summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat_api.c
AgeCommit message (Collapse)AuthorFilesLines
2020-10-23nat: nat44 enable/disable dynamic configFilip Varga1-0/+84
This patch changes initialization and configuration of NAT plugin. Instead of allocating data structures at vpp plugin initialization phase allocation and configuration happens after calling enable API or CLI call. This reduces base VPP memory footprint and also enables dynamic reconfiguration of the NAT plugin. Type: improvement Change-Id: I42c069ee19a0311d043ac1f3f230d87bc8d2680f Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-10-09nat: ipfix logging separation & refactorFilip Varga1-6/+5
Type: refactor Change-Id: I8785e4987e4f60361072440d0c3c6954c9c12394 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-10-07nat: move nat64 to a subfeatureFilip Varga1-523/+16
Type: refactor Change-Id: I3b9e17164647d2019b1f40cffeed63393345219e Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-09-02nat: twice-nat static mapping pool addressFilip Varga1-5/+88
Let twice-nat static mapping pick specific address from the twice-nat pool. Type: improvement Change-Id: Iadaa036af2fa3b0e6e9a68ff6e68b4bbe1650eb1 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-08-31nat: fix type in api messageKlement Sekera1-1/+51
Translation memory size is internally a uword, but in api it was u32, resulting in the returned value being 0 all the time. Fix the "incorrect" API reply to return a u32 capped to 0xffffffff if the u64 is larger than that, introduce the message with the correct type, deprecate the message with the incorrect type. Also, while we are updating the message definition, add the max translations / max users per worker thread into the new message. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I92e38a6a2bcb70fc8d1b129bbe416bf7f9e54280 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-13nat: move deterministic nat to det44 sub featureFilip Varga1-455/+2
Type: refactor Change-Id: I0bb203102a0e13dd7448e2125925ab356bbd7937 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-07-02nat: nat66 to pluginOle Troan1-194/+1
Type: refactor Change-Id: I8c1f0c02a4522c1f9e461ddadd59938579ec00c6 Signed-off-by: Ole Troan <ot@cisco.com>
2020-06-08nat: more long read after short write optimizationKlement Sekera1-16/+16
Replace whitespread (mis)use of snat_session_key_t by proper function arguments where applicable and inline functions to calculate hash keys instead of using structs for that. Make all hash tables use same network byte order port so that there is no longer a discrepancy between static mappings using host byte order while in2out/out2in tables using network byte order. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I80786d2f947c67824c101a13bb608f1fe1080f34
2020-06-03nat: refactor mss_clamping to not depend on snat_main_tOle Troan1-4/+1
Type: refactor Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I1110e425859a4f1f07952c91b50f263cb7323836
2020-05-14nat: "users" dump for ED-NATKlement Sekera1-0/+64
Since the removal of "users" concept in ED-NAT nat44_user_dump API returns empty array. This brings back previous behaviour at a considerable runtime cost until a better API is introduced. Type: improvement Change-Id: I5a45923cfeb6b8ebe6fc906601264d6567386991 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-05-13nat: fix LRU blocked by inactive sessionKlement Sekera1-1/+2
This fixes a situation where long-lived inactive session blocks LRU list. Solution is to have multiple LRU lists based on session type. This helps because session timeout is same for all sessions of same type. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I5e54b2aab73b23911d6518d42e8c3f166c69a38c
2020-05-13nat: perf improvement - replace branchy codeKlement Sekera1-16/+16
Use a lookup table instead. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ia8461099828bb8824bf016201f135e6b69c444d1
2020-05-04nat: per vrf session limitsFilip Varga1-0/+28
Type: improvement Change-Id: I170256ab47978db34fb0ff6808d9cd54ab872410 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-04-24nat: ignore user hash in ED NATKlement Sekera1-23/+46
With port overloading, port is no longer a scarce resource and there is no need to limit connections per internal IP. This saves one hash insert in slow path. Type: improvement Change-Id: I8a7a9713ac855fa99fa1617ec684f757cf6e09ae Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-04-16nat: scavenging functionality removedFilip Varga1-25/+0
Type: refactor Change-Id: I9f743ba2818e1b1c5004c3575925cc7b479948d8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-04-08nat: use correct data types for memory sizesKlement Sekera1-6/+6
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Id2d181385f109163d4c806eecda166c2087c4b92
2020-03-13nat: timed out session scavenging upgradeFilip Varga1-5/+3
Patch changes the behavior of session scavenging and fixes multiple nat issues. Allows proper session clearing and removes issue with lingering sessions in session db. Patch also updates and fixes CLI/API calls for better readability of session state metrics. Fixes security issue that would allow attacker to reuse timed out session in both directions (in2out/out2in). Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I78897585a2a57291fad5db6d457941aa0a0457bd
2020-02-20nat: user deletion function & extra metricsFilip Varga1-0/+25
Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: Ia5dbfe864c18e953ff49147a9a4684d2ca14b96e
2020-02-07nat: api & cli command for forcing session cleanupFilip Varga1-0/+26
Ticket: VPP-1836 Type: feature Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I8f7fc011bac435445a8916a4948d130ca9162f67
2020-02-05nat: move dslite to separate sub-pluginOle Troan1-232/+2
Type: refactor Change-Id: If3d9f16f3a06c10b354f1eef674e8db5f3c44de7 Signed-off-by: Ole Troan <ot@cisco.com>
2020-01-03nat: use SVRKlement Sekera1-154/+0
Remove NAT's implementation of shallow virtual reassembly with corresponding CLIs, APIs & tests. Replace with standalone shallow virtual reassembly provided by ipX-sv-reass* nodes. Type: refactor Change-Id: I7e6c7487a5a500d591f6871474a359e0993e59b6 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-09-03api: enforce vla is last and fixed string typeOle Troan1-114/+33
Enforce that variable length fields are the last element of API messages. Add a 'fixed' version of string type, since dealing with multiple variable length strings turned out too painful for the C language bindings. The string type is now: { string name[64]; // NUL terminated C-string. Essentially decays to u8 name[64] string name[]; // Variable length string with embedded len field (vl_api_string_t) }; The latter notation could be made available to other types as well. e.g. { vl_api_address_t addresses[]; } instead of { u32 n_addr; vl_api_address_t addresses[n_addr]; }; Type: fix Change-Id: I18fa17ef47227633752ab50453e8d20a652a9f9b Signed-off-by: Ole Troan <ot@cisco.com>
2019-08-22nat: handoff traffic matching for dynamic NATFilip Varga1-1/+1
Type: feature Change-Id: I5c5af6f9acb340cc674323305104b8ce23e6d21d Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-08-20vppapigen: remove support for legacy typedefsPaul Vinciguerra1-1/+0
vppapigen has remapped legacy to typedefs behind the scenes for some time now. - update .api files to use new style typedefs. - issue error on 'typeonly define' in .api files - remove unneeded macros redefining vl_noop_handler Type: refactor Change-Id: I7a8c4a6dafacee6a131f95cd0e9b03a8c60dea8b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-31nat: elog rewrite for multi-worker supportFilip Varga1-0/+28
Type: fix Change-Id: I04f136a04bc022d223e4bcb5c59920bd1f1fd560 Signed-off-by: Filip Varga <filipvarga89@gmail.com>
2019-07-12nat: fix net44 lb static APIBenoît Ganne1-1/+1
tag should be added at the end of the reply message instead of overwriting the original data. Type: fix Fixed: dd1e3e780c Change-Id: I4b31cf3a4a41b49ea9039a9398114dbf49a53e57 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-06-26api: refactor format_vl_api_prefix_t return keysPaul Vinciguerra1-3/+3
format_vl_api_prefix_t returns a dict with keys 'address' and 'address_length', but other format_vl_api_prefix functions return a dict with 'prefix', and 'len'. Refactor all format_vl_api_prefix_t to return consistent keys 'address' and 'len'. Type: refactor Change-Id: I5f9558fc2da8742a303266e011102f5b2db80aad Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-26api: Remove the inlines file and replace with library functionsNeale Ranns1-1/+0
using inlines exposes the users to the internal data types used by VPP, namely vec.h. This file does not compile with a C++ compiler. Type: feature Change-Id: I1544fdd9eae998309f865df61df78571bdb96903 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-18api: string type to convert to vectorOle Troan1-0/+1
Previous use of strndup() required user to remember to call free(). Now return a vector pointing directly to the API message string. Of course user must remember to copy the string out if lifetime is longer than API message lifetime. Change-Id: Ib5e2b3d52d258e1a42ea9ea9a9e04abbe360e2bf Type: fix Signed-off-by: Ole Troan <ot@cisco.com>
2019-05-09NAT: VPP-1665 coverity scan issue fixFilip Varga1-2/+9
Change-Id: I092a9f8237a895f907590772f2ea213a86502fb4 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-04-24NAT: VPP-1531 api cleanup & updateFilip Varga1-141/+272
Change-Id: I2492400a67b39a3adbc24ab7cf1ba17a409e95a8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-04-23Revert "NAT: VPP-1531 api cleanup & update"Ole Trøan1-268/+141
This reverts commit bed1421b9f1b3643d93384084972337b596aec73. /vpp/master3/src/plugins/nat/nat_api.c: In function ‘send_nat_worker_details’: /vpp/master3/src/vppinfra/clib.h:62:33: error: division ‘sizeof (u8 * {aka unsigned char *}) / sizeof (u8 {aka unsigned char})’ does not compute the number of array elements [-Werror=sizeof-pointer-div] #define ARRAY_LEN(x) (sizeof (x)/sizeof (x[0])) ^ /vpp/master3/src/plugins/nat/nat_api.c:205:43: note: in expansion of macro ‘ARRAY_LEN’ rmp = vl_msg_api_alloc (sizeof (*rmp) + ARRAY_LEN (w->name) - 1); ^~~~~~~~~ Change-Id: Ie82672c145fb2f6580827f95e535435307bc7a23 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-23NAT: VPP-1531 api cleanup & updateFilip Varga1-141/+268
Change-Id: I519d7efc8ee3c86381d96be2e2a46017cd948895 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-04-10API: Fix shared memory only action handlers.Ole Troan1-11/+11
Some API action handlers called vl_msg_ai_send_shmem() directly. That breaks Unix domain socket API transport. A couple (bond / vhost) also tried to send a sw_interface_event directly, but did not send the message to all that had registred interest. That scheme never worked correctly. Refactored and improved the interface event code. Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808 Signed-off-by: Ole Troan <ot@cisco.com>
2019-02-27NAT44: active-passive HA (VPP-1571)Matus Fabian1-1/+205
session synchronization so that we can build a plain active-passive HA NAT pair Change-Id: I21db200491081ca46b7af3e82afc677c1985abf4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2019-02-26DSLITE: Fix dslite_get_b4_addr_reply message type.Jon Loeliger1-1/+1
Fix what appears to be a cut-n-past error. Change-Id: I71ee32c1b0d2dc38ed3df4bd24ec4248005a6008 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-01-22NAT: ipfix call optimizationFilip Varga1-2/+1
Change-Id: I84dfdbb727fb765fcaa7fb0099cbdd7ef7dbcc10 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-01-21NAT: VPP-1537 IPFIX per worker processingFilip Varga1-1/+2
Change-Id: I428bd25a513eb9fe65bea56572fea8cab7c51681 Signed-off-by: Filip Varga <fivarga@cisco.com>
2018-12-18NAT44: nat44_add_del_lb_static_mapping enhancements (VPP-1514)Matus Fabian1-9/+67
Change-Id: I5419e06592b0402e911e132796368800321f355a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-23c11 safe string handling supportDave Barach1-28/+28
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-12NAT44: identity NAT fix (VPP-1441)Matus Fabian1-8/+11
Change-Id: Ic4affc54d15d08b9b730f6ec6146ee053b28b4b6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-08NAT44: do not create session record for identity mapping (VPP-1439)Matus Fabian1-14/+11
Change-Id: I39a3146a4e4ba8eadf50af7113b9ae6b1c1d688f Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-01thread: Add show threads apiMohsin Kazmi1-1/+1
Change-Id: I3124238ab4d43bcef5590bad33a4ff0b5d8b7d15 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-09-13NAT: TCP MSS clampingMatus Fabian1-0/+59
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation. If the negotiated MSS value is greater than the configured value it is changed to the configured value. If the negotiated MSS value is smaller than the configured value it remains unchanged. Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-04NAT: add support for configurable port range (VPP-1346)Matus Fabian1-2/+93
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-03NAT44: client-IP based session affinity for load-balancing (VPP-1297)Matus Fabian1-1/+2
Enable client-IP based session affinity per LB NAT rule with specific timeout. Change-Id: I9aade152e330218d21dfda99cc5e984d769ab806 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-27NAT44: add support for session timeout (VPP-1272)Matus Fabian1-142/+70
NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired sessions. When inserting to session lookup hash and bucket is full, expired session is overwritten. Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-22NAT: update nat_show_config_reply API (VPP-1403)Matus Fabian1-0/+9
Change-Id: I85383e428cb54c4c09ab387811dd6390f7c61d97 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-09NAT44: delete user with zero sessions (VPP-1282)Matus Fabian1-2/+6
Change-Id: I756e3ad3de9ffe1494221ef95c1943c8591f8f50 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-02NAT44: LB NAT - local backends in multiple VRFs (VPP-1345)Matus Fabian1-5/+5
Add support for local backends in multiple VRFs for load-balancing NAT rules. Change-Id: I64e6818bd67a7e69985003498cf1f16f7200c334 Signed-off-by: Matus Fabian <matfabia@cisco.com>