aboutgitcodebugslistschat
path: root/conf.c
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2024-08-29 19:58:47 +1000
committerStefano Brivio <sbrivio@redhat.com>2024-08-29 22:26:08 +0200
commiteedc81b6ef552736c4d1d7354837e296af081b57 (patch)
tree6f53e3b3b635d135038c5ab8d459ee96b51b1830 /conf.c
parent4a41dc58d67e910c3a1f505a6a20988c4555e735 (diff)
downloadpasst-eedc81b6ef552736c4d1d7354837e296af081b57.tar
passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.gz
passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.bz2
passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.lz
passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.xz
passt-eedc81b6ef552736c4d1d7354837e296af081b57.tar.zst
passt-eedc81b6ef552736c4d1d7354837e296af081b57.zip
fwd, conf: Probe host's ephemeral ports
When we forward "all" ports (-t all or -u all), or use an exclude-only range, we don't actually forward *all* ports - that wouln't leave local ports to use for outgoing connections. Rather we forward all non-ephemeral ports - those that won't be used for outgoing connections or datagrams. Currently we assume the range of ephemeral ports is that recommended by RFC 6335, 49152-65535. However, that's not the range used by default on Linux, 32768-60999 but configurable with the net.ipv4.ip_local_port_range sysctl. We can't really know what range the guest will consider ephemeral, but if it differs too much from the host it's likely to cause problems we can't avoid anyway. So, using the host's ephemeral range is a better guess than using the RFC 6335 range. Therefore, add logic to probe the host's ephemeral range, falling back to the RFC 6335 range if that fails. This has the bonus advantage of reducing the number of ports bound by -t all -u all on most Linux machines thereby reducing kernel memory usage. Specifically this reduces kernel memory usage with -t all -u all from ~380MiB to ~289MiB. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'conf.c')
-rw-r--r--conf.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/conf.c b/conf.c
index 3eb117f..b275886 100644
--- a/conf.c
+++ b/conf.c
@@ -1721,6 +1721,7 @@ void conf(struct ctx *c, int argc, char **argv)
/* Inbound port options & DNS can be parsed now (after IPv4/IPv6
* settings)
*/
+ fwd_probe_ephemeral();
udp_portmap_clear();
optind = 0;
do {