summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat_api.c
AgeCommit message (Collapse)AuthorFilesLines
2018-09-13NAT: TCP MSS clampingMatus Fabian1-0/+59
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation. If the negotiated MSS value is greater than the configured value it is changed to the configured value. If the negotiated MSS value is smaller than the configured value it remains unchanged. Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-04NAT: add support for configurable port range (VPP-1346)Matus Fabian1-2/+93
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-03NAT44: client-IP based session affinity for load-balancing (VPP-1297)Matus Fabian1-1/+2
Enable client-IP based session affinity per LB NAT rule with specific timeout. Change-Id: I9aade152e330218d21dfda99cc5e984d769ab806 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-27NAT44: add support for session timeout (VPP-1272)Matus Fabian1-142/+70
NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired sessions. When inserting to session lookup hash and bucket is full, expired session is overwritten. Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-22NAT: update nat_show_config_reply API (VPP-1403)Matus Fabian1-0/+9
Change-Id: I85383e428cb54c4c09ab387811dd6390f7c61d97 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-09NAT44: delete user with zero sessions (VPP-1282)Matus Fabian1-2/+6
Change-Id: I756e3ad3de9ffe1494221ef95c1943c8591f8f50 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-02NAT44: LB NAT - local backends in multiple VRFs (VPP-1345)Matus Fabian1-5/+5
Add support for local backends in multiple VRFs for load-balancing NAT rules. Change-Id: I64e6818bd67a7e69985003498cf1f16f7200c334 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-06-15NAT44: endpoint dependent mode (VPP-1273)Matus Fabian1-1/+1
To enable NAT plugin endpoint dependent mode add following to statrup config: nat { endpoint-dependent } Enable endpoint dependent filtering and mapping for all sessions. Move some existing functionality such as service load balancing, twice nat, out2in-only static mappings and unknown protocol dynamic translations, which use endpoint dependent lookup hash tables before. Basically split to vanilla NAT44 and extra features NAT44. Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-28NAT44: code cleanup and refactor (VPP-1285)Matus Fabian1-1/+2
Change-Id: I088163f10ae5515d7a9115781cc13ef563fafed5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-17NAT44: nat44_del_session and nat44_user_session_details API update (VPP-1271)Matus Fabian1-8/+60
Change-Id: I484d79000c1bbd87ff83847cf567bf3414a719d3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-08NAT44: TCP connection close detection (VPP-1266)Matus Fabian1-0/+2
Change-Id: Iba1cc1179ee80478e29888790a6476571d1904dc Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-03NAT: fix bin API dump of static mappings.Milan Lenco1-2/+5
Static mappings with equal local and external IPs but different ports were dumped as identity mappings. Change-Id: Ifea7cef5b78aea4c2eb31cf1620185eeef2681e5 Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2018-04-19Add special Twice-NAT feature (VPP-1221)Juraj Sloboda1-4/+20
When enabled then Twice-NAT is applied only when source IP equals destination IP after DNAT Change-Id: I58a9d1d222b2a10c83eafffb2107f32c1b4aa3a8 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-12NAT: disable CLI/API not supported in active mode (VPP-1234)Juraj Sloboda1-3/+136
When in deterministic mode disable nondeterministic CLI/API. When not in deterministic mode disable deterministic CLI/API. Change-Id: Ibf485c14612297e51d3815a6fde541542c8fe7ab Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-05DSLite: Implement new API call DSLITE_ADDRESS_DUMP.Jon Loeliger1-0/+49
Change-Id: I92ca28d3007f7ea43cd3e8b20659e400dfa6c75c Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-03-28NAT44: fix nat44_user_session_dump and nat44_del_session crash with one ↵Matus Fabian1-1/+1
worker (VPP-1213) Change-Id: I8e0c7ed2ff462b9ab59c233f56be262ec03c29ff Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31NAT66 1:1 mapping (VPP-1108)Matus Fabian1-1/+192
Support the 1:1 translation of source address for IPv6 Change-Id: I934d18e5ec508bf7422d796ee5f172b79c048011 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31NAT44: nat44_static_mapping_details protocol=0 if addr_only=0 (VPP-1158)Matus Fabian1-6/+12
Change-Id: I1e3cfc751e7657464fc850dc56ddf763df45f62e Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-25NAT44: add opaque string tag to static mapping APIs (VPP-1147)Matus Fabian1-4/+30
Change-Id: I620e2081285ca8ac5c2da8efc12fe6f540ea4fd1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-22NAT44: asymmetrical static mapping rule (VPP-1135)Matus Fabian1-4/+6
add option to NAT44 static mapping API/CLI to make rule asymmetrical (rule match only out2in direction) Change-Id: If262a3ff375a24d3059f0de1f1ac387a4fe09475 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-11api: remove transport specific code from handlersFlorin Coras1-117/+126
This does not update api client code. In other words, if the client assumes the transport is shmem based, this patch does not change that. Furthermore, code that checks queue size, for tail dropping, is not updated. Done for the following apis: Plugins - acl - gtpu - memif - nat - pppoe VNET - bfd - bier - tapv2 - vhost user - dhcp - flow - geneve - ip - punt - ipsec/ipsec-gre - l2 - l2tp - lisp-cp/one-cp - lisp-gpe - map - mpls - policer - session - span - udp - tap - vxlan/vxlan-gpe - interface VPP - api/api.c OAM - oam_api.c Stats - stats.c Change-Id: I0e33ecefb2bdab0295698c0add948068a5a83345 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-11NAT44: asymmetrical load balancing static mapping rule (VPP-1132)Matus Fabian1-2/+5
Add option to NAT44 load balancing static mapping API/CLI to make rule asymmetrical (rule match only in out2in direction). Change-Id: I325ecef5591e4bf44ce4469a24d44fe56c3bb2e9 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-11Add basic support for DS-Lite CE (VPP-1059)Juraj Sloboda1-1/+98
Change-Id: Ifcca60da3f77c0a4959f98b3365c846badbdc2d0 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-01-09api: refactor vlibmemoryFlorin Coras1-46/+35
- separate client/server code for both memory and socket apis - separate memory api code from generic vlib api code - move unix_shared_memory_fifo to svm and rename to svm_fifo_t - overall declutter Change-Id: I90cdd98ff74d0787d58825b914b0f1eafcfa4dc2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-05Add support for 464XLAT NAT44 mode (VPP-1045)Juraj Sloboda1-0/+3
Change-Id: I24e7a26972bbbfcea100292b212b29ae7a349335 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-12-20Translate matching packets using NAT (VPP-1069)Juraj Sloboda1-0/+59
Add API function which enables forwarding of packets not matching existing translation or static mapping instead of dropping them. When forwarding is enabled matching packets will be translated while non-matching packets will be forwarded without translation. Change-Id: Ic13040cbad16d3a1ecdc3e02a497171bef6aa413 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-12-19NAT: Twice NAT44 (VPP-969)Matus Fabian1-13/+27
Translation of both source and destination addresses and ports for 1:1 NAT session initiated from outside network (ExternalIP K8 use case). Change-Id: Ic0000497cf71619aac996d6d580844f0ea0edc14 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-12-13NAT64: multi-thread support (VPP-891)Matus Fabian1-72/+16
Change-Id: Iebf859b6d86482e4465423bad598eecf87e53ec4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-30NAT44: identity NAT (VPP-1073)Matus Fabian1-2/+144
Identity mapping translate an IP address to itself. Change-Id: Icc0ca5102d32547a4b0c75720b5f5bf41ed69c71 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-29NAT: Remove old SNAT API (VPP-1070)Matus Fabian1-1273/+2
Change-Id: I3d936d456ee27b2e0857843295efb60a9f2d0be7 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-08NAT64 to use IPv4 address from interface (VPP-1051)Matus Fabian1-0/+39
Change-Id: I326429c31dea6958a342ee152ef86cb975f4b12c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-07SNAT: IP fragmentation (VPP-890)Matus Fabian1-0/+144
Translation of fragmented packets. Change-Id: I9b1f2e9433ce273638080f32c2d3bff39c49899d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-07NAT: DS-Lite (VPP-1040)Matus Fabian1-1/+85
Dual-Stack Lite enables a broadband service provider to share IPv4 addresses among customers by combining two well-known technologies: IPv4-in-IPv6 and NAT. Change-Id: I039740f8548c623cd1ac89b8ecda1a6cc4aafb9c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-26NAT: delete session API/CLI (VPP-1041)Matus Fabian1-0/+37
Administratively delete NAT44 session for specific inside/outside addresses and port pair. Change-Id: If5ab500ac3592c7153d6d8f2cc0297df7309fbc3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-25One armed NAT (VPP-1035)Matus Fabian1-5/+9
Use a single physical interface in order to accomplish NAT44/NAT64. Change-Id: I0c8138953a7a4075df306172e125abad771315e4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-03Repair vlib API socket serverDave Barach1-1/+1
- Teach vpp_api_test to send/receive API messages over sockets - Add memfd-based shared memory - Add api messages to create memfd-based shared memory segments - vpp_api_test supports both socket and shared memory segment connections - vpp_api_test pivot from socket to shared memory API messaging - add socket client support to libvlibclient.so - dead client reaper sends ping messages, container-friendly - dead client reaper falls back to kill (<pid>, 0) live checking if e.g. a python app goes silent for tens of seconds - handle ping messages in python client support code - teach show api ring about pairwise shared-memory segments - fix ip probing of already resolved destinations (VPP-998) We'll need this work to implement proper host-stack client isolation Change-Id: Ic23b65f75c854d0393d9a2e9d6b122a9551be769 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-09-26NAT: remove worker_by_in lookup hash table (VPP-992)Matus Fabian1-4/+12
Change-Id: I3873d3e411bf93cac82e73a0b8e3b22563aaf217 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-09-20NAT: move session and user lookup tables to per thread data (VPP-986)Matus Fabian1-2/+2
Change-Id: I41a51bb36e31e05c76fef0b34fe006afbee27729 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-09-06NAT: Destination NAT44 with load-balancing (VPP-954)Matus Fabian1-2/+135
added load-balancing static mappings with unequal load support Change-Id: Ie505e41f24d46f812b94dd28bdafe3dc170a6060 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-23NAT: Rename snat plugin to nat (VPP-955)Matus Fabian1-0/+3255
Change-Id: I30a7e3da7a4efc6038a91e27b48045d4b07e2764 Signed-off-by: Matus Fabian <matfabia@cisco.com>