diff options
| author |   Vladislav Grishenko <themiron@yandex-team.ru> | 2022-09-05 10:32:46 +0500 |
|---|---|---|
| committer |   Ole Tr�an <otroan@employees.org> | 2023-09-13 16:56:19 +0000 |
| commit | 5b3e04c74f188dbe6c4edab57e555ee3a01fb8f7 (patch) | |
| tree | 5ea9b2e8252c760c316cb061535d4ae7ab5a51d4 | |
| parent | e8a1dbf8da086da24f6bb8ce647e2e898c20df55 (diff) | |
nat: fix nat44_ed set_session_limit crash
Setting session limit should return error for unknown fib.
Optimize max_translations_per_fib expanding and drop unnecessary
trailing fib entry.
Type: fix
Change-Id: Ie7d2b363ade48f53598faa617a49cce7b2db6400
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
| -rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed.c | 12 | ||||
| -rw-r--r-- | test/test_nat44_ed.py | 7 |
2 files changed, 9 insertions, 10 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c index 5eee893f2fd..08e577747c3 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed.c +++ b/src/plugins/nat/nat44-ed/nat44_ed.c @@ -3240,16 +3240,12 @@ nat44_set_session_limit (u32 session_limit, u32 vrf_id) { snat_main_t *sm = &snat_main; u32 fib_index = fib_table_find (FIB_PROTOCOL_IP4, vrf_id); - u32 len = vec_len (sm->max_translations_per_fib); - if (len <= fib_index) - { - vec_validate (sm->max_translations_per_fib, fib_index + 1); - - for (; len < vec_len (sm->max_translations_per_fib); len++) - sm->max_translations_per_fib[len] = sm->max_translations_per_thread; - } + if (~0 == fib_index) + return -1; + vec_validate_init_empty (sm->max_translations_per_fib, fib_index, + sm->max_translations_per_thread); sm->max_translations_per_fib[fib_index] = session_limit; return 0; } diff --git a/test/test_nat44_ed.py b/test/test_nat44_ed.py index 323249e4424..d4dd4be5d89 100644 --- a/test/test_nat44_ed.py +++ b/test/test_nat44_ed.py @@ -2939,10 +2939,13 @@ class TestNAT44EDMW(TestNAT44ED): limit = 5 - # 2 interfaces pg0, pg1 (vrf10, limit 1 tcp session) - # non existing vrf_id makes process core dump + # 2 interfaces pg0, pg1 (vrf10, limit 5 tcp sessions) self.vapi.nat44_set_session_limit(session_limit=limit, vrf_id=10) + # expect error when bad is specified + with self.vapi.assert_negative_api_retval(): + self.vapi.nat44_set_session_limit(session_limit=limit, vrf_id=20) + self.nat_add_inside_interface(inside) self.nat_add_inside_interface(inside_vrf10) self.nat_add_outside_interface(outside) |