[ovs-dev] [patch v4 2/4] conntrack: Check all addresses for ephemeral ports.
Darrell Ball
dlu998 at gmail.com
Wed Dec 19 08:51:29 UTC 2018
On Tue, Dec 18, 2018 at 3:46 PM Darrell Ball <dball at vmware.com> wrote:
>
>
> On 12/18/18, 2:21 PM, "ovs-dev-bounces at openvswitch.org on behalf of Ben
> Pfaff" <ovs-dev-bounces at openvswitch.org on behalf of blp at ovn.org> wrote:
>
> On Mon, Dec 17, 2018 at 02:43:12PM -0800, Darrell Ball wrote:
> > When fallback to ephemeral ports triggers to find a NAT translation,
> > it may happen that the full address range is not explored; i.e. if
> > all ephemeral ports are being used for the address range >= the
> > first address checked and there are other addresses in the
> > available range, then they would not be explored for availability.
> > The likelihood of hitting this condition is rare. The fix is to
> > reset the first address to the minimum address when starting to
> > search ephemeral ports. Found by inspection.
> >
> > Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT
> Support.")
> > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> > ---
> >
> > Backport to 2.8.
>
> Applied to master, but the backports didn't apply. Will you check on
> that? Thanks.
>
> Thanks Ben
> I will check on Patches 2 and 3
>
I guess the issue was that for 2.9, patch 3 is not applicable, since the
conntrack tuple flush feature made it into the kernel datapath, but not the
userspace datapath
until 2.10.
>
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-dev&data=02%7C01%7Cdball%40vmware.com%7C1de93d774a1a4ed490e008d665371621%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C636807684660272170&sdata=YZuJqykVmXzex3uVQ2QBdgRl3devWg1i4b9aaKHTf0g%3D&reserved=0
>
>
>
More information about the dev
mailing list