cnat: Fix conflicting rsession

When dNAT-ing to a VIP, it can happen that the return session conflicts with another forward session than the one we own. This patchs adds a rsession_flags CNAT_SESSION_RETRY_SNAT that makes cnat_session_create search for a free src port to use for the resulting return session. It also makes forward & return session share their fate in the session scanner. Type: fix Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
author: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> 2022-02-02 19:31:43 +0100
committer: Beno�t Ganne <bganne@cisco.com> 2022-03-18 11:33:51 +0000
commit: 762cfd408b16b6ab43ade3ab491292b93bdeb9b3 (patch)
tree: 3b303cb9db68a8003aca57820174b03902f3c714 /src/plugins/cnat/cnat_node_feature.c
parent: 6798e9ec34a49df008ecb7f84559e531f6c0d651 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/plugins/cnat/cnat_node_feature.c b/src/plugins/cnat/cnat_node_feature.c
index aced4cd0a15..76aa893983d 100644
--- a/src/plugins/cnat/cnat_node_feature.c
+++ b/src/plugins/cnat/cnat_node_feature.c
@@ -321,7 +321,8 @@ cnat_output_feature_fn (vlib_main_t *vm, vlib_node_runtime_t *node,
 
       trace_flags |= CNAT_TRACE_SESSION_CREATED;
       cnat_session_create (session, ctx, CNAT_LOCATION_INPUT,
-			   CNAT_SESSION_FLAG_NO_CLIENT);
+			   CNAT_SESSION_FLAG_NO_CLIENT |
+			     CNAT_SESSION_RETRY_SNAT);
     }
 
   if (AF_IP4 == ctx->af)
author	Nathan Skrzypczak <nathan.skrzypczak@gmail.com>	2022-02-02 19:31:43 +0100
committer	Beno�t Ganne <bganne@cisco.com>	2022-03-18 11:33:51 +0000
commit	762cfd408b16b6ab43ade3ab491292b93bdeb9b3 (patch)
tree	3b303cb9db68a8003aca57820174b03902f3c714 /src/plugins/cnat/cnat_node_feature.c
parent	6798e9ec34a49df008ecb7f84559e531f6c0d651 (diff)