nat: sessions get expired when fib table removed

[vpp.git] / src / plugins / nat / out2in_ed.c

diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c
index 5690636..9868fe7 100644 (file)
--- a/src/plugins/nat/out2in_ed.c
+++ b/src/plugins/nat/out2in_ed.c
@@ -310,6 +310,8 @@ create_session_for_static_mapping_ed (snat_main_t * sm,
               &s->ext_host_nat_addr, s->ext_host_nat_port,
               s->nat_proto, s->in2out.fib_index, s->flags, thread_index, 0);
 
+  per_vrf_sessions_register_session (s, thread_index);
+
   return s;
 }
 
@@ -407,6 +409,8 @@ create_bypass_for_fwd (snat_main_t * sm, vlib_buffer_t * b, ip4_header_t * ip,
       kv.value = s - tsm->sessions;
       if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &kv, 1))
        nat_elog_notice ("in2out_ed key add failed");
+
+      per_vrf_sessions_register_session (s, thread_index);
     }
 
   if (ip->protocol == IP_PROTOCOL_TCP)
@@ -651,6 +655,8 @@ nat44_ed_out2in_unknown_proto (snat_main_t * sm,
                  ip->protocol, thread_index, s - tsm->sessions);
       if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &s_kv, 1))
        nat_elog_notice ("in2out key add failed");
+
+      per_vrf_sessions_register_session (s, thread_index);
     }
 
   /* Update IP checksum */
@@ -780,8 +786,10 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
            }
        }
 
+      // lookup for session
       if (clib_bihash_search_16_8 (&sm->out2in_ed, &kv0, &value0))
        {
+         // session does not exist go slow path
          next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
          goto trace0;
        }
@@ -791,11 +799,21 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
                           ed_value_get_session_index (&value0));
 
     skip_lookup:
+
+      if (PREDICT_FALSE (per_vrf_sessions_is_expired (s0, thread_index)))
+       {
+         // session is closed, go slow path
+         nat_free_session_data (sm, s0, thread_index, 0);
+         nat_ed_session_delete (sm, s0, thread_index, 1);
+         next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
+         goto trace0;
+       }
+
       if (s0->tcp_closed_timestamp)
        {
          if (now >= s0->tcp_closed_timestamp)
            {
-             // session is closed, go slow path
+             // session is closed, go slow path, freed in slow path
              next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
            }
          else
@@ -819,7 +837,6 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
          next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
          goto trace0;
        }
-      //
 
       old_addr0 = ip0->dst_address.as_u32;
       new_addr0 = ip0->dst_address.as_u32 = s0->in2out.addr.as_u32;