https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233867

--- Comment #1 from Kristof Provost <***@freebsd.org> ---
Created attachment 199955
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=199955&action=edit
Test case demonstrating the problem

This test case provokes the problem.
It sets up NAT with only two usable ports, then creates three connections.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233867

Kristof Provost <***@freebsd.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugs.freebsd.org/bu
| |gzilla/show_bug.cgi?id=1840
| |03
Status|New |Open

--- Comment #2 from Kristof Provost <***@freebsd.org> ---
The system loses network connectivity when it can't find a free source port in
pf_get_sport(). It keeps calling pf_map_addr(), trying to get a new IP to check
for available ports.

I believe this problem was introduced by the patch in PR# 184003.

Note that we're running NAT with PF_POOL_STICKYADDR, so we find a src_node, and
the early return is taken. This means we always return the same IP, and loop
through the available ports in pf_get_sport() again and again. This loop
continues until a state times out, and we do find a free port.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233867

--- Comment #3 from Kristof Provost <***@freebsd.org> ---
Proposed fix in: https://reviews.freebsd.org/D18483

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233867

Kristof Provost <***@freebsd.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@tuxpowered.net
Assignee|***@FreeBSD.org |***@freebsd.org