Age | Commit message (Collapse) | Author | Files | Lines |
|
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation.
If the negotiated MSS value is greater than the configured value it is changed
to the configured value. If the negotiated MSS value is smaller than the
configured value it remains unchanged.
Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
All fragments should be dropped when max_frag is 1 and 2 non-initial fragments are received before first fragment.
Change-Id: Id0c968f45629698e347e8226c5926f27b48b82d6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
"assertEqual(len(capture), <expected packet count>)" no more needed since it is done by get_capture
Change-Id: I1cbe223cf55198cec946b8ea0883f2a4fa632005
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Enable client-IP based session affinity per LB NAT rule with specific timeout.
Change-Id: I9aade152e330218d21dfda99cc5e984d769ab806
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired
sessions. When inserting to session lookup hash and bucket is full, expired
session is overwritten.
Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I85383e428cb54c4c09ab387811dd6390f7c61d97
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Use rx_fib_index instead of sm->inside_fib_index for session lookup key.
Change-Id: I2d6cce5b9376fa8ac4d75a9bbfa8498be0fd1493
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Add missing call of nat64_tcp_session_set_state to set TCP session state.
Change-Id: Ifd297ea3ffe20870e1e34a95449b5c9404ec13eb
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I756e3ad3de9ffe1494221ef95c1943c8591f8f50
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Add support for local backends in multiple VRFs for load-balancing NAT rules.
Change-Id: I64e6818bd67a7e69985003498cf1f16f7200c334
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I5009fcfde5c627d59dea3edda15486b9392134a2
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I56eb15f8fd2d3049845287dc3df7870582764f8b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ieb8020f57ed5ad20daf552cd62ae3fdd8c573926
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Iddb0b848c53da03116524e203c7112c82b401ac5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
To enable NAT plugin endpoint dependent mode add following to statrup config:
nat { endpoint-dependent }
Enable endpoint dependent filtering and mapping for all sessions.
Move some existing functionality such as service load balancing, twice nat,
out2in-only static mappings and unknown protocol dynamic translations, which
use endpoint dependent lookup hash tables before. Basically split to vanilla
NAT44 and extra features NAT44.
Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I088163f10ae5515d7a9115781cc13ef563fafed5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I484d79000c1bbd87ff83847cf567bf3414a719d3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: If9cc7c5e32ebecff398fd38b39e8f485754a4ad4
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Id25b447bddccb7b321123e4abc4134e7261a0807
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I6306b81e0e1c3e1c591f929a76bb265c1c1d0859
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iba1cc1179ee80478e29888790a6476571d1904dc
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I228728bacfca6056dc409a96de1bffb9cadcd3e6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
When enabled then Twice-NAT is applied only when
source IP equals destination IP after DNAT
Change-Id: I58a9d1d222b2a10c83eafffb2107f32c1b4aa3a8
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Id5a2a90d81cc9cb87cb6fb89ac2f4ca3cbcb51e2
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Static mapping is not deleted from resolution vector after address is set on
interface.
Change-Id: Ib7c45ca2e307123d101248c5a1b17d130ac32cd0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Do not translate packet which go out via nat44-in2out-output and was tranlated
in nat44-out2in before. On way back forward packet to nat44-in2out node.
Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I1552e1418b704fdf1f1fa2c0174313b9b82a37a3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
forwarding mode:
session initiaded from service host - translate
session initiaded from remote host - do not translate
Change-Id: I48170ee8e4ad14d3d3083ee31a40ef8d10d6ff32
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Support the 1:1 translation of source address for IPv6
Change-Id: I934d18e5ec508bf7422d796ee5f172b79c048011
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-1156)
Change-Id: I5395245c9e49f741a949ada1f725c34f9379c249
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ib99b597502b8335e57ecfa122b12e2e5aa45ee1a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I1e3cfc751e7657464fc850dc56ddf763df45f62e
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I85c799f28c4246884107e569a36482af10d9be9d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I620e2081285ca8ac5c2da8efc12fe6f540ea4fd1
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Moved CLI from nat.c to nat44_cli.c
Split "show nat44" to:
show nat44 addresses
show nat44 interfaces
show nat44 static mappings
show nat44 interface address
show nat44 sessions detail
show nat44 deterministic mappings
show nat44 deterministic timeouts
show nat44 deterministic sessions
show nat workers
Change-Id: I2d1be8941dd0e4a9e037f4a4d2cd192389beb8ed
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
One-armed NAT should work for asymmetrical static mappings without adding external address to the NAT44 pool.
Change-Id: Ie886b75b55c3b552d1029a50bd967625fde80f09
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
add option to NAT44 static mapping API/CLI to make rule asymmetrical (rule match only out2in direction)
Change-Id: If262a3ff375a24d3059f0de1f1ac387a4fe09475
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Add option to NAT44 load balancing static mapping API/CLI to make rule asymmetrical (rule match only in out2in direction).
Change-Id: I325ecef5591e4bf44ce4469a24d44fe56c3bb2e9
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ifcca60da3f77c0a4959f98b3365c846badbdc2d0
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Ib90dc5613c9fdac0344b3bd7f163e2f7163c64d8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I24e7a26972bbbfcea100292b212b29ae7a349335
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Add API function which enables forwarding of packets not matching
existing translation or static mapping instead of dropping them.
When forwarding is enabled matching packets will be translated
while non-matching packets will be forwarded without translation.
Change-Id: Ic13040cbad16d3a1ecdc3e02a497171bef6aa413
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Translation of both source and destination addresses and ports for 1:1 NAT
session initiated from outside network (ExternalIP K8 use case).
Change-Id: Ic0000497cf71619aac996d6d580844f0ea0edc14
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iebf859b6d86482e4465423bad598eecf87e53ec4
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-1090)
Change-Id: I361c043979274eac1aefcd95abdf1624a3ef2756
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Identity mapping translate an IP address to itself.
Change-Id: Icc0ca5102d32547a4b0c75720b5f5bf41ed69c71
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I286b61d41cc2b557de3eb8801ff95c643f680acd
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
For the MAP-E CE limit port choice based on PSID
CLI: nat44 addr-port-assignment-alg map-e psid <n> psid-offset <n> psid-len <n>
Change-Id: Iecceee61fca372cb5790c16993a82fbdc9930f0f
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I326429c31dea6958a342ee152ef86cb975f4b12c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|