[vpp-dev] det44 plugin

Mon, 01 Nov 2021 11:24:11 -0700 

Hello,
I am fairly new to VPP so please bear with me. I am trying to use the det44 NAT plugin on 21.06 but I am experiencing some difficulties with running out of ports. It would appear that my det44 sessions are never removed despite passing the expire time. For example, I have the following setting: 

show det44 timeout
udp timeout: 300sec
tcp established timeout: 7440sec
tcp transitory timeout: 240sec
icmp timeout: 60sec


However, if I generate a series of ICMP pings from my test host and then 
run 'show det44 sessions' I have a session listed for every individual 
ping packet, as expected, but these remain long after the 60 second 
timeout configured.  For example on my last test I sent a flood of 100 
pings which generated 100 sessions in the lists, all "state: icmp-active 
expire" with expiry times ranging from 171 to 173.   I have just sent 
another 100 pings and now have another 100 sessions with expiry times 
ranging from 2647 to 2650, and the original 100 sessions are still there 
still with expiry times from 171 to 173 so these have not been refreshed 
or expired.



I have taken a look at the source code of the plugin and I can that 
det44_create_expire_walk_process() is called from det44_plugin_enable(). 
 This function appears to start a new vlib process with the 'main loop' 
 function det44_expire_walk_fn().



According to the documentation here 
https://docs.fd.io/vpp/21.06/dd/d64/vlib__process__doc_8h.html I 
understand these despatch functions should be implemented as a while (1) 
{} loop that never ends.  However, my reading of the 
det44_expire_walk_fn() function code is that it will only perform a 
single walk of the det44 data structures before returning to its caller.



Is this a bug in det44_expire_walk_fn(), is the documentation wrong or 
am I misreading it?   My hypothesis is that det44_expire_walk_fn() runs 
just once, when the plugin is first enabled (and the session table is 
already empty), and does not get run again thereafter.  Therefore, the 
sessions never get expired.



Regards,
Ben.





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20402): https://lists.fd.io/g/vpp-dev/message/20402
Mute This Topic: https://lists.fd.io/mt/86748366/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-























					Reply via email to