On Mon, Jan 29, 2024 at 08:16:56AM +0100, Florian Westphal wrote: > Kyle Swenson <kyle.swenson@xxxxxxxx> wrote: > > > Can you restrict this to NF_NAT_MANIP_DST? > > > I don't want predictable src port conflict resolution. > > > > > > Probably something like (untested): > > > > > > find_free_id: > > > if (range->flags & NF_NAT_RANGE_PROTO_OFFSET) > > > off = (ntohs(*keyptr) - ntohs(range->base_proto.all)); > > > + else if ((range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) && > > > + maniptype == NF_NAT_MANIP_DST)) > > > + off = 1; > > > else > > > off = get_random_u16(); > > > > Yes, absolutely. I'll test out the change and send a v2 next week. > > Thanks! Please tweak the suggestion so that --random still overrides > --range behavior. Sure, no problem.
