| Message ID | 1542823921-46807-2-git-send-email-dlu998@gmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [ovs-dev,v2,1/4] conntrack: Skip ephemeral ports fallback for DNAT. | expand |
diff --git a/lib/conntrack.c b/lib/conntrack.c index 31fedc0..bb3eeca 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -2225,6 +2225,7 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn, } else { ephemeral_ports_tried = true; ct_addr = conn->nat_info->min_addr; + first_addr = ct_addr; min_port = MIN_NAT_EPHEMERAL_PORT; max_port = MAX_NAT_EPHEMERAL_PORT; }
When fallback to ephemeral ports triggers to find a NAT translation, it may happen that the full address range is not explored; i.e. if all ephemeral ports are being used for the address range up to the first address checked and there are other addresses in the available range, then they would not be explored for availability. The likelihood of hitting this condition is rare. The fix is to reset the first address to the minimum address when starting to search ephemeral ports. Found by inspection. Needs backporting to 2.8. Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.") Signed-off-by: Darrell Ball <dlu998@gmail.com> --- lib/conntrack.c | 1 + 1 file changed, 1 insertion(+)