summaryrefslogtreecommitdiffstats
path: root/src/plugins/cnat
AgeCommit message (Collapse)AuthorFilesLines
2023-08-25cnat: fix cnat_endpoint_encodeBenoît Ganne1-1/+1
Type: fix Change-Id: I4ab713811626c097c7927228f3819b7785bbb951 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-08-18cnat: add host tag to bitmap in cnat snatHediBouattour3-0/+17
Type: feature this patch adds a new tag "host" to interfaces for cnat-snat if an interface is tagged pod and host we do not snat traffic outgoing through it Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6 Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
2023-08-09cnat: remove rwlock on tsNathan Skrzypczak7-61/+133
Type: improvement Remove rwlock contention on timestamps. ~10% pps with 10k sessions. Use fixed-size-pools of increasing sizes starting with 4K, and with a x2 step each time. We don't free/shrink allocated pools. Change-Id: I5fea51faba40430106c823275a6356e81709d118 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-09cnat: add ip/client bihashNathan Skrzypczak4-52/+68
This replace the cnat ip4/ip6 to client lookups previously done with a regular hash, by a bihash lookup. Type: improvement Do the client lookup in a bihash instead of a hash. Change-Id: I730c1893525c002b44ada8e290a36802835e88e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-08cnat: flag to disable rsessionNathan Skrzypczak10-31/+54
This adds a flag on the translation asking the VIP & input-feature nodes not to create the return session when translating / load-balancing an incoming flow. This is needed with maglev & DSR Type: feature Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-07cnat: Support offloaded check sumsNathan Skrzypczak4-215/+155
This patch removes zero checks for new_addr, new_port meaning sessions with zero values will rewrite the packet with a 0 value instead of leaving it in place. This allows to reduce branchiness in the code, and sessions are fully resolved at creation time anyway. This also adds support for checksum offloads: - IP checksum offload : we always compute the checksum to avoid issues with drivers. We'll revert this if we realize cost gets too important. - TCP/UDP checksum offload : we add the implementation for pseudo header checksum computation. This is needed for the drivers that do not re-compute this pseudo-checksum before the packet is TX-ed (e.g. a few DPDK drivers). Type: improvement Change-Id: I6543f3aec8c120ec50f4219108609138283620ef Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-03-18vppinfra: fix corner-cases in bihash lookupDave Barach2-3/+8
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL table, the code would sporadically return a transitional value (junk) from a half-deleted kvp. At most, 64-bits worth of the kvp will be written atomically, so using memset(...) to smear 0xFF's across a kvp to free it left a lot to be desired. Performance impact: very mild positive, thanks to FC for doing a multi-thread host stack perf/scale test. Added an ASSERT to catch attempts to add a (key,value) pair which contains the magic "free kvp" value. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
2022-10-28cnat: Fix unformat_cnat_snat_interface_map_typeMiguel Borges de Freitas1-1/+1
Fix initialization of the table u32 var which is leading to the incorrect unformat of interface map type Type: fix Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com> Change-Id: I1e56acd0e4c735df755e85b172bb6623bf47a57b
2022-10-24docs: update cnat docs to current vpp versionMiguel Borges de Freitas1-5/+13
The documentation for the cnat plugin is highly outdated specially on the snat section. Type: docs Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com> Change-Id: I30b0c6295d3c812b636374753af3c37f29b0cc53
2022-10-17cnat: Add sctp supportNathan Skrzypczak2-0/+52
This patch adds SCTP support in the CNat translation primitives. It also exposes a clib_crc32c_with_init function allowing to set the init value to start the crc32 with instead of 0. Type: feature Change-Id: I86add4cfcac08f2a5a34d1e1841122fafd349fe7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-09-19cnat: coverity fixNathan Skrzypczak1-0/+4
Type: fix Change-Id: Ib127331507724f853071e66ca1ddfc773a8ed200 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-18cnat: Fix conflicting rsessionNathan Skrzypczak4-39/+87
When dNAT-ing to a VIP, it can happen that the return session conflicts with another forward session than the one we own. This patchs adds a rsession_flags CNAT_SESSION_RETRY_SNAT that makes cnat_session_create search for a free src port to use for the resulting return session. It also makes forward & return session share their fate in the session scanner. Type: fix Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-01-30cnat: maglev fixes & improvementsNathan Skrzypczak5-103/+400
This fixes the maglev logic which previously included a wrong simplication. It moves the maglev logic to its own file, and adds a test function in the debug cli. Type: improvement Change-Id: I2790ae2a26fc1c5739ff02f41d436bfcafd5b380 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-12-03fib: Fix the display (or lack of) for fib node types in dependent children listsNeale Ranns1-1/+1
Type: fix When registering a new FIB node type, no name was required on the API, and so no name was printed. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8a99cf29c194637a550061b0a5e9782ffe8b31dd
2021-10-11docs: nitfixes in FEATURE.yamlNathan Skrzypczak1-1/+1
Type: improvement Change-Id: Iec585880085b12b08594a0640822cd831455d594 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-04docs: plugin comment nitfixesNathan Skrzypczak1-7/+7
Type: improvement Change-Id: Ib7e2f5f314144064de7b6be0fade3db2f9c943fe Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-07-15misc: replace CLIB_PREFETCH with clib_prefetch_{load,store}Damjan Marion1-2/+2
Type: refactor Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-06-09cnat: fix spinlockNathan Skrzypczak1-1/+4
Type: fix Change-Id: Id6406702061ada54e51ebcf5c367328605de2b6b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-05-13tests: move test source to vpp/testDave Wallace1-975/+0
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2021-04-21cnat: Fix session flag initializationNathan Skrzypczak4-1/+8
Type: fix Sometimes session->value.flags wasn't initialized leading to next_node index corruption. Also added a debug flag to tell session/rsessions appart Change-Id: I80da50f2267e03a4552e8c9efc8e3aa08bc5569d Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-04-05cnat: explicit BIHASH_USE_HEAP settingDave Barach1-0/+2
The session db (bihash_40_56_t) was inheriting BIHASH_USE_HEAP=1 from vppinfra/bihash_24_8.h through a convoluted set of #includes. Set BIHASH_USE_HEAP in cnat_bihash.h, to avoid a surprise long after anyone remembers the story. Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I8aa3be09b306fc99ba0b6baa5096a0a6829a8951
2021-03-15cnat: maglev fixesNathan Skrzypczak4-31/+47
This fixes cnat_feature node LB - use siblings instead of direct next_nodes - only do the lookup if we have NO_NAT - fix behavior in v6 Type: fix Change-Id: Ie80c9912946bf55c30eadeb51340f4aec9bb297e Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-08cnat: Coverity fixNathan Skrzypczak1-1/+1
Type: fix Change-Id: I004a49e59d8643599fc99ad6fa5848d3cf289b7a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Add calico/k8s src policyNathan Skrzypczak3-2/+59
This patch implements k8s-specific extensions to the cnat plugin. This could be done by exposing a richer semantic on srcNAT policies, but this might be too complex work at this point. Also k8s fits quite well as a 'cloud NAT' usecase. Type: feature Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Prepare extended snat policiesNathan Skrzypczak14-549/+770
Type: refactor Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Fix snat with dhcpNathan Skrzypczak4-11/+17
Type: fix We didn't check that the srcEndpoint was resolved when creating the session, we could end up sNATing with 0.0.0.0 as src_addr Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: coverity fixNathan Skrzypczak1-2/+4
Type: fix Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: add input feature nodeNathan Skrzypczak6-0/+507
This allows to configure nat on a per-interface basis. Special care must be taken to ensure the configuration remains consistent. Type: feature Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: Add maglev supportNathan Skrzypczak9-25/+253
* Backend choice in translations is controlled by lb_type switch allowing to enable Maglev. * Size of pool is set with cnat { maglev-len 1009 } Type: feature Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: fixes & prepare maglevNathan Skrzypczak16-366/+390
Notable changes: - ip[46]-cnat-snat is renamed to cnat-snat-ip[46] - indent fixes - common trace primitives - bihash is now 40_56 with alias Type: refactor Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-01-28cnat: Fix session with deleted trNathan Skrzypczak3-9/+3
Type: fix When a translation gets deleted, hiting a session pointing to it sefaults. We're better off directly storing the next node index. Change-Id: I4f0716d775202b4ecf54d6cdb827bbeebd23056c Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-01-28cnat: Fix throttle hash & cleanupNathan Skrzypczak5-106/+67
Type: fix This fixes two issues : - We used a hash to throttle RPC for adding fib entries, but as we rely on a refcount, we cannot accept loosing an entry, which could happen in case of a collision. - On client cleanup we weren't freeing the fib entry correctly which resulted in crashes when recreating an entry. Added a test that ensures proper cleanup Change-Id: Ie6660b0b02241f75092737410ae2299f8710d6b9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-12-14misc: refactor clib_bitmap_foreach macroDamjan Marion1-3/+3
Type: refactor Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion3-19/+18
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-11-13cnat: zero-initialize structsAndrew Yourtchenko1-2/+2
fixes coverity errors 215294, 215295 Type: fix Fixes: af897c5e3fa76180fbe0634052bde98b4b3c34d7 Change-Id: Ie5da2bcddb465020d827d9f7c519a528cf2bd035 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-11-10cnat: Fix invalid adj_indexNathan Skrzypczak2-10/+29
Type: fix When using sNAT in combination with cnat translations it might happen that the cnat_node_vip.c picks up a translation on a session that has an invalid lb index, thus resulting in a later crash in ip4-load-balance Change-Id: I82607086b2d672a9dcf26bfb82ad7f83e6474562 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-11-05cnat: reduce compile timeNathan Skrzypczak2-20/+20
Compile time reduced from ~30s to 2s for cnat_node_vip.c & cnat_node_snat.c This doesn't impact performance for now as ts update rwlock is the main bottleneck. Type: improvement Change-Id: Ic92df300ae0dfddc5235c350bd021e73e7c850d9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-10-28misc: Break the big IP header files to improve compile timeNeale Ranns2-0/+4
Type: refactor Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Id1801519638a9b97175847d7ed58824fb83433d6
2020-10-24cnat: coverity fixNathan Skrzypczak3-11/+23
Type: fix Change-Id: Ie1153a0e0f1e9770bf3e0de9291131db91724b2e Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-10-21cnat: allow max_u16 translation backendsNathan Skrzypczak4-8/+25
Type: fix Allow for 65536 backends for a translation. - use u32 instead of u8 - filter out back_walk with more than FIB_PATH_LIST_POPULAR backends - we're still limited by u16 lb_n_buckets in src/vnet/dpo/load_balance.h Change-Id: Ib37b958e59b25ef5ef9f92b82008d626860faddd Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-10-21misc: minimize dependencies on udp.hFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id13f33843b230a1d169560742c4f7b2dc17d8718
2020-10-19ip: Move the IP6 fib into ip6_[m]fib.cNeale Ranns1-0/+1
Type: improvement reduce the compile time by moving the bihash includes out of ip[46].h Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I6b9216e10aff1013071f9238b3e1ebbdd205bd80
2020-10-14cnat: Fix backend LBNathan Skrzypczak1-1/+1
Type: fix Change-Id: I4ea263270bcc38e505e88d512acacef7439f3823 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-27cnat: fix cnat_translation_cli_add_delDave Barach1-12/+24
Make the command scriptable, use unformat_line_input. "paths" never needed to be a pool, it's used as a vector. Pools *are* vectors so no harm but... use vec_add2(...) instead. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I65b42de77c3c17f532443319d8a5a15a0a930d66
2020-09-27cnat: fix session scanner restart pointDave Barach1-1/+1
Restart point saved by caller, do not restart at i=0. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I36b7570085c4cbe84cea24339ae579e1fc906af8
2020-09-25cnat: Add DHCP supportNathan Skrzypczak11-109/+716
Type: feature Change-Id: I4bd50fd672ac35cf14ebda2b0b10ec0b9a208628 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-25cnat: Introduce parametric source policyNathan Skrzypczak13-244/+445
Type: feature Change-Id: I60ae9dd1c100b587d1902a20596b99a5c8a95df7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-25cnat: Add support for SNat ICMPNathan Skrzypczak7-143/+461
Type: feature snat supports : * echo request/reply by allocating an identifier when translating echo requests * icmp errors in the same manner as dnat Change-Id: I684e983b0181f95c5eace5a984d40084e5625fa4 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-25cnat: Ip ICMP error supportNathan Skrzypczak6-165/+557
Type: feature Add CNAT translation for ICMP 4 & 6 errors inner packet will be translated according to existing sessions. Change-Id: If118751988f44ef96b800878596296d1ab8ab6f8 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-23cnat: Disable default scanner processNathan Skrzypczak8-24/+120
Type: feature Change-Id: Iba9d9f384eaa35c5522e828e3cbe4516416294db Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>