Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: c98ef75)
nat: don't drop packet for expired session 62/26362/7
authorKlement Sekera <ksekera@cisco.com>
Sun, 5 Apr 2020 15:07:32 +0000 (17:07 +0200)
committerOle Trøan <otroan@employees.org>
Tue, 7 Apr 2020 19:27:11 +0000 (19:27 +0000)
If session is expired, the packet which we just received might be a one,
which legitimely creates a new session, process it in slow path instead
to decide the outcome.

Type: fix

Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I45628f52d37ae9dee5e8aa58171ff0b86f91f5dd

src/plugins/nat/in2out_ed.c patch | blob | history
src/plugins/nat/nat.h patch | blob | history
src/plugins/nat/out2in_ed.c patch | blob | history

diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c
index 4be7637..6ca1e6e 100644 (file)
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@@ -982,8 +982,8 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm,
              nat_free_session_data (sm, s0, thread_index, 0);
              nat44_delete_session (sm, s0, thread_index);
 
-             b0->error = node->errors[NAT_IN2OUT_ED_ERROR_SESS_EXPIRED];
-             next0 = NAT_NEXT_DROP;
+             // session no longer exists, go slow path
+             next0 = def_slow;
              goto trace0;
            }
 
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 8361101..fde6a0a 100644 (file)
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -219,7 +219,6 @@ _(UNSUPPORTED_PROTOCOL, "unsupported protocol")         \
 _(IN2OUT_PACKETS, "good in2out packets processed")      \
 _(OUT_OF_PORTS, "out of ports")                         \
 _(BAD_ICMP_TYPE, "unsupported ICMP type")               \
-_(SESS_EXPIRED, "session expired")                      \
 _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded")   \
 _(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \
 _(DROP_FRAGMENT, "drop fragment")                       \
@@ -250,7 +249,6 @@ _(OUT2IN_PACKETS, "good out2in packets processed")      \
 _(OUT_OF_PORTS, "out of ports")                         \
 _(BAD_ICMP_TYPE, "unsupported ICMP type")               \
 _(NO_TRANSLATION, "no translation")                     \
-_(SESS_EXPIRED, "session expired")                      \
 _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded")   \
 _(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \
 _(DROP_FRAGMENT, "drop fragment")                       \
diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c
index adf0ec4..64f40cf 100644 (file)
--- a/src/plugins/nat/out2in_ed.c
+++ b/src/plugins/nat/out2in_ed.c
@@ -795,8 +795,8 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
              nat_free_session_data (sm, s0, thread_index, 0);
              nat44_delete_session (sm, s0, thread_index);
 
-             b0->error = node->errors[NAT_OUT2IN_ED_ERROR_SESS_EXPIRED];
-             next0 = NAT_NEXT_DROP;
+             // session no longer exists, go slow path
+             next0 = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
              goto trace0;
            }
          //
Vector Packet Processing