[ovs-dev] [patch v1 2/2] conntrack: Skip ephemeral ports fallback for DNAT.

Tue, 28 Aug 2018 19:38:42 -0700 

Ephemeral port fallback is being done for DNAT; stop it.
Nees backporting to 2.8.

Reported-at: 
https://mail.openvswitch.org/pipermail/ovs-dev/2018-August/351629.html
Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball <[email protected]>
---
 lib/conntrack.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 44cb91b..c434084 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2182,7 +2182,9 @@ nat_select_range_tuple(struct conntrack *ct, const struct 
conn *conn,
 
     uint16_t port = first_port;
     bool all_ports_tried = false;
-    bool original_ports_tried = false;
+    /* For DNAT, we don't try ephemeral ports. */
+    bool ephemeral_ports_tried =
+        conn->nat_info->nat_action & NAT_ACTION_DST ? true : false;
     struct ct_addr first_addr = ct_addr;
 
     while (true) {
@@ -2228,8 +2230,8 @@ nat_select_range_tuple(struct conntrack *ct, const struct 
conn *conn,
                 ct_addr = conn->nat_info->min_addr;
             }
             if (!memcmp(&ct_addr, &first_addr, sizeof ct_addr)) {
-                if (!original_ports_tried) {
-                    original_ports_tried = true;
+                if (!ephemeral_ports_tried) {
+                    ephemeral_ports_tried = true;
                     ct_addr = conn->nat_info->min_addr;
                     min_port = MIN_NAT_EPHEMERAL_PORT;
                     max_port = MAX_NAT_EPHEMERAL_PORT;
-- 
1.9.1

_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to