gerrit.fd Code Review - vpp.git/commit

author	Dmitry Valter <d-valter@yandex-team.ru>
	Fri, 9 Dec 2022 19:34:22 +0000 (19:34 +0000)
committer	Ole Tr�an <otroan@employees.org>
	Fri, 3 Feb 2023 14:31:54 +0000 (14:31 +0000)
commit	6b97c43005f6458ce2e253f87af6f609eaebef60
tree	f7a7a8f67a4e1e0dd0f158e423dd0c8e6f7559cf	tree \| snapshot
parent	fc2d95d115ea5e82bc3efb18cf40632449112fdf	commit \| diff

nat: fix accidental o2i deletion/reuse

Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.

During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.

By backing match tuple up session should be invalidated well enough not to
collide with any valid one.

Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82

src/plugins/nat/nat44-ed/nat44_ed_in2out.c		diff \| blob \| history
test/test_nat44_ed.py		diff \| blob \| history