On Sat, Dec 08, 2018 at 11:07:44AM +0100, Florian Westphal wrote:
> Pablo,
>
> this will unfortunately result in a nf-next merge conflict
> due to *rover removal in nf-next.
> I can send a patch vs. nf-next instead if you prefer.
>
> net/netfilter/nf_nat_proto_common.c | 26 ++++++++++++++++++++++----
> 1 file changed, 22 insertions(+), 4 deletions(-)
>
> diff --git a/net/netfilter/nf_nat_proto_common.c b/net/netfilter/nf_nat_proto_common.c
> index 5d849d835561..0e3321660624 100644
> --- a/net/netfilter/nf_nat_proto_common.c
> +++ b/net/netfilter/nf_nat_proto_common.c
> @@ -41,9 +41,10 @@ void nf_nat_l4proto_unique_tuple(const struct nf_nat_l3proto *l3proto,
> const struct nf_conn *ct,
> u16 *rover)
> {
> - unsigned int range_size, min, max, i;
> + unsigned int range_size, min, max, i, attempts;
> __be16 *portptr;
> - u_int16_t off;
> + u16 off;
> + static const unsigned int max_attempts = 128;
>
> if (maniptype == NF_NAT_MANIP_SRC)
> portptr = &tuple->src.u.all;
> @@ -89,15 +90,32 @@ void nf_nat_l4proto_unique_tuple(const struct nf_nat_l3proto *l3proto,
> off = *rover;
> }
>
> - for (i = 0; ; ++off) {
> + attempts = range_size;
> + if (attempts > max_attempts)
> + attempts = max_attempts;
> +
> + /* We are in softirq; doing a search of the entire range risks
> + * soft lockup when all tuples are already used.
> + *
> + * If we can't find any free port from first offset, pick a new
> + * one and try again, with ever smaller search window.
> + */
> +another_round:
> + for (i = 0; i < attempts; ++off) {
> *portptr = htons(min + off % range_size);
> - if (++i != range_size && nf_nat_used_tuple(tuple, ct))
> + if (nf_nat_used_tuple(tuple, ct))
> continue;
> if (!(range->flags & (NF_NAT_RANGE_PROTO_RANDOM_ALL|
> NF_NAT_RANGE_PROTO_OFFSET)))
> *rover = off;
> return;
> }
i never gets increased here so will it loop forever in the worst?
Thanks,
Xiaozhou
