16 #include <netinet/in.h> 61 return (
format (s,
"l3 %U -> %U" 62 " l4 lsb_of_sw_if_index %d proto %d l4_is_input %d l4_slow_path %d l4_reserved0 %d port %d -> %d | sess id %d thread id %d epoch %04x",
81 return (
format (s,
"l3 %U -> %U" 82 " l4 lsb_of_sw_if_index %d proto %d l4_is_input %d l4_slow_path %d l4_reserved0 %d port %d -> %d | sess id %d thread id %d epoch %04x",
115 "ACL plugin FA IPv6 session bihash",
122 "ACL plugin FA IPv4 session bihash",
155 u16 thread_index,
int timeout_type)
162 u64 now,
u16 thread_index,
u32 session_index)
169 return (timeout_time < now)
184 int total_expired = 0;
188 int n_pending_swipes = 0;
192 while (n_expired < am->fa_max_deleted_sessions_per_interval)
203 "acl_fa_check_idle_sessions: expire session %d in list %d on thread %d",
205 (
u32) tt, (
u32) thread_index);
221 if (n_pending_swipes == 0)
236 u64 sess_timeout_time =
238 int timeout_passed = (now >= sess_timeout_time);
239 int clearing_interface =
244 "acl_fa_check_idle_sessions: session %d sw_if_index %d timeout_passed %d clearing_interface %d",
247 (
u32) timeout_passed,
248 (
u32) clearing_interface);
250 if (timeout_passed || clearing_interface)
257 "acl_fa_check_idle_sessions: deleted session %d sw_if_index %d",
270 "acl_fa_check_idle_sessions: session %d sw_if_index %d marked as deleted, put to purgatory",
282 "acl_fa_check_idle_sessions: restart timer for session %d sw_if_index %d",
309 "acl_fa_check_idle_sessions: done, total sessions expired: %d",
310 "i4", (
u32) total_expired);
311 return (total_expired);
322 #define foreach_acl_fa_cleaner_error \ 323 _(UNKNOWN_EVENT, "unknown event received") \ 328 #define _(sym,str) ACL_FA_CLEANER_ERROR_##sym, 335 #define _(sym,string) string, 356 "send_one_worker_interrupt: send interrupt to worker %u",
357 "i4", ((
u32) thread_index));
391 "acl_fa_worker_conn_cleaner interrupt: now %lu",
414 "acl_fa_worker_conn_cleaner: now %lu, someone tried to call clear but one of the bitmaps are empty",
420 #ifdef FA_NODE_VERBOSE_DEBUG 422 (
"WORKER-CLEAR: (before and) swiping sw-if-index bitmap: %U, my serviced bitmap %U",
435 "acl_fa_worker_conn_cleaner: now %lu, clearing done, nothing to do",
442 #ifdef FA_NODE_VERBOSE_DEBUG 444 (
"WORKER-CLEAR: swiping sw-if-index bitmap: %U, my serviced bitmap %U",
449 "acl_fa_worker_conn_cleaner: swiping until %lu",
459 "acl_fa_worker_conn_cleaner: checked %d sessions (clear_in_process: %d)",
460 "i4i4", (
u32) num_expired,
470 "acl_fa_worker_conn_cleaner: now %lu, clearing done - all done",
476 "acl_fa_worker_conn_cleaner: now %lu, more work to do - requesting interrupt",
499 "acl_fa_worker_conn_cleaner: now %lu, interrupt needed: %u, interrupt unwanted: %u",
518 for (i = 0; i < n_threads; i++)
534 u64 max_timer_wait_interval = cpu_cps / 2;
535 uword event_type, *event_data = 0;
545 int has_pending_conns = 0;
571 "acl_fa_session_cleaner_process: now %lu, worker: %u tt: %u",
572 "i8i2i2", now, ti, tt);
574 "acl_fa_session_cleaner_process: head expiry: %lu, is earlier than curr next expire: %lu",
575 "i8i8", head_expiry, next_expire);
576 next_expire = head_expiry;
580 has_pending_conns = 1;
588 am->fa_cleaner_cnt_wait_without_timeout++;
590 "acl_conn_cleaner: now %lu entering wait without timeout",
597 f64 timeout = ((
i64) next_expire - (
i64) now) / cpu_cps;
605 am->fa_cleaner_cnt_wait_with_timeout++;
607 "acl_conn_cleaner: now %lu entering wait with timeout %.6f sec",
608 "i8f8", now, timeout);
624 uword *clear_sw_if_index_bitmap = 0;
629 "acl_fa_session_cleaner_process: now %lu, received ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX",
633 am->fa_cleaner_cnt_delete_by_sw_index++;
635 "acl_fa_session_cleaner_process: ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX %u",
636 "i4", *sw_if_index0);
637 if (*sw_if_index0 == ~0)
647 clear_sw_if_index_bitmap =
654 (
"ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX bitmap: %U, clear_all: %u",
663 "ACL_FA_NODE_CLEAN: waiting previous cleaning cycle to finish on %u",
676 (
"ERROR-BUG! Could not initiate cleaning on worker because another cleanup in progress");
692 (
"ACL_FA_CLEANER: thread %u, pending clear bitmap: %U",
702 acl_log_err (
"CLEANER mains len: %u per-worker len: %d",
711 "ACL_FA_NODE_CLEAN: waiting for my cleaning cycle to finish on %u",
725 am->fa_cleaner_cnt_delete_by_sw_index_ok++;
728 #ifdef FA_NODE_VERBOSE_DEBUG 729 clib_warning (
"ACL plugin connection cleaner: unknown event %u",
735 ACL_FA_CLEANER_ERROR_UNKNOWN_EVENT, 1);
736 am->fa_cleaner_cnt_unknown_event++;
743 _vec_len (event_data) = 0;
749 int need_more_wait = 0;
750 int max_wait_cycles = 100;
766 while (need_more_wait && (--max_wait_cycles > 0));
768 int interrupts_needed = 0;
769 int interrupts_unwanted = 0;
780 interrupts_unwanted++;
784 if (interrupts_needed)
791 else if (interrupts_unwanted)
795 max_timer_wait_interval)
799 am->fa_cleaner_cnt_event_cycles++;
831 sw_if_index, enable_disable, 0, 0);
833 sw_if_index, enable_disable, 0, 0);
845 sw_if_index, enable_disable, 0, 0);
847 sw_if_index, enable_disable, 0, 0);
856 #ifdef FA_NODE_VERBOSE_DEBUG 857 clib_warning (
"ENABLE-DISABLE: clean the connections on interface %d",
885 "\nSession lookup hash table is not allocated.\n\n");
894 .name =
"acl-plugin-fa-worker-cleaner-process",
896 .state = VLIB_NODE_STATE_INTERRUPT,
902 .name =
"acl-plugin-fa-cleaner-process",
static void send_interrupts_to_workers(vlib_main_t *vm, acl_main_t *am)
static void send_one_worker_interrupt(vlib_main_t *vm, acl_main_t *am, int thread_index)
static vlib_node_registration_t acl_fa_worker_session_cleaner_process_node
(constructor) VLIB_REGISTER_NODE (acl_fa_worker_session_cleaner_process_node)
u32 fa_cleaner_node_index
u32 session_timeout_sec[ACL_N_TIMEOUTS]
static u8 * format_bitmap_hex(u8 *s, va_list *args)
Format a bitmap as a string of hex bytes.
uword * fa_out_acl_on_sw_if_index
void acl_fa_enable_disable(u32 sw_if_index, int is_input, int enable_disable)
static u64 fa_session_get_list_timeout(acl_main_t *am, fa_session_t *sess)
#define FA_SESSION_BOGUS_INDEX
uword * pending_clear_sw_if_index_bitmap
static int acl_fa_conn_list_delete_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
static f64 vlib_process_wait_for_event_or_clock(vlib_main_t *vm, f64 dt)
Suspend a cooperative multi-tasking thread Waits for an event, or for the indicated number of seconds...
u64 fa_current_cleaner_timer_wait_interval
static void acl_fa_verify_init_sessions(acl_main_t *am)
static uword * vlib_process_wait_for_event(vlib_main_t *vm)
clib_bihash_40_8_t fa_ip6_sessions_hash
vnet_interface_main_t interface_main
uword * fa_in_acl_on_sw_if_index
static void vlib_node_set_interrupt_pending(vlib_main_t *vm, u32 node_index)
static void acl_fa_conn_list_add_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
#define foreach_acl_fa_cleaner_error
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
static u64 clib_cpu_time_now(void)
void show_fa_sessions_hash(vlib_main_t *vm, u32 verbose)
static int acl_fa_two_stage_delete_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id, u64 now)
static u64 fa_session_get_shortest_timeout(acl_main_t *am)
static uword * clib_bitmap_set(uword *ai, uword i, uword value)
Sets the ith bit of a bitmap to new_value Removes trailing zeros from the bitmap. ...
fa_session_t * fa_sessions_pool
static vlib_node_registration_t acl_fa_session_cleaner_process_node
(constructor) VLIB_REGISTER_NODE (acl_fa_session_cleaner_process_node)
vlib_main_t ** vlib_mains
#define clib_bitmap_zero(v)
Clear a bitmap.
static char * acl_fa_cleaner_error_strings[]
#define clib_bitmap_dup(v)
Duplicate a bitmap.
static u8 * format_ip4_session_bihash_kv(u8 *s, va_list *args)
f64 fa_cleaner_wait_time_increment
static fa_session_t * get_session_ptr(acl_main_t *am, u16 thread_index, u32 session_index)
static uword vlib_process_suspend(vlib_main_t *vm, f64 dt)
Suspend a vlib cooperative multi-tasking thread for a period of time.
uword fa_conn_table_hash_memory_size
static int acl_fa_ifc_has_in_acl(acl_main_t *am, int sw_if_index0)
static uword vlib_process_get_events(vlib_main_t *vm, uword **data_vector)
Return the first event type which has occurred and a vector of per-event data of that type...
u64 fa_conn_table_max_entries
static uword clib_bitmap_is_zero(uword *ai)
predicate function; is an entire bitmap empty?
u64 cnt_session_timer_restarted
static uword acl_fa_worker_conn_cleaner_process(vlib_main_t *vm, vlib_node_runtime_t *rt, vlib_frame_t *f)
static u8 * format_ip6_session_bihash_kv(u8 *s, va_list *args)
static void vlib_process_signal_event(vlib_main_t *vm, uword node_index, uword type_opaque, uword data)
#define elog_acl_maybe_trace_X4(am, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1,acl_elog_val2, acl_elog_val3, acl_elog_val4)
static int acl_fa_check_idle_sessions(acl_main_t *am, u16 thread_index, u64 now)
int interrupt_is_unwanted
u32 fa_total_enabled_count
u64 * fa_conn_list_head_expiry_time
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
static int purgatory_has_connections(vlib_main_t *vm, acl_main_t *am, int thread_index)
static u64 fa_session_get_timeout(acl_main_t *am, fa_session_t *sess)
#define VLIB_REGISTER_NODE(x,...)
#define elog_acl_maybe_trace_X3(am, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1,acl_elog_val2, acl_elog_val3)
clib_bihash_kv_40_8_t kv_40_8
static void * clib_mem_set_heap(void *heap)
#define clib_warning(format, args...)
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
static uword clib_bitmap_get(uword *ai, uword i)
Gets the ith bit value from a bitmap.
#define pool_init_fixed(pool, max_elts)
initialize a fixed-size, preallocated pool
#define clib_bitmap_free(v)
Free a bitmap.
clib_bihash_kv_16_8_t kv_16_8
uword * serviced_sw_if_index_bitmap
#define elog_acl_maybe_trace_X1(am, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1)
struct _vlib_node_registration vlib_node_registration_t
static int acl_fa_conn_time_to_check(acl_main_t *am, acl_fa_per_worker_data_t *pw, u64 now, u16 thread_index, u32 session_index)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
acl_fa_per_worker_data_t * per_worker_data
vnet_sw_interface_t * sw_interfaces
int fa_interrupt_generation
u64 cnt_already_deleted_sessions
static uword acl_fa_session_cleaner_process(vlib_main_t *vm, vlib_node_runtime_t *rt, vlib_frame_t *f)
static_always_inline uword os_get_thread_index(void)
#define elog_acl_maybe_trace_X2(am, acl_elog_trace_format_label, acl_elog_trace_format_args,acl_elog_val1, acl_elog_val2)
#define vec_foreach(var, vec)
Vector iterator.
#define CLIB_MEMORY_BARRIER()
static u64 acl_fa_get_list_head_expiry_time(acl_main_t *am, acl_fa_per_worker_data_t *pw, u64 now, u16 thread_index, int timeout_type)
ip4_address_t ip4_addr[2]
clib_bihash_16_8_t fa_ip4_sessions_hash
static int acl_fa_ifc_has_out_acl(acl_main_t *am, int sw_if_index0)
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
int fa_sessions_hash_is_initialized
static uword * clib_bitmap_and(uword *ai, uword *bi)
Logical operator across two bitmaps.
int vnet_feature_enable_disable(const char *arc_name, const char *node_name, u32 sw_if_index, int enable_disable, void *feature_config, u32 n_feature_config_bytes)
u32 fa_conn_table_hash_num_buckets
ip6_address_t ip6_addr[2]
foreach_fa_cleaner_counter vlib_main_t * vlib_main