Revision 9f6d52e1a8886f7ba792dee9dc2b933c7dddafce authored by Lorenz Bauer on 11 June 2024, 15:23:53 UTC, committed by André Martins on 13 June 2024, 12:03:41 UTC
The logic to allocate SNAT mapping contains a race condition.
At a high level it does the following:
if (!revsnat_exists(port)) {
if (!create_revsnat(port)
return error;
...
}
Two concurrent executions of the datapath may succeed the
revsnat_exists check, which then leads to one of them bailing
out since create_revsnat fails.
Instead simply try to create the RevSNAT entry. If that fails we
retry with another port.
Signed-off-by: Lorenz Bauer <lmb@isovalent.com>
1 parent dc52072
