aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed.c8
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed.h5
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_in2out.c7
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_out2in.c3
4 files changed, 15 insertions, 8 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c
index 27c1870ccef..2e4c791ef80 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed.c
@@ -762,8 +762,8 @@ get_thread_idx_by_port (u16 e_port)
if (sm->num_workers > 1)
{
thread_idx = sm->first_worker_index +
- sm->workers[(e_port - 1024) / sm->port_per_thread %
- _vec_len (sm->workers)];
+ sm->workers[(e_port - ED_USER_PORT_OFFSET) /
+ sm->port_per_thread % _vec_len (sm->workers)];
}
return thread_idx;
}
@@ -2133,7 +2133,7 @@ snat_set_workers (uword * bitmap)
j++;
}
- sm->port_per_thread = (0xffff - 1024) / _vec_len (sm->workers);
+ sm->port_per_thread = (65536 - ED_USER_PORT_OFFSET) / _vec_len (sm->workers);
return 0;
}
@@ -2384,7 +2384,7 @@ nat_init (vlib_main_t * vm)
}
}
num_threads = tm->n_vlib_mains - 1;
- sm->port_per_thread = 0xffff - 1024;
+ sm->port_per_thread = 65536 - ED_USER_PORT_OFFSET;
vec_validate (sm->per_thread_data, num_threads);
/* Use all available workers by default */
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.h b/src/plugins/nat/nat44-ed/nat44_ed.h
index 5b5b2ec8cfd..6c64c754073 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed.h
+++ b/src/plugins/nat/nat44-ed/nat44_ed.h
@@ -41,6 +41,11 @@
* as if there were no free ports available to conserve resources */
#define ED_PORT_ALLOC_ATTEMPTS (10)
+/* system ports range is 0-1023, first user port is 1024 per
+ * https://www.rfc-editor.org/rfc/rfc6335#section-6
+ */
+#define ED_USER_PORT_OFFSET 1024
+
/* NAT buffer flags */
#define SNAT_FLAG_HAIRPINNING (1 << 0)
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
index 2d8d96a0f5a..61ce70f357f 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
@@ -102,14 +102,15 @@ nat_ed_alloc_addr_and_port_with_snat_address (
u16 port_per_thread, u32 snat_thread_index, snat_session_t *s,
ip4_address_t *outside_addr, u16 *outside_port)
{
- const u16 port_thread_offset = (port_per_thread * snat_thread_index) + 1024;
+ const u16 port_thread_offset =
+ (port_per_thread * snat_thread_index) + ED_USER_PORT_OFFSET;
s->o2i.match.daddr = a->addr;
/* first try port suggested by caller */
u16 port = clib_net_to_host_u16 (*outside_port);
u16 port_offset = port - port_thread_offset;
- if (port <= port_thread_offset ||
- port > port_thread_offset + port_per_thread)
+ if (port < port_thread_offset ||
+ port >= port_thread_offset + port_per_thread)
{
/* need to pick a different port, suggested port doesn't fit in
* this thread's port range */
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
index 33449122e43..dfe4a15752b 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
@@ -279,7 +279,8 @@ nat44_ed_alloc_i2o_port (snat_main_t *sm, snat_address_t *a, snat_session_t *s,
for (int i = 0; i < ED_PORT_ALLOC_ATTEMPTS; ++i)
{
portnum = (sm->port_per_thread * snat_thread_index) +
- snat_random_port (0, sm->port_per_thread - 1) + 1024;
+ snat_random_port (0, sm->port_per_thread - 1) +
+ ED_USER_PORT_OFFSET;
portnum = clib_host_to_net_u16 (portnum);
nat_6t_i2o_flow_init (sm, thread_index, s, i2o_addr, i2o_port, a->addr,
portnum, i2o_fib_index, proto);