nat: don't drop packet for expired session

If session is expired, the packet which we just received might be a one, which legitimely creates a new session, process it in slow path instead to decide the outcome. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I45628f52d37ae9dee5e8aa58171ff0b86f91f5dd
2020-04-05 17:07:32 +02:00
parent c98ef752a2
commit 26c9d4b0cd
3 changed files with 4 additions and 6 deletions
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@ -982,8 +982,8 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm,
 	      nat_free_session_data (sm, s0, thread_index, 0);
 	      nat44_delete_session (sm, s0, thread_index);

-	      b0->error = node->errors[NAT_IN2OUT_ED_ERROR_SESS_EXPIRED];
-	      next0 = NAT_NEXT_DROP;
+	      // session no longer exists, go slow path
+	      next0 = def_slow;
 	      goto trace0;
 	    }

--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@ -219,7 +219,6 @@ _(UNSUPPORTED_PROTOCOL, "unsupported protocol")         \
 _(IN2OUT_PACKETS, "good in2out packets processed")      \
 _(OUT_OF_PORTS, "out of ports")                         \
 _(BAD_ICMP_TYPE, "unsupported ICMP type")               \
-_(SESS_EXPIRED, "session expired")                      \
 _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded")   \
 _(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \
 _(DROP_FRAGMENT, "drop fragment")                       \
@ -250,7 +249,6 @@ _(OUT2IN_PACKETS, "good out2in packets processed")      \
 _(OUT_OF_PORTS, "out of ports")                         \
 _(BAD_ICMP_TYPE, "unsupported ICMP type")               \
 _(NO_TRANSLATION, "no translation")                     \
-_(SESS_EXPIRED, "session expired")                      \
 _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded")   \
 _(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \
 _(DROP_FRAGMENT, "drop fragment")                       \
--- a/src/plugins/nat/out2in_ed.c
+++ b/src/plugins/nat/out2in_ed.c
@ -795,8 +795,8 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 	      nat_free_session_data (sm, s0, thread_index, 0);
 	      nat44_delete_session (sm, s0, thread_index);

-	      b0->error = node->errors[NAT_OUT2IN_ED_ERROR_SESS_EXPIRED];
-	      next0 = NAT_NEXT_DROP;
+	      // session no longer exists, go slow path
+	      next0 = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
 	      goto trace0;
 	    }
 	  //