summaryrefslogtreecommitdiffstats
path: root/src/plugins/snat
AgeCommit message (Collapse)AuthorFilesLines
2017-03-07CGN: Deterministic NAT (VPP-623)Matus Fabian8-163/+2148
Inside user is statically mapped to a set of outside ports. Support endpoint dependent mapping to deal with overloading of the outside ports. Change-Id: I8014438744597a976f8ae459283e8b91f63b7f72 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-07Add setting of tenant VRF id for SNAT addresses (VPP-641)Juraj Sloboda4-8/+42
Change-Id: I9c0bb35ba16e04206ac481495f6638d3763754a1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-03-07silence -Wmaybe-uninitialized warningGabriel Ganne1-1/+1
It does not look like it actually can be used uninitialized ... but gcc complains, so with Werror this prevents from compiling. sample warning output: In file included from /home/gannega/export/vpp/build-data/../src/vnet/handoff.h:21:0, from /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c:19: /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c: In function 'snat_in2out_node_fn_inline': /home/gannega/export/vpp/build-data/../src/vnet/ip/ip4_packet.h:244:15: error: 'inner_ip0' may be used uninitialized in this function [-Werror=maybe-uninitialized] i->checksum = 0; ^ /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c:433:17: note: 'inner_ip0' was declared here ip4_header_t *inner_ip0; Change-Id: If7c35dfb528861fd4ec6374aa1343b48f0f93057 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-03-06SNAT: session dump last heard type fixMartin2-3/+3
Change-Id: I3323f7d4bb5da4bc2b19637964e5467ac92680cd Signed-off-by: Martin <magalik@cisco.com>
2017-03-04Fix duplicate binary API registration messages / bugsDave Barach1-2/+1
Changed vat_api_hookup(...) to <plugin-name>_api_hookup, change to static functions. Fixed the related emacs-lisp plugin skeleton. Change-Id: Id14f8fc3138751f469d48fecb26175e938f5f028 Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-02SNAT: user's dump and session dump of a certain snat user.magalik6-3/+288
Change-Id: If75a35dbdcb43c1ce0128b8649f2ca3970d3fff5 Signed-off-by: Martin <magalik@cisco.com>
2017-03-01VPP-598: tcp stack initial commitDave Barach2-25/+25
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-02-22VPP-635: CLI Memory leak with invalid parameterBilly McFall1-43/+96
In the CLI parsing, below is a common pattern: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else return clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); } unformat_free (line_input); The 'else' returns if an unknown string is encountered. There a memory leak because the 'unformat_free(line_input)' is not called. There is a large number of instances of this pattern. Replaced the previous pattern with: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else { error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); goto done: } } /* ...Remaining code... */ done: unformat_free (line_input); return error; } In multiple files, 'unformat_free (line_input);' was never called, so there was a memory leak whether an invalid string was entered or not. Also, there were multiple instance where: error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); used 'input' as the last parameter instead of 'line_input'. The result is that output did not contain the substring in error, instead just an empty string. Fixed all of those as well. There are a lot of file, and very mind numbing work, so tried to keep it to a pattern to avoid mistakes. Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2 Signed-off-by: Billy McFall <bmcfall@redhat.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-02-22Repair SNAT's IPFIX and IF-add-del test functions.Jon Loeliger1-2/+2
Inspection shows that the names of two functions: api_snat_ipfix_enable_disable() api_snat_add_del_interface_addr() don't match their bodies and have been swapped. Make the world right again by swapping them to match. Change-Id: Ieefd7f0fdbf52794e8649b0cbbcf6e1403c1b90a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-17Fix handling of ping to SNAT out interfaceJuraj Sloboda1-6/+7
Change-Id: I322bfb3469b3d0d5b0cac39a6c2dba1c6f83ce3d Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-02-16Add handling of ICMP error packets in SNAT (VPP-629)Juraj Sloboda2-49/+347
Change-Id: I8d2022b7cb3ef3da736c085bccbb5b9c057a8d76 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-02-15SNAT: add static mappings with unresolved external interface address to ↵Matus Fabian3-4/+81
snat_static_mapping_dump Change-Id: Ib560b397700fe058ad1e2970989d98e3debf54aa Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-06SNAT: fix snat_add_static_mapping_command() uninitialized variableMatus Fabian2-5/+16
Change-Id: I7775dd3b90d5a3449650c3102e24bfedd770beb1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-05SNAT: initialize outside and inside FIB index in snat_configMatus Fabian2-36/+5
Change-Id: If26d758997d71792cedad1afae8d6a38cfd364ac Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-03Plugin infrastructure improvementsDamjan Marion2-22/+6
This patch replaces requirement for vlib_plugin_register function in the plugin so file and introduces new macro: VLIB_PLUGIN_REGISTER () = { .version = "version string", .version_required = "requred version", .default_disabled = 1, .early_init = "early_init_function_name", }; Plugin will nor be loaded if .default_disabled is set to 1 unless explicitely enabled in startup.conf. If .verstion_required is set, plugin will not be loaded if there is version mismatch between plugin and vpp. This can be bypassed by setting "skip-version-check" for specific plugin. If .early-init string is present, plugin loader will try to resolve this specific symbol in the plugin namespace and make a function call. Following startup.conf configuration is added: plugins { path /path/to/plugin/directory plugin ila_plugin.so { enable skip-version-check } plugin acl_plugin.so { disable } } Change-Id: I706c691dd34d94ffe9e02b59831af8859a95f061 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-03SNAT: fix invalid outside FIB indexMatus Fabian1-0/+14
Change-Id: Ia5d3d81cbc2ef85fabf9e19c89a52c589a921d14 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-03SNAT: Port allocation per protocolMatus Fabian7-131/+219
Ports are allocated per protocol (UDP, TCP, ICMP) 1:1 NAT with port is configured for specific protocol Change-Id: I37ae5eed3715b223d0620d4fdaed7a482bb7a834 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-02Remove unnecessary block structure around CONTROL_PING messages.Jon Loeliger1-25/+25
Now that the M() and S() macros accept a message parameter, there is no longer a need to introduce a new block structure around the CONTROL_PING messages just to have a new unbound "mp" variable. Instead, just use one named "mp_ping" directly. Change-Id: I6b283562bb6eec25806e3d35c35b977680ecd1dd Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Refactor fragile msg macro W and W2 to not burry return control flow.Jon Loeliger1-38/+36
Instead, have them accept and assign a return paramter leaving the return control flow up to the caller. Clean up otherwise misleading returns present even after "NOT REACHED" comments. Change-Id: I0861921f73ab65d55b95eabd27514f0129152723 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Localize the timeout variable within the W message macro.Jon Loeliger1-12/+0
Rather than rely on an unbound variable, explicitly introduce the timeout variable within the 'do { ... } while (0)' construct as a block-local variable. Change-Id: I6e78635290f9b5ab3f56b7f116c5fa762c88c9e9 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Convert message macro S to accept a message pointer parameter;Jon Loeliger1-17/+24
Rather than blindly assume an unbound, fixed message parameter explicilty pass it as a paramter to the S() macro. Change-Id: Ieea1f1815cadd2eec7d9240408d69acdc3caa49a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Ensure all M() and M2() second parameters are the message pointer.Jon Loeliger1-17/+17
Rather than maintain (?) an unused second parameter, t, and pull an unbound message pointer, mp, out of context, explicitly list the message pointer as the second parameter. Change-Id: I92143efda6211cdf6b935470f8c71579742a6b64 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02SNAT: changed source for outbound address FIB entry (VPP-613)Matus Fabian1-21/+11
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for flags and resolving interface get. Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-31SNAT: Add outbound addresses to FIB (VPP-613)Matus Fabian1-1/+110
Add the external NAT address to the FIB as receive entries. This ensures that VPP will reply to ARP for these addresses and we don't need to enable proxy ARP on the outside interface. Change-Id: I1db153373c43fec4808845449a17085509ca588c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-27drop-and-count snat out2in packets with no translationsDave Barach1-3/+41
Send dhcp server-to-client packets to the ip stack, so we can acquire snat outside interface addresses from a dhcp server Change-Id: I7751356fa23d9f26b503c9796bd85f96275fe978 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-25Repair plugin binary API message numberingDave Barach1-0/+2
Change-Id: I422a3f168bd483e011cfaf54af022cb79b78db02 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-25SNAT: static mappings for dhcp addressed interfaces (VPP-590)Matus Fabian3-88/+141
updated API added test Change-Id: I3f6017ecf09b924cb320c1b5f323cd33f7a37447 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-23binary-api debug CLI works with pluginsDave Barach1-50/+7
Change-Id: I81f33f5153d5afac94b66b5a8cb91da77463af79 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-23SNAT: Multiple inside interfaces (VPP-447)Matus Fabian1-103/+103
NAT only packets aimed at outside interface and in case of hairpinning Change-Id: Ida371380fce664b9434ca5ddd2369c980ff26beb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-22Add static mapping support for dhcp client interfacesDave Barach2-2/+103
Change-Id: I0412f95b71b9768d41c9c398a24adb1555bde20b Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-18Fix coverity warnings, VPP-608Dave Barach2-4/+12
Change-Id: Ib0144ba3a9a09971d3946c932e8fed6d5c1ad278 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-14SNAT: IPFIX logging (VPP-445)Matus Fabian7-9/+923
Change-Id: I8450217dd43a1cd9f510e40dfb22274ffc33a4c6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-13SNAT: fixed crash - interface without IP address (VPP-599)Matus Fabian2-7/+28
Change-Id: I7f4d0cbde3d3c4ed6537e6351d5487546daea058 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-13SNAT: add API and test for NAT pool address from interfaceMatus Fabian3-16/+244
Change-Id: I2a868f736fae8d37b438c604a9284653ea415541 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-11Acquire SNAT pool addresses from specific interfacesDave Barach2-0/+127
Pick up addresses added by DHCP client, or by static configuration Needs to have binary API support added Change-Id: I962ef89e6e5f36cdc5457b92e165c498b08b25a9 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-03SNAT: fix out2in ICMP worker lookupMatus Fabian1-0/+7
Change-Id: I113e7927739de876f07c3f17454ad7499a74c634 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-01Move java,lua api and remaining plugins to src/Damjan Marion8-0/+6009
Change-Id: I1c3b87e886603678368428ae56a6bd3327cbc90d Signed-off-by: Damjan Marion <damarion@cisco.com>