aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat44-ed/nat44_ed_cli.c
AgeCommit message (Collapse)AuthorFilesLines
2023-08-26nat: nat44-ed cli bug fixWei Li1-1/+5
lport and eport in Cli "nat44 add load-balancing static mapping" should hton() Type: fix Signed-off-by: Wei Li <realbaseball2008@gmail.com> Change-Id: I2eadb7e341efb70cc406e10b3b189e5ebff09ff4
2023-04-13nat: fix the wrong unformat typeTed Chen1-1/+1
The unformat type for "%d" should be u32 or int. Type: fix Signed-off-by: Ted Chen <znscnchen@gmail.com> Change-Id: I2483df6259ed8d3c7648c8db6345e5063ac8b57e
2022-04-05nat: nat44 cli bug fixFilip Varga1-29/+26
Two similar CLI paths "nat44" and "nat44 add interface address" caused unexpected behavior. If "nat44 add interface address" command would fail the vlib cli processing function would call "nat44" handler. This would also clean any previously set errors from the first command and basically return same error returned by "nat44" handler for every failed command that starts with the same path string. Fixes nat44-ed and nat44-ei plugin. Change-Id: I1aac85c8ae2932da582a2b78243521d1bf8a0653 Ticket: VPP-2021 Type: fix Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-04-01nat: VRF routing & FIB improvementsFilip Varga1-33/+201
This patch affects how destination fib is choosen during session creation. Default behavior of choosing fib based on output interfaces is kept. Configuration gives you the ability to change default behavior to direct or restrict traffic between different FIB tables. NAT specific VRF routing options: a) keeping communication in the same VRF b) option to add multiple destination VRFs c) option to control the resolution order of destination VRFs TX FIB resolution is based on looking up RX FIB entry in NATs VRF table and picking the first FIB that resolves destination address. Ticket: VPP-2009 Type: improvement Change-Id: If500c48d7ce3466533ad9581c0847870788fc4fb Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-01-24nat: TCP state tracking based on RFC 7857/RFC 6146Klement Sekera1-80/+86
Implement proper state machine based on above RFCs. ACKs to SYNs/FINs are no longer required/tracked. This is more friendly to peers and accounts for lost packets and retransmits. This change also means that all traffic is translated and forwarded while in transitory timeout, which helps delivering e.g. retransmitted FINs, FINACKs and other messages. Also support reopening a session in transitory timeout after seeing both FINs by seeing both SYNs again. This helps quick connection reestablishment if the peers want to. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com> Change-Id: Ibf521c79463472db97e593bfa02b32b4a06dfd2a
2022-01-04nat: remove nat44-ed relation between SM and addrFilip Varga1-36/+11
Change [1] put static mappings in flow hash. This change also broke relationship between nat pool addresses and static mappings. Port and address are no longer reserved in nat pool address records for a new static mapping. Because of this change both nat objects and their configuration can function independently. This change also removed already broken logic of having static-mapping-only configuration. In this patch i have cleaned up and removed unnecessary logic for static mapping configuration functions, address configuration functions, interface configuraiton functions and all callback functions used for resolving interface address bound records. No more viable configuration option static-mapping-only is also removed because there is no more option to run traffic through vpp for static mappings without having flow hash table allocated. Instead user is now able to create static mapping records without using nat pool addresses. Fixed and improved management of required fib entries (ensuring VPP will reply to ARP for all external addresses on outside interfaces) through holding a refcount for their creation and removal. [1] https://gerrit.fd.io/r/c/vpp/+/34077 Type: improvement Change-Id: Ic16deefbede833d574c2a5972155c9afa5bc62ce Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-01-04nat: nat44-ed pool address allocation improvementFilip Varga1-2/+9
This patch improves algorithm responsible for choosing nat pool address during dynamic session creation. Patch synchronizes nat pool address attributes with vpp interfaces doing so gives nat option to determine correct nat pool address when creating dynamic session. Improvements: * match dst address subnet and src fib with nat pool address * for output-feature also fallback match of tx_sw_if_index with nat pool address Type: improvement Change-Id: I594638bc76fc1153f582add376838b4b72ff573a Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-10-14nat: static mappings in flow hashKlement Sekera1-102/+92
Put static mappings in flow hash, drop existing hash tables used for static mappings. Drop refcount variables and use hash table as a single point of truth. Allow creating a static mapping conflicting with dynamic mapping, which will take precedence after dynamic mapping is freed, so that the existing flow can finish transferring data. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Idfde8efabc09971be38921d4b0ca5ccf4e9fe412
2021-10-13nat: fix coverity warningKlement Sekera1-1/+1
Fix coverity warning by initialising proto variable to a dummy value. This value is never used because consuming function uses this parameter value only if is_addr_only flag is not set and this flag is always set if proto value is not provided by user. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9b5e8c08346bea1e2b460bb09e962c4b8d3b6947
2021-10-12Revert "nat: static mappings in flow hash"Ole Troan1-88/+98
This reverts commit 69b7599e4b061a8996205f0304232ede84cb70d4. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: If531b122ae5a9f91c2fe6eaa0da69922a91f16d3
2021-10-12nat: static mappings in flow hashKlement Sekera1-98/+88
Put static mappings in flow hash, drop existing hash tables used for static mappings. Drop refcount variables and use hash table as a single point of truth. Allow creating a static mapping conflicting with dynamic mapping, which will take precedence after dynamic mapping is freed, so that the existing flow can finish transferring data. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ieeba691d83a83887d0a0baccd5f3832f66126096
2021-09-30nat: doc nitfixesNathan Skrzypczak1-3/+3
Type: improvement Change-Id: I9a4303030b9657c28bbd73168def72c7daa13483 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-28nat: NAT44 ED & EI session filtering CLIJĂșlius Milan1-14/+95
Improving session filtering capabilities of show nat44 sessions CLI command for EI and ED NAT plugins. Adding filtering options: saddr, sport, daddr, dport, proto for both i2o and o2i flows. Type: improvement Change-Id: I70bc94a2e922cddf9451eb7dcbf4a7be21ebf0df Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-09-02nat: NAT44 ED improvements and fixesFilip Varga1-11/+12
Fixed FIB entry per interface, pool and static mapping registrations in NAT control plane. Improved FIB configuration handling in NAT - added functions to generalize handling of FIB & NAT, cleaned up interface callback functions. Changed "is_" macros to inline functions for easier debugging. Type: improvement Change-Id: I68a17761a975dd819139ae94e52a8a85d3f27ffc Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-08-12nat: NAT44ED configuration refactorFilip Varga1-19/+29
Refactoring and cleaning up address allocation functions & ip table update callbacks. Type: refactor Change-Id: I9a11700a5f335b64d0d84e04d8e16d040624e01b Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-08-05nat: nat44-ed disable protection for api/cliFilip Varga1-4/+3
Return unsupported error if user calls one of the configuration functions that can run only after nat44-ed plugin is enabled via appropriate api/cli call. Type: fix Change-Id: I0d4ab0684ba5ae23fc2ecc668554a34537c2904a Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-07-22nat: nat44-ed configuration refactor & cleanupFilip Varga1-69/+128
Refactoring static mapping configuration functions based on feature type. Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I007d9b0e9717ced613fbcef2b11b6853f479be1e
2021-07-14nat: refactoring NAT44ED cfg functionsFilip Varga1-8/+37
Refactored & fixed NAT44ED configuration functions used for handling interfaces and nodes. Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I6fbbb7f0fe35d572675997745d53290152987424
2021-05-31nat: fix broken nat44-ed cliRuslan Babayev1-1/+1
snat_set_frame_queue_nelts has been replaced with nat44_ed_set_frame_queue_nelts. Type: fix Signed-off-by: Ruslan Babayev <ruslan@babayev.com> Change-Id: I8d970be71376fdbb2bfd383d4d5824a8def93bb3
2021-05-05nat: cli commands parsing fixFilip Varga1-114/+101
Newline get's ignored when parsing configuration file. Type: fix Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: Ib4f86177150dfe3bc085231a9268cf730490ea81
2021-04-20nat: fixing cli bug for nat44-ei and nat44-edFilip Varga1-1/+1
Removing obsolete optional parameters. Type: fix Change-Id: I135eb4767979ab81636da16e91752a2ad80e0a45 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-03-01nat: avoid crash if plugin not enabledKlement Sekera1-18/+21
Avoid crash if nat pool not allocated when issuing "show nat44 summary". Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
2021-02-24nat: Final NAT44 EI/ED split patchFilip Varga1-0/+2029
This patch achieves complete separation of endpoint-dependent and endpoint-independent IPv4 NAT features. Some common stuff is also moved to NAT library. Type: refactor Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801 Signed-off-by: Filip Varga <fivarga@cisco.com>