On Wed, Dec 15, 2021 at 01:20:26PM +0100, Florian Westphal wrote:
[...]
> @@ -507,11 +539,17 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
> struct nf_conn *ct,
> enum nf_nat_manip_type maniptype)
> {
> + bool random_port = range->flags & NF_NAT_RANGE_PROTO_RANDOM_ALL;
> const struct nf_conntrack_zone *zone;
> struct net *net = nf_ct_net(ct);
>
> zone = nf_ct_zone(ct);
>
> + if (maniptype == NF_NAT_MANIP_SRC &&
> + !ct->local_origin &&
> + tuple_force_port_remap(orig_tuple))
> + random_port = true;
if (maniptype == NF_NAT_MANIP_SRC && !ct->local_origin)
random_port = random_port || tuple_force_port_remap(orig_tuple);
Maybe? This avoids calling tuple_force_port_remap() if the flag is set.
Cheers, Phil
