19 [ICMP4_echo_reply] = ICMP4_echo_request + 1,
20 [ICMP4_timestamp_reply] = ICMP4_timestamp_request + 1,
21 [ICMP4_information_reply] = ICMP4_information_request + 1,
22 [ICMP4_address_mask_reply] = ICMP4_address_mask_request + 1
27 [ICMP4_echo_request] = 1,
28 [ICMP4_timestamp_request] = 1,
29 [ICMP4_information_request] = 1,
30 [ICMP4_address_mask_request] = 1
35 [ICMP6_echo_reply - 128] = ICMP6_echo_request + 1,
36 [ICMP6_node_information_response - 128] = ICMP6_node_information_request + 1
41 [ICMP6_echo_request - 128] = 1,
42 [ICMP6_node_information_request - 128] = 1
172 #ifdef FA_NODE_VERBOSE_DEBUG 174 (
"FA-SESSION-DEBUG: add session id %d on thread %d sw_if_index %d",
198 #ifdef FA_NODE_VERBOSE_DEBUG 199 clib_warning (
"thread id in key %d != curr thread index, not deleting");
205 u64 next_expiry_time = ~0ULL;
210 (
"Attempting to delete session belonging to thread %d by thread %d",
311 static const u8 *icmp_valid_new[] =
314 sizeof (icmp6_invmap)
317 sizeof (icmp6_valid_new)
319 int type = is_ip6 ? l4i.
port[0] - 128 : l4i.
port[0];
332 if (type >= 0 && (type <= icmp_valid_new_size[is_ip6])
333 && (icmp_valid_new[is_ip6][type])
334 && (type <= icmp_invmap_size[is_ip6]) && icmp_invmap[is_ip6][type])
343 l4o.
port[0] = icmp_invmap[is_ip6][type] - 1;
388 ((pkv->
key[0] & 0xffffffff) << 32) | ((pkv->
key[0] >> 32) & 0xffffffff);
426 (
"Attempting to delete session belonging to thread %d by thread %d",
481 && n_recycled < am->fa_max_deleted_sessions_per_interval)
512 u16 current_policy_epoch)
522 if (f_sess_id.
as_u64 == ~0)
524 clib_error (
"Adding session with invalid value");
588 res = (clib_bihash_search_inline_2_40_8
590 *pvalue_sess = kv_result.
value;
595 res = (clib_bihash_search_inline_2_16_8
597 *pvalue_sess = kv_result.
value;
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
static fa_session_t * acl_fa_add_session(acl_main_t *am, int is_input, int is_ip6, u32 sw_if_index, u64 now, fa_5tuple_t *p5tuple, u16 current_policy_epoch)
u32 session_timeout_sec[ACL_N_TIMEOUTS]
uword * fa_out_acl_on_sw_if_index
#define FA_SESSION_BOGUS_INDEX
static const u8 icmp6_valid_new[]
static int acl_fa_conn_list_delete_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
clib_bihash_40_8_t fa_ip6_sessions_hash
#define SESSION_PURGATORY_TIMEOUT_USEC
uword * fa_in_acl_on_sw_if_index
#define clib_error(format, args...)
static void acl_fa_deactivate_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
static void acl_fa_conn_list_add_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
#define TCP_FLAGS_RSTFINACKSYN
static int acl_fa_ifc_has_sessions(acl_main_t *am, int sw_if_index0)
static int acl_fa_two_stage_delete_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id, u64 now)
static uword * clib_bitmap_set(uword *ai, uword i, uword value)
Sets the ith bit of a bitmap to new_value Removes trailing zeros from the bitmap. ...
fa_session_t * fa_sessions_pool
static void reverse_session_add_del_ip4(acl_main_t *am, clib_bihash_kv_16_8_t *pkv, int is_add)
vlib_main_t ** vlib_mains
#define pool_len(p)
Number of elements in pool vector.
static fa_session_t * get_session_ptr(acl_main_t *am, u16 thread_index, u32 session_index)
static int acl_fa_ifc_has_in_acl(acl_main_t *am, int sw_if_index0)
#define clib_smp_atomic_add(addr, increment)
u64 fa_conn_table_max_entries
union fa_session_t::@360 tcp_flags_seen
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static void acl_fa_try_recycle_session(acl_main_t *am, int is_input, u16 thread_index, u32 sw_if_index, u64 now)
u64 * fa_conn_list_head_expiry_time
u64 * fa_session_adds_by_sw_if_index
u64 * fa_session_dels_by_sw_if_index
#define pool_get_aligned(P, E, A)
Allocate an object E from a pool P (general version).
static u64 fa_session_get_timeout(acl_main_t *am, fa_session_t *sess)
static u64 reverse_l4_u64_fastpath(u64 l4, int is_ip6)
u64 fa_session_total_adds
clib_bihash_kv_40_8_t kv_40_8
static void * clib_mem_set_heap(void *heap)
#define clib_warning(format, args...)
static uword clib_bitmap_get(uword *ai, uword i)
Gets the ith bit value from a bitmap.
static int acl_fa_restart_timer_for_session(acl_main_t *am, u64 now, fa_full_session_id_t sess_id)
static int acl_fa_find_session(acl_main_t *am, int is_ip6, u32 sw_if_index0, fa_5tuple_t *p5tuple, u64 *pvalue_sess)
static int fa_session_get_timeout_type(acl_main_t *am, fa_session_t *sess)
#define pool_put_index(p, i)
Free pool element with given index.
static u64 reverse_l4_u64(u64 l4, int is_ip6)
static const u8 icmp6_invmap[]
static int acl_fa_can_add_session(acl_main_t *am, int is_input, u32 sw_if_index)
clib_bihash_kv_16_8_t kv_16_8
uword * serviced_sw_if_index_bitmap
static void reverse_session_add_del_ip6(acl_main_t *am, clib_bihash_kv_40_8_t *pkv, int is_add)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
acl_fa_per_worker_data_t * per_worker_data
static_always_inline uword os_get_thread_index(void)
static const u8 icmp4_valid_new[]
static int is_valid_session_ptr(acl_main_t *am, u16 thread_index, fa_session_t *sess)
static u8 acl_fa_track_session(acl_main_t *am, int is_input, u32 sw_if_index, u64 now, fa_session_t *sess, fa_5tuple_t *pkt_5tuple)
static int is_ip6_5tuple(fa_5tuple_t *p5t)
static u64 reverse_l4_u64_slowpath(u64 l4, int is_ip6)
u64 fa_session_total_deactivations
static void acl_fa_put_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
#define CLIB_CACHE_LINE_BYTES
static const u8 icmp4_invmap[]
clib_bihash_16_8_t fa_ip4_sessions_hash
static int acl_fa_ifc_has_out_acl(acl_main_t *am, int sw_if_index0)
int fa_sessions_hash_is_initialized
u64 fa_session_total_dels
foreach_fa_cleaner_counter vlib_main_t * vlib_main