nat: timed out session scavenging upgrade

Patch changes the behavior of session scavenging and fixes multiple nat issues. Allows proper session clearing and removes issue with lingering sessions in session db. Patch also updates and fixes CLI/API calls for better readability of session state metrics. Fixes security issue that would allow attacker to reuse timed out session in both directions (in2out/out2in). Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I78897585a2a57291fad5db6d457941aa0a0457bd
author: Filip Varga <fivarga@cisco.com> 2020-02-25 14:31:33 +0100
committer: Ole Trøan <otroan@employees.org> 2020-03-13 11:17:13 +0000
commit: a73f2d6f53c224668bd6bbea1a980ee4313c794f (patch)
tree: c40965985639940beb294e8688aedbe30e47a548 /src/plugins/nat/out2in.c
parent: c27b43673237c3971c1c170646b531728e0d8eb1 (diff)
1 files changed, 0 insertions, 3 deletions
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 144f324dbf4..f920599b059 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -188,9 +188,6 @@ create_session_for_static_mapping (snat_main_t * sm,
   udp_header_t *udp0;
   nat44_is_idle_session_ctx_t ctx0;
 
-  nat44_session_try_cleanup (&in2out.addr, in2out.fib_index, thread_index,
-			     now);
-
   if (PREDICT_FALSE (nat44_maximum_sessions_exceeded (sm, thread_index)))
     {
       b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_SESSIONS_EXCEEDED];
author	Filip Varga <fivarga@cisco.com>	2020-02-25 14:31:33 +0100
committer	Ole Trøan <otroan@employees.org>	2020-03-13 11:17:13 +0000
commit	a73f2d6f53c224668bd6bbea1a980ee4313c794f (patch)
tree	c40965985639940beb294e8688aedbe30e47a548 /src/plugins/nat/out2in.c
parent	c27b43673237c3971c1c170646b531728e0d8eb1 (diff)