summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/out2in.c
diff options
context:
space:
mode:
authorMatthew Smith <mgsmith@netgate.com>2018-03-23 08:30:16 -0500
committerFlorin Coras <florin.coras@gmail.com>2018-03-24 07:24:13 +0000
commitf0d0ddbff287f06441f7256fd50181f9f2194d49 (patch)
tree2a695c27d17042dbb4dc22103872c06579415dcb /src/plugins/nat/out2in.c
parent1f2f4b70556ea2ee626f9558ea55e31d29017d42 (diff)
User session counters stay <= per-user limit
When a user session is allocated/reused, only increase one of the session counters for that user if the counters are below the per-user limit. THis addresses a SEGV that arises after the following sequence of events: - an outside interface IP address is put in a pool - a user exceeds the number of per-user translations by an amount greater than the number of per-user translations (nsessions + nstaticsessions > 100 + 100) - the outside interface IP address is deleted and then added again (observed when using DHCP client, likely happens if address changed via CLI, API also) - the user sends more packets that should be translated When nsessions is > the per-user limit, nat_session_alloc_or_recycle() reclaims the oldest existing user session. When an outside address is deleted, the corresponding user sessions are deleted. If the counters were far above the per-user limit, the deletions wouldn't result in the counters dropping back below the limit. So no session could be reclaimed -> SEGV. Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Diffstat (limited to 'src/plugins/nat/out2in.c')
-rwxr-xr-xsrc/plugins/nat/out2in.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index ebd0dc4ba9a..00f887d9f1b 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -192,7 +192,7 @@ create_session_for_static_mapping (snat_main_t *sm,
s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
s->ext_host_addr.as_u32 = ip0->src_address.as_u32;
s->ext_host_port = udp0->src_port;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
s->in2out = in2out;
s->out2in = out2in;
s->in2out.protocol = out2in.protocol;
@@ -833,7 +833,7 @@ snat_out2in_unknown_proto (snat_main_t *sm,
s->in2out.addr.as_u32 = new_addr;
s->in2out.fib_index = m->fib_index;
s->in2out.port = s->out2in.port = ip->protocol;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
/* Add to lookup tables */
s_kv.value = s - tsm->sessions;
@@ -945,7 +945,7 @@ snat_out2in_lb (snat_main_t *sm,
s->outside_address_index = ~0;
s->out2in = e_key;
s->in2out = l_key;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
/* Add to lookup tables */
s_kv.value = s - tsm->sessions;