[ovs-dev] [patch v4 2/4] conntrack: Check all addresses for ephemeral ports.

Darrell Ball dlu998 at gmail.com
Wed Dec 19 08:51:29 UTC 2018


On Tue, Dec 18, 2018 at 3:46 PM Darrell Ball <dball at vmware.com> wrote:

>
>
> On 12/18/18, 2:21 PM, "ovs-dev-bounces at openvswitch.org on behalf of Ben
> Pfaff" <ovs-dev-bounces at openvswitch.org on behalf of blp at ovn.org> wrote:
>
>     On Mon, Dec 17, 2018 at 02:43:12PM -0800, Darrell Ball wrote:
>     > When fallback to ephemeral ports triggers to find a NAT translation,
>     > it may happen that the full address range is not explored; i.e. if
>     > all ephemeral ports are being used for the address range >= the
>     > first address checked and there are other addresses in the
>     > available range, then they would not be explored for availability.
>     > The likelihood of hitting this condition is rare. The fix is to
>     > reset the first address to the minimum address when starting to
>     > search ephemeral ports.  Found by inspection.
>     >
>     > Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT
> Support.")
>     > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
>     > ---
>     >
>     > Backport to 2.8.
>
>     Applied to master, but the backports didn't apply.  Will you check on
>     that?  Thanks.
>
> Thanks Ben
> I will check on Patches 2 and 3
>

I guess the issue was that for 2.9, patch 3 is not applicable, since the
conntrack tuple flush feature made it into the kernel datapath, but not the
userspace datapath
until 2.10.



>
>
>     _______________________________________________
>     dev mailing list
>     dev at openvswitch.org
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-dev&amp;data=02%7C01%7Cdball%40vmware.com%7C1de93d774a1a4ed490e008d665371621%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C636807684660272170&amp;sdata=YZuJqykVmXzex3uVQ2QBdgRl3devWg1i4b9aaKHTf0g%3D&amp;reserved=0
>
>
>


More information about the dev mailing list