From 4d406f1257608c22a80b337fb37be9f425a08315 Mon Sep 17 00:00:00 2001 From: csjp Date: Sat, 30 Aug 2008 20:58:34 +0000 Subject: [PATCH] Improve the entropy of the source port randomization for network address translation. It turns out this is useful for applications which require source port randomization for security (i.e. dns servers). Discussed with: secteam Requested by: mlaier MFC after: 2 weeks --- sys/netinet/libalias/alias_db.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c index c9942b82af05..82ff13800c64 100644 --- a/sys/netinet/libalias/alias_db.c +++ b/sys/netinet/libalias/alias_db.c @@ -606,7 +606,7 @@ GetNewPort(struct libalias *la, struct alias_link *lnk, int alias_port_param) port_sys = ntohs(port_net); } else { /* First trial and all subsequent are random. */ - port_sys = random() & ALIAS_PORT_MASK; + port_sys = arc4random() & ALIAS_PORT_MASK; port_sys += ALIAS_PORT_BASE; port_net = htons(port_sys); } @@ -657,7 +657,7 @@ GetNewPort(struct libalias *la, struct alias_link *lnk, int alias_port_param) } #endif } - port_sys = random() & ALIAS_PORT_MASK; + port_sys = arc4random() & ALIAS_PORT_MASK; port_sys += ALIAS_PORT_BASE; port_net = htons(port_sys); } @@ -772,9 +772,9 @@ FindNewPortGroup(struct libalias *la, /* First trial and all subsequent are random. */ if (align == FIND_EVEN_ALIAS_BASE) - port_sys = random() & ALIAS_PORT_MASK_EVEN; + port_sys = arc4random() & ALIAS_PORT_MASK_EVEN; else - port_sys = random() & ALIAS_PORT_MASK; + port_sys = arc4random() & ALIAS_PORT_MASK; port_sys += ALIAS_PORT_BASE; } @@ -796,9 +796,9 @@ FindNewPortGroup(struct libalias *la, /* Find a new base to try */ if (align == FIND_EVEN_ALIAS_BASE) - port_sys = random() & ALIAS_PORT_MASK_EVEN; + port_sys = arc4random() & ALIAS_PORT_MASK_EVEN; else - port_sys = random() & ALIAS_PORT_MASK; + port_sys = arc4random() & ALIAS_PORT_MASK; port_sys += ALIAS_PORT_BASE; }