FD.io VPP  v18.07-rc0-415-g6c78436
Vector Packet Processing
session_inlines.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 
17 /* ICMPv4 invert type for stateful ACL */
18 static const u8 icmp4_invmap[] = {
19  [ICMP4_echo_reply] = ICMP4_echo_request + 1,
20  [ICMP4_timestamp_reply] = ICMP4_timestamp_request + 1,
21  [ICMP4_information_reply] = ICMP4_information_request + 1,
22  [ICMP4_address_mask_reply] = ICMP4_address_mask_request + 1
23 };
24 
25 /* Supported ICMPv4 messages for session creation */
26 static const u8 icmp4_valid_new[] = {
27  [ICMP4_echo_request] = 1,
28  [ICMP4_timestamp_request] = 1,
29  [ICMP4_information_request] = 1,
30  [ICMP4_address_mask_request] = 1
31 };
32 
33 /* ICMPv6 invert type for stateful ACL */
34 static const u8 icmp6_invmap[] = {
35  [ICMP6_echo_reply - 128] = ICMP6_echo_request + 1,
36  [ICMP6_node_information_response - 128] = ICMP6_node_information_request + 1
37 };
38 
39 /* Supported ICMPv6 messages for session creation */
40 static const u8 icmp6_valid_new[] = {
41  [ICMP6_echo_request - 128] = 1,
42  [ICMP6_node_information_request - 128] = 1
43 };
44 
45 /* IP4 and IP6 protocol numbers of ICMP */
46 static u8 icmp_protos[] = { IP_PROTOCOL_ICMP, IP_PROTOCOL_ICMP6 };
47 
48 
49 
50 always_inline int
51 acl_fa_ifc_has_sessions (acl_main_t * am, int sw_if_index0)
52 {
54 }
55 
56 always_inline int
57 acl_fa_ifc_has_in_acl (acl_main_t * am, int sw_if_index0)
58 {
59  int it_has = clib_bitmap_get (am->fa_in_acl_on_sw_if_index, sw_if_index0);
60  return it_has;
61 }
62 
63 always_inline int
64 acl_fa_ifc_has_out_acl (acl_main_t * am, int sw_if_index0)
65 {
66  int it_has = clib_bitmap_get (am->fa_out_acl_on_sw_if_index, sw_if_index0);
67  return it_has;
68 }
69 
70 always_inline int
72 {
73  /* seen both SYNs and ACKs but not FINs means we are in establshed state */
74  u16 masked_flags =
77  switch (sess->info.l4.proto)
78  {
79  case IPPROTO_TCP:
80  if (((TCP_FLAGS_ACKSYN << 8) + TCP_FLAGS_ACKSYN) == masked_flags)
81  {
82  return ACL_TIMEOUT_TCP_IDLE;
83  }
84  else
85  {
87  }
88  break;
89  case IPPROTO_UDP:
90  return ACL_TIMEOUT_UDP_IDLE;
91  break;
92  default:
93  return ACL_TIMEOUT_UDP_IDLE;
94  }
95 }
96 
97 /*
98  * Get the idle timeout of a session.
99  */
100 
103 {
104  u64 timeout = (am->vlib_main->clib_time.clocks_per_second);
105  if (sess->link_list_id == ACL_TIMEOUT_PURGATORY)
106  {
107  timeout /= (1000000 / SESSION_PURGATORY_TIMEOUT_USEC);
108  }
109  else
110  {
111  int timeout_type = fa_session_get_timeout_type (am, sess);
112  timeout *= am->session_timeout_sec[timeout_type];
113  }
114  return timeout;
115 }
116 
117 
118 
120 get_session_ptr (acl_main_t * am, u16 thread_index, u32 session_index)
121 {
122  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
123  if (session_index > vec_len (pw->fa_sessions_pool))
124  {
125  return 0;
126  }
127 
128  fa_session_t *sess = (session_index > vec_len (pw->fa_sessions_pool)) ? 0 :
130  session_index);
131  return sess;
132 }
133 
134 always_inline int
135 is_valid_session_ptr (acl_main_t * am, u16 thread_index, fa_session_t * sess)
136 {
137  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
138  return ((sess != 0)
139  && ((sess - pw->fa_sessions_pool) <
140  pool_len (pw->fa_sessions_pool)));
141 }
142 
143 always_inline void
145  u64 now)
146 {
147  fa_session_t *sess =
148  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
149  u8 list_id =
151  sess);
152  uword thread_index = os_get_thread_index ();
153  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
154  /* the retrieved session thread index must be necessarily the same as the one in the key */
155  ASSERT (sess->thread_index == sess_id.thread_index);
156  /* the retrieved session thread index must be the same as current thread */
157  ASSERT (sess->thread_index == thread_index);
158  sess->link_enqueue_time = now;
159  sess->link_list_id = list_id;
161  sess->link_prev_idx = pw->fa_conn_list_tail[list_id];
162  if (FA_SESSION_BOGUS_INDEX != pw->fa_conn_list_tail[list_id])
163  {
164  fa_session_t *prev_sess =
165  get_session_ptr (am, thread_index, pw->fa_conn_list_tail[list_id]);
166  prev_sess->link_next_idx = sess_id.session_index;
167  /* We should never try to link with a session on another thread */
168  ASSERT (prev_sess->thread_index == sess->thread_index);
169  }
170  pw->fa_conn_list_tail[list_id] = sess_id.session_index;
171 
172 #ifdef FA_NODE_VERBOSE_DEBUG
174  ("FA-SESSION-DEBUG: add session id %d on thread %d sw_if_index %d",
175  sess_id.session_index, thread_index, sess->sw_if_index);
176 #endif
179 
180  if (FA_SESSION_BOGUS_INDEX == pw->fa_conn_list_head[list_id])
181  {
182  pw->fa_conn_list_head[list_id] = sess_id.session_index;
183  /* set the head expiry time because it is the first element */
184  pw->fa_conn_list_head_expiry_time[list_id] =
185  now + fa_session_get_timeout (am, sess);
186  }
187 }
188 
189 static int
191  fa_full_session_id_t sess_id, u64 now)
192 {
193  uword thread_index = os_get_thread_index ();
194  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
195  if (thread_index != sess_id.thread_index)
196  {
197  /* If another thread attempts to delete the session, fail it. */
198 #ifdef FA_NODE_VERBOSE_DEBUG
199  clib_warning ("thread id in key %d != curr thread index, not deleting");
200 #endif
201  return 0;
202  }
203  fa_session_t *sess =
204  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
205  u64 next_expiry_time = ~0ULL;
206  /* we should never try to delete the session with another thread index */
207  if (sess->thread_index != os_get_thread_index ())
208  {
209  clib_error
210  ("Attempting to delete session belonging to thread %d by thread %d",
211  sess->thread_index, thread_index);
212  }
214  {
215  fa_session_t *prev_sess =
216  get_session_ptr (am, thread_index, sess->link_prev_idx);
217  /* the previous session must be in the same list as this one */
218  ASSERT (prev_sess->link_list_id == sess->link_list_id);
219  prev_sess->link_next_idx = sess->link_next_idx;
220  }
222  {
223  fa_session_t *next_sess =
224  get_session_ptr (am, thread_index, sess->link_next_idx);
225  /* The next session must be in the same list as the one we are deleting */
226  ASSERT (next_sess->link_list_id == sess->link_list_id);
227  next_sess->link_prev_idx = sess->link_prev_idx;
228  next_expiry_time = now + fa_session_get_timeout (am, next_sess);
229  }
230  if (pw->fa_conn_list_head[sess->link_list_id] == sess_id.session_index)
231  {
232  pw->fa_conn_list_head[sess->link_list_id] = sess->link_next_idx;
234  next_expiry_time;
235  }
236  if (pw->fa_conn_list_tail[sess->link_list_id] == sess_id.session_index)
237  {
238  pw->fa_conn_list_tail[sess->link_list_id] = sess->link_prev_idx;
239  }
240  return 1;
241 }
242 
243 always_inline int
245  fa_full_session_id_t sess_id)
246 {
247  if (acl_fa_conn_list_delete_session (am, sess_id, now))
248  {
249  acl_fa_conn_list_add_session (am, sess_id, now);
250  return 1;
251  }
252  else
253  {
254  /*
255  * Our thread does not own this connection, so we can not delete
256  * The session. To avoid the complicated signaling, we simply
257  * pick the list waiting time to be the shortest of the timeouts.
258  * This way we do not have to do anything special, and let
259  * the regular requeue check take care of everything.
260  */
261  return 0;
262  }
263 }
264 
265 always_inline int
267 {
268  return (p5t->l3_zero_pad[0] | p5t->
269  l3_zero_pad[1] | p5t->l3_zero_pad[2] | p5t->l3_zero_pad[3] | p5t->
270  l3_zero_pad[4] | p5t->l3_zero_pad[5]) != 0;
271 }
272 
273 
274 
275 
277 acl_fa_track_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
278  fa_session_t * sess, fa_5tuple_t * pkt_5tuple)
279 {
280  sess->last_active_time = now;
281  if (pkt_5tuple->pkt.tcp_flags_valid)
282  {
283  sess->tcp_flags_seen.as_u8[is_input] |= pkt_5tuple->pkt.tcp_flags;
284  }
285  return 3;
286 }
287 
289 reverse_l4_u64_fastpath (u64 l4, int is_ip6)
290 {
291  fa_session_l4_key_t l4i = {.as_u64 = l4 };
293 
294  l4o.port[1] = l4i.port[0];
295  l4o.port[0] = l4i.port[1];
296 
298  l4o.is_input = 1 - l4i.is_input;
299  return l4o.as_u64;
300 }
301 
303 reverse_l4_u64_slowpath (u64 l4, int is_ip6)
304 {
305  fa_session_l4_key_t l4i = {.as_u64 = l4 };
307 
308  if (l4i.proto == icmp_protos[is_ip6])
309  {
310  static const u8 *icmp_invmap[] = { icmp4_invmap, icmp6_invmap };
311  static const u8 *icmp_valid_new[] =
313  static const u8 icmp_invmap_size[] = { sizeof (icmp4_invmap),
314  sizeof (icmp6_invmap)
315  };
316  static const u8 icmp_valid_new_size[] = { sizeof (icmp4_valid_new),
317  sizeof (icmp6_valid_new)
318  };
319  int type = is_ip6 ? l4i.port[0] - 128 : l4i.port[0];
320 
322  l4o.port[0] = l4i.port[0];
323  l4o.port[1] = l4i.port[1];
324 
325 
326  /*
327  * ONLY ICMP messages defined in icmp4_valid_new/icmp6_valid_new table
328  * are allowed to create stateful ACL.
329  * The other messages will be forwarded without creating a reverse session.
330  */
331 
332  if (type >= 0 && (type <= icmp_valid_new_size[is_ip6])
333  && (icmp_valid_new[is_ip6][type])
334  && (type <= icmp_invmap_size[is_ip6]) && icmp_invmap[is_ip6][type])
335  {
336  /*
337  * we set the inverse direction and correct the port,
338  * if it is okay to add the reverse session.
339  * If not, then the same session will be added twice
340  * to bihash, which is the same as adding just one session.
341  */
342  l4o.is_input = 1 - l4i.is_input;
343  l4o.port[0] = icmp_invmap[is_ip6][type] - 1;
344  }
345 
346  return l4o.as_u64;
347  }
348  else
349  return reverse_l4_u64_fastpath (l4, is_ip6);
350 }
351 
353 reverse_l4_u64 (u64 l4, int is_ip6)
354 {
355  fa_session_l4_key_t l4i = {.as_u64 = l4 };
356 
357  if (PREDICT_FALSE (l4i.is_slowpath))
358  {
359  return reverse_l4_u64_slowpath (l4, is_ip6);
360  }
361  else
362  {
363  return reverse_l4_u64_fastpath (l4, is_ip6);
364  }
365 }
366 
367 always_inline void
369  clib_bihash_kv_40_8_t * pkv, int is_add)
370 {
372  kv2.key[0] = pkv->key[2];
373  kv2.key[1] = pkv->key[3];
374  kv2.key[2] = pkv->key[0];
375  kv2.key[3] = pkv->key[1];
376  /* the last u64 needs special treatment (ports, etc.) */
377  kv2.key[4] = reverse_l4_u64 (pkv->key[4], 1);
378  kv2.value = pkv->value;
379  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash, &kv2, is_add);
380 }
381 
382 always_inline void
384  clib_bihash_kv_16_8_t * pkv, int is_add)
385 {
387  kv2.key[0] =
388  ((pkv->key[0] & 0xffffffff) << 32) | ((pkv->key[0] >> 32) & 0xffffffff);
389  /* the last u64 needs special treatment (ports, etc.) */
390  kv2.key[1] = reverse_l4_u64 (pkv->key[1], 0);
391  kv2.value = pkv->value;
392  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash, &kv2, is_add);
393 }
394 
395 always_inline void
397  fa_full_session_id_t sess_id)
398 {
399  fa_session_t *sess =
400  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
402  if (sess->is_ip6)
403  {
404  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash,
405  &sess->info.kv_40_8, 0);
406  reverse_session_add_del_ip6 (am, &sess->info.kv_40_8, 0);
407  }
408  else
409  {
410  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash,
411  &sess->info.kv_16_8, 0);
412  reverse_session_add_del_ip4 (am, &sess->info.kv_16_8, 0);
413  }
414 
415  sess->deleted = 1;
417 }
418 
419 always_inline void
420 acl_fa_put_session (acl_main_t * am, u32 sw_if_index,
421  fa_full_session_id_t sess_id)
422 {
423  if (sess_id.thread_index != os_get_thread_index ())
424  {
425  clib_error
426  ("Attempting to delete session belonging to thread %d by thread %d",
427  sess_id.thread_index, os_get_thread_index ());
428  }
429  void *oldheap = clib_mem_set_heap (am->acl_mheap);
432  /* Deleting from timer structures not needed,
433  as the caller must have dealt with the timers. */
434  vec_validate (pw->fa_session_dels_by_sw_if_index, sw_if_index);
435  clib_mem_set_heap (oldheap);
438 }
439 
440 always_inline int
442  fa_full_session_id_t sess_id, u64 now)
443 {
444  fa_session_t *sess =
445  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
446  if (sess->deleted)
447  {
448  acl_fa_put_session (am, sw_if_index, sess_id);
449  return 1;
450  }
451  else
452  {
453  acl_fa_deactivate_session (am, sw_if_index, sess_id);
454  acl_fa_conn_list_add_session (am, sess_id, now);
455  return 0;
456  }
457 }
458 
459 always_inline int
460 acl_fa_can_add_session (acl_main_t * am, int is_input, u32 sw_if_index)
461 {
462  u64 curr_sess_count;
463  curr_sess_count = am->fa_session_total_adds - am->fa_session_total_dels;
464  return (curr_sess_count + vec_len (vlib_mains) <
466 }
467 
468 
469 always_inline void
470 acl_fa_try_recycle_session (acl_main_t * am, int is_input, u16 thread_index,
471  u32 sw_if_index, u64 now)
472 {
473  /* try to recycle a TCP transient session */
474  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
475  fa_full_session_id_t volatile sess_id;
476  int n_recycled = 0;
477 
478  /* clean up sessions from purgatory, if we can */
480  while ((FA_SESSION_BOGUS_INDEX != sess_id.session_index)
481  && n_recycled < am->fa_max_deleted_sessions_per_interval)
482  {
483  sess_id.thread_index = thread_index;
484  fa_session_t *sess =
485  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
486  if (sess->link_enqueue_time + fa_session_get_timeout (am, sess) < now)
487  {
488  acl_fa_conn_list_delete_session (am, sess_id, now);
489  /* interface that needs the sessions may not be the interface of the session. */
490  acl_fa_put_session (am, sess->sw_if_index, sess_id);
491  n_recycled++;
492  }
493  else
494  break; /* too early to try to recycle from here, bail out */
496  }
498  if (FA_SESSION_BOGUS_INDEX != sess_id.session_index)
499  {
500  sess_id.thread_index = thread_index;
501  acl_fa_conn_list_delete_session (am, sess_id, now);
502  acl_fa_deactivate_session (am, sw_if_index, sess_id);
503  /* this goes to purgatory list */
504  acl_fa_conn_list_add_session (am, sess_id, now);
505  }
506 }
507 
508 
510 acl_fa_add_session (acl_main_t * am, int is_input, int is_ip6,
511  u32 sw_if_index, u64 now, fa_5tuple_t * p5tuple,
512  u16 current_policy_epoch)
513 {
514  fa_full_session_id_t f_sess_id;
515  uword thread_index = os_get_thread_index ();
516  void *oldheap = clib_mem_set_heap (am->acl_mheap);
517  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
518 
519  f_sess_id.thread_index = thread_index;
520  fa_session_t *sess;
521 
522  if (f_sess_id.as_u64 == ~0)
523  {
524  clib_error ("Adding session with invalid value");
525  }
526 
528  f_sess_id.session_index = sess - pw->fa_sessions_pool;
529  f_sess_id.intf_policy_epoch = current_policy_epoch;
530 
531  if (is_ip6)
532  {
533  sess->info.kv_40_8.key[0] = p5tuple->kv_40_8.key[0];
534  sess->info.kv_40_8.key[1] = p5tuple->kv_40_8.key[1];
535  sess->info.kv_40_8.key[2] = p5tuple->kv_40_8.key[2];
536  sess->info.kv_40_8.key[3] = p5tuple->kv_40_8.key[3];
537  sess->info.kv_40_8.key[4] = p5tuple->kv_40_8.key[4];
538  sess->info.kv_40_8.value = f_sess_id.as_u64;
539  }
540  else
541  {
542  sess->info.kv_16_8.key[0] = p5tuple->kv_16_8.key[0];
543  sess->info.kv_16_8.key[1] = p5tuple->kv_16_8.key[1];
544  sess->info.kv_16_8.value = f_sess_id.as_u64;
545  }
546 
547  sess->last_active_time = now;
548  sess->sw_if_index = sw_if_index;
549  sess->tcp_flags_seen.as_u16 = 0;
550  sess->thread_index = thread_index;
554  sess->deleted = 0;
555  sess->is_ip6 = is_ip6;
556 
557  acl_fa_conn_list_add_session (am, f_sess_id, now);
558 
560  if (is_ip6)
561  {
562  reverse_session_add_del_ip6 (am, &sess->info.kv_40_8, 1);
563  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash,
564  &sess->info.kv_40_8, 1);
565  }
566  else
567  {
568  reverse_session_add_del_ip4 (am, &sess->info.kv_16_8, 1);
569  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash,
570  &sess->info.kv_16_8, 1);
571  }
572 
573  vec_validate (pw->fa_session_adds_by_sw_if_index, sw_if_index);
574  clib_mem_set_heap (oldheap);
577  return sess;
578 }
579 
580 always_inline int
581 acl_fa_find_session (acl_main_t * am, int is_ip6, u32 sw_if_index0,
582  fa_5tuple_t * p5tuple, u64 * pvalue_sess)
583 {
584  int res = 0;
585  if (is_ip6)
586  {
587  clib_bihash_kv_40_8_t kv_result;
588  res = (clib_bihash_search_inline_2_40_8
589  (&am->fa_ip6_sessions_hash, &p5tuple->kv_40_8, &kv_result) == 0);
590  *pvalue_sess = kv_result.value;
591  }
592  else
593  {
594  clib_bihash_kv_16_8_t kv_result;
595  res = (clib_bihash_search_inline_2_16_8
596  (&am->fa_ip4_sessions_hash, &p5tuple->kv_16_8, &kv_result) == 0);
597  *pvalue_sess = kv_result.value;
598  }
599  return res;
600 }
601 
602 /*
603  * fd.io coding-style-patch-verification: ON
604  *
605  * Local Variables:
606  * eval: (c-set-style "gnu")
607  * End:
608  */
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:437
static u8 icmp_protos[]
#define TCP_FLAGS_ACKSYN
Definition: fa_node.h:21
static fa_session_t * acl_fa_add_session(acl_main_t *am, int is_input, int is_ip6, u32 sw_if_index, u64 now, fa_5tuple_t *p5tuple, u16 current_policy_epoch)
u32 session_timeout_sec[ACL_N_TIMEOUTS]
Definition: acl.h:239
uword * fa_out_acl_on_sw_if_index
Definition: acl.h:231
#define FA_SESSION_BOGUS_INDEX
Definition: fa_node.h:143
static const u8 icmp6_valid_new[]
static int acl_fa_conn_list_delete_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
fa_session_l4_key_t l4
Definition: fa_node.h:71
clib_bihash_40_8_t fa_ip6_sessions_hash
Definition: acl.h:234
fa_packet_info_t pkt
Definition: fa_node.h:73
#define SESSION_PURGATORY_TIMEOUT_USEC
Definition: acl.h:43
uword * fa_in_acl_on_sw_if_index
Definition: acl.h:230
#define clib_error(format, args...)
Definition: error.h:62
static void acl_fa_deactivate_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
unsigned long u64
Definition: types.h:89
static void acl_fa_conn_list_add_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
f64 clocks_per_second
Definition: time.h:53
#define TCP_FLAGS_RSTFINACKSYN
Definition: fa_node.h:20
fa_5tuple_t info
Definition: fa_node.h:83
static int acl_fa_ifc_has_sessions(acl_main_t *am, int sw_if_index0)
static int acl_fa_two_stage_delete_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id, u64 now)
static uword * clib_bitmap_set(uword *ai, uword i, uword value)
Sets the ith bit of a bitmap to new_value Removes trailing zeros from the bitmap. ...
Definition: bitmap.h:167
fa_session_t * fa_sessions_pool
Definition: fa_node.h:147
clib_time_t clib_time
Definition: main.h:63
u8 link_list_id
Definition: fa_node.h:94
static void reverse_session_add_del_ip4(acl_main_t *am, clib_bihash_kv_16_8_t *pkv, int is_add)
vlib_main_t ** vlib_mains
Definition: buffer.c:303
unsigned char u8
Definition: types.h:56
#define pool_len(p)
Number of elements in pool vector.
Definition: pool.h:140
static fa_session_t * get_session_ptr(acl_main_t *am, u16 thread_index, u32 session_index)
u8 deleted
Definition: fa_node.h:95
static int acl_fa_ifc_has_in_acl(acl_main_t *am, int sw_if_index0)
#define clib_smp_atomic_add(addr, increment)
Definition: smp.h:46
u32 link_prev_idx
Definition: fa_node.h:92
#define always_inline
Definition: clib.h:92
u64 fa_conn_table_max_entries
Definition: acl.h:268
unsigned int u32
Definition: types.h:88
union fa_session_t::@360 tcp_flags_seen
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:461
u32 l3_zero_pad[6]
Definition: fa_node.h:66
static void acl_fa_try_recycle_session(acl_main_t *am, int is_input, u16 thread_index, u32 sw_if_index, u64 now)
unsigned short u16
Definition: types.h:57
#define PREDICT_FALSE(x)
Definition: clib.h:105
u64 last_active_time
Definition: fa_node.h:84
u64 * fa_conn_list_head_expiry_time
Definition: fa_node.h:152
u64 * fa_session_adds_by_sw_if_index
Definition: fa_node.h:155
u64 * fa_session_dels_by_sw_if_index
Definition: fa_node.h:154
#define pool_get_aligned(P, E, A)
Allocate an object E from a pool P (general version).
Definition: pool.h:188
static u64 fa_session_get_timeout(acl_main_t *am, fa_session_t *sess)
static u64 reverse_l4_u64_fastpath(u64 l4, int is_ip6)
u64 fa_session_total_adds
Definition: acl.h:241
clib_bihash_kv_40_8_t kv_40_8
Definition: fa_node.h:75
static void * clib_mem_set_heap(void *heap)
Definition: mem.h:226
#define clib_warning(format, args...)
Definition: error.h:59
u32 sw_if_index
Definition: fa_node.h:85
static uword clib_bitmap_get(uword *ai, uword i)
Gets the ith bit value from a bitmap.
Definition: bitmap.h:197
static int acl_fa_restart_timer_for_session(acl_main_t *am, u64 now, fa_full_session_id_t sess_id)
static int acl_fa_find_session(acl_main_t *am, int is_ip6, u32 sw_if_index0, fa_5tuple_t *p5tuple, u64 *pvalue_sess)
u8 as_u8[2]
Definition: fa_node.h:87
static int fa_session_get_timeout_type(acl_main_t *am, fa_session_t *sess)
#define pool_put_index(p, i)
Free pool element with given index.
Definition: pool.h:296
#define ASSERT(truth)
u8 tcp_flags_valid
Definition: fa_node.h:33
static u64 reverse_l4_u64(u64 l4, int is_ip6)
static const u8 icmp6_invmap[]
static int acl_fa_can_add_session(acl_main_t *am, int is_input, u32 sw_if_index)
clib_bihash_kv_16_8_t kv_16_8
Definition: fa_node.h:78
uword * serviced_sw_if_index_bitmap
Definition: fa_node.h:175
u32 link_next_idx
Definition: fa_node.h:93
u16 as_u16
Definition: fa_node.h:88
static void reverse_session_add_del_ip6(acl_main_t *am, clib_bihash_kv_40_8_t *pkv, int is_add)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
acl_fa_per_worker_data_t * per_worker_data
Definition: acl.h:297
u64 uword
Definition: types.h:112
static_always_inline uword os_get_thread_index(void)
Definition: os.h:62
static const u8 icmp4_valid_new[]
void * acl_mheap
Definition: acl.h:129
u16 thread_index
Definition: fa_node.h:89
static int is_valid_session_ptr(acl_main_t *am, u16 thread_index, fa_session_t *sess)
static u8 acl_fa_track_session(acl_main_t *am, int is_input, u32 sw_if_index, u64 now, fa_session_t *sess, fa_5tuple_t *pkt_5tuple)
static int is_ip6_5tuple(fa_5tuple_t *p5t)
static u64 reverse_l4_u64_slowpath(u64 l4, int is_ip6)
u64 fa_session_total_deactivations
Definition: acl.h:244
static void acl_fa_put_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:62
static const u8 icmp4_invmap[]
clib_bihash_16_8_t fa_ip4_sessions_hash
Definition: acl.h:235
static int acl_fa_ifc_has_out_acl(acl_main_t *am, int sw_if_index0)
int fa_sessions_hash_is_initialized
Definition: acl.h:233
u64 link_enqueue_time
Definition: fa_node.h:91
u64 fa_session_total_dels
Definition: acl.h:242
foreach_fa_cleaner_counter vlib_main_t * vlib_main
Definition: acl.h:319