if (ip->protocol == IP_PROTOCOL_TCP)
{
tcp_header_t *tcp = ip4_next_header(ip);
- nat44_set_tcp_session_state (sm, s, tcp, thread_index);
+ if (nat44_set_tcp_session_state (sm, s, tcp, thread_index))
+ return 1;
}
/* Per-user LRU list maintenance */
clib_dlist_remove (tsm->list_pool, s->per_user_index);
if (is_fwd_bypass_session (s))
{
if (ip->protocol == IP_PROTOCOL_TCP)
- nat44_set_tcp_session_state (sm, s, tcp, thread_index);
+ {
+ if (nat44_set_tcp_session_state (sm, s, tcp, thread_index))
+ return 0;
+ }
/* Per-user LRU list maintenance */
clib_dlist_remove (tsm->list_pool, s->per_user_index);
clib_dlist_addtail (tsm->list_pool, s->per_user_list_head_index,
s->ext_host_addr.as_u32, ip4_header_t, dst_address);
ip->checksum = ip_csum_fold (sum);
+ if (vnet_buffer(b)->sw_if_index[VLIB_TX] == ~0)
+ vnet_buffer(b)->sw_if_index[VLIB_TX] = sm->outside_fib_index;
+
if (PREDICT_TRUE(proto == SNAT_PROTOCOL_TCP))
{
old_port = tcp->src_port;
ip->dst_address.as_u32 = s->ext_host_addr.as_u32;
}
tcp->checksum = ip_csum_fold(sum);
- nat44_set_tcp_session_state (sm, s, tcp, thread_index);
+ if (nat44_set_tcp_session_state (sm, s, tcp, thread_index))
+ return s;
}
else
{
udp->checksum = 0;
}
- if (vnet_buffer(b)->sw_if_index[VLIB_TX] == ~0)
- vnet_buffer(b)->sw_if_index[VLIB_TX] = sm->outside_fib_index;
-
/* Accounting */
s->last_heard = now;
s->total_pkts++;
ip4_header_t /* cheat */,
length /* changed member */);
tcp0->checksum = ip_csum_fold(sum0);
- nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
+ if (nat44_set_tcp_session_state (sm, s0, tcp0, thread_index))
+ goto trace00;
}
else
{
ip4_header_t /* cheat */,
length /* changed member */);
tcp1->checksum = ip_csum_fold(sum1);
- nat44_set_tcp_session_state (sm, s1, tcp1, thread_index);
+ if (nat44_set_tcp_session_state (sm, s1, tcp1, thread_index))
+ goto trace01;
}
else
{
ip4_header_t /* cheat */,
length /* changed member */);
tcp0->checksum = ip_csum_fold(sum0);
- nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
+ if (nat44_set_tcp_session_state (sm, s0, tcp0, thread_index))
+ goto trace0;
}
else
{
src_address /* changed member */);
ip0->checksum = ip_csum_fold (sum0);
+ /* Hairpinning */
+ nat44_reass_hairpinning (sm, b0, ip0, s0->out2in.port,
+ s0->ext_host_port, proto0);
+
if (PREDICT_FALSE (ip4_is_first_fragment (ip0)))
{
if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
ip4_header_t /* cheat */,
length /* changed member */);
tcp0->checksum = ip_csum_fold(sum0);
- nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
+ if (nat44_set_tcp_session_state (sm, s0, tcp0, thread_index))
+ goto trace0;
}
else
{
}
}
- /* Hairpinning */
- nat44_reass_hairpinning (sm, b0, ip0, s0->out2in.port,
- s0->ext_host_port, proto0);
-
/* Accounting */
s0->last_heard = now;
s0->total_pkts++;
}
always_inline void
+nat44_delete_session(snat_main_t * sm, snat_session_t * ses, u32 thread_index)
+{
+ snat_main_per_thread_data_t *tsm = vec_elt_at_index (sm->per_thread_data,
+ thread_index);
+ clib_bihash_kv_8_8_t kv, value;
+ snat_user_key_t u_key;
+ snat_user_t *u;
+ u_key.addr = ses->in2out.addr;
+ u_key.fib_index = ses->in2out.fib_index;
+ kv.key = u_key.as_u64;
+ if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value))
+ {
+ u = pool_elt_at_index (tsm->users, value.value);
+ if (snat_is_session_static(ses))
+ u->nstaticsessions--;
+ else
+ u->nsessions--;
+ }
+ clib_dlist_remove (tsm->list_pool, ses->per_user_index);
+ pool_put_index (tsm->list_pool, ses->per_user_index);
+ pool_put (tsm->sessions, ses);
+}
+
+/** \brief Set TCP session stet.
+ @return 1 if session was closed, otherwise 0
+*/
+always_inline int
nat44_set_tcp_session_state(snat_main_t * sm, snat_session_t * ses,
tcp_header_t * tcp, u32 thread_index)
{
{
nat_free_session_data (sm, ses, thread_index);
ses->state = SNAT_SESSION_TCP_CLOSED;
+ nat44_delete_session (sm, ses, thread_index);
+ return 1;
}
+
+ return 0;
}
#endif /* __included_snat_h__ */
if (ip->protocol == IP_PROTOCOL_TCP)
{
tcp_header_t *tcp = ip4_next_header(ip);
- nat44_set_tcp_session_state (sm, s, tcp, thread_index);
+ if (nat44_set_tcp_session_state (sm, s, tcp, thread_index))
+ return;
}
/* Per-user LRU list maintenance */
clib_dlist_remove (tsm->list_pool, s->per_user_index);
src_address);
ip->checksum = ip_csum_fold (sum);
+ vnet_buffer(b)->sw_if_index[VLIB_TX] = s->in2out.fib_index;
+
if (PREDICT_TRUE(proto == SNAT_PROTOCOL_TCP))
{
old_port = tcp->dst_port;
ip->src_address.as_u32 = s->ext_host_nat_addr.as_u32;
}
tcp->checksum = ip_csum_fold(sum);
- nat44_set_tcp_session_state (sm, s, tcp, thread_index);
+ if (nat44_set_tcp_session_state (sm, s, tcp, thread_index))
+ return s;
}
else
{
udp->checksum = 0;
}
- vnet_buffer(b)->sw_if_index[VLIB_TX] = s->in2out.fib_index;
-
/* Accounting */
s->last_heard = now;
s->total_pkts++;
ip4_header_t /* cheat */,
length /* changed member */);
tcp0->checksum = ip_csum_fold(sum0);
- nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
+ if (nat44_set_tcp_session_state (sm, s0, tcp0, thread_index))
+ goto trace0;
}
else
{
ip4_header_t /* cheat */,
length /* changed member */);
tcp1->checksum = ip_csum_fold(sum1);
- nat44_set_tcp_session_state (sm, s1, tcp1, thread_index);
+ if (nat44_set_tcp_session_state (sm, s1, tcp1, thread_index))
+ goto trace1;
}
else
{
ip4_header_t /* cheat */,
length /* changed member */);
tcp0->checksum = ip_csum_fold(sum0);
- nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
+ if (nat44_set_tcp_session_state (sm, s0, tcp0, thread_index))
+ goto trace00;
}
else
{
ip4_header_t /* cheat */,
length /* changed member */);
tcp0->checksum = ip_csum_fold(sum0);
- nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
+ if (nat44_set_tcp_session_state (sm, s0, tcp0, thread_index))
+ goto trace0;
}
else
{
self.initiate_tcp_session(self.pg0, self.pg1)
sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n,
0)
- self.assertEqual(len(sessions) - start_sessnum, 2)
+ self.assertEqual(len(sessions) - start_sessnum, 1)
except:
self.logger.error("TCP session termination failed")
raise
self.initiate_tcp_session(self.pg0, self.pg1)
sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n,
0)
- self.assertEqual(len(sessions) - start_sessnum, 2)
+ self.assertEqual(len(sessions) - start_sessnum, 1)
except:
self.logger.error("TCP session termination failed")
raise
self.initiate_tcp_session(self.pg0, self.pg1)
sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n,
0)
- self.assertEqual(len(sessions) - start_sessnum, 2)
+ self.assertEqual(len(sessions) - start_sessnum, 1)
except:
self.logger.error("TCP session termination failed")
raise