#include "public_inlines.h"
acl_main_t acl_main;
-acl_main_t *p_acl_main = &acl_main;
#define REPLY_MSG_ID_BASE am->msg_id_base
#include <vlibapi/api_helper_macros.h>
+/*
+ * The code for the bihash, used by the session management.
+ */
+#include <vppinfra/bihash_40_8.h>
+#include <vppinfra/bihash_template.h>
+#include <vppinfra/bihash_template.c>
+
/* List of message types that this plugin understands */
#define foreach_acl_plugin_api_msg \
};
/* *INDENT-ON* */
+/* methods exported from ACL-as-a-service */
+static acl_plugin_methods_t acl_plugin;
+
/* Format vec16. */
u8 *
format_vec16 (u8 * s, va_list * va)
return s;
}
-
-
-u8
-acl_plugin_acl_exists (u32 acl_index)
-{
- acl_main_t *am = &acl_main;
-
- if (pool_is_free_index (am->acls, acl_index))
- return 0;
-
- return 1;
-}
-
static void *
acl_set_heap (acl_main_t * am)
{
{
if (~0 == am->interface_acl_user_id)
am->interface_acl_user_id =
- acl_plugin_register_user_module ("interface ACL", "sw_if_index",
+ acl_plugin.register_user_module ("interface ACL", "sw_if_index",
"is_input");
lc_index =
- acl_plugin_get_lookup_context_index (am->interface_acl_user_id,
+ acl_plugin.get_lookup_context_index (am->interface_acl_user_id,
sw_if_index, is_input);
(*pinout_lc_index_by_sw_if_index)[sw_if_index] = lc_index;
}
- acl_plugin_set_acl_vec_for_context (lc_index, vec_acl_list_index);
+ acl_plugin.set_acl_vec_for_context (lc_index, vec_acl_list_index);
}
else
{
if (~0 != (*pinout_lc_index_by_sw_if_index)[sw_if_index])
{
- acl_plugin_put_lookup_context_index ((*pinout_lc_index_by_sw_if_index)[sw_if_index]);
+ acl_plugin.put_lookup_context_index ((*pinout_lc_index_by_sw_if_index)[sw_if_index]);
(*pinout_lc_index_by_sw_if_index)[sw_if_index] = ~0;
}
}
u16 wk;
vnet_interface_main_t *im = &am->vnet_main->interface_main;
vnet_sw_interface_t *swif;
+ u64 now = clib_cpu_time_now ();
+ u64 clocks_per_second = am->vlib_main->clib_time.clocks_per_second;
{
u64 n_adds = am->fa_session_total_adds;
u64 n_dels = am->fa_session_total_dels;
+ u64 n_deact = am->fa_session_total_deactivations;
vlib_cli_output (vm, "Sessions total: add %lu - del %lu = %lu", n_adds,
n_dels, n_adds - n_dels);
+ vlib_cli_output (vm, "Sessions active: add %lu - deact %lu = %lu", n_adds,
+ n_deact, n_adds - n_deact);
+ vlib_cli_output (vm, "Sessions being purged: deact %lu - del %lu = %lu",
+ n_deact, n_dels, n_deact - n_dels);
}
+ vlib_cli_output (vm, "now: %lu clocks per second: %lu", now,
+ clocks_per_second);
vlib_cli_output (vm, "\n\nPer-thread data:");
for (wk = 0; wk < vec_len (am->per_worker_data); wk++)
{
clib_error_t *error = 0;
u32 acl_index = ~0;
- u32 sw_if_index = ~0;
+ u32 lc_index = ~0;
int show_acl_hash_info = 0;
int show_applied_info = 0;
int show_mask_type = 0;
else if (unformat (input, "applied"))
{
show_applied_info = 1;
- unformat (input, "sw_if_index %u", &sw_if_index);
+ unformat (input, "lc_index %u", &lc_index);
}
else if (unformat (input, "mask"))
{
if (show_acl_hash_info)
acl_plugin_show_tables_acl_hash_info (acl_index);
if (show_applied_info)
- acl_plugin_show_tables_applied_info (sw_if_index);
+ acl_plugin_show_tables_applied_info (lc_index);
if (show_bihash)
acl_plugin_show_tables_bihash (show_bihash_verbose);
VLIB_CLI_COMMAND (aclplugin_show_tables_command, static) = {
.path = "show acl-plugin tables",
- .short_help = "show acl-plugin tables [ acl [index N] | applied [ sw_if_index N ] | mask | hash [verbose N] ]",
+ .short_help = "show acl-plugin tables [ acl [index N] | applied [ lc_index N ] | mask | hash [verbose N] ]",
.function = acl_show_aclplugin_tables_fn,
};
u32 hash_lookup_hash_buckets;
u32 hash_lookup_hash_memory;
u32 reclassify_sessions;
+ u32 use_tuple_merge;
+ u32 tuple_merge_split_threshold;
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
{
else if (unformat (input, "hash lookup hash memory %d",
&hash_lookup_hash_memory))
am->hash_lookup_hash_memory = hash_lookup_hash_memory;
+ else if (unformat (input, "use tuple merge %d", &use_tuple_merge))
+ am->use_tuple_merge = use_tuple_merge;
+ else
+ if (unformat
+ (input, "tuple merge split threshold %d",
+ &tuple_merge_split_threshold))
+ am->tuple_merge_split_threshold = tuple_merge_split_threshold;
+
else if (unformat (input, "reclassify sessions %d",
&reclassify_sessions))
am->reclassify_sessions = reclassify_sessions;
memset (am, 0, sizeof (*am));
am->vlib_main = vm;
am->vnet_main = vnet_get_main ();
+ am->log_default = vlib_log_register_class ("acl_plugin", 0);
u8 *name = format (0, "acl_%08x%c", api_version, 0);
vec_free (name);
+ if (error)
+ return error;
+
+ error = acl_plugin_exports_init (&acl_plugin);
+
+ if (error)
+ return error;
+
acl_setup_fa_nodes ();
am->acl_mheap_size = 0; /* auto size when initializing */
am->fa_conn_table_max_entries = ACL_FA_CONN_TABLE_DEFAULT_MAX_ENTRIES;
am->reclassify_sessions = 0;
vlib_thread_main_t *tm = vlib_get_thread_main ();
+
+ am->fa_min_deleted_sessions_per_interval =
+ ACL_FA_DEFAULT_MIN_DELETED_SESSIONS_PER_INTERVAL;
+ am->fa_max_deleted_sessions_per_interval =
+ ACL_FA_DEFAULT_MAX_DELETED_SESSIONS_PER_INTERVAL;
+ am->fa_cleaner_wait_time_increment =
+ ACL_FA_DEFAULT_CLEANER_WAIT_TIME_INCREMENT;
+
vec_validate (am->per_worker_data, tm->n_vlib_mains - 1);
{
u16 wk;
- u8 tt;
for (wk = 0; wk < vec_len (am->per_worker_data); wk++)
{
acl_fa_per_worker_data_t *pw = &am->per_worker_data[wk];
- vec_validate (pw->fa_conn_list_head, ACL_N_TIMEOUTS - 1);
- vec_validate (pw->fa_conn_list_tail, ACL_N_TIMEOUTS - 1);
- for (tt = 0; tt < ACL_N_TIMEOUTS; tt++)
- {
- pw->fa_conn_list_head[tt] = ~0;
- pw->fa_conn_list_tail[tt] = ~0;
- }
+ vec_validate (pw->expired,
+ ACL_N_TIMEOUTS *
+ am->fa_max_deleted_sessions_per_interval);
+ _vec_len (pw->expired) = 0;
+ vec_validate_init_empty (pw->fa_conn_list_head, ACL_N_TIMEOUTS - 1,
+ FA_SESSION_BOGUS_INDEX);
+ vec_validate_init_empty (pw->fa_conn_list_tail, ACL_N_TIMEOUTS - 1,
+ FA_SESSION_BOGUS_INDEX);
+ vec_validate_init_empty (pw->fa_conn_list_head_expiry_time,
+ ACL_N_TIMEOUTS - 1, ~0ULL);
}
}
- am->fa_min_deleted_sessions_per_interval =
- ACL_FA_DEFAULT_MIN_DELETED_SESSIONS_PER_INTERVAL;
- am->fa_max_deleted_sessions_per_interval =
- ACL_FA_DEFAULT_MAX_DELETED_SESSIONS_PER_INTERVAL;
- am->fa_cleaner_wait_time_increment =
- ACL_FA_DEFAULT_CLEANER_WAIT_TIME_INCREMENT;
-
am->fa_cleaner_cnt_delete_by_sw_index = 0;
am->fa_cleaner_cnt_delete_by_sw_index_ok = 0;
am->fa_cleaner_cnt_unknown_event = 0;
/* use the new fancy hash-based matching */
am->use_hash_acl_matching = 1;
+ /* use tuplemerge by default */
+ am->use_tuple_merge = 1;
+ /* Set the default threshold */
+ am->tuple_merge_split_threshold = TM_SPLIT_THRESHOLD;
am->interface_acl_user_id = ~0; /* defer till the first use */