nat: add ipfix rate-limiter for nat44-ed, nat44-ei and nat64

This prevents ipfix flood with the repeating events and allows to enable nat64 max_session and max_bibs events. Also fix wrong endian for det44 and nat64 ipfix tests, now should be fine with extended tests enabled. Max session per user event @ nat44-ei requires more precise rate limiter per user address, probably with sparse vec, not handled. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
author: Vladislav Grishenko <themiron@yandex-team.ru> 2023-09-14 22:14:38 +0500
committer: Ole Tr�an <otroan@employees.org> 2023-10-16 13:13:00 +0000
commit: da34f4add5f141d58670d81d53553986e9a472b4 (patch)
tree: da22aadb4d979440daf735ec8640f87a204fef55 /src/plugins/nat/lib/ipfix_logging.h
parent: ff344a98afd2057cd0df312a9d7277a95853fd0a (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/plugins/nat/lib/ipfix_logging.h b/src/plugins/nat/lib/ipfix_logging.h
index 0b8f568e1b1..dc7927a160c 100644
--- a/src/plugins/nat/lib/ipfix_logging.h
+++ b/src/plugins/nat/lib/ipfix_logging.h
@@ -108,6 +108,10 @@ typedef struct {
   /** nat data callbacks call counter */
   u16 call_counter;
 
+  /** rate-limit locks */
+  clib_spinlock_t addr_exhausted_lock;
+  clib_spinlock_t max_sessions_lock;
+  clib_spinlock_t max_bibs_lock;
 } nat_ipfix_logging_main_t;
 
 extern nat_ipfix_logging_main_t nat_ipfix_logging_main;
author	Vladislav Grishenko <themiron@yandex-team.ru>	2023-09-14 22:14:38 +0500
committer	Ole Tr�an <otroan@employees.org>	2023-10-16 13:13:00 +0000
commit	da34f4add5f141d58670d81d53553986e9a472b4 (patch)
tree	da22aadb4d979440daf735ec8640f87a204fef55 /src/plugins/nat/lib/ipfix_logging.h
parent	ff344a98afd2057cd0df312a9d7277a95853fd0a (diff)