Age | Commit message (Collapse) | Author | Files | Lines |
|
When a user session is allocated/reused, only increase
one of the session counters for that user if the counters
are below the per-user limit.
THis addresses a SEGV that arises after the following
sequence of events:
- an outside interface IP address is put in a pool
- a user exceeds the number of per-user translations by
an amount greater than the number of per-user translations
(nsessions + nstaticsessions > 100 + 100)
- the outside interface IP address is deleted and then added
again (observed when using DHCP client, likely happens if
address changed via CLI, API also)
- the user sends more packets that should be translated
When nsessions is > the per-user limit,
nat_session_alloc_or_recycle() reclaims the oldest existing
user session. When an outside address is deleted, the
corresponding user sessions are deleted. If the counters were
far above the per-user limit, the deletions wouldn't result
in the counters dropping back below the limit. So no session
could be reclaimed -> SEGV.
Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I3e4bbfe205c86cb0839dd5c542f083dbe6bea881
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Do not translate packet which go out via nat44-in2out-output and was tranlated
in nat44-out2in before. On way back forward packet to nat44-in2out node.
Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
pair (VPP-1199)
Change-Id: Iad8c626e83bbc58d5c85b6736f5a3dd5bc9ceafb
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ie5a50def4ec1e4a3b3404a8b6ab9ec248bc16744
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Icb858414145db0e5fef495e155903b3b935e50ba
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I1552e1418b704fdf1f1fa2c0174313b9b82a37a3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
frag packet can't get reass.
adding bihash,it can rewrite new hash value.
so need to delete hash after compare hash value.
Change-Id: I83b5c47890110e9a598b78cfbe8fcd27bbe291bb
Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
|
|
(VPP-1192)
following is not possible:
set interface nat44 out GigabitEthernet0/3/0 output-feature
set interface nat44 out GigabitEthernet0/3/0
Change-Id: I1592cc18390881fda66f98316700886b8f5295f0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
in2out and out2in protocol are not same
Change-Id: I4ce680ad1f088cb079e1f2aeb15ca59225fca0d1
Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
|
|
Change-Id: I8a4a7a85e86acbfe411e6dfa22e3976d7d4c903b
Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
|
|
If forwarding is enabled, inbound packets on an outside
interface should not be dropped and instead pass on to
the FIB lookup. This works for TCP and UDP but not other
IP protocols. Enable it for unknown protocols.
Change-Id: I1da84b5633a36b3e5e64079754db2fcc50f29819
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
forwarding mode:
session initiaded from service host - translate
session initiaded from remote host - do not translate
Change-Id: I48170ee8e4ad14d3d3083ee31a40ef8d10d6ff32
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Call vnet_feature_next() for DHCP replies instead of using
default ip4-lookup. This allows DHCP replies to reach an
outside interface if it's configured as a DHCP client.
Change-Id: Icce1cd68b21256fcd6b1fad6792c06578b0e4e36
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
NAT input features run after acl-plugin-in-ip4-fa
NAT output features run after acl-plugin-out-ip4-fa
Change-Id: I1e4487a0d6fdb99a90b8db640d9ad0e0eb7347a5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I853386aebfe488ebb10328435b81b6e3403c5dd0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ic5e8d74bf5ac84cce5661de44778c89541c67636
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Support the 1:1 translation of source address for IPv6
Change-Id: I934d18e5ec508bf7422d796ee5f172b79c048011
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-1156)
Change-Id: I5395245c9e49f741a949ada1f725c34f9379c249
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ib99b597502b8335e57ecfa122b12e2e5aa45ee1a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I1e3cfc751e7657464fc850dc56ddf763df45f62e
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I4e93595665b8d0e373c4df27311c27a51222961c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-1149)
Avoid crash when interface was deleted.
Change-Id: I2ac3031c13ca5ad3360495e1c4cb90b0002be5ff
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I85c799f28c4246884107e569a36482af10d9be9d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I620e2081285ca8ac5c2da8efc12fe6f540ea4fd1
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Moved CLI from nat.c to nat44_cli.c
Split "show nat44" to:
show nat44 addresses
show nat44 interfaces
show nat44 static mappings
show nat44 interface address
show nat44 sessions detail
show nat44 deterministic mappings
show nat44 deterministic timeouts
show nat44 deterministic sessions
show nat workers
Change-Id: I2d1be8941dd0e4a9e037f4a4d2cd192389beb8ed
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
One-armed NAT should work for asymmetrical static mappings without adding external address to the NAT44 pool.
Change-Id: Ie886b75b55c3b552d1029a50bd967625fde80f09
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This is a version of the VPP API generator in Python PLY. It supports
the existing language, and has a plugin architecture for generators.
Currently C and JSON are supported.
Changes:
- vl_api_version to option version = "major.minor.patch"
- enum support
- Added error checking and reporting
- import support (removed the C pre-processor)
- services (tying request/reply together)
Version:
option version = "1.0.0";
Enum:
enum colours {
RED,
BLUE = 50,
};
define foo {
vl_api_colours_t colours;
};
Services:
service {
rpc foo returns foo_reply;
rpc foo_dump returns stream foo_details;
rpc want_stats returns want_stats_reply
events ip4_counters, ip6_counters;
};
Future planned features:
- unions
- bool, text
- array support (including length)
- proto3 output plugin
- Refactor C/C++ generator as a plugin
- Refactor Java generator as a plugin
Change-Id: Ifa289966c790e1b1a8e2938a91e69331e3a58bdf
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Ie7cd809f30decc36cb8e1f4d8acc4b41f17cd390
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
add option to NAT44 static mapping API/CLI to make rule asymmetrical (rule match only out2in direction)
Change-Id: If262a3ff375a24d3059f0de1f1ac387a4fe09475
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This does not update api client code. In other words, if the client
assumes the transport is shmem based, this patch does not change that.
Furthermore, code that checks queue size, for tail dropping, is not
updated.
Done for the following apis:
Plugins
- acl
- gtpu
- memif
- nat
- pppoe
VNET
- bfd
- bier
- tapv2
- vhost user
- dhcp
- flow
- geneve
- ip
- punt
- ipsec/ipsec-gre
- l2
- l2tp
- lisp-cp/one-cp
- lisp-gpe
- map
- mpls
- policer
- session
- span
- udp
- tap
- vxlan/vxlan-gpe
- interface
VPP
- api/api.c
OAM
- oam_api.c
Stats
- stats.c
Change-Id: I0e33ecefb2bdab0295698c0add948068a5a83345
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Add option to NAT44 load balancing static mapping API/CLI to make rule asymmetrical (rule match only in out2in direction).
Change-Id: I325ecef5591e4bf44ce4469a24d44fe56c3bb2e9
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ifcca60da3f77c0a4959f98b3365c846badbdc2d0
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
- separate client/server code for both memory and socket apis
- separate memory api code from generic vlib api code
- move unix_shared_memory_fifo to svm and rename to svm_fifo_t
- overall declutter
Change-Id: I90cdd98ff74d0787d58825b914b0f1eafcfa4dc2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ib90dc5613c9fdac0344b3bd7f163e2f7163c64d8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I5e080d69f28661cc0b1846885d5001526b54fbd9
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I24e7a26972bbbfcea100292b212b29ae7a349335
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Id897ed61a26a4069678ed4ddac1ba28bf32809c3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I518387ab479bee4778d45a33c95f7b0f72aa1b72
Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
|
|
Add API function which enables forwarding of packets not matching
existing translation or static mapping instead of dropping them.
When forwarding is enabled matching packets will be translated
while non-matching packets will be forwarded without translation.
Change-Id: Ic13040cbad16d3a1ecdc3e02a497171bef6aa413
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Translation of both source and destination addresses and ports for 1:1 NAT
session initiated from outside network (ExternalIP K8 use case).
Change-Id: Ic0000497cf71619aac996d6d580844f0ea0edc14
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I149a20f183b836db4c32fb4e4a8438b3a14c1c26
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Set l_addr to the interface address if the interface address is known
when the identity mapping is created.
Change-Id: I61af0f5248c9d86d23a24457b342b2e1fb4ac726
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
CIDs 180713 and 180714
Change-Id: Ia4856d1a62f176e99983f8c82eaa09d5df9d4ca5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iebf859b6d86482e4465423bad598eecf87e53ec4
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-1090)
Change-Id: I361c043979274eac1aefcd95abdf1624a3ef2756
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I565277eafbce3d4f59a7f0d497fca1c4fed3cfc8
Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
|
|
Identity mapping translate an IP address to itself.
Change-Id: Icc0ca5102d32547a4b0c75720b5f5bf41ed69c71
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iae2f9f9652cecdf7e754700b2fe107ad61ff8ff9
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I3d936d456ee27b2e0857843295efb60a9f2d0be7
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|