summaryrefslogtreecommitdiffstats
path: root/src/plugins/cnat
AgeCommit message (Collapse)AuthorFilesLines
2021-03-04cnat: Add calico/k8s src policyNathan Skrzypczak3-2/+59
This patch implements k8s-specific extensions to the cnat plugin. This could be done by exposing a richer semantic on srcNAT policies, but this might be too complex work at this point. Also k8s fits quite well as a 'cloud NAT' usecase. Type: feature Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Prepare extended snat policiesNathan Skrzypczak14-549/+770
Type: refactor Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Fix snat with dhcpNathan Skrzypczak4-11/+17
Type: fix We didn't check that the srcEndpoint was resolved when creating the session, we could end up sNATing with 0.0.0.0 as src_addr Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: coverity fixNathan Skrzypczak1-2/+4
Type: fix Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: add input feature nodeNathan Skrzypczak6-0/+507
This allows to configure nat on a per-interface basis. Special care must be taken to ensure the configuration remains consistent. Type: feature Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: Add maglev supportNathan Skrzypczak9-25/+253
* Backend choice in translations is controlled by lb_type switch allowing to enable Maglev. * Size of pool is set with cnat { maglev-len 1009 } Type: feature Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: fixes & prepare maglevNathan Skrzypczak16-366/+390
Notable changes: - ip[46]-cnat-snat is renamed to cnat-snat-ip[46] - indent fixes - common trace primitives - bihash is now 40_56 with alias Type: refactor Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-01-28cnat: Fix session with deleted trNathan Skrzypczak3-9/+3
Type: fix When a translation gets deleted, hiting a session pointing to it sefaults. We're better off directly storing the next node index. Change-Id: I4f0716d775202b4ecf54d6cdb827bbeebd23056c Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-01-28cnat: Fix throttle hash & cleanupNathan Skrzypczak5-106/+67
Type: fix This fixes two issues : - We used a hash to throttle RPC for adding fib entries, but as we rely on a refcount, we cannot accept loosing an entry, which could happen in case of a collision. - On client cleanup we weren't freeing the fib entry correctly which resulted in crashes when recreating an entry. Added a test that ensures proper cleanup Change-Id: Ie6660b0b02241f75092737410ae2299f8710d6b9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-12-14misc: refactor clib_bitmap_foreach macroDamjan Marion1-3/+3
Type: refactor Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion3-19/+18
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-11-13cnat: zero-initialize structsAndrew Yourtchenko1-2/+2
fixes coverity errors 215294, 215295 Type: fix Fixes: af897c5e3fa76180fbe0634052bde98b4b3c34d7 Change-Id: Ie5da2bcddb465020d827d9f7c519a528cf2bd035 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-11-10cnat: Fix invalid adj_indexNathan Skrzypczak2-10/+29
Type: fix When using sNAT in combination with cnat translations it might happen that the cnat_node_vip.c picks up a translation on a session that has an invalid lb index, thus resulting in a later crash in ip4-load-balance Change-Id: I82607086b2d672a9dcf26bfb82ad7f83e6474562 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-11-05cnat: reduce compile timeNathan Skrzypczak2-20/+20
Compile time reduced from ~30s to 2s for cnat_node_vip.c & cnat_node_snat.c This doesn't impact performance for now as ts update rwlock is the main bottleneck. Type: improvement Change-Id: Ic92df300ae0dfddc5235c350bd021e73e7c850d9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-10-28misc: Break the big IP header files to improve compile timeNeale Ranns2-0/+4
Type: refactor Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Id1801519638a9b97175847d7ed58824fb83433d6
2020-10-24cnat: coverity fixNathan Skrzypczak3-11/+23
Type: fix Change-Id: Ie1153a0e0f1e9770bf3e0de9291131db91724b2e Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-10-21cnat: allow max_u16 translation backendsNathan Skrzypczak4-8/+25
Type: fix Allow for 65536 backends for a translation. - use u32 instead of u8 - filter out back_walk with more than FIB_PATH_LIST_POPULAR backends - we're still limited by u16 lb_n_buckets in src/vnet/dpo/load_balance.h Change-Id: Ib37b958e59b25ef5ef9f92b82008d626860faddd Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-10-21misc: minimize dependencies on udp.hFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id13f33843b230a1d169560742c4f7b2dc17d8718
2020-10-19ip: Move the IP6 fib into ip6_[m]fib.cNeale Ranns1-0/+1
Type: improvement reduce the compile time by moving the bihash includes out of ip[46].h Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I6b9216e10aff1013071f9238b3e1ebbdd205bd80
2020-10-14cnat: Fix backend LBNathan Skrzypczak1-1/+1
Type: fix Change-Id: I4ea263270bcc38e505e88d512acacef7439f3823 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-27cnat: fix cnat_translation_cli_add_delDave Barach1-12/+24
Make the command scriptable, use unformat_line_input. "paths" never needed to be a pool, it's used as a vector. Pools *are* vectors so no harm but... use vec_add2(...) instead. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I65b42de77c3c17f532443319d8a5a15a0a930d66
2020-09-27cnat: fix session scanner restart pointDave Barach1-1/+1
Restart point saved by caller, do not restart at i=0. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I36b7570085c4cbe84cea24339ae579e1fc906af8
2020-09-25cnat: Add DHCP supportNathan Skrzypczak11-109/+716
Type: feature Change-Id: I4bd50fd672ac35cf14ebda2b0b10ec0b9a208628 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-25cnat: Introduce parametric source policyNathan Skrzypczak13-244/+445
Type: feature Change-Id: I60ae9dd1c100b587d1902a20596b99a5c8a95df7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-25cnat: Add support for SNat ICMPNathan Skrzypczak7-143/+461
Type: feature snat supports : * echo request/reply by allocating an identifier when translating echo requests * icmp errors in the same manner as dnat Change-Id: I684e983b0181f95c5eace5a984d40084e5625fa4 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-25cnat: Ip ICMP error supportNathan Skrzypczak6-165/+557
Type: feature Add CNAT translation for ICMP 4 & 6 errors inner packet will be translated according to existing sessions. Change-Id: If118751988f44ef96b800878596296d1ab8ab6f8 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-23cnat: Disable default scanner processNathan Skrzypczak8-24/+120
Type: feature Change-Id: Iba9d9f384eaa35c5522e828e3cbe4516416294db Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-05docs: Improve & link cnat docNathan Skrzypczak1-13/+79
Type: docs Change-Id: Ib985ed6a644ae3f4c330bf6a27dc69c49a489a2f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-04cnat: fix cnat_set_snat() debug CLIDave Barach1-6/+18
Otherwise, the debug CLI command is unusable in a script because it will eat (and complain about) subsequent lines in the script. Missing this guitar lick, etc: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id328e6f1cc4d2e1672c3946db3865ab5a1a3af8d
2020-09-04cnat: fix snat ip v6 testsMathiasRaoul1-6/+6
Type: fix Change-Id: I9e102e0028274cc084e59c106d1cd4be174b1205 Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-09-01misc: fix uninitialized use warnings with gcc-{8,9}Aloys Augustin1-2/+2
Change-Id: I4930c3c2a8025ec9ceb17e994137be67d88d455f Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-09-01cnat: Fix typo in ts handlingNathan Skrzypczak1-1/+0
Type: fix Change-Id: I5287f6326726780c09e515eede0992bafb413bb2 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-08-31cnat: Destination based NATNeale Ranns22-0/+4950
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I64a99a4fbc674212944247793fd5c1fb701408cb