diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/nat/in2out_ed.c | 27 | ||||
-rwxr-xr-x | src/plugins/nat/nat.c | 13 | ||||
-rw-r--r-- | src/plugins/nat/nat.h | 13 | ||||
-rw-r--r-- | src/plugins/nat/nat44/inlines.h | 170 | ||||
-rw-r--r-- | src/plugins/nat/nat44_cli.c | 59 | ||||
-rw-r--r-- | src/plugins/nat/nat_api.c | 25 | ||||
-rw-r--r-- | src/plugins/nat/test/test_nat.py | 94 |
7 files changed, 9 insertions, 392 deletions
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index 807a716e942..a70369aae4e 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -309,18 +309,12 @@ slow_path_ed (snat_main_t * sm, }; nat44_is_idle_session_ctx_t ctx; - u32 cleared = 0; - if (PREDICT_FALSE (nat44_maximum_sessions_exceeded (sm, thread_index))) { - if (PREDICT_FALSE - (!(cleared = nat44_users_cleanup (thread_index, now)))) - { - b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED]; - nat_ipfix_logging_max_sessions (thread_index, sm->max_translations); - nat_elog_notice ("maximum sessions exceeded"); - return NAT_NEXT_DROP; - } + b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED]; + nat_ipfix_logging_max_sessions (thread_index, sm->max_translations); + nat_elog_notice ("maximum sessions exceeded"); + return NAT_NEXT_DROP; } key0.addr = key->l_addr; @@ -339,16 +333,9 @@ slow_path_ed (snat_main_t * sm, sm->port_per_thread, tsm->snat_thread_index)) { - if (cleared || !nat44_out_of_ports_cleanup (thread_index, now) || - nat_alloc_addr_and_port_ed (sm->addresses, rx_fib_index, - thread_index, key, &key1, - sm->port_per_thread, - tsm->snat_thread_index)) - { - nat_elog_notice ("addresses exhausted"); - b->error = node->errors[NAT_IN2OUT_ED_ERROR_OUT_OF_PORTS]; - return NAT_NEXT_DROP; - } + nat_elog_notice ("addresses exhausted"); + b->error = node->errors[NAT_IN2OUT_ED_ERROR_OUT_OF_PORTS]; + return NAT_NEXT_DROP; } } else diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 8e20df4e64e..8ba276bc9b4 100755 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -495,8 +495,6 @@ nat_user_get_or_create (snat_main_t * sm, ip4_address_t * addr, u32 fib_index, pool_get (tsm->users, u); clib_memset (u, 0, sizeof (*u)); - u->min_session_timeout = 0; - u->addr.as_u32 = addr->as_u32; u->fib_index = fib_index; @@ -630,9 +628,6 @@ nat_ed_session_alloc (snat_main_t * sm, snat_user_t * u, u32 thread_index, if (PREDICT_FALSE ((u->nsessions + u->nstaticsessions) >= sm->max_translations_per_user)) { - if (nat44_max_translations_per_user_cleanup (u, thread_index, now)) - goto alloc_new; - nat_elog_addr (SNAT_LOG_WARNING, "[warn] max translations per user", clib_net_to_host_u32 (u->addr.as_u32)); snat_ipfix_logging_max_entries_per_user (thread_index, @@ -4025,8 +4020,6 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) sm->tcp_established_timeout = tcp_established_timeout; sm->icmp_timeout = icmp_timeout; - sm->min_timeout = nat44_minimal_timeout (sm); - sm->user_buckets = user_buckets; sm->user_memory_size = user_memory_size; @@ -4107,12 +4100,6 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) /* *INDENT-OFF* */ vec_foreach (tsm, sm->per_thread_data) { - tsm->min_session_timeout = 0; - - tsm->cleared = 0; - tsm->cleanup_runs = 0; - tsm->cleanup_timeout = 0; - pool_alloc (tsm->sessions, sm->max_translations); pool_alloc (tsm->list_pool, sm->max_translations); pool_alloc (tsm->global_lru_pool, sm->max_translations); diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 187e351d318..46f8b44dc11 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -361,8 +361,6 @@ typedef struct u32 sessions_per_user_list_head_index; u32 nsessions; u32 nstaticsessions; - /* discovered minimum session timeout time */ - u64 min_session_timeout; } snat_user_t; typedef struct @@ -535,14 +533,6 @@ typedef struct /* real thread index */ u32 thread_index; - /* discovered minimum session timeout time */ - u64 min_session_timeout; - - /* session scavenging */ - u32 cleared; - u32 cleanup_runs; - f64 cleanup_timeout; - } snat_main_per_thread_data_t; struct snat_main_s; @@ -722,9 +712,6 @@ typedef struct snat_main_s u32 inside_fib_index; /* values of various timeouts */ - - // min timeout of all proto timeouts - u32 min_timeout; // proto timeouts u32 udp_timeout; u32 tcp_transitory_timeout; diff --git a/src/plugins/nat/nat44/inlines.h b/src/plugins/nat/nat44/inlines.h index 631c4cd4104..541770ad102 100644 --- a/src/plugins/nat/nat44/inlines.h +++ b/src/plugins/nat/nat44/inlines.h @@ -31,19 +31,6 @@ nat44_maximum_sessions_exceeded (snat_main_t * sm, u32 thread_index) return 0; } -static_always_inline f64 -nat44_minimal_timeout (snat_main_t * sm) -{ - f64 min_timeout; - - min_timeout = clib_min (sm->udp_timeout, sm->icmp_timeout); - min_timeout = clib_min (min_timeout, sm->icmp_timeout); - min_timeout = clib_min (min_timeout, sm->tcp_transitory_timeout); - min_timeout = clib_min (min_timeout, sm->tcp_established_timeout); - - return min_timeout; -} - static_always_inline snat_session_t * nat44_session_reuse_old (snat_main_t * sm, snat_user_t * u, snat_session_t * s, u32 thread_index, f64 now) @@ -66,7 +53,6 @@ nat44_session_reuse_old (snat_main_t * sm, snat_user_t * u, return s; } - static_always_inline snat_session_t * nat44_session_alloc_new (snat_main_per_thread_data_t * tsm, snat_user_t * u, f64 now) @@ -122,7 +108,6 @@ nat44_user_del_sessions (snat_user_t * u, u32 thread_index) elt = pool_elt_at_index (tsm->list_pool, elt->next); nat44_free_session_data (sm, s, thread_index, 0); - // TODO: needs refactoring as in nat44_user_session_cleanup nat44_delete_session (sm, s, thread_index); } } @@ -172,161 +157,6 @@ nat44_user_del (ip4_address_t * addr, u32 fib_index) return rv; } -static_always_inline u32 -nat44_user_session_cleanup (snat_user_t * u, u32 thread_index, f64 now) -{ - u32 cleared = 0; - dlist_elt_t *elt; - snat_session_t *s; - u64 sess_timeout_time; - - snat_main_t *sm = &snat_main; - snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; - - if (now < u->min_session_timeout) - goto done; - u->min_session_timeout = now + sm->min_timeout; - - // get head - elt = pool_elt_at_index (tsm->list_pool, - u->sessions_per_user_list_head_index); - // get first element - elt = pool_elt_at_index (tsm->list_pool, elt->next); - - while (elt->value != ~0) - { - s = pool_elt_at_index (tsm->sessions, elt->value); - elt = pool_elt_at_index (tsm->list_pool, elt->next); - - sess_timeout_time = s->last_heard + - (f64) nat44_session_get_timeout (sm, s); - - if (s->tcp_close_timestamp) - { - sess_timeout_time = - clib_min (sess_timeout_time, s->tcp_close_timestamp); - } - - if (now < sess_timeout_time) - continue; - - // do cleanup of this call (refactor for ED NAT44 only) - nat44_free_session_data (sm, s, thread_index, 0); - - clib_dlist_remove (tsm->list_pool, s->per_user_index); - pool_put_index (tsm->list_pool, s->per_user_index); - clib_dlist_remove (tsm->global_lru_pool, s->global_lru_index); - pool_put_index (tsm->global_lru_pool, s->global_lru_index); - pool_put (tsm->sessions, s); - vlib_set_simple_counter (&sm->total_sessions, thread_index, 0, - pool_elts (tsm->sessions)); - - if (snat_is_session_static (s)) - u->nstaticsessions--; - else - u->nsessions--; - - cleared++; - } -done: - return cleared; -} - -static_always_inline u32 -nat44_users_cleanup (u32 thread_index, f64 now) -{ - snat_main_t *sm = &snat_main; - snat_main_per_thread_data_t *tsm; - - u32 cleared = 0; - - snat_user_key_t u_key; - clib_bihash_kv_8_8_t kv; - - snat_user_t *u = 0; - u32 pool_index; - - tsm = vec_elt_at_index (sm->per_thread_data, thread_index); - - if (now < tsm->min_session_timeout) - goto done; - tsm->min_session_timeout = now + sm->min_timeout; - // consider - tsm->cleanup_timeout = tsm->min_session_timeout; - - pool_index = ~0; - do - { - pool_index = pool_next_index (tsm->users, pool_index); - if (pool_index == ~0) - break; - u = pool_elt_at_index (tsm->users, pool_index); - - cleared += nat44_user_session_cleanup (u, thread_index, now); - - if (u->nstaticsessions == 0 && u->nsessions == 0) - { - u_key.addr.as_u32 = u->addr.as_u32; - u_key.fib_index = u->fib_index; - kv.key = u_key.as_u64; - - // delete user - pool_put_index (tsm->list_pool, - u->sessions_per_user_list_head_index); - pool_put (tsm->users, u); - clib_bihash_add_del_8_8 (&tsm->user_hash, &kv, 0); - - // update total users counter - vlib_set_simple_counter (&sm->total_users, thread_index, 0, - pool_elts (tsm->users)); - } - } - while (1); - tsm->cleared += cleared; - tsm->cleanup_runs++; -done: - return cleared; -} - -static_always_inline u32 -nat44_out_of_ports_cleanup (u32 thread_index, f64 now) -{ - return nat44_users_cleanup (thread_index, now); -} - -static_always_inline u32 -nat44_max_translations_per_user_cleanup (snat_user_t * u, u32 thread_index, - f64 now) -{ - return nat44_user_session_cleanup (u, thread_index, now); -} - -static_always_inline u32 -nat44_force_users_cleanup (void) -{ - snat_main_t *sm = &snat_main; - snat_main_per_thread_data_t *tsm; - - f64 now = vlib_time_now (vlib_get_main ()); - u32 cleared = 0; - - if (sm->num_workers > 1) - { - /* *INDENT-OFF* */ - vec_foreach (tsm, sm->per_thread_data) - { - cleared += nat44_users_cleanup (tsm->thread_index, now); - } - /* *INDENT-ON* */ - } - else - { - tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers); - cleared += nat44_users_cleanup (tsm->thread_index, now); - } - return cleared; -} - #endif /* included_nat44_inlines_h__ */ /* diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c index 6712b8b29a7..82c0433501c 100644 --- a/src/plugins/nat/nat44_cli.c +++ b/src/plugins/nat/nat44_cli.c @@ -117,16 +117,6 @@ nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input, } static clib_error_t * -nat44_session_cleanup_command_fn (vlib_main_t * vm, - unformat_input_t * input, - vlib_cli_command_t * cmd) -{ - clib_error_t *error = 0; - nat44_force_users_cleanup (); - return error; -} - -static clib_error_t * snat_set_log_level_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) @@ -703,10 +693,7 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input, ++transitory_wait_closed; } } - else - { - transitory++; - } + transitory++; } else established++; @@ -718,18 +705,6 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input, } })); count += pool_elts (tsm->sessions); - - vlib_cli_output (vm, "tid[%u] session scavenging cleared: %u", - tsm->thread_index, tsm->cleared); - vlib_cli_output (vm, "tid[%u] session scavenging cleanup runs: %u", - tsm->thread_index, tsm->cleanup_runs); - - if (now < tsm->cleanup_timeout) - vlib_cli_output (vm, "tid[%u] session scavenging next run in: %f", - tsm->thread_index, tsm->cleanup_timeout - now); - else - vlib_cli_output (vm, "tid[%u] session scavenging next run in: 0", - tsm->thread_index); } /* *INDENT-ON* */ } @@ -764,10 +739,7 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input, ++transitory_wait_closed; } } - else - { - transitory++; - } + transitory++; } else established++; @@ -780,17 +752,6 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input, })); /* *INDENT-ON* */ count = pool_elts (tsm->sessions); - - vlib_cli_output (vm, "tid[0] session scavenging cleared: %u", - tsm->cleared); - vlib_cli_output (vm, "tid[0] session scavenging cleanup runs: %u", - tsm->cleanup_runs); - - if (now < tsm->cleanup_timeout) - vlib_cli_output (vm, "tid[0] session scavenging next run in: %f", - tsm->cleanup_timeout - now); - else - vlib_cli_output (vm, "tid[0] session scavenging next run in: 0"); } vlib_cli_output (vm, "total timed out sessions: %u", timed_out); @@ -1999,7 +1960,6 @@ set_timeout_command_fn (vlib_main_t * vm, } done: unformat_free (line_input); - sm->min_timeout = nat44_minimal_timeout (sm); return error; } @@ -2010,8 +1970,6 @@ nat_show_timeouts_command_fn (vlib_main_t * vm, { snat_main_t *sm = &snat_main; - // fix text - vlib_cli_output (vm, "min session cleanup timeout: %dsec", sm->min_timeout); vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout); vlib_cli_output (vm, "tcp-established timeout: %dsec", sm->tcp_established_timeout); @@ -2234,19 +2192,6 @@ VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = { /*? * @cliexpar * @cliexstart{nat set logging level} - * To force garbage collection of nat sessions - * vpp# nat44 session cleanup - * @cliexend -?*/ -VLIB_CLI_COMMAND (nat44_session_cleanup_command, static) = { - .path = "nat44 session cleanup", - .function = nat44_session_cleanup_command_fn, - .short_help = "nat44 session cleanup", -}; - -/*? - * @cliexpar - * @cliexstart{nat set logging level} * To set NAT logging level use: * Set nat logging level * @cliexend diff --git a/src/plugins/nat/nat_api.c b/src/plugins/nat/nat_api.c index 5db375ca58f..863f2cbea9f 100644 --- a/src/plugins/nat/nat_api.c +++ b/src/plugins/nat/nat_api.c @@ -242,28 +242,6 @@ vl_api_nat_worker_dump_t_print (vl_api_nat_worker_dump_t * mp, void *handle) } static void -vl_api_nat44_session_cleanup_t_handler (vl_api_nat44_session_cleanup_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_session_cleanup_reply_t *rmp; - int rv = 0; - nat44_force_users_cleanup (); - REPLY_MACRO (VL_API_NAT44_SESSION_CLEANUP_REPLY); -} - -static void * -vl_api_nat44_session_cleanup_t_print (vl_api_nat44_session_cleanup_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_session_cleanup"); - - FINISH; -} - - -static void vl_api_nat_set_log_level_t_handler (vl_api_nat_set_log_level_t * mp) { snat_main_t *sm = &snat_main; @@ -336,8 +314,6 @@ vl_api_nat_set_timeouts_t_handler (vl_api_nat_set_timeouts_t * mp) sm->tcp_transitory_timeout = ntohl (mp->tcp_transitory); sm->icmp_timeout = ntohl (mp->icmp); - sm->min_timeout = nat44_minimal_timeout (sm); - rv = nat64_set_icmp_timeout (ntohl (mp->icmp)); if (rv) goto send_reply; @@ -3142,7 +3118,6 @@ _(NAT_SHOW_CONFIG, nat_show_config) \ _(NAT_SET_WORKERS, nat_set_workers) \ _(NAT_WORKER_DUMP, nat_worker_dump) \ _(NAT44_DEL_USER, nat44_del_user) \ -_(NAT44_SESSION_CLEANUP, nat44_session_cleanup) \ _(NAT_SET_LOG_LEVEL, nat_set_log_level) \ _(NAT_IPFIX_ENABLE_DISABLE, nat_ipfix_enable_disable) \ _(NAT_SET_TIMEOUTS, nat_set_timeouts) \ diff --git a/src/plugins/nat/test/test_nat.py b/src/plugins/nat/test/test_nat.py index ac9c65dd0f5..e267c4ef2bc 100644 --- a/src/plugins/nat/test/test_nat.py +++ b/src/plugins/nat/test/test_nat.py @@ -4187,100 +4187,6 @@ class TestNAT44(MethodHolder): self.logger.info(self.vapi.cli("show nat ha")) -class TestNAT44EndpointDependent2(MethodHolder): - """ Endpoint-Dependent session test cases """ - - icmp_timeout = 2 - - @classmethod - def setUpConstants(cls): - super(TestNAT44EndpointDependent2, cls).setUpConstants() - cls.vpp_cmdline.extend(["nat", "{", "endpoint-dependent", - "translation", "hash", "buckets", "1", - "icmp", "timeout", str(cls.icmp_timeout), "}"]) - - @classmethod - def setUpClass(cls): - super(TestNAT44EndpointDependent2, cls).setUpClass() - translation_buckets = 1 - cls.max_translations = 10 * translation_buckets - - cls.create_pg_interfaces(range(2)) - cls.interfaces = list(cls.pg_interfaces[0:2]) - - for i in cls.interfaces: - i.admin_up() - i.config_ip4() - i.resolve_arp() - - cls.pg0.generate_remote_hosts(1) - cls.pg0.configure_ipv4_neighbors() - - cls.pg1.generate_remote_hosts(1) - cls.pg1.configure_ipv4_neighbors() - - @classmethod - def tearDownClass(cls): - super(TestNAT44EndpointDependent2, cls).tearDownClass() - - def create_icmp_stream(self, in_if, out_if, count): - """ - Create ICMP packet stream for inside network - - :param in_if: Inside interface - :param out_if: Outside interface - :param count: Number of packets - """ - - self.assertTrue(count > 0) - icmp_id = random.randint(0, 65535 - (count - 1)) - - pkts = list() - for i in range(count): - p = (Ether(dst=in_if.local_mac, src=in_if.remote_mac) / - IP(src=in_if.remote_ip4, dst=out_if.remote_ip4, ttl=64) / - ICMP(id=icmp_id + i, type='echo-request')) - pkts.append(p) - return pkts - - def send_pkts(self, pkts, expected=None): - self.pg0.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - return self.pg1.get_capture( - len(pkts) if expected is None else expected) - - def test_session_cleanup(self): - """ NAT44 session cleanup test """ - - self.nat44_add_address(self.pg1.local_ip4) - flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature( - sw_if_index=self.pg0.sw_if_index, - flags=flags, is_add=1) - self.vapi.nat44_interface_add_del_feature( - sw_if_index=self.pg1.sw_if_index, - is_add=1) - - nat_config = self.vapi.nat_show_config() - self.assertEqual(1, nat_config.endpoint_dependent) - - pkts = self.create_icmp_stream(self.pg0, self.pg1, - self.max_translations + 2) - sz = len(pkts) - - # positive test - self.send_pkts(pkts[0:self.max_translations]) - - # false positive test - self.send_pkts(pkts[self.max_translations:sz - 1], 0) - - sleep(self.icmp_timeout) - - # positive test - self.send_pkts(pkts[self.max_translations + 1:sz]) - - class TestNAT44EndpointDependent(MethodHolder): """ Endpoint-Dependent mapping and filtering test cases """ |