summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
AgeCommit message (Collapse)AuthorFilesLines
2019-04-19Doxygen cleanup.Dave Wallace1-1/+1
- Add subpages definitions in appropriate section (User or Dev docs) for doc files (*.rst, *.md) that being listed at the top level of the generated doc page. - Generate and add API list to RELEASE doc. - Fix list_api_changes script to use HEAD as the endtag so it doesn't need to be changed every release. Change-Id: Iace7b6433359c6b96869cb1db01facbbcb0ac1e6 Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit 11ee93f6abfaddf5bbd56cf0858c0c6ea0384b65)
2019-04-10API: Fix shared memory only action handlers.Ole Troan1-11/+11
Some API action handlers called vl_msg_ai_send_shmem() directly. That breaks Unix domain socket API transport. A couple (bond / vhost) also tried to send a sw_interface_event directly, but did not send the message to all that had registred interest. That scheme never worked correctly. Refactored and improved the interface event code. Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-09nat: initialize fq_in2out_output_indexMatthew Smith1-0/+1
When using the output feature ('postrouting') outbound translation, no packets are passed when using worker threads. The frame queue for in2out packets to be handed off between threads is never allocated. This is because that allocation only happens if the value of fq_in2out_output_index == ~0, but fq_in2out_output_index is never initialized prior to checking that. Initialize fq_in2out_output_index to ~0 so a frame queue will be allocated when there are worker threads. Change-Id: I0836685eb611348643c11ac7e4d0cab935a29384 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-03-28Typos. A bunch of typos I've been collecting.Paul Vinciguerra3-5/+6
Change-Id: I53ab8d17914e6563110354e4052109ac02bf8f3b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-02-27NAT44: active-passive HA (VPP-1571)Matus Fabian14-79/+2463
session synchronization so that we can build a plain active-passive HA NAT pair Change-Id: I21db200491081ca46b7af3e82afc677c1985abf4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2019-02-26DSLITE: Fix dslite_get_b4_addr_reply message type.Jon Loeliger1-1/+1
Fix what appears to be a cut-n-past error. Change-Id: I71ee32c1b0d2dc38ed3df4bd24ec4248005a6008 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-02-18NAT: fix: multiple definition of nat64_cleaner_process_event_eNeale Ranns3-3/+3
Change-Id: Idcff6108f4f965344afce9ff614018239819dc95 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-18NAT: VPP-1552 code migration from old multiarch schemeFilip Varga26-448/+387
Change-Id: I88f3df8aaa521e7707ef3335acdbf1ab41e7ee28 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-02-18NAT44: fix snat_get_worker_out2in_cb (VPP-1536)Matus Fabian4-17/+126
Change-Id: I9c562f8e3407ca60a4412a162015fa505b7590b6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2019-01-28Fix issues with order of NAT commands before set VRF table on an interfaceDmitry Vakhrushev1-2/+66
Outside FIB index doesn't change in this case. We register callback for changing of outside FIB if table binding is changed on an interface. Change-Id: I1ebbd7c3c547fc999089db07abd2019734395a6e Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
2019-01-22NAT: ipfix call optimizationFilip Varga4-9/+10
Change-Id: I84dfdbb727fb765fcaa7fb0099cbdd7ef7dbcc10 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-01-21NAT: VPP-1537 IPFIX per worker processingFilip Varga21-533/+545
Change-Id: I428bd25a513eb9fe65bea56572fea8cab7c51681 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-01-20buffers: don't init metadata, as it is already initializedDamjan Marion1-36/+0
Change-Id: Ia083050389853c25b069f0f8286d50d3f4aef527 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-01-16NAT: Fixed issues with dropping reverse packets with output-feature.Dmitry Vakhrushev1-0/+32
Fixed NAT issues with dropping reverse packets in case NAT worked in 'endpoint-dependent' mode and outside interface has FIB different from 0 when the output-feature is set. In this case, the out2in_ed dynamic hash key was not being created correctly. Change-Id: I6362967f4b09a375a4606eedaa8e264795b25453 Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
2018-12-21NAT: fix coverity error 190176 (VPP-1474)Matus Fabian1-0/+2
Change-Id: I0ee80c7bec59d3e9c69e92e6cf0af1a6864a4ec4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-12-20NAT: total users and sessions gauges (VPP-1484)Matus Fabian10-9/+154
Change-Id: I41a82e21571d5c64d01af72cd88c3983afac26ed Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-12-18NAT44: nat44_add_del_lb_static_mapping enhancements (VPP-1514)Matus Fabian6-54/+447
Change-Id: I5419e06592b0402e911e132796368800321f355a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-12-14NAT: counters (VPP-1484)Matus Fabian8-76/+362
Change-Id: I5d1852a09712adfe7547c200d161539736aca6f5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-29NAT: syslog - sessions logging (VPP-1139)Matus Fabian11-2/+463
Change-Id: I6e0b7cf37c1a9ac66f8ac011db29504e57844ee9 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-23NAT44: improve expired sessions reuse (VPP-1503)Matus Fabian2-79/+65
Change-Id: Iab506f127136c94a641df31ded108016de26260b Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-22NAT44: Apply transitory timeout on TCP RST (VPP-1494)Matus Fabian2-0/+9
RFC7857 section 2.2. Change-Id: I031af5fe379b72262e83fd8565c34fa1b772f2c8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-20NAT44: fix virtual fragmentation reassembly in forwarding mode (VPP-1501)Matus Fabian1-0/+8
Change-Id: Id86d8aa8753b9b2ff4c709b11e3901ba8d552918 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-19NAT44: fix bug in TCP close with output-feature interface (VPP-1493)Matus Fabian4-4/+82
Change-Id: If8c883d6b1ee58de9a03012d3567ec82211a0225 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-14Remove c-11 memcpy checks from perf-critical codeDave Barach10-99/+92
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-07NAT44: fix undesired dependency between static mapping and address from the ↵Matus Fabian2-1/+9
pool (VPP-1485) Change-Id: Iaa404361eac2a6612dcdaba3f73bae41a35c5446 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-23c11 safe string handling supportDave Barach12-71/+71
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-19NAT44: fix ICMP virtual fragmentation reassembly (VPP-1466)Matus Fabian4-63/+122
Change-Id: I8006bca02948d9121f474a3d14f0576747bb3c51 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-19vppinfra: add atomic macros for __sync builtinsSirshak Das1-4/+4
This is first part of addition of atomic macros with only macros for __sync builtins. - Based on earlier patch by Damjan (https://gerrit.fd.io/r/#/c/10729/) Additionally - clib_atomic_release macro added and used in the absence of any memory barrier. - clib_atomic_bool_cmp_and_swap added Change-Id: Ie4e48c1e184a652018d1d0d87c4be80ddd180a3b Original-patch-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Sirshak Das <sirshak.das@arm.com> Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com> Reviewed-by: Ola Liljedahl <ola.liljedahl@arm.com> Reviewed-by: Steve Capper <steve.capper@arm.com>
2018-10-12NAT44: identity NAT fix (VPP-1441)Matus Fabian4-32/+118
Change-Id: Ic4affc54d15d08b9b730f6ec6146ee053b28b4b6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-08NAT44: do not create session record for identity mapping (VPP-1439)Matus Fabian10-103/+233
Change-Id: I39a3146a4e4ba8eadf50af7113b9ae6b1c1d688f Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-05NAT: convert remaining clib_warning to nat_log_*Juraj Sloboda4-30/+30
Change-Id: Ie999ab852cc3775ec90820624d97be746d2590a4 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-10-02Update code to compute checksum for buffer chainsJuraj Sloboda2-6/+10
Compute ICMP checksum for buffer chains Fix checksum function for buffer chains Change-Id: I39b845b94a63c3ab5fc9f6f9ab36cadbc67c104f Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-10-01thread: Add show threads apiMohsin Kazmi1-1/+1
Change-Id: I3124238ab4d43bcef5590bad33a4ff0b5d8b7d15 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-09-26NAT44: endpoint-dependent mode session timeout improvement (VPP-1423)Matus Fabian2-0/+28
Change-Id: Ib62e503f4eb5d72431288de32f417a4553df4e0c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-25NAT44: fix nat44_o2i_ed_is_idle_session_cb (VPP-1424)Matus Fabian2-4/+1
Change-Id: I47e1fc789ddf3dbfdf9768b99d5c3a8804d6b750 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-24NAT44: endpoint-dependent mode session timeout improvement (VPP-1423)Matus Fabian4-27/+63
Change-Id: I630f3da1ea4e6e50a50f1352c097becef1efe3c0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-24Trivial: Clean up some typos.Paul Vinciguerra1-3/+3
Change-Id: I085615fde1f966490f30ed5d32017b8b088cfd59 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-09-21NAT: Refactoring / Housekeeping (VPP-1415)Matus Fabian19-10848/+11482
Change-Id: Ia3ce24cc94f9b2fb331ad62a4181ddcd41bc78ca Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-20NAT44 virtual fragmentation reassembly for endpoint-dependent mode (VPP-1325)Juraj Sloboda6-147/+1296
Change-Id: I36ece2ef2eaef9fa559d69ec7f7f07e7c16a7a9d Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-09-19nat: free port_bitmapdongjuan1-0/+7
Change-Id: Ied0fc50f1afb0f7fc563784544699726a6d03380 Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
2018-09-13NAT: TCP MSS clampingMatus Fabian9-0/+236
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation. If the negotiated MSS value is greater than the configured value it is changed to the configured value. If the negotiated MSS value is smaller than the configured value it remains unchanged. Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-11nat: fix busy ports of each threaddongjuan1-4/+15
which can create dead loop in nat_alloc_addr_and_port_default function Change-Id: I468c25ce0f0a0b3f881de564623dea208b2ca700 Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
2018-09-06NAT: fix maximum out of order fragments (VPP-1399)Matus Fabian6-8/+38
All fragments should be dropped when max_frag is 1 and 2 non-initial fragments are received before first fragment. Change-Id: Id0c968f45629698e347e8226c5926f27b48b82d6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-04NAT: add support for configurable port range (VPP-1346)Matus Fabian5-3/+310
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-03NAT44: client-IP based session affinity for load-balancing (VPP-1297)Matus Fabian10-40/+524
Enable client-IP based session affinity per LB NAT rule with specific timeout. Change-Id: I9aade152e330218d21dfda99cc5e984d769ab806 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-27NAT44: fix nat44_ed_not_translate_output_feature for multiple VRF (VPP-1404)Matus Fabian1-9/+15
Change-Id: I44acc5aeff59dc25d18369e29618bbe39d30a1b3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-27cmake: Fix plugins .h includesMohsin Kazmi1-0/+4
Change-Id: I90600d000afb02e8969f3c01bcf9e4b5c10a7d39 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-08-27NAT44: add support for session timeout (VPP-1272)Matus Fabian13-534/+684
NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired sessions. When inserting to session lookup hash and bucket is full, expired session is overwritten. Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-27cmake: add missing vat pluginsDamjan Marion1-0/+3
Change-Id: Ib61f0299c17c0f021408ab0a44c5b54f55f8a8ec Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-08-25cmake: improve add_vpp_plugin macroDamjan Marion1-2/+5
Change-Id: Iffd5c45ab242a919592a1f686f7f880936b68a1a Signed-off-by: Damjan Marion <damarion@cisco.com>