summaryrefslogtreecommitdiffstats
path: root/src/plugins/snat
AgeCommit message (Collapse)AuthorFilesLines
2017-05-10SNAT: move API code to separate fileMatus Fabian3-1256/+1311
Move API source code from snat.c to snat_api.c Change-Id: I1c4439eb5d2e3f43695ecc4d300eccd148105c15 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-04-27CGN: Send ICMP error packet if user is out of sessions availableMartin Gálik1-6/+21
Change-Id: I19a6015fde7342588cfa9c7a4f07016aa339cc72 Signed-off-by: Martin Gálik <magalik@cisco.com>
2017-04-26CGN: Session dump, test naming for ports fixedMartin Gálik3-3/+153
Change-Id: Ib542b2b3ee023fbe3d0e01ceaf4b4ab7a0ec80dc Signed-off-by: Martin Gálik <magalik@cisco.com>
2017-04-26CGNAT: close session API and CLI commands.Martin Gálik3-4/+351
Change-Id: I9c8636bd2c4b8da2907e8e4a4f2be1a2c3a8e0bb Signed-off-by: Martin Gálik <magalik@cisco.com>
2017-04-25"autoreply" flag: autogenerate standard xxx_reply_t messagesDave Barach1-80/+8
Change-Id: I72298aaae7d172082ece3a8edea4217c11b28d79 Signed-off-by: Dave Barach <dave@barachs.net>
2017-04-21CGN: IPFIX loggingMatus Fabian3-18/+215
maximum entries per user exceeded event Change-Id: Ie35d7f40f55001e2ef4a38f934f176594f25b189 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-04-19Support ping from outside network in 1:1 NAT (VPP-695)Juraj Sloboda4-45/+59
Change-Id: Iec8fd4c2bd26874bd8bda82172af797e9b92592c Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-12Handle multiple flows with the same client port in deterministic NATJuraj Sloboda2-15/+23
Handle situation when client tries to connect to multiple hosts/ports from the same client port. Extend matching to include remote host/port when searching for existing session and create session for each flow even when originating from the same client port. Change-Id: I4f54ded930e59e7196843c6bc1d2d2386c57cd3c Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-12CGN: configurable timeoutsMatus Fabian5-15/+290
add API and CLI configuration of deterministic NAT session timeout for TCP, UDP and ICMP protocol Change-Id: I577440452e7eaedcb5d80501a7fd4b76e31e8c9c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-04-12Support ICMP session timeout in deterministic NATJuraj Sloboda2-1/+8
Change-Id: I0306bc0ab87908adb79c594c657d579cb34b3ec1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-11Add ICMP support for deterministic NATJuraj Sloboda4-26/+414
Change-Id: I9a6bcb7d173a2c13d89784e7ff8a6e42dcee201f Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-10Refactor SNAT codeJuraj Sloboda3-119/+132
Change-Id: I71f34dc64d4ddc5f2ec1164cb3c353d0fe2d95ab Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-10Handle ICMP echo with TTL=1 in deterministic and fast SNAT nodesJuraj Sloboda2-3/+85
Change-Id: Icd25ec2e5faf69898178199aa44f21790ce664e1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-10Make fixes in SNAT codeJuraj Sloboda2-52/+56
Change-Id: I691d1bfb2923a07c0003485b1d0272aaf9ed27ee Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-04-06Use thread local storage for thread indexDamjan Marion3-111/+111
This patch deprecates stack-based thread identification, Also removes requirement that thread stacks are adjacent. Finally, possibly annoying for some folks, it renames all occurences of cpu_index and cpu_number with thread index. Using word "cpu" is misleading here as thread can be migrated ti different CPU, and also it is not related to linux cpu index. Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-22vlib: add description field in plugin registrationDamjan Marion1-0/+1
Change-Id: I88b322a5d602f3d6d3310e971479180a89430e0e Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-22SNAT: added actual delete to snat_det_mapMartin1-12/+45
Change-Id: I8187b43129b80fadd90ea493afb922064f79abbe Signed-off-by: Martin <magalik@cisco.com>
2017-03-16API:replaced all REPLY_MACRO's with api_helper_macros.hEyal Bari1-1/+1
Change-Id: I08ab1fd0abdd1db4aff11a38c9c0134b01368e11 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-15API: define optional base_id for REPLY_MACRO'sEyal Bari1-102/+3
this enables sharing the api_helper_macros.h implementation Change-Id: Ie3fc89f3b4b5a47fcfd4b5776db90e249c55dbc3 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-13Refactor SNAT ICMP codeJuraj Sloboda4-314/+558
Change-Id: I07de08ef111011694638a8ebe7a13c240714ce7e Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-03-08SNAT: deterministic map dumpMartin3-3/+125
Change-Id: Iead6dc6a0fe15a0b8e148e780c3aeadd0b378824 Signed-off-by: Martin <magalik@cisco.com>
2017-03-08SNAT: fix coverity warnings (VPP-608)Matus Fabian1-2/+3
Change-Id: Id7879a6a8014fe57c3515a13e7597fb0e3c906ad Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-08SNAT: user_session_dump is_ip4 and vat unformating addedMartin3-0/+20
Change-Id: I0ffab147c3218a75b7c3bb829983f538c7b637ee Signed-off-by: Martin <magalik@cisco.com>
2017-03-08CGN: fix outside port calculation and set buffer error (VPP-623)Matus Fabian2-18/+33
Change-Id: I5143328b2da62ce4d6bb2915e2a51855696d87fc Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-07CGN: Deterministic NAT (VPP-623)Matus Fabian8-163/+2148
Inside user is statically mapped to a set of outside ports. Support endpoint dependent mapping to deal with overloading of the outside ports. Change-Id: I8014438744597a976f8ae459283e8b91f63b7f72 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-07Add setting of tenant VRF id for SNAT addresses (VPP-641)Juraj Sloboda4-8/+42
Change-Id: I9c0bb35ba16e04206ac481495f6638d3763754a1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-03-07silence -Wmaybe-uninitialized warningGabriel Ganne1-1/+1
It does not look like it actually can be used uninitialized ... but gcc complains, so with Werror this prevents from compiling. sample warning output: In file included from /home/gannega/export/vpp/build-data/../src/vnet/handoff.h:21:0, from /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c:19: /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c: In function 'snat_in2out_node_fn_inline': /home/gannega/export/vpp/build-data/../src/vnet/ip/ip4_packet.h:244:15: error: 'inner_ip0' may be used uninitialized in this function [-Werror=maybe-uninitialized] i->checksum = 0; ^ /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c:433:17: note: 'inner_ip0' was declared here ip4_header_t *inner_ip0; Change-Id: If7c35dfb528861fd4ec6374aa1343b48f0f93057 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-03-06SNAT: session dump last heard type fixMartin2-3/+3
Change-Id: I3323f7d4bb5da4bc2b19637964e5467ac92680cd Signed-off-by: Martin <magalik@cisco.com>
2017-03-04Fix duplicate binary API registration messages / bugsDave Barach1-2/+1
Changed vat_api_hookup(...) to <plugin-name>_api_hookup, change to static functions. Fixed the related emacs-lisp plugin skeleton. Change-Id: Id14f8fc3138751f469d48fecb26175e938f5f028 Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-02SNAT: user's dump and session dump of a certain snat user.magalik6-3/+288
Change-Id: If75a35dbdcb43c1ce0128b8649f2ca3970d3fff5 Signed-off-by: Martin <magalik@cisco.com>
2017-03-01VPP-598: tcp stack initial commitDave Barach2-25/+25
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-02-22VPP-635: CLI Memory leak with invalid parameterBilly McFall1-43/+96
In the CLI parsing, below is a common pattern: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else return clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); } unformat_free (line_input); The 'else' returns if an unknown string is encountered. There a memory leak because the 'unformat_free(line_input)' is not called. There is a large number of instances of this pattern. Replaced the previous pattern with: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else { error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); goto done: } } /* ...Remaining code... */ done: unformat_free (line_input); return error; } In multiple files, 'unformat_free (line_input);' was never called, so there was a memory leak whether an invalid string was entered or not. Also, there were multiple instance where: error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); used 'input' as the last parameter instead of 'line_input'. The result is that output did not contain the substring in error, instead just an empty string. Fixed all of those as well. There are a lot of file, and very mind numbing work, so tried to keep it to a pattern to avoid mistakes. Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2 Signed-off-by: Billy McFall <bmcfall@redhat.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-02-22Repair SNAT's IPFIX and IF-add-del test functions.Jon Loeliger1-2/+2
Inspection shows that the names of two functions: api_snat_ipfix_enable_disable() api_snat_add_del_interface_addr() don't match their bodies and have been swapped. Make the world right again by swapping them to match. Change-Id: Ieefd7f0fdbf52794e8649b0cbbcf6e1403c1b90a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-17Fix handling of ping to SNAT out interfaceJuraj Sloboda1-6/+7
Change-Id: I322bfb3469b3d0d5b0cac39a6c2dba1c6f83ce3d Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-02-16Add handling of ICMP error packets in SNAT (VPP-629)Juraj Sloboda2-49/+347
Change-Id: I8d2022b7cb3ef3da736c085bccbb5b9c057a8d76 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-02-15SNAT: add static mappings with unresolved external interface address to ↵Matus Fabian3-4/+81
snat_static_mapping_dump Change-Id: Ib560b397700fe058ad1e2970989d98e3debf54aa Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-06SNAT: fix snat_add_static_mapping_command() uninitialized variableMatus Fabian2-5/+16
Change-Id: I7775dd3b90d5a3449650c3102e24bfedd770beb1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-05SNAT: initialize outside and inside FIB index in snat_configMatus Fabian2-36/+5
Change-Id: If26d758997d71792cedad1afae8d6a38cfd364ac Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-03Plugin infrastructure improvementsDamjan Marion2-22/+6
This patch replaces requirement for vlib_plugin_register function in the plugin so file and introduces new macro: VLIB_PLUGIN_REGISTER () = { .version = "version string", .version_required = "requred version", .default_disabled = 1, .early_init = "early_init_function_name", }; Plugin will nor be loaded if .default_disabled is set to 1 unless explicitely enabled in startup.conf. If .verstion_required is set, plugin will not be loaded if there is version mismatch between plugin and vpp. This can be bypassed by setting "skip-version-check" for specific plugin. If .early-init string is present, plugin loader will try to resolve this specific symbol in the plugin namespace and make a function call. Following startup.conf configuration is added: plugins { path /path/to/plugin/directory plugin ila_plugin.so { enable skip-version-check } plugin acl_plugin.so { disable } } Change-Id: I706c691dd34d94ffe9e02b59831af8859a95f061 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-03SNAT: fix invalid outside FIB indexMatus Fabian1-0/+14
Change-Id: Ia5d3d81cbc2ef85fabf9e19c89a52c589a921d14 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-03SNAT: Port allocation per protocolMatus Fabian7-131/+219
Ports are allocated per protocol (UDP, TCP, ICMP) 1:1 NAT with port is configured for specific protocol Change-Id: I37ae5eed3715b223d0620d4fdaed7a482bb7a834 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-02Remove unnecessary block structure around CONTROL_PING messages.Jon Loeliger1-25/+25
Now that the M() and S() macros accept a message parameter, there is no longer a need to introduce a new block structure around the CONTROL_PING messages just to have a new unbound "mp" variable. Instead, just use one named "mp_ping" directly. Change-Id: I6b283562bb6eec25806e3d35c35b977680ecd1dd Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Refactor fragile msg macro W and W2 to not burry return control flow.Jon Loeliger1-38/+36
Instead, have them accept and assign a return paramter leaving the return control flow up to the caller. Clean up otherwise misleading returns present even after "NOT REACHED" comments. Change-Id: I0861921f73ab65d55b95eabd27514f0129152723 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Localize the timeout variable within the W message macro.Jon Loeliger1-12/+0
Rather than rely on an unbound variable, explicitly introduce the timeout variable within the 'do { ... } while (0)' construct as a block-local variable. Change-Id: I6e78635290f9b5ab3f56b7f116c5fa762c88c9e9 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Convert message macro S to accept a message pointer parameter;Jon Loeliger1-17/+24
Rather than blindly assume an unbound, fixed message parameter explicilty pass it as a paramter to the S() macro. Change-Id: Ieea1f1815cadd2eec7d9240408d69acdc3caa49a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Ensure all M() and M2() second parameters are the message pointer.Jon Loeliger1-17/+17
Rather than maintain (?) an unused second parameter, t, and pull an unbound message pointer, mp, out of context, explicitly list the message pointer as the second parameter. Change-Id: I92143efda6211cdf6b935470f8c71579742a6b64 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02SNAT: changed source for outbound address FIB entry (VPP-613)Matus Fabian1-21/+11
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for flags and resolving interface get. Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-31SNAT: Add outbound addresses to FIB (VPP-613)Matus Fabian1-1/+110
Add the external NAT address to the FIB as receive entries. This ensures that VPP will reply to ARP for these addresses and we don't need to enable proxy ARP on the outside interface. Change-Id: I1db153373c43fec4808845449a17085509ca588c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-27drop-and-count snat out2in packets with no translationsDave Barach1-3/+41
Send dhcp server-to-client packets to the ip stack, so we can acquire snat outside interface addresses from a dhcp server Change-Id: I7751356fa23d9f26b503c9796bd85f96275fe978 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-25Repair plugin binary API message numberingDave Barach1-0/+2
Change-Id: I422a3f168bd483e011cfaf54af022cb79b78db02 Signed-off-by: Dave Barach <dave@barachs.net>