and get rid of > ->secure_port() altogether. Series applied, thanks.
