diff options
author | Klement Sekera <ksekera@cisco.com> | 2020-04-05 17:07:32 +0200 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2020-04-07 19:27:11 +0000 |
commit | 26c9d4b0cd9c53054d1174bc15aaf8c07e9a8f93 (patch) | |
tree | 8a0c41b6056c16b467b1940f8b41499817220061 /src/plugins/nat | |
parent | c98ef752a202b1b4908866bab34e3b8011ea0f1f (diff) |
nat: don't drop packet for expired session
If session is expired, the packet which we just received might be a one,
which legitimely creates a new session, process it in slow path instead
to decide the outcome.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I45628f52d37ae9dee5e8aa58171ff0b86f91f5dd
Diffstat (limited to 'src/plugins/nat')
-rw-r--r-- | src/plugins/nat/in2out_ed.c | 4 | ||||
-rw-r--r-- | src/plugins/nat/nat.h | 2 | ||||
-rw-r--r-- | src/plugins/nat/out2in_ed.c | 4 |
3 files changed, 4 insertions, 6 deletions
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index 4be76372a49..6ca1e6ecb4d 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -982,8 +982,8 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, nat_free_session_data (sm, s0, thread_index, 0); nat44_delete_session (sm, s0, thread_index); - b0->error = node->errors[NAT_IN2OUT_ED_ERROR_SESS_EXPIRED]; - next0 = NAT_NEXT_DROP; + // session no longer exists, go slow path + next0 = def_slow; goto trace0; } diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 83611016e34..fde6a0a7308 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -219,7 +219,6 @@ _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ _(IN2OUT_PACKETS, "good in2out packets processed") \ _(OUT_OF_PORTS, "out of ports") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ -_(SESS_EXPIRED, "session expired") \ _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ _(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \ _(DROP_FRAGMENT, "drop fragment") \ @@ -250,7 +249,6 @@ _(OUT2IN_PACKETS, "good out2in packets processed") \ _(OUT_OF_PORTS, "out of ports") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ _(NO_TRANSLATION, "no translation") \ -_(SESS_EXPIRED, "session expired") \ _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ _(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \ _(DROP_FRAGMENT, "drop fragment") \ diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c index adf0ec4f726..64f40cf1917 100644 --- a/src/plugins/nat/out2in_ed.c +++ b/src/plugins/nat/out2in_ed.c @@ -795,8 +795,8 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, nat_free_session_data (sm, s0, thread_index, 0); nat44_delete_session (sm, s0, thread_index); - b0->error = node->errors[NAT_OUT2IN_ED_ERROR_SESS_EXPIRED]; - next0 = NAT_NEXT_DROP; + // session no longer exists, go slow path + next0 = NAT_NEXT_OUT2IN_ED_SLOW_PATH; goto trace0; } // |