summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/in2out_ed.c5
-rwxr-xr-xsrc/plugins/nat/nat.c6
-rw-r--r--src/plugins/nat/nat.h6
-rw-r--r--src/plugins/nat/out2in_ed.c5
4 files changed, 21 insertions, 1 deletions
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c
index ca737d56663..4e7432d8228 100644
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@@ -282,6 +282,7 @@ slow_path_ed (snat_main_t * sm,
if (!is_sm)
snat_free_outside_address_and_port (sm->addresses,
thread_index, &key1);
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_CANNOT_CREATE_USER];
return NAT_NEXT_DROP;
}
@@ -293,6 +294,7 @@ slow_path_ed (snat_main_t * sm,
if (!is_sm)
snat_free_outside_address_and_port (sm->addresses,
thread_index, &key1);
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_USER_SESS_EXCEEDED];
return NAT_NEXT_DROP;
}
@@ -712,6 +714,7 @@ nat44_ed_in2out_unknown_proto (snat_main_t * sm,
thread_index);
if (!u)
{
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_CANNOT_CREATE_USER];
nat_elog_warn ("create NAT user failed");
return 0;
}
@@ -780,6 +783,7 @@ nat44_ed_in2out_unknown_proto (snat_main_t * sm,
s = nat_ed_session_alloc (sm, u, thread_index, now);
if (!s)
{
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_USER_SESS_EXCEEDED];
nat44_delete_user_with_no_session (sm, u, thread_index);
nat_elog_warn ("create NAT session failed");
return 0;
@@ -959,6 +963,7 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm,
nat_free_session_data (sm, s0, thread_index, 0);
nat44_delete_session (sm, s0, thread_index);
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_SESS_EXPIRED];
next0 = NAT_NEXT_DROP;
goto trace0;
}
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index bc2f8c0e1fe..1f63237fb45 100755
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -490,7 +490,11 @@ nat_user_get_or_create (snat_main_t * sm, ip4_address_t * addr, u32 fib_index,
/* add user */
if (clib_bihash_add_del_8_8 (&tsm->user_hash, &kv, 1))
- nat_elog_warn ("user_hash keay add failed");
+ {
+ nat_elog_warn ("user_hash key add failed");
+ nat44_delete_user_with_no_session (sm, u, thread_index);
+ return NULL;
+ }
vlib_set_simple_counter (&sm->total_users, thread_index, 0,
pool_elts (tsm->users));
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 647bec0cd07..8df3b9a9cd3 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -219,10 +219,13 @@ _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \
_(IN2OUT_PACKETS, "good in2out packets processed") \
_(OUT_OF_PORTS, "out of ports") \
_(BAD_ICMP_TYPE, "unsupported ICMP type") \
+_(SESS_EXPIRED, "session expired") \
_(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \
+_(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \
_(DROP_FRAGMENT, "drop fragment") \
_(MAX_REASS, "maximum reassemblies exceeded") \
_(MAX_FRAG, "maximum fragments per reassembly exceeded")\
+_(CANNOT_CREATE_USER, "cannot create NAT user") \
_(NON_SYN, "non-SYN packet try to create session") \
_(TCP_PACKETS, "TCP packets") \
_(UDP_PACKETS, "UDP packets") \
@@ -246,10 +249,13 @@ _(OUT2IN_PACKETS, "good out2in packets processed") \
_(OUT_OF_PORTS, "out of ports") \
_(BAD_ICMP_TYPE, "unsupported ICMP type") \
_(NO_TRANSLATION, "no translation") \
+_(SESS_EXPIRED, "session expired") \
_(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \
+_(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \
_(DROP_FRAGMENT, "drop fragment") \
_(MAX_REASS, "maximum reassemblies exceeded") \
_(MAX_FRAG, "maximum fragments per reassembly exceeded")\
+_(CANNOT_CREATE_USER, "cannot create NAT user") \
_(NON_SYN, "non-SYN packet try to create session") \
_(TCP_PACKETS, "TCP packets") \
_(UDP_PACKETS, "UDP packets") \
diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c
index 420b7b7a863..fbb7d069dbb 100644
--- a/src/plugins/nat/out2in_ed.c
+++ b/src/plugins/nat/out2in_ed.c
@@ -213,6 +213,7 @@ create_session_for_static_mapping_ed (snat_main_t * sm,
u = nat_user_get_or_create (sm, &l_key.addr, l_key.fib_index, thread_index);
if (!u)
{
+ b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
nat_elog_warn ("create NAT user failed");
return 0;
}
@@ -220,6 +221,7 @@ create_session_for_static_mapping_ed (snat_main_t * sm,
s = nat_ed_session_alloc (sm, u, thread_index, now);
if (!s)
{
+ b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_USER_SESS_EXCEEDED];
nat44_delete_user_with_no_session (sm, u, thread_index);
nat_elog_warn ("create NAT session failed");
return 0;
@@ -613,6 +615,7 @@ nat44_ed_out2in_unknown_proto (snat_main_t * sm,
thread_index);
if (!u)
{
+ b->error = node->errors[NAT_OUT2IN_ED_ERROR_CANNOT_CREATE_USER];
nat_elog_warn ("create NAT user failed");
return 0;
}
@@ -621,6 +624,7 @@ nat44_ed_out2in_unknown_proto (snat_main_t * sm,
s = nat_ed_session_alloc (sm, u, thread_index, now);
if (!s)
{
+ b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_USER_SESS_EXCEEDED];
nat44_delete_user_with_no_session (sm, u, thread_index);
nat_elog_warn ("create NAT session failed");
return 0;
@@ -772,6 +776,7 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
nat_free_session_data (sm, s0, thread_index, 0);
nat44_delete_session (sm, s0, thread_index);
+ b0->error = node->errors[NAT_OUT2IN_ED_ERROR_SESS_EXPIRED];
next0 = NAT_NEXT_DROP;
goto trace0;
}