snat_session_key_t eh_key;
nat44_is_idle_session_ctx_t ctx;
- nat44_session_try_cleanup (&l_key.addr, l_key.fib_index, thread_index, now);
-
if (PREDICT_FALSE (nat44_maximum_sessions_exceeded (sm, thread_index)))
{
b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
u = nat_user_get_or_create (sm, &l_key.addr, l_key.fib_index, thread_index);
if (!u)
{
+ b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
nat_elog_warn ("create NAT user failed");
return 0;
}
s = nat_ed_session_alloc (sm, u, thread_index, now);
if (!s)
{
+ b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_USER_SESS_EXCEEDED];
nat44_delete_user_with_no_session (sm, u, thread_index);
nat_elog_warn ("create NAT session failed");
return 0;
thread_index);
if (!u)
{
+ b->error = node->errors[NAT_OUT2IN_ED_ERROR_CANNOT_CREATE_USER];
nat_elog_warn ("create NAT user failed");
return 0;
}
s = nat_ed_session_alloc (sm, u, thread_index, now);
if (!s)
{
+ b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_USER_SESS_EXCEEDED];
nat44_delete_user_with_no_session (sm, u, thread_index);
nat_elog_warn ("create NAT session failed");
return 0;
}
s0 = pool_elt_at_index (tsm->sessions, value0.value);
+ // drop if session expired
+ u64 sess_timeout_time;
+ sess_timeout_time = s0->last_heard +
+ (f64) nat44_session_get_timeout (sm, s0);
+ if (now >= sess_timeout_time)
+ {
+ // delete session
+ nat_free_session_data (sm, s0, thread_index, 0);
+ nat44_delete_session (sm, s0, thread_index);
+
+ b0->error = node->errors[NAT_OUT2IN_ED_ERROR_SESS_EXPIRED];
+ next0 = NAT_NEXT_DROP;
+ goto trace0;
+ }
+ //
+
old_addr0 = ip0->dst_address.as_u32;
new_addr0 = ip0->dst_address.as_u32 = s0->in2out.addr.as_u32;
vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;