summaryrefslogtreecommitdiffstats
path: root/src/plugins/snat/snat.c
AgeCommit message (Collapse)AuthorFilesLines
2017-04-12CGN: configurable timeoutsMatus Fabian1-1/+138
add API and CLI configuration of deterministic NAT session timeout for TCP, UDP and ICMP protocol Change-Id: I577440452e7eaedcb5d80501a7fd4b76e31e8c9c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-04-11Add ICMP support for deterministic NATJuraj Sloboda1-0/+2
Change-Id: I9a6bcb7d173a2c13d89784e7ff8a6e42dcee201f Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-03-22vlib: add description field in plugin registrationDamjan Marion1-0/+1
Change-Id: I88b322a5d602f3d6d3310e971479180a89430e0e Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-16API:replaced all REPLY_MACRO's with api_helper_macros.hEyal Bari1-1/+1
Change-Id: I08ab1fd0abdd1db4aff11a38c9c0134b01368e11 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-15API: define optional base_id for REPLY_MACRO'sEyal Bari1-102/+3
this enables sharing the api_helper_macros.h implementation Change-Id: Ie3fc89f3b4b5a47fcfd4b5776db90e249c55dbc3 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-13Refactor SNAT ICMP codeJuraj Sloboda1-0/+8
Change-Id: I07de08ef111011694638a8ebe7a13c240714ce7e Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-03-08SNAT: deterministic map dumpMartin1-1/+51
Change-Id: Iead6dc6a0fe15a0b8e148e780c3aeadd0b378824 Signed-off-by: Martin <magalik@cisco.com>
2017-03-08SNAT: fix coverity warnings (VPP-608)Matus Fabian1-2/+3
Change-Id: Id7879a6a8014fe57c3515a13e7597fb0e3c906ad Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-08SNAT: user_session_dump is_ip4 and vat unformating addedMartin1-0/+2
Change-Id: I0ffab147c3218a75b7c3bb829983f538c7b637ee Signed-off-by: Martin <magalik@cisco.com>
2017-03-07CGN: Deterministic NAT (VPP-623)Matus Fabian1-87/+612
Inside user is statically mapped to a set of outside ports. Support endpoint dependent mapping to deal with overloading of the outside ports. Change-Id: I8014438744597a976f8ae459283e8b91f63b7f72 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-07Add setting of tenant VRF id for SNAT addresses (VPP-641)Juraj Sloboda1-6/+29
Change-Id: I9c0bb35ba16e04206ac481495f6638d3763754a1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-03-06SNAT: session dump last heard type fixMartin1-2/+2
Change-Id: I3323f7d4bb5da4bc2b19637964e5467ac92680cd Signed-off-by: Martin <magalik@cisco.com>
2017-03-02SNAT: user's dump and session dump of a certain snat user.magalik1-1/+141
Change-Id: If75a35dbdcb43c1ce0128b8649f2ca3970d3fff5 Signed-off-by: Martin <magalik@cisco.com>
2017-02-22VPP-635: CLI Memory leak with invalid parameterBilly McFall1-43/+96
In the CLI parsing, below is a common pattern: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else return clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); } unformat_free (line_input); The 'else' returns if an unknown string is encountered. There a memory leak because the 'unformat_free(line_input)' is not called. There is a large number of instances of this pattern. Replaced the previous pattern with: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else { error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); goto done: } } /* ...Remaining code... */ done: unformat_free (line_input); return error; } In multiple files, 'unformat_free (line_input);' was never called, so there was a memory leak whether an invalid string was entered or not. Also, there were multiple instance where: error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); used 'input' as the last parameter instead of 'line_input'. The result is that output did not contain the substring in error, instead just an empty string. Fixed all of those as well. There are a lot of file, and very mind numbing work, so tried to keep it to a pattern to avoid mistakes. Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2 Signed-off-by: Billy McFall <bmcfall@redhat.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-02-15SNAT: add static mappings with unresolved external interface address to ↵Matus Fabian1-1/+62
snat_static_mapping_dump Change-Id: Ib560b397700fe058ad1e2970989d98e3debf54aa Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-06SNAT: fix snat_add_static_mapping_command() uninitialized variableMatus Fabian1-4/+8
Change-Id: I7775dd3b90d5a3449650c3102e24bfedd770beb1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-05SNAT: initialize outside and inside FIB index in snat_configMatus Fabian1-22/+5
Change-Id: If26d758997d71792cedad1afae8d6a38cfd364ac Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-03Plugin infrastructure improvementsDamjan Marion1-21/+6
This patch replaces requirement for vlib_plugin_register function in the plugin so file and introduces new macro: VLIB_PLUGIN_REGISTER () = { .version = "version string", .version_required = "requred version", .default_disabled = 1, .early_init = "early_init_function_name", }; Plugin will nor be loaded if .default_disabled is set to 1 unless explicitely enabled in startup.conf. If .verstion_required is set, plugin will not be loaded if there is version mismatch between plugin and vpp. This can be bypassed by setting "skip-version-check" for specific plugin. If .early-init string is present, plugin loader will try to resolve this specific symbol in the plugin namespace and make a function call. Following startup.conf configuration is added: plugins { path /path/to/plugin/directory plugin ila_plugin.so { enable skip-version-check } plugin acl_plugin.so { disable } } Change-Id: I706c691dd34d94ffe9e02b59831af8859a95f061 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-03SNAT: Port allocation per protocolMatus Fabian1-52/+144
Ports are allocated per protocol (UDP, TCP, ICMP) 1:1 NAT with port is configured for specific protocol Change-Id: I37ae5eed3715b223d0620d4fdaed7a482bb7a834 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-02SNAT: changed source for outbound address FIB entry (VPP-613)Matus Fabian1-21/+11
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for flags and resolving interface get. Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-31SNAT: Add outbound addresses to FIB (VPP-613)Matus Fabian1-1/+110
Add the external NAT address to the FIB as receive entries. This ensures that VPP will reply to ARP for these addresses and we don't need to enable proxy ARP on the outside interface. Change-Id: I1db153373c43fec4808845449a17085509ca588c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-25SNAT: static mappings for dhcp addressed interfaces (VPP-590)Matus Fabian1-82/+117
updated API added test Change-Id: I3f6017ecf09b924cb320c1b5f323cd33f7a37447 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-22Add static mapping support for dhcp client interfacesDave Barach1-2/+90
Change-Id: I0412f95b71b9768d41c9c398a24adb1555bde20b Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-14SNAT: IPFIX logging (VPP-445)Matus Fabian1-4/+108
Change-Id: I8450217dd43a1cd9f510e40dfb22274ffc33a4c6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-13SNAT: add API and test for NAT pool address from interfaceMatus Fabian1-6/+116
Change-Id: I2a868f736fae8d37b438c604a9284653ea415541 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-11Acquire SNAT pool addresses from specific interfacesDave Barach1-0/+124
Pick up addresses added by DHCP client, or by static configuration Needs to have binary API support added Change-Id: I962ef89e6e5f36cdc5457b92e165c498b08b25a9 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-01Move java,lua api and remaining plugins to src/Damjan Marion1-0/+1957
Change-Id: I1c3b87e886603678368428ae56a6bd3327cbc90d Signed-off-by: Damjan Marion <damarion@cisco.com>