[ovs-dev] [patch v4 2/4] conntrack: Check all addresses for ephemeral ports.

Darrell Ball dlu998 at gmail.com
Mon Dec 17 22:43:12 UTC 2018


When fallback to ephemeral ports triggers to find a NAT translation,
it may happen that the full address range is not explored; i.e. if
all ephemeral ports are being used for the address range >= the
first address checked and there are other addresses in the
available range, then they would not be explored for availability.
The likelihood of hitting this condition is rare. The fix is to
reset the first address to the minimum address when starting to
search ephemeral ports.  Found by inspection.

Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
---

Backport to 2.8.

 lib/conntrack.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 21d32ba..92b2db4 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2223,6 +2223,7 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn,
                 if (!ephemeral_ports_tried) {
                     ephemeral_ports_tried = true;
                     ct_addr = conn->nat_info->min_addr;
+                    first_addr = ct_addr;
                     min_port = MIN_NAT_EPHEMERAL_PORT;
                     max_port = MAX_NAT_EPHEMERAL_PORT;
                 } else {
-- 
1.9.1



More information about the dev mailing list