Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I39a3146a4e4ba8eadf50af7113b9ae6b1c1d688f
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ie999ab852cc3775ec90820624d97be746d2590a4
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Compute ICMP checksum for buffer chains
Fix checksum function for buffer chains
Change-Id: I39b845b94a63c3ab5fc9f6f9ab36cadbc67c104f
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I3124238ab4d43bcef5590bad33a4ff0b5d8b7d15
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Ib62e503f4eb5d72431288de32f417a4553df4e0c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I47e1fc789ddf3dbfdf9768b99d5c3a8804d6b750
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I630f3da1ea4e6e50a50f1352c097becef1efe3c0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I085615fde1f966490f30ed5d32017b8b088cfd59
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Change-Id: Ia3ce24cc94f9b2fb331ad62a4181ddcd41bc78ca
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I36ece2ef2eaef9fa559d69ec7f7f07e7c16a7a9d
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Ied0fc50f1afb0f7fc563784544699726a6d03380
Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
|
|
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation.
If the negotiated MSS value is greater than the configured value it is changed
to the configured value. If the negotiated MSS value is smaller than the
configured value it remains unchanged.
Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
which can create dead loop in
nat_alloc_addr_and_port_default function
Change-Id: I468c25ce0f0a0b3f881de564623dea208b2ca700
Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
|
|
All fragments should be dropped when max_frag is 1 and 2 non-initial fragments are received before first fragment.
Change-Id: Id0c968f45629698e347e8226c5926f27b48b82d6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Enable client-IP based session affinity per LB NAT rule with specific timeout.
Change-Id: I9aade152e330218d21dfda99cc5e984d769ab806
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I44acc5aeff59dc25d18369e29618bbe39d30a1b3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I90600d000afb02e8969f3c01bcf9e4b5c10a7d39
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired
sessions. When inserting to session lookup hash and bucket is full, expired
session is overwritten.
Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ib61f0299c17c0f021408ab0a44c5b54f55f8a8ec
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Iffd5c45ab242a919592a1f686f7f880936b68a1a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I85383e428cb54c4c09ab387811dd6390f7c61d97
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ibc59323e849810531dd0963e85493efad3b86857
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I6239e930a8805207f8e42d15e8b17d444047e3f3
Signed-off-by: shubing guo <guo.shubing@zte.com.cn>
|
|
- replies should not need to contain client_index since
it is used to identify sender of requests to VPP
Change-Id: Iece3853b3f020054ee1652b149d0cf8d9580db4e
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
|
|
Use rx_fib_index instead of sm->inside_fib_index for session lookup key.
Change-Id: I2d6cce5b9376fa8ac4d75a9bbfa8498be0fd1493
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
outside address and port
Change-Id: Ie5452350a8ebe2c1b62085fcab50dbc0138d3ae2
Signed-off-by: shubing guo <guo.shubing@zte.com.cn>
|
|
Should not enable nat44-hairpinning node in deterministic mode
Change-Id: I5790323a6842ee71a62c6c91c49166a2839eac12
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Add missing call of nat64_tcp_session_set_state to set TCP session state.
Change-Id: Ifd297ea3ffe20870e1e34a95449b5c9404ec13eb
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
-- The session should not be deleted when either ip address or port doesn't same with static mapping.
Change-Id: I09ab7379947654d2780a8c40c5340ce430541b12
Signed-off-by: shubing guo <guo.shubing@zte.com.cn>
|
|
Change-Id: I756e3ad3de9ffe1494221ef95c1943c8591f8f50
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Add support for local backends in multiple VRFs for load-balancing NAT rules.
Change-Id: I64e6818bd67a7e69985003498cf1f16f7200c334
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I5009fcfde5c627d59dea3edda15486b9392134a2
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iad7e0337a577ef8a0dfb7bde1968cc115d176043
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ieb8b53977fc8484c19780941e232ee072b667de3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I28d05a04abd11f630035d34ce573016c77ffab53
Signed-off-by: shenJibiao <shenjibiao@corp.netease.com>
|
|
It is cheaper to get thread index from vlib_main_t if available...
Change-Id: I4582e160d06d9d7fccdc54271912f0635da79b50
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I56eb15f8fd2d3049845287dc3df7870582764f8b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ieb8020f57ed5ad20daf552cd62ae3fdd8c573926
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Iddb0b848c53da03116524e203c7112c82b401ac5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ib1e4563dbc027571c77497e5c190201713adc72b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
To enable NAT plugin endpoint dependent mode add following to statrup config:
nat { endpoint-dependent }
Enable endpoint dependent filtering and mapping for all sessions.
Move some existing functionality such as service load balancing, twice nat,
out2in-only static mappings and unknown protocol dynamic translations, which
use endpoint dependent lookup hash tables before. Basically split to vanilla
NAT44 and extra features NAT44.
Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Idd65c6d0489bf83984a2c34d22d3f94000fc7018
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Change-Id: I088163f10ae5515d7a9115781cc13ef563fafed5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or
inbound dhcp broadcast packets will be dropped. Certain dhcp servers
answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading
to unrecoverable lease loss.
In detail, this constraint:
VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat44-out2in",
.runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"),
};
doesn't get the job done:
ip4-unicast:
[17] nat44-out2in
[23] ip4-dhcp-client-detect
[26] ip4-not-enabled
Add a proper constraint:
VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat44-out2in",
.runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa",
"ip4-dhcp-client-detect"),
};
and the interface feature order is OK, at least in this regard:
ip4-unicast:
[17] ip4-dhcp-client-detect
[18] nat44-out2in
[26] ip4-not-enabled
We need to carefully audit (especially) the ip4-unicast feature arc,
which has [gasp] 37 features on it!
Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I484d79000c1bbd87ff83847cf567bf3414a719d3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Id25b447bddccb7b321123e4abc4134e7261a0807
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Instead of repeatedly cutting, pasting, and hacking to create a new
callback, use vnet_flow_rewrite_generic_callback(). Add three
arguments to the flow rewrite callback:
(in) pointer to an array of report elements,
(in) length of array,
(out) pointer to the stream index
Change existing code prototypes. Code owners encouraged to evaluate
whether they can use the generic callback or not, at leisure.
/* ipfix field definitions for a particular report */
typedef struct
{
u32 info_element;
u32 size;
} ipfix_report_element_t;
Best generated like so:
_(sourceIPv4Address, 4) \
_(destinationIPv4Address, 4) \
_(sourceTransportPort, 2) \
_(destinationTransportPort, 2) \
_(protocolIdentifier, 1) \
_(flowStartMicroseconds, 8) \
_(flowEndMicroseconds, 8)
static ipfix_report_element_t simple_report_elements[] = {
foreach_simple_report_ipfix_element
};
...
/* Set up the ipfix report */
memset (&a, 0, sizeof (a));
a.is_add = 1 /* to enable the report */ ;
a.domain_id = 1 /* pick a domain ID */ ;
a.src_port = UDP_DST_PORT_ipfix /* src port for reports */ ;
a.rewrite_callback = vnet_flow_rewrite_generic_callback;
a.report_elements = simple_report_elements;
a.n_report_elements = ARRAY_LEN (simple_report_elements);
a.stream_indexp = &jim->stream_index;
a.flow_data_callback = simple_flow_data_callback;
/* Create the report */
rv = vnet_flow_report_add_del (frm, &a, &template_id);
if (rv)
return rv;
...
Change-Id: If6131e6821d3a37a29269c0d58040cdf18ff05e4
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I6306b81e0e1c3e1c591f929a76bb265c1c1d0859
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iba1cc1179ee80478e29888790a6476571d1904dc
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|