git.ipfire.org Git - thirdparty/iptables.git/commit

author	Daniel Borkmann <dborkman@redhat.com>
	Sun, 22 Dec 2013 03:15:38 +0000 (04:15 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 3 Jan 2014 23:37:23 +0000 (00:37 +0100)
commit	3cefc136d13f426fd68808ddfd39ada0c90f23db
tree	536defe8f11cb6400f23ed30663f39485f929776	tree \| snapshot
parent	0bb8765cc28cf1ddde70f3f5bfed96a067b1ead3	commit \| diff

iptables: snat: add randomize-full support

This patch provides the userspace part for snat in order to make
randomize-full support available in {ip,nf}tables. It allows for
enabling full port randomization that was motivated in [1] and
introduced to the kernel in [2].

Joint work between Hannes Frederic Sowa and Daniel Borkmann.

[1] https://sites.google.com/site/hayashulman/files/NIC-derandomisation.pdf
[2] http://patchwork.ozlabs.org/patch/304306/

Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

extensions/libip6t_SNAT.c		diff \| blob \| blame \| history
extensions/libipt_SNAT.c		diff \| blob \| blame \| history
extensions/libxt_SNAT.man		diff \| blob \| blame \| history
include/linux/netfilter/nf_nat.h		diff \| blob \| blame \| history