X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blobdiff_plain;f=src%2Fplugins%2Facl%2Facl.c;h=1e040b6a0363b532cec10a04db7494a3e45fcd9e;hp=2af2d7a8b709c4b51695a789233a53a61617f820;hb=bb5d22d;hpb=c1f87942da3f6daeb4c30002929828e86035cee2 diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index 2af2d7a8b70..1e040b6a036 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -85,7 +85,8 @@ _(MACIP_ACL_DUMP, macip_acl_dump) \ _(MACIP_ACL_INTERFACE_GET, macip_acl_interface_get) \ _(MACIP_ACL_INTERFACE_LIST_DUMP, macip_acl_interface_list_dump) \ _(ACL_INTERFACE_SET_ETYPE_WHITELIST, acl_interface_set_etype_whitelist) \ -_(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump) +_(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump) \ +_(ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES,acl_plugin_get_conn_table_max_entries) /* *INDENT-OFF* */ @@ -212,7 +213,7 @@ vl_api_acl_plugin_get_version_t_handler (vl_api_acl_plugin_get_version_t * mp) return; rmp = vl_msg_api_alloc (msg_size); - memset (rmp, 0, msg_size); + clib_memset (rmp, 0, msg_size); rmp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_VERSION_REPLY + am->msg_id_base); rmp->context = mp->context; @@ -266,7 +267,7 @@ acl_print_acl_x (acl_vector_print_func_t vpr, vlib_main_t * vm, for (j = 0; j < am->acls[acl_index].count; j++) { r = &am->acls[acl_index].rules[j]; - out0 = format (out0, " %4d: %s ", j, r->is_ipv6 ? "ipv6" : "ipv4"); + out0 = format (out0, " %9d: %s ", j, r->is_ipv6 ? "ipv6" : "ipv4"); out0 = format_acl_action (out0, r->is_permit); out0 = format (out0, " src %U/%d", format_ip46_address, &r->src, r->is_ipv6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4, @@ -296,6 +297,32 @@ acl_print_acl_x (acl_vector_print_func_t vpr, vlib_main_t * vm, } } +static void + vl_api_acl_plugin_get_conn_table_max_entries_t_handler + (vl_api_acl_plugin_get_conn_table_max_entries_t * mp) +{ + acl_main_t *am = &acl_main; + vl_api_acl_plugin_get_conn_table_max_entries_reply_t *rmp; + int msg_size = sizeof (*rmp); + unix_shared_memory_queue_t *q; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + { + return; + } + + rmp = vl_msg_api_alloc (msg_size); + memset (rmp, 0, msg_size); + rmp->_vl_msg_id = + ntohs (VL_API_ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES_REPLY + + am->msg_id_base); + rmp->context = mp->context; + rmp->conn_table_max_entries = __bswap_64 (am->fa_conn_table_max_entries); + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + static void acl_print_acl (vlib_main_t * vm, acl_main_t * am, int acl_index) { @@ -390,7 +417,7 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[], for (i = 0; i < count; i++) { r = vec_elt_at_index (acl_new_rules, i); - memset (r, 0, sizeof (*r)); + clib_memset (r, 0, sizeof (*r)); r->is_permit = rules[i].is_permit; r->is_ipv6 = rules[i].is_ipv6; if (r->is_ipv6) @@ -418,7 +445,7 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[], { /* Get ACL index */ pool_get_aligned (am->acls, a, CLIB_CACHE_LINE_BYTES); - memset (a, 0, sizeof (*a)); + clib_memset (a, 0, sizeof (*a)); /* Will return the newly allocated ACL index */ *acl_list_index = a - am->acls; } @@ -1105,7 +1132,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) */ for (tags = 2; tags >= 0; tags--) { - memset (mask, 0, sizeof (mask)); + clib_memset (mask, 0, sizeof (mask)); /* source MAC address */ memcpy (&mask[6], mt->mac_mask, 6); @@ -1113,20 +1140,20 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) { case 0: default: - memset (&mask[12], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */ l3_offset = 14; last_tag_table = &mt->arp_table_index; break; case 1: - memset (&mask[12], 0xff, 2); /* VLAN tag1 */ - memset (&mask[16], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */ + clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */ l3_offset = 18; last_tag_table = &mt->arp_dot1q_table_index; break; case 2: - memset (&mask[12], 0xff, 2); /* VLAN tag1 */ - memset (&mask[16], 0xff, 2); /* VLAN tag2 */ - memset (&mask[20], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */ + clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */ + clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */ l3_offset = 22; last_tag_table = &mt->arp_dot1ad_table_index; break; @@ -1151,26 +1178,26 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) if (mt->has_egress) { /* egress ARP table */ - memset (mask, 0, sizeof (mask)); + clib_memset (mask, 0, sizeof (mask)); switch (tags) { case 0: default: - memset (&mask[12], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */ l3_offset = 14; out_last_tag_table = &mt->out_arp_table_index; break; case 1: - memset (&mask[12], 0xff, 2); /* VLAN tag1 */ - memset (&mask[16], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */ + clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */ l3_offset = 18; out_last_tag_table = &mt->out_arp_dot1q_table_index; break; case 2: - memset (&mask[12], 0xff, 2); /* VLAN tag1 */ - memset (&mask[16], 0xff, 2); /* VLAN tag2 */ - memset (&mask[20], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */ + clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */ + clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */ l3_offset = 22; out_last_tag_table = &mt->out_arp_dot1ad_table_index; break; @@ -1207,25 +1234,25 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) */ for (tags = 2; tags >= 0; tags--) { - memset (mask, 0, sizeof (mask)); + clib_memset (mask, 0, sizeof (mask)); memcpy (&mask[6], mt->mac_mask, 6); l3_src_offs = tags * 4 + get_l3_src_offset (is6); switch (tags) { case 0: default: - memset (&mask[12], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */ last_tag_table = &mt->table_index; break; case 1: - memset (&mask[12], 0xff, 2); /* VLAN tag1 */ - memset (&mask[16], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */ + clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */ last_tag_table = &mt->dot1q_table_index; break; case 2: - memset (&mask[12], 0xff, 2); /* VLAN tag1 */ - memset (&mask[16], 0xff, 2); /* VLAN tag2 */ - memset (&mask[20], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */ + clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */ + clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */ last_tag_table = &mt->dot1ad_table_index; break; } @@ -1253,7 +1280,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) { for (tags = 2; tags >= 0; tags--) { - memset (mask, 0, sizeof (mask)); + clib_memset (mask, 0, sizeof (mask)); /* MAC destination */ memcpy (&mask[0], mt->mac_mask, 6); l3_dst_offs = tags * 4 + get_l3_dst_offset (is6); @@ -1261,18 +1288,18 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) { case 0: default: - memset (&mask[12], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */ out_last_tag_table = &mt->out_table_index; break; case 1: - memset (&mask[12], 0xff, 2); /* VLAN tag1 */ - memset (&mask[16], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */ + clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */ out_last_tag_table = &mt->out_dot1q_table_index; break; case 2: - memset (&mask[12], 0xff, 2); /* VLAN tag1 */ - memset (&mask[16], 0xff, 2); /* VLAN tag2 */ - memset (&mask[20], 0xff, 2); /* ethernet protocol */ + clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */ + clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */ + clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */ out_last_tag_table = &mt->out_dot1ad_table_index; break; } @@ -1327,7 +1354,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) for (tags = 2; tags >= 0; tags--) { - memset (mask, 0, sizeof (mask)); + clib_memset (mask, 0, sizeof (mask)); l3_src_offs = tags * 4 + get_l3_src_offset (is6); memcpy (&mask[6], a->rules[i].src_mac, 6); switch (tags) @@ -1369,13 +1396,13 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) vnet_classify_add_del_session (cm, tag_table, mask, a->rules[i].is_permit ? ~0 : 0, i, 0, action, metadata, 1); - memset (&mask[12], 0, sizeof (mask) - 12); + clib_memset (&mask[12], 0, sizeof (mask) - 12); } /* add ARP table entry too */ if (!is6 && (mvec[match_type_index].arp_table_index != ~0)) { - memset (mask, 0, sizeof (mask)); + clib_memset (mask, 0, sizeof (mask)); memcpy (&mask[6], a->rules[i].src_mac, 6); for (tags = 2; tags >= 0; tags--) @@ -1422,7 +1449,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) /* Add the egress entry with destination set */ for (tags = 2; tags >= 0; tags--) { - memset (mask, 0, sizeof (mask)); + clib_memset (mask, 0, sizeof (mask)); l3_dst_offs = tags * 4 + get_l3_dst_offset (is6); /* src mac in the other direction becomes dst */ memcpy (&mask[0], a->rules[i].src_mac, 6); @@ -1468,7 +1495,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) mask, a->rules[i].is_permit ? ~0 : 0, i, 0, action, metadata, 1); - // memset (&mask[12], 0, sizeof (mask) - 12); + // clib_memset (&mask[12], 0, sizeof (mask) - 12); } /* add ARP table entry too */ @@ -1476,7 +1503,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) { for (tags = 2; tags >= 0; tags--) { - memset (mask, 0, sizeof (mask)); + clib_memset (mask, 0, sizeof (mask)); switch (tags) { case 0: @@ -1644,7 +1671,7 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[], { /* Get ACL index */ pool_get_aligned (am->macip_acls, a, CLIB_CACHE_LINE_BYTES); - memset (a, 0, sizeof (*a)); + clib_memset (a, 0, sizeof (*a)); /* Will return the newly allocated ACL index */ *acl_list_index = a - am->macip_acls; } @@ -1980,7 +2007,7 @@ send_acl_details (acl_main_t * am, vl_api_registration_t * reg, void *oldheap = acl_set_heap (am); mp = vl_msg_api_alloc (msg_size); - memset (mp, 0, msg_size); + clib_memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_ACL_DETAILS + am->msg_id_base); /* fill in the message */ @@ -2066,7 +2093,7 @@ send_acl_interface_list_details (acl_main_t * am, msg_size += sizeof (mp->acls[0]) * count; mp = vl_msg_api_alloc (msg_size); - memset (mp, 0, msg_size); + clib_memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_ACL_INTERFACE_LIST_DETAILS + am->msg_id_base); @@ -2218,7 +2245,7 @@ send_macip_acl_details (acl_main_t * am, vl_api_registration_t * reg, int msg_size = sizeof (*mp) + (acl ? sizeof (mp->r[0]) * acl->count : 0); mp = vl_msg_api_alloc (msg_size); - memset (mp, 0, msg_size); + clib_memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_DETAILS + am->msg_id_base); /* fill in the message */ @@ -2308,7 +2335,7 @@ vl_api_macip_acl_interface_get_t_handler (vl_api_macip_acl_interface_get_t * return; rmp = vl_msg_api_alloc (msg_size); - memset (rmp, 0, msg_size); + clib_memset (rmp, 0, msg_size); rmp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_INTERFACE_GET_REPLY + am->msg_id_base); rmp->context = mp->context; @@ -2332,7 +2359,7 @@ send_macip_acl_interface_list_details (acl_main_t * am, int msg_size = sizeof (*rmp) + sizeof (rmp->acls[0]); rmp = vl_msg_api_alloc (msg_size); - memset (rmp, 0, msg_size); + clib_memset (rmp, 0, msg_size); rmp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_INTERFACE_LIST_DETAILS + am->msg_id_base); @@ -2448,7 +2475,7 @@ send_acl_interface_etype_whitelist_details (acl_main_t * am, msg_size += sizeof (mp->whitelist[0]) * count; mp = vl_msg_api_alloc (msg_size); - memset (mp, 0, msg_size); + clib_memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_ACL_INTERFACE_ETYPE_WHITELIST_DETAILS + am->msg_id_base); @@ -3470,12 +3497,12 @@ acl_plugin_config (vlib_main_t * vm, unformat_input_t * input) { acl_main_t *am = &acl_main; u32 conn_table_hash_buckets; - u32 conn_table_hash_memory_size; + uword conn_table_hash_memory_size; u32 conn_table_max_entries; uword main_heap_size; uword hash_heap_size; u32 hash_lookup_hash_buckets; - u32 hash_lookup_hash_memory; + uword hash_lookup_hash_memory; u32 reclassify_sessions; u32 use_tuple_merge; u32 tuple_merge_split_threshold; @@ -3485,8 +3512,10 @@ acl_plugin_config (vlib_main_t * vm, unformat_input_t * input) if (unformat (input, "connection hash buckets %d", &conn_table_hash_buckets)) am->fa_conn_table_hash_num_buckets = conn_table_hash_buckets; - else if (unformat (input, "connection hash memory %d", - &conn_table_hash_memory_size)) + else + if (unformat + (input, "connection hash memory %U", unformat_memory_size, + &conn_table_hash_memory_size)) am->fa_conn_table_hash_memory_size = conn_table_hash_memory_size; else if (unformat (input, "connection count max %d", &conn_table_max_entries)) @@ -3504,8 +3533,10 @@ acl_plugin_config (vlib_main_t * vm, unformat_input_t * input) else if (unformat (input, "hash lookup hash buckets %d", &hash_lookup_hash_buckets)) am->hash_lookup_hash_buckets = hash_lookup_hash_buckets; - else if (unformat (input, "hash lookup hash memory %d", - &hash_lookup_hash_memory)) + else + if (unformat + (input, "hash lookup hash memory %U", unformat_memory_size, + &hash_lookup_hash_memory)) am->hash_lookup_hash_memory = hash_lookup_hash_memory; else if (unformat (input, "use tuple merge %d", &use_tuple_merge)) am->use_tuple_merge = use_tuple_merge; @@ -3533,7 +3564,7 @@ acl_init (vlib_main_t * vm) { acl_main_t *am = &acl_main; clib_error_t *error = 0; - memset (am, 0, sizeof (*am)); + clib_memset (am, 0, sizeof (*am)); am->vlib_main = vm; am->vnet_main = vnet_get_main (); am->log_default = vlib_log_register_class ("acl_plugin", 0);