NAT44: delete closed TCP session (VPP-1274)

Change-Id: Id25b447bddccb7b321123e4abc4134e7261a0807
Signed-off-by: Matus Fabian <matfabia@cisco.com>

1 files changed, 23 insertions, 14 deletions

diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index d3369b6b49c..4a0d2653a81 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -535,7 +535,8 @@ nat_not_translate_output_feature_fwd (snat_main_t * sm, ip4_header_t * ip,
           if (ip->protocol == IP_PROTOCOL_TCP)
             {
               tcp_header_t *tcp = ip4_next_header(ip);
-              nat44_set_tcp_session_state (sm, s, tcp, thread_index);
+              if (nat44_set_tcp_session_state (sm, s, tcp, thread_index))
+                return 1;
             }
           /* Per-user LRU list maintenance */
           clib_dlist_remove (tsm->list_pool, s->per_user_index);
@@ -1376,7 +1377,10 @@ snat_in2out_lb (snat_main_t *sm,
       if (is_fwd_bypass_session (s))
         {
           if (ip->protocol == IP_PROTOCOL_TCP)
-            nat44_set_tcp_session_state (sm, s, tcp, thread_index);
+            {
+              if (nat44_set_tcp_session_state (sm, s, tcp, thread_index))
+                return 0;
+            }
           /* Per-user LRU list maintenance */
           clib_dlist_remove (tsm->list_pool, s->per_user_index);
           clib_dlist_addtail (tsm->list_pool, s->per_user_list_head_index,
@@ -1450,6 +1454,9 @@ snat_in2out_lb (snat_main_t *sm,
                           s->ext_host_addr.as_u32, ip4_header_t, dst_address);
   ip->checksum = ip_csum_fold (sum);
 
+  if (vnet_buffer(b)->sw_if_index[VLIB_TX] == ~0)
+    vnet_buffer(b)->sw_if_index[VLIB_TX] = sm->outside_fib_index;
+
   if (PREDICT_TRUE(proto == SNAT_PROTOCOL_TCP))
     {
       old_port = tcp->src_port;
@@ -1470,7 +1477,8 @@ snat_in2out_lb (snat_main_t *sm,
           ip->dst_address.as_u32 = s->ext_host_addr.as_u32;
         }
       tcp->checksum = ip_csum_fold(sum);
-      nat44_set_tcp_session_state (sm, s, tcp, thread_index);
+      if (nat44_set_tcp_session_state (sm, s, tcp, thread_index))
+        return s;
     }
   else
     {
@@ -1483,9 +1491,6 @@ snat_in2out_lb (snat_main_t *sm,
       udp->checksum = 0;
     }
 
-  if (vnet_buffer(b)->sw_if_index[VLIB_TX] == ~0)
-    vnet_buffer(b)->sw_if_index[VLIB_TX] = sm->outside_fib_index;
-
   /* Accounting */
   s->last_heard = now;
   s->total_pkts++;
@@ -1729,7 +1734,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
                                      ip4_header_t /* cheat */,
                                      length /* changed member */);
               tcp0->checksum = ip_csum_fold(sum0);
-              nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
+              if (nat44_set_tcp_session_state (sm, s0, tcp0, thread_index))
+                goto trace00;
             }
           else
             {
@@ -1922,7 +1928,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
                                      ip4_header_t /* cheat */,
                                      length /* changed member */);
               tcp1->checksum = ip_csum_fold(sum1);
-              nat44_set_tcp_session_state (sm, s1, tcp1, thread_index);
+              if (nat44_set_tcp_session_state (sm, s1, tcp1, thread_index))
+                goto trace01;
             }
           else
             {
@@ -2152,7 +2159,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
                                      ip4_header_t /* cheat */,
                                      length /* changed member */);
               tcp0->checksum = ip_csum_fold(sum0);
-              nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
+              if (nat44_set_tcp_session_state (sm, s0, tcp0, thread_index))
+                goto trace0;
             }
           else
             {
@@ -2669,6 +2677,10 @@ nat44_in2out_reass_node_fn (vlib_main_t * vm,
                                  src_address /* changed member */);
           ip0->checksum = ip_csum_fold (sum0);
 
+          /* Hairpinning */
+          nat44_reass_hairpinning (sm, b0, ip0, s0->out2in.port,
+                                   s0->ext_host_port, proto0);
+
           if (PREDICT_FALSE (ip4_is_first_fragment (ip0)))
             {
               if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
@@ -2685,7 +2697,8 @@ nat44_in2out_reass_node_fn (vlib_main_t * vm,
                                          ip4_header_t /* cheat */,
                                          length /* changed member */);
                   tcp0->checksum = ip_csum_fold(sum0);
-                  nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
+                  if (nat44_set_tcp_session_state (sm, s0, tcp0, thread_index))
+                    goto trace0;
                 }
               else
                 {
@@ -2695,10 +2708,6 @@ nat44_in2out_reass_node_fn (vlib_main_t * vm,
                 }
             }
 
-          /* Hairpinning */
-          nat44_reass_hairpinning (sm, b0, ip0, s0->out2in.port,
-                                   s0->ext_host_port, proto0);
-
           /* Accounting */
           s0->last_heard = now;
           s0->total_pkts++;