u8 action;
} acl_fa_trace_t;
-/* *INDENT-OFF* */
#define foreach_acl_fa_error \
_(ACL_DROP, "ACL deny packets") \
_(ACL_PERMIT, "ACL permit packets") \
ACL_FA_N_ERROR,
} acl_fa_error_t;
-/* *INDENT-ON* */
always_inline u16
get_current_policy_epoch (acl_main_t * am, int is_input, u32 sw_if_index0)
{
fa_session_t *sess = get_session_ptr_no_check (am, f_sess_id.thread_index,
f_sess_id.session_index);
- CLIB_PREFETCH (sess, 2 * CLIB_CACHE_LINE_BYTES, STORE);
+ CLIB_PREFETCH (sess, sizeof (*sess), STORE);
}
always_inline u8
for (ii = ACL_PLUGIN_PREFETCH_GAP * vec_sz;
ii < (ACL_PLUGIN_PREFETCH_GAP + 1) * vec_sz; ii++)
{
- CLIB_PREFETCH (b[ii], CLIB_CACHE_LINE_BYTES, LOAD);
+ clib_prefetch_load (b[ii]);
CLIB_PREFETCH (b[ii]->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
}
}
int with_stateful_datapath, int node_trace_on,
int reclassify_sessions)
{
- u32 n_left, *from;
+ u32 n_left;
u32 pkts_exist_session = 0;
u32 pkts_new_session = 0;
u32 pkts_acl_permit = 0;
u32 saved_packet_count = 0;
u32 saved_byte_count = 0;
- from = vlib_frame_vector_args (frame);
error_node = vlib_node_get_runtime (vm, node->node_index);
no_error_existing_session =
error_node->errors[ACL_FA_ERROR_ACL_EXIST_SESSION];
{
trace_bitmap |= 0x80000000;
}
- ASSERT (f_sess_id.thread_index < vec_len (vlib_mains));
+ ASSERT (f_sess_id.thread_index < vlib_get_n_threads ());
b[0]->error = no_error_existing_session;
acl_check_needed = 0;
pkts_exist_session += 1;
}
}
- vlib_buffer_enqueue_to_next (vm, node, from, pw->nexts, frame->n_vectors);
-
/*
* if we were had an acl match then we have a counter to increment.
* else it is all zeroes, so this will be harmless.
{
/* select the reclassify/no-reclassify version of the datapath */
acl_main_t *am = &acl_main;
+ acl_fa_per_worker_data_t *pw = &am->per_worker_data[vm->thread_index];
+ uword rv;
if (am->fa_sessions_hash_is_initialized)
- return acl_fa_outer_node_fn (vm, node, frame, is_ip6, is_input,
- is_l2_path, 1);
+ rv = acl_fa_outer_node_fn (vm, node, frame, is_ip6, is_input,
+ is_l2_path, 1);
else
- return acl_fa_outer_node_fn (vm, node, frame, is_ip6, is_input,
- is_l2_path, 0);
+ rv = acl_fa_outer_node_fn (vm, node, frame, is_ip6, is_input,
+ is_l2_path, 0);
+
+ vlib_buffer_enqueue_to_next (vm, node, vlib_frame_vector_args (frame),
+ pw->nexts, frame->n_vectors);
+ return rv;
}
return s;
}
-/* *INDENT-OFF* */
static char *acl_fa_error_strings[] = {
#define _(sym,string) string,
}
};
-VNET_FEATURE_INIT (acl_out_ip6_fa_feature, static) =
-{
+VNET_FEATURE_INIT (acl_out_ip6_fa_feature, static) = {
.arc_name = "ip6-output",
.node_name = "acl-plugin-out-ip6-fa",
- .runs_before = VNET_FEATURES ("interface-output"),
+ .runs_before = VNET_FEATURES ("ip6-dvr-reinject", "interface-output"),
};
VLIB_REGISTER_NODE (acl_out_fa_ip4_node) =
}
};
-VNET_FEATURE_INIT (acl_out_ip4_fa_feature, static) =
-{
+VNET_FEATURE_INIT (acl_out_ip4_fa_feature, static) = {
.arc_name = "ip4-output",
.node_name = "acl-plugin-out-ip4-fa",
- .runs_before = VNET_FEATURES ("interface-output"),
+ .runs_before = VNET_FEATURES ("ip4-dvr-reinject", "interface-output"),
};
-/* *INDENT-ON* */
/*
* fd.io coding-style-patch-verification: ON
Code Review / vpp.git / blobdiff