diff options
| author |   Matus Fabian <matfabia@cisco.com> | 2018-08-23 00:33:35 -0700 |
|---|---|---|
| committer |   Ole Trøan <otroan@employees.org> | 2018-08-27 12:17:25 +0000 |
| commit | 878c646aea9b9ccf68011ffd964694c43bbe5fdd (patch) | |
| tree | 4acfaf8c3e35e2c2e334ae8495fdd52c49b5a791 /src/plugins/nat/nat_inlines.h | |
| parent | d2dcd200fe2e94f6408155f6c38e7f570dbe1183 (diff) | |
NAT44: add support for session timeout (VPP-1272)
NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired
sessions. When inserting to session lookup hash and bucket is full, expired
session is overwritten.
Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat_inlines.h')
| -rw-r--r-- | src/plugins/nat/nat_inlines.h | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/plugins/nat/nat_inlines.h b/src/plugins/nat/nat_inlines.h index a069d66bad9..adfb1d51954 100644 --- a/src/plugins/nat/nat_inlines.h +++ b/src/plugins/nat/nat_inlines.h @@ -198,6 +198,11 @@ always_inline int nat44_set_tcp_session_state_i2o (snat_main_t * sm, snat_session_t * ses, tcp_header_t * tcp, u32 thread_index) { + if ((tcp->flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_I2O_SYN) && + (ses->state & NAT44_SES_O2I_SYN)) + ses->state = 0; + if (tcp->flags & TCP_FLAG_SYN) + ses->state |= NAT44_SES_I2O_SYN; if (tcp->flags & TCP_FLAG_FIN) { ses->i2o_fin_seq = clib_net_to_host_u32 (tcp->seq_number); @@ -223,6 +228,11 @@ always_inline int nat44_set_tcp_session_state_o2i (snat_main_t * sm, snat_session_t * ses, tcp_header_t * tcp, u32 thread_index) { + if ((tcp->flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_I2O_SYN) && + (ses->state & NAT44_SES_O2I_SYN)) + ses->state = 0; + if (tcp->flags & TCP_FLAG_SYN) + ses->state |= NAT44_SES_O2I_SYN; if (tcp->flags & TCP_FLAG_FIN) { ses->o2i_fin_seq = clib_net_to_host_u32 (tcp->seq_number); @@ -244,6 +254,29 @@ nat44_set_tcp_session_state_o2i (snat_main_t * sm, snat_session_t * ses, return 0; } +always_inline u32 +nat44_session_get_timeout (snat_main_t * sm, snat_session_t * s) +{ + switch (s->in2out.protocol) + { + case SNAT_PROTOCOL_ICMP: + return sm->icmp_timeout; + case SNAT_PROTOCOL_UDP: + return sm->udp_timeout; + case SNAT_PROTOCOL_TCP: + { + if (s->state) + return sm->tcp_transitory_timeout; + else + return sm->tcp_established_timeout; + } + default: + return sm->udp_timeout; + } + + return 0; +} + always_inline void nat44_session_update_counters (snat_session_t * s, f64 now, uword bytes) { |