summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
AgeCommit message (Collapse)AuthorFilesLines
2019-11-04nat: revert fix dual-loop tcp checksum botchOle Troan1-17/+9
This reverts commit 9654a37fac7fe2b425576eb0237b8d24ae44e1b1. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I93ed5a48303421de43f5494c11db2be9a3c8ce57
2019-11-04nat: fix dual-loop tcp checksum botchDave Barach1-9/+17
Type: fix Fixes: 22921 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I4fecce96d027c0ee1797d9d84cfab94b1ecdc02b
2019-10-28nat: respect udp checksumFilip Varga6-166/+428
Type: fix Change-Id: I73895fa0101bd50483160c8dc6faac2c67513077 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-10-22ip: ipfix-export API updateJakub Grajciar1-80/+76
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I5b03e5de111c3a3b8da4e9f02cba0aa99e3ee9f3
2019-10-17nat: tests support python3Ole Troan1-10/+9
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ie15ea8f01846f87cb65e90e8762dc941441fc176
2019-10-04nat: fix use-after-freeBenoît Ganne1-4/+6
Type: fix Change-Id: Iac91c086c4e975f0bada058f40b7b7d4475377f8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-09-23nat: fix update of outside fibs (output-feature)Dmitry Vakhrushev3-4/+198
NAT hasn't worked when NAT interfaces wasn't in default VRF (fib_index = 0). This issue has been occurred with interfaces with output-feature in endpoint-dependent mode. Update VAT commands: - update nat44_add_del_address_range - add nat44_interface_add_del_output_feature Ticket: VPP-1732 Type: fix Change-Id: Iddea15dde4b948f159a0056d48c55bd917037fd1 Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
2019-09-16api: autogenerate api trace print/endianOle Troan1-0/+5
In addition to the external vppapitrace tool, VPP itself supports dumping of API trace files. In two formats, "custom-dump" and "dump". "dump" gives a human friendly list, and "custom-dump" is meant to give a list of commands that can be fed to VAT. This patch only deals with "dump". Prior to this fix, auto-generation was only done for the basic types. This fix adds support for any type, including lists, and supports pretty-printing of enums, strings, IP addresses, MAC addresses and so on. Usage: api trace dump <api-trace-file> For example Change-Id: I4e485680e6dcfce7489299ae6cf31d835071ac40 ---------- trace 48 ----------- vl_api_sw_interface_set_flags_t: _vl_msg_id: 75 client_index: 0 context: 10 sw_if_index: 1 flags: IF_STATUS_API_FLAG_ADMIN_UP ---------- trace 49 ----------- vl_api_sw_interface_add_del_address_t: _vl_msg_id: 88 client_index: 0 context: 11 sw_if_index: 1 is_add: 1 del_all: 0 prefix: 172.16.1.1/24 ---------- trace 51 ----------- vl_api_cli_inband_t: _vl_msg_id: 819 client_index: 0 context: 13 cmd: packet-generator capture pg0 pcap /tmp/vpp-unittest-TestMAP-YhcmDX/pg0_out.pcap disable ---------- trace 58 ----------- vl_api_ip_neighbor_add_del_t: _vl_msg_id: 199 client_index: 0 context: 20 is_add: 1 neighbor: sw_if_index: 2 flags: IP_API_NEIGHBOR_FLAG_NONE mac_address: 0202.0000.ff02 ip_address: fd01:2::2 Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I5556d06008de2762e7c2d35a8b0963ae670b3db1 Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2019-09-10misc: fix shebang with missing envNathan Skrzypczak1-1/+1
This is needed for macos where /usr/bin/python[23] does not exist and /usr/bin is write protected Type: fix Change-Id: Ia1b3c732248c78482993de532fa2ea96e376d90a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-09-03api: enforce vla is last and fixed string typeOle Troan3-123/+42
Enforce that variable length fields are the last element of API messages. Add a 'fixed' version of string type, since dealing with multiple variable length strings turned out too painful for the C language bindings. The string type is now: { string name[64]; // NUL terminated C-string. Essentially decays to u8 name[64] string name[]; // Variable length string with embedded len field (vl_api_string_t) }; The latter notation could be made available to other types as well. e.g. { vl_api_address_t addresses[]; } instead of { u32 n_addr; vl_api_address_t addresses[n_addr]; }; Type: fix Change-Id: I18fa17ef47227633752ab50453e8d20a652a9f9b Signed-off-by: Ole Troan <ot@cisco.com>
2019-08-22tests: move plugin tests to src/plugins/*/testDave Wallace2-0/+9846
- Relocate plugin tests for 'make test' into src/plugins/*/test so that plugin test cases are co-located with the plugin source code. Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I503e6a43528e14981799b735fa65674155713f67 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-08-22nat: handoff traffic matching for dynamic NATFilip Varga9-222/+493
Type: feature Change-Id: I5c5af6f9acb340cc674323305104b8ce23e6d21d Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-08-20vppapigen: remove support for legacy typedefsPaul Vinciguerra2-2/+1
vppapigen has remapped legacy to typedefs behind the scenes for some time now. - update .api files to use new style typedefs. - issue error on 'typeonly define' in .api files - remove unneeded macros redefining vl_noop_handler Type: refactor Change-Id: I7a8c4a6dafacee6a131f95cd0e9b03a8c60dea8b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-08-01nat: handoff rewrite & fixes for multi-workerFilip Varga2-60/+163
Type: fix Change-Id: Ib9164d8f6c681e8900e645306f3a2dc0ac0e40a8 Signed-off-by: Filip Varga <filipvarga89@gmail.com>
2019-07-31nat: elog rewrite for multi-worker supportFilip Varga17-142/+340
Type: fix Change-Id: I04f136a04bc022d223e4bcb5c59920bd1f1fd560 Signed-off-by: Filip Varga <filipvarga89@gmail.com>
2019-07-23nat: fixed handoff in2out lookup of static mappings by external addressFilip Varga1-2/+2
Type: fix Change-Id: Ie5befde2f23caffb033b3b9f35ac1535c1224925 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-07-12nat: added handoff trace index for easier trace matchFilip Varga1-2/+4
Type: feature Change-Id: Id818f86164acabcb732e9a65d0e284d68e747a7b Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-07-12nat: fix net44 lb static APIBenoît Ganne1-1/+1
tag should be added at the end of the reply message instead of overwriting the original data. Type: fix Fixed: dd1e3e780c Change-Id: I4b31cf3a4a41b49ea9039a9398114dbf49a53e57 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-09vat: unload unused vat pluginsDave Barach1-2/+3
If the corresponding vpp plugin is absent, return a non-zero clib_error_t * from vat_plugin_register ("xxx plugin not loaded"). The vat plugin calls dlclose on the vat plugin, and it disappears. Depending on the plugin configuration, this can reduce the vpp virtual size by several gigabytes. Added a VAT_PLUGIN(<plugin-name>) macro to vat_helper_macros, clean up boilerplate vat_plugin_register() implementations. Fixed a number of non-standard vat_plugin_register methods. Type: refactor Change-Id: Iac908e5af7d5497c78d6aa9c3c51cdae08374045 Signed-off-by: Dave Barach <dave@barachs.net>
2019-06-26api: refactor format_vl_api_prefix_t return keysPaul Vinciguerra1-3/+3
format_vl_api_prefix_t returns a dict with keys 'address' and 'address_length', but other format_vl_api_prefix functions return a dict with 'prefix', and 'len'. Refactor all format_vl_api_prefix_t to return consistent keys 'address' and 'len'. Type: refactor Change-Id: I5f9558fc2da8742a303266e011102f5b2db80aad Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-26api: Remove the inlines file and replace with library functionsNeale Ranns1-1/+0
using inlines exposes the users to the internal data types used by VPP, namely vec.h. This file does not compile with a C++ compiler. Type: feature Change-Id: I1544fdd9eae998309f865df61df78571bdb96903 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-18api: string type to convert to vectorOle Troan1-0/+1
Previous use of strndup() required user to remember to call free(). Now return a vector pointing directly to the API message string. Of course user must remember to copy the string out if lifetime is longer than API message lifetime. Change-Id: Ib5e2b3d52d258e1a42ea9ea9a9e04abbe360e2bf Type: fix Signed-off-by: Ole Troan <ot@cisco.com>
2019-06-12NAT: interface fib fix (VPP-1691)Filip Varga1-8/+16
Change-Id: I2d1e2addb2e440c23c255ac7709169f7909cb0be Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-06-07no trigger nat ipfix flush in first workerdongjuan1-1/+1
Change-Id: I4dbeed0b94003a698e9218648d4b352db6fbb70e Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
2019-05-30nat44: fix CLI doc errorjackiechen19851-2/+2
Change-Id: Iac6bd29389839c9eb8c1ff2105b4da69b6e1ce3e Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2019-05-30NAT: create bypass in correct thread if workers>1Alexander Chernavin1-9/+40
Change-Id: I70817579a09a7026f5fa7c8e71babded891ea285 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-05-28nat44: make nat44-ed-hairpin-src follow arcMatthew Smith1-1/+1
It defaults to using interface-output as the next node. If other output features are enabled on the ip4-output arc, they get skipped. That makes me sad. Change-Id: I3f4d3320fb8092918e1e0663c66baca1c74c26ec Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-05-23Fix vpp crash bug while deleting dhcp clientjackiechen19851-0/+1
We must do lock fib while vrf id ~0, otherwise it crashes while unlocking fib. Change-Id: Iec9754ccd67634a132bc5384a4f796d4a65943ae Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2019-05-16Add default value for API Nat flagsMichal Cmarada1-0/+1
Change-Id: I4f1b83ae1c746b8f67f2d12a02081702b9553b44 Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
2019-05-15Remove unused function nat44_ha_resync() and error IN_PROGRESS.Jon Loeliger1-38/+0
The unused function nat44_ha_resync() was the only function that used the error message VNET_API_ERROR_IN_PROGRESS. The error was the only error code that was positive, and didn't really play well with the other error codes. Change-Id: I7d03c2ee915094b635f6efdca7427f71e4d19f2b Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-05-10Fix typo in nat44_cli.c:nat_ha_failover_command_fn.Paul Vinciguerra1-3/+3
Change-Id: Icdf531b3c688c4da6be732ff178316e3757aebb5 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-05-09NAT: VPP-1665 coverity scan issue fixFilip Varga1-2/+9
Change-Id: I092a9f8237a895f907590772f2ea213a86502fb4 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-05-06NAT64: Fix port byte order in nat64_free_out_addr_and_portFaicker Mo1-1/+1
Change-Id: Idc050e469a5b697ca5587ddd4e87ac2d48d15658 Signed-off-by: Faicker Mo <faicker.mo@ucloud.cn>
2019-05-06NAT66:assgin a error value for clib_bihash_kv_48_8_t kvlijianpeng1-2/+3
Change-Id: Iac0c8218abc8d144d93a955e948a48a732b63107 Signed-off-by: lijianpeng <li.jianpeng@zte.com.cn>
2019-05-03plugins: clean up plugin descriptionsDave Wallace1-1/+1
- Make plugin descriptions more consistent so the output of "show plugin" can be used in the wiki. Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-04-26nat: fix ED mode unknown proto session managementMatthew Smith3-8/+24
In endpoint dependent mode, when a session at the head of a user LRU is reused, if the IP protocol for that session was unknown (any other than tcp, udp, or icmp), the attempt to delete the session mapping from the in2out bihash was not using the same key that was used when the mapping was added. This would cause the deletion of the mapping to fail. If packets arrive later which match the original session, the search for the session key would succeed when it should have failed and the session, which is now associated with a different pair of endpoints, may end up being updated when it should not be. Update the key generation when reallocating an existing session to do the right thing if the session is for an unknown protocol. Also update format_nat_session() for unknown protocols so that 'vppctl show nat44 session detail' will display the protocol correctly. In endpoint dependent mode, the IP protocol is stored in the port field on a session if the protocol is unknown. The value is stored in host byte order, but the format function was swapping the bytes before writing the protocol. Change-Id: I9e8daadd4569cb2610532dab4e4f41d1567cf3d1 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-04-26nat: prevent creation when-resolved static mappings on errorsAlexander Chernavin1-1/+1
When you create two identical NAT44 static mappings using interface name as external address and only local or ext port is different, VALUE_EXIST will be raised but when-resolved static mapping will remain. vpp# nat44 add static mapping tcp local 10.128.0.129 443 external GigabitEthernet0/8/0 8443 vpp# nat44 add static mapping tcp local 10.128.0.129 80 external GigabitEthernet0/8/0 8443 nat44 add static mapping: Mapping already exist. vpp# show nat44 static mappings NAT44 static mappings: tcp local 10.128.0.129:443 external 2.2.2.2:8443 vrf 0 tcp local 10.128.0.129:443 external GigabitEthernet0/8/0:8443 vrf -1 tcp local 10.128.0.129:80 external GigabitEthernet0/8/0:8443 vrf -1 With this commit, when-resolved static mapping is not created if the translation only differs in local or ext port. Change-Id: Ifc960b9dc1371caa2a8d3206a80a0ffd10d293e4 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-24NAT: VPP-1531 api cleanup & updateFilip Varga4-422/+580
Change-Id: I2492400a67b39a3adbc24ab7cf1ba17a409e95a8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-04-23Revert "NAT: VPP-1531 api cleanup & update"Ole Trøan4-576/+422
This reverts commit bed1421b9f1b3643d93384084972337b596aec73. /vpp/master3/src/plugins/nat/nat_api.c: In function ‘send_nat_worker_details’: /vpp/master3/src/vppinfra/clib.h:62:33: error: division ‘sizeof (u8 * {aka unsigned char *}) / sizeof (u8 {aka unsigned char})’ does not compute the number of array elements [-Werror=sizeof-pointer-div] #define ARRAY_LEN(x) (sizeof (x)/sizeof (x[0])) ^ /vpp/master3/src/plugins/nat/nat_api.c:205:43: note: in expansion of macro ‘ARRAY_LEN’ rmp = vl_msg_api_alloc (sizeof (*rmp) + ARRAY_LEN (w->name) - 1); ^~~~~~~~~ Change-Id: Ie82672c145fb2f6580827f95e535435307bc7a23 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-23NAT: VPP-1531 api cleanup & updateFilip Varga4-422/+576
Change-Id: I519d7efc8ee3c86381d96be2e2a46017cd948895 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-04-19Doxygen cleanup.Dave Wallace1-1/+1
- Add subpages definitions in appropriate section (User or Dev docs) for doc files (*.rst, *.md) that being listed at the top level of the generated doc page. - Generate and add API list to RELEASE doc. - Fix list_api_changes script to use HEAD as the endtag so it doesn't need to be changed every release. Change-Id: Iace7b6433359c6b96869cb1db01facbbcb0ac1e6 Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit 11ee93f6abfaddf5bbd56cf0858c0c6ea0384b65)
2019-04-10API: Fix shared memory only action handlers.Ole Troan1-11/+11
Some API action handlers called vl_msg_ai_send_shmem() directly. That breaks Unix domain socket API transport. A couple (bond / vhost) also tried to send a sw_interface_event directly, but did not send the message to all that had registred interest. That scheme never worked correctly. Refactored and improved the interface event code. Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-09nat: initialize fq_in2out_output_indexMatthew Smith1-0/+1
When using the output feature ('postrouting') outbound translation, no packets are passed when using worker threads. The frame queue for in2out packets to be handed off between threads is never allocated. This is because that allocation only happens if the value of fq_in2out_output_index == ~0, but fq_in2out_output_index is never initialized prior to checking that. Initialize fq_in2out_output_index to ~0 so a frame queue will be allocated when there are worker threads. Change-Id: I0836685eb611348643c11ac7e4d0cab935a29384 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-03-28Typos. A bunch of typos I've been collecting.Paul Vinciguerra3-5/+6
Change-Id: I53ab8d17914e6563110354e4052109ac02bf8f3b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-02-27NAT44: active-passive HA (VPP-1571)Matus Fabian14-79/+2463
session synchronization so that we can build a plain active-passive HA NAT pair Change-Id: I21db200491081ca46b7af3e82afc677c1985abf4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2019-02-26DSLITE: Fix dslite_get_b4_addr_reply message type.Jon Loeliger1-1/+1
Fix what appears to be a cut-n-past error. Change-Id: I71ee32c1b0d2dc38ed3df4bd24ec4248005a6008 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-02-18NAT: fix: multiple definition of nat64_cleaner_process_event_eNeale Ranns3-3/+3
Change-Id: Idcff6108f4f965344afce9ff614018239819dc95 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-18NAT: VPP-1552 code migration from old multiarch schemeFilip Varga26-448/+387
Change-Id: I88f3df8aaa521e7707ef3335acdbf1ab41e7ee28 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-02-18NAT44: fix snat_get_worker_out2in_cb (VPP-1536)Matus Fabian4-17/+126
Change-Id: I9c562f8e3407ca60a4412a162015fa505b7590b6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2019-01-28Fix issues with order of NAT commands before set VRF table on an interfaceDmitry Vakhrushev1-2/+66
Outside FIB index doesn't change in this case. We register callback for changing of outside FIB if table binding is changed on an interface. Change-Id: I1ebbd7c3c547fc999089db07abd2019734395a6e Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>