FD.io VPP  v18.04-17-g3a0d853
Vector Packet Processing
fa_node.h
Go to the documentation of this file.
1 #ifndef _FA_NODE_H_
2 #define _FA_NODE_H_
3 
4 #include <stddef.h>
5 #include <vppinfra/bihash_40_8.h>
6 
7 // #define FA_NODE_VERBOSE_DEBUG 3
8 
9 #define TCP_FLAG_FIN 0x01
10 #define TCP_FLAG_SYN 0x02
11 #define TCP_FLAG_RST 0x04
12 #define TCP_FLAG_PUSH 0x08
13 #define TCP_FLAG_ACK 0x10
14 #define TCP_FLAG_URG 0x20
15 #define TCP_FLAG_ECE 0x40
16 #define TCP_FLAG_CWR 0x80
17 #define TCP_FLAGS_RSTFINACKSYN (TCP_FLAG_RST + TCP_FLAG_FIN + TCP_FLAG_SYN + TCP_FLAG_ACK)
18 #define TCP_FLAGS_ACKSYN (TCP_FLAG_SYN + TCP_FLAG_ACK)
19 
20 #define ACL_FA_CONN_TABLE_DEFAULT_HASH_NUM_BUCKETS (64 * 1024)
21 #define ACL_FA_CONN_TABLE_DEFAULT_HASH_MEMORY_SIZE (1<<30)
22 #define ACL_FA_CONN_TABLE_DEFAULT_MAX_ENTRIES 1000000
23 
24 typedef union {
25  u64 as_u64;
26  struct {
27  u32 lc_index;
28  u16 mask_type_index_lsb;
29  u8 tcp_flags;
30  u8 tcp_flags_valid:1;
31  u8 l4_valid:1;
32  u8 is_nonfirst_fragment:1;
33  u8 is_ip6:1;
34  u8 flags_reserved:4;
35  };
36 } fa_packet_info_t;
37 
38 typedef union {
39  u64 as_u64;
40  struct {
41  u16 port[2];
42  u16 proto;
43  u16 lsb_of_sw_if_index;
44  };
45 } fa_session_l4_key_t;
46 
47 typedef union {
48  struct {
49  ip46_address_t addr[2];
50  fa_session_l4_key_t l4;
51  /* This field should align with u64 value in bihash_40_8 keyvalue struct */
52  fa_packet_info_t pkt;
53  };
54  clib_bihash_kv_40_8_t kv;
55 } fa_5tuple_t;
56 
57 typedef struct {
58  u8 opaque[sizeof(fa_5tuple_t)];
59 } fa_5tuple_opaque_t;
60 
61 
62 typedef struct {
63  fa_5tuple_t info; /* (5+1)*8 = 48 bytes */
64  u64 last_active_time; /* +8 bytes = 56 */
65  u32 sw_if_index; /* +4 bytes = 60 */
66  union {
67  u8 as_u8[2];
68  u16 as_u16;
69  } tcp_flags_seen; ; /* +2 bytes = 62 */
70  u16 thread_index; /* +2 bytes = 64 */
71  u64 link_enqueue_time; /* 8 byte = 8 */
72  u32 link_prev_idx; /* +4 bytes = 12 */
73  u32 link_next_idx; /* +4 bytes = 16 */
74  u8 link_list_id; /* +1 bytes = 17 */
75  u8 reserved1[7]; /* +7 bytes = 24 */
76  u64 reserved2[5]; /* +5*8 bytes = 64 */
77 } fa_session_t;
78 
79 #define FA_POLICY_EPOCH_MASK 0x7fff
80 /* input policy epochs have the MSB set */
81 #define FA_POLICY_EPOCH_IS_INPUT 0x8000
82 
83 
84 /* This structure is used to fill in the u64 value
85  in the per-sw-if-index hash table */
86 typedef struct {
87  union {
88  u64 as_u64;
89  struct {
90  u32 session_index;
91  u16 thread_index;
92  u16 intf_policy_epoch;
93  };
94  };
95 } fa_full_session_id_t;
96 
97 /*
98  * A few compile-time constraints on the size and the layout of the union, to ensure
99  * it makes sense both for bihash and for us.
100  */
101 
102 #define CT_ASSERT_EQUAL(name, x,y) typedef int assert_ ## name ## _compile_time_assertion_failed[((x) == (y))-1]
103 CT_ASSERT_EQUAL(fa_l3_key_size_is_40, offsetof(fa_5tuple_t, pkt), offsetof(clib_bihash_kv_40_8_t, value));
104 CT_ASSERT_EQUAL(fa_l4_key_t_is_8, sizeof(fa_session_l4_key_t), sizeof(u64));
105 CT_ASSERT_EQUAL(fa_packet_info_t_is_8, sizeof(fa_packet_info_t), sizeof(u64));
106 CT_ASSERT_EQUAL(fa_l3_kv_size_is_48, sizeof(fa_5tuple_t), sizeof(clib_bihash_kv_40_8_t));
107 
108 /* Let's try to fit within two cachelines */
109 CT_ASSERT_EQUAL(fa_session_t_size_is_128, sizeof(fa_session_t), 128);
110 
111 /* Session ID MUST be the same as u64 */
112 CT_ASSERT_EQUAL(fa_full_session_id_size_is_64, sizeof(fa_full_session_id_t), sizeof(u64));
113 #undef CT_ASSERT_EQUAL
114 
115 typedef struct {
116  /* The pool of sessions managed by this worker */
117  fa_session_t *fa_sessions_pool;
118  /* per-worker ACL_N_TIMEOUTS of conn lists */
119  u32 *fa_conn_list_head;
120  u32 *fa_conn_list_tail;
121  /* adds and deletes per-worker-per-interface */
122  u64 *fa_session_dels_by_sw_if_index;
123  u64 *fa_session_adds_by_sw_if_index;
124  /* sessions deleted due to epoch change */
125  u64 *fa_session_epoch_change_by_sw_if_index;
126  /* Vector of expired connections retrieved from lists */
127  u32 *expired;
128  /* the earliest next expiry time */
129  u64 next_expiry_time;
130  /* if not zero, look at all the elements until their enqueue timestamp is after below one */
131  u64 requeue_until_time;
132  /* Current time between the checks */
133  u64 current_time_wait_interval;
134  /* Counter of how many sessions we did delete */
135  u64 cnt_deleted_sessions;
136  /* Counter of already deleted sessions being deleted - should not increment unless a bug */
137  u64 cnt_already_deleted_sessions;
138  /* Number of times we requeued a session to a head of the list */
139  u64 cnt_session_timer_restarted;
140  /* swipe up to this enqueue time, rather than following the timeouts */
141  u64 swipe_end_time;
142  /* bitmap of sw_if_index serviced by this worker */
143  uword *serviced_sw_if_index_bitmap;
144  /* bitmap of sw_if_indices to clear. set by main thread, cleared by worker */
145  uword *pending_clear_sw_if_index_bitmap;
146  /* atomic, indicates that the swipe-deletion of connections is in progress */
147  u32 clear_in_process;
148  /* Interrupt is pending from main thread */
149  int interrupt_is_pending;
150  /*
151  * Interrupt node on the worker thread sets this if it knows there is
152  * more work to do, but it has to finish to avoid hogging the
153  * core for too long.
154  */
155  int interrupt_is_needed;
156  /*
157  * Set to indicate that the interrupt node wants to get less interrupts
158  * because there is not enough work for the current rate.
159  */
160  int interrupt_is_unwanted;
161  /*
162  * Set to copy of a "generation" counter in main thread so we can sync the interrupts.
163  */
164  int interrupt_generation;
165 } acl_fa_per_worker_data_t;
166 
167 
168 typedef enum {
169  ACL_FA_ERROR_DROP,
170  ACL_FA_N_NEXT,
171 } acl_fa_next_t;
172 
173 
174 enum
175 {
176  ACL_FA_CLEANER_RESCHEDULE = 1,
177  ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX,
178 } acl_fa_cleaner_process_event_e;
179 
180 void acl_fa_enable_disable(u32 sw_if_index, int is_input, int enable_disable);
181 
182 void show_fa_sessions_hash(vlib_main_t * vm, u32 verbose);
183 
184 u8 *format_acl_plugin_5tuple (u8 * s, va_list * args);
185 
186 /* use like: elog_acl_maybe_trace_X1(am, "foobar: %d", "i4", int32_value); */
187 
188 #define elog_acl_maybe_trace_X1(am, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1) \
189 do { \
190  if (am->trace_sessions) { \
191  CLIB_UNUSED(struct { u8 available_space[18 - sizeof(acl_elog_val1)]; } *static_check); \
192  u16 thread_index = os_get_thread_index (); \
193  vlib_worker_thread_t * w = vlib_worker_threads + thread_index; \
194  ELOG_TYPE_DECLARE (e) = \
195  { \
196  .format = "(%02d) " acl_elog_trace_format_label, \
197  .format_args = "i2" acl_elog_trace_format_args, \
198  }; \
199  CLIB_PACKED(struct \
200  { \
201  u16 thread; \
202  typeof(acl_elog_val1) val1; \
203  }) *ed; \
204  ed = ELOG_TRACK_DATA (&vlib_global_main.elog_main, e, w->elog_track); \
205  ed->thread = thread_index; \
206  ed->val1 = acl_elog_val1; \
207  } \
208 } while (0)
209 
210 
211 /* use like: elog_acl_maybe_trace_X2(am, "foobar: %d some u64: %lu", "i4i8", int32_value, int64_value); */
212 
213 #define elog_acl_maybe_trace_X2(am, acl_elog_trace_format_label, acl_elog_trace_format_args, \
214  acl_elog_val1, acl_elog_val2) \
215 do { \
216  if (am->trace_sessions) { \
217  CLIB_UNUSED(struct { u8 available_space[18 - sizeof(acl_elog_val1) - sizeof(acl_elog_val2)]; } *static_check); \
218  u16 thread_index = os_get_thread_index (); \
219  vlib_worker_thread_t * w = vlib_worker_threads + thread_index; \
220  ELOG_TYPE_DECLARE (e) = \
221  { \
222  .format = "(%02d) " acl_elog_trace_format_label, \
223  .format_args = "i2" acl_elog_trace_format_args, \
224  }; \
225  CLIB_PACKED(struct \
226  { \
227  u16 thread; \
228  typeof(acl_elog_val1) val1; \
229  typeof(acl_elog_val2) val2; \
230  }) *ed; \
231  ed = ELOG_TRACK_DATA (&vlib_global_main.elog_main, e, w->elog_track); \
232  ed->thread = thread_index; \
233  ed->val1 = acl_elog_val1; \
234  ed->val2 = acl_elog_val2; \
235  } \
236 } while (0)
237 
238 
239 /* use like: elog_acl_maybe_trace_X3(am, "foobar: %d some u64 %lu baz: %d", "i4i8i4", int32_value, u64_value, int_value); */
240 
241 #define elog_acl_maybe_trace_X3(am, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1, \
242  acl_elog_val2, acl_elog_val3) \
243 do { \
244  if (am->trace_sessions) { \
245  CLIB_UNUSED(struct { u8 available_space[18 - sizeof(acl_elog_val1) - sizeof(acl_elog_val2) \
246  - sizeof(acl_elog_val3)]; } *static_check); \
247  u16 thread_index = os_get_thread_index (); \
248  vlib_worker_thread_t * w = vlib_worker_threads + thread_index; \
249  ELOG_TYPE_DECLARE (e) = \
250  { \
251  .format = "(%02d) " acl_elog_trace_format_label, \
252  .format_args = "i2" acl_elog_trace_format_args, \
253  }; \
254  CLIB_PACKED(struct \
255  { \
256  u16 thread; \
257  typeof(acl_elog_val1) val1; \
258  typeof(acl_elog_val2) val2; \
259  typeof(acl_elog_val3) val3; \
260  }) *ed; \
261  ed = ELOG_TRACK_DATA (&vlib_global_main.elog_main, e, w->elog_track); \
262  ed->thread = thread_index; \
263  ed->val1 = acl_elog_val1; \
264  ed->val2 = acl_elog_val2; \
265  ed->val3 = acl_elog_val3; \
266  } \
267 } while (0)
268 
269 
270 /* use like: elog_acl_maybe_trace_X4(am, "foobar: %d some int %d baz: %d bar: %d", "i4i4i4i4", int32_value, int32_value2, int_value, int_value); */
271 
272 #define elog_acl_maybe_trace_X4(am, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1, \
273  acl_elog_val2, acl_elog_val3, acl_elog_val4) \
274 do { \
275  if (am->trace_sessions) { \
276  CLIB_UNUSED(struct { u8 available_space[18 - sizeof(acl_elog_val1) - sizeof(acl_elog_val2) \
277  - sizeof(acl_elog_val3) -sizeof(acl_elog_val4)]; } *static_check); \
278  u16 thread_index = os_get_thread_index (); \
279  vlib_worker_thread_t * w = vlib_worker_threads + thread_index; \
280  ELOG_TYPE_DECLARE (e) = \
281  { \
282  .format = "(%02d) " acl_elog_trace_format_label, \
283  .format_args = "i2" acl_elog_trace_format_args, \
284  }; \
285  CLIB_PACKED(struct \
286  { \
287  u16 thread; \
288  typeof(acl_elog_val1) val1; \
289  typeof(acl_elog_val2) val2; \
290  typeof(acl_elog_val3) val3; \
291  typeof(acl_elog_val4) val4; \
292  }) *ed; \
293  ed = ELOG_TRACK_DATA (&vlib_global_main.elog_main, e, w->elog_track); \
294  ed->thread = thread_index; \
295  ed->val1 = acl_elog_val1; \
296  ed->val2 = acl_elog_val2; \
297  ed->val3 = acl_elog_val3; \
298  ed->val4 = acl_elog_val4; \
299  } \
300 } while (0)
301 
302 
303 #endif
fa_full_session_id_t::intf_policy_epoch
u16 intf_policy_epoch
Definition: fa_node.h:92
acl_fa_per_worker_data_t::next_expiry_time
u64 next_expiry_time
Definition: fa_node.h:129
acl_fa_per_worker_data_t::pending_clear_sw_if_index_bitmap
uword * pending_clear_sw_if_index_bitmap
Definition: fa_node.h:145
fa_5tuple_t::l4
fa_session_l4_key_t l4
Definition: fa_node.h:50
fa_5tuple_t::pkt
fa_packet_info_t pkt
Definition: fa_node.h:52
fa_session_t::info
fa_5tuple_t info
Definition: fa_node.h:63
CT_ASSERT_EQUAL
#define CT_ASSERT_EQUAL(name, x, y)
Definition: fa_node.h:102
acl_fa_per_worker_data_t::fa_sessions_pool
fa_session_t * fa_sessions_pool
Definition: fa_node.h:117
fa_session_t::link_list_id
u8 link_list_id
Definition: fa_node.h:74
ACL_FA_ERROR_DROP
Definition: fa_node.h:169
fa_full_session_id_t::thread_index
u16 thread_index
Definition: fa_node.h:91
clib_bihash_kv_40_8_t
Definition: bihash_40_8.h:33
fa_full_session_id_t
Definition: fa_node.h:86
fa_packet_info_t::lc_index
u32 lc_index
Definition: fa_node.h:27
fa_session_l4_key_t::lsb_of_sw_if_index
u16 lsb_of_sw_if_index
Definition: fa_node.h:43
acl_fa_per_worker_data_t::requeue_until_time
u64 requeue_until_time
Definition: fa_node.h:131
fa_full_session_id_t::session_index
u32 session_index
Definition: fa_node.h:90
fa_session_t::link_prev_idx
u32 link_prev_idx
Definition: fa_node.h:72
fa_session_l4_key_t::as_u64
u64 as_u64
Definition: fa_node.h:39
acl_fa_per_worker_data_t::cnt_deleted_sessions
u64 cnt_deleted_sessions
Definition: fa_node.h:135
acl_fa_per_worker_data_t::interrupt_is_needed
int interrupt_is_needed
Definition: fa_node.h:155
acl_fa_per_worker_data_t::cnt_session_timer_restarted
u64 cnt_session_timer_restarted
Definition: fa_node.h:139
u64
unsigned long u64
Definition: types.h:89
ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX
Definition: fa_node.h:177
acl_fa_per_worker_data_t
Definition: fa_node.h:115
acl_fa_per_worker_data_t::fa_session_epoch_change_by_sw_if_index
u64 * fa_session_epoch_change_by_sw_if_index
Definition: fa_node.h:125
fa_5tuple_t::kv
clib_bihash_kv_40_8_t kv
Definition: fa_node.h:54
acl_fa_per_worker_data_t::fa_conn_list_tail
u32 * fa_conn_list_tail
Definition: fa_node.h:120
fa_session_t::last_active_time
u64 last_active_time
Definition: fa_node.h:64
acl_fa_per_worker_data_t::interrupt_is_unwanted
int interrupt_is_unwanted
Definition: fa_node.h:160
acl_fa_per_worker_data_t::fa_session_adds_by_sw_if_index
u64 * fa_session_adds_by_sw_if_index
Definition: fa_node.h:123
acl_fa_per_worker_data_t::fa_session_dels_by_sw_if_index
u64 * fa_session_dels_by_sw_if_index
Definition: fa_node.h:122
fa_full_session_id_t::as_u64
u64 as_u64
Definition: fa_node.h:88
fa_session_l4_key_t::proto
u16 proto
Definition: fa_node.h:42
vm
vlib_main_t * vm
Definition: buffer.c:294
acl_fa_enable_disable
void acl_fa_enable_disable(u32 sw_if_index, int is_input, int enable_disable)
Definition: fa_node.c:1367
acl_fa_next_t
acl_fa_next_t
Definition: fa_node.h:168
fa_session_t::sw_if_index
u32 sw_if_index
Definition: fa_node.h:65
acl_fa_per_worker_data_t::interrupt_is_pending
int interrupt_is_pending
Definition: fa_node.h:149
u32
unsigned int u32
Definition: types.h:88
bihash_40_8.h
acl_fa_per_worker_data_t::serviced_sw_if_index_bitmap
uword * serviced_sw_if_index_bitmap
Definition: fa_node.h:143
fa_session_t::link_next_idx
u32 link_next_idx
Definition: fa_node.h:73
uword
u64 uword
Definition: types.h:112
ACL_FA_N_NEXT
Definition: fa_node.h:170
fa_session_t::as_u16
u16 as_u16
Definition: fa_node.h:68
acl_fa_cleaner_process_event_e
enum @341 acl_fa_cleaner_process_event_e
u16
unsigned short u16
Definition: types.h:57
acl_fa_per_worker_data_t::swipe_end_time
u64 swipe_end_time
Definition: fa_node.h:141
u8
unsigned char u8
Definition: types.h:56
vlib_main_t
Definition: main.h:59
format_acl_plugin_5tuple
u8 * format_acl_plugin_5tuple(u8 *s, va_list *args)
Definition: fa_node.c:98
acl_fa_per_worker_data_t::cnt_already_deleted_sessions
u64 cnt_already_deleted_sessions
Definition: fa_node.h:137
fa_session_l4_key_t
Definition: fa_node.h:38
acl_fa_per_worker_data_t::fa_conn_list_head
u32 * fa_conn_list_head
Definition: fa_node.h:119
acl_fa_per_worker_data_t::expired
u32 * expired
Definition: fa_node.h:127
fa_session_t::thread_index
u16 thread_index
Definition: fa_node.h:69
fa_session_t
Definition: fa_node.h:62
fa_packet_info_t::tcp_flags
u8 tcp_flags
Definition: fa_node.h:29
fa_packet_info_t
Definition: fa_node.h:24
fa_packet_info_t::as_u64
u64 as_u64
Definition: fa_node.h:25
fa_5tuple_opaque_t
Definition: fa_node.h:57
show_fa_sessions_hash
void show_fa_sessions_hash(vlib_main_t *vm, u32 verbose)
Definition: fa_node.c:1422
addr
vhost_vring_addr_t addr
Definition: vhost-user.h:83
fa_packet_info_t::mask_type_index_lsb
u16 mask_type_index_lsb
Definition: fa_node.h:28
ACL_FA_CLEANER_RESCHEDULE
Definition: fa_node.h:176
acl_fa_per_worker_data_t::current_time_wait_interval
u64 current_time_wait_interval
Definition: fa_node.h:133
fa_session_t::link_enqueue_time
u64 link_enqueue_time
Definition: fa_node.h:71
acl_fa_per_worker_data_t::clear_in_process
u32 clear_in_process
Definition: fa_node.h:147
acl_fa_per_worker_data_t::interrupt_generation
int interrupt_generation
Definition: fa_node.h:164
fa_5tuple_t
Definition: fa_node.h:47