From 41fef50d5db5e7deb3cfd901c3108abbc4406813 Mon Sep 17 00:00:00 2001 From: Matus Fabian Date: Fri, 22 Sep 2017 02:43:05 -0700 Subject: NAT: session number limitation to avoid running out of memory crash (VPP-984) Change-Id: I7f18f8c4ba609d96950dc1f833feb967d4a099b7 Signed-off-by: Matus Fabian --- src/plugins/nat/nat.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/plugins/nat/nat.c') diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 5f3b006efda..612085fc132 100644 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -2216,6 +2216,8 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) /* for show commands, etc. */ sm->translation_buckets = translation_buckets; sm->translation_memory_size = translation_memory_size; + /* do not exceed load factor 10 */ + sm->max_translations = 10 * translation_buckets; sm->user_buckets = user_buckets; sm->user_memory_size = user_memory_size; sm->max_translations_per_user = max_translations_per_user; -- cgit 1.2.3-korg