From 1c2ac860ed9a80dac539af6408d70f7dfd2c238e Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Tue, 10 Mar 2020 12:32:54 +0100
Subject: nat: transitory timeout for TCP CLOSED state

Wait transitory timeout seconds before moving internal state of TCP
session to CLOSED state per RFC 7857. This patch implements this
functionality for endpoint-dependent NAT.

Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
---
 src/plugins/nat/nat44_cli.c | 42 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 2 deletions(-)

(limited to 'src/plugins/nat/nat44_cli.c')

diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c
index 45e00693676..cdf94a8dc9d 100644
--- a/src/plugins/nat/nat44_cli.c
+++ b/src/plugins/nat/nat44_cli.c
@@ -664,6 +664,8 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
 
   u32 timed_out = 0;
   u32 transitory = 0;
+  u32 transitory_wait_closed = 0;
+  u32 transitory_closed = 0;
   u32 established = 0;
 
   if (sm->num_workers > 1)
@@ -686,7 +688,23 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
               case SNAT_PROTOCOL_TCP:
                 tcp_sessions++;
                 if (s->state)
-                  transitory++;
+                  {
+                    if (s->tcp_close_timestamp)
+                      {
+                        if (now >= s->tcp_close_timestamp)
+                          {
+                            ++transitory_closed;
+                          }
+                        else
+                          {
+                            ++transitory_wait_closed;
+                          }
+                      }
+                    else
+                      {
+                        transitory++;
+                      }
+                  }
                 else
                   established++;
                 break;
@@ -731,7 +749,23 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
           case SNAT_PROTOCOL_TCP:
             tcp_sessions++;
             if (s->state)
-              transitory++;
+              {
+                if (s->tcp_close_timestamp)
+                  {
+                    if (now >= s->tcp_close_timestamp)
+                      {
+                        ++transitory_closed;
+                      }
+                    else
+                      {
+                        ++transitory_wait_closed;
+                      }
+                  }
+                else
+                  {
+                    transitory++;
+                  }
+              }
             else
               established++;
             break;
@@ -761,6 +795,10 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
   vlib_cli_output (vm, "total tcp sessions: %u", tcp_sessions);
   vlib_cli_output (vm, "total tcp established sessions: %u", established);
   vlib_cli_output (vm, "total tcp transitory sessions: %u", transitory);
+  vlib_cli_output (vm, "total tcp transitory (WAIT-CLOSED) sessions: %u",
+		   transitory_wait_closed);
+  vlib_cli_output (vm, "total tcp transitory (CLOSED) sessions: %u",
+		   transitory_closed);
   vlib_cli_output (vm, "total udp sessions: %u", udp_sessions);
   vlib_cli_output (vm, "total icmp sessions: %u", icmp_sessions);
   return 0;
-- 
cgit 1.2.3-korg