Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: improvement
Remove rwlock contention on timestamps. ~10% pps with
10k sessions. Use fixed-size-pools of increasing sizes
starting with 4K, and with a x2 step each time.
We don't free/shrink allocated pools.
Change-Id: I5fea51faba40430106c823275a6356e81709d118
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This replace the cnat ip4/ip6 to client
lookups previously done with a regular
hash, by a bihash lookup.
Type: improvement
Do the client lookup in a bihash instead of
a hash.
Change-Id: I730c1893525c002b44ada8e290a36802835e88e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This adds a flag on the translation
asking the VIP & input-feature nodes
not to create the return session when
translating / load-balancing an incoming
flow. This is needed with maglev & DSR
Type: feature
Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This patch removes zero checks for new_addr, new_port
meaning sessions with zero values will rewrite the packet
with a 0 value instead of leaving it in place. This allows
to reduce branchiness in the code, and sessions are fully
resolved at creation time anyway.
This also adds support for checksum offloads:
- IP checksum offload : we always compute the checksum to
avoid issues with drivers. We'll revert this if we realize
cost gets too important.
- TCP/UDP checksum offload : we add the implementation for
pseudo header checksum computation. This is needed for the
drivers that do not re-compute this pseudo-checksum before
the packet is TX-ed (e.g. a few DPDK drivers).
Type: improvement
Change-Id: I6543f3aec8c120ec50f4219108609138283620ef
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
|
|
Fix initialization of the table u32 var which is leading to the incorrect
unformat of interface map type
Type: fix
Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com>
Change-Id: I1e56acd0e4c735df755e85b172bb6623bf47a57b
|
|
The documentation for the cnat plugin is highly outdated specially on
the snat section.
Type: docs
Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com>
Change-Id: I30b0c6295d3c812b636374753af3c37f29b0cc53
|
|
This patch adds SCTP support in the CNat translation primitives.
It also exposes a clib_crc32c_with_init function allowing to set
the init value to start the crc32 with instead of 0.
Type: feature
Change-Id: I86add4cfcac08f2a5a34d1e1841122fafd349fe7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: Ib127331507724f853071e66ca1ddfc773a8ed200
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
When dNAT-ing to a VIP, it can happen
that the return session conflicts with
another forward session than the one
we own.
This patchs adds a rsession_flags
CNAT_SESSION_RETRY_SNAT that makes cnat_session_create
search for a free src port to use for the
resulting return session.
It also makes forward & return session
share their fate in the session scanner.
Type: fix
Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This fixes the maglev logic which previously
included a wrong simplication.
It moves the maglev logic to its own file,
and adds a test function in the debug cli.
Type: improvement
Change-Id: I2790ae2a26fc1c5739ff02f41d436bfcafd5b380
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
When registering a new FIB node type, no name was required on the API, and so no name was printed.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8a99cf29c194637a550061b0a5e9782ffe8b31dd
|
|
Type: improvement
Change-Id: Iec585880085b12b08594a0640822cd831455d594
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Change-Id: Ib7e2f5f314144064de7b6be0fade3db2f9c943fe
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: Id6406702061ada54e51ebcf5c367328605de2b6b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
- Generate copyright year and version
instead of using hard-coded data
Type: refactor
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
|
|
Type: fix
Sometimes session->value.flags wasn't initialized
leading to next_node index corruption.
Also added a debug flag to tell session/rsessions appart
Change-Id: I80da50f2267e03a4552e8c9efc8e3aa08bc5569d
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
The session db (bihash_40_56_t) was inheriting BIHASH_USE_HEAP=1 from
vppinfra/bihash_24_8.h through a convoluted set of #includes. Set
BIHASH_USE_HEAP in cnat_bihash.h, to avoid a surprise long after
anyone remembers the story.
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I8aa3be09b306fc99ba0b6baa5096a0a6829a8951
|
|
This fixes cnat_feature node LB
- use siblings instead of direct next_nodes
- only do the lookup if we have NO_NAT
- fix behavior in v6
Type: fix
Change-Id: Ie80c9912946bf55c30eadeb51340f4aec9bb297e
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: I004a49e59d8643599fc99ad6fa5848d3cf289b7a
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This patch implements k8s-specific extensions
to the cnat plugin.
This could be done by exposing a richer semantic
on srcNAT policies, but this might be too complex
work at this point. Also k8s fits quite well as a
'cloud NAT' usecase.
Type: feature
Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
We didn't check that the srcEndpoint was resolved
when creating the session, we could end up sNATing
with 0.0.0.0 as src_addr
Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This allows to configure nat on a per-interface basis. Special care must
be taken to ensure the configuration remains consistent.
Type: feature
Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
* Backend choice in translations is controlled
by lb_type switch allowing to enable Maglev.
* Size of pool is set with cnat { maglev-len 1009 }
Type: feature
Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Notable changes:
- ip[46]-cnat-snat is renamed to cnat-snat-ip[46]
- indent fixes
- common trace primitives
- bihash is now 40_56 with alias
Type: refactor
Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
When a translation gets deleted, hiting a
session pointing to it sefaults. We're better
off directly storing the next node index.
Change-Id: I4f0716d775202b4ecf54d6cdb827bbeebd23056c
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
This fixes two issues :
- We used a hash to throttle RPC for adding fib entries,
but as we rely on a refcount, we cannot accept loosing an
entry, which could happen in case of a collision.
- On client cleanup we weren't freeing the fib entry correctly
which resulted in crashes when recreating an entry.
Added a test that ensures proper cleanup
Change-Id: Ie6660b0b02241f75092737410ae2299f8710d6b9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
fixes coverity errors 215294, 215295
Type: fix
Fixes: af897c5e3fa76180fbe0634052bde98b4b3c34d7
Change-Id: Ie5da2bcddb465020d827d9f7c519a528cf2bd035
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
When using sNAT in combination with cnat translations
it might happen that the cnat_node_vip.c picks up a
translation on a session that has an invalid lb index,
thus resulting in a later crash in ip4-load-balance
Change-Id: I82607086b2d672a9dcf26bfb82ad7f83e6474562
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Compile time reduced from ~30s to 2s for
cnat_node_vip.c & cnat_node_snat.c This doesn't
impact performance for now as ts update rwlock
is the main bottleneck.
Type: improvement
Change-Id: Ic92df300ae0dfddc5235c350bd021e73e7c850d9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Change-Id: Id1801519638a9b97175847d7ed58824fb83433d6
|
|
Type: fix
Change-Id: Ie1153a0e0f1e9770bf3e0de9291131db91724b2e
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Allow for 65536 backends for a translation.
- use u32 instead of u8
- filter out back_walk with more than
FIB_PATH_LIST_POPULAR backends
- we're still limited by u16 lb_n_buckets
in src/vnet/dpo/load_balance.h
Change-Id: Ib37b958e59b25ef5ef9f92b82008d626860faddd
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id13f33843b230a1d169560742c4f7b2dc17d8718
|
|
Type: improvement
reduce the compile time by moving the bihash includes out of ip[46].h
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I6b9216e10aff1013071f9238b3e1ebbdd205bd80
|
|
Type: fix
Change-Id: I4ea263270bcc38e505e88d512acacef7439f3823
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Make the command scriptable, use unformat_line_input.
"paths" never needed to be a pool, it's used as a vector. Pools *are*
vectors so no harm but... use vec_add2(...) instead.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I65b42de77c3c17f532443319d8a5a15a0a930d66
|
|
Restart point saved by caller, do not restart at i=0.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I36b7570085c4cbe84cea24339ae579e1fc906af8
|
|
Type: feature
Change-Id: I4bd50fd672ac35cf14ebda2b0b10ec0b9a208628
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: I60ae9dd1c100b587d1902a20596b99a5c8a95df7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
snat supports :
* echo request/reply by allocating an identifier
when translating echo requests
* icmp errors in the same manner as dnat
Change-Id: I684e983b0181f95c5eace5a984d40084e5625fa4
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Add CNAT translation for ICMP 4 & 6 errors
inner packet will be translated according
to existing sessions.
Change-Id: If118751988f44ef96b800878596296d1ab8ab6f8
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: Iba9d9f384eaa35c5522e828e3cbe4516416294db
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: docs
Change-Id: Ib985ed6a644ae3f4c330bf6a27dc69c49a489a2f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Otherwise, the debug CLI command is unusable in a script because it
will eat (and complain about) subsequent lines in the script. Missing
this guitar lick, etc:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id328e6f1cc4d2e1672c3946db3865ab5a1a3af8d
|