19 [ICMP4_echo_request] = ICMP4_echo_reply + 1,
20 [ICMP4_timestamp_request] = ICMP4_timestamp_reply + 1,
21 [ICMP4_information_request] = ICMP4_information_reply + 1,
22 [ICMP4_address_mask_request] = ICMP4_address_mask_reply + 1
27 [ICMP4_echo_request] = 1,
28 [ICMP4_timestamp_request] = 1,
29 [ICMP4_information_request] = 1,
30 [ICMP4_address_mask_request] = 1
35 [ICMP6_echo_request - 128] = ICMP6_echo_reply + 1,
36 [ICMP6_node_information_request - 128] = ICMP6_node_information_response + 1
41 [ICMP6_echo_request - 128] = 1,
42 [ICMP6_node_information_request - 128] = 1
167 #ifdef FA_NODE_VERBOSE_DEBUG 169 (
"FA-SESSION-DEBUG: add session id %d on thread %d sw_if_index %d",
193 #ifdef FA_NODE_VERBOSE_DEBUG 194 clib_warning (
"thread id in key %d != curr thread index, not deleting");
200 u64 next_expiry_time = ~0ULL;
205 (
"Attempting to delete session belonging to thread %d by thread %d",
306 static const u8 *icmp_valid_new[] =
309 sizeof (icmp6_invmap)
312 sizeof (icmp6_valid_new)
314 int type = is_ip6 ? l4i.
port[0] - 128 : l4i.
port[0];
327 int valid_reverse_sess = (type >= 0
328 && (type <= icmp_valid_new_size[is_ip6])
329 && (icmp_valid_new[is_ip6][type])
330 && (type <= icmp_invmap_size[is_ip6])
331 && icmp_invmap[is_ip6][type]);
332 if (valid_reverse_sess)
335 l4o.
port[0] = icmp_invmap[is_ip6][type] - 1;
339 return valid_reverse_sess;
376 ((pkv->
key[0] & 0xffffffff) << 32) | ((pkv->
key[0] >> 32) & 0xffffffff);
424 (
"Attempting to delete session belonging to thread %d by thread %d",
479 && n_recycled < am->fa_max_deleted_sessions_per_interval)
510 u16 current_policy_epoch)
520 if (f_sess_id.
as_u64 == ~0)
522 clib_error (
"Adding session with invalid value");
586 res = (clib_bihash_search_inline_2_40_8
588 *pvalue_sess = kv_result.
value;
593 res = (clib_bihash_search_inline_2_16_8
595 *pvalue_sess = kv_result.
value;
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
static fa_session_t * acl_fa_add_session(acl_main_t *am, int is_input, int is_ip6, u32 sw_if_index, u64 now, fa_5tuple_t *p5tuple, u16 current_policy_epoch)
u32 session_timeout_sec[ACL_N_TIMEOUTS]
uword * fa_out_acl_on_sw_if_index
#define FA_SESSION_BOGUS_INDEX
static const u8 icmp6_valid_new[]
static int acl_fa_conn_list_delete_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
clib_bihash_40_8_t fa_ip6_sessions_hash
#define SESSION_PURGATORY_TIMEOUT_USEC
uword * fa_in_acl_on_sw_if_index
#define clib_error(format, args...)
static void acl_fa_deactivate_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
void aclp_post_session_change_request(acl_main_t *am, u32 target_thread, u32 target_session, acl_fa_sess_req_t request_type)
static void acl_fa_conn_list_add_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
#define TCP_FLAGS_RSTFINACKSYN
static int acl_fa_ifc_has_sessions(acl_main_t *am, int sw_if_index0)
static int reverse_l4_u64_slowpath_valid(u64 l4, int is_ip6, u64 *out)
static int acl_fa_two_stage_delete_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id, u64 now)
static uword * clib_bitmap_set(uword *ai, uword i, uword value)
Sets the ith bit of a bitmap to new_value Removes trailing zeros from the bitmap. ...
fa_session_t * fa_sessions_pool
static void reverse_session_add_del_ip4(acl_main_t *am, clib_bihash_kv_16_8_t *pkv, int is_add)
vlib_main_t ** vlib_mains
#define pool_len(p)
Number of elements in pool vector.
static fa_session_t * get_session_ptr(acl_main_t *am, u16 thread_index, u32 session_index)
static int acl_fa_ifc_has_in_acl(acl_main_t *am, int sw_if_index0)
#define clib_smp_atomic_add(addr, increment)
u64 fa_conn_table_max_entries
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static void acl_fa_try_recycle_session(acl_main_t *am, int is_input, u16 thread_index, u32 sw_if_index, u64 now)
u64 * fa_conn_list_head_expiry_time
u64 * fa_session_adds_by_sw_if_index
u64 * fa_session_dels_by_sw_if_index
#define pool_get_aligned(P, E, A)
Allocate an object E from a pool P (general version).
static u64 fa_session_get_timeout(acl_main_t *am, fa_session_t *sess)
static u64 reverse_l4_u64_fastpath(u64 l4, int is_ip6)
u64 fa_session_total_adds
clib_bihash_kv_40_8_t kv_40_8
static void * clib_mem_set_heap(void *heap)
#define clib_warning(format, args...)
static uword clib_bitmap_get(uword *ai, uword i)
Gets the ith bit value from a bitmap.
static int acl_fa_restart_timer_for_session(acl_main_t *am, u64 now, fa_full_session_id_t sess_id)
static int acl_fa_find_session(acl_main_t *am, int is_ip6, u32 sw_if_index0, fa_5tuple_t *p5tuple, u64 *pvalue_sess)
static int fa_session_get_timeout_type(acl_main_t *am, fa_session_t *sess)
#define pool_put_index(p, i)
Free pool element with given index.
static const u8 icmp6_invmap[]
static int acl_fa_can_add_session(acl_main_t *am, int is_input, u32 sw_if_index)
clib_bihash_kv_16_8_t kv_16_8
uword * serviced_sw_if_index_bitmap
static void reverse_session_add_del_ip6(acl_main_t *am, clib_bihash_kv_40_8_t *pkv, int is_add)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
acl_fa_per_worker_data_t * per_worker_data
static_always_inline uword os_get_thread_index(void)
static const u8 icmp4_valid_new[]
static int is_valid_session_ptr(acl_main_t *am, u16 thread_index, fa_session_t *sess)
static u8 acl_fa_track_session(acl_main_t *am, int is_input, u32 sw_if_index, u64 now, fa_session_t *sess, fa_5tuple_t *pkt_5tuple)
static int is_ip6_5tuple(fa_5tuple_t *p5t)
union fa_session_t::@388 tcp_flags_seen
u64 fa_session_total_deactivations
static void acl_fa_put_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
#define CLIB_CACHE_LINE_BYTES
static const u8 icmp4_invmap[]
clib_bihash_16_8_t fa_ip4_sessions_hash
static int acl_fa_ifc_has_out_acl(acl_main_t *am, int sw_if_index0)
int fa_sessions_hash_is_initialized
u64 fa_session_total_dels
foreach_fa_cleaner_counter vlib_main_t * vlib_main