summaryrefslogtreecommitdiffstats
path: root/src/plugins/snat
AgeCommit message (Collapse)AuthorFilesLines
2017-06-09NAT64: ICMP error supportMatus Fabian5-15/+202
Added ICMP error messages translation. Added check for multi thread (not supported yet, so init failed). Added API definition for custom NAT64 refix. Change-Id: Ice2f04631af63e594aecc09087a1cf59f3b676fb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-08NAT64: Add NAT64 support for snat plugin (VPP-699)Matus Fabian11-10/+3670
Basic NAT64 feature (no hairpinning, no multi-thread). Change-Id: I392fccbce93e70c117f4a9a7ec7cf08d6c537f2d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-05SNAT: fix ICMP hairpinningMatus Fabian1-1/+67
Change-Id: I9d63133bd1db72917571ade868040c4597c896a1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-05More GCC-7 errorsMarco Varlese1-0/+2
The Wmaybe-uninitialized is the new error included with Wall. This patch addresses the warning and fixes it. Change-Id: I8fdf9ff2d236c46b717024a14874fbbbad8af303 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-05-30Flowprobe: Stateful flows and IPv6, L4 recordingOle Troan1-3/+3
Change-Id: I67839281623721bf42f0a918a53356143d9dc78a Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Pavel Kotucek <pkotucek@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2017-05-24SNAT: fix IPFIX data src and dst portMatus Fabian1-2/+2
Change-Id: Ifa9582962710a3601fcccbbf388529043fc7f08a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-05-10completelly deprecate os_get_cpu_number, replace new occurencesDamjan Marion2-2/+2
Change-Id: I82c663bc0866c6c68ba354104b0bb059387f4b9d Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-05-10SNAT: move API code to separate fileMatus Fabian3-1256/+1311
Move API source code from snat.c to snat_api.c Change-Id: I1c4439eb5d2e3f43695ecc4d300eccd148105c15 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-04-27CGN: Send ICMP error packet if user is out of sessions availableMartin Gálik1-6/+21
Change-Id: I19a6015fde7342588cfa9c7a4f07016aa339cc72 Signed-off-by: Martin Gálik <magalik@cisco.com>
2017-04-26CGN: Session dump, test naming for ports fixedMartin Gálik3-3/+153
Change-Id: Ib542b2b3ee023fbe3d0e01ceaf4b4ab7a0ec80dc Signed-off-by: Martin Gálik <magalik@cisco.com>
2017-04-26CGNAT: close session API and CLI commands.Martin Gálik3-4/+351
Change-Id: I9c8636bd2c4b8da2907e8e4a4f2be1a2c3a8e0bb Signed-off-by: Martin Gálik <magalik@cisco.com>
2017-04-25"autoreply" flag: autogenerate standard xxx_reply_t messagesDave Barach1-80/+8
Change-Id: I72298aaae7d172082ece3a8edea4217c11b28d79 Signed-off-by: Dave Barach <dave@barachs.net>
2017-04-21CGN: IPFIX loggingMatus Fabian3-18/+215
maximum entries per user exceeded event Change-Id: Ie35d7f40f55001e2ef4a38f934f176594f25b189 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-04-19Support ping from outside network in 1:1 NAT (VPP-695)Juraj Sloboda4-45/+59
Change-Id: Iec8fd4c2bd26874bd8bda82172af797e9b92592c Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-12Handle multiple flows with the same client port in deterministic NATJuraj Sloboda2-15/+23
Handle situation when client tries to connect to multiple hosts/ports from the same client port. Extend matching to include remote host/port when searching for existing session and create session for each flow even when originating from the same client port. Change-Id: I4f54ded930e59e7196843c6bc1d2d2386c57cd3c Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-12CGN: configurable timeoutsMatus Fabian5-15/+290
add API and CLI configuration of deterministic NAT session timeout for TCP, UDP and ICMP protocol Change-Id: I577440452e7eaedcb5d80501a7fd4b76e31e8c9c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-04-12Support ICMP session timeout in deterministic NATJuraj Sloboda2-1/+8
Change-Id: I0306bc0ab87908adb79c594c657d579cb34b3ec1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-11Add ICMP support for deterministic NATJuraj Sloboda4-26/+414
Change-Id: I9a6bcb7d173a2c13d89784e7ff8a6e42dcee201f Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-10Refactor SNAT codeJuraj Sloboda3-119/+132
Change-Id: I71f34dc64d4ddc5f2ec1164cb3c353d0fe2d95ab Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-10Handle ICMP echo with TTL=1 in deterministic and fast SNAT nodesJuraj Sloboda2-3/+85
Change-Id: Icd25ec2e5faf69898178199aa44f21790ce664e1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-10Make fixes in SNAT codeJuraj Sloboda2-52/+56
Change-Id: I691d1bfb2923a07c0003485b1d0272aaf9ed27ee Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-06Use thread local storage for thread indexDamjan Marion3-111/+111
This patch deprecates stack-based thread identification, Also removes requirement that thread stacks are adjacent. Finally, possibly annoying for some folks, it renames all occurences of cpu_index and cpu_number with thread index. Using word "cpu" is misleading here as thread can be migrated ti different CPU, and also it is not related to linux cpu index. Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-22vlib: add description field in plugin registrationDamjan Marion1-0/+1
Change-Id: I88b322a5d602f3d6d3310e971479180a89430e0e Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-22SNAT: added actual delete to snat_det_mapMartin1-12/+45
Change-Id: I8187b43129b80fadd90ea493afb922064f79abbe Signed-off-by: Martin <magalik@cisco.com>
2017-03-16API:replaced all REPLY_MACRO's with api_helper_macros.hEyal Bari1-1/+1
Change-Id: I08ab1fd0abdd1db4aff11a38c9c0134b01368e11 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-15API: define optional base_id for REPLY_MACRO'sEyal Bari1-102/+3
this enables sharing the api_helper_macros.h implementation Change-Id: Ie3fc89f3b4b5a47fcfd4b5776db90e249c55dbc3 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-13Refactor SNAT ICMP codeJuraj Sloboda4-314/+558
Change-Id: I07de08ef111011694638a8ebe7a13c240714ce7e Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-03-08SNAT: deterministic map dumpMartin3-3/+125
Change-Id: Iead6dc6a0fe15a0b8e148e780c3aeadd0b378824 Signed-off-by: Martin <magalik@cisco.com>
2017-03-08SNAT: fix coverity warnings (VPP-608)Matus Fabian1-2/+3
Change-Id: Id7879a6a8014fe57c3515a13e7597fb0e3c906ad Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-08SNAT: user_session_dump is_ip4 and vat unformating addedMartin3-0/+20
Change-Id: I0ffab147c3218a75b7c3bb829983f538c7b637ee Signed-off-by: Martin <magalik@cisco.com>
2017-03-08CGN: fix outside port calculation and set buffer error (VPP-623)Matus Fabian2-18/+33
Change-Id: I5143328b2da62ce4d6bb2915e2a51855696d87fc Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-07CGN: Deterministic NAT (VPP-623)Matus Fabian8-163/+2148
Inside user is statically mapped to a set of outside ports. Support endpoint dependent mapping to deal with overloading of the outside ports. Change-Id: I8014438744597a976f8ae459283e8b91f63b7f72 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-07Add setting of tenant VRF id for SNAT addresses (VPP-641)Juraj Sloboda4-8/+42
Change-Id: I9c0bb35ba16e04206ac481495f6638d3763754a1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-03-07silence -Wmaybe-uninitialized warningGabriel Ganne1-1/+1
It does not look like it actually can be used uninitialized ... but gcc complains, so with Werror this prevents from compiling. sample warning output: In file included from /home/gannega/export/vpp/build-data/../src/vnet/handoff.h:21:0, from /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c:19: /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c: In function 'snat_in2out_node_fn_inline': /home/gannega/export/vpp/build-data/../src/vnet/ip/ip4_packet.h:244:15: error: 'inner_ip0' may be used uninitialized in this function [-Werror=maybe-uninitialized] i->checksum = 0; ^ /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c:433:17: note: 'inner_ip0' was declared here ip4_header_t *inner_ip0; Change-Id: If7c35dfb528861fd4ec6374aa1343b48f0f93057 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-03-06SNAT: session dump last heard type fixMartin2-3/+3
Change-Id: I3323f7d4bb5da4bc2b19637964e5467ac92680cd Signed-off-by: Martin <magalik@cisco.com>
2017-03-04Fix duplicate binary API registration messages / bugsDave Barach1-2/+1
Changed vat_api_hookup(...) to <plugin-name>_api_hookup, change to static functions. Fixed the related emacs-lisp plugin skeleton. Change-Id: Id14f8fc3138751f469d48fecb26175e938f5f028 Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-02SNAT: user's dump and session dump of a certain snat user.magalik6-3/+288
Change-Id: If75a35dbdcb43c1ce0128b8649f2ca3970d3fff5 Signed-off-by: Martin <magalik@cisco.com>
2017-03-01VPP-598: tcp stack initial commitDave Barach2-25/+25
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-02-22VPP-635: CLI Memory leak with invalid parameterBilly McFall1-43/+96
In the CLI parsing, below is a common pattern: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else return clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); } unformat_free (line_input); The 'else' returns if an unknown string is encountered. There a memory leak because the 'unformat_free(line_input)' is not called. There is a large number of instances of this pattern. Replaced the previous pattern with: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else { error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); goto done: } } /* ...Remaining code... */ done: unformat_free (line_input); return error; } In multiple files, 'unformat_free (line_input);' was never called, so there was a memory leak whether an invalid string was entered or not. Also, there were multiple instance where: error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); used 'input' as the last parameter instead of 'line_input'. The result is that output did not contain the substring in error, instead just an empty string. Fixed all of those as well. There are a lot of file, and very mind numbing work, so tried to keep it to a pattern to avoid mistakes. Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2 Signed-off-by: Billy McFall <bmcfall@redhat.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-02-22Repair SNAT's IPFIX and IF-add-del test functions.Jon Loeliger1-2/+2
Inspection shows that the names of two functions: api_snat_ipfix_enable_disable() api_snat_add_del_interface_addr() don't match their bodies and have been swapped. Make the world right again by swapping them to match. Change-Id: Ieefd7f0fdbf52794e8649b0cbbcf6e1403c1b90a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-17Fix handling of ping to SNAT out interfaceJuraj Sloboda1-6/+7
Change-Id: I322bfb3469b3d0d5b0cac39a6c2dba1c6f83ce3d Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-02-16Add handling of ICMP error packets in SNAT (VPP-629)Juraj Sloboda2-49/+347
Change-Id: I8d2022b7cb3ef3da736c085bccbb5b9c057a8d76 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-02-15SNAT: add static mappings with unresolved external interface address to ↵Matus Fabian3-4/+81
snat_static_mapping_dump Change-Id: Ib560b397700fe058ad1e2970989d98e3debf54aa Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-06SNAT: fix snat_add_static_mapping_command() uninitialized variableMatus Fabian2-5/+16
Change-Id: I7775dd3b90d5a3449650c3102e24bfedd770beb1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-05SNAT: initialize outside and inside FIB index in snat_configMatus Fabian2-36/+5
Change-Id: If26d758997d71792cedad1afae8d6a38cfd364ac Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-03Plugin infrastructure improvementsDamjan Marion2-22/+6
This patch replaces requirement for vlib_plugin_register function in the plugin so file and introduces new macro: VLIB_PLUGIN_REGISTER () = { .version = "version string", .version_required = "requred version", .default_disabled = 1, .early_init = "early_init_function_name", }; Plugin will nor be loaded if .default_disabled is set to 1 unless explicitely enabled in startup.conf. If .verstion_required is set, plugin will not be loaded if there is version mismatch between plugin and vpp. This can be bypassed by setting "skip-version-check" for specific plugin. If .early-init string is present, plugin loader will try to resolve this specific symbol in the plugin namespace and make a function call. Following startup.conf configuration is added: plugins { path /path/to/plugin/directory plugin ila_plugin.so { enable skip-version-check } plugin acl_plugin.so { disable } } Change-Id: I706c691dd34d94ffe9e02b59831af8859a95f061 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-03SNAT: fix invalid outside FIB indexMatus Fabian1-0/+14
Change-Id: Ia5d3d81cbc2ef85fabf9e19c89a52c589a921d14 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-03SNAT: Port allocation per protocolMatus Fabian7-131/+219
Ports are allocated per protocol (UDP, TCP, ICMP) 1:1 NAT with port is configured for specific protocol Change-Id: I37ae5eed3715b223d0620d4fdaed7a482bb7a834 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-02Remove unnecessary block structure around CONTROL_PING messages.Jon Loeliger1-25/+25
Now that the M() and S() macros accept a message parameter, there is no longer a need to introduce a new block structure around the CONTROL_PING messages just to have a new unbound "mp" variable. Instead, just use one named "mp_ping" directly. Change-Id: I6b283562bb6eec25806e3d35c35b977680ecd1dd Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Refactor fragile msg macro W and W2 to not burry return control flow.Jon Loeliger1-38/+36
Instead, have them accept and assign a return paramter leaving the return control flow up to the caller. Clean up otherwise misleading returns present even after "NOT REACHED" comments. Change-Id: I0861921f73ab65d55b95eabd27514f0129152723 Signed-off-by: Jon Loeliger <jdl@netgate.com>