aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2018-11-21 04:53:10 -0800
committerOle Trøan <otroan@employees.org>2018-11-22 06:29:52 +0000
commit15e8e681813a2e88dad107b5fe238bc8abee17d2 (patch)
treeedaf84a440429fdaeb84c531a9d447339b87787c /src/plugins/nat
parentfdd19c46655f6dc3ab4bc6773c681e423d2f0152 (diff)
NAT44: Apply transitory timeout on TCP RST (VPP-1494)
RFC7857 section 2.2. Change-Id: I031af5fe379b72262e83fd8565c34fa1b772f2c8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/nat.h1
-rw-r--r--src/plugins/nat/nat_inlines.h8
2 files changed, 9 insertions, 0 deletions
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 02d4aaef9f6..3162e41b696 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -165,6 +165,7 @@ typedef enum
#define NAT44_SES_O2I_FIN_ACK 8
#define NAT44_SES_I2O_SYN 16
#define NAT44_SES_O2I_SYN 32
+#define NAT44_SES_RST 64
/* Session flags */
#define SNAT_SESSION_FLAG_STATIC_MAPPING 1
diff --git a/src/plugins/nat/nat_inlines.h b/src/plugins/nat/nat_inlines.h
index 0b4f8108c7e..38cfc379245 100644
--- a/src/plugins/nat/nat_inlines.h
+++ b/src/plugins/nat/nat_inlines.h
@@ -200,6 +200,10 @@ always_inline int
nat44_set_tcp_session_state_i2o (snat_main_t * sm, snat_session_t * ses,
tcp_header_t * tcp, u32 thread_index)
{
+ if ((ses->state == 0) && (tcp->flags & TCP_FLAG_RST))
+ ses->state = NAT44_SES_RST;
+ if ((ses->state == NAT44_SES_RST) && !(tcp->flags & TCP_FLAG_RST))
+ ses->state = 0;
if ((tcp->flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_I2O_SYN) &&
(ses->state & NAT44_SES_O2I_SYN))
ses->state = 0;
@@ -231,6 +235,10 @@ always_inline int
nat44_set_tcp_session_state_o2i (snat_main_t * sm, snat_session_t * ses,
tcp_header_t * tcp, u32 thread_index)
{
+ if ((ses->state == 0) && (tcp->flags & TCP_FLAG_RST))
+ ses->state = NAT44_SES_RST;
+ if ((ses->state == NAT44_SES_RST) && !(tcp->flags & TCP_FLAG_RST))
+ ses->state = 0;
if ((tcp->flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_I2O_SYN) &&
(ses->state & NAT44_SES_O2I_SYN))
ses->state = 0;