[ovs-dev] [PATCH v6 1/3] conntrack: select correct sport range for well-known origin sport
wenxu at ucloud.cn
wenxu at ucloud.cn
Sat Oct 9 15:28:38 UTC 2021
From: wenxu <wenxu at ucloud.cn>
Like the kernel datapath. The sport nat range for well-konwn origin
sport should limit in the well-known ports.
Signed-off-by: wenxu <wenxu at ucloud.cn>
Acked-by: Paolo Valerio <pvalerio at redhat.com>
---
lib/conntrack.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 33a1a92..44f99f3 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2265,8 +2265,16 @@ set_sport_range(const struct nat_action_info_t *ni, const struct conn_key *k,
if (((ni->nat_action & NAT_ACTION_SNAT_ALL) == NAT_ACTION_SRC) ||
((ni->nat_action & NAT_ACTION_DST))) {
*curr = ntohs(k->src.port);
- *min = MIN_NAT_EPHEMERAL_PORT;
- *max = MAX_NAT_EPHEMERAL_PORT;
+ if (*curr < 512) {
+ *min = 1;
+ *max = 511;
+ } else if (*curr < 1024) {
+ *min = 600;
+ *max = 1023;
+ } else {
+ *min = MIN_NAT_EPHEMERAL_PORT;
+ *max = MAX_NAT_EPHEMERAL_PORT;
+ }
} else {
*min = ni->min_port;
*max = ni->max_port;
--
1.8.3.1
More information about the dev
mailing list