diff options
author | Filip Varga <fivarga@cisco.com> | 2019-11-27 17:40:29 +0100 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2019-12-12 13:34:41 +0000 |
commit | e6eaa24f156e908dcbb92209c4f50f8da8066d79 (patch) | |
tree | 007eba33779e250fef6b8a7be58e3cf0a8f43c8c /src/plugins/nat/nat.c | |
parent | b644eb54f268b7cd321bdd35632b31112c6783c6 (diff) |
nat: session cleanup fix
Ticket: VPP-1795
Type: fix
Change-Id: Ib3b5742119d7013c293a11eb3dd1aadf46b422dd
Signed-off-by: Filip Varga <fivarga@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat.c')
-rwxr-xr-x | src/plugins/nat/nat.c | 68 |
1 files changed, 46 insertions, 22 deletions
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index ee70b0f00ab..d85fb267bed 100755 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -462,6 +462,7 @@ nat_ed_session_alloc (snat_main_t * sm, snat_user_t * u, u32 thread_index, u->sessions_per_user_list_head_index); oldest_elt = pool_elt_at_index (tsm->list_pool, oldest_index); s = pool_elt_at_index (tsm->sessions, oldest_elt->value); + sess_timeout_time = s->last_heard + (f64) nat44_session_get_timeout (sm, s); if (now >= sess_timeout_time) { @@ -2318,10 +2319,8 @@ snat_init (vlib_main_t * vm) sm->fq_in2out_index = ~0; sm->fq_in2out_output_index = ~0; sm->fq_out2in_index = ~0; - sm->udp_timeout = SNAT_UDP_TIMEOUT; - sm->tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT; - sm->tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT; - sm->icmp_timeout = SNAT_ICMP_TIMEOUT; + + sm->alloc_addr_and_port = nat_alloc_addr_and_port_default; sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT; sm->forwarding_enabled = 0; @@ -2343,8 +2342,6 @@ snat_init (vlib_main_t * vm) node = vlib_get_node_by_name (vm, (u8 *) "nat-pre-out2in"); sm->pre_out2in_node_index = node->index; - // TODO: output ?? (special node) - node = vlib_get_node_by_name (vm, (u8 *) "nat44-in2out"); sm->in2out_node_index = node->index; node = vlib_get_node_by_name (vm, (u8 *) "nat44-in2out-output"); @@ -3749,24 +3746,36 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) { snat_main_t *sm = &snat_main; nat66_main_t *nm = &nat66_main; - u32 translation_buckets = 1024; - u32 translation_memory_size = 128 << 20; - u32 user_buckets = 128; - u32 user_memory_size = 64 << 20; - u32 max_translations_per_user = 100; - u32 outside_vrf_id = 0; - u32 outside_ip6_vrf_id = 0; - u32 inside_vrf_id = 0; + dslite_main_t *dm = &dslite_main; + snat_main_per_thread_data_t *tsm; + u32 static_mapping_buckets = 1024; u32 static_mapping_memory_size = 64 << 20; + u32 nat64_bib_buckets = 1024; u32 nat64_bib_memory_size = 128 << 20; + u32 nat64_st_buckets = 2048; u32 nat64_st_memory_size = 256 << 20; + + u32 user_buckets = 128; + u32 user_memory_size = 64 << 20; + u32 translation_buckets = 1024; + u32 translation_memory_size = 128 << 20; + + u32 max_translations_per_user = ~0; + + u32 outside_vrf_id = 0; + u32 outside_ip6_vrf_id = 0; + u32 inside_vrf_id = 0; u8 static_mapping_only = 0; u8 static_mapping_connection_tracking = 0; - snat_main_per_thread_data_t *tsm; - dslite_main_t *dm = &dslite_main; + + u32 udp_timeout = SNAT_UDP_TIMEOUT; + u32 icmp_timeout = SNAT_ICMP_TIMEOUT; + + u32 tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT; + u32 tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT; sm->deterministic = 0; sm->out2in_dpo = 0; @@ -3777,6 +3786,14 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) if (unformat (input, "translation hash buckets %d", &translation_buckets)) ; + else if (unformat (input, "udp timeout %d", &udp_timeout)) + ; + else if (unformat (input, "icmp timeout %d", &icmp_timeout)) + ; + else if (unformat (input, "tcp transitory timeout %d", + &tcp_transitory_timeout)); + else if (unformat (input, "tcp established timeout %d", + &tcp_established_timeout)); else if (unformat (input, "translation hash memory %d", &translation_memory_size)); else if (unformat (input, "user hash buckets %d", &user_buckets)) @@ -3835,14 +3852,23 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) return clib_error_return (0, "out2in dpo mode available only for simple nat"); - /* for show commands, etc. */ + /* optionally configurable timeouts for testing purposes */ + sm->udp_timeout = udp_timeout; + sm->icmp_timeout = icmp_timeout; + sm->tcp_transitory_timeout = tcp_transitory_timeout; + sm->tcp_established_timeout = tcp_established_timeout; + + sm->user_buckets = user_buckets; + sm->user_memory_size = user_memory_size; + sm->translation_buckets = translation_buckets; sm->translation_memory_size = translation_memory_size; + /* do not exceed load factor 10 */ sm->max_translations = 10 * translation_buckets; - sm->user_buckets = user_buckets; - sm->user_memory_size = user_memory_size; - sm->max_translations_per_user = max_translations_per_user; + sm->max_translations_per_user = max_translations_per_user == ~0 ? + sm->max_translations : max_translations_per_user; + sm->outside_vrf_id = outside_vrf_id; sm->outside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, outside_vrf_id, @@ -3878,7 +3904,6 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) sm->handoff_out2in_index = nat_pre_out2in_node.index; sm->handoff_in2out_index = nat_pre_in2out_node.index; - // TODO: test sm->handoff_in2out_output_index = nat44_ed_in2out_output_node.index; sm->in2out_node_index = nat44_ed_in2out_node.index; @@ -3898,7 +3923,6 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) sm->handoff_out2in_index = snat_in2out_node.index; sm->handoff_in2out_index = snat_out2in_node.index; - // TODO: test sm->handoff_in2out_output_index = snat_in2out_output_node.index; sm->in2out_node_index = snat_in2out_node.index; |