git.openwrt.org Git - project/netifd.git/commit

author	Johannes Kimmel <fff@bareminimum.eu>
	Fri, 4 Sep 2020 02:59:40 +0000 (04:59 +0200)
committer	Hans Dedecker <dedeckeh@gmail.com>
	Sat, 12 Sep 2020 19:04:42 +0000 (21:04 +0200)
commit	a3c033e2afc289672e0ed4b8d8a835d509715af8
tree	e714d20e3d1e376d83a08069f92d2c4668959f33	tree \| snapshot
parent	d7b614a86b815da711b5fecb10687297a70d859e	commit \| diff

netifd: vxlan: handle srcport range

This adds adds the ability to set the source port range for vxlan
interfaces.

By default vxlans will use a random port within the ephermal range as
source ports for packets. This is done to aid scaleability within a
datacenter.

But with these defaults it's impossible to punch through NATs or
traverese most stateful firewalls easily. One solution is to fix the
srcport to the same as dstport.

If only srcportmin is specified, then srcportmax is set in a way that
outgoing packets will only use srcportmin.

If a range is to be specified, srcportmin and srcportmax have to be
specified. srcportmax is exclusive.

If only srcportmax is specified, the value is ignored and defaults are
used.

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>

system-linux.c		diff \| blob \| history
system.c		diff \| blob \| history
system.h		diff \| blob \| history