aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat44
AgeCommit message (Collapse)AuthorFilesLines
2020-05-13nat: fix LRU blocked by inactive sessionKlement Sekera2-14/+145
This fixes a situation where long-lived inactive session blocks LRU list. Solution is to have multiple LRU lists based on session type. This helps because session timeout is same for all sessions of same type. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I5e54b2aab73b23911d6518d42e8c3f166c69a38c
2020-05-06nat: enable force session cleanupFilip Varga1-0/+25
Force session cleanup drops NAT db. Also fixing user specific cli/api calls. Type: improvement Change-Id: Ia3e25fcf07fe5fb9a83d55c03fe90aca727b41ac Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-05nat: remove unused codeKlement Sekera1-27/+0
Type: refactor Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I33b2b38961b200dc3297b82124a7107b9ecbd0de
2020-05-04nat: per vrf session limitsFilip Varga1-0/+11
Type: improvement Change-Id: I170256ab47978db34fb0ff6808d9cd54ab872410 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-04-24nat: ignore user hash in ED NATKlement Sekera1-8/+14
With port overloading, port is no longer a scarce resource and there is no need to limit connections per internal IP. This saves one hash insert in slow path. Type: improvement Change-Id: I8a7a9713ac855fa99fa1617ec684f757cf6e09ae Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-04-16nat: scavenging functionality removedFilip Varga1-170/+0
Type: refactor Change-Id: I9f743ba2818e1b1c5004c3575925cc7b479948d8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-04-08nat: ED: global session LRU listKlement Sekera1-0/+10
Maintain a global session LRU allowing reuse of expired session instead of relying on a scavenging mechanism to periodically walk sessions. Whenever a new session is being allocated in slow path, also attempt to free an expired session from global LRU list. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9edde9ec138de67c9a4888e915b0490ec16415fa
2020-03-26nat: transitory timeout for TCP CLOSED stateKlement Sekera1-1/+7
Wait transitory timeout seconds before moving internal state of TCP session to CLOSED state per RFC 7857. This patch implements this functionality for endpoint-dependent NAT. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
2020-03-13nat: timed out session scavenging upgradeFilip Varga1-69/+149
Patch changes the behavior of session scavenging and fixes multiple nat issues. Allows proper session clearing and removes issue with lingering sessions in session db. Patch also updates and fixes CLI/API calls for better readability of session state metrics. Fixes security issue that would allow attacker to reuse timed out session in both directions (in2out/out2in). Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I78897585a2a57291fad5db6d457941aa0a0457bd
2020-02-20nat: user deletion function & extra metricsFilip Varga1-0/+68
Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: Ia5dbfe864c18e953ff49147a9a4684d2ca14b96e
2020-02-20nat: avoid running pointless session cleanupsKlement Sekera1-11/+29
Save the next session timeout when sweeping sessions for cleanup so that we can avoid unnecessary runs of the sweeping algorithm. Type: fix Change-Id: I736d00f2dfe242af10f963fbe34b11128f8b0613 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-02-07nat: api & cli command for forcing session cleanupFilip Varga1-0/+37
Ticket: VPP-1836 Type: feature Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I8f7fc011bac435445a8916a4948d130ca9162f67
2020-01-17nat: refactor of port/address allocation functionsFilip Varga1-0/+119
Change-Id: Ie2a3c0f44322dd8415603b7ce51bb72d72769c95 Ticket: VPP-1815 Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com>