Age | Commit message (Collapse) | Author | Files | Lines |
|
In endpoint dependent mode, when a session at the head of a user
LRU is reused, if the IP protocol for that session was unknown (any
other than tcp, udp, or icmp), the attempt to delete the session
mapping from the in2out bihash was not using the same key that was
used when the mapping was added. This would cause the deletion of
the mapping to fail. If packets arrive later which match the original
session, the search for the session key would succeed when it should
have failed and the session, which is now associated with a different
pair of endpoints, may end up being updated when it should not be.
Update the key generation when reallocating an existing session to
do the right thing if the session is for an unknown protocol.
Also update format_nat_session() for unknown protocols so that
'vppctl show nat44 session detail' will display the protocol
correctly. In endpoint dependent mode, the IP protocol is stored in
the port field on a session if the protocol is unknown. The value
is stored in host byte order, but the format function was swapping
the bytes before writing the protocol.
Change-Id: I9e8daadd4569cb2610532dab4e4f41d1567cf3d1
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
When you create two identical NAT44 static mappings using interface
name as external address and only local or ext port is different,
VALUE_EXIST will be raised but when-resolved static mapping will
remain.
vpp# nat44 add static mapping tcp local 10.128.0.129 443 external GigabitEthernet0/8/0 8443
vpp# nat44 add static mapping tcp local 10.128.0.129 80 external GigabitEthernet0/8/0 8443
nat44 add static mapping: Mapping already exist.
vpp# show nat44 static mappings
NAT44 static mappings:
tcp local 10.128.0.129:443 external 2.2.2.2:8443 vrf 0
tcp local 10.128.0.129:443 external GigabitEthernet0/8/0:8443 vrf -1
tcp local 10.128.0.129:80 external GigabitEthernet0/8/0:8443 vrf -1
With this commit, when-resolved static mapping is not created if the
translation only differs in local or ext port.
Change-Id: Ifc960b9dc1371caa2a8d3206a80a0ffd10d293e4
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Change-Id: I2492400a67b39a3adbc24ab7cf1ba17a409e95a8
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
This reverts commit bed1421b9f1b3643d93384084972337b596aec73.
/vpp/master3/src/plugins/nat/nat_api.c: In function ‘send_nat_worker_details’:
/vpp/master3/src/vppinfra/clib.h:62:33: error: division ‘sizeof (u8 * {aka unsigned char *}) / sizeof (u8 {aka unsigned char})’ does not compute the number of array elements [-Werror=sizeof-pointer-div]
#define ARRAY_LEN(x) (sizeof (x)/sizeof (x[0]))
^
/vpp/master3/src/plugins/nat/nat_api.c:205:43: note: in expansion of macro ‘ARRAY_LEN’
rmp = vl_msg_api_alloc (sizeof (*rmp) + ARRAY_LEN (w->name) - 1);
^~~~~~~~~
Change-Id: Ie82672c145fb2f6580827f95e535435307bc7a23
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I519d7efc8ee3c86381d96be2e2a46017cd948895
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
- Add subpages definitions in appropriate
section (User or Dev docs) for doc files
(*.rst, *.md) that being listed at the top
level of the generated doc page.
- Generate and add API list to RELEASE doc.
- Fix list_api_changes script to use HEAD
as the endtag so it doesn't need to be
changed every release.
Change-Id: Iace7b6433359c6b96869cb1db01facbbcb0ac1e6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit 11ee93f6abfaddf5bbd56cf0858c0c6ea0384b65)
|
|
Some API action handlers called vl_msg_ai_send_shmem()
directly. That breaks Unix domain socket API transport.
A couple (bond / vhost) also tried to send a sw_interface_event
directly, but did not send the message to all that had
registred interest. That scheme never worked correctly.
Refactored and improved the interface event code.
Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
When using the output feature ('postrouting') outbound translation,
no packets are passed when using worker threads. The frame queue for
in2out packets to be handed off between threads is never allocated.
This is because that allocation only happens if the value of
fq_in2out_output_index == ~0, but fq_in2out_output_index is never
initialized prior to checking that.
Initialize fq_in2out_output_index to ~0 so a frame queue will be
allocated when there are worker threads.
Change-Id: I0836685eb611348643c11ac7e4d0cab935a29384
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I53ab8d17914e6563110354e4052109ac02bf8f3b
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
session synchronization so that we can build a plain active-passive HA NAT pair
Change-Id: I21db200491081ca46b7af3e82afc677c1985abf4
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Fix what appears to be a cut-n-past error.
Change-Id: I71ee32c1b0d2dc38ed3df4bd24ec4248005a6008
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: Idcff6108f4f965344afce9ff614018239819dc95
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I88f3df8aaa521e7707ef3335acdbf1ab41e7ee28
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Change-Id: I9c562f8e3407ca60a4412a162015fa505b7590b6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Outside FIB index doesn't change in this case. We register
callback for changing of outside FIB if table binding is changed
on an interface.
Change-Id: I1ebbd7c3c547fc999089db07abd2019734395a6e
Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
|
|
Change-Id: I84dfdbb727fb765fcaa7fb0099cbdd7ef7dbcc10
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Change-Id: I428bd25a513eb9fe65bea56572fea8cab7c51681
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Change-Id: Ia083050389853c25b069f0f8286d50d3f4aef527
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Fixed NAT issues with dropping reverse packets in case NAT worked
in 'endpoint-dependent' mode and outside interface has FIB different
from 0 when the output-feature is set.
In this case, the out2in_ed dynamic hash key was not being created
correctly.
Change-Id: I6362967f4b09a375a4606eedaa8e264795b25453
Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
|
|
Change-Id: I0ee80c7bec59d3e9c69e92e6cf0af1a6864a4ec4
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I41a82e21571d5c64d01af72cd88c3983afac26ed
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I5419e06592b0402e911e132796368800321f355a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I5d1852a09712adfe7547c200d161539736aca6f5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I6e0b7cf37c1a9ac66f8ac011db29504e57844ee9
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iab506f127136c94a641df31ded108016de26260b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
RFC7857 section 2.2.
Change-Id: I031af5fe379b72262e83fd8565c34fa1b772f2c8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Id86d8aa8753b9b2ff4c709b11e3901ba8d552918
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: If8c883d6b1ee58de9a03012d3567ec82211a0225
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
pool (VPP-1485)
Change-Id: Iaa404361eac2a6612dcdaba3f73bae41a35c5446
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I8006bca02948d9121f474a3d14f0576747bb3c51
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This is first part of addition of atomic macros with only macros for
__sync builtins.
- Based on earlier patch by Damjan (https://gerrit.fd.io/r/#/c/10729/)
Additionally
- clib_atomic_release macro added and used in the absence
of any memory barrier.
- clib_atomic_bool_cmp_and_swap added
Change-Id: Ie4e48c1e184a652018d1d0d87c4be80ddd180a3b
Original-patch-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Sirshak Das <sirshak.das@arm.com>
Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
Reviewed-by: Ola Liljedahl <ola.liljedahl@arm.com>
Reviewed-by: Steve Capper <steve.capper@arm.com>
|
|
Change-Id: Ic4affc54d15d08b9b730f6ec6146ee053b28b4b6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I39a3146a4e4ba8eadf50af7113b9ae6b1c1d688f
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ie999ab852cc3775ec90820624d97be746d2590a4
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Compute ICMP checksum for buffer chains
Fix checksum function for buffer chains
Change-Id: I39b845b94a63c3ab5fc9f6f9ab36cadbc67c104f
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I3124238ab4d43bcef5590bad33a4ff0b5d8b7d15
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Ib62e503f4eb5d72431288de32f417a4553df4e0c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I47e1fc789ddf3dbfdf9768b99d5c3a8804d6b750
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I630f3da1ea4e6e50a50f1352c097becef1efe3c0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I085615fde1f966490f30ed5d32017b8b088cfd59
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Change-Id: Ia3ce24cc94f9b2fb331ad62a4181ddcd41bc78ca
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I36ece2ef2eaef9fa559d69ec7f7f07e7c16a7a9d
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Ied0fc50f1afb0f7fc563784544699726a6d03380
Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
|
|
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation.
If the negotiated MSS value is greater than the configured value it is changed
to the configured value. If the negotiated MSS value is smaller than the
configured value it remains unchanged.
Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
which can create dead loop in
nat_alloc_addr_and_port_default function
Change-Id: I468c25ce0f0a0b3f881de564623dea208b2ca700
Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
|
|
All fragments should be dropped when max_frag is 1 and 2 non-initial fragments are received before first fragment.
Change-Id: Id0c968f45629698e347e8226c5926f27b48b82d6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Enable client-IP based session affinity per LB NAT rule with specific timeout.
Change-Id: I9aade152e330218d21dfda99cc5e984d769ab806
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|