| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Type: feature
The current feature ordering of NAT44 nodes with respect to the
ACL plugin's IPv4 input/output features is:
ip4-output: acl-plugin-out-ip4-fa runs before any NAT44 nodes
ip4-unicast: acl-plugin-in-ip4-fa runs before any NAT44 nodes
ACL rules with action permit+reflect can keep track of outbound
flows and allow the replies inbound without an explicit inbound rule.
If ACL permit+reflect rules are configured on an interface that also
has NAT44 configured with output-feature/postrouting translation of
outbound packets, the ACL rules cannot allow inbound packets. The
ACL state that was stored on the outbound flow contains the IP
addresses of the original packet, prior to translation. The inbound
packets are being evaluated by the ACL node using the translated
addresses.
The order of processing inbound needs to be the opposite of what it
was outbound for this to work. Change the NAT44 features on
ip4-output so that they run before outbound ACL nodes. This matches
the existing behavior of the NAT44 nodes which rewrite
source addresses as an input feature instead of an output feature.
This was only done for endpoint dependent mode because the regular
endpoint independent in2out-output node currently selects an
explicit next node rather than using the next node on the feature
arc.
Unit test added to configure both NAT and an ACL and ensure that
out2in packets matching an in2out flow are permitted by the ACL
and translated by NAT.
Change-Id: Ibd679c28b64c3fc3cc8c0606ea93123e384e839f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I358a290f4ac121f075f7ee52941beabe478bfba0
|
|
Type: fix
Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: Icb4b331c9346d3781f4ddd6f62891c78d4059c1f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
There was an attempt to fix this problem in the commit:
d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd
But checking the LOCALLY_ORIGINATED flag didn't work because this flag
gets reset before it can reach the NAT nodes.
With this commit, replace the check for the LOCALLY_ORIGINATED flag
with a check to see if the packet is a DHCP broadcast.
Type: fix
Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: fix
Ticket: VPP-1817
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: Id4d694ce636b0a213e65ce27c32a8150df9af0f8
|
|
Currently if user want to set ip4 address to the api, it must convert to ip6
format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201",
it is not acceptable, this fix solved the issue.
Ticket: FDIO-753
Type: fix
Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
Change-Id: Ie2a3c0f44322dd8415603b7ce51bb72d72769c95
Ticket: VPP-1815
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iddfcce1f662efe63c5a6788a0a604917b1c9d81e
|
|
Type: fix
Change-Id: Iab7c65614c94497e8ec5a96624be72c1a139e486
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: docs
Change-Id: Ica60b42e64703879c5c229209e4a4fac278bda31
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
This reverts commit 57584d99dd8a8524db90c67c88525d58879d9b8e.
The reasons for reverting:
- the documentation seems "work in progress". Also, 500K of pngs
should probably go on wiki, rather than in the repo. Please
make sure that newly added documentation renders correctly
and sensibly as part of the review/commit process.
- runner.py seems to contain unit tests, so it should
be rewritten in a manner that allows the testing from within
CI (including an unprivileged docker container)
- the above items, especially the testing one, warrant more
work, and at a RC1 milestone time it is probably not
a good idea to include a significant patch without
proper care. I suggest to prepare it so it is ready
for the next release, or cherrypick it for a
20.01.1 release, if having it in stable/2001 is absolute necessity.
- when submitting it, ensure that the commit message
makes sense, especially having "srv6-mobile:" with no further
text should be absolutely avoided.
Change-Id: If81441f7ebf11a6ad5638b1327faf18e8ebe6a35
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
Change-Id: If0a1691c1435f2826c8c83f8bc52e4cd3ecc6256
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9afba8dc9e087b8c436fe568531c02614a577a7c
|
|
from threading.thread __init__:
This constructor should always be called with keyword arguments.
If a subclass overrides the constructor, it must make sure to invoke
the base class constructor (Thread.__init__()) before doing anything
else to the thread.
Type: test
Change-Id: Ifa89202e97053a4baf19e9a0ca0913430d5087a3
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
Add new functions in SRv6 Mobile Plug-in
GTP4.DT and GTP6.DT
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I573a0c27bd463dd56a4d11b940941b8a8c826e08
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
|
|
n_retry was never decremented and so never enforced.
Type: fix
Change-Id: I71d60a72c156286f7e5b82b1c77a723361317c69
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: style
and add some indent offs.
Change-Id: I31cf3ab9ff9b64d2cd1f2034dcedd4a9c453efb4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I266fa5dc637383fd8dac6592c9c266a1b70a73e9
|
|
Type: fix
Change-Id: Id1602981fcc6efed1b0efe79a1fc8177457acdb5
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: docs
Signed-off-by: pcamaril <pcamaril@cisco.com>
Change-Id: Ia35d18113e17fd2ba5310e81ca527d3569cd110e
Signed-off-by: pcamaril <pcamaril@cisco.com>
|
|
Type: docs
Signed-off-by: John DeNisco <jdenisco@cisco.com>
Change-Id: I7280e5c5ad10a66c0787a5282291a2ef000bff5f
|
|
Prepare rdma interface creation API for direct verb support:
- add new optional 'mode' parameters to select between ibverb or direct
verb backend (optional, default to 'auto')
- set default value for rxq_num (1), rxq_size (1024) and txq_size
(1024) so they are now optional
- bump default create value for rxq_size and txq_size to 1024 if
unset (0) so they are coherent with default values above
Type: feature
Change-Id: Id9eae2b8eb0baaf34a0fcd55da6ad09515f57a93
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id12b0a9b8bc47aef8b393544e5b4c8228ed6a606
|
|
Change-Id: If6f13e7962c27f35528058224928def927fff19f
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: docs
Change-Id: I91d701814e4bd9953616d2b7c76ae2ea7c07074b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I8cfb48bd7f92689b296861dd368186408918061b
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6f7fb91e059996ff702eb9c36e3abaed237fe221
|
|
Type: docs
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I8b0432a3a384dc2431fcb0b4e7c3f0cfb1713d8e
|
|
Type: docs
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I6fe5555a9ec867d4e39f0751662256717b45e0f9
|
|
This prevents unnecessary calls to quic_send_packets.
Type: fix
Change-Id: I7abe509aa8b7b9d5a01c9876046cf0f4507a79cf
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: docs
Change-Id: Ia3949954423eb7691c02e99444767a9f01a14adf
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
Type:fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I38b155f7617d002ac16943c2c031269a17f4ba73
|
|
ip4_is_fragment(header)
or ip4_is_first_fragment(header) didn't changed
when packet with fragmentation needed arrives.
This patch checks DF flag and MTU with packet
length and if DF is set and length > MTU, packet
is dropped. In case if ignore_df is set, DF flag
makes no sense.
Type: fix
Fixes: d6d50cebde647f9a5ee7251a7fef977506f315d7
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I720e25167c19a0b13ac5fdfb41b12c0bbdc00d09
|
|
Remove NAT's implementation of shallow virtual reassembly with
corresponding CLIs, APIs & tests. Replace with standalone shallow
virtual reassembly provided by ipX-sv-reass* nodes.
Type: refactor
Change-Id: I7e6c7487a5a500d591f6871474a359e0993e59b6
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: docs
Change-Id: I4959010617b0fb51652beafe6967afd556f27e92
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: docs
Change-Id: I8d6ab1b4fd9f059a3f4c8ba28fc9f20debfb65cb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: docs
Change-Id: I0d939b26079e9e45fba1cbb7c8e668918c128526
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
And add support for multiple maintainers in JSON schema.
Type: docs
Change-Id: Ice430927ceecf53526a3fdf46c075a95206bf0ac
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: docs
Change-Id: Ie75368f64201f2f6623413bc2ba015d9dc8fbc9f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: docs
Change-Id: Ia00e3167e954271c9eb7618792fd86df288d5c19
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: docs
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2f9a74541183af6c10abea2c29002842ddb88815
|
|
Type: fix
Ensure listeners for app transport protocols are added to lookup tables
using their session endpoints instead of their transport connections,
which can override the network connection id in the transport connection.
Change-Id: I56fa3666bb1422c0799fc7143cd099751ff6e2e6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Fix "Rejecting large frequency change of +infinity" errors.
Type: test
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I8efca1291e38c48bb98e7f8109253224a4f0a2a1
|
|
Type: test
Change-Id: I2d32797efd1c3478a862b7950ef9ab63428da890
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: refactor
Change-Id: I32234173ebd69f80acb1afa4039fffbd19157f6d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Several tunnels encapsulation use udp as outer header and udp src port
is set by inner header flow hash, such as gtpu, geneve, vxlan, vxlan-gbd
Since flow hash of inner header is already been calculated, keeping it
to vnet_buffere[b]->ip.flow_hash should save load-balance node work to
select ECMP uplinks.
Change-Id: I0e4e2b27178f4fcc5785e221d6d1f3e8747d0d59
Signed-off-by: Shawn Ji <xiaji@tethrnet.com>
|
|
Type: feature
Change-Id: I18cf38d6f77e0d42212c85262f3bb769b9477b29
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
RR sourcing the destination FIB entry limits the number of tunnels
to 255 for a particular destination. This change removes this limit.
Type: fix
The patch is based on 1f50bf8fc57ebf78f9056185a342493be460a847
that introduced the FIB entry tracking but did not update
the gtpu plugin.
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Change-Id: I8a4a87382a6eb5120e2bb65b9bc3c446bbfdbd3b
|
Matthew Smith
Tetsuya Murakami
Neale Ranns
Florin Coras
Dave Wallace
Alexander Chernavin
Filip Varga
Yulong Pei
Yu Ping
Aloys Augustin
Andrew Yourtchenko
Simon Zhang
Paul Vinciguerra
Benoît Ganne
pcamaril
John DeNisco
Steven Luong
Hongjun Ni
Vladimir Ratnikov
Klement Sekera
Ole Troan
Dave Barach
Shawn Ji
Nathan Skrzypczak
Miklos Tirpak