Re: [PATCH RFC net-next] inet: add ip_retry_random_port sysctl to reduce sequential port retries

Next message: Krzysztof Kozlowski: "Re: [PATCH] arm64: dts: qcom: remove msm8996-v3.0.dtsi"
Previous message: Krzysztof Kozlowski: "Re: [PATCH] arm64: dts: qcom: remove msm8996-v3.0.dtsi"
In reply to: Fernando Fernandez Mancera: "Re: [PATCH RFC net-next] inet: add ip_retry_random_port sysctl to reduce sequential port retries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Dumazet

Date: Fri Feb 06 2026 - 12:10:07 EST

On Fri, Feb 6, 2026 at 5:28 PM Fernando Fernandez Mancera
<fmancera@xxxxxxx> wrote:
>
>
>
> It makes sense. I have tested this approach and we got a more even
> distribution of source ports when having thousands of reserved ports. No
> difference at all when not using reserved ports.
>
> Please, you can find the distribution graph with the current algorithm
> [1] and with the random step algorithm [2].
>
> While I understand that this approach is introducing a call to
> get_random_u32_below() on every connect, I am wondering if it makes
> sense to replace the existing algorithm with this variant. What do you
> think?

I would ask RFC 6056 experts like Fernando Gont what they think.

Note that if we use random at each connect(), we defeat one of the principles
of ephemeral port selection : try very hard to avoid 4-tuple collision.

>
> Please, notice the implementation below. I plan to send an official v1
> once net-next is open. In addition, I am rewriting the commit message as
> I find the current one confusing.
>
> [1] https://0xffsoftware.com/port_graph_current_alg.html
>
> [2] https://0xffsoftware.com/port_graph_random_step_alg.html