| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Implement proper state machine based on above RFCs. ACKs to SYNs/FINs
are no longer required/tracked. This is more friendly to peers and
accounts for lost packets and retransmits.
This change also means that all traffic is translated and forwarded
while in transitory timeout, which helps delivering e.g. retransmitted
FINs, FINACKs and other messages.
Also support reopening a session in transitory timeout after seeing both
FINs by seeing both SYNs again. This helps quick connection
reestablishment if the peers want to.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Change-Id: Ibf521c79463472db97e593bfa02b32b4a06dfd2a
|
|
Modify the ipfix_exporter to use ip_address instead of the ipv4 specific
version. Modify the current code so that it writes into the v4 specific
part of the address, i.e. we are not yet fully supporting IPv6. For the
exporter configured via the original API (the one that is always in slot0)
we will not support IPv6 addresses.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: Ic9854ac62aaee76a7a55a958234c456fd9828c4c
|
|
When a new flow-report is created the caller provides 2 callback functions.
These functions both take a pointer to the exporter, plus a pointer to the
source and dest address. However the pointers to the address are not adding
any value as these are always set to the src/dest addresses of the exporter
(which is already being passed). Remove these parameters and leave the
callback functions to get the addresses out of the exporter.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I36dec394f30e85cdca120dd8706b5d90f5e07c48
|
|
Pass an ipfix_exporter to this function so that callers can choose which
exporter they are modifying.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: Ice0ed19a57baf15b1dc85cd27fe01913e36d7f4f
|
|
Pull out the fields in flow_report_main_t that are specific to a single
exporter and move them into a new structure that represents an exporter.
Add a pool of exporters to flow_report_main_t and do a pool_get() to get
the entry at index 0, so that the existing users of the code need only
change the path at which they access the old fields and have no need to
make further code changes. In functions that were accessing the fields
that now make up the ipfix_exporter create a local var that points to the
first (always valid) exporter and use this as the base for the fields
rather than finding them from flow_report_main.
This is in preparation for supporting multiple flow_exporters.
Note that at the moment the code supports multiple 'streams' for a given
exporter, where each stream has its own source port, domain id and template
space. But all streams within an exporter have the same destination address,
so this is not the same as multiple exporters.
Type: refactor
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I49f5c7fb9e901773351d31dc8a59178c37e99301
|
|
Put static mappings in flow hash, drop existing hash tables used for
static mappings. Drop refcount variables and use hash table as a single
point of truth. Allow creating a static mapping conflicting with dynamic
mapping, which will take precedence after dynamic mapping is freed, so
that the existing flow can finish transferring data.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Idfde8efabc09971be38921d4b0ca5ccf4e9fe412
|
|
This reverts commit 69b7599e4b061a8996205f0304232ede84cb70d4.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: If531b122ae5a9f91c2fe6eaa0da69922a91f16d3
|
|
Put static mappings in flow hash, drop existing hash tables used for
static mappings. Drop refcount variables and use hash table as a single
point of truth. Allow creating a static mapping conflicting with dynamic
mapping, which will take precedence after dynamic mapping is freed, so
that the existing flow can finish transferring data.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ieeba691d83a83887d0a0baccd5f3832f66126096
|
|
trajectory trace has been broken for a while because we used to save the
buffer trajectory in a vector pointed to in opaque2. This does not work
well when opaque2 is copied (eg. because of a clone) as 2 buffers end up
sharing the same vector.
This dedicates a full cacheline in the buffer metadata instead when
trajectory is compiled in. No dynamic allocation, no sharing, no tears.
Type: refactor
Change-Id: I6a028ca1b48d38f393a36979e5e452c2dd48ad3f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
The code for quota exceeded events is a u32 and was being copied
into ipfix packets in host byte order. Same for the limit field.
Swap the order before copying into packet buffer.
This change was applied once before but had to be reverted. This was
because between the time the change was uploaded/reviewed and the
time it was merged, a different patch was merged which activated a
NAT ipfix unit test that had formerly only been run as part of the
extended tests. The test was expecting the values to be in host byte
order so it failed with this patch applied. This time around, that
test has also been updated to expect network byte order.
Change-Id: If5413b1f806d664f6786e56ba13c3eee573c26d2
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: improvement
Change-Id: If3da7d4338470912f37ff1794620418d928fb77f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ifb4a9c52fd2c5dd9f3f5cf41214aa1851f6d7acd
|
|
This patch achieves complete separation of
endpoint-dependent and endpoint-independent IPv4 NAT
features. Some common stuff is also moved to NAT
library.
Type: refactor
Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
This reverts commit bfba2d555331ce67f707e608877e96dbd2aacd80.
Reason for revert: breaks test test_nat44.TestNAT44.test_ipfix_max_sessions
Change-Id: I6eed4d02835ab792e7e3491fc14240cc88a86710
Type: fix
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
The code for quota exceeded events is a u32 and was being copied
into ipfix packets in host byte order. Same for the limit field.
Swap the order before copying into packet buffer.
Change-Id: I881766e1c52acc9bebde38d85228fa492214ee21
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Using vlib_main of another thread is prohibited.
Type: fix
Change-Id: I9a85a5fee5c6665d423b4306faf3b3f2c5e22f99
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Fixed compatibility issue between
nat ei and nat ed modes. Moved nat
syslogging to nat librarry. Deprecating
apis that will be integrated in upcoming
candidate configuration patch.
Type: refactor
Change-Id: I334b1b05b81b74667c5c76a05f768442e0dcf7e8
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
IPfix messages about NAT44 session create/delete were being populated
with the FIB table index instead of the table ID. The table ID is the
correct identifier to report externally (NAT64 IPfix messages for BIB
and session create/delete use table ID, as does NAT syslogging). Convert
the table index to an ID before adding it to the IPfix NAT44 session
create/delete message data.
Change-Id: I0166384752b17ff3a8c55aa19fa2af7a8140791e
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I9930a2a90caa78e848fe657ab2da863467be41ea
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id13f33843b230a1d169560742c4f7b2dc17d8718
|
|
Type: refactor
Change-Id: I8785e4987e4f60361072440d0c3c6954c9c12394
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
Change-Id: I3b9e17164647d2019b1f40cffeed63393345219e
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I1110e425859a4f1f07952c91b50f263cb7323836
|
|
Fix allocation of port per dslite session.
After each session is created per protocol,
when new one should be created with new port,
instead it's trying to create with the same port
and while(1) loop is executed forever and VPP does
not response
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ic91b8b07253498ef9846ca60bcd4c4c76a5fac91
|
|
Use a lookup table instead.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ia8461099828bb8824bf016201f135e6b69c444d1
|
|
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I81546423200cc7f8a06b527dac8ead191a9e0519
|
|
Type: fix
Change-Id: I75b20db66fb58e1724a212253c51315836079f4b
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Change-Id: Ie2a3c0f44322dd8415603b7ce51bb72d72769c95
Ticket: VPP-1815
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
Klement Sekera
Paul Atkins
Ole Troan
Benoît Ganne
Matthew Smith
Damjan Marion
Filip Varga
Damjan Marion
Alexander Chernavin
Florin Coras
Vladimir Ratnikov