thanks clod!

2026-03-10 00:31:54 -07:00 · 2026-02-26 10:31:18 -06:00 · 2026-02-26 10:31:18 -06:00 · 009a4698a0
commit 009a4698a0
parent 34e817742b
1 changed files with 4 additions and 3 deletions
--- a/firewall.go
+++ b/firewall.go
@ -496,11 +496,12 @@ func rewritePacket(data []byte, fp *firewall.Packet, oldIP netip.AddrPort, newIP
 }

 func (f *Firewall) findUsableSNATPort(fp *firewall.Packet, c *conn) error {
+	const halfThePorts = 0x7fff
 	oldPort := fp.RemotePort
 	conntrack := f.Conntrack
 	conntrack.Lock()
 	defer conntrack.Unlock()
-	for numPortsChecked := 0; numPortsChecked < 0x7ff; numPortsChecked++ {
+	for numPortsChecked := 0; numPortsChecked < halfThePorts; numPortsChecked++ {
 		_, ok := conntrack.Conns[*fp]
 		if !ok {
 			//yay, we can use this port
@ -510,8 +511,8 @@ func (f *Firewall) findUsableSNATPort(fp *firewall.Packet, c *conn) error {
 		}
 		//increment and retry. There's probably better strategies out there
 		fp.RemotePort++
-		if fp.RemotePort < 0x7fff {
-			fp.RemotePort += 0x7fff // keep it ephemeral for now
+		if fp.RemotePort < halfThePorts {
+			fp.RemotePort += halfThePorts // keep it ephemeral for now
 		}
 	}