Hi Vincent, On Sun, Feb 23, 2014 at 10:25:18AM +0100, Vincent Bernat wrote: > ??? 22 février 2014 14:55 CET, Willy Tarreau <w...@1wt.eu> : > > > It depends if you have some servers in common or not. The system will > > always allow multiple outgoing connections to share the same local > > source ip:port as long as they don't go to the same destination ip:ports > > since a connection is defined by (proto,srcip,sport,dstip,dport). > > Are you sure? I was thinking the same thing until I looked at the > sources. It seems that for an outgoing connection, only the source > address and source port are considered (see inet_csk_get_port() and > inet_csk_bind_conflict()).
No, if you bind it yourself it's always OK. That's exactly why we introduced the port range in the source statement, to allow certain sites to reach 1M connections by having 64k per server. However, if you let the system choose a port for you, it totally depends on the kernel version, the algorithm has changed many times between something like 2.6.37 and 3.5. In earlier kernels it's exactly what you describe. I believe that 3.2 might be the first one capable of picking a port which is already used for another destination. Regards, Willy
