From 1c2ac860ed9a80dac539af6408d70f7dfd2c238e Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Tue, 10 Mar 2020 12:32:54 +0100
Subject: nat: transitory timeout for TCP CLOSED state

Wait transitory timeout seconds before moving internal state of TCP
session to CLOSED state per RFC 7857. This patch implements this
functionality for endpoint-dependent NAT.

Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
---
 src/plugins/nat/nat44/inlines.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/plugins/nat/nat44')

diff --git a/src/plugins/nat/nat44/inlines.h b/src/plugins/nat/nat44/inlines.h
index 7cc24750423..fcaf57383ef 100644
--- a/src/plugins/nat/nat44/inlines.h
+++ b/src/plugins/nat/nat44/inlines.h
@@ -61,7 +61,7 @@ nat44_session_reuse_old (snat_main_t * sm, snat_user_t * u,
   s->ext_host_port = 0;
   s->ext_host_nat_addr.as_u32 = 0;
   s->ext_host_nat_port = 0;
-  //
+  s->tcp_close_timestamp = 0;
   s->ha_last_refreshed = now;
   return s;
 }
@@ -193,6 +193,12 @@ nat44_user_session_cleanup (snat_user_t * u, u32 thread_index, f64 now)
       sess_timeout_time = s->last_heard +
 	(f64) nat44_session_get_timeout (sm, s);
 
+      if (s->tcp_close_timestamp)
+	{
+	  sess_timeout_time =
+	    clib_min (sess_timeout_time, s->tcp_close_timestamp);
+	}
+
       if (now < sess_timeout_time)
 	continue;
 
-- 
cgit 1.2.3-korg