Darrell Ball wrote:
> Thanks for the report
>
> I think there are two separate issues:
> 1/ Fallback to ephemeral ports for SNAT being less restrictive than in
> kernel
> 2/ Wasted local variable port incrementing work for ICMPv4/v6
>
> I sent an alternative series here:
>
Thanks for the report
I think there are two separate issues:
1/ Fallback to ephemeral ports for SNAT being less restrictive than in
kernel
2/ Wasted local variable port incrementing work for ICMPv4/v6
I sent an alternative series here:
If setting the port range in SNAT, we expect that the selected port is in the
range we set.
At the same time, this behavior is consistent with the kernel-datapath.
The port has no meaning for the icmp/icmpv6 protocol.
If no key is available, it will exit early.
Signed-off-by: LiWei
---