Age | Commit message (Collapse) | Author | Files | Lines |
|
session synchronization so that we can build a plain active-passive HA NAT pair
Change-Id: I21db200491081ca46b7af3e82afc677c1985abf4
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Fix what appears to be a cut-n-past error.
Change-Id: I71ee32c1b0d2dc38ed3df4bd24ec4248005a6008
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I84dfdbb727fb765fcaa7fb0099cbdd7ef7dbcc10
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Change-Id: I428bd25a513eb9fe65bea56572fea8cab7c51681
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Change-Id: I5419e06592b0402e911e132796368800321f355a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ic4affc54d15d08b9b730f6ec6146ee053b28b4b6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I39a3146a4e4ba8eadf50af7113b9ae6b1c1d688f
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I3124238ab4d43bcef5590bad33a4ff0b5d8b7d15
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation.
If the negotiated MSS value is greater than the configured value it is changed
to the configured value. If the negotiated MSS value is smaller than the
configured value it remains unchanged.
Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Enable client-IP based session affinity per LB NAT rule with specific timeout.
Change-Id: I9aade152e330218d21dfda99cc5e984d769ab806
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired
sessions. When inserting to session lookup hash and bucket is full, expired
session is overwritten.
Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I85383e428cb54c4c09ab387811dd6390f7c61d97
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I756e3ad3de9ffe1494221ef95c1943c8591f8f50
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Add support for local backends in multiple VRFs for load-balancing NAT rules.
Change-Id: I64e6818bd67a7e69985003498cf1f16f7200c334
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
To enable NAT plugin endpoint dependent mode add following to statrup config:
nat { endpoint-dependent }
Enable endpoint dependent filtering and mapping for all sessions.
Move some existing functionality such as service load balancing, twice nat,
out2in-only static mappings and unknown protocol dynamic translations, which
use endpoint dependent lookup hash tables before. Basically split to vanilla
NAT44 and extra features NAT44.
Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I088163f10ae5515d7a9115781cc13ef563fafed5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I484d79000c1bbd87ff83847cf567bf3414a719d3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iba1cc1179ee80478e29888790a6476571d1904dc
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Static mappings with equal local and external IPs
but different ports were dumped as identity mappings.
Change-Id: Ifea7cef5b78aea4c2eb31cf1620185eeef2681e5
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
When enabled then Twice-NAT is applied only when
source IP equals destination IP after DNAT
Change-Id: I58a9d1d222b2a10c83eafffb2107f32c1b4aa3a8
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
When in deterministic mode disable nondeterministic CLI/API.
When not in deterministic mode disable deterministic CLI/API.
Change-Id: Ibf485c14612297e51d3815a6fde541542c8fe7ab
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I92ca28d3007f7ea43cd3e8b20659e400dfa6c75c
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
worker (VPP-1213)
Change-Id: I8e0c7ed2ff462b9ab59c233f56be262ec03c29ff
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Support the 1:1 translation of source address for IPv6
Change-Id: I934d18e5ec508bf7422d796ee5f172b79c048011
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I1e3cfc751e7657464fc850dc56ddf763df45f62e
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I620e2081285ca8ac5c2da8efc12fe6f540ea4fd1
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
add option to NAT44 static mapping API/CLI to make rule asymmetrical (rule match only out2in direction)
Change-Id: If262a3ff375a24d3059f0de1f1ac387a4fe09475
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This does not update api client code. In other words, if the client
assumes the transport is shmem based, this patch does not change that.
Furthermore, code that checks queue size, for tail dropping, is not
updated.
Done for the following apis:
Plugins
- acl
- gtpu
- memif
- nat
- pppoe
VNET
- bfd
- bier
- tapv2
- vhost user
- dhcp
- flow
- geneve
- ip
- punt
- ipsec/ipsec-gre
- l2
- l2tp
- lisp-cp/one-cp
- lisp-gpe
- map
- mpls
- policer
- session
- span
- udp
- tap
- vxlan/vxlan-gpe
- interface
VPP
- api/api.c
OAM
- oam_api.c
Stats
- stats.c
Change-Id: I0e33ecefb2bdab0295698c0add948068a5a83345
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Add option to NAT44 load balancing static mapping API/CLI to make rule asymmetrical (rule match only in out2in direction).
Change-Id: I325ecef5591e4bf44ce4469a24d44fe56c3bb2e9
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ifcca60da3f77c0a4959f98b3365c846badbdc2d0
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
- separate client/server code for both memory and socket apis
- separate memory api code from generic vlib api code
- move unix_shared_memory_fifo to svm and rename to svm_fifo_t
- overall declutter
Change-Id: I90cdd98ff74d0787d58825b914b0f1eafcfa4dc2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I24e7a26972bbbfcea100292b212b29ae7a349335
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Add API function which enables forwarding of packets not matching
existing translation or static mapping instead of dropping them.
When forwarding is enabled matching packets will be translated
while non-matching packets will be forwarded without translation.
Change-Id: Ic13040cbad16d3a1ecdc3e02a497171bef6aa413
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Translation of both source and destination addresses and ports for 1:1 NAT
session initiated from outside network (ExternalIP K8 use case).
Change-Id: Ic0000497cf71619aac996d6d580844f0ea0edc14
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iebf859b6d86482e4465423bad598eecf87e53ec4
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Identity mapping translate an IP address to itself.
Change-Id: Icc0ca5102d32547a4b0c75720b5f5bf41ed69c71
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I3d936d456ee27b2e0857843295efb60a9f2d0be7
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I326429c31dea6958a342ee152ef86cb975f4b12c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Translation of fragmented packets.
Change-Id: I9b1f2e9433ce273638080f32c2d3bff39c49899d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Dual-Stack Lite enables a broadband service provider to share IPv4 addresses among customers by combining two well-known technologies: IPv4-in-IPv6 and NAT.
Change-Id: I039740f8548c623cd1ac89b8ecda1a6cc4aafb9c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Administratively delete NAT44 session for specific inside/outside addresses and port pair.
Change-Id: If5ab500ac3592c7153d6d8f2cc0297df7309fbc3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Use a single physical interface in order to accomplish NAT44/NAT64.
Change-Id: I0c8138953a7a4075df306172e125abad771315e4
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
- Teach vpp_api_test to send/receive API messages over sockets
- Add memfd-based shared memory
- Add api messages to create memfd-based shared memory segments
- vpp_api_test supports both socket and shared memory segment connections
- vpp_api_test pivot from socket to shared memory API messaging
- add socket client support to libvlibclient.so
- dead client reaper sends ping messages, container-friendly
- dead client reaper falls back to kill (<pid>, 0) live checking
if e.g. a python app goes silent for tens of seconds
- handle ping messages in python client support code
- teach show api ring about pairwise shared-memory segments
- fix ip probing of already resolved destinations (VPP-998)
We'll need this work to implement proper host-stack client isolation
Change-Id: Ic23b65f75c854d0393d9a2e9d6b122a9551be769
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I3873d3e411bf93cac82e73a0b8e3b22563aaf217
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I41a51bb36e31e05c76fef0b34fe006afbee27729
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
added load-balancing static mappings with unequal load support
Change-Id: Ie505e41f24d46f812b94dd28bdafe3dc170a6060
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I30a7e3da7a4efc6038a91e27b48045d4b07e2764
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|