Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
nat: deterministic: disallow invalid config
[vpp.git]
/
src
/
plugins
/
nat
/
nat_det.c
diff --git
a/src/plugins/nat/nat_det.c
b/src/plugins/nat/nat_det.c
index
3af6698
..
cad0d2a
100644
(file)
--- a/
src/plugins/nat/nat_det.c
+++ b/
src/plugins/nat/nat_det.c
@@
-71,8
+71,19
@@
snat_det_add_map (snat_main_t * sm, ip4_address_t * in_addr, u8 in_plen,
if (is_add)
{
if (is_add)
{
+ u32 num_sessions = (1 << (32 - in_plen));
+ if (num_sessions > UINT32_MAX / 1000)
+ {
+ // don't let it overflow
+ return VNET_API_ERROR_INVALID_VALUE;
+ }
+ else
+ {
+ num_sessions = num_sessions * 1000 - 1;
+ }
+
pool_get (sm->det_maps, det_map);
pool_get (sm->det_maps, det_map);
- memset (det_map, 0, sizeof (*det_map));
+
clib_
memset (det_map, 0, sizeof (*det_map));
det_map->in_addr.as_u32 = in_cmp.as_u32;
det_map->in_plen = in_plen;
det_map->out_addr.as_u32 = out_cmp.as_u32;
det_map->in_addr.as_u32 = in_cmp.as_u32;
det_map->in_plen = in_plen;
det_map->out_addr.as_u32 = out_cmp.as_u32;
@@
-80,9
+91,8
@@
snat_det_add_map (snat_main_t * sm, ip4_address_t * in_addr, u8 in_plen,
det_map->sharing_ratio = (1 << (32 - in_plen)) / (1 << (32 - out_plen));
det_map->ports_per_host = (65535 - 1023) / det_map->sharing_ratio;
det_map->sharing_ratio = (1 << (32 - in_plen)) / (1 << (32 - out_plen));
det_map->ports_per_host = (65535 - 1023) / det_map->sharing_ratio;
- vec_validate_init_empty (det_map->sessions,
- SNAT_DET_SES_PER_USER * (1 << (32 - in_plen)) -
- 1, empty_snat_det_session);
+ vec_validate_init_empty (det_map->sessions, num_sessions,
+ empty_snat_det_session);
}
else
{
}
else
{
@@
-94,7
+104,7
@@
snat_det_add_map (snat_main_t * sm, ip4_address_t * in_addr, u8 in_plen,
/* *INDENT-OFF* */
pool_foreach (i, sm->interfaces,
({
/* *INDENT-OFF* */
pool_foreach (i, sm->interfaces,
({
- if (
i->is_inside
)
+ if (
nat_interface_is_inside(i)
)
continue;
snat_add_del_addr_to_fib(out_addr, out_plen, i->sw_if_index, is_add);
continue;
snat_add_del_addr_to_fib(out_addr, out_plen, i->sw_if_index, is_add);