Age | Commit message (Collapse) | Author | Files | Lines |
|
Implement proper state machine based on above RFCs. ACKs to SYNs/FINs
are no longer required/tracked. This is more friendly to peers and
accounts for lost packets and retransmits.
This change also means that all traffic is translated and forwarded
while in transitory timeout, which helps delivering e.g. retransmitted
FINs, FINACKs and other messages.
Also support reopening a session in transitory timeout after seeing both
FINs by seeing both SYNs again. This helps quick connection
reestablishment if the peers want to.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Change-Id: Ibf521c79463472db97e593bfa02b32b4a06dfd2a
|
|
Put static mappings in flow hash, drop existing hash tables used for
static mappings. Drop refcount variables and use hash table as a single
point of truth. Allow creating a static mapping conflicting with dynamic
mapping, which will take precedence after dynamic mapping is freed, so
that the existing flow can finish transferring data.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Idfde8efabc09971be38921d4b0ca5ccf4e9fe412
|
|
This reverts commit 69b7599e4b061a8996205f0304232ede84cb70d4.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: If531b122ae5a9f91c2fe6eaa0da69922a91f16d3
|
|
Put static mappings in flow hash, drop existing hash tables used for
static mappings. Drop refcount variables and use hash table as a single
point of truth. Allow creating a static mapping conflicting with dynamic
mapping, which will take precedence after dynamic mapping is freed, so
that the existing flow can finish transferring data.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ieeba691d83a83887d0a0baccd5f3832f66126096
|
|
Type: refactor
Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Currently, is_interface_addr() tests if a given IPv4 address belongs to
an interface by a given sw_if_index. However, there are several issues:
* only the first found address on the interface is actually tested,
* sw_if_index is always cached even if the interface hasn't been
assigned any addresses yet.
With this change, is_interface_addr() tests all IPv4 addresses on an
interface by a given sw_if_index and caches sw_if_index only if there
are addresses present.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: If1acc4a534647a5f0ce8e9b565b867c92a016dc3
|
|
Add extra assertions to debug build.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ib20130365e8f9dbb556fcbb4321dd184c7eff603
|
|
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet)
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
|
|
This patch achieves complete separation of
endpoint-dependent and endpoint-independent IPv4 NAT
features. Some common stuff is also moved to NAT
library.
Type: refactor
Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801
Signed-off-by: Filip Varga <fivarga@cisco.com>
|