aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/cnat/cnat_node_feature.c
AgeCommit message (Collapse)AuthorFilesLines
2023-08-08cnat: flag to disable rsessionNathan Skrzypczak1-4/+9
This adds a flag on the translation asking the VIP & input-feature nodes not to create the return session when translating / load-balancing an incoming flow. This is needed with maglev & DSR Type: feature Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-07cnat: Support offloaded check sumsNathan Skrzypczak1-4/+4
This patch removes zero checks for new_addr, new_port meaning sessions with zero values will rewrite the packet with a 0 value instead of leaving it in place. This allows to reduce branchiness in the code, and sessions are fully resolved at creation time anyway. This also adds support for checksum offloads: - IP checksum offload : we always compute the checksum to avoid issues with drivers. We'll revert this if we realize cost gets too important. - TCP/UDP checksum offload : we add the implementation for pseudo header checksum computation. This is needed for the drivers that do not re-compute this pseudo-checksum before the packet is TX-ed (e.g. a few DPDK drivers). Type: improvement Change-Id: I6543f3aec8c120ec50f4219108609138283620ef Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-18cnat: Fix conflicting rsessionNathan Skrzypczak1-1/+2
When dNAT-ing to a VIP, it can happen that the return session conflicts with another forward session than the one we own. This patchs adds a rsession_flags CNAT_SESSION_RETRY_SNAT that makes cnat_session_create search for a free src port to use for the resulting return session. It also makes forward & return session share their fate in the session scanner. Type: fix Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-04-21cnat: Fix session flag initializationNathan Skrzypczak1-0/+1
Type: fix Sometimes session->value.flags wasn't initialized leading to next_node index corruption. Also added a debug flag to tell session/rsessions appart Change-Id: I80da50f2267e03a4552e8c9efc8e3aa08bc5569d Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-15cnat: maglev fixesNathan Skrzypczak1-19/+19
This fixes cnat_feature node LB - use siblings instead of direct next_nodes - only do the lookup if we have NO_NAT - fix behavior in v6 Type: fix Change-Id: Ie80c9912946bf55c30eadeb51340f4aec9bb297e Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Prepare extended snat policiesNathan Skrzypczak1-14/+10
Type: refactor Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Fix snat with dhcpNathan Skrzypczak1-0/+2
Type: fix We didn't check that the srcEndpoint was resolved when creating the session, we could end up sNATing with 0.0.0.0 as src_addr Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: add input feature nodeNathan Skrzypczak1-0/+409
This allows to configure nat on a per-interface basis. Special care must be taken to ensure the configuration remains consistent. Type: feature Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>