From 0e8e1423374ce04f352c6e8e17c3024eba2e9587 Mon Sep 17 00:00:00 2001 From: Thomas Leonard Date: Sat, 2 Jan 2016 16:50:16 +0000 Subject: [PATCH] If we can't find a free port, reset the NAT table --- firewall.ml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/firewall.ml b/firewall.ml index f90b5c0..3124331 100644 --- a/firewall.ml +++ b/firewall.ml @@ -78,10 +78,16 @@ let translate t frame = let random_user_port () = 1024 + Random.int (0xffff - 1024) -let rec add_nat_rule_and_transmit t frame fn fmt logf = +let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf = let xl_port = random_user_port () in match fn xl_port with - | Nat_rewrite.Overlap -> add_nat_rule_and_transmit t frame fn fmt logf (* Try a different port *) + | Nat_rewrite.Overlap when retries < 0 -> return () + | Nat_rewrite.Overlap -> + if retries = 0 then ( + Log.warn "Failed to find a free port; resetting NAT table" Logs.unit; + Router.reset t; + ); + add_nat_rule_and_transmit ~retries:(retries - 1) t frame fn fmt logf (* Try a different port *) | Nat_rewrite.Unparseable -> Log.warn "Failed to add NAT rule: Unparseable" Logs.unit; return ()