rdr-srcport.py - OpenGrok history log for /freebsd/tests/sys/netpfil/pf/rdr-srcport.py

Revision		Date	Author	Comments
# 9897a669		19-Aug-2024	Mark Johnston <markj@FreeBSD.org>	pf: Let rdr rules modify the src port if doing so would avoid a conflict If NAT rules cause inbound connections to different external IPs to be mapped to the same internal IP, and some application u pf: Let rdr rules modify the src port if doing so would avoid a conflict If NAT rules cause inbound connections to different external IPs to be mapped to the same internal IP, and some application uses the same source port for multiple such connections, rdr translation may result in conflicts that cause some of the connections to be dropped. Address this by letting rdr rules detect state conflicts and modulate the source port to avoid them. Reviewed by: kp, allanjude MFC after: 3 months Sponsored by: Klara, Inc. Sponsored by: Modirum Differential Revision: https://reviews.freebsd.org/D44488 show more ...

Revision

Date

Author

Comments

# 9897a669

19-Aug-2024

Mark Johnston <markj@FreeBSD.org>

pf: Let rdr rules modify the src port if doing so would avoid a conflict

If NAT rules cause inbound connections to different external IPs to be
mapped to the same internal IP, and some application u

pf: Let rdr rules modify the src port if doing so would avoid a conflict

If NAT rules cause inbound connections to different external IPs to be
mapped to the same internal IP, and some application uses the same
source port for multiple such connections, rdr translation may result in
conflicts that cause some of the connections to be dropped.

Address this by letting rdr rules detect state conflicts and modulate
the source port to avoid them.

Reviewed by: kp, allanjude
MFC after: 3 months
Sponsored by: Klara, Inc.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D44488