[ovs-dev] [PATCH v10 1/3] conntrack: select correct sport range for well-known origin sport

wenxu Mon, 17 Jan 2022 19:50:18 -0800

From: wenxu <we...@ucloud.cn>

Like the kernel datapath. The sport nat range for well-konwn origin
sport should limit in the well-known ports.


Signed-off-by: wenxu <we...@ucloud.cn>
Acked-by: Paolo Valerio <pvale...@redhat.com>
---
 lib/conntrack.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 33a1a92..44f99f3 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2265,8 +2265,16 @@ set_sport_range(const struct nat_action_info_t *ni, 
const struct conn_key *k,
     if (((ni->nat_action & NAT_ACTION_SNAT_ALL) == NAT_ACTION_SRC) ||
         ((ni->nat_action & NAT_ACTION_DST))) {
         *curr = ntohs(k->src.port);
-        *min = MIN_NAT_EPHEMERAL_PORT;
-        *max = MAX_NAT_EPHEMERAL_PORT;
+        if (*curr < 512) {
+            *min = 1;
+            *max = 511;
+        } else if (*curr < 1024) {
+            *min = 600;
+            *max = 1023;
+        } else {
+            *min = MIN_NAT_EPHEMERAL_PORT;
+            *max = MAX_NAT_EPHEMERAL_PORT;
+        }
     } else {
         *min = ni->min_port;
         *max = ni->max_port;
-- 
1.8.3.1

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v10 1/3] conntrack: select correct sport range for well-known origin sport

Reply via email to