[ovs-dev] [patch v2 2/2] conntrack: Skip ephemeral ports fallback for DNAT.
Darrell Ball
dlu998 at gmail.com
Wed Aug 29 07:30:38 UTC 2018
Ephemeral port fallback is being done for DNAT and the code could be hit in
some special cases, with some test challenges. This is incorrect at any rate,
so filter this out.
Also, rename the variable used for checking whether ephemeral ports
need to be checked.
Needs backporting to 2.8.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-August/351629.html
Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
---
lib/conntrack.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 692f2b8..be6c8fc 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2183,7 +2183,9 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn,
uint16_t port = first_port;
bool all_ports_tried = false;
- bool original_ports_tried = false;
+ /* For DNAT, we don't try ephemeral ports. */
+ bool ephemeral_ports_tried =
+ conn->nat_info->nat_action & NAT_ACTION_DST ? true : false;
struct ct_addr first_addr = ct_addr;
while (true) {
@@ -2229,8 +2231,8 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn,
ct_addr = conn->nat_info->min_addr;
}
if (!memcmp(&ct_addr, &first_addr, sizeof ct_addr)) {
- if (!original_ports_tried) {
- original_ports_tried = true;
+ if (!ephemeral_ports_tried) {
+ ephemeral_ports_tried = true;
ct_addr = conn->nat_info->min_addr;
min_port = MIN_NAT_EPHEMERAL_PORT;
max_port = MAX_NAT_EPHEMERAL_PORT;
--
1.9.1
More information about the dev
mailing list