Hi Florian, On Tue, Sep 10, 2024 at 11:38:13AM +0200, Florian Westphal wrote: > This series resolves an esoteric scenario. > > Given two tasks sending UDP packets to one another, NAT engine > can falsely detect a port collision if it happens to pick up > a reply packet as 'new' rather than 'reply'. > > First patch adds extra code to detect this and suppress port > reallocation in this case. > > Second patch extends clash resolution logic to detect such > a reverse clash (clashing conntrack is reply to existing entry). > > Patch 3 adds a test case. > > Since this has existed forever and hasn't been reported in two > decades I'm submitting this for -next. -next is now closed, my plan is to place this series in nf.git for the next PR. nf-next will remain open in this cycle so hopefully we can merge your updates to reduce memory footprint in the next -rc. I cannot go any faster.
