From 6b97c43005f6458ce2e253f87af6f609eaebef60 Mon Sep 17 00:00:00 2001 From: Dmitry Valter Date: Fri, 9 Dec 2022 19:34:22 +0000 Subject: nat: fix accidental o2i deletion/reuse Nat session is allocated before the port allocation. During port allocation candidate address+port are set to o2i 6-tuple and tested against the flow hash. If insertion fails, the port is busy and rejected. When all N attempts are unsuccessful, "out-of-ports" error is recorded and the session is to be deleted. During session deletion o2i and i2o tuples are deleted from the flow hash. In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers to **some other** session that's known to be allocated. By backing match tuple up session should be invalidated well enough not to collide with any valid one. Type: fix Signed-off-by: Dmitry Valter Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82 --- src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/plugins/nat') diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c index f41fcac5153..deec0099933 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c +++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c @@ -105,6 +105,9 @@ nat_ed_alloc_addr_and_port_with_snat_address ( const u16 port_thread_offset = (port_per_thread * snat_thread_index) + ED_USER_PORT_OFFSET; + /* Backup original match in case of failure */ + const nat_6t_t match = s->o2i.match; + s->o2i.match.daddr = a->addr; /* first try port suggested by caller */ u16 port = clib_net_to_host_u16 (*outside_port); @@ -136,6 +139,9 @@ nat_ed_alloc_addr_and_port_with_snat_address ( --attempts; } while (attempts > 0); + + /* Revert match */ + s->o2i.match = match; return 1; } -- cgit 1.2.3-korg