Kyle Swenson <kyle.swenson@xxxxxxxx> wrote: > > Can you restrict this to NF_NAT_MANIP_DST? > > I don't want predictable src port conflict resolution. > > > > Probably something like (untested): > > > > find_free_id: > > if (range->flags & NF_NAT_RANGE_PROTO_OFFSET) > > off = (ntohs(*keyptr) - ntohs(range->base_proto.all)); > > + else if ((range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) && > > + maniptype == NF_NAT_MANIP_DST)) > > + off = 1; > > else > > off = get_random_u16(); > > Yes, absolutely. I'll test out the change and send a v2 next week. Thanks! Please tweak the suggestion so that --random still overrides --range behavior.
