summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
AgeCommit message (Collapse)AuthorFilesLines
2019-12-10api: multiple connections per processDave Barach1-1/+1
Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I2272521d6e69edcd385ef684af6dd4eea5eaa953
2019-12-04fib: Decouple source from priority and behaviourNeale Ranns6-35/+46
Type: feature the fib_source_t enum alone no longer defines the priority and behaviour, instead each source must be allocated these attributes. This allows the creation of other sources by the plugins (and soon over the API). Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I890ee820fbc16079ee417ea1fbc163192806e853
2019-11-27nat: fix dhcp client on outside interface with output featureAlexander Chernavin2-0/+86
When a DHCP client is configured on a NAT outside interface with output feature enabled, DHCP packets will reach the NAT in2out-output node and will be dropped with "out of ports" reason. With this commit, allow locally originated DHCP packets to be sent from a NAT outside interface with output feature enabled. Type: fix Change-Id: I47d76b22587f2bf0c7b0b9dfda41c89f8f61d0b4 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-11-26fib: Table ReplaceNeale Ranns1-13/+16
Type: feature from the API doc, a table replace is: " The use-case is that, for some unspecified reason, the control plane has a very different set of entries it wants in the table than VPP currently has. The CP would thus like to 'replace' VPP's current table only by specifying what the new set of entries shall be, i.e. it is not going to delete anything that already eixts. the CP delcartes the start of this procedure with this begin_replace API Call, and when it has populated all the entries it wants, it calls the below end_replace API. From this point on it is of coursce free to add and delete entries as usual. The underlying mechanism by which VPP implements this replace is purposefully left unspecified. " In the FIB, the algorithm is implemented using mark and sweep. Algorithm goes: 1) replace_begin: this marks all the entries in that table as 'stale' 2) download all the entries that should be in this table - this clears the stale flag on those entries 3) signal the table converged: ip_table_replace_end - this removes all entries that are still stale this procedure can be used when an agent first connects to VPP, as an alternative to dump and diff state reconciliation. Change-Id: I168edec10cf7670866076b129ebfe6149ea8222e Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-19nat: respect arc features (multi worker)Filip Varga7-419/+887
Type: fix Ticket: VPP-1747 Change-Id: If282aae3e584d7017c200f897b99c8a37eb1b2e5 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-11-15tests: Remove the unrequired VPP IP address/prefix class wrappersNeale Ranns1-13/+7
Type: refactor Change-Id: I204f3f8eebc5f5d5a377e91262f91c615fd00168 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-06build: add yaml file linting to make checkstylePaul Vinciguerra1-7/+6
Type: feature fts and trex rely on yaml config files. Verify that they are valid, so comitters can catch errors early. Change-Id: Ide0bb276659119c59bdbbc8b8155e37562a648b8 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-05misc: Fix python scripts shebang lineRenato Botelho do Couto3-3/+3
Type: fix Since CentOS 8, RPM build script doesn't accept '#!/usr/bin/env python' as a valid shebang line. It requires scripts to explicitly chose between python2 or python3. Change all to use python3 as suggested by Paul Vinciguerra. Depends-On: https://gerrit.fd.io/r/23170 Signed-off-by: Renato Botelho do Couto <renato@netgate.com> Change-Id: Ie72af9f60fd0609e07f05b70f8d96e738b2754d1
2019-11-05nat: NAT udp counter & unit test fixesFilip Varga5-20/+20
Ticket: VPP-1798 Type: fix Change-Id: I42f02d5824575720e95b9fc99cfa864252221a82 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-11-05nat: respect udp checksumFilip Varga6-170/+428
Type: fix Change-Id: I732be02d2e2b854eb589c3fa10f980ef2dbe8dfc Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-11-04nat: revert respect udp checksumOle Troan6-428/+166
This reverts commit 0d75f783644a24b219ed79d9f9c17387783f67ca. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Iaf33301201897e6646eba2b4157e2a45f5fd30f2
2019-11-04nat: revert fix dual-loop tcp checksum botchOle Troan1-17/+9
This reverts commit 9654a37fac7fe2b425576eb0237b8d24ae44e1b1. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I93ed5a48303421de43f5494c11db2be9a3c8ce57
2019-11-04nat: fix dual-loop tcp checksum botchDave Barach1-9/+17
Type: fix Fixes: 22921 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I4fecce96d027c0ee1797d9d84cfab94b1ecdc02b
2019-10-28nat: respect udp checksumFilip Varga6-166/+428
Type: fix Change-Id: I73895fa0101bd50483160c8dc6faac2c67513077 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-10-22ip: ipfix-export API updateJakub Grajciar1-80/+76
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I5b03e5de111c3a3b8da4e9f02cba0aa99e3ee9f3
2019-10-17nat: tests support python3Ole Troan1-10/+9
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ie15ea8f01846f87cb65e90e8762dc941441fc176
2019-10-04nat: fix use-after-freeBenoît Ganne1-4/+6
Type: fix Change-Id: Iac91c086c4e975f0bada058f40b7b7d4475377f8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-09-23nat: fix update of outside fibs (output-feature)Dmitry Vakhrushev3-4/+198
NAT hasn't worked when NAT interfaces wasn't in default VRF (fib_index = 0). This issue has been occurred with interfaces with output-feature in endpoint-dependent mode. Update VAT commands: - update nat44_add_del_address_range - add nat44_interface_add_del_output_feature Ticket: VPP-1732 Type: fix Change-Id: Iddea15dde4b948f159a0056d48c55bd917037fd1 Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
2019-09-16api: autogenerate api trace print/endianOle Troan1-0/+5
In addition to the external vppapitrace tool, VPP itself supports dumping of API trace files. In two formats, "custom-dump" and "dump". "dump" gives a human friendly list, and "custom-dump" is meant to give a list of commands that can be fed to VAT. This patch only deals with "dump". Prior to this fix, auto-generation was only done for the basic types. This fix adds support for any type, including lists, and supports pretty-printing of enums, strings, IP addresses, MAC addresses and so on. Usage: api trace dump <api-trace-file> For example Change-Id: I4e485680e6dcfce7489299ae6cf31d835071ac40 ---------- trace 48 ----------- vl_api_sw_interface_set_flags_t: _vl_msg_id: 75 client_index: 0 context: 10 sw_if_index: 1 flags: IF_STATUS_API_FLAG_ADMIN_UP ---------- trace 49 ----------- vl_api_sw_interface_add_del_address_t: _vl_msg_id: 88 client_index: 0 context: 11 sw_if_index: 1 is_add: 1 del_all: 0 prefix: 172.16.1.1/24 ---------- trace 51 ----------- vl_api_cli_inband_t: _vl_msg_id: 819 client_index: 0 context: 13 cmd: packet-generator capture pg0 pcap /tmp/vpp-unittest-TestMAP-YhcmDX/pg0_out.pcap disable ---------- trace 58 ----------- vl_api_ip_neighbor_add_del_t: _vl_msg_id: 199 client_index: 0 context: 20 is_add: 1 neighbor: sw_if_index: 2 flags: IP_API_NEIGHBOR_FLAG_NONE mac_address: 0202.0000.ff02 ip_address: fd01:2::2 Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I5556d06008de2762e7c2d35a8b0963ae670b3db1 Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2019-09-10misc: fix shebang with missing envNathan Skrzypczak1-1/+1
This is needed for macos where /usr/bin/python[23] does not exist and /usr/bin is write protected Type: fix Change-Id: Ia1b3c732248c78482993de532fa2ea96e376d90a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-09-03api: enforce vla is last and fixed string typeOle Troan3-123/+42
Enforce that variable length fields are the last element of API messages. Add a 'fixed' version of string type, since dealing with multiple variable length strings turned out too painful for the C language bindings. The string type is now: { string name[64]; // NUL terminated C-string. Essentially decays to u8 name[64] string name[]; // Variable length string with embedded len field (vl_api_string_t) }; The latter notation could be made available to other types as well. e.g. { vl_api_address_t addresses[]; } instead of { u32 n_addr; vl_api_address_t addresses[n_addr]; }; Type: fix Change-Id: I18fa17ef47227633752ab50453e8d20a652a9f9b Signed-off-by: Ole Troan <ot@cisco.com>
2019-08-22tests: move plugin tests to src/plugins/*/testDave Wallace2-0/+9846
- Relocate plugin tests for 'make test' into src/plugins/*/test so that plugin test cases are co-located with the plugin source code. Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I503e6a43528e14981799b735fa65674155713f67 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-08-22nat: handoff traffic matching for dynamic NATFilip Varga9-222/+493
Type: feature Change-Id: I5c5af6f9acb340cc674323305104b8ce23e6d21d Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-08-20vppapigen: remove support for legacy typedefsPaul Vinciguerra2-2/+1
vppapigen has remapped legacy to typedefs behind the scenes for some time now. - update .api files to use new style typedefs. - issue error on 'typeonly define' in .api files - remove unneeded macros redefining vl_noop_handler Type: refactor Change-Id: I7a8c4a6dafacee6a131f95cd0e9b03a8c60dea8b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-08-01nat: handoff rewrite & fixes for multi-workerFilip Varga2-60/+163
Type: fix Change-Id: Ib9164d8f6c681e8900e645306f3a2dc0ac0e40a8 Signed-off-by: Filip Varga <filipvarga89@gmail.com>
2019-07-31nat: elog rewrite for multi-worker supportFilip Varga17-142/+340
Type: fix Change-Id: I04f136a04bc022d223e4bcb5c59920bd1f1fd560 Signed-off-by: Filip Varga <filipvarga89@gmail.com>
2019-07-23nat: fixed handoff in2out lookup of static mappings by external addressFilip Varga1-2/+2
Type: fix Change-Id: Ie5befde2f23caffb033b3b9f35ac1535c1224925 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-07-12nat: added handoff trace index for easier trace matchFilip Varga1-2/+4
Type: feature Change-Id: Id818f86164acabcb732e9a65d0e284d68e747a7b Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-07-12nat: fix net44 lb static APIBenoît Ganne1-1/+1
tag should be added at the end of the reply message instead of overwriting the original data. Type: fix Fixed: dd1e3e780c Change-Id: I4b31cf3a4a41b49ea9039a9398114dbf49a53e57 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-09vat: unload unused vat pluginsDave Barach1-2/+3
If the corresponding vpp plugin is absent, return a non-zero clib_error_t * from vat_plugin_register ("xxx plugin not loaded"). The vat plugin calls dlclose on the vat plugin, and it disappears. Depending on the plugin configuration, this can reduce the vpp virtual size by several gigabytes. Added a VAT_PLUGIN(<plugin-name>) macro to vat_helper_macros, clean up boilerplate vat_plugin_register() implementations. Fixed a number of non-standard vat_plugin_register methods. Type: refactor Change-Id: Iac908e5af7d5497c78d6aa9c3c51cdae08374045 Signed-off-by: Dave Barach <dave@barachs.net>
2019-06-26api: refactor format_vl_api_prefix_t return keysPaul Vinciguerra1-3/+3
format_vl_api_prefix_t returns a dict with keys 'address' and 'address_length', but other format_vl_api_prefix functions return a dict with 'prefix', and 'len'. Refactor all format_vl_api_prefix_t to return consistent keys 'address' and 'len'. Type: refactor Change-Id: I5f9558fc2da8742a303266e011102f5b2db80aad Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-26api: Remove the inlines file and replace with library functionsNeale Ranns1-1/+0
using inlines exposes the users to the internal data types used by VPP, namely vec.h. This file does not compile with a C++ compiler. Type: feature Change-Id: I1544fdd9eae998309f865df61df78571bdb96903 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-18api: string type to convert to vectorOle Troan1-0/+1
Previous use of strndup() required user to remember to call free(). Now return a vector pointing directly to the API message string. Of course user must remember to copy the string out if lifetime is longer than API message lifetime. Change-Id: Ib5e2b3d52d258e1a42ea9ea9a9e04abbe360e2bf Type: fix Signed-off-by: Ole Troan <ot@cisco.com>
2019-06-12NAT: interface fib fix (VPP-1691)Filip Varga1-8/+16
Change-Id: I2d1e2addb2e440c23c255ac7709169f7909cb0be Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-06-07no trigger nat ipfix flush in first workerdongjuan1-1/+1
Change-Id: I4dbeed0b94003a698e9218648d4b352db6fbb70e Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
2019-05-30nat44: fix CLI doc errorjackiechen19851-2/+2
Change-Id: Iac6bd29389839c9eb8c1ff2105b4da69b6e1ce3e Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2019-05-30NAT: create bypass in correct thread if workers>1Alexander Chernavin1-9/+40
Change-Id: I70817579a09a7026f5fa7c8e71babded891ea285 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-05-28nat44: make nat44-ed-hairpin-src follow arcMatthew Smith1-1/+1
It defaults to using interface-output as the next node. If other output features are enabled on the ip4-output arc, they get skipped. That makes me sad. Change-Id: I3f4d3320fb8092918e1e0663c66baca1c74c26ec Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-05-23Fix vpp crash bug while deleting dhcp clientjackiechen19851-0/+1
We must do lock fib while vrf id ~0, otherwise it crashes while unlocking fib. Change-Id: Iec9754ccd67634a132bc5384a4f796d4a65943ae Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2019-05-16Add default value for API Nat flagsMichal Cmarada1-0/+1
Change-Id: I4f1b83ae1c746b8f67f2d12a02081702b9553b44 Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
2019-05-15Remove unused function nat44_ha_resync() and error IN_PROGRESS.Jon Loeliger1-38/+0
The unused function nat44_ha_resync() was the only function that used the error message VNET_API_ERROR_IN_PROGRESS. The error was the only error code that was positive, and didn't really play well with the other error codes. Change-Id: I7d03c2ee915094b635f6efdca7427f71e4d19f2b Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-05-10Fix typo in nat44_cli.c:nat_ha_failover_command_fn.Paul Vinciguerra1-3/+3
Change-Id: Icdf531b3c688c4da6be732ff178316e3757aebb5 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-05-09NAT: VPP-1665 coverity scan issue fixFilip Varga1-2/+9
Change-Id: I092a9f8237a895f907590772f2ea213a86502fb4 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-05-06NAT64: Fix port byte order in nat64_free_out_addr_and_portFaicker Mo1-1/+1
Change-Id: Idc050e469a5b697ca5587ddd4e87ac2d48d15658 Signed-off-by: Faicker Mo <faicker.mo@ucloud.cn>
2019-05-06NAT66:assgin a error value for clib_bihash_kv_48_8_t kvlijianpeng1-2/+3
Change-Id: Iac0c8218abc8d144d93a955e948a48a732b63107 Signed-off-by: lijianpeng <li.jianpeng@zte.com.cn>
2019-05-03plugins: clean up plugin descriptionsDave Wallace1-1/+1
- Make plugin descriptions more consistent so the output of "show plugin" can be used in the wiki. Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-04-26nat: fix ED mode unknown proto session managementMatthew Smith3-8/+24
In endpoint dependent mode, when a session at the head of a user LRU is reused, if the IP protocol for that session was unknown (any other than tcp, udp, or icmp), the attempt to delete the session mapping from the in2out bihash was not using the same key that was used when the mapping was added. This would cause the deletion of the mapping to fail. If packets arrive later which match the original session, the search for the session key would succeed when it should have failed and the session, which is now associated with a different pair of endpoints, may end up being updated when it should not be. Update the key generation when reallocating an existing session to do the right thing if the session is for an unknown protocol. Also update format_nat_session() for unknown protocols so that 'vppctl show nat44 session detail' will display the protocol correctly. In endpoint dependent mode, the IP protocol is stored in the port field on a session if the protocol is unknown. The value is stored in host byte order, but the format function was swapping the bytes before writing the protocol. Change-Id: I9e8daadd4569cb2610532dab4e4f41d1567cf3d1 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-04-26nat: prevent creation when-resolved static mappings on errorsAlexander Chernavin1-1/+1
When you create two identical NAT44 static mappings using interface name as external address and only local or ext port is different, VALUE_EXIST will be raised but when-resolved static mapping will remain. vpp# nat44 add static mapping tcp local 10.128.0.129 443 external GigabitEthernet0/8/0 8443 vpp# nat44 add static mapping tcp local 10.128.0.129 80 external GigabitEthernet0/8/0 8443 nat44 add static mapping: Mapping already exist. vpp# show nat44 static mappings NAT44 static mappings: tcp local 10.128.0.129:443 external 2.2.2.2:8443 vrf 0 tcp local 10.128.0.129:443 external GigabitEthernet0/8/0:8443 vrf -1 tcp local 10.128.0.129:80 external GigabitEthernet0/8/0:8443 vrf -1 With this commit, when-resolved static mapping is not created if the translation only differs in local or ext port. Change-Id: Ifc960b9dc1371caa2a8d3206a80a0ffd10d293e4 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-24NAT: VPP-1531 api cleanup & updateFilip Varga4-422/+580
Change-Id: I2492400a67b39a3adbc24ab7cf1ba17a409e95a8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-04-23Revert "NAT: VPP-1531 api cleanup & update"Ole Trøan4-576/+422
This reverts commit bed1421b9f1b3643d93384084972337b596aec73. /vpp/master3/src/plugins/nat/nat_api.c: In function ‘send_nat_worker_details’: /vpp/master3/src/vppinfra/clib.h:62:33: error: division ‘sizeof (u8 * {aka unsigned char *}) / sizeof (u8 {aka unsigned char})’ does not compute the number of array elements [-Werror=sizeof-pointer-div] #define ARRAY_LEN(x) (sizeof (x)/sizeof (x[0])) ^ /vpp/master3/src/plugins/nat/nat_api.c:205:43: note: in expansion of macro ‘ARRAY_LEN’ rmp = vl_msg_api_alloc (sizeof (*rmp) + ARRAY_LEN (w->name) - 1); ^~~~~~~~~ Change-Id: Ie82672c145fb2f6580827f95e535435307bc7a23 Signed-off-by: Ole Troan <ot@cisco.com>