On Thu, Nov 15, 2018 at 10:22:59AM +0100, Florian Westphal wrote: > This is a leftover from days where single-cpu systems were common: > Store last port used to resolve a clash to use it as a starting point when > the next conflict needs to be resolved. > > When we have parallel attempt to connect to same address:port pair, > its likely that both cores end up computing the same "available" port, > as both use same starting port, and newly used ports won't become > visible to other cores until the conntrack gets confirmed later. > > One of the cores then has to drop the packet at insertion time because > the chosen new tuple turns out to be in use after all. > > Lets simplify this: remove port rover and use a pseudo-random starting > point. > > Note that this doesn't make netfilter default to 'fully random' mode; > the 'rover' was only used if NAT could not reuse source port as-is.
Applied, thanks Florian.
