Age | Commit message (Collapse) | Author | Files | Lines |
|
This change introduces flow concept to endpoint-dependent NAT. Instead
of having a session and a plethora of special cases in code for e.g.
hairpinning, twice-nat and others, figure all this out and store it in
flow logic. Every flow has a match and a rewrite part. This unifies all
the NAT packet processing cases into one - match a flow and rewrite the
packet based on that flow. It also provides a cure for hairpinning
dilemma where one part of the flow is on one worker and another on
a different one. These cases are also sped up by not requiring
destination adress lookup every single time to be able to rewrite source
nat as this is now part of flow rewrite logic.
Type: improvement
Change-Id: Ib60c992e16792ea4d4129bc10202ebb99a73b5be
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Patch n. 2 aimed at moving EI features out of
NAT44 plugin & split of EI/ED functions.
Type: refactor
Change-Id: Ida20c1c084449b146344b6c3d8442f49efb6f3fa
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
This patch is aimed at moving EI features out of NAT44
plugin & split of EI/ED functions.
Type: refactor
Change-Id: I63cf70a264ed2512708fe92665d64f04690783d0
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Split ED and EI nat44 test cases. Added multi worker
support for ED test cases.
Type: refactor
Change-Id: Ibcc2f62b94cacff69ed35c5d914b55f9fdbcf882
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Change-Id: Ie41e2fb9393bf63099519150bb158b830d2c0d87
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: refactor
Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
A special case when out2in packet needs to
be handoffed to other worker thread. We are
not able to determine which thread they belong
to in the first processing of nat handoff node.
These packets needs to go through out2in slowpath
before we are able to tell where to handoff them.
Type: fix
Ticket: VPP-1941
Change-Id: I7173bda970ce6a91d81f48fc72aa2457586a076f
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Fixed nat_ha and ipfix tests. Removed obsolete tests
and moved extended tests to standard tests.
Type: fix
Change-Id: I2d7f4c4fa4c52a4aa10d70c956e085a0fe00b911
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Fixed compatibility issue between
nat ei and nat ed modes. Moved nat
syslogging to nat librarry. Deprecating
apis that will be integrated in upcoming
candidate configuration patch.
Type: refactor
Change-Id: I334b1b05b81b74667c5c76a05f768442e0dcf7e8
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Cleanup of print functions in api file,
splitting functionality of cleanup callbacks for ED
and EI NAT. Updating and fixing API & CLI calls.
Type: refactor
Change-Id: I7a9dc4c8b1d2ca29db4754be7dfa4f698942127a
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Calculate bihash buckets as n_elts / 2.5 rounded to closest pow2
per Damjan's recommendation. Remove memory configuration parameters
because bihash init ignores them anyway as it resides in main heap now.
Type: improvement
Change-Id: I189f463f3c4640106cce4f12d3c5a62969276a82
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: refactor
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Change-Id: Id1801519638a9b97175847d7ed58824fb83433d6
|
|
Type: fix
Change-Id: I4aa0dac544582703316cbcfabe67bcb7dc24d4f7
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
This patch changes initialization and configuration of NAT
plugin. Instead of allocating data structures at vpp plugin
initialization phase allocation and configuration happens
after calling enable API or CLI call. This reduces base VPP
memory footprint and also enables dynamic reconfiguration
of the NAT plugin.
Type: improvement
Change-Id: I42c069ee19a0311d043ac1f3f230d87bc8d2680f
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
Change-Id: I3e7ee771d0cf5b7b1b9fbbc833776d523dfa9f09
|
|
Bihash key already contains rx_fib_index for lookup
but fib value for session itself is set to 0.
In the result bihash is allocated with key with fib index
set, but free function is looking for key with fib index set
to zero. It leads to use-after-free because session itself is
removed from pool but bihash is not because of key mismatch.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I8ac5a41b0a5a32b1baab9e9d757141d5b24b7798
|
|
Type: refactor
Change-Id: I8785e4987e4f60361072440d0c3c6954c9c12394
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
Change-Id: I3b9e17164647d2019b1f40cffeed63393345219e
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Multiple (> 1) workers leads to handoff node being enabled.
This node pops next feature index to nat.arc_next to make sure
that packet will be pushed to the next feature in the arc.
But node nat44-ed-in2out-output also pops next feature and changes
arc_next. So actual next feature will be skipped in that case.
It leads to all nat44-ed-in2out packets being dropped if we have
multiple workers (handoff node enabled).
To resolve this a new node was added (nat-pre-in2out-output) to fill
arc_next in single worker case and multiple worker case is already
handled by handoff node.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed
|
|
Let twice-nat static mapping pick specific
address from the twice-nat pool.
Type: improvement
Change-Id: Iadaa036af2fa3b0e6e9a68ff6e68b4bbe1650eb1
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Change-Id: I78017b02015116f93b579c7381119f618351c98d
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
fib table removal would leave lingering sessions in vpp
this patch is aimed at solving this issue by grouping
sessions by source and destionation fib. if one of the
fibs gets removed this grouping is tagged as expired
and session won't be passed to non existing fib table
Ticket: VPPSUPP-93
Type: improvement
Change-Id: I45b1205a8b58d91f174e6feb862554ec2f6cffad
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
Change-Id: I0bb203102a0e13dd7448e2125925ab356bbd7937
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Some statistics counters were implemented as error counters. Move them
to stat segment, where they belong.
Type: improvement
Change-Id: I5600bec1b4e0496282297374ec1e79d909cdaf8a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change the port number selection for new NAT sessions so that it
matches how the thread index is calculated from the port number for
out2in packets. Before this change there was a problem when the
largest port number in the range was used, that resulted in the wrong
thread index being selected when out2in packets arrive for that
session.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I936c389eb0d5df6168e18e5e44754de1cdad6ad1
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: refactor
Change-Id: I8c1f0c02a4522c1f9e461ddadd59938579ec00c6
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Prefer using source port form packet as outside port if possible.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I5c25f6a42386f38c9a6cc95bd7dda9f090b49817
|
|
Type: fix
Fixes: a1018c166a468f7692ab621c743503914266f508
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I86592f73a60fd146d3764e474f975881e940c244
|
|
Derive reasonable values from max translations/max users.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I41a96ab63ab138b4160cd60bd6df24fc73791c86
|
|
Replace whitespread (mis)use of snat_session_key_t by proper function
arguments where applicable and inline functions to calculate hash keys
instead of using structs for that. Make all hash tables use same network
byte order port so that there is no longer a discrepancy between static
mappings using host byte order while in2out/out2in tables using network
byte order.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I80786d2f947c67824c101a13bb608f1fe1080f34
|
|
Ticket: VPP-1887
Type: fix
Change-Id: I341ac7b455926a106d736f4de6771aae655db82e
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Identified and removed executable bit from source files in the tree.
find . -perm 755 -name *.[ch] -exec chmod a-x {} \;
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I00710d59fcc46ce5be5233109af4c8077daff74b
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I95286d6723fd1860bf6bb0e81c474d732ab25121
|
|
By storing thread and session index in hash table we are able to skip
multiple hash lookups in multi-worker scenario, which were used for
handoff before. Also, by storing sesion index in vnet_buffer2, we can
avoid repeating the lookup after handoff.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I406fb12f4e2dd8f4a5ca5d83d59dbc37e1af9abf
|
|
This fixes a situation where long-lived inactive session blocks LRU
list. Solution is to have multiple LRU lists based on session type.
This helps because session timeout is same for all sessions of same
type.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I5e54b2aab73b23911d6518d42e8c3f166c69a38c
|
|
Use a lookup table instead.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ia8461099828bb8824bf016201f135e6b69c444d1
|
|
Type: fix
Change-Id: I14e323e7bb1db7a3d40668212535c07504374e59
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
The original fix access vlib_main before these was initialized.
Removed cached vlib_mains structure.
Type: fix
Fixes: 9bb09afb56b1aa787ca574cc732085272059fd5f
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I686bab9220e27891f66bf60489c1602855786aa8
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I3c914d5c457df40205280ac589a2d353261343d5
|
|
Type: fix
Change-Id: If6784c9eb278f525e05304d10fd1a00641faaaf0
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Force session cleanup drops NAT db.
Also fixing user specific cli/api calls.
Type: improvement
Change-Id: Ia3e25fcf07fe5fb9a83d55c03fe90aca727b41ac
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: improvement
Change-Id: I170256ab47978db34fb0ff6808d9cd54ab872410
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Idbbad246161d28f595c25e10d7282c8b33fa9876
|
|
With port overloading, port is no longer a scarce resource and there
is no need to limit connections per internal IP. This saves one hash
insert in slow path.
Type: improvement
Change-Id: I8a7a9713ac855fa99fa1617ec684f757cf6e09ae
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Use out2in_ed hash table for port overloading tracking instead of
global table. This reduces number of hash insertions in slowpath.
Type: improvement
Change-Id: Iad4e897d52033beb7f6d76a7ddb596eef586c6cb
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Add a suitable ASSERT in the bihash template in case this happens again.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ib370d4238f6bae2995bc30fd17fad5c41053c3d1
|
|
Type: refactor
Change-Id: I9f743ba2818e1b1c5004c3575925cc7b479948d8
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Id2d181385f109163d4c806eecda166c2087c4b92
|
|
Maintain a global session LRU allowing reuse of expired session instead
of relying on a scavenging mechanism to periodically walk sessions.
Whenever a new session is being allocated in slow path, also attempt to
free an expired session from global LRU list.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9edde9ec138de67c9a4888e915b0490ec16415fa
|