nat: session cleanup fix

[vpp.git] / src / plugins / nat / out2in.c

diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 3d045a9..6ee1266 100755 (executable)
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -29,6 +29,7 @@
 #include <nat/nat_ipfix_logging.h>
 #include <nat/nat_reass.h>
 #include <nat/nat_inlines.h>
+#include <nat/nat44_inlines.h>
 #include <nat/nat_syslog.h>
 #include <nat/nat_ha.h>
 
@@ -129,7 +130,7 @@ nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg)
     {
       s_kv.key = s->in2out.as_u64;
       if (clib_bihash_add_del_8_8 (&tsm->in2out, &s_kv, 0))
-       nat_log_warn ("out2in key del failed");
+       nat_elog_warn ("out2in key del failed");
 
       snat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
                                           s->in2out.addr.as_u32,
@@ -189,10 +190,13 @@ create_session_for_static_mapping (snat_main_t * sm,
   udp_header_t *udp0;
   nat44_is_idle_session_ctx_t ctx0;
 
+  nat44_session_try_cleanup (&in2out.addr, in2out.fib_index, thread_index,
+                            now);
+
   if (PREDICT_FALSE (maximum_sessions_exceeded (sm, thread_index)))
     {
       b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_SESSIONS_EXCEEDED];
-      nat_log_notice ("maximum sessions exceeded");
+      nat_elog_notice ("maximum sessions exceeded");
       return 0;
     }
 
@@ -203,7 +207,7 @@ create_session_for_static_mapping (snat_main_t * sm,
     nat_user_get_or_create (sm, &in2out.addr, in2out.fib_index, thread_index);
   if (!u)
     {
-      nat_log_warn ("create NAT user failed");
+      nat_elog_warn ("create NAT user failed");
       return 0;
     }
 
@@ -211,7 +215,7 @@ create_session_for_static_mapping (snat_main_t * sm,
   if (!s)
     {
       nat44_delete_user_with_no_session (sm, u, thread_index);
-      nat_log_warn ("create NAT session failed");
+      nat_elog_warn ("create NAT session failed");
       return 0;
     }
 
@@ -231,14 +235,14 @@ create_session_for_static_mapping (snat_main_t * sm,
   if (clib_bihash_add_or_overwrite_stale_8_8
       (&sm->per_thread_data[thread_index].in2out, &kv0,
        nat44_i2o_is_idle_session_cb, &ctx0))
-    nat_log_notice ("in2out key add failed");
+    nat_elog_notice ("in2out key add failed");
 
   kv0.key = s->out2in.as_u64;
 
   if (clib_bihash_add_or_overwrite_stale_8_8
       (&sm->per_thread_data[thread_index].out2in, &kv0,
        nat44_o2i_is_idle_session_cb, &ctx0))
-    nat_log_notice ("out2in key add failed");
+    nat_elog_notice ("out2in key add failed");
 
   /* log NAT event */
   snat_ipfix_logging_nat44_ses_create (thread_index,
@@ -893,12 +897,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
                                 dst_address /* changed member */ );
          ip0->checksum = ip_csum_fold (sum0);
 
+         old_port0 = udp0->dst_port;
+         new_port0 = udp0->dst_port = s0->in2out.port;
+
          if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
            {
-             old_port0 = tcp0->dst_port;
-             tcp0->dst_port = s0->in2out.port;
-             new_port0 = tcp0->dst_port;
-
              sum0 = tcp0->checksum;
              sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
                                     ip4_header_t,
@@ -912,9 +915,17 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
            }
          else
            {
-             old_port0 = udp0->dst_port;
-             udp0->dst_port = s0->in2out.port;
-             udp0->checksum = 0;
+             if (PREDICT_FALSE (udp0->checksum))
+               {
+                 sum0 = udp0->checksum;
+                 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+                                        ip4_header_t,
+                                        dst_address /* changed member */ );
+                 sum0 = ip_csum_update (sum0, old_port0, new_port0,
+                                        ip4_header_t /* cheat */ ,
+                                        length /* changed member */ );
+                 udp0->checksum = ip_csum_fold (sum0);
+               }
              udp_packets++;
            }
 
@@ -1059,12 +1070,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
                                 dst_address /* changed member */ );
          ip1->checksum = ip_csum_fold (sum1);
 
+         old_port1 = udp1->dst_port;
+         new_port1 = udp1->dst_port = s1->in2out.port;
+
          if (PREDICT_TRUE (proto1 == SNAT_PROTOCOL_TCP))
            {
-             old_port1 = tcp1->dst_port;
-             tcp1->dst_port = s1->in2out.port;
-             new_port1 = tcp1->dst_port;
-
              sum1 = tcp1->checksum;
              sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
                                     ip4_header_t,
@@ -1078,9 +1088,17 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
            }
          else
            {
-             old_port1 = udp1->dst_port;
-             udp1->dst_port = s1->in2out.port;
-             udp1->checksum = 0;
+             if (PREDICT_FALSE (udp1->checksum))
+               {
+                 sum1 = udp1->checksum;
+                 sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
+                                        ip4_header_t,
+                                        dst_address /* changed member */ );
+                 sum1 = ip_csum_update (sum1, old_port1, new_port1,
+                                        ip4_header_t /* cheat */ ,
+                                        length /* changed member */ );
+                 udp1->checksum = ip_csum_fold (sum1);
+               }
              udp_packets++;
            }
 
@@ -1262,12 +1280,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
                                 dst_address /* changed member */ );
          ip0->checksum = ip_csum_fold (sum0);
 
+         old_port0 = udp0->dst_port;
+         new_port0 = udp0->dst_port = s0->in2out.port;
+
          if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
            {
-             old_port0 = tcp0->dst_port;
-             tcp0->dst_port = s0->in2out.port;
-             new_port0 = tcp0->dst_port;
-
              sum0 = tcp0->checksum;
              sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
                                     ip4_header_t,
@@ -1281,9 +1298,17 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
            }
          else
            {
-             old_port0 = udp0->dst_port;
-             udp0->dst_port = s0->in2out.port;
-             udp0->checksum = 0;
+             if (PREDICT_FALSE (udp0->checksum))
+               {
+                 sum0 = udp0->checksum;
+                 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+                                        ip4_header_t,
+                                        dst_address /* changed member */ );
+                 sum0 = ip_csum_update (sum0, old_port0, new_port0,
+                                        ip4_header_t /* cheat */ ,
+                                        length /* changed member */ );
+                 udp0->checksum = ip_csum_fold (sum0);
+               }
              udp_packets++;
            }
 
@@ -1443,7 +1468,7 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm,
            {
              next0 = SNAT_OUT2IN_NEXT_DROP;
              b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_REASS];
-             nat_log_notice ("maximum reassemblies exceeded");
+             nat_elog_notice ("maximum reassemblies exceeded");
              goto trace0;
            }
 
@@ -1548,7 +1573,7 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm,
                      (thread_index, reass0, bi0, &fragments_to_drop))
                    {
                      b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_FRAG];
-                     nat_log_notice
+                     nat_elog_notice
                        ("maximum fragments per reassembly exceeded");
                      next0 = SNAT_OUT2IN_NEXT_DROP;
                      goto trace0;
@@ -1573,12 +1598,11 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm,
 
          if (PREDICT_FALSE (ip4_is_first_fragment (ip0)))
            {
+             old_port0 = udp0->dst_port;
+             new_port0 = udp0->dst_port = s0->in2out.port;
+
              if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
                {
-                 old_port0 = tcp0->dst_port;
-                 tcp0->dst_port = s0->in2out.port;
-                 new_port0 = tcp0->dst_port;
-
                  sum0 = tcp0->checksum;
                  sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
                                         ip4_header_t,
@@ -1589,11 +1613,16 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm,
                                         length /* changed member */ );
                  tcp0->checksum = ip_csum_fold (sum0);
                }
-             else
+             else if (udp0->checksum)
                {
-                 old_port0 = udp0->dst_port;
-                 udp0->dst_port = s0->in2out.port;
-                 udp0->checksum = 0;
+                 sum0 = udp0->checksum;
+                 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+                                        ip4_header_t,
+                                        dst_address /* changed member */ );
+                 sum0 = ip_csum_update (sum0, old_port0, new_port0,
+                                        ip4_header_t /* cheat */ ,
+                                        length /* changed member */ );
+                 udp0->checksum = ip_csum_fold (sum0);
                }
            }
 
@@ -1797,26 +1826,30 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm,
 
          if (PREDICT_FALSE (new_port0 != udp0->dst_port))
            {
+             old_port0 = udp0->dst_port;
+             udp0->dst_port = new_port0;
+
              if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
                {
-                 old_port0 = tcp0->dst_port;
-                 tcp0->dst_port = new_port0;
-
                  sum0 = tcp0->checksum;
                  sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
                                         ip4_header_t,
                                         dst_address /* changed member */ );
-
                  sum0 = ip_csum_update (sum0, old_port0, new_port0,
                                         ip4_header_t /* cheat */ ,
                                         length /* changed member */ );
                  tcp0->checksum = ip_csum_fold (sum0);
                }
-             else
+             else if (udp0->checksum)
                {
-                 old_port0 = udp0->dst_port;
-                 udp0->dst_port = new_port0;
-                 udp0->checksum = 0;
+                 sum0 = udp0->checksum;
+                 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+                                        ip4_header_t,
+                                        dst_address /* changed member */ );
+                 sum0 = ip_csum_update (sum0, old_port0, new_port0,
+                                        ip4_header_t /* cheat */ ,
+                                        length /* changed member */ );
+                 udp0->checksum = ip_csum_fold (sum0);
                }
            }
          else
@@ -1827,9 +1860,16 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm,
                  sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
                                         ip4_header_t,
                                         dst_address /* changed member */ );
-
                  tcp0->checksum = ip_csum_fold (sum0);
                }
+             else if (udp0->checksum)
+               {
+                 sum0 = udp0->checksum;
+                 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+                                        ip4_header_t,
+                                        dst_address /* changed member */ );
+                 udp0->checksum = ip_csum_fold (sum0);
+               }
            }
 
        trace00: