Hi Florian, On Sun, Dec 09, 2018 at 12:11:04AM +0100, Florian Westphal wrote: > In case almost or all available ports are taken, clash resolution can > take a very long time, resulting in soft lockup. > > This can happen when many to-be-natted hosts connect to same > destination:port (e.g. a proxy) and all connections pass the same SNAT. > > Pick a random offset in the acceptable range, then try ever smaller > number of adjacent port numbers, until either the limit is reached or a > useable port was found. This results in at most 248 attempts > (128 + 64 + 32 + 16 + 8, i.e. 4 restarts with new search offset) > instead of 64000+, > > v2: increment 'i' too in for loop (Xiaozhou Liu) > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > Pablo, > > this will unfortunately result in a nf-next merge conflict > due to *rover removal in nf-next. > I can send a patch vs. nf-next instead if you prefer. If you let me choose, I would prefer we route this through nf-next. Thanks!
