Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
Change-Id: I7cb7e3716aee865b12235865009e39ed6ad16680
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Identified and removed executable bit from source files in the tree.
find . -perm 755 -name *.[ch] -exec chmod a-x {} \;
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I00710d59fcc46ce5be5233109af4c8077daff74b
|
|
Parallel merges introduced two test clasess with a same name. Rename
latter, so that former is seen (and run) by test runner again.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I47772b41bb940bfdda4536cdd1f9b5e3768ca18b
|
|
Since the removal of "users" concept in ED-NAT nat44_user_dump API
returns empty array. This brings back previous behaviour at
a considerable runtime cost until a better API is introduced.
Type: improvement
Change-Id: I5a45923cfeb6b8ebe6fc906601264d6567386991
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I95286d6723fd1860bf6bb0e81c474d732ab25121
|
|
By storing thread and session index in hash table we are able to skip
multiple hash lookups in multi-worker scenario, which were used for
handoff before. Also, by storing sesion index in vnet_buffer2, we can
avoid repeating the lookup after handoff.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I406fb12f4e2dd8f4a5ca5d83d59dbc37e1af9abf
|
|
Type: fix
Change-Id: Ife726d2f6baaa3516c209011183f39670cf6a55d
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2a70db3a25450e014adaed84989f4da9bb77b14d
|
|
This fixes a situation where long-lived inactive session blocks LRU
list. Solution is to have multiple LRU lists based on session type.
This helps because session timeout is same for all sessions of same
type.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I5e54b2aab73b23911d6518d42e8c3f166c69a38c
|
|
Use a lookup table instead.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ia8461099828bb8824bf016201f135e6b69c444d1
|
|
Type: fix
Change-Id: I14e323e7bb1db7a3d40668212535c07504374e59
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Fixes: b5a575b09
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I22d35159a923075243df9760f1a74e2ca74e30e1
|
|
The original fix access vlib_main before these was initialized.
Removed cached vlib_mains structure.
Type: fix
Fixes: 9bb09afb56b1aa787ca574cc732085272059fd5f
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I686bab9220e27891f66bf60489c1602855786aa8
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I3c914d5c457df40205280ac589a2d353261343d5
|
|
Type: fix
Change-Id: If6784c9eb278f525e05304d10fd1a00641faaaf0
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: docs
Change-Id: I9b5e5137eb4c1e89f6e8d7a278cd11a0fd496471
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Use thread-specific vlib_main_t *vm pointers to avoid problems
with different threads accessing the same vlib_main_t data
structure. This avoids crashing when ipfix logging is enabled
and several threads are used.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: Ic1d3d335919d7666ead14be1153eb8c8c07b7356
|
|
Force session cleanup drops NAT db.
Also fixing user specific cli/api calls.
Type: improvement
Change-Id: Ia3e25fcf07fe5fb9a83d55c03fe90aca727b41ac
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I609fef6f96c6a3fc85a4dc07e75244b0e1ba9239
|
|
Type: refactor
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I33b2b38961b200dc3297b82124a7107b9ecbd0de
|
|
Type: improvement
Change-Id: I170256ab47978db34fb0ff6808d9cd54ab872410
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
The api no longer requires packed ip addresses.
Type: test
Change-Id: If67365d86b7c3189f871a58234e99f9c8f875371
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: refactor
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I0f82d937b4829e5a7f074d4d566fa49319a11716
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Idbbad246161d28f595c25e10d7282c8b33fa9876
|
|
With port overloading, port is no longer a scarce resource and there
is no need to limit connections per internal IP. This saves one hash
insert in slow path.
Type: improvement
Change-Id: I8a7a9713ac855fa99fa1617ec684f757cf6e09ae
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I50df248afb3f6b46c49e6695b3f124cfd584f016
|
|
Use out2in_ed hash table for port overloading tracking instead of
global table. This reduces number of hash insertions in slowpath.
Type: improvement
Change-Id: Iad4e897d52033beb7f6d76a7ddb596eef586c6cb
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Fixes: b86437b79b82493c2e9728929df417f55b153824
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2c833928dcdceb4d23dfc161bcc3358272076980
|
|
Add a suitable ASSERT in the bihash template in case this happens again.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ib370d4238f6bae2995bc30fd17fad5c41053c3d1
|
|
Previously dslite was moved to separate plugin folder
and CE mode was removed. But it still needed.
This patch adds CE option to separate config entry
Type: feature
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: If153ae08fa385ba5a6605cb412e49bbb4d1db46c
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: If5c00faa309cf3e1ea8bdf8b23250041f6a499c4
|
|
Type: refactor
Change-Id: I9f743ba2818e1b1c5004c3575925cc7b479948d8
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Id2d181385f109163d4c806eecda166c2087c4b92
|
|
Maintain a global session LRU allowing reuse of expired session instead
of relying on a scavenging mechanism to periodically walk sessions.
Whenever a new session is being allocated in slow path, also attempt to
free an expired session from global LRU list.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9edde9ec138de67c9a4888e915b0490ec16415fa
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I1be559a98f74c28a9c83fe320c8ce02459793e66
|
|
Type: fix
Change-Id: I11440c855eb35d2a6095dfe135e4ab5090f11ff3
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
If session is expired, the packet which we just received might be a one,
which legitimely creates a new session, process it in slow path instead
to decide the outcome.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I45628f52d37ae9dee5e8aa58171ff0b86f91f5dd
|
|
An unknown proto packet can be processed as UDP with destination port
rewriting which breaks the original packet.
With this commit, stop processing unknown proto packets after
nat44_ed_out2in_unknown_proto() execution.
Type: fix
Change-Id: Iea93faf3c282f542d5ee7120c15e1027c1e4abc9
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a.
Reason for revert: Verify failure. Doesn't build.
Type: fix
Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Wait transitory timeout seconds before moving internal state of TCP
session to CLOSED state per RFC 7857. This patch implements this
functionality for endpoint-dependent NAT.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
|
|
Type: fix
Change-Id: I021b1427362f4bdba1c0ebc9863c9143dd6b3cb7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I5ec761bfcdc13a8238b83ff46c2f1c53ec0e79d8
|
|
This fixes a bug in the initialization of handoff_out2in_index and
handoff_in2out_index where the node index for out2in was set to the
in2out node, and vice versa.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I983ddd3b3cec06f4cb3fb95b2a9cda4ab6d1270f
|
|
Patch changes the behavior of session scavenging and fixes multiple
nat issues. Allows proper session clearing and removes issue with lingering sessions
in session db. Patch also updates and fixes CLI/API calls for better readability
of session state metrics. Fixes security issue that would allow attacker to
reuse timed out session in both directions (in2out/out2in).
Type: improvement
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I78897585a2a57291fad5db6d457941aa0a0457bd
|
|
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I81546423200cc7f8a06b527dac8ead191a9e0519
|
|
Type: improvement
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: Ia5dbfe864c18e953ff49147a9a4684d2ca14b96e
|
|
Save the next session timeout when sweeping sessions for cleanup so that
we can avoid unnecessary runs of the sweeping algorithm.
Type: fix
Change-Id: I736d00f2dfe242af10f963fbe34b11128f8b0613
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: improvement
Change-Id: I07c7e1c154583906ac9af958f22ed9a1be382f4a
Signed-off-by: Filip Varga <fivarga@cisco.com>
|