aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKlement Sekera <ksekera@cisco.com>2020-04-05 17:07:32 +0200
committerOle Trøan <otroan@employees.org>2020-04-07 19:27:11 +0000
commit26c9d4b0cd9c53054d1174bc15aaf8c07e9a8f93 (patch)
tree8a0c41b6056c16b467b1940f8b41499817220061
parentc98ef752a202b1b4908866bab34e3b8011ea0f1f (diff)
nat: don't drop packet for expired session
If session is expired, the packet which we just received might be a one, which legitimely creates a new session, process it in slow path instead to decide the outcome. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I45628f52d37ae9dee5e8aa58171ff0b86f91f5dd
-rw-r--r--src/plugins/nat/in2out_ed.c4
-rw-r--r--src/plugins/nat/nat.h2
-rw-r--r--src/plugins/nat/out2in_ed.c4
3 files changed, 4 insertions, 6 deletions
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c
index 4be76372a49..6ca1e6ecb4d 100644
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@@ -982,8 +982,8 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm,
nat_free_session_data (sm, s0, thread_index, 0);
nat44_delete_session (sm, s0, thread_index);
- b0->error = node->errors[NAT_IN2OUT_ED_ERROR_SESS_EXPIRED];
- next0 = NAT_NEXT_DROP;
+ // session no longer exists, go slow path
+ next0 = def_slow;
goto trace0;
}
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 83611016e34..fde6a0a7308 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -219,7 +219,6 @@ _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \
_(IN2OUT_PACKETS, "good in2out packets processed") \
_(OUT_OF_PORTS, "out of ports") \
_(BAD_ICMP_TYPE, "unsupported ICMP type") \
-_(SESS_EXPIRED, "session expired") \
_(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \
_(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \
_(DROP_FRAGMENT, "drop fragment") \
@@ -250,7 +249,6 @@ _(OUT2IN_PACKETS, "good out2in packets processed") \
_(OUT_OF_PORTS, "out of ports") \
_(BAD_ICMP_TYPE, "unsupported ICMP type") \
_(NO_TRANSLATION, "no translation") \
-_(SESS_EXPIRED, "session expired") \
_(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \
_(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \
_(DROP_FRAGMENT, "drop fragment") \
diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c
index adf0ec4f726..64f40cf1917 100644
--- a/src/plugins/nat/out2in_ed.c
+++ b/src/plugins/nat/out2in_ed.c
@@ -795,8 +795,8 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
nat_free_session_data (sm, s0, thread_index, 0);
nat44_delete_session (sm, s0, thread_index);
- b0->error = node->errors[NAT_OUT2IN_ED_ERROR_SESS_EXPIRED];
- next0 = NAT_NEXT_DROP;
+ // session no longer exists, go slow path
+ next0 = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
goto trace0;
}
//