diff options
| author |   Matthew Smith <mgsmith@netgate.com> | 2018-03-23 08:30:16 -0500 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2018-03-24 07:24:13 +0000 |
| commit | f0d0ddbff287f06441f7256fd50181f9f2194d49 (patch) | |
| tree | 2a695c27d17042dbb4dc22103872c06579415dcb /build-root | |
| parent | 1f2f4b70556ea2ee626f9558ea55e31d29017d42 (diff) | |
User session counters stay <= per-user limit
When a user session is allocated/reused, only increase
one of the session counters for that user if the counters
are below the per-user limit.
THis addresses a SEGV that arises after the following
sequence of events:
- an outside interface IP address is put in a pool
- a user exceeds the number of per-user translations by
an amount greater than the number of per-user translations
(nsessions + nstaticsessions > 100 + 100)
- the outside interface IP address is deleted and then added
again (observed when using DHCP client, likely happens if
address changed via CLI, API also)
- the user sends more packets that should be translated
When nsessions is > the per-user limit,
nat_session_alloc_or_recycle() reclaims the oldest existing
user session. When an outside address is deleted, the
corresponding user sessions are deleted. If the counters were
far above the per-user limit, the deletions wouldn't result
in the counters dropping back below the limit. So no session
could be reclaimed -> SEGV.
Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Diffstat (limited to 'build-root')
0 files changed, 0 insertions, 0 deletions