aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat44-ed/nat44_ed.c
AgeCommit message (Collapse)AuthorFilesLines
2021-08-12nat: NAT44ED configuration refactorFilip Varga1-270/+290
Refactoring and cleaning up address allocation functions & ip table update callbacks. Type: refactor Change-Id: I9a11700a5f335b64d0d84e04d8e16d040624e01b Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-08-05nat: nat44-ed disable protection for api/cliFilip Varga1-49/+61
Return unsupported error if user calls one of the configuration functions that can run only after nat44-ed plugin is enabled via appropriate api/cli call. Type: fix Change-Id: I0d4ab0684ba5ae23fc2ecc668554a34537c2904a Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-07-29nat: fix ICMP checksum validationKlement Sekera1-9/+9
Handle case where extra data is present in buffer which is not part of IP/ICMP headers. Type: fix Fixes: 05b5a5b3b4b04823776feed6403b5a99b2e06d76 Change-Id: Icfef811470056d38c60fc45cc302139ed7594385 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-22nat: nat44-ed configuration refactor & cleanupFilip Varga1-534/+723
Refactoring static mapping configuration functions based on feature type. Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I007d9b0e9717ced613fbcef2b11b6853f479be1e
2021-07-19nat: harden ICMP handlingKlement Sekera1-24/+63
Verify that headers are not truncated and that checksums are valid. Correct checksum computation in translation code. Type: fix Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-14nat: refactoring NAT44ED cfg functionsFilip Varga1-300/+433
Refactored & fixed NAT44ED configuration functions used for handling interfaces and nodes. Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I6fbbb7f0fe35d572675997745d53290152987424
2021-06-23nat: ICMP handling fixesKlement Sekera1-13/+94
If ICMP comes from a router on path, source address must not be rewritten in o2i path to avoid getting wrong checksum. Fix ICMP checksum computations. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I035debccf966d7dbd63c364cb1e43380d641f708
2021-05-21nat: add maximum configured sessions to stat segmentOle Troan1-0/+9
Add /nat44-ed/max-cfg-sessions gauge. Reflects the configured value for configured sessions (per thread). Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I618c8aa0daab0981399cfe9273d191fa1990ef60 Signed-off-by: Ole Troan <ot@cisco.com>
2021-04-21nat: fix multi worker scenariosKlement Sekera1-28/+19
Properly select worker from hash table in out2in direction, increase number of worker threads in MW test to 4 to test these cases. Type: fix Change-Id: I76eda5761ff497b85b031dd913a64b7fcb53b33a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-04-01nat: fix ordering of feature nodesKlement Sekera1-2/+4
Fix ordering of feature nodes so that ACL runs after NAT in in2out direction so it can properly track stuff like ports after NAT rewrite. Type: fix Change-Id: I2c689b64765628e9bc77108914f74c6c801d8ce2 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-31nat: avoid creating negative zero checksumKlement Sekera1-1/+3
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ibbb72e77c751b7e775620cfb160b52ceff2da86b
2021-03-31nat: NAT44-ED unused value removalFilip Varga1-4/+1
Type: fix Coverity scan issue fix. Change-Id: I9036fade15fd381da9c1e6b575f250fdcb21f876 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-03-15nat: get rid of worker selection callbacksKlement Sekera1-28/+21
Make code easier to read and debug. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ib52a4cdd3bcdcc475053aa32af3964c00859e1cd
2021-03-09nat: fix dst nat thread issuesKlement Sekera1-97/+49
Make sure packet lands on the right thread for dst nat case. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I0ec4e4c2bb3fa80ff73fac588c36d36420ba68fa
2021-03-07nat: replace main vlib with per-thread vlibKlement Sekera1-18/+11
Fix incorrect vlib main usage. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ic5304ca844f1b27756818eb6995b1d9c08412674
2021-03-07nat: fix worker selectionKlement Sekera1-52/+46
Use correct ports from SVR. Perform lookup of existing session for all cases to pick any created bypasses and derive correct thread indexes. Type: fix Change-Id: I1e3814c9e13cd4d9b8d65f514f7e9ab42df3c22e Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-06nat: use correct node indexes for queuesKlement Sekera1-2/+2
Type: fix Change-Id: I30b847acc4653fea9d609fc0d5875c3fda0824ef Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-02-26nat: optimize flow matching in ED NATKlement Sekera1-3/+3
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet) Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
2021-02-24nat: Final NAT44 EI/ED split patchFilip Varga1-0/+3610
This patch achieves complete separation of endpoint-dependent and endpoint-independent IPv4 NAT features. Some common stuff is also moved to NAT library. Type: refactor Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801 Signed-off-by: Filip Varga <fivarga@cisco.com>