diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2024-08-29 19:58:47 +1000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-08-29 22:26:08 +0200 |
commit | eedc81b6ef552736c4d1d7354837e296af081b57 (patch) | |
tree | 6f53e3b3b635d135038c5ab8d459ee96b51b1830 /conf.c | |
parent | 4a41dc58d67e910c3a1f505a6a20988c4555e735 (diff) | |
download | passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.gz passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.bz2 passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.lz passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.xz passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.zst passt-eedc81b6ef552736c4d1d7354837e296af081b57.zip |
fwd, conf: Probe host's ephemeral ports
When we forward "all" ports (-t all or -u all), or use an exclude-only
range, we don't actually forward *all* ports - that wouln't leave local
ports to use for outgoing connections. Rather we forward all non-ephemeral
ports - those that won't be used for outgoing connections or datagrams.
Currently we assume the range of ephemeral ports is that recommended by
RFC 6335, 49152-65535. However, that's not the range used by default on
Linux, 32768-60999 but configurable with the net.ipv4.ip_local_port_range
sysctl.
We can't really know what range the guest will consider ephemeral, but if
it differs too much from the host it's likely to cause problems we can't
avoid anyway. So, using the host's ephemeral range is a better guess than
using the RFC 6335 range.
Therefore, add logic to probe the host's ephemeral range, falling back to
the RFC 6335 range if that fails. This has the bonus advantage of
reducing the number of ports bound by -t all -u all on most Linux machines
thereby reducing kernel memory usage. Specifically this reduces kernel
memory usage with -t all -u all from ~380MiB to ~289MiB.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'conf.c')
-rw-r--r-- | conf.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -1721,6 +1721,7 @@ void conf(struct ctx *c, int argc, char **argv) /* Inbound port options & DNS can be parsed now (after IPv4/IPv6 * settings) */ + fwd_probe_ephemeral(); udp_portmap_clear(); optind = 0; do { |