Age | Commit message (Collapse) | Author | Files | Lines |
|
Refactoring static mapping configuration
functions based on feature type.
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I007d9b0e9717ced613fbcef2b11b6853f479be1e
|
|
Verify that headers are not truncated and that checksums are valid.
Correct checksum computation in translation code.
Type: fix
Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: refactor
Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Fixing nat44-ed identity map in2out communication.
TCP packets would get dropped because of the order
of testing TCP state.
Type: fix
Change-Id: Ib11e7e75c66945224fecc0bb311733672e315c7d
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Refactored & fixed NAT44ED configuration
functions used for handling interfaces and
nodes.
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I6fbbb7f0fe35d572675997745d53290152987424
|
|
If ICMP comes from a router on path, source address must not be
rewritten in o2i path to avoid getting wrong checksum.
Fix ICMP checksum computations.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I035debccf966d7dbd63c364cb1e43380d641f708
|
|
TTL was already decremented in ip4-rewrite so it's okay if it's 1.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I587dc343737c15247eb62837a06d5e44c0d11acc
|
|
Type: fix
Currently, is_interface_addr() tests if a given IPv4 address belongs to
an interface by a given sw_if_index. However, there are several issues:
* only the first found address on the interface is actually tested,
* sw_if_index is always cached even if the interface hasn't been
assigned any addresses yet.
With this change, is_interface_addr() tests all IPv4 addresses on an
interface by a given sw_if_index and caches sw_if_index only if there
are addresses present.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: If1acc4a534647a5f0ce8e9b565b867c92a016dc3
|
|
Type: fix
Currently, there might be a crash in NAT ED mode:
* if a session for an unknown proto packet cannot be created in2out,
* if a session for an unknown proto packet cannot be found out2in.
With this change, translate packets only if a session is given in NAT
ED mode.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iafb332db1ae9a3e76435964ad636037d1b8a51e8
|
|
snat_set_frame_queue_nelts has been replaced with
nat44_ed_set_frame_queue_nelts.
Type: fix
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
Change-Id: I8d970be71376fdbb2bfd383d4d5824a8def93bb3
|
|
Add extra assertions to debug build.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ib20130365e8f9dbb556fcbb4321dd184c7eff603
|
|
Add /nat44-ed/max-cfg-sessions gauge.
Reflects the configured value for configured sessions (per thread).
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I618c8aa0daab0981399cfe9273d191fa1990ef60
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Mechanical change for patch following this one...
Type: improvement
Change-Id: Iee12f3a8851f35569e6c039494a94fc36e83d20f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Newline get's ignored when parsing configuration file.
Type: fix
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: Ib4f86177150dfe3bc085231a9268cf730490ea81
|
|
Type: fix
The code for quota exceeded events is a u32 and was being copied
into ipfix packets in host byte order. Same for the limit field.
Swap the order before copying into packet buffer.
This change was applied once before but had to be reverted. This was
because between the time the change was uploaded/reviewed and the
time it was merged, a different patch was merged which activated a
NAT ipfix unit test that had formerly only been run as part of the
extended tests. The test was expecting the values to be in host byte
order so it failed with this patch applied. This time around, that
test has also been updated to expect network byte order.
Change-Id: If5413b1f806d664f6786e56ba13c3eee573c26d2
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Iead167e7497e0779c440f7fb243014a06ae2b452
|
|
Properly select worker from hash table in out2in direction, increase
number of worker threads in MW test to 4 to test these cases.
Type: fix
Change-Id: I76eda5761ff497b85b031dd913a64b7fcb53b33a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Removing obsolete optional parameters.
Type: fix
Change-Id: I135eb4767979ab81636da16e91752a2ad80e0a45
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
If cache used than we don't print in trace session index.
Type: fix
Change-Id: Ib965cd8632b5217f8b2dd8b6cc6af3286c747582
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Fix ordering of feature nodes so that ACL runs after NAT in in2out
direction so it can properly track stuff like ports after NAT rewrite.
Type: fix
Change-Id: I2c689b64765628e9bc77108914f74c6c801d8ce2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ibbb72e77c751b7e775620cfb160b52ceff2da86b
|
|
Type: fix
Coverity scan issue fix.
Change-Id: I9036fade15fd381da9c1e6b575f250fdcb21f876
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Make code easier to read and debug.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ib52a4cdd3bcdcc475053aa32af3964c00859e1cd
|
|
Make sure packet lands on the right thread for dst nat case.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I0ec4e4c2bb3fa80ff73fac588c36d36420ba68fa
|
|
Fix incorrect vlib main usage.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ic5304ca844f1b27756818eb6995b1d9c08412674
|
|
Use correct ports from SVR. Perform lookup of existing session for all
cases to pick any created bypasses and derive correct thread indexes.
Type: fix
Change-Id: I1e3814c9e13cd4d9b8d65f514f7e9ab42df3c22e
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Change-Id: I30b847acc4653fea9d609fc0d5875c3fda0824ef
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Avoid crash if nat pool not allocated when issuing "show nat44 summary".
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
|
|
Use outside addresses more evenly by using local address to pick from
pool of addresses. This ensures stability from POV of remote host -
an internal host always gets translated using the same outside address,
so it doesn't appear to be "hopping". Also, this avoids all hosts
being translated using the first address, which helps avoid needless
recaptchas and the like.
Exact assignment depends on internal ordering of addresses - local address
is used to pick an offset into internal vector. If that address cannot be
used, a linear search is performed as a fallback mechanism to find a possible
translation.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
|
|
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet)
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
|
|
Fail if obsolete flag is used.
Type: fix
Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
This patch achieves complete separation of
endpoint-dependent and endpoint-independent IPv4 NAT
features. Some common stuff is also moved to NAT
library.
Type: refactor
Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801
Signed-off-by: Filip Varga <fivarga@cisco.com>
|