Age | Commit message (Collapse) | Author | Files | Lines |
|
After get_icmp_o2i_ed_key() bihash key may include
IP protocol and addresses from inner ICMP packet.
It is OK for session lookup, but we should not create
a session on ICMP error message receiving.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Ic93272ebe90d2288a975265439f9e079eb28936a
|
|
Bihash key already contains rx_fib_index for lookup
but fib value for session itself is set to 0.
In the result bihash is allocated with key with fib index
set, but free function is looking for key with fib index set
to zero. It leads to use-after-free because session itself is
removed from pool but bihash is not because of key mismatch.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I8ac5a41b0a5a32b1baab9e9d757141d5b24b7798
|
|
Type: refactor
Change-Id: I8785e4987e4f60361072440d0c3c6954c9c12394
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I330822c5d675cdfa57ab75ceb0223f11e0ebb7d2
|
|
Type: style
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I26a19e42076e031ec5399d5ca05cb49fd6fbe1cd
|
|
Type: refactor
Change-Id: I3b9e17164647d2019b1f40cffeed63393345219e
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
Change-Id: I3c5ca31de8046b82fb3d3f364ba88370fe51ef02
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Change-Id: I288e93da192cf48b3d774e36584d471d4daa2727
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The syntax of the deprecated flag has evolved.
Clean up usage to be "option deprecated;".
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: If2b639f275eb8db58b36c457f9245fe35a4d8cb1
|
|
The dslite plugin would on plugin load initialize large bihash datastructures.
Postpone until configured.
Type: improvement
Change-Id: Ie790ab8c5fc39fac18153acd54dcd051805e763a
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Multiple (> 1) workers leads to handoff node being enabled.
This node pops next feature index to nat.arc_next to make sure
that packet will be pushed to the next feature in the arc.
But node nat44-ed-in2out-output also pops next feature and changes
arc_next. So actual next feature will be skipped in that case.
It leads to all nat44-ed-in2out packets being dropped if we have
multiple workers (handoff node enabled).
To resolve this a new node was added (nat-pre-in2out-output) to fill
arc_next in single worker case and multiple worker case is already
handled by handoff node.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed
|
|
Type: fix
Change-Id: Icf6ce0ddb5fe9d078503e9d9ff7e7b26423f53f8
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Let twice-nat static mapping pick specific
address from the twice-nat pool.
Type: improvement
Change-Id: Iadaa036af2fa3b0e6e9a68ff6e68b4bbe1650eb1
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
In one's complement, there are two representations of zero: the all
zero and the all one bit values, often referred to as +0 and -0. See
RFC 1624 section 3 for more details.
This used to be taken care of in ip4_header_checksum(), but it is no
longer the case. The check ip->checksum == ip4_header_checksum (ip) is
no longer correct in the -0 case.
Always use ip4_header_checksum_is_valid() instead (which behaves
correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4).
Type: fix
Fixes: e5f0050c7a5d411f96af6401797529d58825e2af
Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Translation memory size is internally a uword, but in api it was u32,
resulting in the returned value being 0 all the time.
Fix the "incorrect" API reply to return a u32 capped to 0xffffffff if
the u64 is larger than that, introduce the message with
the correct type, deprecate the message with the incorrect type.
Also, while we are updating the message definition,
add the max translations / max users per worker thread
into the new message.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I92e38a6a2bcb70fc8d1b129bbe416bf7f9e54280
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Change-Id: I78017b02015116f93b579c7381119f618351c98d
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Change-Id: I57ae649d1b26d5bea2df89c209f257372e565b49
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Replace speculative buffer enqueue coding model with
vlib_get_buffers(...)/vlib_buffer_enqueue_to_next(...).
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ib5a32d60592fb17ed0ba1ac074047e39780f74be
|
|
fib table removal would leave lingering sessions in vpp
this patch is aimed at solving this issue by grouping
sessions by source and destionation fib. if one of the
fibs gets removed this grouping is tagged as expired
and session won't be passed to non existing fib table
Ticket: VPPSUPP-93
Type: improvement
Change-Id: I45b1205a8b58d91f174e6feb862554ec2f6cffad
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
Change-Id: I0bb203102a0e13dd7448e2125925ab356bbd7937
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Some statistics counters were implemented as error counters. Move them
to stat segment, where they belong.
Type: improvement
Change-Id: I5600bec1b4e0496282297374ec1e79d909cdaf8a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ibad744788e200ce012ad88ff59c2c34920742454
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I83f44711264376389989152666f3c71216146bdd
|
|
Change the port number selection for new NAT sessions so that it
matches how the thread index is calculated from the port number for
out2in packets. Before this change there was a problem when the
largest port number in the range was used, that resulted in the wrong
thread index being selected when out2in packets arrive for that
session.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I936c389eb0d5df6168e18e5e44754de1cdad6ad1
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
This saves about 20 clocks/packet in both code paths.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ib559c74bf8168e3ddd764d51b7e5bcd2a557f591
|
|
Type: refactor
Change-Id: I8c1f0c02a4522c1f9e461ddadd59938579ec00c6
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Replace speculative buffer enqueue coding model with
vlib_get_buffers(...)/vlib_buffer_enqueue_to_next(...).
Type: improvement
Change-Id: I7dbfac2234a7bd754c599857eb1d5b601da5bc7c
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Return error instead of dividing by zero.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9f6a942e87ab87e8f1921e744ec1add45884e74a
|
|
Prevent overflow if input network prefix is too small and crash on
packet #1 due to vector not being allocated/initialized.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I3494cc62ce889df48cc59cc9340b5dd70338c3a8
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I04952865b7e2b447763d0b67d120c3d933177646
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I747d78966a7296dcbae54d54b0c165d407c8863d
|
|
Type: refactor
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Icc55276c8a4c256049718610cb131a34dc8d0a80
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Id6ab7e2ca965e860ea3f96145a888e0f3ccf9778
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ia824d663c86d6a7c9bafe0206e9a93f93884739d
|
|
Prefer using source port form packet as outside port if possible.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I5c25f6a42386f38c9a6cc95bd7dda9f090b49817
|
|
Type: fix
Fixes: a1018c166a468f7692ab621c743503914266f508
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I86592f73a60fd146d3764e474f975881e940c244
|
|
Derive reasonable values from max translations/max users.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I41a96ab63ab138b4160cd60bd6df24fc73791c86
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Iea1748e8e39d213fcb3f3b52379bd37a6dd6aa3d
|
|
Replace whitespread (mis)use of snat_session_key_t by proper function
arguments where applicable and inline functions to calculate hash keys
instead of using structs for that. Make all hash tables use same network
byte order port so that there is no longer a discrepancy between static
mappings using host byte order while in2out/out2in tables using network
byte order.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I80786d2f947c67824c101a13bb608f1fe1080f34
|
|
Type: fix
Change-Id: I0e87021b11009a955f5839bdb68af897145816c1
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Ticket: VPP-1887
Type: fix
Change-Id: I341ac7b455926a106d736f4de6771aae655db82e
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ife437f959e29d3de88bd7ee77221ada86fb03e80
|
|
Type: refactor
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I1110e425859a4f1f07952c91b50f263cb7323836
|
|
Otherwise, the out2in path will discard return-path traffic with
probability 1.0.
Type: fix
Fixes: gerrit 23963 / f126e746fc01c75bc99329d10ce9127b26b23814
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I621ed99329c04ef358035747dde599c0016b58f5
|
|
Change in snat_ipfix_header_create() to use thread-specific
vlib_main_t *vm pointer to avoid problems with different threads
accessing the same vlib_main_t data structure. This avoids
assertion failure when vlib_time_now() is called with a vm
corresponding to a different thread.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I2096c1debb5688d3b97e5ed9a0ea78d94053d8b7
|
|
Fix allocation of port per dslite session.
After each session is created per protocol,
when new one should be created with new port,
instead it's trying to create with the same port
and while(1) loop is executed forever and VPP does
not response
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ic91b8b07253498ef9846ca60bcd4c4c76a5fac91
|
|
Type: fix
Change-Id: I7cb7e3716aee865b12235865009e39ed6ad16680
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Identified and removed executable bit from source files in the tree.
find . -perm 755 -name *.[ch] -exec chmod a-x {} \;
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I00710d59fcc46ce5be5233109af4c8077daff74b
|
|
Parallel merges introduced two test clasess with a same name. Rename
latter, so that former is seen (and run) by test runner again.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I47772b41bb940bfdda4536cdd1f9b5e3768ca18b
|
|
Since the removal of "users" concept in ED-NAT nat44_user_dump API
returns empty array. This brings back previous behaviour at
a considerable runtime cost until a better API is introduced.
Type: improvement
Change-Id: I5a45923cfeb6b8ebe6fc906601264d6567386991
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|