diff options
author | csjp <csjp@FreeBSD.org> | 2008-08-30 20:58:34 +0000 |
---|---|---|
committer | csjp <csjp@FreeBSD.org> | 2008-08-30 20:58:34 +0000 |
commit | 4d406f1257608c22a80b337fb37be9f425a08315 (patch) | |
tree | 2a0e1f1b2961ae1de9733c876c02d81cd6ac72d4 /sys/netinet | |
parent | 1a41b28f5c93bc10e68c3ec64f5ce4bcdefca0bc (diff) | |
download | FreeBSD-src-4d406f1257608c22a80b337fb37be9f425a08315.zip FreeBSD-src-4d406f1257608c22a80b337fb37be9f425a08315.tar.gz |
Improve the entropy of the source port randomization for network address
translation. It turns out this is useful for applications which require
source port randomization for security (i.e. dns servers).
Discussed with: secteam
Requested by: mlaier
MFC after: 2 weeks
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/libalias/alias_db.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c index c9942b8..82ff138 100644 --- a/sys/netinet/libalias/alias_db.c +++ b/sys/netinet/libalias/alias_db.c @@ -606,7 +606,7 @@ GetNewPort(struct libalias *la, struct alias_link *lnk, int alias_port_param) port_sys = ntohs(port_net); } else { /* First trial and all subsequent are random. */ - port_sys = random() & ALIAS_PORT_MASK; + port_sys = arc4random() & ALIAS_PORT_MASK; port_sys += ALIAS_PORT_BASE; port_net = htons(port_sys); } @@ -657,7 +657,7 @@ GetNewPort(struct libalias *la, struct alias_link *lnk, int alias_port_param) } #endif } - port_sys = random() & ALIAS_PORT_MASK; + port_sys = arc4random() & ALIAS_PORT_MASK; port_sys += ALIAS_PORT_BASE; port_net = htons(port_sys); } @@ -772,9 +772,9 @@ FindNewPortGroup(struct libalias *la, /* First trial and all subsequent are random. */ if (align == FIND_EVEN_ALIAS_BASE) - port_sys = random() & ALIAS_PORT_MASK_EVEN; + port_sys = arc4random() & ALIAS_PORT_MASK_EVEN; else - port_sys = random() & ALIAS_PORT_MASK; + port_sys = arc4random() & ALIAS_PORT_MASK; port_sys += ALIAS_PORT_BASE; } @@ -796,9 +796,9 @@ FindNewPortGroup(struct libalias *la, /* Find a new base to try */ if (align == FIND_EVEN_ALIAS_BASE) - port_sys = random() & ALIAS_PORT_MASK_EVEN; + port_sys = arc4random() & ALIAS_PORT_MASK_EVEN; else - port_sys = random() & ALIAS_PORT_MASK; + port_sys = arc4random() & ALIAS_PORT_MASK; port_sys += ALIAS_PORT_BASE; } |