summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
authorFilip Varga <fivarga@cisco.com>2020-04-06 12:52:33 +0200
committerFilip Varga <fivarga@cisco.com>2020-04-16 14:05:46 +0200
commit1a0a89770688a37e500f634b68805b1984eccac0 (patch)
treec6112c2210b3f9d6ebbe5fd5d20212440394e290 /src/plugins/nat
parent8daeea9a5dc2c68c8e54fe7bdae98cec7072a9cd (diff)
nat: scavenging functionality removed
Type: refactor Change-Id: I9f743ba2818e1b1c5004c3575925cc7b479948d8 Signed-off-by: Filip Varga <fivarga@cisco.com>
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/in2out_ed.c27
-rwxr-xr-xsrc/plugins/nat/nat.c13
-rw-r--r--src/plugins/nat/nat.h13
-rw-r--r--src/plugins/nat/nat44/inlines.h170
-rw-r--r--src/plugins/nat/nat44_cli.c59
-rw-r--r--src/plugins/nat/nat_api.c25
-rw-r--r--src/plugins/nat/test/test_nat.py94
7 files changed, 9 insertions, 392 deletions
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c
index 807a716e942..a70369aae4e 100644
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@@ -309,18 +309,12 @@ slow_path_ed (snat_main_t * sm,
};
nat44_is_idle_session_ctx_t ctx;
- u32 cleared = 0;
-
if (PREDICT_FALSE (nat44_maximum_sessions_exceeded (sm, thread_index)))
{
- if (PREDICT_FALSE
- (!(cleared = nat44_users_cleanup (thread_index, now))))
- {
- b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED];
- nat_ipfix_logging_max_sessions (thread_index, sm->max_translations);
- nat_elog_notice ("maximum sessions exceeded");
- return NAT_NEXT_DROP;
- }
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED];
+ nat_ipfix_logging_max_sessions (thread_index, sm->max_translations);
+ nat_elog_notice ("maximum sessions exceeded");
+ return NAT_NEXT_DROP;
}
key0.addr = key->l_addr;
@@ -339,16 +333,9 @@ slow_path_ed (snat_main_t * sm,
sm->port_per_thread,
tsm->snat_thread_index))
{
- if (cleared || !nat44_out_of_ports_cleanup (thread_index, now) ||
- nat_alloc_addr_and_port_ed (sm->addresses, rx_fib_index,
- thread_index, key, &key1,
- sm->port_per_thread,
- tsm->snat_thread_index))
- {
- nat_elog_notice ("addresses exhausted");
- b->error = node->errors[NAT_IN2OUT_ED_ERROR_OUT_OF_PORTS];
- return NAT_NEXT_DROP;
- }
+ nat_elog_notice ("addresses exhausted");
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_OUT_OF_PORTS];
+ return NAT_NEXT_DROP;
}
}
else
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index 8e20df4e64e..8ba276bc9b4 100755
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -495,8 +495,6 @@ nat_user_get_or_create (snat_main_t * sm, ip4_address_t * addr, u32 fib_index,
pool_get (tsm->users, u);
clib_memset (u, 0, sizeof (*u));
- u->min_session_timeout = 0;
-
u->addr.as_u32 = addr->as_u32;
u->fib_index = fib_index;
@@ -630,9 +628,6 @@ nat_ed_session_alloc (snat_main_t * sm, snat_user_t * u, u32 thread_index,
if (PREDICT_FALSE
((u->nsessions + u->nstaticsessions) >= sm->max_translations_per_user))
{
- if (nat44_max_translations_per_user_cleanup (u, thread_index, now))
- goto alloc_new;
-
nat_elog_addr (SNAT_LOG_WARNING, "[warn] max translations per user",
clib_net_to_host_u32 (u->addr.as_u32));
snat_ipfix_logging_max_entries_per_user (thread_index,
@@ -4025,8 +4020,6 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
sm->tcp_established_timeout = tcp_established_timeout;
sm->icmp_timeout = icmp_timeout;
- sm->min_timeout = nat44_minimal_timeout (sm);
-
sm->user_buckets = user_buckets;
sm->user_memory_size = user_memory_size;
@@ -4107,12 +4100,6 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
/* *INDENT-OFF* */
vec_foreach (tsm, sm->per_thread_data)
{
- tsm->min_session_timeout = 0;
-
- tsm->cleared = 0;
- tsm->cleanup_runs = 0;
- tsm->cleanup_timeout = 0;
-
pool_alloc (tsm->sessions, sm->max_translations);
pool_alloc (tsm->list_pool, sm->max_translations);
pool_alloc (tsm->global_lru_pool, sm->max_translations);
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 187e351d318..46f8b44dc11 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -361,8 +361,6 @@ typedef struct
u32 sessions_per_user_list_head_index;
u32 nsessions;
u32 nstaticsessions;
- /* discovered minimum session timeout time */
- u64 min_session_timeout;
} snat_user_t;
typedef struct
@@ -535,14 +533,6 @@ typedef struct
/* real thread index */
u32 thread_index;
- /* discovered minimum session timeout time */
- u64 min_session_timeout;
-
- /* session scavenging */
- u32 cleared;
- u32 cleanup_runs;
- f64 cleanup_timeout;
-
} snat_main_per_thread_data_t;
struct snat_main_s;
@@ -722,9 +712,6 @@ typedef struct snat_main_s
u32 inside_fib_index;
/* values of various timeouts */
-
- // min timeout of all proto timeouts
- u32 min_timeout;
// proto timeouts
u32 udp_timeout;
u32 tcp_transitory_timeout;
diff --git a/src/plugins/nat/nat44/inlines.h b/src/plugins/nat/nat44/inlines.h
index 631c4cd4104..541770ad102 100644
--- a/src/plugins/nat/nat44/inlines.h
+++ b/src/plugins/nat/nat44/inlines.h
@@ -31,19 +31,6 @@ nat44_maximum_sessions_exceeded (snat_main_t * sm, u32 thread_index)
return 0;
}
-static_always_inline f64
-nat44_minimal_timeout (snat_main_t * sm)
-{
- f64 min_timeout;
-
- min_timeout = clib_min (sm->udp_timeout, sm->icmp_timeout);
- min_timeout = clib_min (min_timeout, sm->icmp_timeout);
- min_timeout = clib_min (min_timeout, sm->tcp_transitory_timeout);
- min_timeout = clib_min (min_timeout, sm->tcp_established_timeout);
-
- return min_timeout;
-}
-
static_always_inline snat_session_t *
nat44_session_reuse_old (snat_main_t * sm, snat_user_t * u,
snat_session_t * s, u32 thread_index, f64 now)
@@ -66,7 +53,6 @@ nat44_session_reuse_old (snat_main_t * sm, snat_user_t * u,
return s;
}
-
static_always_inline snat_session_t *
nat44_session_alloc_new (snat_main_per_thread_data_t * tsm, snat_user_t * u,
f64 now)
@@ -122,7 +108,6 @@ nat44_user_del_sessions (snat_user_t * u, u32 thread_index)
elt = pool_elt_at_index (tsm->list_pool, elt->next);
nat44_free_session_data (sm, s, thread_index, 0);
- // TODO: needs refactoring as in nat44_user_session_cleanup
nat44_delete_session (sm, s, thread_index);
}
}
@@ -172,161 +157,6 @@ nat44_user_del (ip4_address_t * addr, u32 fib_index)
return rv;
}
-static_always_inline u32
-nat44_user_session_cleanup (snat_user_t * u, u32 thread_index, f64 now)
-{
- u32 cleared = 0;
- dlist_elt_t *elt;
- snat_session_t *s;
- u64 sess_timeout_time;
-
- snat_main_t *sm = &snat_main;
- snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
-
- if (now < u->min_session_timeout)
- goto done;
- u->min_session_timeout = now + sm->min_timeout;
-
- // get head
- elt = pool_elt_at_index (tsm->list_pool,
- u->sessions_per_user_list_head_index);
- // get first element
- elt = pool_elt_at_index (tsm->list_pool, elt->next);
-
- while (elt->value != ~0)
- {
- s = pool_elt_at_index (tsm->sessions, elt->value);
- elt = pool_elt_at_index (tsm->list_pool, elt->next);
-
- sess_timeout_time = s->last_heard +
- (f64) nat44_session_get_timeout (sm, s);
-
- if (s->tcp_close_timestamp)
- {
- sess_timeout_time =
- clib_min (sess_timeout_time, s->tcp_close_timestamp);
- }
-
- if (now < sess_timeout_time)
- continue;
-
- // do cleanup of this call (refactor for ED NAT44 only)
- nat44_free_session_data (sm, s, thread_index, 0);
-
- clib_dlist_remove (tsm->list_pool, s->per_user_index);
- pool_put_index (tsm->list_pool, s->per_user_index);
- clib_dlist_remove (tsm->global_lru_pool, s->global_lru_index);
- pool_put_index (tsm->global_lru_pool, s->global_lru_index);
- pool_put (tsm->sessions, s);
- vlib_set_simple_counter (&sm->total_sessions, thread_index, 0,
- pool_elts (tsm->sessions));
-
- if (snat_is_session_static (s))
- u->nstaticsessions--;
- else
- u->nsessions--;
-
- cleared++;
- }
-done:
- return cleared;
-}
-
-static_always_inline u32
-nat44_users_cleanup (u32 thread_index, f64 now)
-{
- snat_main_t *sm = &snat_main;
- snat_main_per_thread_data_t *tsm;
-
- u32 cleared = 0;
-
- snat_user_key_t u_key;
- clib_bihash_kv_8_8_t kv;
-
- snat_user_t *u = 0;
- u32 pool_index;
-
- tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
-
- if (now < tsm->min_session_timeout)
- goto done;
- tsm->min_session_timeout = now + sm->min_timeout;
- // consider
- tsm->cleanup_timeout = tsm->min_session_timeout;
-
- pool_index = ~0;
- do
- {
- pool_index = pool_next_index (tsm->users, pool_index);
- if (pool_index == ~0)
- break;
- u = pool_elt_at_index (tsm->users, pool_index);
-
- cleared += nat44_user_session_cleanup (u, thread_index, now);
-
- if (u->nstaticsessions == 0 && u->nsessions == 0)
- {
- u_key.addr.as_u32 = u->addr.as_u32;
- u_key.fib_index = u->fib_index;
- kv.key = u_key.as_u64;
-
- // delete user
- pool_put_index (tsm->list_pool,
- u->sessions_per_user_list_head_index);
- pool_put (tsm->users, u);
- clib_bihash_add_del_8_8 (&tsm->user_hash, &kv, 0);
-
- // update total users counter
- vlib_set_simple_counter (&sm->total_users, thread_index, 0,
- pool_elts (tsm->users));
- }
- }
- while (1);
- tsm->cleared += cleared;
- tsm->cleanup_runs++;
-done:
- return cleared;
-}
-
-static_always_inline u32
-nat44_out_of_ports_cleanup (u32 thread_index, f64 now)
-{
- return nat44_users_cleanup (thread_index, now);
-}
-
-static_always_inline u32
-nat44_max_translations_per_user_cleanup (snat_user_t * u, u32 thread_index,
- f64 now)
-{
- return nat44_user_session_cleanup (u, thread_index, now);
-}
-
-static_always_inline u32
-nat44_force_users_cleanup (void)
-{
- snat_main_t *sm = &snat_main;
- snat_main_per_thread_data_t *tsm;
-
- f64 now = vlib_time_now (vlib_get_main ());
- u32 cleared = 0;
-
- if (sm->num_workers > 1)
- {
- /* *INDENT-OFF* */
- vec_foreach (tsm, sm->per_thread_data)
- {
- cleared += nat44_users_cleanup (tsm->thread_index, now);
- }
- /* *INDENT-ON* */
- }
- else
- {
- tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
- cleared += nat44_users_cleanup (tsm->thread_index, now);
- }
- return cleared;
-}
-
#endif /* included_nat44_inlines_h__ */
/*
diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c
index 6712b8b29a7..82c0433501c 100644
--- a/src/plugins/nat/nat44_cli.c
+++ b/src/plugins/nat/nat44_cli.c
@@ -117,16 +117,6 @@ nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
}
static clib_error_t *
-nat44_session_cleanup_command_fn (vlib_main_t * vm,
- unformat_input_t * input,
- vlib_cli_command_t * cmd)
-{
- clib_error_t *error = 0;
- nat44_force_users_cleanup ();
- return error;
-}
-
-static clib_error_t *
snat_set_log_level_command_fn (vlib_main_t * vm,
unformat_input_t * input,
vlib_cli_command_t * cmd)
@@ -703,10 +693,7 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
++transitory_wait_closed;
}
}
- else
- {
- transitory++;
- }
+ transitory++;
}
else
established++;
@@ -718,18 +705,6 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
}
}));
count += pool_elts (tsm->sessions);
-
- vlib_cli_output (vm, "tid[%u] session scavenging cleared: %u",
- tsm->thread_index, tsm->cleared);
- vlib_cli_output (vm, "tid[%u] session scavenging cleanup runs: %u",
- tsm->thread_index, tsm->cleanup_runs);
-
- if (now < tsm->cleanup_timeout)
- vlib_cli_output (vm, "tid[%u] session scavenging next run in: %f",
- tsm->thread_index, tsm->cleanup_timeout - now);
- else
- vlib_cli_output (vm, "tid[%u] session scavenging next run in: 0",
- tsm->thread_index);
}
/* *INDENT-ON* */
}
@@ -764,10 +739,7 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
++transitory_wait_closed;
}
}
- else
- {
- transitory++;
- }
+ transitory++;
}
else
established++;
@@ -780,17 +752,6 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
}));
/* *INDENT-ON* */
count = pool_elts (tsm->sessions);
-
- vlib_cli_output (vm, "tid[0] session scavenging cleared: %u",
- tsm->cleared);
- vlib_cli_output (vm, "tid[0] session scavenging cleanup runs: %u",
- tsm->cleanup_runs);
-
- if (now < tsm->cleanup_timeout)
- vlib_cli_output (vm, "tid[0] session scavenging next run in: %f",
- tsm->cleanup_timeout - now);
- else
- vlib_cli_output (vm, "tid[0] session scavenging next run in: 0");
}
vlib_cli_output (vm, "total timed out sessions: %u", timed_out);
@@ -1999,7 +1960,6 @@ set_timeout_command_fn (vlib_main_t * vm,
}
done:
unformat_free (line_input);
- sm->min_timeout = nat44_minimal_timeout (sm);
return error;
}
@@ -2010,8 +1970,6 @@ nat_show_timeouts_command_fn (vlib_main_t * vm,
{
snat_main_t *sm = &snat_main;
- // fix text
- vlib_cli_output (vm, "min session cleanup timeout: %dsec", sm->min_timeout);
vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
vlib_cli_output (vm, "tcp-established timeout: %dsec",
sm->tcp_established_timeout);
@@ -2234,19 +2192,6 @@ VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = {
/*?
* @cliexpar
* @cliexstart{nat set logging level}
- * To force garbage collection of nat sessions
- * vpp# nat44 session cleanup
- * @cliexend
-?*/
-VLIB_CLI_COMMAND (nat44_session_cleanup_command, static) = {
- .path = "nat44 session cleanup",
- .function = nat44_session_cleanup_command_fn,
- .short_help = "nat44 session cleanup",
-};
-
-/*?
- * @cliexpar
- * @cliexstart{nat set logging level}
* To set NAT logging level use:
* Set nat logging level
* @cliexend
diff --git a/src/plugins/nat/nat_api.c b/src/plugins/nat/nat_api.c
index 5db375ca58f..863f2cbea9f 100644
--- a/src/plugins/nat/nat_api.c
+++ b/src/plugins/nat/nat_api.c
@@ -242,28 +242,6 @@ vl_api_nat_worker_dump_t_print (vl_api_nat_worker_dump_t * mp, void *handle)
}
static void
-vl_api_nat44_session_cleanup_t_handler (vl_api_nat44_session_cleanup_t * mp)
-{
- snat_main_t *sm = &snat_main;
- vl_api_nat44_session_cleanup_reply_t *rmp;
- int rv = 0;
- nat44_force_users_cleanup ();
- REPLY_MACRO (VL_API_NAT44_SESSION_CLEANUP_REPLY);
-}
-
-static void *
-vl_api_nat44_session_cleanup_t_print (vl_api_nat44_session_cleanup_t * mp,
- void *handle)
-{
- u8 *s;
-
- s = format (0, "SCRIPT: nat44_session_cleanup");
-
- FINISH;
-}
-
-
-static void
vl_api_nat_set_log_level_t_handler (vl_api_nat_set_log_level_t * mp)
{
snat_main_t *sm = &snat_main;
@@ -336,8 +314,6 @@ vl_api_nat_set_timeouts_t_handler (vl_api_nat_set_timeouts_t * mp)
sm->tcp_transitory_timeout = ntohl (mp->tcp_transitory);
sm->icmp_timeout = ntohl (mp->icmp);
- sm->min_timeout = nat44_minimal_timeout (sm);
-
rv = nat64_set_icmp_timeout (ntohl (mp->icmp));
if (rv)
goto send_reply;
@@ -3142,7 +3118,6 @@ _(NAT_SHOW_CONFIG, nat_show_config) \
_(NAT_SET_WORKERS, nat_set_workers) \
_(NAT_WORKER_DUMP, nat_worker_dump) \
_(NAT44_DEL_USER, nat44_del_user) \
-_(NAT44_SESSION_CLEANUP, nat44_session_cleanup) \
_(NAT_SET_LOG_LEVEL, nat_set_log_level) \
_(NAT_IPFIX_ENABLE_DISABLE, nat_ipfix_enable_disable) \
_(NAT_SET_TIMEOUTS, nat_set_timeouts) \
diff --git a/src/plugins/nat/test/test_nat.py b/src/plugins/nat/test/test_nat.py
index ac9c65dd0f5..e267c4ef2bc 100644
--- a/src/plugins/nat/test/test_nat.py
+++ b/src/plugins/nat/test/test_nat.py
@@ -4187,100 +4187,6 @@ class TestNAT44(MethodHolder):
self.logger.info(self.vapi.cli("show nat ha"))
-class TestNAT44EndpointDependent2(MethodHolder):
- """ Endpoint-Dependent session test cases """
-
- icmp_timeout = 2
-
- @classmethod
- def setUpConstants(cls):
- super(TestNAT44EndpointDependent2, cls).setUpConstants()
- cls.vpp_cmdline.extend(["nat", "{", "endpoint-dependent",
- "translation", "hash", "buckets", "1",
- "icmp", "timeout", str(cls.icmp_timeout), "}"])
-
- @classmethod
- def setUpClass(cls):
- super(TestNAT44EndpointDependent2, cls).setUpClass()
- translation_buckets = 1
- cls.max_translations = 10 * translation_buckets
-
- cls.create_pg_interfaces(range(2))
- cls.interfaces = list(cls.pg_interfaces[0:2])
-
- for i in cls.interfaces:
- i.admin_up()
- i.config_ip4()
- i.resolve_arp()
-
- cls.pg0.generate_remote_hosts(1)
- cls.pg0.configure_ipv4_neighbors()
-
- cls.pg1.generate_remote_hosts(1)
- cls.pg1.configure_ipv4_neighbors()
-
- @classmethod
- def tearDownClass(cls):
- super(TestNAT44EndpointDependent2, cls).tearDownClass()
-
- def create_icmp_stream(self, in_if, out_if, count):
- """
- Create ICMP packet stream for inside network
-
- :param in_if: Inside interface
- :param out_if: Outside interface
- :param count: Number of packets
- """
-
- self.assertTrue(count > 0)
- icmp_id = random.randint(0, 65535 - (count - 1))
-
- pkts = list()
- for i in range(count):
- p = (Ether(dst=in_if.local_mac, src=in_if.remote_mac) /
- IP(src=in_if.remote_ip4, dst=out_if.remote_ip4, ttl=64) /
- ICMP(id=icmp_id + i, type='echo-request'))
- pkts.append(p)
- return pkts
-
- def send_pkts(self, pkts, expected=None):
- self.pg0.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- return self.pg1.get_capture(
- len(pkts) if expected is None else expected)
-
- def test_session_cleanup(self):
- """ NAT44 session cleanup test """
-
- self.nat44_add_address(self.pg1.local_ip4)
- flags = self.config_flags.NAT_IS_INSIDE
- self.vapi.nat44_interface_add_del_feature(
- sw_if_index=self.pg0.sw_if_index,
- flags=flags, is_add=1)
- self.vapi.nat44_interface_add_del_feature(
- sw_if_index=self.pg1.sw_if_index,
- is_add=1)
-
- nat_config = self.vapi.nat_show_config()
- self.assertEqual(1, nat_config.endpoint_dependent)
-
- pkts = self.create_icmp_stream(self.pg0, self.pg1,
- self.max_translations + 2)
- sz = len(pkts)
-
- # positive test
- self.send_pkts(pkts[0:self.max_translations])
-
- # false positive test
- self.send_pkts(pkts[self.max_translations:sz - 1], 0)
-
- sleep(self.icmp_timeout)
-
- # positive test
- self.send_pkts(pkts[self.max_translations + 1:sz])
-
-
class TestNAT44EndpointDependent(MethodHolder):
""" Endpoint-Dependent mapping and filtering test cases """