acl-plugin: fill in the 5tuple structure all at once, avoid short writes
[vpp.git] / src / plugins / acl / dataplane_node.c
index f1ed4c2..00cad47 100644 (file)
@@ -66,6 +66,18 @@ typedef enum
 
 /* *INDENT-ON* */
 
+always_inline u16
+get_current_policy_epoch (acl_main_t * am, int is_input, u32 sw_if_index0)
+{
+  u32 **p_epoch_vec =
+    is_input ? &am->input_policy_epoch_by_sw_if_index :
+    &am->output_policy_epoch_by_sw_if_index;
+  u16 current_policy_epoch =
+    sw_if_index0 < vec_len (*p_epoch_vec) ? vec_elt (*p_epoch_vec,
+                                                    sw_if_index0)
+    : (is_input * FA_POLICY_EPOCH_IS_INPUT);
+  return current_policy_epoch;
+}
 
 always_inline uword
 acl_fa_node_fn (vlib_main_t * vm,
@@ -82,7 +94,6 @@ acl_fa_node_fn (vlib_main_t * vm,
   u32 trace_bitmap = 0;
   acl_main_t *am = &acl_main;
   fa_5tuple_t fa_5tuple;
-  clib_bihash_kv_40_8_t value_sess;
   vlib_node_runtime_t *error_node;
   u64 now = clib_cpu_time_now ();
   uword thread_index = os_get_thread_index ();
@@ -125,23 +136,17 @@ acl_fa_node_fn (vlib_main_t * vm,
       else
        lc_index0 = am->output_lc_index_by_sw_if_index[sw_if_index0];
 
-
-      u32 **p_epoch_vec =
-       is_input ? &am->input_policy_epoch_by_sw_if_index :
-       &am->output_policy_epoch_by_sw_if_index;
       u16 current_policy_epoch =
-       sw_if_index0 < vec_len (*p_epoch_vec) ? vec_elt (*p_epoch_vec,
-                                                        sw_if_index0)
-       : (is_input * FA_POLICY_EPOCH_IS_INPUT);
+       get_current_policy_epoch (am, is_input, sw_if_index0);
+
+
       /*
        * Extract the L3/L4 matching info into a 5-tuple structure.
        */
 
-      acl_plugin_fill_5tuple_inline (lc_index0, b[0], is_ip6, is_input,
-                                    is_l2_path,
-                                    (fa_5tuple_opaque_t *) & fa_5tuple);
-      fa_5tuple.l4.lsb_of_sw_if_index = sw_if_index0 & 0xffff;
-      fa_5tuple.pkt.mask_type_index_lsb = ~0;
+      acl_fill_5tuple (&acl_main, sw_if_index0, b[0], is_ip6,
+                      is_input, is_l2_path, &fa_5tuple);
+
 #ifdef FA_NODE_VERBOSE_DEBUG
       clib_warning
        ("ACL_FA_NODE_DBG: packet 5-tuple %016llx %016llx %016llx %016llx %016llx %016llx",
@@ -153,14 +158,16 @@ acl_fa_node_fn (vlib_main_t * vm,
 
       if (acl_fa_ifc_has_sessions (am, sw_if_index0))
        {
-         if (acl_fa_find_session (am, sw_if_index0, &fa_5tuple, &value_sess)
-             && (value_sess.value != ~0ULL))
+         u64 value_sess = ~0ULL;
+         if (acl_fa_find_session
+             (am, is_ip6, sw_if_index0, &fa_5tuple, &value_sess)
+             && (value_sess != ~0ULL))
            {
              trace_bitmap |= 0x80000000;
              error0 = ACL_FA_ERROR_ACL_EXIST_SESSION;
              fa_full_session_id_t f_sess_id;
 
-             f_sess_id.as_u64 = value_sess.value;
+             f_sess_id.as_u64 = value_sess;
              ASSERT (f_sess_id.thread_index < vec_len (vlib_mains));
 
              fa_session_t *sess =
@@ -233,7 +240,7 @@ acl_fa_node_fn (vlib_main_t * vm,
       if (acl_check_needed)
        {
          action = 0;           /* deny by default */
-         acl_plugin_match_5tuple_inline (lc_index0,
+         acl_plugin_match_5tuple_inline (&acl_main, lc_index0,
                                          (fa_5tuple_opaque_t *) &
                                          fa_5tuple, is_ip6, &action,
                                          &match_acl_pos,
@@ -274,7 +281,7 @@ acl_fa_node_fn (vlib_main_t * vm,
          if (is_l2_path)
            next0 = vnet_l2_feature_next (b[0], l2_feat_next_node_index, 0);
          else
-           vnet_feature_next (sw_if_index0, &next0, b[0]);
+           vnet_feature_next (&next0, b[0]);
        }
 #ifdef FA_NODE_VERBOSE_DEBUG
       clib_warning
@@ -292,12 +299,12 @@ acl_fa_node_fn (vlib_main_t * vm,
          t->next_index = next0;
          t->match_acl_in_index = match_acl_in_index;
          t->match_rule_index = match_rule_index;
-         t->packet_info[0] = fa_5tuple.kv.key[0];
-         t->packet_info[1] = fa_5tuple.kv.key[1];
-         t->packet_info[2] = fa_5tuple.kv.key[2];
-         t->packet_info[3] = fa_5tuple.kv.key[3];
-         t->packet_info[4] = fa_5tuple.kv.key[4];
-         t->packet_info[5] = fa_5tuple.kv.value;
+         t->packet_info[0] = fa_5tuple.kv_40_8.key[0];
+         t->packet_info[1] = fa_5tuple.kv_40_8.key[1];
+         t->packet_info[2] = fa_5tuple.kv_40_8.key[2];
+         t->packet_info[3] = fa_5tuple.kv_40_8.key[3];
+         t->packet_info[4] = fa_5tuple.kv_40_8.key[4];
+         t->packet_info[5] = fa_5tuple.kv_40_8.value;
          t->action = action;
          t->trace_bitmap = trace_bitmap;
        }
@@ -414,19 +421,30 @@ format_fa_5tuple (u8 * s, va_list * args)
 {
   fa_5tuple_t *p5t = va_arg (*args, fa_5tuple_t *);
 
-  return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U"
-                " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
-                p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index,
-                p5t->pkt.is_ip6 ? "ip6" : "ip4",
-                p5t->pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
-                format_ip46_address, &p5t->addr[0],
-                p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
-                format_ip46_address, &p5t->addr[1],
-                p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
-                p5t->l4.proto, p5t->pkt.l4_valid, p5t->l4.port[0],
-                p5t->l4.port[1],
-                p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
-                p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
+  if (p5t->pkt.is_ip6)
+    return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U"
+                  " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
+                  p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index,
+                  "ip6",
+                  p5t->
+                  pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
+                  format_ip6_address, &p5t->ip6_addr[0], format_ip6_address,
+                  &p5t->ip6_addr[1], p5t->l4.proto, p5t->pkt.l4_valid,
+                  p5t->l4.port[0], p5t->l4.port[1],
+                  p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
+                  p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
+  else
+    return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U"
+                  " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
+                  p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index,
+                  "ip4",
+                  p5t->
+                  pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
+                  format_ip4_address, &p5t->ip4_addr[0], format_ip4_address,
+                  &p5t->ip4_addr[1], p5t->l4.proto, p5t->pkt.l4_valid,
+                  p5t->l4.port[0], p5t->l4.port[1],
+                  p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
+                  p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
 }
 
 u8 *