Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch implements k8s-specific extensions
to the cnat plugin.
This could be done by exposing a richer semantic
on srcNAT policies, but this might be too complex
work at this point. Also k8s fits quite well as a
'cloud NAT' usecase.
Type: feature
Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
We didn't check that the srcEndpoint was resolved
when creating the session, we could end up sNATing
with 0.0.0.0 as src_addr
Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This allows to configure nat on a per-interface basis. Special care must
be taken to ensure the configuration remains consistent.
Type: feature
Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
* Backend choice in translations is controlled
by lb_type switch allowing to enable Maglev.
* Size of pool is set with cnat { maglev-len 1009 }
Type: feature
Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Notable changes:
- ip[46]-cnat-snat is renamed to cnat-snat-ip[46]
- indent fixes
- common trace primitives
- bihash is now 40_56 with alias
Type: refactor
Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
When a translation gets deleted, hiting a
session pointing to it sefaults. We're better
off directly storing the next node index.
Change-Id: I4f0716d775202b4ecf54d6cdb827bbeebd23056c
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
This fixes two issues :
- We used a hash to throttle RPC for adding fib entries,
but as we rely on a refcount, we cannot accept loosing an
entry, which could happen in case of a collision.
- On client cleanup we weren't freeing the fib entry correctly
which resulted in crashes when recreating an entry.
Added a test that ensures proper cleanup
Change-Id: Ie6660b0b02241f75092737410ae2299f8710d6b9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
fixes coverity errors 215294, 215295
Type: fix
Fixes: af897c5e3fa76180fbe0634052bde98b4b3c34d7
Change-Id: Ie5da2bcddb465020d827d9f7c519a528cf2bd035
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
When using sNAT in combination with cnat translations
it might happen that the cnat_node_vip.c picks up a
translation on a session that has an invalid lb index,
thus resulting in a later crash in ip4-load-balance
Change-Id: I82607086b2d672a9dcf26bfb82ad7f83e6474562
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Compile time reduced from ~30s to 2s for
cnat_node_vip.c & cnat_node_snat.c This doesn't
impact performance for now as ts update rwlock
is the main bottleneck.
Type: improvement
Change-Id: Ic92df300ae0dfddc5235c350bd021e73e7c850d9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Change-Id: Id1801519638a9b97175847d7ed58824fb83433d6
|
|
Type: fix
Change-Id: Ie1153a0e0f1e9770bf3e0de9291131db91724b2e
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Allow for 65536 backends for a translation.
- use u32 instead of u8
- filter out back_walk with more than
FIB_PATH_LIST_POPULAR backends
- we're still limited by u16 lb_n_buckets
in src/vnet/dpo/load_balance.h
Change-Id: Ib37b958e59b25ef5ef9f92b82008d626860faddd
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id13f33843b230a1d169560742c4f7b2dc17d8718
|
|
Type: improvement
reduce the compile time by moving the bihash includes out of ip[46].h
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I6b9216e10aff1013071f9238b3e1ebbdd205bd80
|
|
Type: fix
Change-Id: I4ea263270bcc38e505e88d512acacef7439f3823
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Make the command scriptable, use unformat_line_input.
"paths" never needed to be a pool, it's used as a vector. Pools *are*
vectors so no harm but... use vec_add2(...) instead.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I65b42de77c3c17f532443319d8a5a15a0a930d66
|
|
Restart point saved by caller, do not restart at i=0.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I36b7570085c4cbe84cea24339ae579e1fc906af8
|
|
Type: feature
Change-Id: I4bd50fd672ac35cf14ebda2b0b10ec0b9a208628
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: I60ae9dd1c100b587d1902a20596b99a5c8a95df7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
snat supports :
* echo request/reply by allocating an identifier
when translating echo requests
* icmp errors in the same manner as dnat
Change-Id: I684e983b0181f95c5eace5a984d40084e5625fa4
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Add CNAT translation for ICMP 4 & 6 errors
inner packet will be translated according
to existing sessions.
Change-Id: If118751988f44ef96b800878596296d1ab8ab6f8
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: Iba9d9f384eaa35c5522e828e3cbe4516416294db
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: docs
Change-Id: Ib985ed6a644ae3f4c330bf6a27dc69c49a489a2f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Otherwise, the debug CLI command is unusable in a script because it
will eat (and complain about) subsequent lines in the script. Missing
this guitar lick, etc:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id328e6f1cc4d2e1672c3946db3865ab5a1a3af8d
|
|
Type: fix
Change-Id: I9e102e0028274cc084e59c106d1cd4be174b1205
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Change-Id: I4930c3c2a8025ec9ceb17e994137be67d88d455f
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: fix
Change-Id: I5287f6326726780c09e515eede0992bafb413bb2
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I64a99a4fbc674212944247793fd5c1fb701408cb
|