Google Git
Sign in
fuchsia / integration / 615754f4d2b71f6b930168d8dcec26a2b4a850e2
commit615754f4d2b71f6b930168d8dcec26a2b4a850e2[log] [tgz]
authorPeter Johnston <peterjohnston@fuchsia.infra.roller.google.com>Mon Oct 28 19:26:56 2024 +0000
committerCopybara-Service <copybara-worker@google.com>Mon Oct 28 12:30:47 2024 -0700
tree937547e32b96e0e8272d567c39088622475bd908
parent13f591d286ef3c0b68d4d3f4f6eee8e8cc8a05b8 [diff]
[roll] Roll fuchsia [netstack3] Only rewrite port if necessary to avoid clash

In the case of implicit SNAT, where a connection is being NATed not
because the user has configured a NAT rule that applied to the first
packet of the flow, but only in order to prevent conflicts with other
tracked connections, only rewrite the source port if necessary to avoid
a tuple clash.

For connections that have NAT explicitly configured, such as through
Redirect or Masquerade NAT, we continue to ensure the reply tuple's port
falls in the specified range (if one is specified).

This makes implicit SNAT less invasive and also fixes an issue where UDP
packets with a source port of 0 are always rewritten, even when
unnecessary to avoid a conflict, because the default port ranges are
nonzero and thus never include the 0 port.

Test: netstack3-filter-test
      netstack3_udp_raw_syscall
      udp(-v6)_ns3_full_anvl_suite.sh -cases 2.3
Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1145313
Original-Revision: 203b0a579fa1f48da2231042de9fb83fdffe76cf
GitOrigin-RevId: 17b74d70b22b6217fbe47af290ec9b3dc1c97156
Change-Id: I360951b128918b13eb573c354cbad321e79ebee1
1 file changed
tree: 937547e32b96e0e8272d567c39088622475bd908
  1. ctf/
  2. git-hooks/
  3. infra/
  4. third_party/
  5. cts
  6. firmware
  7. flower
  8. jiri.lock
  9. MILESTONE
  10. minimal
  11. prebuilts
  12. README.md
  13. stem
  14. test_durations
  15. toolchain
README.md

Integration

This repository contains Fuchsia's Global Integration manifest files.

Making changes

All changes should be made to the internal version of this repository. Our infrastructure automatically updates this version when the internal one changes.

Currently all changes must be made by a Google employee. Non-Google employees wishing to make a change can ask for assistance in one of the communication channels documented at get involved.

Obtaining the source

First install Jiri.

Next run:

$ jiri init
$ jiri import minimal https://fuchsia.googlesource.com/integration
$ jiri update

Third party

Third party projects should have their own subdirectory in ./third_party.