#include <vnet/pg/pg.h>
#include <vppinfra/error.h>
#include <acl/acl.h>
-#include "bihash_40_8.h"
+#include <vppinfra/bihash_40_8.h>
#include <vppinfra/bihash_template.h>
#include <vppinfra/bihash_template.c>
u8 action;
} acl_fa_trace_t;
+static u8 *
+format_fa_5tuple (u8 * s, va_list * args)
+{
+ fa_5tuple_t *p5t = va_arg (*args, fa_5tuple_t *);
+
+ return format(s, "%s sw_if_index %d (lsb16 %d) l3 %s%s %U -> %U"
+ " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
+ p5t->pkt.is_input ? "input" : "output",
+ p5t->pkt.sw_if_index, p5t->l4.lsb_of_sw_if_index, p5t->pkt.is_ip6 ? "ip6" : "ip4",
+ p5t->pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
+ format_ip46_address, &p5t->addr[0], p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
+ format_ip46_address, &p5t->addr[1], p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
+ p5t->l4.proto, p5t->pkt.l4_valid,
+ p5t->l4.port[0], p5t->l4.port[1],
+ p5t->pkt.tcp_flags_valid ? "valid": "invalid",
+ p5t->pkt.tcp_flags,
+ p5t->pkt.flags_reserved);
+}
+
+u8 *
+format_acl_plugin_5tuple (u8 * s, va_list * args)
+{
+ return format_fa_5tuple(s, args);
+}
+
/* packet trace format function */
static u8 *
format_acl_fa_trace (u8 * s, va_list * args)
t->match_rule_index, t->trace_bitmap,
t->packet_info[0], t->packet_info[1], t->packet_info[2],
t->packet_info[3], t->packet_info[4], t->packet_info[5]);
+
+ /* Now also print out the packet_info in a form usable by humans */
+ s = format (s, "\n %U", format_fa_5tuple, t->packet_info);
return s;
}
clib_warning
("ACL_FA_NODE_DBG acl %d rule %d pkt dst addr %U match rule addr %U/%d",
acl_index, i, format_ip46_address, &pkt_5tuple->addr[1],
- IP46_TYPE_ANY, format_ip46_address, &r->dst, IP46_TYPE_ANY,
+ r->is_ipv6 ? IP46_TYPE_IP6: IP46_TYPE_IP4, format_ip46_address,
+ &r->dst, r->is_ipv6 ? IP46_TYPE_IP6: IP46_TYPE_IP4,
r->dst_prefixlen);
#endif
clib_warning
("ACL_FA_NODE_DBG acl %d rule %d pkt src addr %U match rule addr %U/%d",
acl_index, i, format_ip46_address, &pkt_5tuple->addr[0],
- IP46_TYPE_ANY, format_ip46_address, &r->src, IP46_TYPE_ANY,
+ r->is_ipv6 ? IP46_TYPE_IP6: IP46_TYPE_IP4, format_ip46_address,
+ &r->src, r->is_ipv6 ? IP46_TYPE_IP6: IP46_TYPE_IP4,
r->src_prefixlen);
clib_warning
("ACL_FA_NODE_DBG acl %d rule %d trying to match pkt proto %d with rule %d",
acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
int is_input, int is_l2_path, fa_5tuple_t * p5tuple_pkt)
{
- int l3_offset = ethernet_buffer_header_size(b0);
+ int l3_offset;
int l4_offset;
u16 ports[2];
u16 proto;
+
/* IP4 and IP6 protocol numbers of ICMP */
static u8 icmp_protos[] = { IP_PROTOCOL_ICMP, IP_PROTOCOL_ICMP6 };
- if (is_input && !(is_l2_path))
+ if (is_l2_path)
{
- l3_offset = 0;
+ l3_offset = ethernet_buffer_header_size(b0);
+ }
+ else
+ {
+ if (is_input)
+ l3_offset = 0;
+ else
+ l3_offset = vnet_buffer(b0)->ip.save_rewrite_length;
}
/* key[0..3] contains src/dst address and is cleared/set below */
pw->interrupt_is_unwanted = 0;
}
}
+ pw->interrupt_generation = am->fa_interrupt_generation;
return 0;
}
am->fa_current_cleaner_timer_wait_interval = max_timer_wait_interval;
am->fa_cleaner_node_index = acl_fa_session_cleaner_process_node.index;
-
+ am->fa_interrupt_generation = 1;
while (1)
{
now = clib_cpu_time_now ();
clib_warning("ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX bitmap: %U", format_bitmap_hex, clear_sw_if_index_bitmap);
#endif
vec_foreach(pw0, am->per_worker_data) {
- if ((pw0 == am->per_worker_data) && (vec_len(vlib_mains) > 1)) {
- /* thread 0 in multithreaded scenario is not used */
- continue;
- }
CLIB_MEMORY_BARRIER ();
while (pw0->clear_in_process) {
CLIB_MEMORY_BARRIER ();
clib_warning("CLEANER mains len: %d per-worker len: %d", vec_len(vlib_mains), vec_len(am->per_worker_data));
#endif
vec_foreach(pw0, am->per_worker_data) {
- if ((pw0 == am->per_worker_data) && (vec_len(vlib_mains) > 1)) {
- /* thread 0 in multithreaded scenario is not used */
- continue;
- }
CLIB_MEMORY_BARRIER ();
while (pw0->clear_in_process) {
CLIB_MEMORY_BARRIER ();
if (event_data)
_vec_len (event_data) = 0;
+ /*
+ * If the interrupts were not processed yet, ensure we wait a bit,
+ * but up to a point.
+ */
+ int need_more_wait = 0;
+ int max_wait_cycles = 100;
+ do {
+ need_more_wait = 0;
+ vec_foreach(pw0, am->per_worker_data) {
+ if (pw0->interrupt_generation != am->fa_interrupt_generation) {
+ need_more_wait = 1;
+ }
+ }
+ if (need_more_wait) {
+ vlib_process_suspend(vm, 0.0001);
+ }
+ } while (need_more_wait && (--max_wait_cycles > 0));
int interrupts_needed = 0;
int interrupts_unwanted = 0;
vec_foreach(pw0, am->per_worker_data) {
- if ((pw0 == am->per_worker_data) && (vec_len(vlib_mains) > 1)) {
- /* thread 0 in multithreaded scenario is not used */
- continue;
- }
if (pw0->interrupt_is_needed) {
interrupts_needed++;
/* the per-worker value is reset when sending the interrupt */
am->fa_current_cleaner_timer_wait_interval += cpu_cps * am->fa_cleaner_wait_time_increment;
}
am->fa_cleaner_cnt_event_cycles++;
+ am->fa_interrupt_generation++;
}
/* NOT REACHED */
return 0;