diff options
| author |   Filip Varga <fivarga@cisco.com> | 2020-08-04 18:06:06 +0200 |
|---|---|---|
| committer |   Ole Trøan <otroan@employees.org> | 2020-08-17 07:53:18 +0000 |
| commit | 00dd39044e64b4a7a33d204ef7d19aac819d71f5 (patch) | |
| tree | 0a065cc49ffe1458c81c96ebffda3f75a6e09128 /src/plugins/nat/out2in_ed.c | |
| parent | 17ec577f7b3b092e09d95451317957415f4baf4f (diff) | |
nat: sessions get expired when fib table removed
fib table removal would leave lingering sessions in vpp
this patch is aimed at solving this issue by grouping
sessions by source and destionation fib. if one of the
fibs gets removed this grouping is tagged as expired
and session won't be passed to non existing fib table
Ticket: VPPSUPP-93
Type: improvement
Change-Id: I45b1205a8b58d91f174e6feb862554ec2f6cffad
Signed-off-by: Filip Varga <fivarga@cisco.com>
Diffstat (limited to 'src/plugins/nat/out2in_ed.c')
| -rw-r--r-- | src/plugins/nat/out2in_ed.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c index 56906369ca6..9868fe751f2 100644 --- a/src/plugins/nat/out2in_ed.c +++ b/src/plugins/nat/out2in_ed.c @@ -310,6 +310,8 @@ create_session_for_static_mapping_ed (snat_main_t * sm, &s->ext_host_nat_addr, s->ext_host_nat_port, s->nat_proto, s->in2out.fib_index, s->flags, thread_index, 0); + per_vrf_sessions_register_session (s, thread_index); + return s; } @@ -407,6 +409,8 @@ create_bypass_for_fwd (snat_main_t * sm, vlib_buffer_t * b, ip4_header_t * ip, kv.value = s - tsm->sessions; if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &kv, 1)) nat_elog_notice ("in2out_ed key add failed"); + + per_vrf_sessions_register_session (s, thread_index); } if (ip->protocol == IP_PROTOCOL_TCP) @@ -651,6 +655,8 @@ nat44_ed_out2in_unknown_proto (snat_main_t * sm, ip->protocol, thread_index, s - tsm->sessions); if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &s_kv, 1)) nat_elog_notice ("in2out key add failed"); + + per_vrf_sessions_register_session (s, thread_index); } /* Update IP checksum */ @@ -780,8 +786,10 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, } } + // lookup for session if (clib_bihash_search_16_8 (&sm->out2in_ed, &kv0, &value0)) { + // session does not exist go slow path next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH; goto trace0; } @@ -791,11 +799,21 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, ed_value_get_session_index (&value0)); skip_lookup: + + if (PREDICT_FALSE (per_vrf_sessions_is_expired (s0, thread_index))) + { + // session is closed, go slow path + nat_free_session_data (sm, s0, thread_index, 0); + nat_ed_session_delete (sm, s0, thread_index, 1); + next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH; + goto trace0; + } + if (s0->tcp_closed_timestamp) { if (now >= s0->tcp_closed_timestamp) { - // session is closed, go slow path + // session is closed, go slow path, freed in slow path next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH; } else @@ -819,7 +837,6 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH; goto trace0; } - // old_addr0 = ip0->dst_address.as_u32; new_addr0 = ip0->dst_address.as_u32 = s0->in2out.addr.as_u32; |