diff options
| author |   Klement Sekera <ksekera@cisco.com> | 2020-03-10 12:32:54 +0100 |
|---|---|---|
| committer |   Ole Trøan <otroan@employees.org> | 2020-03-26 14:56:09 +0000 |
| commit | 1c2ac860ed9a80dac539af6408d70f7dfd2c238e (patch) | |
| tree | 5f418adb4fe3f43d104379179fc2885fc5b64f6a /src/plugins/nat/nat_inlines.h | |
| parent | 65c30ceb92dd79c7b00e8c31119db98d473dbfbb (diff) | |
nat: transitory timeout for TCP CLOSED state
Wait transitory timeout seconds before moving internal state of TCP
session to CLOSED state per RFC 7857. This patch implements this
functionality for endpoint-dependent NAT.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
Diffstat (limited to 'src/plugins/nat/nat_inlines.h')
| -rw-r--r-- | src/plugins/nat/nat_inlines.h | 37 |
1 files changed, 18 insertions, 19 deletions
diff --git a/src/plugins/nat/nat_inlines.h b/src/plugins/nat/nat_inlines.h index f693032a685..bdcfd39dfb7 100644 --- a/src/plugins/nat/nat_inlines.h +++ b/src/plugins/nat/nat_inlines.h @@ -322,8 +322,9 @@ nat44_delete_session (snat_main_t * sm, snat_session_t * ses, @return 1 if session was closed, otherwise 0 */ always_inline int -nat44_set_tcp_session_state_i2o (snat_main_t * sm, snat_session_t * ses, - vlib_buffer_t * b, u32 thread_index) +nat44_set_tcp_session_state_i2o (snat_main_t * sm, f64 now, + snat_session_t * ses, vlib_buffer_t * b, + u32 thread_index) { u8 tcp_flags = vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags; u32 tcp_ack_number = vnet_buffer (b)->ip.reass.tcp_ack_number; @@ -345,22 +346,22 @@ nat44_set_tcp_session_state_i2o (snat_main_t * sm, snat_session_t * ses, if ((tcp_flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_O2I_FIN)) { if (clib_net_to_host_u32 (tcp_ack_number) > ses->o2i_fin_seq) - ses->state |= NAT44_SES_O2I_FIN_ACK; - } - if (nat44_is_ses_closed (ses) - && !(ses->flags & SNAT_SESSION_FLAG_OUTPUT_FEATURE)) - { - nat_free_session_data (sm, ses, thread_index, 0); - nat44_delete_session (sm, ses, thread_index); - return 1; + { + ses->state |= NAT44_SES_O2I_FIN_ACK; + if (nat44_is_ses_closed (ses)) + { // if session is now closed, save the timestamp + ses->tcp_close_timestamp = now + sm->tcp_transitory_timeout; + } + } } return 0; } always_inline int -nat44_set_tcp_session_state_o2i (snat_main_t * sm, snat_session_t * ses, - u8 tcp_flags, u32 tcp_ack_number, - u32 tcp_seq_number, u32 thread_index) +nat44_set_tcp_session_state_o2i (snat_main_t * sm, f64 now, + snat_session_t * ses, u8 tcp_flags, + u32 tcp_ack_number, u32 tcp_seq_number, + u32 thread_index) { if ((ses->state == 0) && (tcp_flags & TCP_FLAG_RST)) ses->state = NAT44_SES_RST; @@ -380,12 +381,10 @@ nat44_set_tcp_session_state_o2i (snat_main_t * sm, snat_session_t * ses, { if (clib_net_to_host_u32 (tcp_ack_number) > ses->i2o_fin_seq) ses->state |= NAT44_SES_I2O_FIN_ACK; - } - if (nat44_is_ses_closed (ses)) - { - nat_free_session_data (sm, ses, thread_index, 0); - nat44_delete_session (sm, ses, thread_index); - return 1; + if (nat44_is_ses_closed (ses)) + { // if session is now closed, save the timestamp + ses->tcp_close_timestamp = now + sm->tcp_transitory_timeout; + } } return 0; } |