summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2018-08-14 05:14:55 -0700
committerOle Trøan <otroan@employees.org>2018-08-15 07:10:05 +0000
commit8fed4240be68b2b4b4b6c531233044f3f1ac70c4 (patch)
treedc4bd618112f64794c96959e4a351a9e23548477
parentb11f903ae8824568c5e1bf8312dcf83c7b58b5ee (diff)
NAT64: fix TCP session expire (VPP-1390)
Add missing call of nat64_tcp_session_set_state to set TCP session state. Change-Id: Ifd297ea3ffe20870e1e34a95449b5c9404ec13eb Signed-off-by: Matus Fabian <matfabia@cisco.com>
-rw-r--r--src/plugins/nat/nat64_in2out.c12
-rw-r--r--src/plugins/nat/nat64_out2in.c15
-rw-r--r--test/test_nat.py6
3 files changed, 23 insertions, 10 deletions
diff --git a/src/plugins/nat/nat64_in2out.c b/src/plugins/nat/nat64_in2out.c
index cdfe9b8d80c..718c69d7bdf 100644
--- a/src/plugins/nat/nat64_in2out.c
+++ b/src/plugins/nat/nat64_in2out.c
@@ -224,8 +224,6 @@ nat64_in2out_tcp_udp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
return -1;
}
- nat64_session_reset_timeout (ste, ctx->vm);
-
ip4->src_address.as_u32 = bibe->out_addr.as_u32;
udp->src_port = bibe->out_port;
@@ -237,12 +235,15 @@ nat64_in2out_tcp_udp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
ip_csum_t csum;
tcp_header_t *tcp = ip6_next_header (ip6);
+ nat64_tcp_session_set_state (ste, tcp, 1);
checksum = &tcp->checksum;
csum = ip_csum_sub_even (*checksum, sport);
csum = ip_csum_add_even (csum, udp->src_port);
*checksum = ip_csum_fold (csum);
}
+ nat64_session_reset_timeout (ste, ctx->vm);
+
return 0;
}
@@ -636,6 +637,9 @@ nat64_in2out_tcp_udp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
return -1;
}
+ if (proto == IP_PROTOCOL_TCP)
+ nat64_tcp_session_set_state (ste, tcp, 1);
+
nat64_session_reset_timeout (ste, vm);
sport = udp->src_port = bibe->out_port;
@@ -1203,6 +1207,7 @@ nat64_in2out_frag_set_cb (ip6_header_t * ip6, ip4_header_t * ip4, void *arg)
ip_csum_t csum;
tcp_header_t *tcp = (tcp_header_t *) udp;
+ nat64_tcp_session_set_state (ste, tcp, 1);
checksum = &tcp->checksum;
csum = ip_csum_sub_even (*checksum, tcp->src_port);
csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[0]);
@@ -1263,6 +1268,9 @@ nat64_in2out_frag_hairpinning (vlib_buffer_t * b, ip6_header_t * ip6,
if (!bibe)
return -1;
+ if (ctx->proto == IP_PROTOCOL_TCP)
+ nat64_tcp_session_set_state (ste, tcp, 1);
+
nat64_session_reset_timeout (ste, ctx->vm);
sport = bibe->out_port;
diff --git a/src/plugins/nat/nat64_out2in.c b/src/plugins/nat/nat64_out2in.c
index f7d4dd417f5..d4b0c3987f9 100644
--- a/src/plugins/nat/nat64_out2in.c
+++ b/src/plugins/nat/nat64_out2in.c
@@ -160,8 +160,6 @@ nat64_out2in_tcp_udp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
nat64_db_st_entry_create (db, bibe, &ip6_saddr, &saddr.ip4, sport);
}
- nat64_session_reset_timeout (ste, ctx->vm);
-
ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
@@ -172,13 +170,19 @@ nat64_out2in_tcp_udp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
if (proto == IP_PROTOCOL_UDP)
checksum = &udp->checksum;
else
- checksum = &tcp->checksum;
+ {
+ checksum = &tcp->checksum;
+ nat64_tcp_session_set_state (ste, tcp, 0);
+ }
+
csum = ip_csum_sub_even (*checksum, dport);
csum = ip_csum_add_even (csum, udp->dst_port);
*checksum = ip_csum_fold (csum);
vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
+ nat64_session_reset_timeout (ste, ctx->vm);
+
return 0;
}
@@ -573,8 +577,6 @@ nat64_out2in_frag_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
if (!bibe)
return -1;
- nat64_session_reset_timeout (ste, ctx->vm);
-
if (ctx->first_frag)
{
udp->dst_port = bibe->in_port;
@@ -615,6 +617,7 @@ nat64_out2in_frag_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
else
{
tcp_header_t *tcp = ip4_next_header (ip4);
+ nat64_tcp_session_set_state (ste, tcp, 0);
checksum = &tcp->checksum;
csum = ip_csum_sub_even (*checksum, bibe->out_addr.as_u32);
csum = ip_csum_sub_even (csum, ste->out_r_addr.as_u32);
@@ -637,6 +640,8 @@ nat64_out2in_frag_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
+ nat64_session_reset_timeout (ste, ctx->vm);
+
return 0;
}
diff --git a/test/test_nat.py b/test/test_nat.py
index 0d723b0a688..424b92c6e34 100644
--- a/test/test_nat.py
+++ b/test/test_nat.py
@@ -5943,7 +5943,7 @@ class TestNAT64(MethodHolder):
self.nat_addr_n)
self.vapi.nat64_add_del_interface(self.pg0.sw_if_index)
self.vapi.nat64_add_del_interface(self.pg1.sw_if_index, is_inside=0)
- self.vapi.nat64_set_timeouts(icmp=5)
+ self.vapi.nat64_set_timeouts(icmp=5, tcp_trans=5, tcp_est=5)
pkts = self.create_stream_in_ip6(self.pg0, self.pg1)
self.pg0.add_stream(pkts)
@@ -5955,9 +5955,9 @@ class TestNAT64(MethodHolder):
sleep(15)
- # ICMP session after timeout
+ # ICMP and TCP session after timeout
ses_num_after_timeout = self.nat64_get_ses_num()
- self.assertNotEqual(ses_num_before_timeout, ses_num_after_timeout)
+ self.assertEqual(ses_num_before_timeout - ses_num_after_timeout, 2)
def test_icmp_error(self):
""" NAT64 ICMP Error message translation """