summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat.c
diff options
context:
space:
mode:
authorFilip Varga <fivarga@cisco.com>2019-11-27 17:40:29 +0100
committerOle Trøan <otroan@employees.org>2019-12-12 13:34:41 +0000
commite6eaa24f156e908dcbb92209c4f50f8da8066d79 (patch)
tree007eba33779e250fef6b8a7be58e3cf0a8f43c8c /src/plugins/nat/nat.c
parentb644eb54f268b7cd321bdd35632b31112c6783c6 (diff)
nat: session cleanup fix
Ticket: VPP-1795 Type: fix Change-Id: Ib3b5742119d7013c293a11eb3dd1aadf46b422dd Signed-off-by: Filip Varga <fivarga@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat.c')
-rwxr-xr-xsrc/plugins/nat/nat.c68
1 files changed, 46 insertions, 22 deletions
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index ee70b0f00ab..d85fb267bed 100755
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -462,6 +462,7 @@ nat_ed_session_alloc (snat_main_t * sm, snat_user_t * u, u32 thread_index,
u->sessions_per_user_list_head_index);
oldest_elt = pool_elt_at_index (tsm->list_pool, oldest_index);
s = pool_elt_at_index (tsm->sessions, oldest_elt->value);
+
sess_timeout_time = s->last_heard + (f64) nat44_session_get_timeout (sm, s);
if (now >= sess_timeout_time)
{
@@ -2318,10 +2319,8 @@ snat_init (vlib_main_t * vm)
sm->fq_in2out_index = ~0;
sm->fq_in2out_output_index = ~0;
sm->fq_out2in_index = ~0;
- sm->udp_timeout = SNAT_UDP_TIMEOUT;
- sm->tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
- sm->tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
- sm->icmp_timeout = SNAT_ICMP_TIMEOUT;
+
+
sm->alloc_addr_and_port = nat_alloc_addr_and_port_default;
sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT;
sm->forwarding_enabled = 0;
@@ -2343,8 +2342,6 @@ snat_init (vlib_main_t * vm)
node = vlib_get_node_by_name (vm, (u8 *) "nat-pre-out2in");
sm->pre_out2in_node_index = node->index;
- // TODO: output ?? (special node)
-
node = vlib_get_node_by_name (vm, (u8 *) "nat44-in2out");
sm->in2out_node_index = node->index;
node = vlib_get_node_by_name (vm, (u8 *) "nat44-in2out-output");
@@ -3749,24 +3746,36 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
{
snat_main_t *sm = &snat_main;
nat66_main_t *nm = &nat66_main;
- u32 translation_buckets = 1024;
- u32 translation_memory_size = 128 << 20;
- u32 user_buckets = 128;
- u32 user_memory_size = 64 << 20;
- u32 max_translations_per_user = 100;
- u32 outside_vrf_id = 0;
- u32 outside_ip6_vrf_id = 0;
- u32 inside_vrf_id = 0;
+ dslite_main_t *dm = &dslite_main;
+ snat_main_per_thread_data_t *tsm;
+
u32 static_mapping_buckets = 1024;
u32 static_mapping_memory_size = 64 << 20;
+
u32 nat64_bib_buckets = 1024;
u32 nat64_bib_memory_size = 128 << 20;
+
u32 nat64_st_buckets = 2048;
u32 nat64_st_memory_size = 256 << 20;
+
+ u32 user_buckets = 128;
+ u32 user_memory_size = 64 << 20;
+ u32 translation_buckets = 1024;
+ u32 translation_memory_size = 128 << 20;
+
+ u32 max_translations_per_user = ~0;
+
+ u32 outside_vrf_id = 0;
+ u32 outside_ip6_vrf_id = 0;
+ u32 inside_vrf_id = 0;
u8 static_mapping_only = 0;
u8 static_mapping_connection_tracking = 0;
- snat_main_per_thread_data_t *tsm;
- dslite_main_t *dm = &dslite_main;
+
+ u32 udp_timeout = SNAT_UDP_TIMEOUT;
+ u32 icmp_timeout = SNAT_ICMP_TIMEOUT;
+
+ u32 tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
+ u32 tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
sm->deterministic = 0;
sm->out2in_dpo = 0;
@@ -3777,6 +3786,14 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
if (unformat
(input, "translation hash buckets %d", &translation_buckets))
;
+ else if (unformat (input, "udp timeout %d", &udp_timeout))
+ ;
+ else if (unformat (input, "icmp timeout %d", &icmp_timeout))
+ ;
+ else if (unformat (input, "tcp transitory timeout %d",
+ &tcp_transitory_timeout));
+ else if (unformat (input, "tcp established timeout %d",
+ &tcp_established_timeout));
else if (unformat (input, "translation hash memory %d",
&translation_memory_size));
else if (unformat (input, "user hash buckets %d", &user_buckets))
@@ -3835,14 +3852,23 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
return clib_error_return (0,
"out2in dpo mode available only for simple nat");
- /* for show commands, etc. */
+ /* optionally configurable timeouts for testing purposes */
+ sm->udp_timeout = udp_timeout;
+ sm->icmp_timeout = icmp_timeout;
+ sm->tcp_transitory_timeout = tcp_transitory_timeout;
+ sm->tcp_established_timeout = tcp_established_timeout;
+
+ sm->user_buckets = user_buckets;
+ sm->user_memory_size = user_memory_size;
+
sm->translation_buckets = translation_buckets;
sm->translation_memory_size = translation_memory_size;
+
/* do not exceed load factor 10 */
sm->max_translations = 10 * translation_buckets;
- sm->user_buckets = user_buckets;
- sm->user_memory_size = user_memory_size;
- sm->max_translations_per_user = max_translations_per_user;
+ sm->max_translations_per_user = max_translations_per_user == ~0 ?
+ sm->max_translations : max_translations_per_user;
+
sm->outside_vrf_id = outside_vrf_id;
sm->outside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
outside_vrf_id,
@@ -3878,7 +3904,6 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
sm->handoff_out2in_index = nat_pre_out2in_node.index;
sm->handoff_in2out_index = nat_pre_in2out_node.index;
- // TODO: test
sm->handoff_in2out_output_index = nat44_ed_in2out_output_node.index;
sm->in2out_node_index = nat44_ed_in2out_node.index;
@@ -3898,7 +3923,6 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
sm->handoff_out2in_index = snat_in2out_node.index;
sm->handoff_in2out_index = snat_out2in_node.index;
- // TODO: test
sm->handoff_in2out_output_index = snat_in2out_output_node.index;
sm->in2out_node_index = snat_in2out_node.index;