From da34f4add5f141d58670d81d53553986e9a472b4 Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Thu, 14 Sep 2023 22:14:38 +0500 Subject: nat: add ipfix rate-limiter for nat44-ed, nat44-ei and nat64 This prevents ipfix flood with the repeating events and allows to enable nat64 max_session and max_bibs events. Also fix wrong endian for det44 and nat64 ipfix tests, now should be fine with extended tests enabled. Max session per user event @ nat44-ei requires more precise rate limiter per user address, probably with sparse vec, not handled. Type: improvement Signed-off-by: Vladislav Grishenko Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836 --- src/plugins/nat/lib/ipfix_logging.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/plugins/nat/lib/ipfix_logging.h') diff --git a/src/plugins/nat/lib/ipfix_logging.h b/src/plugins/nat/lib/ipfix_logging.h index 0b8f568e1b1..dc7927a160c 100644 --- a/src/plugins/nat/lib/ipfix_logging.h +++ b/src/plugins/nat/lib/ipfix_logging.h @@ -108,6 +108,10 @@ typedef struct { /** nat data callbacks call counter */ u16 call_counter; + /** rate-limit locks */ + clib_spinlock_t addr_exhausted_lock; + clib_spinlock_t max_sessions_lock; + clib_spinlock_t max_bibs_lock; } nat_ipfix_logging_main_t; extern nat_ipfix_logging_main_t nat_ipfix_logging_main; -- cgit 1.2.3-korg