Age | Commit message (Collapse) | Author | Files | Lines |
|
Fix ordering of feature nodes so that ACL runs after NAT in in2out
direction so it can properly track stuff like ports after NAT rewrite.
Type: fix
Change-Id: I2c689b64765628e9bc77108914f74c6c801d8ce2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I4a5d52d54aa2748008e896888bfeabb18a1088bb
|
|
Type: fix
Change-Id: I170f9d8c685f59b7ccf6f9ee7fdc1dcdf2a54fe1
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Use actual thread index from hash table instead of doing calculation.
Calculated index might be different and could lead to crash.
Type: fix
Change-Id: Iede9a67fbe541cb44eccd0d6ddf4e2c51eb35423
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ibbb72e77c751b7e775620cfb160b52ceff2da86b
|
|
Type: fix
Coverity scan issue fix.
Change-Id: I9036fade15fd381da9c1e6b575f250fdcb21f876
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: improvement
Adding support for enable&disable calls
(dynamic plugin configuration).
API (nat66_plugin_enable_disable) and
CLI (nat66 plugin enable/nat66 plugin disable) with support for
outside_vrf id configuration.
Change-Id: I5637ff1621d6662adc3b7c6f7f8176d84a4b492b
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Use correct vlib_main() in various code parts. Fix tests.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ia379f3b686599532dedaafad2278c4097a3f03f3
|
|
Type: refactor
Change-Id: I8b273bc3bf16aa360f031f1b2692f766e5fc4613
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: If3da7d4338470912f37ff1794620418d928fb77f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I068bfeaf22b9e6cce967c27acdd46d4b8541bdf8
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Change-Id: I392d348b1a38affac8761b0614b117cd991958d7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Change-Id: I84d511c30eb5878a1867f5e9d2207a39d4f0926c
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Avoid erroneous double vnet_feature_next if routing buffer manually.
Type: fix
Change-Id: I3f56c12bf57f59a1e5ddad63a2565fa195934cf6
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
VppTestCase now has vpp_worker_count property set to number of workers.
This can be overriden by child classes. Also overriden by
VPP_WORKER_CONFIG variable for legacy reasons.
Type: improvement
Change-Id: Ic328bacb9003ddf9e92815767653bd362aa7f086
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Make code easier to read and debug.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ib52a4cdd3bcdcc475053aa32af3964c00859e1cd
|
|
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I8e48bdcc4c311717e067bb0a4e0b409a2eb8e83d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: refactor
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ifb4a9c52fd2c5dd9f3f5cf41214aa1851f6d7acd
|
|
Type: style
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I66b7ed03f784f3992a910ad6a52ed89116a39297
|
|
Type: test
Change-Id: I37a12e3580c3631582f366944fe30f325b46f366
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Make sure packet lands on the right thread for dst nat case.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I0ec4e4c2bb3fa80ff73fac588c36d36420ba68fa
|
|
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ia1cfdbd39ed458cb3fffd29a8b6d6eff64644de8
|
|
Fix incorrect vlib main usage.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ic5304ca844f1b27756818eb6995b1d9c08412674
|
|
Use correct ports from SVR. Perform lookup of existing session for all
cases to pick any created bypasses and derive correct thread indexes.
Type: fix
Change-Id: I1e3814c9e13cd4d9b8d65f514f7e9ab42df3c22e
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Add missing show trace.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2f216bfc1bc70ebcbf5593214d46601f44f0b6e2
|
|
Type: fix
Change-Id: I30b847acc4653fea9d609fc0d5875c3fda0824ef
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Avoid crash if nat pool not allocated when issuing "show nat44 summary".
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
|
|
Use outside addresses more evenly by using local address to pick from
pool of addresses. This ensures stability from POV of remote host -
an internal host always gets translated using the same outside address,
so it doesn't appear to be "hopping". Also, this avoids all hosts
being translated using the first address, which helps avoid needless
recaptchas and the like.
Exact assignment depends on internal ordering of addresses - local address
is used to pick an offset into internal vector. If that address cannot be
used, a linear search is performed as a fallback mechanism to find a possible
translation.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
|
|
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet)
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
|
|
Fail if obsolete flag is used.
Type: fix
Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
This patch achieves complete separation of
endpoint-dependent and endpoint-independent IPv4 NAT
features. Some common stuff is also moved to NAT
library.
Type: refactor
Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
- "PNAT: 1:1 match and rewrite programmable NAT" link
was hanging out on the top level of the doc tree.
Move it to VPP->Developer Documentation.
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iadb7d3463567a2414eece68db0a3743237ab26f9
|
|
Re-enable the test for 2-worker config test
Change-Id: Ie108c5d244c6704ffa152177ca77f6b6055fe38e
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Don't expect save_rewrite_length to be set correctly on RX path.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ieee40d119213f617c3d836181e5879f084b74548
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
If the multi-worker default VPP configuration is triggered by
setting VPP_WORKER_CONFIG="workers 2", some of the tests fail
for various reasons.
It's a substantial number, so this change marks all of the
testsets that have this issue, such that they can be addressed
later independently.
Type: test
Change-Id: I4f77196499edef3300afe7eabef9cbff91f794d3
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Avoid doing inter-thread reads without locks by doing a handoff before
destination address rewrite. Destination address is read from a session
which is possibly owned by a different thread. By splitting the work in
two parts with a handoff in the middle, we can do both in a thread safe
way.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I1c50d188393a610f5564fa230c75771a8065f273
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ibea7ec844d1d910e8a3235e11154b1ecea8302ac
|
|
If static-mapping-only is enabled, NAT pool cannot be configured, only
static mappings. There're two ways to add addresses to the NAT pool:
by address range, or by first found address from an interface.
NAT44_ADD_DEL_ADDRESS_RANGE already tests if dynamic mappings are
available but NAT44_ADD_DEL_INTERFACE_ADDR doesn't. If
static-mapping-only is enabled, adding addresses by range is rejected
but by interface not.
With this change, if static-mapping-only is enabled, do not allow to
add addresses to the NAT pool both ways.
Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ifc055ea9a71a5e579388833a2990aef21bf7ed29
|
|
Including a general missing free in fromjson autogenerated code.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I9ab2b0193135e2fb3d62d51b3c114df56969e341
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: improvement
Change-Id: I456f9b14e6a4eb46c9c49f6e09acccae530e4ebc
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Fix dependency issues where multi-arch file is using API generated file.
Type: improvement
Change-Id: I5d4af7a630529bc138c35841723e38938f36d963
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
A NAT sub-plugin doing statically configured match/rewrite on IP4 input or output.
It's stateless (no connection tracking).
Currently it supports rewriting of SA, DA and TCP/UDP ports.
It should be simple to add new rewrites if required.
API:
pnat_binding_add, pnat_binding_del, pnat_bindings_get, pnat_interfaces_get
CLI:
set pnat translation interface <name> match <5-tuple> rewrite <5-tuple> {in|out} [del]
show pnat translations
show pnat interfaces
Trying a new C based unit testing scheme. Where the graph node is tested
in isolation. See pnat/pnat_test.c.
Also added new cmake targets to generate coverage directly.
E.g.:
make test_pnat-ccov-report
File '/vpp/sdnat/src/plugins/nat/pnat/pnat.c':
Name Regions Miss Cover Lines Miss Cover
------------------------------------------------------------------------------------
pnat_interface_by_sw_if_index 39 8 79.49% 13 0 100.00%
pnat_instructions_from_mask 9 0 100.00% 13 0 100.00%
pnat_binding_add 64 8 87.50% 31 2 93.55%
pnat_flow_lookup 4 4 0.00% 10 10 0.00%
pnat_binding_attach 104 75 27.88% 33 6 81.82%
pnat_binding_detach 30 5 83.33% 23 2 91.30%
pnat_binding_del 97 33 65.98% 17 3 82.35%
pnat.c:pnat_calc_key_from_5tuple 9 1 88.89% 14 1 92.86%
pnat.c:pnat_interface_check_mask 10 2 80.00% 11 2 81.82%
pnat.c:pnat_enable 5 0 100.00% 11 0 100.00%
pnat.c:pnat_enable_interface 107 26 75.70% 60 15 75.00%
pnat.c:pnat_disable_interface 91 30 67.03% 32 7 78.12%
pnat.c:pnat_disable 7 2 71.43% 13 7 46.15%
------------------------------------------------------------------------------------
TOTAL 576 194 66.32% 281 55 80.43%
File '/vpp/sdnat/src/plugins/nat/pnat/pnat_node.h':
Name Regions Miss Cover Lines Miss Cover
------------------------------------------------------------------------------------
pnat_test.c:pnat_node_inline 67 11 83.58% 115 1 99.13%
pnat_test.c:pnat_calc_key 9 2 77.78% 14 2 85.71%
pnat_test.c:pnat_rewrite_ip4 55 11 80.00% 60 12 80.00%
pnat_test.c:format_pnat_trace 1 1 0.00% 12 12 0.00%
pnat_node.c:pnat_node_inline 63 63 0.00% 115 115 0.00%
pnat_node.c:pnat_calc_key 9 9 0.00% 14 14 0.00%
pnat_node.c:pnat_rewrite_ip4 55 55 0.00% 60 60 0.00%
pnat_node.c:format_pnat_trace 5 5 0.00% 12 12 0.00%
------------------------------------------------------------------------------------
TOTAL 264 157 40.53% 402 228 43.28%
Type: feature
Change-Id: I9c897f833603054a8303e7369ebff6512517c9e0
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Make number of worker handoff frame queue elements configurable as
a set nat frame-queue-nelts command. The default value is 64 which
is the same value that was previously hard-coded. The idea is that
allowing larger values can be useful in some cases, to avoid
congestion drops. Also add nat_set_fq_options API support and a
corresponding test case.
Type: improvement
Change-Id: I5c321eb2d7997f76fac2703d9c4a5b2516375db3
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
|
|
Making code more simple and storing thread index along with session
index as a preparation step for fixing thread safety patches.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ib0c531e9f1f64b1f1ee912d4a83279200638e931
|
|
This change introduces flow concept to endpoint-dependent NAT. Instead
of having a session and a plethora of special cases in code for e.g.
hairpinning, twice-nat and others, figure all this out and store it in
flow logic. Every flow has a match and a rewrite part. This unifies all
the NAT packet processing cases into one - match a flow and rewrite the
packet based on that flow. It also provides a cure for hairpinning
dilemma where one part of the flow is on one worker and another on
a different one. These cases are also sped up by not requiring
destination adress lookup every single time to be able to rewrite source
nat as this is now part of flow rewrite logic.
Type: improvement
Change-Id: Ib60c992e16792ea4d4129bc10202ebb99a73b5be
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Patch n. 2 aimed at moving EI features out of
NAT44 plugin & split of EI/ED functions.
Type: refactor
Change-Id: Ida20c1c084449b146344b6c3d8442f49efb6f3fa
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
This patch is aimed at moving EI features out of NAT44
plugin & split of EI/ED functions.
Type: refactor
Change-Id: I63cf70a264ed2512708fe92665d64f04690783d0
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Split ED and EI nat44 test cases. Added multi worker
support for ED test cases.
Type: refactor
Change-Id: Ibcc2f62b94cacff69ed35c5d914b55f9fdbcf882
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Change-Id: Ie41e2fb9393bf63099519150bb158b830d2c0d87
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: refactor
Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|