aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
AgeCommit message (Collapse)AuthorFilesLines
2019-01-28Fix issues with order of NAT commands before set VRF table on an interfaceDmitry Vakhrushev1-2/+66
Outside FIB index doesn't change in this case. We register callback for changing of outside FIB if table binding is changed on an interface. Change-Id: I1ebbd7c3c547fc999089db07abd2019734395a6e Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
2019-01-22NAT: ipfix call optimizationFilip Varga4-9/+10
Change-Id: I84dfdbb727fb765fcaa7fb0099cbdd7ef7dbcc10 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-01-21NAT: VPP-1537 IPFIX per worker processingFilip Varga21-533/+545
Change-Id: I428bd25a513eb9fe65bea56572fea8cab7c51681 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-01-20buffers: don't init metadata, as it is already initializedDamjan Marion1-36/+0
Change-Id: Ia083050389853c25b069f0f8286d50d3f4aef527 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-01-16NAT: Fixed issues with dropping reverse packets with output-feature.Dmitry Vakhrushev1-0/+32
Fixed NAT issues with dropping reverse packets in case NAT worked in 'endpoint-dependent' mode and outside interface has FIB different from 0 when the output-feature is set. In this case, the out2in_ed dynamic hash key was not being created correctly. Change-Id: I6362967f4b09a375a4606eedaa8e264795b25453 Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
2018-12-21NAT: fix coverity error 190176 (VPP-1474)Matus Fabian1-0/+2
Change-Id: I0ee80c7bec59d3e9c69e92e6cf0af1a6864a4ec4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-12-20NAT: total users and sessions gauges (VPP-1484)Matus Fabian10-9/+154
Change-Id: I41a82e21571d5c64d01af72cd88c3983afac26ed Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-12-18NAT44: nat44_add_del_lb_static_mapping enhancements (VPP-1514)Matus Fabian6-54/+447
Change-Id: I5419e06592b0402e911e132796368800321f355a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-12-14NAT: counters (VPP-1484)Matus Fabian8-76/+362
Change-Id: I5d1852a09712adfe7547c200d161539736aca6f5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-29NAT: syslog - sessions logging (VPP-1139)Matus Fabian11-2/+463
Change-Id: I6e0b7cf37c1a9ac66f8ac011db29504e57844ee9 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-23NAT44: improve expired sessions reuse (VPP-1503)Matus Fabian2-79/+65
Change-Id: Iab506f127136c94a641df31ded108016de26260b Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-22NAT44: Apply transitory timeout on TCP RST (VPP-1494)Matus Fabian2-0/+9
RFC7857 section 2.2. Change-Id: I031af5fe379b72262e83fd8565c34fa1b772f2c8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-20NAT44: fix virtual fragmentation reassembly in forwarding mode (VPP-1501)Matus Fabian1-0/+8
Change-Id: Id86d8aa8753b9b2ff4c709b11e3901ba8d552918 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-19NAT44: fix bug in TCP close with output-feature interface (VPP-1493)Matus Fabian4-4/+82
Change-Id: If8c883d6b1ee58de9a03012d3567ec82211a0225 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-14Remove c-11 memcpy checks from perf-critical codeDave Barach10-99/+92
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-07NAT44: fix undesired dependency between static mapping and address from the ↵Matus Fabian2-1/+9
pool (VPP-1485) Change-Id: Iaa404361eac2a6612dcdaba3f73bae41a35c5446 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-23c11 safe string handling supportDave Barach12-71/+71
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-19NAT44: fix ICMP virtual fragmentation reassembly (VPP-1466)Matus Fabian4-63/+122
Change-Id: I8006bca02948d9121f474a3d14f0576747bb3c51 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-19vppinfra: add atomic macros for __sync builtinsSirshak Das1-4/+4
This is first part of addition of atomic macros with only macros for __sync builtins. - Based on earlier patch by Damjan (https://gerrit.fd.io/r/#/c/10729/) Additionally - clib_atomic_release macro added and used in the absence of any memory barrier. - clib_atomic_bool_cmp_and_swap added Change-Id: Ie4e48c1e184a652018d1d0d87c4be80ddd180a3b Original-patch-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Sirshak Das <sirshak.das@arm.com> Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com> Reviewed-by: Ola Liljedahl <ola.liljedahl@arm.com> Reviewed-by: Steve Capper <steve.capper@arm.com>
2018-10-12NAT44: identity NAT fix (VPP-1441)Matus Fabian4-32/+118
Change-Id: Ic4affc54d15d08b9b730f6ec6146ee053b28b4b6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-08NAT44: do not create session record for identity mapping (VPP-1439)Matus Fabian10-103/+233
Change-Id: I39a3146a4e4ba8eadf50af7113b9ae6b1c1d688f Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-05NAT: convert remaining clib_warning to nat_log_*Juraj Sloboda4-30/+30
Change-Id: Ie999ab852cc3775ec90820624d97be746d2590a4 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-10-02Update code to compute checksum for buffer chainsJuraj Sloboda2-6/+10
Compute ICMP checksum for buffer chains Fix checksum function for buffer chains Change-Id: I39b845b94a63c3ab5fc9f6f9ab36cadbc67c104f Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-10-01thread: Add show threads apiMohsin Kazmi1-1/+1
Change-Id: I3124238ab4d43bcef5590bad33a4ff0b5d8b7d15 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-09-26NAT44: endpoint-dependent mode session timeout improvement (VPP-1423)Matus Fabian2-0/+28
Change-Id: Ib62e503f4eb5d72431288de32f417a4553df4e0c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-25NAT44: fix nat44_o2i_ed_is_idle_session_cb (VPP-1424)Matus Fabian2-4/+1
Change-Id: I47e1fc789ddf3dbfdf9768b99d5c3a8804d6b750 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-24NAT44: endpoint-dependent mode session timeout improvement (VPP-1423)Matus Fabian4-27/+63
Change-Id: I630f3da1ea4e6e50a50f1352c097becef1efe3c0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-24Trivial: Clean up some typos.Paul Vinciguerra1-3/+3
Change-Id: I085615fde1f966490f30ed5d32017b8b088cfd59 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-09-21NAT: Refactoring / Housekeeping (VPP-1415)Matus Fabian19-10848/+11482
Change-Id: Ia3ce24cc94f9b2fb331ad62a4181ddcd41bc78ca Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-20NAT44 virtual fragmentation reassembly for endpoint-dependent mode (VPP-1325)Juraj Sloboda6-147/+1296
Change-Id: I36ece2ef2eaef9fa559d69ec7f7f07e7c16a7a9d Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-09-19nat: free port_bitmapdongjuan1-0/+7
Change-Id: Ied0fc50f1afb0f7fc563784544699726a6d03380 Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
2018-09-13NAT: TCP MSS clampingMatus Fabian9-0/+236
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation. If the negotiated MSS value is greater than the configured value it is changed to the configured value. If the negotiated MSS value is smaller than the configured value it remains unchanged. Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-11nat: fix busy ports of each threaddongjuan1-4/+15
which can create dead loop in nat_alloc_addr_and_port_default function Change-Id: I468c25ce0f0a0b3f881de564623dea208b2ca700 Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
2018-09-06NAT: fix maximum out of order fragments (VPP-1399)Matus Fabian6-8/+38
All fragments should be dropped when max_frag is 1 and 2 non-initial fragments are received before first fragment. Change-Id: Id0c968f45629698e347e8226c5926f27b48b82d6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-04NAT: add support for configurable port range (VPP-1346)Matus Fabian5-3/+310
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-03NAT44: client-IP based session affinity for load-balancing (VPP-1297)Matus Fabian10-40/+524
Enable client-IP based session affinity per LB NAT rule with specific timeout. Change-Id: I9aade152e330218d21dfda99cc5e984d769ab806 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-27NAT44: fix nat44_ed_not_translate_output_feature for multiple VRF (VPP-1404)Matus Fabian1-9/+15
Change-Id: I44acc5aeff59dc25d18369e29618bbe39d30a1b3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-27cmake: Fix plugins .h includesMohsin Kazmi1-0/+4
Change-Id: I90600d000afb02e8969f3c01bcf9e4b5c10a7d39 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-08-27NAT44: add support for session timeout (VPP-1272)Matus Fabian13-534/+684
NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired sessions. When inserting to session lookup hash and bucket is full, expired session is overwritten. Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-27cmake: add missing vat pluginsDamjan Marion1-0/+3
Change-Id: Ib61f0299c17c0f021408ab0a44c5b54f55f8a8ec Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-08-25cmake: improve add_vpp_plugin macroDamjan Marion1-2/+5
Change-Id: Iffd5c45ab242a919592a1f686f7f880936b68a1a Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-08-22NAT: update nat_show_config_reply API (VPP-1403)Matus Fabian3-1/+36
Change-Id: I85383e428cb54c4c09ab387811dd6390f7c61d97 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-17CMake as an alternative to autotools (experimental)Damjan Marion1-0/+41
Change-Id: Ibc59323e849810531dd0963e85493efad3b86857 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-08-16VPP-1386: fix wrong ip address of hash key for creating user in unknown protocolshubing guo1-1/+1
Change-Id: I6239e930a8805207f8e42d15e8b17d444047e3f3 Signed-off-by: shubing guo <guo.shubing@zte.com.cn>
2018-08-15Remove client_index field from replies in APIOndrej Fabry1-1/+0
- replies should not need to contain client_index since it is used to identify sender of requests to VPP Change-Id: Iece3853b3f020054ee1652b149d0cf8d9580db4e Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
2018-08-15NAT44: fix next_src_nat (VPP-1384)Matus Fabian1-6/+7
Use rx_fib_index instead of sm->inside_fib_index for session lookup key. Change-Id: I2d6cce5b9376fa8ac4d75a9bbfa8498be0fd1493 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-15VPP-1387:foreach outside address vector to find correct index when free ↵shubing guo3-21/+16
outside address and port Change-Id: Ie5452350a8ebe2c1b62085fcab50dbc0138d3ae2 Signed-off-by: shubing guo <guo.shubing@zte.com.cn>
2018-08-15NAT44: fix bug in snat_interface_add_del (VPP-1380)Matus Fabian1-4/+4
Should not enable nat44-hairpinning node in deterministic mode Change-Id: I5790323a6842ee71a62c6c91c49166a2839eac12 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-15NAT64: fix TCP session expire (VPP-1390)Matus Fabian2-7/+20
Add missing call of nat64_tcp_session_set_state to set TCP session state. Change-Id: Ifd297ea3ffe20870e1e34a95449b5c9404ec13eb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-11VPP-1381: Fix the incorrect if condition when delete session for static mappingshubing guo1-2/+2
-- The session should not be deleted when either ip address or port doesn't same with static mapping. Change-Id: I09ab7379947654d2780a8c40c5340ce430541b12 Signed-off-by: shubing guo <guo.shubing@zte.com.cn>