personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-04-01 08:05:18 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

thanks clod!

Browse Source
This commit is contained in:
JackDoan
2026-02-26 10:31:18 -06:00
parent 34e817742b
commit 009a4698a0
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
firewall.go
View File

@@ -496,11 +496,12 @@ func rewritePacket(data []byte, fp *firewall.Packet, oldIP netip.AddrPort, newIP
} }
func (f *Firewall) findUsableSNATPort(fp *firewall.Packet, c *conn) error { func (f *Firewall) findUsableSNATPort(fp *firewall.Packet, c *conn) error {
const halfThePorts = 0x7fff
oldPort := fp.RemotePort oldPort := fp.RemotePort
conntrack := f.Conntrack conntrack := f.Conntrack
conntrack.Lock() conntrack.Lock()
defer conntrack.Unlock() defer conntrack.Unlock()
for numPortsChecked := 0; numPortsChecked < 0x7ff; numPortsChecked++ { for numPortsChecked := 0; numPortsChecked < halfThePorts; numPortsChecked++ {
_, ok := conntrack.Conns[*fp] _, ok := conntrack.Conns[*fp]
if !ok { if !ok {
//yay, we can use this port //yay, we can use this port
@@ -510,8 +511,8 @@ func (f *Firewall) findUsableSNATPort(fp *firewall.Packet, c *conn) error {
} }
//increment and retry. There's probably better strategies out there //increment and retry. There's probably better strategies out there
fp.RemotePort++ fp.RemotePort++
if fp.RemotePort < 0x7fff { if fp.RemotePort < halfThePorts {
fp.RemotePort += 0x7fff // keep it ephemeral for now fp.RemotePort += halfThePorts // keep it ephemeral for now
} }
} }