summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
AgeCommit message (Collapse)AuthorFilesLines
2021-05-06vlib: rename vl_counter_t to vlib_error_desc_tOle Troan1-1/+1
Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I368b0410db2d633d3c52199c840e24d21952c1b4
2021-05-06pnat: coverity errorsOle Troan4-5/+13
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ic38cfbdcab86172bad6ec6cb4c66c83f8deed64f Signed-off-by: Ole Troan <ot@cisco.com>
2021-05-05nat: cli commands parsing fixFilip Varga2-235/+200
Newline get's ignored when parsing configuration file. Type: fix Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: Ib4f86177150dfe3bc085231a9268cf730490ea81
2021-05-05nat: fixing cfg file parsing cli issuesFilip Varga4-93/+92
Type: fix Change-Id: I35012bb2f7af1996c954641af40f3223bc7f37e4 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-05-01vlib: refactor trajectory trace debug featureBenoît Ganne2-8/+0
trajectory trace has been broken for a while because we used to save the buffer trajectory in a vector pointed to in opaque2. This does not work well when opaque2 is copied (eg. because of a clone) as 2 buffers end up sharing the same vector. This dedicates a full cacheline in the buffer metadata instead when trajectory is compiled in. No dynamic allocation, no sharing, no tears. Type: refactor Change-Id: I6a028ca1b48d38f393a36979e5e452c2dd48ad3f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-04-28nat: fix byte order on ipfix message fieldsMatthew Smith4-7/+10
Type: fix The code for quota exceeded events is a u32 and was being copied into ipfix packets in host byte order. Same for the limit field. Swap the order before copying into packet buffer. This change was applied once before but had to be reverted. This was because between the time the change was uploaded/reviewed and the time it was merged, a different patch was merged which activated a NAT ipfix unit test that had formerly only been run as part of the extended tests. The test was expecting the values to be in host byte order so it failed with this patch applied. This time around, that test has also been updated to expect network byte order. Change-Id: If5413b1f806d664f6786e56ba13c3eee573c26d2 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-04-23nat: correct detection of icmp bypass presenceKlement Sekera1-2/+2
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Iead167e7497e0779c440f7fb243014a06ae2b452
2021-04-21nat: fix multi worker scenariosKlement Sekera3-48/+161
Properly select worker from hash table in out2in direction, increase number of worker threads in MW test to 4 to test these cases. Type: fix Change-Id: I76eda5761ff497b85b031dd913a64b7fcb53b33a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-04-20nat: fixing cli bug for nat44-ei and nat44-edFilip Varga2-2/+2
Removing obsolete optional parameters. Type: fix Change-Id: I135eb4767979ab81636da16e91752a2ad80e0a45 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-04-20nat: nat44-ed i2o & o2i trace fixFilip Varga2-8/+10
If cache used than we don't print in trace session index. Type: fix Change-Id: Ib965cd8632b5217f8b2dd8b6cc6af3286c747582 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-04-14nat: test dynamic translation between two vrfsFilip Varga1-3/+41
Adding test for NAT44-ED subplugin. Type: test Change-Id: I10ce3d3ca8cb976ee9879efe77cb600df0102147 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-04-06tests: remove wrappersKlement Sekera1-75/+53
Improve the code by removing another kind of wrappers. Type: improvement Change-Id: I5292ef6c1761e3c6c2edd15f2aa625dac26c3732 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-04-01nat: fix ordering of feature nodesKlement Sekera1-2/+4
Fix ordering of feature nodes so that ACL runs after NAT in in2out direction so it can properly track stuff like ports after NAT rewrite. Type: fix Change-Id: I2c689b64765628e9bc77108914f74c6c801d8ce2 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-31nat: enable multiworker testsKlement Sekera1-2/+0
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I4a5d52d54aa2748008e896888bfeabb18a1088bb
2021-03-31nat: fix test for multi-worker scenarioKlement Sekera1-3/+16
Type: fix Change-Id: I170f9d8c685f59b7ccf6f9ee7fdc1dcdf2a54fe1 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-31nat: correct thread index usageKlement Sekera3-12/+15
Use actual thread index from hash table instead of doing calculation. Calculated index might be different and could lead to crash. Type: fix Change-Id: Iede9a67fbe541cb44eccd0d6ddf4e2c51eb35423 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-31nat: avoid creating negative zero checksumKlement Sekera1-1/+3
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ibbb72e77c751b7e775620cfb160b52ceff2da86b
2021-03-31nat: NAT44-ED unused value removalFilip Varga1-4/+1
Type: fix Coverity scan issue fix. Change-Id: I9036fade15fd381da9c1e6b575f250fdcb21f876 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-03-31nat: NAT66 plugin enable&disable calls updateFilip Varga6-93/+258
Type: improvement Adding support for enable&disable calls (dynamic plugin configuration). API (nat66_plugin_enable_disable) and CLI (nat66 plugin enable/nat66 plugin disable) with support for outside_vrf id configuration. Change-Id: I5637ff1621d6662adc3b7c6f7f8176d84a4b492b Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-03-30nat: fix HA multi-worker issuesKlement Sekera6-154/+176
Use correct vlib_main() in various code parts. Fix tests. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ia379f3b686599532dedaafad2278c4097a3f03f3
2021-03-26vlib: split vlib_main_t into global and per-threadDamjan Marion1-11/+0
Type: refactor Change-Id: I8b273bc3bf16aa360f031f1b2692f766e5fc4613 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-26vlib: introduce vlib_get_main_by_index(), vlib_get_n_threads()Damjan Marion4-18/+18
Type: improvement Change-Id: If3da7d4338470912f37ff1794620418d928fb77f Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-25nat: allocate enough space for full port usageKlement Sekera1-1/+1
Type: fix Change-Id: I068bfeaf22b9e6cce967c27acdd46d4b8541bdf8 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-25nat: fix bihash kvp printKlement Sekera1-2/+3
Type: fix Change-Id: I392d348b1a38affac8761b0614b117cd991958d7 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-25nat: prevent usage of ED nodes in EI codeKlement Sekera2-44/+118
Type: fix Change-Id: I84d511c30eb5878a1867f5e9d2207a39d4f0926c Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-25nat: fix vnet_feature_next in source hairpinningKlement Sekera1-3/+11
Avoid erroneous double vnet_feature_next if routing buffer manually. Type: fix Change-Id: I3f56c12bf57f59a1e5ddad63a2565fa195934cf6 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-20tests: add support for worker awarenessKlement Sekera2-2/+2
VppTestCase now has vpp_worker_count property set to number of workers. This can be overriden by child classes. Also overriden by VPP_WORKER_CONFIG variable for legacy reasons. Type: improvement Change-Id: Ic328bacb9003ddf9e92815767653bd362aa7f086 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-15nat: get rid of worker selection callbacksKlement Sekera8-81/+77
Make code easier to read and debug. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ib52a4cdd3bcdcc475053aa32af3964c00859e1cd
2021-03-15nat: pnat copy and clear byte instructionsAndrew Yourtchenko13-161/+658
Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I8e48bdcc4c311717e067bb0a4e0b409a2eb8e83d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Ole Troan <ot@cisco.com>
2021-03-15nat: remove unused parameterKlement Sekera1-9/+9
Type: refactor Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ifb4a9c52fd2c5dd9f3f5cf41214aa1851f6d7acd
2021-03-12nat: remove unused importKlement Sekera1-1/+0
Type: style Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I66b7ed03f784f3992a910ad6a52ed89116a39297
2021-03-09tests: re-enable the rest of NAT44ED tests for multiworkerAndrew Yourtchenko1-1/+0
Type: test Change-Id: I37a12e3580c3631582f366944fe30f325b46f366 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-03-09nat: fix dst nat thread issuesKlement Sekera3-121/+124
Make sure packet lands on the right thread for dst nat case. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I0ec4e4c2bb3fa80ff73fac588c36d36420ba68fa
2021-03-09pnat: coverity fixesOle Troan2-3/+5
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia1cfdbd39ed458cb3fffd29a8b6d6eff64644de8
2021-03-07nat: replace main vlib with per-thread vlibKlement Sekera6-67/+53
Fix incorrect vlib main usage. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ic5304ca844f1b27756818eb6995b1d9c08412674
2021-03-07nat: fix worker selectionKlement Sekera7-89/+73
Use correct ports from SVR. Perform lookup of existing session for all cases to pick any created bypasses and derive correct thread indexes. Type: fix Change-Id: I1e3814c9e13cd4d9b8d65f514f7e9ab42df3c22e Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-07nat: test - add show traceKlement Sekera1-0/+1
Add missing show trace. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2f216bfc1bc70ebcbf5593214d46601f44f0b6e2
2021-03-06nat: use correct node indexes for queuesKlement Sekera1-2/+2
Type: fix Change-Id: I30b847acc4653fea9d609fc0d5875c3fda0824ef Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-01nat: avoid crash if plugin not enabledKlement Sekera1-18/+21
Avoid crash if nat pool not allocated when issuing "show nat44 summary". Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
2021-03-01nat: pick outside addr based on local addrKlement Sekera6-107/+215
Use outside addresses more evenly by using local address to pick from pool of addresses. This ensures stability from POV of remote host - an internal host always gets translated using the same outside address, so it doesn't appear to be "hopping". Also, this avoids all hosts being translated using the first address, which helps avoid needless recaptchas and the like. Exact assignment depends on internal ordering of addresses - local address is used to pick an offset into internal vector. If that address cannot be used, a linear search is performed as a fallback mechanism to find a possible translation. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
2021-02-26nat: optimize flow matching in ED NATKlement Sekera5-81/+87
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet) Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
2021-02-26nat: NAT44ED fail if using old plugin optionFilip Varga3-448/+496
Fail if obsolete flag is used. Type: fix Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-24nat: Final NAT44 EI/ED split patchFilip Varga44-5781/+10760
This patch achieves complete separation of endpoint-dependent and endpoint-independent IPv4 NAT features. Some common stuff is also moved to NAT library. Type: refactor Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-24docs: move pnat doc link into dev doc sectionDave Wallace1-1/+1
- "PNAT: 1:1 match and rewrite programmable NAT" link was hanging out on the top level of the doc tree. Move it to VPP->Developer Documentation. Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Iadb7d3463567a2414eece68db0a3743237ab26f9
2021-02-18tests: re-enable NAT44ED tests for multiworkerAndrew Yourtchenko1-1/+0
Re-enable the test for 2-worker config test Change-Id: Ie108c5d244c6704ffa152177ca77f6b6055fe38e Type: test Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-13nat: pnat only use save_rewrite_length on output pathOle Troan1-3/+2
Don't expect save_rewrite_length to be set correctly on RX path. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ieee40d119213f617c3d836181e5879f084b74548 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-11tests: tag the tests that do not work with multi-worker configurationAndrew Yourtchenko4-0/+9
If the multi-worker default VPP configuration is triggered by setting VPP_WORKER_CONFIG="workers 2", some of the tests fail for various reasons. It's a substantial number, so this change marks all of the testsets that have this issue, such that they can be addressed later independently. Type: test Change-Id: I4f77196499edef3300afe7eabef9cbff91f794d3 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-10nat: fix EI hairpinning thread safetyKlement Sekera6-64/+810
Avoid doing inter-thread reads without locks by doing a handoff before destination address rewrite. Destination address is read from a session which is possibly owned by a different thread. By splitting the work in two parts with a handoff in the middle, we can do both in a thread safe way. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I1c50d188393a610f5564fa230c75771a8065f273
2021-02-09nat: bump default max translations to 63KKlement Sekera1-1/+1
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ibea7ec844d1d910e8a3235e11154b1ecea8302ac
2021-02-09nat: deny adding intf addr if static-mapping-onlyAlexander Chernavin1-0/+8
If static-mapping-only is enabled, NAT pool cannot be configured, only static mappings. There're two ways to add addresses to the NAT pool: by address range, or by first found address from an interface. NAT44_ADD_DEL_ADDRESS_RANGE already tests if dynamic mappings are available but NAT44_ADD_DEL_INTERFACE_ADDR doesn't. If static-mapping-only is enabled, adding addresses by range is rejected but by interface not. With this change, if static-mapping-only is enabled, do not allow to add addresses to the NAT pool both ways. Type: fix Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ifc055ea9a71a5e579388833a2990aef21bf7ed29