From patchwork Mon Nov 26 16:48:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darrell Ball X-Patchwork-Id: 1003333 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="LbwLiTla"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 433Xtc5ymcz9s0n for ; Tue, 27 Nov 2018 03:48:56 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 88A03B49; Mon, 26 Nov 2018 16:48:53 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 42AB1AC7 for ; Mon, 26 Nov 2018 16:48:52 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 01208771 for ; Mon, 26 Nov 2018 16:48:51 +0000 (UTC) Received: by mail-pg1-f193.google.com with SMTP id n2so6432458pgm.3 for ; Mon, 26 Nov 2018 08:48:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=wmnm0cFVZGWAaTNyBcmC4GsMtDrsjUCZlRL2zrbRx1k=; b=LbwLiTlaAHN0JV66u+z82soR5Gz14XG9rMQ0R6mHmpa6j8sO2FgXb8gsYAGeXsduml mAyVbqe50sT96H2uK/SJnqj900v2mgYGvIT8rgHc1MYPlJHmbw1Yt1G/RWg8JKw7SlXK 7KMou4833+0EPA5tvnzzfYnZqE2GXt2xxQlu/KjxC9mnNm5sV4dn2a22ZSAfjc2m9yru l54Cs3j+iwK8G+0x7mc2y1t/KSo0/GfLltUbXd4tdajYxPAWErfXiylIMWFczaO/l2F0 b10I4SYDJPzVxMganQjvIth2Ch0wUg0frvDzeplpQFzKuzKB3RGnRimDG60cVsVcoDnI Zr0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=wmnm0cFVZGWAaTNyBcmC4GsMtDrsjUCZlRL2zrbRx1k=; b=QtCasup+A9j7U7kYiPIZYj/4/8yWZD3yXk3OB7iAZc46iyB3oxTzNE3X1m+nO0+JKZ 34Zdteb3vYD/AZQVZtkWxohVRqgv838XZvhYIZX2QhyythxxEzauqyfhz4pYTkBUOvxd qsbzh9W1ZTbTXOFm889g1KcY2LJkO4ht6QW3Eo/A7XKINTksScFN27MW0QP9j/kfASoT iYpu3Ll+g8qeFIHbs0ELmp6db2PyUORA6cBnGDBrlToQw/aIUjqs93mIAV2jA/aVDbzI oAKmBTJVevLDZF/hA9SfW+2XdztsjK1/6vhlCuU7czUzyCW5EhuBfIfjwmes1TuY5UL1 NP0g== X-Gm-Message-State: AA+aEWYutxFjw32lZsere0MgLiJk7S7k+3Plu6sKextQdgk2+VIpgYiw EHOEbE9FNMFgFRJws6JQsLE= X-Google-Smtp-Source: AFSGD/X5X6o9fucv5n1uAKlle2+pHn88vCW3frPM6tK1FPj2JBdMMofzLGGGQu53VLVm/MXcbkLKEw== X-Received: by 2002:a63:ba19:: with SMTP id k25mr25487578pgf.194.1543250931525; Mon, 26 Nov 2018 08:48:51 -0800 (PST) Received: from ubuntu.localdomain (c-76-102-76-212.hsd1.ca.comcast.net. [76.102.76.212]) by smtp.gmail.com with ESMTPSA id q199sm2684040pfc.97.2018.11.26.08.48.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Nov 2018 08:48:50 -0800 (PST) From: Darrell Ball To: dlu998@gmail.com, dev@openvswitch.org Date: Mon, 26 Nov 2018 08:48:37 -0800 Message-Id: <1543250920-115500-1-git-send-email-dlu998@gmail.com> X-Mailer: git-send-email 1.9.1 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [patch v3 1/4] conntrack: Skip ephemeral ports fallback for DNAT. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Ephemeral port fallback is being done for DNAT and the code could be hit in some special cases and testing configurations. Also good packets are expected to be persistently dropped in this case, which is not a common user goal. Regardless, this is incorrect, so filter this out. Also, rename the variable used for checking whether ephemeral ports need to be checked. Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-August/351629.html Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.") Signed-off-by: Darrell Ball --- Backport to 2.8. v3: Move backport hint out of commit message. lib/conntrack.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index 974f985..31fedc0 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -2172,7 +2172,9 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn, uint16_t port = first_port; bool all_ports_tried = false; - bool original_ports_tried = false; + /* For DNAT, we don't use ephemeral ports. */ + bool ephemeral_ports_tried = conn->nat_info->nat_action & NAT_ACTION_DST + ? true : false; struct ct_addr first_addr = ct_addr; while (true) { @@ -2218,13 +2220,13 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn, ct_addr = conn->nat_info->min_addr; } if (!memcmp(&ct_addr, &first_addr, sizeof ct_addr)) { - if (!original_ports_tried) { - original_ports_tried = true; + if (ephemeral_ports_tried) { + break; + } else { + ephemeral_ports_tried = true; ct_addr = conn->nat_info->min_addr; min_port = MIN_NAT_EPHEMERAL_PORT; max_port = MAX_NAT_EPHEMERAL_PORT; - } else { - break; } } first_port = min_port;