If a majority of ports are in use, trying every available port may take significant amounts of time. Add a upper limit and cancel once we've exhausted all available options. First patch collapses the repetitive reserve-port loop into a helper, second patch changes the helper to only make up to 128 attempts. Florian Westphal (2): netfilter: nat: move repetitive nat port reserve loop to a helper netfilter: nat: avoid long-running port range loop include/net/netfilter/nf_nat_helper.h | 1 + net/ipv4/netfilter/nf_nat_h323.c | 60 ++------------------------- net/netfilter/nf_nat_amanda.c | 14 +------ net/netfilter/nf_nat_ftp.c | 17 +------- net/netfilter/nf_nat_helper.c | 31 ++++++++++++++ net/netfilter/nf_nat_irc.c | 16 +------ net/netfilter/nf_nat_sip.c | 14 +------ 7 files changed, 42 insertions(+), 111 deletions(-) -- 2.35.1
