First patch removes old rovers, they are inherently racy and cause packet drops/delays. Second patch avoids iterating entire range of ports: It takes way too long when most tuples are in use. First patch is slightly mangled: nf_nat_proto_udplite.c doesn't exist anymore upstream and nf_nat_proto_common.c needs minor adjustment in context. Florian Westphal (2): netfilter: nat: remove l4 protocol port rovers netfilter: nat: limit port clash resolution attempts include/net/netfilter/nf_nat_l4proto.h | 2 +- net/netfilter/nf_nat_proto_common.c | 36 ++++++++++++++++++-------- net/netfilter/nf_nat_proto_dccp.c | 5 +--- net/netfilter/nf_nat_proto_sctp.c | 5 +--- net/netfilter/nf_nat_proto_tcp.c | 5 +--- net/netfilter/nf_nat_proto_udp.c | 5 +--- net/netfilter/nf_nat_proto_udplite.c | 5 +--- 7 files changed, 31 insertions(+), 32 deletions(-) -- 2.34.1
