From 6977ed6cffbc43d39ef58da4fcbe1f719b4022ee Mon Sep 17 00:00:00 2001 From: Klement Sekera Date: Mon, 27 Jul 2020 12:21:54 +0000 Subject: nat: limit resource consumption when out of ports Type: improvement Signed-off-by: Klement Sekera Change-Id: I83f44711264376389989152666f3c71216146bdd --- src/plugins/nat/in2out_ed.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src/plugins/nat/in2out_ed.c') diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index 8eafb5ba7ed..4871e78ba52 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -34,6 +34,11 @@ #include #include +/* number of attempts to get a port for ED overloading algorithm, if rolling + * a dice this many times doesn't produce a free port, it's treated + * as if there were no free ports available to conserve resources */ +#define ED_PORT_ALLOC_ATTEMPTS (10) + static char *nat_in2out_ed_error_strings[] = { #define _(sym,string) string, foreach_nat_in2out_ed_error @@ -227,7 +232,7 @@ nat_ed_alloc_addr_and_port (snat_main_t * sm, u32 rx_fib_index, port_offset = snat_random_port (0, port_per_thread - 1); \ port = port_thread_offset + port_offset; \ } \ - u16 attempts = port_per_thread; \ + u16 attempts = ED_PORT_ALLOC_ATTEMPTS; \ do \ { \ init_ed_kv (out2in_ed_kv, a->addr, clib_host_to_net_u16 (port), \ @@ -244,7 +249,7 @@ nat_ed_alloc_addr_and_port (snat_main_t * sm, u32 rx_fib_index, *outside_port = clib_host_to_net_u16 (port); \ return 0; \ } \ - port_offset = (port_offset + 1) % port_per_thread; \ + port_offset = snat_random_port (0, port_per_thread - 1); \ port = port_thread_offset + port_offset; \ --attempts; \ } \ -- cgit 1.2.3-korg