FD.io VPP  v18.10-34-gcce845e
Vector Packet Processing
session_inlines.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 
17 /* ICMPv4 invert type for stateful ACL */
18 static const u8 icmp4_invmap[] = {
19  [ICMP4_echo_request] = ICMP4_echo_reply + 1,
20  [ICMP4_timestamp_request] = ICMP4_timestamp_reply + 1,
21  [ICMP4_information_request] = ICMP4_information_reply + 1,
22  [ICMP4_address_mask_request] = ICMP4_address_mask_reply + 1
23 };
24 
25 /* Supported ICMPv4 messages for session creation */
26 static const u8 icmp4_valid_new[] = {
27  [ICMP4_echo_request] = 1,
28  [ICMP4_timestamp_request] = 1,
29  [ICMP4_information_request] = 1,
30  [ICMP4_address_mask_request] = 1
31 };
32 
33 /* ICMPv6 invert type for stateful ACL */
34 static const u8 icmp6_invmap[] = {
35  [ICMP6_echo_request - 128] = ICMP6_echo_reply + 1,
36  [ICMP6_node_information_request - 128] = ICMP6_node_information_response + 1
37 };
38 
39 /* Supported ICMPv6 messages for session creation */
40 static const u8 icmp6_valid_new[] = {
41  [ICMP6_echo_request - 128] = 1,
42  [ICMP6_node_information_request - 128] = 1
43 };
44 
45 /* IP4 and IP6 protocol numbers of ICMP */
46 static u8 icmp_protos[] = { IP_PROTOCOL_ICMP, IP_PROTOCOL_ICMP6 };
47 
48 
49 
50 always_inline int
51 acl_fa_ifc_has_sessions (acl_main_t * am, int sw_if_index0)
52 {
54 }
55 
56 always_inline int
57 acl_fa_ifc_has_in_acl (acl_main_t * am, int sw_if_index0)
58 {
59  int it_has = clib_bitmap_get (am->fa_in_acl_on_sw_if_index, sw_if_index0);
60  return it_has;
61 }
62 
63 always_inline int
64 acl_fa_ifc_has_out_acl (acl_main_t * am, int sw_if_index0)
65 {
66  int it_has = clib_bitmap_get (am->fa_out_acl_on_sw_if_index, sw_if_index0);
67  return it_has;
68 }
69 
70 always_inline int
72 {
73  /* seen both SYNs and ACKs but not FINs means we are in established state */
74  u16 masked_flags =
77  switch (sess->info.l4.proto)
78  {
79  case IPPROTO_TCP:
80  if (((TCP_FLAGS_ACKSYN << 8) + TCP_FLAGS_ACKSYN) == masked_flags)
81  {
82  return ACL_TIMEOUT_TCP_IDLE;
83  }
84  else
85  {
87  }
88  break;
89  case IPPROTO_UDP:
90  return ACL_TIMEOUT_UDP_IDLE;
91  break;
92  default:
93  return ACL_TIMEOUT_UDP_IDLE;
94  }
95 }
96 
97 /*
98  * Get the idle timeout of a session.
99  */
100 
103 {
104  u64 timeout = (am->vlib_main->clib_time.clocks_per_second);
105  if (sess->link_list_id == ACL_TIMEOUT_PURGATORY)
106  {
107  timeout /= (1000000 / SESSION_PURGATORY_TIMEOUT_USEC);
108  }
109  else
110  {
111  int timeout_type = fa_session_get_timeout_type (am, sess);
112  timeout *= am->session_timeout_sec[timeout_type];
113  }
114  return timeout;
115 }
116 
117 
118 
120 get_session_ptr (acl_main_t * am, u16 thread_index, u32 session_index)
121 {
122  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
123  if (session_index >= vec_len (pw->fa_sessions_pool))
124  return 0;
125 
126  return pool_elt_at_index (pw->fa_sessions_pool, session_index);
127 }
128 
129 always_inline int
130 is_valid_session_ptr (acl_main_t * am, u16 thread_index, fa_session_t * sess)
131 {
132  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
133  return ((sess != 0)
134  && ((sess - pw->fa_sessions_pool) <
135  pool_len (pw->fa_sessions_pool)));
136 }
137 
138 always_inline void
140  u64 now)
141 {
142  fa_session_t *sess =
143  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
144  u8 list_id =
146  sess);
147  uword thread_index = os_get_thread_index ();
148  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
149  /* the retrieved session thread index must be necessarily the same as the one in the key */
150  ASSERT (sess->thread_index == sess_id.thread_index);
151  /* the retrieved session thread index must be the same as current thread */
152  ASSERT (sess->thread_index == thread_index);
153  sess->link_enqueue_time = now;
154  sess->link_list_id = list_id;
156  sess->link_prev_idx = pw->fa_conn_list_tail[list_id];
157  if (FA_SESSION_BOGUS_INDEX != pw->fa_conn_list_tail[list_id])
158  {
159  fa_session_t *prev_sess =
160  get_session_ptr (am, thread_index, pw->fa_conn_list_tail[list_id]);
161  prev_sess->link_next_idx = sess_id.session_index;
162  /* We should never try to link with a session on another thread */
163  ASSERT (prev_sess->thread_index == sess->thread_index);
164  }
165  pw->fa_conn_list_tail[list_id] = sess_id.session_index;
166 
167 #ifdef FA_NODE_VERBOSE_DEBUG
169  ("FA-SESSION-DEBUG: add session id %d on thread %d sw_if_index %d",
170  sess_id.session_index, thread_index, sess->sw_if_index);
171 #endif
174 
175  if (FA_SESSION_BOGUS_INDEX == pw->fa_conn_list_head[list_id])
176  {
177  pw->fa_conn_list_head[list_id] = sess_id.session_index;
178  /* set the head expiry time because it is the first element */
179  pw->fa_conn_list_head_expiry_time[list_id] =
180  now + fa_session_get_timeout (am, sess);
181  }
182 }
183 
184 static int
186  fa_full_session_id_t sess_id, u64 now)
187 {
188  uword thread_index = os_get_thread_index ();
189  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
190  if (thread_index != sess_id.thread_index)
191  {
192  /* If another thread attempts to delete the session, fail it. */
193 #ifdef FA_NODE_VERBOSE_DEBUG
194  clib_warning ("thread id in key %d != curr thread index, not deleting");
195 #endif
196  return 0;
197  }
198  fa_session_t *sess =
199  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
200  u64 next_expiry_time = ~0ULL;
201  /* we should never try to delete the session with another thread index */
202  if (sess->thread_index != os_get_thread_index ())
203  {
204  clib_error
205  ("Attempting to delete session belonging to thread %d by thread %d",
206  sess->thread_index, thread_index);
207  }
209  {
210  fa_session_t *prev_sess =
211  get_session_ptr (am, thread_index, sess->link_prev_idx);
212  /* the previous session must be in the same list as this one */
213  ASSERT (prev_sess->link_list_id == sess->link_list_id);
214  prev_sess->link_next_idx = sess->link_next_idx;
215  }
217  {
218  fa_session_t *next_sess =
219  get_session_ptr (am, thread_index, sess->link_next_idx);
220  /* The next session must be in the same list as the one we are deleting */
221  ASSERT (next_sess->link_list_id == sess->link_list_id);
222  next_sess->link_prev_idx = sess->link_prev_idx;
223  next_expiry_time = now + fa_session_get_timeout (am, next_sess);
224  }
225  if (pw->fa_conn_list_head[sess->link_list_id] == sess_id.session_index)
226  {
227  pw->fa_conn_list_head[sess->link_list_id] = sess->link_next_idx;
229  next_expiry_time;
230  }
231  if (pw->fa_conn_list_tail[sess->link_list_id] == sess_id.session_index)
232  {
233  pw->fa_conn_list_tail[sess->link_list_id] = sess->link_prev_idx;
234  }
235  return 1;
236 }
237 
238 always_inline int
240  fa_full_session_id_t sess_id)
241 {
242  if (acl_fa_conn_list_delete_session (am, sess_id, now))
243  {
244  acl_fa_conn_list_add_session (am, sess_id, now);
245  return 1;
246  }
247  else
248  {
249  /*
250  * Our thread does not own this connection, so we can not requeue
251  * The session. So we post the signal to the owner.
252  */
254  sess_id.session_index,
256  return 0;
257  }
258 }
259 
260 always_inline int
262 {
263  return (p5t->l3_zero_pad[0] | p5t->
264  l3_zero_pad[1] | p5t->l3_zero_pad[2] | p5t->l3_zero_pad[3] | p5t->
265  l3_zero_pad[4] | p5t->l3_zero_pad[5]) != 0;
266 }
267 
268 
269 
270 
273  fa_session_t * sess, fa_5tuple_t * pkt_5tuple)
274 {
275  sess->last_active_time = now;
276  if (pkt_5tuple->pkt.tcp_flags_valid)
277  {
278  sess->tcp_flags_seen.as_u8[is_input] |= pkt_5tuple->pkt.tcp_flags;
279  }
280  return 3;
281 }
282 
284 reverse_l4_u64_fastpath (u64 l4, int is_ip6)
285 {
286  fa_session_l4_key_t l4i = {.as_u64 = l4 };
288 
289  l4o.port[1] = l4i.port[0];
290  l4o.port[0] = l4i.port[1];
291 
293  l4o.is_input = 1 - l4i.is_input;
294  return l4o.as_u64;
295 }
296 
297 always_inline int
298 reverse_l4_u64_slowpath_valid (u64 l4, int is_ip6, u64 * out)
299 {
300  fa_session_l4_key_t l4i = {.as_u64 = l4 };
302 
303  if (l4i.proto == icmp_protos[is_ip6])
304  {
305  static const u8 *icmp_invmap[] = { icmp4_invmap, icmp6_invmap };
306  static const u8 *icmp_valid_new[] =
308  static const u8 icmp_invmap_size[] = { sizeof (icmp4_invmap),
309  sizeof (icmp6_invmap)
310  };
311  static const u8 icmp_valid_new_size[] = { sizeof (icmp4_valid_new),
312  sizeof (icmp6_valid_new)
313  };
314  int type = is_ip6 ? l4i.port[0] - 128 : l4i.port[0];
315 
317  l4o.port[0] = l4i.port[0];
318  l4o.port[1] = l4i.port[1];
319 
320 
321  /*
322  * ONLY ICMP messages defined in icmp4_valid_new/icmp6_valid_new table
323  * are allowed to create stateful ACL.
324  * The other messages will be forwarded without creating a reverse session.
325  */
326 
327  int valid_reverse_sess = (type >= 0
328  && (type <= icmp_valid_new_size[is_ip6])
329  && (icmp_valid_new[is_ip6][type])
330  && (type <= icmp_invmap_size[is_ip6])
331  && icmp_invmap[is_ip6][type]);
332  if (valid_reverse_sess)
333  {
334  l4o.is_input = 1 - l4i.is_input;
335  l4o.port[0] = icmp_invmap[is_ip6][type] - 1;
336  }
337 
338  *out = l4o.as_u64;
339  return valid_reverse_sess;
340  }
341  else
342  *out = reverse_l4_u64_fastpath (l4, is_ip6);
343 
344  return 1;
345 }
346 
347 always_inline void
349  clib_bihash_kv_40_8_t * pkv, int is_add)
350 {
352  kv2.key[0] = pkv->key[2];
353  kv2.key[1] = pkv->key[3];
354  kv2.key[2] = pkv->key[0];
355  kv2.key[3] = pkv->key[1];
356  /* the last u64 needs special treatment (ports, etc.) so we do it last */
357  kv2.value = pkv->value;
358  if (PREDICT_FALSE (((fa_session_l4_key_t) pkv->key[4]).is_slowpath))
359  {
360  if (reverse_l4_u64_slowpath_valid (pkv->key[4], 1, &kv2.key[4]))
361  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash, &kv2, is_add);
362  }
363  else
364  {
365  kv2.key[4] = reverse_l4_u64_fastpath (pkv->key[4], 1);
366  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash, &kv2, is_add);
367  }
368 }
369 
370 always_inline void
372  clib_bihash_kv_16_8_t * pkv, int is_add)
373 {
375  kv2.key[0] =
376  ((pkv->key[0] & 0xffffffff) << 32) | ((pkv->key[0] >> 32) & 0xffffffff);
377  /* the last u64 needs special treatment (ports, etc.) so we do it last */
378  kv2.value = pkv->value;
379  if (PREDICT_FALSE (((fa_session_l4_key_t) pkv->key[1]).is_slowpath))
380  {
381  if (reverse_l4_u64_slowpath_valid (pkv->key[1], 0, &kv2.key[1]))
382  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash, &kv2, is_add);
383  }
384  else
385  {
386  kv2.key[1] = reverse_l4_u64_fastpath (pkv->key[1], 0);
387  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash, &kv2, is_add);
388  }
389 }
390 
391 always_inline void
393  fa_full_session_id_t sess_id)
394 {
395  fa_session_t *sess =
396  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
398  void *oldheap = clib_mem_set_heap (am->acl_mheap);
399  if (sess->is_ip6)
400  {
401  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash,
402  &sess->info.kv_40_8, 0);
403  reverse_session_add_del_ip6 (am, &sess->info.kv_40_8, 0);
404  }
405  else
406  {
407  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash,
408  &sess->info.kv_16_8, 0);
409  reverse_session_add_del_ip4 (am, &sess->info.kv_16_8, 0);
410  }
411 
412  sess->deleted = 1;
414  clib_mem_set_heap (oldheap);
415 }
416 
417 always_inline void
419  fa_full_session_id_t sess_id)
420 {
421  if (sess_id.thread_index != os_get_thread_index ())
422  {
423  clib_error
424  ("Attempting to delete session belonging to thread %d by thread %d",
425  sess_id.thread_index, os_get_thread_index ());
426  }
427  void *oldheap = clib_mem_set_heap (am->acl_mheap);
430  /* Deleting from timer structures not needed,
431  as the caller must have dealt with the timers. */
432  vec_validate (pw->fa_session_dels_by_sw_if_index, sw_if_index);
433  clib_mem_set_heap (oldheap);
436 }
437 
438 always_inline int
440  fa_full_session_id_t sess_id, u64 now)
441 {
442  fa_session_t *sess =
443  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
444  if (sess->deleted)
445  {
446  acl_fa_put_session (am, sw_if_index, sess_id);
447  return 1;
448  }
449  else
450  {
451  acl_fa_deactivate_session (am, sw_if_index, sess_id);
452  acl_fa_conn_list_add_session (am, sess_id, now);
453  return 0;
454  }
455 }
456 
457 always_inline int
459 {
460  u64 curr_sess_count;
461  curr_sess_count = am->fa_session_total_adds - am->fa_session_total_dels;
462  return (curr_sess_count + vec_len (vlib_mains) <
464 }
465 
466 
467 always_inline void
468 acl_fa_try_recycle_session (acl_main_t * am, int is_input, u16 thread_index,
469  u32 sw_if_index, u64 now)
470 {
471  /* try to recycle a TCP transient session */
472  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
473  fa_full_session_id_t volatile sess_id;
474  int n_recycled = 0;
475 
476  /* clean up sessions from purgatory, if we can */
478  while ((FA_SESSION_BOGUS_INDEX != sess_id.session_index)
479  && n_recycled < am->fa_max_deleted_sessions_per_interval)
480  {
481  sess_id.thread_index = thread_index;
482  fa_session_t *sess =
483  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
484  if (sess->link_enqueue_time + fa_session_get_timeout (am, sess) < now)
485  {
486  acl_fa_conn_list_delete_session (am, sess_id, now);
487  /* interface that needs the sessions may not be the interface of the session. */
488  acl_fa_put_session (am, sess->sw_if_index, sess_id);
489  n_recycled++;
490  }
491  else
492  break; /* too early to try to recycle from here, bail out */
494  }
496  if (FA_SESSION_BOGUS_INDEX != sess_id.session_index)
497  {
498  sess_id.thread_index = thread_index;
499  acl_fa_conn_list_delete_session (am, sess_id, now);
500  acl_fa_deactivate_session (am, sw_if_index, sess_id);
501  /* this goes to purgatory list */
502  acl_fa_conn_list_add_session (am, sess_id, now);
503  }
504 }
505 
506 
508 acl_fa_add_session (acl_main_t * am, int is_input, int is_ip6,
509  u32 sw_if_index, u64 now, fa_5tuple_t * p5tuple,
510  u16 current_policy_epoch)
511 {
512  fa_full_session_id_t f_sess_id;
513  uword thread_index = os_get_thread_index ();
514  void *oldheap = clib_mem_set_heap (am->acl_mheap);
515  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
516 
517  f_sess_id.thread_index = thread_index;
518  fa_session_t *sess;
519 
520  if (f_sess_id.as_u64 == ~0)
521  {
522  clib_error ("Adding session with invalid value");
523  }
524 
526  f_sess_id.session_index = sess - pw->fa_sessions_pool;
527  f_sess_id.intf_policy_epoch = current_policy_epoch;
528 
529  if (is_ip6)
530  {
531  sess->info.kv_40_8.key[0] = p5tuple->kv_40_8.key[0];
532  sess->info.kv_40_8.key[1] = p5tuple->kv_40_8.key[1];
533  sess->info.kv_40_8.key[2] = p5tuple->kv_40_8.key[2];
534  sess->info.kv_40_8.key[3] = p5tuple->kv_40_8.key[3];
535  sess->info.kv_40_8.key[4] = p5tuple->kv_40_8.key[4];
536  sess->info.kv_40_8.value = f_sess_id.as_u64;
537  }
538  else
539  {
540  sess->info.kv_16_8.key[0] = p5tuple->kv_16_8.key[0];
541  sess->info.kv_16_8.key[1] = p5tuple->kv_16_8.key[1];
542  sess->info.kv_16_8.value = f_sess_id.as_u64;
543  }
544 
545  sess->last_active_time = now;
546  sess->sw_if_index = sw_if_index;
547  sess->tcp_flags_seen.as_u16 = 0;
548  sess->thread_index = thread_index;
552  sess->deleted = 0;
553  sess->is_ip6 = is_ip6;
554 
555  acl_fa_conn_list_add_session (am, f_sess_id, now);
556 
558  if (is_ip6)
559  {
560  reverse_session_add_del_ip6 (am, &sess->info.kv_40_8, 1);
561  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash,
562  &sess->info.kv_40_8, 1);
563  }
564  else
565  {
566  reverse_session_add_del_ip4 (am, &sess->info.kv_16_8, 1);
567  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash,
568  &sess->info.kv_16_8, 1);
569  }
570 
571  vec_validate (pw->fa_session_adds_by_sw_if_index, sw_if_index);
572  clib_mem_set_heap (oldheap);
575  return sess;
576 }
577 
578 always_inline int
579 acl_fa_find_session (acl_main_t * am, int is_ip6, u32 sw_if_index0,
580  fa_5tuple_t * p5tuple, u64 * pvalue_sess)
581 {
582  int res = 0;
583  if (is_ip6)
584  {
585  clib_bihash_kv_40_8_t kv_result;
586  res = (clib_bihash_search_inline_2_40_8
587  (&am->fa_ip6_sessions_hash, &p5tuple->kv_40_8, &kv_result) == 0);
588  *pvalue_sess = kv_result.value;
589  }
590  else
591  {
592  clib_bihash_kv_16_8_t kv_result;
593  res = (clib_bihash_search_inline_2_16_8
594  (&am->fa_ip4_sessions_hash, &p5tuple->kv_16_8, &kv_result) == 0);
595  *pvalue_sess = kv_result.value;
596  }
597  return res;
598 }
599 
600 /*
601  * fd.io coding-style-patch-verification: ON
602  *
603  * Local Variables:
604  * eval: (c-set-style "gnu")
605  * End:
606  */
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:437
static u8 icmp_protos[]
#define TCP_FLAGS_ACKSYN
Definition: fa_node.h:21
static fa_session_t * acl_fa_add_session(acl_main_t *am, int is_input, int is_ip6, u32 sw_if_index, u64 now, fa_5tuple_t *p5tuple, u16 current_policy_epoch)
u32 session_timeout_sec[ACL_N_TIMEOUTS]
Definition: acl.h:247
uword * fa_out_acl_on_sw_if_index
Definition: acl.h:239
#define FA_SESSION_BOGUS_INDEX
Definition: fa_node.h:143
static const u8 icmp6_valid_new[]
static int acl_fa_conn_list_delete_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
fa_session_l4_key_t l4
Definition: fa_node.h:71
clib_bihash_40_8_t fa_ip6_sessions_hash
Definition: acl.h:242
fa_packet_info_t pkt
Definition: fa_node.h:73
#define SESSION_PURGATORY_TIMEOUT_USEC
Definition: acl.h:43
uword * fa_in_acl_on_sw_if_index
Definition: acl.h:238
#define clib_error(format, args...)
Definition: error.h:62
static void acl_fa_deactivate_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
void aclp_post_session_change_request(acl_main_t *am, u32 target_thread, u32 target_session, acl_fa_sess_req_t request_type)
unsigned long u64
Definition: types.h:89
static void acl_fa_conn_list_add_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
f64 clocks_per_second
Definition: time.h:53
#define TCP_FLAGS_RSTFINACKSYN
Definition: fa_node.h:20
fa_5tuple_t info
Definition: fa_node.h:83
static int acl_fa_ifc_has_sessions(acl_main_t *am, int sw_if_index0)
static int reverse_l4_u64_slowpath_valid(u64 l4, int is_ip6, u64 *out)
static int acl_fa_two_stage_delete_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id, u64 now)
static uword * clib_bitmap_set(uword *ai, uword i, uword value)
Sets the ith bit of a bitmap to new_value Removes trailing zeros from the bitmap. ...
Definition: bitmap.h:167
fa_session_t * fa_sessions_pool
Definition: fa_node.h:147
clib_time_t clib_time
Definition: main.h:63
u8 link_list_id
Definition: fa_node.h:94
static void reverse_session_add_del_ip4(acl_main_t *am, clib_bihash_kv_16_8_t *pkv, int is_add)
vlib_main_t ** vlib_mains
Definition: buffer.c:303
unsigned char u8
Definition: types.h:56
#define pool_len(p)
Number of elements in pool vector.
Definition: pool.h:140
static fa_session_t * get_session_ptr(acl_main_t *am, u16 thread_index, u32 session_index)
u8 deleted
Definition: fa_node.h:95
static int acl_fa_ifc_has_in_acl(acl_main_t *am, int sw_if_index0)
#define clib_smp_atomic_add(addr, increment)
Definition: smp.h:46
u32 link_prev_idx
Definition: fa_node.h:92
u32 sw_if_index
Definition: vxlan_gbp.api:39
#define always_inline
Definition: clib.h:94
u64 fa_conn_table_max_entries
Definition: acl.h:276
unsigned int u32
Definition: types.h:88
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:464
u32 l3_zero_pad[6]
Definition: fa_node.h:66
static void acl_fa_try_recycle_session(acl_main_t *am, int is_input, u16 thread_index, u32 sw_if_index, u64 now)
unsigned short u16
Definition: types.h:57
#define PREDICT_FALSE(x)
Definition: clib.h:107
u64 last_active_time
Definition: fa_node.h:84
u64 * fa_conn_list_head_expiry_time
Definition: fa_node.h:158
u64 * fa_session_adds_by_sw_if_index
Definition: fa_node.h:161
u64 * fa_session_dels_by_sw_if_index
Definition: fa_node.h:160
#define pool_get_aligned(P, E, A)
Allocate an object E from a pool P (general version).
Definition: pool.h:188
static u64 fa_session_get_timeout(acl_main_t *am, fa_session_t *sess)
static u64 reverse_l4_u64_fastpath(u64 l4, int is_ip6)
u64 fa_session_total_adds
Definition: acl.h:249
clib_bihash_kv_40_8_t kv_40_8
Definition: fa_node.h:75
static void * clib_mem_set_heap(void *heap)
Definition: mem.h:261
#define clib_warning(format, args...)
Definition: error.h:59
u32 sw_if_index
Definition: fa_node.h:85
static uword clib_bitmap_get(uword *ai, uword i)
Gets the ith bit value from a bitmap.
Definition: bitmap.h:197
static int acl_fa_restart_timer_for_session(acl_main_t *am, u64 now, fa_full_session_id_t sess_id)
static int acl_fa_find_session(acl_main_t *am, int is_ip6, u32 sw_if_index0, fa_5tuple_t *p5tuple, u64 *pvalue_sess)
u8 as_u8[2]
Definition: fa_node.h:87
static int fa_session_get_timeout_type(acl_main_t *am, fa_session_t *sess)
#define pool_put_index(p, i)
Free pool element with given index.
Definition: pool.h:299
#define ASSERT(truth)
u8 tcp_flags_valid
Definition: fa_node.h:33
static const u8 icmp6_invmap[]
static int acl_fa_can_add_session(acl_main_t *am, int is_input, u32 sw_if_index)
clib_bihash_kv_16_8_t kv_16_8
Definition: fa_node.h:78
uword * serviced_sw_if_index_bitmap
Definition: fa_node.h:181
u32 link_next_idx
Definition: fa_node.h:93
u16 as_u16
Definition: fa_node.h:88
static void reverse_session_add_del_ip6(acl_main_t *am, clib_bihash_kv_40_8_t *pkv, int is_add)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
acl_fa_per_worker_data_t * per_worker_data
Definition: acl.h:305
u64 uword
Definition: types.h:112
static_always_inline uword os_get_thread_index(void)
Definition: os.h:62
static const u8 icmp4_valid_new[]
void * acl_mheap
Definition: acl.h:130
u16 thread_index
Definition: fa_node.h:89
static int is_valid_session_ptr(acl_main_t *am, u16 thread_index, fa_session_t *sess)
static u8 acl_fa_track_session(acl_main_t *am, int is_input, u32 sw_if_index, u64 now, fa_session_t *sess, fa_5tuple_t *pkt_5tuple)
static int is_ip6_5tuple(fa_5tuple_t *p5t)
union fa_session_t::@388 tcp_flags_seen
u64 fa_session_total_deactivations
Definition: acl.h:252
static void acl_fa_put_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
static const u8 icmp4_invmap[]
clib_bihash_16_8_t fa_ip4_sessions_hash
Definition: acl.h:243
static int acl_fa_ifc_has_out_acl(acl_main_t *am, int sw_if_index0)
int fa_sessions_hash_is_initialized
Definition: acl.h:241
u64 link_enqueue_time
Definition: fa_node.h:91
u64 fa_session_total_dels
Definition: acl.h:250
foreach_fa_cleaner_counter vlib_main_t * vlib_main
Definition: acl.h:327