nat: fix nat44_ed set_session_limit crash

Setting session limit should return error for unknown fib. Optimize max_translations_per_fib expanding and drop unnecessary trailing fib entry. Type: fix Change-Id: Ie7d2b363ade48f53598faa617a49cce7b2db6400 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-05 10:32:46 +05:00
parent e8a1dbf8da
commit 5b3e04c74f
2 changed files with 9 additions and 10 deletions
--- a/src/plugins/nat/nat44-ed/nat44_ed.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed.c
@ -3240,16 +3240,12 @@ nat44_set_session_limit (u32 session_limit, u32 vrf_id)
 {
  snat_main_t *sm = &snat_main;
  u32 fib_index = fib_table_find (FIB_PROTOCOL_IP4, vrf_id);
-  u32 len = vec_len (sm->max_translations_per_fib);

-  if (len <= fib_index)
-    {
-      vec_validate (sm->max_translations_per_fib, fib_index + 1);
-
-      for (; len < vec_len (sm->max_translations_per_fib); len++)
-	sm->max_translations_per_fib[len] = sm->max_translations_per_thread;
-    }
+  if (~0 == fib_index)
+    return -1;

+  vec_validate_init_empty (sm->max_translations_per_fib, fib_index,
+			   sm->max_translations_per_thread);
  sm->max_translations_per_fib[fib_index] = session_limit;
  return 0;
 }
--- a/test/test_nat44_ed.py
+++ b/test/test_nat44_ed.py
@ -2939,10 +2939,13 @@ class TestNAT44EDMW(TestNAT44ED):

        limit = 5

-        # 2 interfaces pg0, pg1 (vrf10, limit 1 tcp session)
-        # non existing vrf_id makes process core dump
+        # 2 interfaces pg0, pg1 (vrf10, limit 5 tcp sessions)
        self.vapi.nat44_set_session_limit(session_limit=limit, vrf_id=10)

+        # expect error when bad is specified
+        with self.vapi.assert_negative_api_retval():
+            self.vapi.nat44_set_session_limit(session_limit=limit, vrf_id=20)
+
        self.nat_add_inside_interface(inside)
        self.nat_add_inside_interface(inside_vrf10)
        self.nat_add_outside_interface(outside)