X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Facl%2Fdataplane_node.c;h=499ad163699c9d5bec7eb24486dda8604dd51467;hb=22f9fb1286d2469819cfcef68ffdc258f4d52c24;hp=5393091f26ff24ec4385614932641c7d8434930a;hpb=1dc1b9c5314f5cdc3312475bcac233109c69c6d9;p=vpp.git diff --git a/src/plugins/acl/dataplane_node.c b/src/plugins/acl/dataplane_node.c index 5393091f26f..499ad163699 100644 --- a/src/plugins/acl/dataplane_node.c +++ b/src/plugins/acl/dataplane_node.c @@ -82,7 +82,6 @@ acl_fa_node_fn (vlib_main_t * vm, u32 trace_bitmap = 0; acl_main_t *am = &acl_main; fa_5tuple_t fa_5tuple; - clib_bihash_kv_40_8_t value_sess; vlib_node_runtime_t *error_node; u64 now = clib_cpu_time_now (); uword thread_index = os_get_thread_index (); @@ -137,8 +136,8 @@ acl_fa_node_fn (vlib_main_t * vm, * Extract the L3/L4 matching info into a 5-tuple structure. */ - acl_plugin_fill_5tuple_inline (lc_index0, b[0], is_ip6, is_input, - is_l2_path, + acl_plugin_fill_5tuple_inline (&acl_main, lc_index0, b[0], is_ip6, + is_input, is_l2_path, (fa_5tuple_opaque_t *) & fa_5tuple); fa_5tuple.l4.lsb_of_sw_if_index = sw_if_index0 & 0xffff; fa_5tuple.pkt.mask_type_index_lsb = ~0; @@ -153,13 +152,16 @@ acl_fa_node_fn (vlib_main_t * vm, if (acl_fa_ifc_has_sessions (am, sw_if_index0)) { - if (acl_fa_find_session (am, sw_if_index0, &fa_5tuple, &value_sess)) + u64 value_sess = ~0ULL; + if (acl_fa_find_session + (am, is_ip6, sw_if_index0, &fa_5tuple, &value_sess) + && (value_sess != ~0ULL)) { trace_bitmap |= 0x80000000; error0 = ACL_FA_ERROR_ACL_EXIST_SESSION; fa_full_session_id_t f_sess_id; - f_sess_id.as_u64 = value_sess.value; + f_sess_id.as_u64 = value_sess; ASSERT (f_sess_id.thread_index < vec_len (vlib_mains)); fa_session_t *sess = @@ -215,10 +217,12 @@ acl_fa_node_fn (vlib_main_t * vm, sw_if_index0); vec_elt (pw->fa_session_epoch_change_by_sw_if_index, sw_if_index0)++; - if (acl_fa_conn_list_delete_session (am, f_sess_id)) + if (acl_fa_conn_list_delete_session + (am, f_sess_id, now)) { /* delete the session only if we were able to unlink it */ - acl_fa_delete_session (am, sw_if_index0, f_sess_id); + acl_fa_two_stage_delete_session (am, sw_if_index0, + f_sess_id, now); } acl_check_needed = 1; trace_bitmap |= 0x40000000; @@ -230,7 +234,7 @@ acl_fa_node_fn (vlib_main_t * vm, if (acl_check_needed) { action = 0; /* deny by default */ - acl_plugin_match_5tuple_inline (lc_index0, + acl_plugin_match_5tuple_inline (&acl_main, lc_index0, (fa_5tuple_opaque_t *) & fa_5tuple, is_ip6, &action, &match_acl_pos, @@ -243,7 +247,7 @@ acl_fa_node_fn (vlib_main_t * vm, { if (!acl_fa_can_add_session (am, is_input, sw_if_index0)) acl_fa_try_recycle_session (am, is_input, thread_index, - sw_if_index0); + sw_if_index0, now); if (acl_fa_can_add_session (am, is_input, sw_if_index0)) { @@ -289,12 +293,12 @@ acl_fa_node_fn (vlib_main_t * vm, t->next_index = next0; t->match_acl_in_index = match_acl_in_index; t->match_rule_index = match_rule_index; - t->packet_info[0] = fa_5tuple.kv.key[0]; - t->packet_info[1] = fa_5tuple.kv.key[1]; - t->packet_info[2] = fa_5tuple.kv.key[2]; - t->packet_info[3] = fa_5tuple.kv.key[3]; - t->packet_info[4] = fa_5tuple.kv.key[4]; - t->packet_info[5] = fa_5tuple.kv.value; + t->packet_info[0] = fa_5tuple.kv_40_8.key[0]; + t->packet_info[1] = fa_5tuple.kv_40_8.key[1]; + t->packet_info[2] = fa_5tuple.kv_40_8.key[2]; + t->packet_info[3] = fa_5tuple.kv_40_8.key[3]; + t->packet_info[4] = fa_5tuple.kv_40_8.key[4]; + t->packet_info[5] = fa_5tuple.kv_40_8.value; t->action = action; t->trace_bitmap = trace_bitmap; } @@ -327,36 +331,10 @@ acl_fa_node_fn (vlib_main_t * vm, return frame->n_vectors; } -vlib_node_function_t __clib_weak acl_in_ip4_l2_node_fn_avx512; -vlib_node_function_t __clib_weak acl_in_ip4_l2_node_fn_avx2; - -vlib_node_function_t __clib_weak acl_out_ip4_l2_node_fn_avx512; -vlib_node_function_t __clib_weak acl_out_ip4_l2_node_fn_avx2; - -vlib_node_function_t __clib_weak acl_in_ip6_l2_node_fn_avx512; -vlib_node_function_t __clib_weak acl_in_ip6_l2_node_fn_avx2; - -vlib_node_function_t __clib_weak acl_out_ip6_l2_node_fn_avx512; -vlib_node_function_t __clib_weak acl_out_ip6_l2_node_fn_avx2; - -vlib_node_function_t __clib_weak acl_in_ip4_fa_node_fn_avx512; -vlib_node_function_t __clib_weak acl_in_ip4_fa_node_fn_avx2; - -vlib_node_function_t __clib_weak acl_out_ip4_fa_node_fn_avx512; -vlib_node_function_t __clib_weak acl_out_ip4_fa_node_fn_avx2; - -vlib_node_function_t __clib_weak acl_in_ip6_fa_node_fn_avx512; -vlib_node_function_t __clib_weak acl_in_ip6_fa_node_fn_avx2; - -vlib_node_function_t __clib_weak acl_out_ip6_fa_node_fn_avx512; -vlib_node_function_t __clib_weak acl_out_ip6_fa_node_fn_avx2; - - vlib_node_registration_t acl_in_l2_ip6_node; -uword CLIB_CPU_OPTIMIZED -CLIB_MULTIARCH_FN (acl_in_ip6_l2_node_fn) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (acl_in_l2_ip6_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) { acl_main_t *am = &acl_main; return acl_fa_node_fn (vm, node, frame, 1, 1, 1, @@ -365,10 +343,9 @@ CLIB_MULTIARCH_FN (acl_in_ip6_l2_node_fn) (vlib_main_t * vm, } vlib_node_registration_t acl_in_l2_ip4_node; -uword CLIB_CPU_OPTIMIZED -CLIB_MULTIARCH_FN (acl_in_ip4_l2_node_fn) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (acl_in_l2_ip4_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) { acl_main_t *am = &acl_main; return acl_fa_node_fn (vm, node, frame, 0, 1, 1, @@ -377,10 +354,9 @@ CLIB_MULTIARCH_FN (acl_in_ip4_l2_node_fn) (vlib_main_t * vm, } vlib_node_registration_t acl_out_l2_ip6_node; -uword CLIB_CPU_OPTIMIZED -CLIB_MULTIARCH_FN (acl_out_ip6_l2_node_fn) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (acl_out_l2_ip6_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) { acl_main_t *am = &acl_main; return acl_fa_node_fn (vm, node, frame, 1, 0, 1, @@ -389,10 +365,9 @@ CLIB_MULTIARCH_FN (acl_out_ip6_l2_node_fn) (vlib_main_t * vm, } vlib_node_registration_t acl_out_l2_ip4_node; -uword CLIB_CPU_OPTIMIZED -CLIB_MULTIARCH_FN (acl_out_ip4_l2_node_fn) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (acl_out_l2_ip4_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) { acl_main_t *am = &acl_main; return acl_fa_node_fn (vm, node, frame, 0, 0, 1, @@ -403,111 +378,67 @@ CLIB_MULTIARCH_FN (acl_out_ip4_l2_node_fn) (vlib_main_t * vm, /**** L3 processing path nodes ****/ vlib_node_registration_t acl_in_fa_ip6_node; -uword CLIB_CPU_OPTIMIZED -CLIB_MULTIARCH_FN (acl_in_ip6_fa_node_fn) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (acl_in_fa_ip6_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) { return acl_fa_node_fn (vm, node, frame, 1, 1, 0, 0, &acl_in_fa_ip6_node); } vlib_node_registration_t acl_in_fa_ip4_node; -uword CLIB_CPU_OPTIMIZED -CLIB_MULTIARCH_FN (acl_in_ip4_fa_node_fn) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (acl_in_fa_ip4_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) { return acl_fa_node_fn (vm, node, frame, 0, 1, 0, 0, &acl_in_fa_ip4_node); } vlib_node_registration_t acl_out_fa_ip6_node; -uword CLIB_CPU_OPTIMIZED -CLIB_MULTIARCH_FN (acl_out_ip6_fa_node_fn) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (acl_out_fa_ip6_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) { return acl_fa_node_fn (vm, node, frame, 1, 0, 0, 0, &acl_out_fa_ip6_node); } vlib_node_registration_t acl_out_fa_ip4_node; -uword CLIB_CPU_OPTIMIZED -CLIB_MULTIARCH_FN (acl_out_ip4_fa_node_fn) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (acl_out_fa_ip4_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) { return acl_fa_node_fn (vm, node, frame, 0, 0, 0, 0, &acl_out_fa_ip4_node); } - - -#if __x86_64__ -static void __clib_constructor -acl_plugin_multiarch_select (void) -{ - if (acl_in_ip4_l2_node_fn_avx512 && clib_cpu_supports_avx512f ()) - acl_in_l2_ip4_node.function = acl_in_ip4_l2_node_fn_avx512; - else if (acl_in_ip4_l2_node_fn_avx2 && clib_cpu_supports_avx2 ()) - acl_in_l2_ip4_node.function = acl_in_ip4_l2_node_fn_avx2; - - if (acl_out_ip4_l2_node_fn_avx512 && clib_cpu_supports_avx512f ()) - acl_out_l2_ip4_node.function = acl_out_ip4_l2_node_fn_avx512; - else if (acl_out_ip4_l2_node_fn_avx2 && clib_cpu_supports_avx2 ()) - acl_out_l2_ip4_node.function = acl_out_ip4_l2_node_fn_avx2; - - if (acl_in_ip6_l2_node_fn_avx512 && clib_cpu_supports_avx512f ()) - acl_in_l2_ip6_node.function = acl_in_ip6_l2_node_fn_avx512; - else if (acl_in_ip6_l2_node_fn_avx2 && clib_cpu_supports_avx2 ()) - acl_in_l2_ip6_node.function = acl_in_ip6_l2_node_fn_avx2; - - if (acl_out_ip6_l2_node_fn_avx512 && clib_cpu_supports_avx512f ()) - acl_out_l2_ip6_node.function = acl_out_ip6_l2_node_fn_avx512; - else if (acl_out_ip6_l2_node_fn_avx2 && clib_cpu_supports_avx2 ()) - acl_out_l2_ip6_node.function = acl_out_ip6_l2_node_fn_avx2; - - if (acl_in_ip4_fa_node_fn_avx512 && clib_cpu_supports_avx512f ()) - acl_in_fa_ip4_node.function = acl_in_ip4_fa_node_fn_avx512; - else if (acl_in_ip4_fa_node_fn_avx2 && clib_cpu_supports_avx2 ()) - acl_in_fa_ip4_node.function = acl_in_ip4_fa_node_fn_avx2; - - if (acl_out_ip4_fa_node_fn_avx512 && clib_cpu_supports_avx512f ()) - acl_out_fa_ip4_node.function = acl_out_ip4_fa_node_fn_avx512; - else if (acl_out_ip4_fa_node_fn_avx2 && clib_cpu_supports_avx2 ()) - acl_out_fa_ip4_node.function = acl_out_ip4_fa_node_fn_avx2; - - if (acl_in_ip6_fa_node_fn_avx512 && clib_cpu_supports_avx512f ()) - acl_in_fa_ip6_node.function = acl_in_ip6_fa_node_fn_avx512; - else if (acl_in_ip6_fa_node_fn_avx2 && clib_cpu_supports_avx2 ()) - acl_in_fa_ip6_node.function = acl_in_ip6_fa_node_fn_avx2; - - if (acl_out_ip6_fa_node_fn_avx512 && clib_cpu_supports_avx512f ()) - acl_out_fa_ip6_node.function = acl_out_ip6_fa_node_fn_avx512; - else if (acl_out_ip6_fa_node_fn_avx2 && clib_cpu_supports_avx2 ()) - acl_out_fa_ip6_node.function = acl_out_ip6_fa_node_fn_avx2; - -} -#endif - - - -#ifndef CLIB_MULTIARCH_VARIANT +#ifndef CLIB_MARCH_VARIANT static u8 * format_fa_5tuple (u8 * s, va_list * args) { fa_5tuple_t *p5t = va_arg (*args, fa_5tuple_t *); - return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U" - " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x", - p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index, - p5t->pkt.is_ip6 ? "ip6" : "ip4", - p5t->pkt.is_nonfirst_fragment ? " non-initial fragment" : "", - format_ip46_address, &p5t->addr[0], - p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4, - format_ip46_address, &p5t->addr[1], - p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4, - p5t->l4.proto, p5t->pkt.l4_valid, p5t->l4.port[0], - p5t->l4.port[1], - p5t->pkt.tcp_flags_valid ? "valid" : "invalid", - p5t->pkt.tcp_flags, p5t->pkt.flags_reserved); + if (p5t->pkt.is_ip6) + return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U" + " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x", + p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index, + "ip6", + p5t-> + pkt.is_nonfirst_fragment ? " non-initial fragment" : "", + format_ip6_address, &p5t->ip6_addr[0], format_ip6_address, + &p5t->ip6_addr[1], p5t->l4.proto, p5t->pkt.l4_valid, + p5t->l4.port[0], p5t->l4.port[1], + p5t->pkt.tcp_flags_valid ? "valid" : "invalid", + p5t->pkt.tcp_flags, p5t->pkt.flags_reserved); + else + return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U" + " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x", + p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index, + "ip4", + p5t-> + pkt.is_nonfirst_fragment ? " non-initial fragment" : "", + format_ip4_address, &p5t->ip4_addr[0], format_ip4_address, + &p5t->ip4_addr[1], p5t->l4.proto, p5t->pkt.l4_valid, + p5t->l4.port[0], p5t->l4.port[1], + p5t->pkt.tcp_flags_valid ? "valid" : "invalid", + p5t->pkt.tcp_flags, p5t->pkt.flags_reserved); } u8 * @@ -549,7 +480,6 @@ static char *acl_fa_error_strings[] = { VLIB_REGISTER_NODE (acl_in_l2_ip6_node) = { - .function = acl_in_ip6_l2_node_fn, .name = "acl-plugin-in-ip6-l2", .vector_size = sizeof (u32), .format_trace = format_acl_plugin_trace, @@ -565,7 +495,6 @@ VLIB_REGISTER_NODE (acl_in_l2_ip6_node) = VLIB_REGISTER_NODE (acl_in_l2_ip4_node) = { - .function = acl_in_ip4_l2_node_fn, .name = "acl-plugin-in-ip4-l2", .vector_size = sizeof (u32), .format_trace = format_acl_plugin_trace, @@ -581,7 +510,6 @@ VLIB_REGISTER_NODE (acl_in_l2_ip4_node) = VLIB_REGISTER_NODE (acl_out_l2_ip6_node) = { - .function = acl_out_ip6_l2_node_fn, .name = "acl-plugin-out-ip6-l2", .vector_size = sizeof (u32), .format_trace = format_acl_plugin_trace, @@ -597,7 +525,6 @@ VLIB_REGISTER_NODE (acl_out_l2_ip6_node) = VLIB_REGISTER_NODE (acl_out_l2_ip4_node) = { - .function = acl_out_ip4_l2_node_fn, .name = "acl-plugin-out-ip4-l2", .vector_size = sizeof (u32), .format_trace = format_acl_plugin_trace, @@ -614,7 +541,6 @@ VLIB_REGISTER_NODE (acl_out_l2_ip4_node) = VLIB_REGISTER_NODE (acl_in_fa_ip6_node) = { - .function = acl_in_ip6_fa_node_fn, .name = "acl-plugin-in-ip6-fa", .vector_size = sizeof (u32), .format_trace = format_acl_plugin_trace, @@ -637,7 +563,6 @@ VNET_FEATURE_INIT (acl_in_ip6_fa_feature, static) = VLIB_REGISTER_NODE (acl_in_fa_ip4_node) = { - .function = acl_in_ip4_fa_node_fn, .name = "acl-plugin-in-ip4-fa", .vector_size = sizeof (u32), .format_trace = format_acl_plugin_trace, @@ -661,7 +586,6 @@ VNET_FEATURE_INIT (acl_in_ip4_fa_feature, static) = VLIB_REGISTER_NODE (acl_out_fa_ip6_node) = { - .function = acl_out_ip6_fa_node_fn, .name = "acl-plugin-out-ip6-fa", .vector_size = sizeof (u32), .format_trace = format_acl_plugin_trace, @@ -684,7 +608,6 @@ VNET_FEATURE_INIT (acl_out_ip6_fa_feature, static) = VLIB_REGISTER_NODE (acl_out_fa_ip4_node) = { - .function = acl_out_ip4_fa_node_fn, .name = "acl-plugin-out-ip4-fa", .vector_size = sizeof (u32), .format_trace = format_acl_plugin_trace,