HomeFreeBSD

pf: Let rdr rules modify the src port if doing so would avoid a conflict

Description

pf: Let rdr rules modify the src port if doing so would avoid a conflict

If NAT rules cause inbound connections to different external IPs to be
mapped to the same internal IP, and some application uses the same
source port for multiple such connections, rdr translation may result in
conflicts that cause some of the connections to be dropped.

Address this by letting rdr rules detect state conflicts and modulate
the source port to avoid them.

Reviewed by: kp, allanjude
MFC after: 3 months
Sponsored by: Klara, Inc.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D44488

(cherry picked from commit 9897a66923a3e79c22fcbd4bc80afae9eb9f277c)

Details

Provenance
markjAuthored on Aug 19 2024, 2:08 PM
Reviewer
kp
Differential Revision
D44488: pf: if a new RDR state connect be created, modulate src port
Parents
rGf5b3ce0d75f0: pf: Correct SPDX identifier
Branches
Unknown
Tags
Unknown