summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Smith <mgsmith@netgate.com>2018-03-23 08:30:16 -0500
committerFlorin Coras <florin.coras@gmail.com>2018-03-24 07:24:13 +0000
commitf0d0ddbff287f06441f7256fd50181f9f2194d49 (patch)
tree2a695c27d17042dbb4dc22103872c06579415dcb
parent1f2f4b70556ea2ee626f9558ea55e31d29017d42 (diff)
User session counters stay <= per-user limit
When a user session is allocated/reused, only increase one of the session counters for that user if the counters are below the per-user limit. THis addresses a SEGV that arises after the following sequence of events: - an outside interface IP address is put in a pool - a user exceeds the number of per-user translations by an amount greater than the number of per-user translations (nsessions + nstaticsessions > 100 + 100) - the outside interface IP address is deleted and then added again (observed when using DHCP client, likely happens if address changed via CLI, API also) - the user sends more packets that should be translated When nsessions is > the per-user limit, nat_session_alloc_or_recycle() reclaims the oldest existing user session. When an outside address is deleted, the corresponding user sessions are deleted. If the counters were far above the per-user limit, the deletions wouldn't result in the counters dropping back below the limit. So no session could be reclaimed -> SEGV. Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
-rwxr-xr-xsrc/plugins/nat/in2out.c21
-rw-r--r--src/plugins/nat/nat.h12
-rwxr-xr-xsrc/plugins/nat/out2in.c6
3 files changed, 22 insertions, 17 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index 8b565b1b6d3..c23d372f7ed 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -310,6 +310,7 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0,
u32 outside_fib_index;
uword * p;
udp_header_t * udp0 = ip4_next_header (ip0);
+ u8 is_sm = 0;
if (PREDICT_FALSE (maximum_sessions_exceeded(sm, thread_index)))
{
@@ -349,12 +350,9 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0,
b0->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS];
return SNAT_IN2OUT_NEXT_DROP;
}
- u->nsessions++;
}
else
- {
- u->nstaticsessions++;
- }
+ is_sm = 1;
s = nat_session_alloc_or_recycle (sm, u, thread_index);
if (!s)
@@ -363,8 +361,9 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0,
return SNAT_IN2OUT_NEXT_DROP;
}
- if (address_index == ~0)
+ if (is_sm)
s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
+ user_session_increment (sm, u, is_sm);
s->outside_address_index = address_index;
s->in2out = *key0;
s->out2in = key1;
@@ -1266,14 +1265,8 @@ create_ses:
s->in2out.fib_index = rx_fib_index;
s->in2out.port = s->out2in.port = ip->protocol;
if (is_sm)
- {
- u->nstaticsessions++;
- s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
- }
- else
- {
- u->nsessions++;
- }
+ s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
+ user_session_increment (sm, u, is_sm);
/* Add to lookup tables */
key.l_addr.as_u32 = old_addr;
@@ -1396,7 +1389,7 @@ snat_in2out_lb (snat_main_t *sm,
s->in2out = l_key;
s->out2in = e_key;
s->out2in.protocol = l_key.protocol;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
/* Add to lookup tables */
s_kv.value = s - tsm->sessions;
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 58bf8b340ce..15643aaf117 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -652,4 +652,16 @@ nat_send_all_to_node(vlib_main_t *vm, u32 *bi_vector,
}
}
+always_inline void
+user_session_increment(snat_main_t *sm, snat_user_t *u, u8 is_static)
+{
+ if (u->nsessions + u->nstaticsessions < sm->max_translations_per_user)
+ {
+ if (is_static)
+ u->nstaticsessions++;
+ else
+ u->nsessions++;
+ }
+}
+
#endif /* __included_snat_h__ */
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index ebd0dc4ba9a..00f887d9f1b 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -192,7 +192,7 @@ create_session_for_static_mapping (snat_main_t *sm,
s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
s->ext_host_addr.as_u32 = ip0->src_address.as_u32;
s->ext_host_port = udp0->src_port;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
s->in2out = in2out;
s->out2in = out2in;
s->in2out.protocol = out2in.protocol;
@@ -833,7 +833,7 @@ snat_out2in_unknown_proto (snat_main_t *sm,
s->in2out.addr.as_u32 = new_addr;
s->in2out.fib_index = m->fib_index;
s->in2out.port = s->out2in.port = ip->protocol;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
/* Add to lookup tables */
s_kv.value = s - tsm->sessions;
@@ -945,7 +945,7 @@ snat_out2in_lb (snat_main_t *sm,
s->outside_address_index = ~0;
s->out2in = e_key;
s->in2out = l_key;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
/* Add to lookup tables */
s_kv.value = s - tsm->sessions;
ighlight .mi { color: #ae81ff } /* Literal.Number.Integer */ .highlight .mo { color: #ae81ff } /* Literal.Number.Oct */ .highlight .sa { color: #e6db74 } /* Literal.String.Affix */ .highlight .sb { color: #e6db74 } /* Literal.String.Backtick */ .highlight .sc { color: #e6db74 } /* Literal.String.Char */ .highlight .dl { color: #e6db74 } /* Literal.String.Delimiter */ .highlight .sd { color: #e6db74 } /* Literal.String.Doc */ .highlight .s2 { color: #e6db74 } /* Literal.String.Double */ .highlight .se { color: #ae81ff } /* Literal.String.Escape */ .highlight .sh { color: #e6db74 } /* Literal.String.Heredoc */ .highlight .si { color: #e6db74 } /* Literal.String.Interpol */ .highlight .sx { color: #e6db74 } /* Literal.String.Other */ .highlight .sr { color: #e6db74 } /* Literal.String.Regex */ .highlight .s1 { color: #e6db74 } /* Literal.String.Single */ .highlight .ss { color: #e6db74 } /* Literal.String.Symbol */ .highlight .bp { color: #f8f8f2 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #a6e22e } /* Name.Function.Magic */ .highlight .vc { color: #f8f8f2 } /* Name.Variable.Class */ .highlight .vg { color: #f8f8f2 } /* Name.Variable.Global */ .highlight .vi { color: #f8f8f2 } /* Name.Variable.Instance */ .highlight .vm { color: #f8f8f2 } /* Name.Variable.Magic */ .highlight .il { color: #ae81ff } /* Literal.Number.Integer.Long */ } @media (prefers-color-scheme: light) { .highlight .hll { background-color: #ffffcc } .highlight .c { color: #888888 } /* Comment */ .highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */ .highlight .k { color: #008800; font-weight: bold } /* Keyword */ .highlight .ch { color: #888888 } /* Comment.Hashbang */ .highlight .cm { color: #888888 } /* Comment.Multiline */ .highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */ .highlight .cpf { color: #888888 } /* Comment.PreprocFile */ .highlight .c1 { color: #888888 } /* Comment.Single */ .highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */ .highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .gr { color: #aa0000 } /* Generic.Error */ .highlight .gh { color: #333333 } /* Generic.Heading */ .highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ .highlight .go { color: #888888 } /* Generic.Output */ .highlight .gp { color: #555555 } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #666666 } /* Generic.Subheading */ .highlight .gt { color: #aa0000 } /* Generic.Traceback */ .highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #008800 } /* Keyword.Pseudo */ .highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */ .highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */ .highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */ .highlight .na { color: #336699 } /* Name.Attribute */ .highlight .nb { color: #003388 } /* Name.Builtin */ .highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */ .highlight .no { color: #003366; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555555 } /* Name.Decorator */ .highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */ .highlight .nl { color: #336699; font-style: italic } /* Name.Label */ .highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #336699; font-weight: bold } /* Name.Property */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ }
3n-hsw-xl710
------------

64b-vhost-base-dpdk-testpmd
```````````````````````````

1t1c
::::

.. raw:: html

    <a name="64b-1t1c-base-dpdk-testpmd"></a>
    <center>
    Links to builds:
    <a href="https://packagecloud.io/app/fdio/master/search?dist=ubuntu%2Fbionic" target="_blank">vpp-ref</a>,
    <a href="https://jenkins.fd.io/view/csit/job/csit-vpp-perf-mrr-daily-master" target="_blank">csit-ref</a>
    <iframe width="1100" height="800" frameborder="0" scrolling="no" src="../_static/vpp/3n-hsw-xl710-64b-1t1c-vhost-base-dpdk-testpmd.html"></iframe>
    <p><br></p>
    </center>

2t2c
::::

.. raw:: html

    <a name="64b-2t2c-base-dpdk-testpmd"></a>
    <center>
    Links to builds:
    <a href="https://packagecloud.io/app/fdio/master/search?dist=ubuntu%2Fbionic" target="_blank">vpp-ref</a>,
    <a href="https://jenkins.fd.io/view/csit/job/csit-vpp-perf-mrr-daily-master" target="_blank">csit-ref</a>
    <iframe width="1100" height="800" frameborder="0" scrolling="no" src="../_static/vpp/3n-hsw-xl710-64b-2t2c-vhost-base-dpdk-testpmd.html"></iframe>
    <p><br></p>
    </center>

4t4c
::::

.. raw:: html

    <a name="64b-4t4c-base-dpdk-testpmd"></a>
    <center>
    Links to builds:
    <a href="https://packagecloud.io/app/fdio/master/search?dist=ubuntu%2Fbionic" target="_blank">vpp-ref</a>,
    <a href="https://jenkins.fd.io/view/csit/job/csit-vpp-perf-mrr-daily-master" target="_blank">csit-ref</a>
    <iframe width="1100" height="800" frameborder="0" scrolling="no" src="../_static/vpp/3n-hsw-xl710-64b-4t4c-vhost-base-dpdk-testpmd.html"></iframe>
    <p><br></p>
    </center>

64b-vhost-base-dpdk-vpp
```````````````````````

1t1c
::::

.. raw:: html

    <a name="64b-1t1c-base-dpdk-vpp"></a>
    <center>
    Links to builds:
    <a href="https://packagecloud.io/app/fdio/master/search?dist=ubuntu%2Fbionic" target="_blank">vpp-ref</a>,
    <a href="https://jenkins.fd.io/view/csit/job/csit-vpp-perf-mrr-daily-master" target="_blank">csit-ref</a>
    <iframe width="1100" height="800" frameborder="0" scrolling="no" src="../_static/vpp/3n-hsw-xl710-64b-1t1c-vhost-base-dpdk-vpp.html"></iframe>
    <p><br></p>
    </center>

2t2c
::::

.. raw:: html

    <a name="-64b-2t2c-base-dpdk-vpp"></a>
    <center>
    Links to builds:
    <a href="https://packagecloud.io/app/fdio/master/search?dist=ubuntu%2Fbionic" target="_blank">vpp-ref</a>,
    <a href="https://jenkins.fd.io/view/csit/job/csit-vpp-perf-mrr-daily-master" target="_blank">csit-ref</a>
    <iframe width="1100" height="800" frameborder="0" scrolling="no" src="../_static/vpp/3n-hsw-xl710-64b-2t2c-vhost-base-dpdk-vpp.html"></iframe>
    <p><br></p>
    </center>

4t4c
::::

.. raw:: html

    <a name="64b-4t4c-base-dpdk-vpp"></a>
    <center>
    Links to builds:
    <a href="https://packagecloud.io/app/fdio/master/search?dist=ubuntu%2Fbionic" target="_blank">vpp-ref</a>,
    <a href="https://jenkins.fd.io/view/csit/job/csit-vpp-perf-mrr-daily-master" target="_blank">csit-ref</a>
    <iframe width="1100" height="800" frameborder="0" scrolling="no" src="../_static/vpp/3n-hsw-xl710-64b-4t4c-vhost-base-dpdk-vpp.html"></iframe>
    <p><br></p>
    </center>