diff mbox series

[ovs-dev,v2,6/6] conntrack: Skip ephemeral ports fallback for DNAT.

Message ID 1536124490-86810-6-git-send-email-dlu998@gmail.com
State Superseded
Delegated to: Justin Pettit
Headers show
Series [ovs-dev,v2,1/6] conntrack: Handle self nat case. | expand

Commit Message

Darrell Ball Sept. 5, 2018, 5:14 a.m. UTC 
Ephemeral port fallback is being done for DNAT and the code could be hit in
some special cases, where packets are expected to be persistently dropped.
At any rate, this is incorrect, so filter this out.
Also, rename the variable used for checking whether ephemeral ports
need to be checked.
Needs backporting to 2.8.

Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-August/351629.html
Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball <dlu998@gmail.com>
---
 lib/conntrack.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 4b29c31..bb649b1 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2186,7 +2186,9 @@  nat_select_range_tuple(struct conntrack *ct, const struct conn *conn,
 
     uint16_t port = first_port;
     bool all_ports_tried = false;
-    bool original_ports_tried = false;
+    /* For DNAT, we don't try ephemeral ports. */
+    bool ephemeral_ports_tried =
+        conn->nat_info->nat_action & NAT_ACTION_DST ? true : false;
     struct ct_addr first_addr = ct_addr;
 
     while (true) {
@@ -2232,8 +2234,8 @@  nat_select_range_tuple(struct conntrack *ct, const struct conn *conn,
                 ct_addr = conn->nat_info->min_addr;
             }
             if (!memcmp(&ct_addr, &first_addr, sizeof ct_addr)) {
-                if (!original_ports_tried) {
-                    original_ports_tried = true;
+                if (!ephemeral_ports_tried) {
+                    ephemeral_ports_tried = true;
                     ct_addr = conn->nat_info->min_addr;
                     min_port = MIN_NAT_EPHEMERAL_PORT;
                     max_port = MAX_NAT_EPHEMERAL_PORT;