wenxu <[email protected]> writes: > From: Paolo Valerio <[email protected]> > Date: 2021-09-06 19:00:37 > To: [email protected],[email protected],[email protected],[email protected] > Cc: [email protected] > Subject: Re: [PATCH v2 1/2] conntrack: restore the origin port for each round > with new address>Hello, >> >>[email protected] writes: >> >>> From: wenxu <[email protected]> >>> >>> It is better to choose the origin select port as current port >>> for each port search round with new address. >>> >>> Signed-off-by: wenxu <[email protected]> >>> --- >> >>This should happen normally. >>It doesn't happen in the case of source port manipulation when the >>default ephemeral range is used and the packet source port is below >>1024. In that case the first IP iteration uses the packet source port, >>whereas the others don't. >> >>if we want to change this behavior, there are some more ways we can >>consider, e.g.: > > " In that case the first IP iteration uses the packet source port, whereas > the others don't" > > I think the above rule is not matter with the curr_sport picking different > ranges? > > So you means for source ports < 1024, each IP iteration should using > different source port? >
What I meant is that, without your patch, in that case, the first attempt of the first IP iteration is performed using the original source port. The next IP iterations use MIN_NAT_EPHEMERAL_PORT as a starting port. E.g. with ct(nat(commit,src=10.1.1.240-10.1.1.241)), packet src port 500, and all the lookups detect a collision, results in: curr IP: 10.1.1.240, curr source port: 500, 1024, 1025, ..., MAX_NAT_EPHEMERAL_PORT curr IP: 10.1.1.241, curr source port: 1024, 1025, ..., MAX_NAT_EPHEMERAL_PORT _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
