NAT44: add support for session timeout (VPP-1272)

NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired sessions. When inserting to session lookup hash and bucket is full, expired session is overwritten. Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d Signed-off-by: Matus Fabian <matfabia@cisco.com>
author: Matus Fabian <matfabia@cisco.com> 2018-08-23 00:33:35 -0700
committer: Ole Trøan <otroan@employees.org> 2018-08-27 12:17:25 +0000
commit: 878c646aea9b9ccf68011ffd964694c43bbe5fdd (patch)
tree: 4acfaf8c3e35e2c2e334ae8495fdd52c49b5a791 /src/plugins/nat/nat44_cli.c
parent: d2dcd200fe2e94f6408155f6c38e7f570dbe1183 (diff)
1 files changed, 78 insertions, 50 deletions
diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c
index e4fd0caa302..e51f6d68511 100644
--- a/src/plugins/nat/nat44_cli.c
+++ b/src/plugins/nat/nat44_cli.c
@@ -20,6 +20,7 @@
 #include <nat/nat.h>
 #include <nat/nat_ipfix_logging.h>
 #include <nat/nat_det.h>
+#include <nat/nat64.h>
 #include <nat/nat_inlines.h>
 #include <vnet/fib/fib_table.h>
 
@@ -978,8 +979,9 @@ nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
     {
       tsm = vec_elt_at_index (sm->per_thread_data, i);
 
-      vlib_cli_output (vm, "-------- thread %d %s --------\n",
-                       i, vlib_worker_threads[i].name);
+      vlib_cli_output (vm, "-------- thread %d %s: %d sessions --------\n",
+                       i, vlib_worker_threads[i].name,
+                       pool_elts (tsm->sessions));
       pool_foreach (u, tsm->users,
       ({
         vlib_cli_output (vm, "  %U", format_snat_user, tsm, u, verbose);
@@ -1307,9 +1309,6 @@ set_timeout_command_fn (vlib_main_t * vm,
   unformat_input_t _line_input, *line_input = &_line_input;
   clib_error_t *error = 0;
 
-  if (!sm->deterministic)
-    return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
-
   /* Get a line of input. */
   if (!unformat_user (input, unformat_line_input, line_input))
     return 0;
@@ -1317,21 +1316,54 @@ set_timeout_command_fn (vlib_main_t * vm,
   while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
     {
       if (unformat (line_input, "udp %u", &sm->udp_timeout))
-	;
+	{
+	  if (nat64_set_udp_timeout (sm->udp_timeout))
+	    {
+	      error = clib_error_return (0, "Invalid UDP timeout value");
+	      goto done;
+	    }
+	}
       else if (unformat (line_input, "tcp-established %u",
 			 &sm->tcp_established_timeout))
-	;
+	{
+	  if (nat64_set_tcp_timeouts
+	      (sm->tcp_transitory_timeout, sm->tcp_established_timeout))
+	    {
+	      error =
+		clib_error_return (0,
+				   "Invalid TCP established timeouts value");
+	      goto done;
+	    }
+	}
       else if (unformat (line_input, "tcp-transitory %u",
 			 &sm->tcp_transitory_timeout))
-	;
+	{
+	  if (nat64_set_tcp_timeouts
+	      (sm->tcp_transitory_timeout, sm->tcp_established_timeout))
+	    {
+	      error =
+		clib_error_return (0,
+				   "Invalid TCP transitory timeouts value");
+	      goto done;
+	    }
+	}
       else if (unformat (line_input, "icmp %u", &sm->icmp_timeout))
-	;
+	{
+	  if (nat64_set_icmp_timeout (sm->icmp_timeout))
+	    {
+	      error = clib_error_return (0, "Invalid ICMP timeout value");
+	      goto done;
+	    }
+	}
       else if (unformat (line_input, "reset"))
 	{
 	  sm->udp_timeout = SNAT_UDP_TIMEOUT;
 	  sm->tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
 	  sm->tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
 	  sm->icmp_timeout = SNAT_ICMP_TIMEOUT;
+	  nat64_set_udp_timeout (0);
+	  nat64_set_icmp_timeout (0);
+	  nat64_set_tcp_timeouts (0, 0);
 	}
       else
 	{
@@ -1348,15 +1380,12 @@ done:
 }
 
 static clib_error_t *
-nat44_det_show_timeouts_command_fn (vlib_main_t * vm,
-				    unformat_input_t * input,
-				    vlib_cli_command_t * cmd)
+nat_show_timeouts_command_fn (vlib_main_t * vm,
+			      unformat_input_t * input,
+			      vlib_cli_command_t * cmd)
 {
   snat_main_t *sm = &snat_main;
 
-  if (!sm->deterministic)
-    return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
-
   vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
   vlib_cli_output (vm, "tcp-established timeout: %dsec",
 		   sm->tcp_established_timeout);
@@ -1544,6 +1573,40 @@ VLIB_CLI_COMMAND (nat_show_workers_command, static) = {
 
 /*?
  * @cliexpar
+ * @cliexstart{set nat timeout}
+ * Set values of timeouts for NAT sessions (in seconds), use:
+ *  vpp# set nat timeout udp 120 tcp-established 7500 tcp-transitory 250 icmp 90
+ * To reset default values use:
+ *  vpp# set nat44 deterministic timeout reset
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (set_timeout_command, static) = {
+  .path = "set nat timeout",
+  .function = set_timeout_command_fn,
+  .short_help =
+    "set nat timeout [udp <sec> | tcp-established <sec> "
+    "tcp-transitory <sec> | icmp <sec> | reset]",
+};
+
+/*?
+ * @cliexpar
+ * @cliexstart{show nat timeouts}
+ * Show values of timeouts for NAT sessions.
+ * vpp# show nat timeouts
+ * udp timeout: 300sec
+ * tcp-established timeout: 7440sec
+ * tcp-transitory timeout: 240sec
+ * icmp timeout: 60sec
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = {
+  .path = "show nat timeouts",
+  .short_help = "show nat timeouts",
+  .function = nat_show_timeouts_command_fn,
+};
+
+/*?
+ * @cliexpar
  * @cliexstart{snat ipfix logging}
  * To enable NAT IPFIX logging use:
  *  vpp# nat ipfix logging
@@ -1893,41 +1956,6 @@ VLIB_CLI_COMMAND (snat_det_reverse_command, static) = {
 
 /*?
  * @cliexpar
- * @cliexstart{set nat44 deterministic timeout}
- * Set values of timeouts for deterministic NAT (in seconds), use:
- *  vpp# set nat44 deterministic timeout udp 120 tcp-established 7500
- *  tcp-transitory 250 icmp 90
- * To reset default values use:
- *  vpp# set nat44 deterministic timeout reset
- * @cliexend
-?*/
-VLIB_CLI_COMMAND (set_timeout_command, static) = {
-  .path = "set nat44 deterministic timeout",
-  .function = set_timeout_command_fn,
-  .short_help =
-    "set nat44 deterministic timeout [udp <sec> | tcp-established <sec> "
-    "tcp-transitory <sec> | icmp <sec> | reset]",
-};
-
-/*?
- * @cliexpar
- * @cliexstart{show nat44 deterministic timeouts}
- * Show values of timeouts for deterministic NAT.
- * vpp# show nat44 deterministic timeouts
- * udp timeout: 300sec
- * tcp-established timeout: 7440sec
- * tcp-transitory timeout: 240sec
- * icmp timeout: 60sec
- * @cliexend
-?*/
-VLIB_CLI_COMMAND (nat44_det_show_timeouts_command, static) = {
-  .path = "show nat44 deterministic timeouts",
-  .short_help = "show nat44 deterministic timeouts",
-  .function = nat44_det_show_timeouts_command_fn,
-};
-
-/*?
- * @cliexpar
  * @cliexstart{show nat44 deterministic sessions}
  * Show NAT44 deterministic sessions.
  * vpp# show nat44 deterministic sessions
author	Matus Fabian <matfabia@cisco.com>	2018-08-23 00:33:35 -0700
committer	Ole Trøan <otroan@employees.org>	2018-08-27 12:17:25 +0000
commit	878c646aea9b9ccf68011ffd964694c43bbe5fdd (patch)
tree	4acfaf8c3e35e2c2e334ae8495fdd52c49b5a791 /src/plugins/nat/nat44_cli.c
parent	d2dcd200fe2e94f6408155f6c38e7f570dbe1183 (diff)