From 8fed4240be68b2b4b4b6c531233044f3f1ac70c4 Mon Sep 17 00:00:00 2001
From: Matus Fabian <matfabia@cisco.com>
Date: Tue, 14 Aug 2018 05:14:55 -0700
Subject: [PATCH] NAT64: fix TCP session expire (VPP-1390)

Add missing call of nat64_tcp_session_set_state to set TCP session state.

Change-Id: Ifd297ea3ffe20870e1e34a95449b5c9404ec13eb
Signed-off-by: Matus Fabian <matfabia@cisco.com>
---
 src/plugins/nat/nat64_in2out.c | 12 ++++++++++--
 src/plugins/nat/nat64_out2in.c | 15 ++++++++++-----
 test/test_nat.py               |  6 +++---
 3 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/src/plugins/nat/nat64_in2out.c b/src/plugins/nat/nat64_in2out.c
index cdfe9b8d80c..718c69d7bdf 100644
--- a/src/plugins/nat/nat64_in2out.c
+++ b/src/plugins/nat/nat64_in2out.c
@@ -224,8 +224,6 @@ nat64_in2out_tcp_udp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
 	return -1;
     }
 
-  nat64_session_reset_timeout (ste, ctx->vm);
-
   ip4->src_address.as_u32 = bibe->out_addr.as_u32;
   udp->src_port = bibe->out_port;
 
@@ -237,12 +235,15 @@ nat64_in2out_tcp_udp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
       ip_csum_t csum;
       tcp_header_t *tcp = ip6_next_header (ip6);
 
+      nat64_tcp_session_set_state (ste, tcp, 1);
       checksum = &tcp->checksum;
       csum = ip_csum_sub_even (*checksum, sport);
       csum = ip_csum_add_even (csum, udp->src_port);
       *checksum = ip_csum_fold (csum);
     }
 
+  nat64_session_reset_timeout (ste, ctx->vm);
+
   return 0;
 }
 
@@ -636,6 +637,9 @@ nat64_in2out_tcp_udp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
 	return -1;
     }
 
+  if (proto == IP_PROTOCOL_TCP)
+    nat64_tcp_session_set_state (ste, tcp, 1);
+
   nat64_session_reset_timeout (ste, vm);
 
   sport = udp->src_port = bibe->out_port;
@@ -1203,6 +1207,7 @@ nat64_in2out_frag_set_cb (ip6_header_t * ip6, ip4_header_t * ip4, void *arg)
 	  ip_csum_t csum;
 	  tcp_header_t *tcp = (tcp_header_t *) udp;
 
+	  nat64_tcp_session_set_state (ste, tcp, 1);
 	  checksum = &tcp->checksum;
 	  csum = ip_csum_sub_even (*checksum, tcp->src_port);
 	  csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[0]);
@@ -1263,6 +1268,9 @@ nat64_in2out_frag_hairpinning (vlib_buffer_t * b, ip6_header_t * ip6,
   if (!bibe)
     return -1;
 
+  if (ctx->proto == IP_PROTOCOL_TCP)
+    nat64_tcp_session_set_state (ste, tcp, 1);
+
   nat64_session_reset_timeout (ste, ctx->vm);
 
   sport = bibe->out_port;
diff --git a/src/plugins/nat/nat64_out2in.c b/src/plugins/nat/nat64_out2in.c
index f7d4dd417f5..d4b0c3987f9 100644
--- a/src/plugins/nat/nat64_out2in.c
+++ b/src/plugins/nat/nat64_out2in.c
@@ -160,8 +160,6 @@ nat64_out2in_tcp_udp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
 	nat64_db_st_entry_create (db, bibe, &ip6_saddr, &saddr.ip4, sport);
     }
 
-  nat64_session_reset_timeout (ste, ctx->vm);
-
   ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
   ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
 
@@ -172,13 +170,19 @@ nat64_out2in_tcp_udp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
   if (proto == IP_PROTOCOL_UDP)
     checksum = &udp->checksum;
   else
-    checksum = &tcp->checksum;
+    {
+      checksum = &tcp->checksum;
+      nat64_tcp_session_set_state (ste, tcp, 0);
+    }
+
   csum = ip_csum_sub_even (*checksum, dport);
   csum = ip_csum_add_even (csum, udp->dst_port);
   *checksum = ip_csum_fold (csum);
 
   vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
 
+  nat64_session_reset_timeout (ste, ctx->vm);
+
   return 0;
 }
 
@@ -573,8 +577,6 @@ nat64_out2in_frag_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
   if (!bibe)
     return -1;
 
-  nat64_session_reset_timeout (ste, ctx->vm);
-
   if (ctx->first_frag)
     {
       udp->dst_port = bibe->in_port;
@@ -615,6 +617,7 @@ nat64_out2in_frag_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
       else
 	{
 	  tcp_header_t *tcp = ip4_next_header (ip4);
+	  nat64_tcp_session_set_state (ste, tcp, 0);
 	  checksum = &tcp->checksum;
 	  csum = ip_csum_sub_even (*checksum, bibe->out_addr.as_u32);
 	  csum = ip_csum_sub_even (csum, ste->out_r_addr.as_u32);
@@ -637,6 +640,8 @@ nat64_out2in_frag_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
 
   vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
 
+  nat64_session_reset_timeout (ste, ctx->vm);
+
   return 0;
 }
 
diff --git a/test/test_nat.py b/test/test_nat.py
index 0d723b0a688..424b92c6e34 100644
--- a/test/test_nat.py
+++ b/test/test_nat.py
@@ -5943,7 +5943,7 @@ class TestNAT64(MethodHolder):
                                                 self.nat_addr_n)
         self.vapi.nat64_add_del_interface(self.pg0.sw_if_index)
         self.vapi.nat64_add_del_interface(self.pg1.sw_if_index, is_inside=0)
-        self.vapi.nat64_set_timeouts(icmp=5)
+        self.vapi.nat64_set_timeouts(icmp=5, tcp_trans=5, tcp_est=5)
 
         pkts = self.create_stream_in_ip6(self.pg0, self.pg1)
         self.pg0.add_stream(pkts)
@@ -5955,9 +5955,9 @@ class TestNAT64(MethodHolder):
 
         sleep(15)
 
-        # ICMP session after timeout
+        # ICMP and TCP session after timeout
         ses_num_after_timeout = self.nat64_get_ses_num()
-        self.assertNotEqual(ses_num_before_timeout, ses_num_after_timeout)
+        self.assertEqual(ses_num_before_timeout - ses_num_after_timeout, 2)
 
     def test_icmp_error(self):
         """ NAT64 ICMP Error message translation """
-- 
2.16.6