Age | Commit message (Collapse) | Author | Files | Lines |
|
maximum entries per user exceeded event
Change-Id: Ie35d7f40f55001e2ef4a38f934f176594f25b189
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iec8fd4c2bd26874bd8bda82172af797e9b92592c
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Handle situation when client tries to connect to multiple hosts/ports
from the same client port. Extend matching to include remote host/port
when searching for existing session and create session for each flow
even when originating from the same client port.
Change-Id: I4f54ded930e59e7196843c6bc1d2d2386c57cd3c
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
add API and CLI configuration of deterministic NAT session timeout for TCP, UDP
and ICMP protocol
Change-Id: I577440452e7eaedcb5d80501a7fd4b76e31e8c9c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I0306bc0ab87908adb79c594c657d579cb34b3ec1
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I9a6bcb7d173a2c13d89784e7ff8a6e42dcee201f
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I71f34dc64d4ddc5f2ec1164cb3c353d0fe2d95ab
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Icd25ec2e5faf69898178199aa44f21790ce664e1
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I691d1bfb2923a07c0003485b1d0272aaf9ed27ee
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
This patch deprecates stack-based thread identification,
Also removes requirement that thread stacks are adjacent.
Finally, possibly annoying for some folks, it renames
all occurences of cpu_index and cpu_number with thread
index. Using word "cpu" is misleading here as thread can
be migrated ti different CPU, and also it is not related
to linux cpu index.
Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I88b322a5d602f3d6d3310e971479180a89430e0e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I8187b43129b80fadd90ea493afb922064f79abbe
Signed-off-by: Martin <magalik@cisco.com>
|
|
Change-Id: I08ab1fd0abdd1db4aff11a38c9c0134b01368e11
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
this enables sharing the api_helper_macros.h implementation
Change-Id: Ie3fc89f3b4b5a47fcfd4b5776db90e249c55dbc3
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I07de08ef111011694638a8ebe7a13c240714ce7e
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Iead6dc6a0fe15a0b8e148e780c3aeadd0b378824
Signed-off-by: Martin <magalik@cisco.com>
|
|
Change-Id: Id7879a6a8014fe57c3515a13e7597fb0e3c906ad
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I0ffab147c3218a75b7c3bb829983f538c7b637ee
Signed-off-by: Martin <magalik@cisco.com>
|
|
Change-Id: I5143328b2da62ce4d6bb2915e2a51855696d87fc
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Inside user is statically mapped to a set of outside ports. Support endpoint
dependent mapping to deal with overloading of the outside ports.
Change-Id: I8014438744597a976f8ae459283e8b91f63b7f72
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I9c0bb35ba16e04206ac481495f6638d3763754a1
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
It does not look like it actually can be used uninitialized ... but gcc
complains, so with Werror this prevents from compiling.
sample warning output:
In file included from /home/gannega/export/vpp/build-data/../src/vnet/handoff.h:21:0,
from /home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c:19:
/home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c: In function 'snat_in2out_node_fn_inline':
/home/gannega/export/vpp/build-data/../src/vnet/ip/ip4_packet.h:244:15: error: 'inner_ip0' may be used uninitialized in this function [-Werror=maybe-uninitialized]
i->checksum = 0;
^
/home/gannega/export/vpp/build-data/../src/plugins/snat/in2out.c:433:17: note: 'inner_ip0' was declared here
ip4_header_t *inner_ip0;
Change-Id: If7c35dfb528861fd4ec6374aa1343b48f0f93057
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Change-Id: I3323f7d4bb5da4bc2b19637964e5467ac92680cd
Signed-off-by: Martin <magalik@cisco.com>
|
|
Changed vat_api_hookup(...) to <plugin-name>_api_hookup, change to
static functions. Fixed the related emacs-lisp plugin skeleton.
Change-Id: Id14f8fc3138751f469d48fecb26175e938f5f028
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: If75a35dbdcb43c1ce0128b8649f2ca3970d3fff5
Signed-off-by: Martin <magalik@cisco.com>
|
|
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
In the CLI parsing, below is a common pattern:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "x"))
x = 1;
:
else
return clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
}
unformat_free (line_input);
The 'else' returns if an unknown string is encountered. There a memory
leak because the 'unformat_free(line_input)' is not called. There is a
large number of instances of this pattern.
Replaced the previous pattern with:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "x"))
x = 1;
:
else
{
error = clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
goto done:
}
}
/* ...Remaining code... */
done:
unformat_free (line_input);
return error;
}
In multiple files, 'unformat_free (line_input);' was never called, so
there was a memory leak whether an invalid string was entered or not.
Also, there were multiple instance where:
error = clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
used 'input' as the last parameter instead of 'line_input'. The result
is that output did not contain the substring in error, instead just an
empty string. Fixed all of those as well.
There are a lot of file, and very mind numbing work, so tried to keep
it to a pattern to avoid mistakes.
Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2
Signed-off-by: Billy McFall <bmcfall@redhat.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Inspection shows that the names of two functions:
api_snat_ipfix_enable_disable()
api_snat_add_del_interface_addr()
don't match their bodies and have been swapped.
Make the world right again by swapping them to match.
Change-Id: Ieefd7f0fdbf52794e8649b0cbbcf6e1403c1b90a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I322bfb3469b3d0d5b0cac39a6c2dba1c6f83ce3d
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I8d2022b7cb3ef3da736c085bccbb5b9c057a8d76
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
snat_static_mapping_dump
Change-Id: Ib560b397700fe058ad1e2970989d98e3debf54aa
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I7775dd3b90d5a3449650c3102e24bfedd770beb1
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: If26d758997d71792cedad1afae8d6a38cfd364ac
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This patch replaces requirement for vlib_plugin_register function
in the plugin so file and introduces new macro:
VLIB_PLUGIN_REGISTER () = {
.version = "version string",
.version_required = "requred version",
.default_disabled = 1,
.early_init = "early_init_function_name",
};
Plugin will nor be loaded if .default_disabled is set to 1
unless explicitely enabled in startup.conf.
If .verstion_required is set, plugin will not be loaded if there
is version mismatch between plugin and vpp. This can be bypassed
by setting "skip-version-check" for specific plugin.
If .early-init string is present, plugin loader will try to resolve
this specific symbol in the plugin namespace and make a function call.
Following startup.conf configuration is added:
plugins {
path /path/to/plugin/directory
plugin ila_plugin.so { enable skip-version-check }
plugin acl_plugin.so { disable }
}
Change-Id: I706c691dd34d94ffe9e02b59831af8859a95f061
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ia5d3d81cbc2ef85fabf9e19c89a52c589a921d14
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Ports are allocated per protocol (UDP, TCP, ICMP)
1:1 NAT with port is configured for specific protocol
Change-Id: I37ae5eed3715b223d0620d4fdaed7a482bb7a834
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Now that the M() and S() macros accept a message parameter, there
is no longer a need to introduce a new block structure around the
CONTROL_PING messages just to have a new unbound "mp" variable.
Instead, just use one named "mp_ping" directly.
Change-Id: I6b283562bb6eec25806e3d35c35b977680ecd1dd
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Instead, have them accept and assign a return paramter leaving
the return control flow up to the caller. Clean up otherwise
misleading returns present even after "NOT REACHED" comments.
Change-Id: I0861921f73ab65d55b95eabd27514f0129152723
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than rely on an unbound variable, explicitly introduce
the timeout variable within the 'do { ... } while (0)' construct
as a block-local variable.
Change-Id: I6e78635290f9b5ab3f56b7f116c5fa762c88c9e9
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than blindly assume an unbound, fixed message parameter
explicilty pass it as a paramter to the S() macro.
Change-Id: Ieea1f1815cadd2eec7d9240408d69acdc3caa49a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than maintain (?) an unused second parameter, t, and pull
an unbound message pointer, mp, out of context, explicitly list
the message pointer as the second parameter.
Change-Id: I92143efda6211cdf6b935470f8c71579742a6b64
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for
flags and resolving interface get.
Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Add the external NAT address to the FIB as receive entries.
This ensures that VPP will reply to ARP for these addresses and we don't need
to enable proxy ARP on the outside interface.
Change-Id: I1db153373c43fec4808845449a17085509ca588c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Send dhcp server-to-client packets to the ip stack, so we can acquire
snat outside interface addresses from a dhcp server
Change-Id: I7751356fa23d9f26b503c9796bd85f96275fe978
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I422a3f168bd483e011cfaf54af022cb79b78db02
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
updated API
added test
Change-Id: I3f6017ecf09b924cb320c1b5f323cd33f7a37447
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I81f33f5153d5afac94b66b5a8cb91da77463af79
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
NAT only packets aimed at outside interface and in case of hairpinning
Change-Id: Ida371380fce664b9434ca5ddd2369c980ff26beb
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I0412f95b71b9768d41c9c398a24adb1555bde20b
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ib0144ba3a9a09971d3946c932e8fed6d5c1ad278
Signed-off-by: Dave Barach <dave@barachs.net>
|