FD.io VPP  v18.10-34-gcce845e
Vector Packet Processing
fa_node.h
Go to the documentation of this file.
1 #ifndef _FA_NODE_H_
2 #define _FA_NODE_H_
3 
4 #include <stddef.h>
5 #include <vppinfra/bihash_16_8.h>
6 #include <vppinfra/bihash_40_8.h>
7 
8 #include <plugins/acl/exported_types.h>
9 
10 // #define FA_NODE_VERBOSE_DEBUG 3
11 
12 #define TCP_FLAG_FIN 0x01
13 #define TCP_FLAG_SYN 0x02
14 #define TCP_FLAG_RST 0x04
15 #define TCP_FLAG_PUSH 0x08
16 #define TCP_FLAG_ACK 0x10
17 #define TCP_FLAG_URG 0x20
18 #define TCP_FLAG_ECE 0x40
19 #define TCP_FLAG_CWR 0x80
20 #define TCP_FLAGS_RSTFINACKSYN (TCP_FLAG_RST + TCP_FLAG_FIN + TCP_FLAG_SYN + TCP_FLAG_ACK)
21 #define TCP_FLAGS_ACKSYN (TCP_FLAG_SYN + TCP_FLAG_ACK)
22 
23 #define ACL_FA_CONN_TABLE_DEFAULT_HASH_NUM_BUCKETS (64 * 1024)
24 #define ACL_FA_CONN_TABLE_DEFAULT_HASH_MEMORY_SIZE (1ULL<<30)
25 #define ACL_FA_CONN_TABLE_DEFAULT_MAX_ENTRIES 500000
26 
27 typedef union {
28  u64 as_u64;
29  struct {
30  u32 lc_index;
31  u16 mask_type_index_lsb;
32  u8 tcp_flags;
33  u8 tcp_flags_valid:1;
34  u8 l4_valid:1;
35  u8 is_nonfirst_fragment:1;
36  u8 is_ip6:1;
37  u8 flags_reserved:4;
38  };
39 } fa_packet_info_t;
40 
41 typedef union {
42  u64 as_u64;
43  struct {
44  u16 port[2];
45  union {
46  struct {
47  u8 proto;
48  u8 is_input: 1;
49  u8 is_slowpath: 1;
50  u8 reserved0: 6;
51  u16 lsb_of_sw_if_index;
52  };
53  u32 non_port_l4_data;
54  };
55  };
56 } fa_session_l4_key_t;
57 
58 typedef union {
59  struct {
60  union {
61  struct {
62  /* we put the IPv4 addresses
63  after padding so we can still
64  use them as (shorter) key together with
65  L4 info */
66  u32 l3_zero_pad[6];
67  ip4_address_t ip4_addr[2];
68  };
69  ip6_address_t ip6_addr[2];
70  };
71  fa_session_l4_key_t l4;
72  /* This field should align with u64 value in bihash_40_8 and bihash_16_8 keyvalue struct */
73  fa_packet_info_t pkt;
74  };
75  clib_bihash_kv_40_8_t kv_40_8;
76  struct {
77  u64 padding_for_kv_16_8[3];
78  clib_bihash_kv_16_8_t kv_16_8;
79  };
80 } fa_5tuple_t;
81 
82 typedef struct {
83  fa_5tuple_t info; /* (5+1)*8 = 48 bytes */
84  u64 last_active_time; /* +8 bytes = 56 */
85  u32 sw_if_index; /* +4 bytes = 60 */
86  union {
87  u8 as_u8[2];
88  u16 as_u16;
89  } tcp_flags_seen; ; /* +2 bytes = 62 */
90  u16 thread_index; /* +2 bytes = 64 */
91  u64 link_enqueue_time; /* 8 byte = 8 */
92  u32 link_prev_idx; /* +4 bytes = 12 */
93  u32 link_next_idx; /* +4 bytes = 16 */
94  u8 link_list_id; /* +1 bytes = 17 */
95  u8 deleted; /* +1 bytes = 18 */
96  u8 is_ip6; /* +1 bytes = 19 */
97  u8 reserved1[5]; /* +5 bytes = 24 */
98  u64 reserved2[5]; /* +5*8 bytes = 64 */
99 } fa_session_t;
100 
101 #define FA_POLICY_EPOCH_MASK 0x7fff
102 /* input policy epochs have the MSB set */
103 #define FA_POLICY_EPOCH_IS_INPUT 0x8000
104 
105 
106 /* This structure is used to fill in the u64 value
107  in the per-sw-if-index hash table */
108 typedef struct {
109  union {
110  u64 as_u64;
111  struct {
112  u32 session_index;
113  u16 thread_index;
114  u16 intf_policy_epoch;
115  };
116  };
117 } fa_full_session_id_t;
118 
119 /*
120  * A few compile-time constraints on the size and the layout of the union, to ensure
121  * it makes sense both for bihash and for us.
122  */
123 
124 #define CT_ASSERT_EQUAL(name, x,y) typedef int assert_ ## name ## _compile_time_assertion_failed[((x) == (y))-1]
125 CT_ASSERT_EQUAL(fa_l3_key_size_is_40, offsetof(fa_5tuple_t, pkt), offsetof(clib_bihash_kv_40_8_t, value));
126 CT_ASSERT_EQUAL(fa_ip6_kv_val_at_pkt, offsetof(fa_5tuple_t, pkt), offsetof(fa_5tuple_t, kv_40_8.value));
127 CT_ASSERT_EQUAL(fa_ip4_kv_val_at_pkt, offsetof(fa_5tuple_t, pkt), offsetof(fa_5tuple_t, kv_16_8.value));
128 CT_ASSERT_EQUAL(fa_l4_key_t_is_8, sizeof(fa_session_l4_key_t), sizeof(u64));
129 CT_ASSERT_EQUAL(fa_packet_info_t_is_8, sizeof(fa_packet_info_t), sizeof(u64));
130 CT_ASSERT_EQUAL(fa_l3_kv_size_is_48, sizeof(fa_5tuple_t), sizeof(clib_bihash_kv_40_8_t));
131 CT_ASSERT_EQUAL(fa_ip4_starts_at_kv16_key, offsetof(fa_5tuple_t, ip4_addr), offsetof(fa_5tuple_t, kv_16_8));
132 CT_ASSERT_EQUAL(fa_ip4_and_ip6_kv_value_match, offsetof(fa_5tuple_t, kv_16_8.value), offsetof(fa_5tuple_t, kv_40_8.value));
133 
134 /* Let's try to fit within two cachelines */
135 CT_ASSERT_EQUAL(fa_session_t_size_is_128, sizeof(fa_session_t), 128);
136 
137 /* Session ID MUST be the same as u64 */
138 CT_ASSERT_EQUAL(fa_full_session_id_size_is_64, sizeof(fa_full_session_id_t), sizeof(u64));
139 
140 CT_ASSERT_EQUAL(fa_5tuple_opaque_t_must_match_5tuple, sizeof(fa_5tuple_opaque_t), sizeof(fa_5tuple_t));
141 #undef CT_ASSERT_EQUAL
142 
143 #define FA_SESSION_BOGUS_INDEX ~0
144 
145 typedef struct {
146  /* The pool of sessions managed by this worker */
147  fa_session_t *fa_sessions_pool;
148  /* incoming session change requests from other workers */
149  clib_spinlock_t pending_session_change_request_lock;
150  u64 *pending_session_change_requests;
151  u64 *wip_session_change_requests;
152  u64 rcvd_session_change_requests;
153  u64 sent_session_change_requests;
154  /* per-worker ACL_N_TIMEOUTS of conn lists */
155  u32 *fa_conn_list_head;
156  u32 *fa_conn_list_tail;
157  /* expiry time set whenever an element is enqueued */
158  u64 *fa_conn_list_head_expiry_time;
159  /* adds and deletes per-worker-per-interface */
160  u64 *fa_session_dels_by_sw_if_index;
161  u64 *fa_session_adds_by_sw_if_index;
162  /* sessions deleted due to epoch change */
163  u64 *fa_session_epoch_change_by_sw_if_index;
164  /* Vector of expired connections retrieved from lists */
165  u32 *expired;
166  /* the earliest next expiry time */
167  u64 next_expiry_time;
168  /* if not zero, look at all the elements until their enqueue timestamp is after below one */
169  u64 requeue_until_time;
170  /* Current time between the checks */
171  u64 current_time_wait_interval;
172  /* Counter of how many sessions we did delete */
173  u64 cnt_deleted_sessions;
174  /* Counter of already deleted sessions being deleted - should not increment unless a bug */
175  u64 cnt_already_deleted_sessions;
176  /* Number of times we requeued a session to a head of the list */
177  u64 cnt_session_timer_restarted;
178  /* swipe up to this enqueue time, rather than following the timeouts */
179  u64 swipe_end_time;
180  /* bitmap of sw_if_index serviced by this worker */
181  uword *serviced_sw_if_index_bitmap;
182  /* bitmap of sw_if_indices to clear. set by main thread, cleared by worker */
183  uword *pending_clear_sw_if_index_bitmap;
184  /* atomic, indicates that the swipe-deletion of connections is in progress */
185  u32 clear_in_process;
186  /* Interrupt is pending from main thread */
187  int interrupt_is_pending;
188  /*
189  * Interrupt node on the worker thread sets this if it knows there is
190  * more work to do, but it has to finish to avoid hogging the
191  * core for too long.
192  */
193  int interrupt_is_needed;
194  /*
195  * Set to indicate that the interrupt node wants to get less interrupts
196  * because there is not enough work for the current rate.
197  */
198  int interrupt_is_unwanted;
199  /*
200  * Set to copy of a "generation" counter in main thread so we can sync the interrupts.
201  */
202  int interrupt_generation;
203 } acl_fa_per_worker_data_t;
204 
205 
206 typedef enum {
207  ACL_FA_ERROR_DROP,
208  ACL_FA_N_NEXT,
209 } acl_fa_next_t;
210 
211 
212 enum
213 {
214  ACL_FA_CLEANER_RESCHEDULE = 1,
215  ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX,
216 } acl_fa_cleaner_process_event_e;
217 
218 void acl_fa_enable_disable(u32 sw_if_index, int is_input, int enable_disable);
219 
220 void show_fa_sessions_hash(vlib_main_t * vm, u32 verbose);
221 
222 u8 *format_acl_plugin_5tuple (u8 * s, va_list * args);
223 
224 /* use like: elog_acl_maybe_trace_X1(am, "foobar: %d", "i4", int32_value); */
225 
226 #define elog_acl_maybe_trace_X1(am, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1) \
227 do { \
228  if (am->trace_sessions) { \
229  CLIB_UNUSED(struct { u8 available_space[18 - sizeof(acl_elog_val1)]; } *static_check); \
230  u16 thread_index = os_get_thread_index (); \
231  vlib_worker_thread_t * w = vlib_worker_threads + thread_index; \
232  ELOG_TYPE_DECLARE (e) = \
233  { \
234  .format = "(%02d) " acl_elog_trace_format_label, \
235  .format_args = "i2" acl_elog_trace_format_args, \
236  }; \
237  CLIB_PACKED(struct \
238  { \
239  u16 thread; \
240  typeof(acl_elog_val1) val1; \
241  }) *ed; \
242  ed = ELOG_TRACK_DATA (&vlib_global_main.elog_main, e, w->elog_track); \
243  ed->thread = thread_index; \
244  ed->val1 = acl_elog_val1; \
245  } \
246 } while (0)
247 
248 
249 /* use like: elog_acl_maybe_trace_X2(am, "foobar: %d some u64: %lu", "i4i8", int32_value, int64_value); */
250 
251 #define elog_acl_maybe_trace_X2(am, acl_elog_trace_format_label, acl_elog_trace_format_args, \
252  acl_elog_val1, acl_elog_val2) \
253 do { \
254  if (am->trace_sessions) { \
255  CLIB_UNUSED(struct { u8 available_space[18 - sizeof(acl_elog_val1) - sizeof(acl_elog_val2)]; } *static_check); \
256  u16 thread_index = os_get_thread_index (); \
257  vlib_worker_thread_t * w = vlib_worker_threads + thread_index; \
258  ELOG_TYPE_DECLARE (e) = \
259  { \
260  .format = "(%02d) " acl_elog_trace_format_label, \
261  .format_args = "i2" acl_elog_trace_format_args, \
262  }; \
263  CLIB_PACKED(struct \
264  { \
265  u16 thread; \
266  typeof(acl_elog_val1) val1; \
267  typeof(acl_elog_val2) val2; \
268  }) *ed; \
269  ed = ELOG_TRACK_DATA (&vlib_global_main.elog_main, e, w->elog_track); \
270  ed->thread = thread_index; \
271  ed->val1 = acl_elog_val1; \
272  ed->val2 = acl_elog_val2; \
273  } \
274 } while (0)
275 
276 
277 /* use like: elog_acl_maybe_trace_X3(am, "foobar: %d some u64 %lu baz: %d", "i4i8i4", int32_value, u64_value, int_value); */
278 
279 #define elog_acl_maybe_trace_X3(am, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1, \
280  acl_elog_val2, acl_elog_val3) \
281 do { \
282  if (am->trace_sessions) { \
283  CLIB_UNUSED(struct { u8 available_space[18 - sizeof(acl_elog_val1) - sizeof(acl_elog_val2) \
284  - sizeof(acl_elog_val3)]; } *static_check); \
285  u16 thread_index = os_get_thread_index (); \
286  vlib_worker_thread_t * w = vlib_worker_threads + thread_index; \
287  ELOG_TYPE_DECLARE (e) = \
288  { \
289  .format = "(%02d) " acl_elog_trace_format_label, \
290  .format_args = "i2" acl_elog_trace_format_args, \
291  }; \
292  CLIB_PACKED(struct \
293  { \
294  u16 thread; \
295  typeof(acl_elog_val1) val1; \
296  typeof(acl_elog_val2) val2; \
297  typeof(acl_elog_val3) val3; \
298  }) *ed; \
299  ed = ELOG_TRACK_DATA (&vlib_global_main.elog_main, e, w->elog_track); \
300  ed->thread = thread_index; \
301  ed->val1 = acl_elog_val1; \
302  ed->val2 = acl_elog_val2; \
303  ed->val3 = acl_elog_val3; \
304  } \
305 } while (0)
306 
307 
308 /* use like: elog_acl_maybe_trace_X4(am, "foobar: %d some int %d baz: %d bar: %d", "i4i4i4i4", int32_value, int32_value2, int_value, int_value); */
309 
310 #define elog_acl_maybe_trace_X4(am, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1, \
311  acl_elog_val2, acl_elog_val3, acl_elog_val4) \
312 do { \
313  if (am->trace_sessions) { \
314  CLIB_UNUSED(struct { u8 available_space[18 - sizeof(acl_elog_val1) - sizeof(acl_elog_val2) \
315  - sizeof(acl_elog_val3) -sizeof(acl_elog_val4)]; } *static_check); \
316  u16 thread_index = os_get_thread_index (); \
317  vlib_worker_thread_t * w = vlib_worker_threads + thread_index; \
318  ELOG_TYPE_DECLARE (e) = \
319  { \
320  .format = "(%02d) " acl_elog_trace_format_label, \
321  .format_args = "i2" acl_elog_trace_format_args, \
322  }; \
323  CLIB_PACKED(struct \
324  { \
325  u16 thread; \
326  typeof(acl_elog_val1) val1; \
327  typeof(acl_elog_val2) val2; \
328  typeof(acl_elog_val3) val3; \
329  typeof(acl_elog_val4) val4; \
330  }) *ed; \
331  ed = ELOG_TRACK_DATA (&vlib_global_main.elog_main, e, w->elog_track); \
332  ed->thread = thread_index; \
333  ed->val1 = acl_elog_val1; \
334  ed->val2 = acl_elog_val2; \
335  ed->val3 = acl_elog_val3; \
336  ed->val4 = acl_elog_val4; \
337  } \
338 } while (0)
339 
340 
341 #endif
ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX
Definition: fa_node.h:215
fa_session_l4_key_t::proto
u8 proto
Definition: fa_node.h:47
fa_full_session_id_t::intf_policy_epoch
u16 intf_policy_epoch
Definition: fa_node.h:114
acl_fa_per_worker_data_t::next_expiry_time
u64 next_expiry_time
Definition: fa_node.h:167
acl_fa_per_worker_data_t::pending_clear_sw_if_index_bitmap
uword * pending_clear_sw_if_index_bitmap
Definition: fa_node.h:183
fa_5tuple_t::l4
fa_session_l4_key_t l4
Definition: fa_node.h:71
fa_5tuple_t::pkt
fa_packet_info_t pkt
Definition: fa_node.h:73
fa_session_t::is_ip6
u8 is_ip6
Definition: fa_node.h:96
u64
unsigned long u64
Definition: types.h:89
acl_fa_per_worker_data_t::wip_session_change_requests
u64 * wip_session_change_requests
Definition: fa_node.h:151
fa_session_t::info
fa_5tuple_t info
Definition: fa_node.h:83
fa_session_l4_key_t::non_port_l4_data
u32 non_port_l4_data
Definition: fa_node.h:53
CT_ASSERT_EQUAL
#define CT_ASSERT_EQUAL(name, x, y)
Definition: fa_node.h:124
acl_fa_per_worker_data_t::fa_sessions_pool
fa_session_t * fa_sessions_pool
Definition: fa_node.h:147
fa_session_t::link_list_id
u8 link_list_id
Definition: fa_node.h:94
ACL_FA_ERROR_DROP
Definition: fa_node.h:207
fa_full_session_id_t::thread_index
u16 thread_index
Definition: fa_node.h:113
u8
unsigned char u8
Definition: types.h:56
clib_bihash_kv_40_8_t
Definition: bihash_40_8.h:31
fa_full_session_id_t
Definition: fa_node.h:108
fa_packet_info_t::lc_index
u32 lc_index
Definition: fa_node.h:30
fa_session_l4_key_t::lsb_of_sw_if_index
u16 lsb_of_sw_if_index
Definition: fa_node.h:51
acl_fa_per_worker_data_t::requeue_until_time
u64 requeue_until_time
Definition: fa_node.h:169
fa_session_t::deleted
u8 deleted
Definition: fa_node.h:95
fa_full_session_id_t::session_index
u32 session_index
Definition: fa_node.h:112
acl_fa_per_worker_data_t::rcvd_session_change_requests
u64 rcvd_session_change_requests
Definition: fa_node.h:152
fa_session_t::link_prev_idx
u32 link_prev_idx
Definition: fa_node.h:92
fa_session_l4_key_t::as_u64
u64 as_u64
Definition: fa_node.h:42
sw_if_index
u32 sw_if_index
Definition: vxlan_gbp.api:39
acl_fa_per_worker_data_t::cnt_deleted_sessions
u64 cnt_deleted_sessions
Definition: fa_node.h:173
acl_fa_per_worker_data_t::interrupt_is_needed
int interrupt_is_needed
Definition: fa_node.h:193
acl_fa_per_worker_data_t::cnt_session_timer_restarted
u64 cnt_session_timer_restarted
Definition: fa_node.h:177
u32
unsigned int u32
Definition: types.h:88
ip4_address_t
Definition: ip4_packet.h:49
acl_fa_per_worker_data_t
Definition: fa_node.h:145
u16
unsigned short u16
Definition: types.h:57
acl_fa_per_worker_data_t::fa_session_epoch_change_by_sw_if_index
u64 * fa_session_epoch_change_by_sw_if_index
Definition: fa_node.h:163
acl_fa_per_worker_data_t::fa_conn_list_tail
u32 * fa_conn_list_tail
Definition: fa_node.h:156
fa_session_t::last_active_time
u64 last_active_time
Definition: fa_node.h:84
acl_fa_per_worker_data_t::interrupt_is_unwanted
int interrupt_is_unwanted
Definition: fa_node.h:198
acl_fa_per_worker_data_t::fa_conn_list_head_expiry_time
u64 * fa_conn_list_head_expiry_time
Definition: fa_node.h:158
acl_fa_per_worker_data_t::fa_session_adds_by_sw_if_index
u64 * fa_session_adds_by_sw_if_index
Definition: fa_node.h:161
acl_fa_per_worker_data_t::fa_session_dels_by_sw_if_index
u64 * fa_session_dels_by_sw_if_index
Definition: fa_node.h:160
fa_full_session_id_t::as_u64
u64 as_u64
Definition: fa_node.h:110
acl_fa_cleaner_process_event_e
enum @371 acl_fa_cleaner_process_event_e
acl_fa_per_worker_data_t::sent_session_change_requests
u64 sent_session_change_requests
Definition: fa_node.h:153
vm
vlib_main_t * vm
Definition: buffer.c:294
fa_5tuple_t::kv_40_8
clib_bihash_kv_40_8_t kv_40_8
Definition: fa_node.h:75
acl_fa_enable_disable
void acl_fa_enable_disable(u32 sw_if_index, int is_input, int enable_disable)
Definition: sess_mgmt_node.c:848
acl_fa_next_t
acl_fa_next_t
Definition: fa_node.h:206
fa_session_t::sw_if_index
u32 sw_if_index
Definition: fa_node.h:85
clib_spinlock_t
Definition: lock.h:45
acl_fa_per_worker_data_t::interrupt_is_pending
int interrupt_is_pending
Definition: fa_node.h:187
clib_bihash_kv_16_8_t
Definition: bihash_16_8.h:30
exported_types.h
fa_5tuple_t::kv_16_8
clib_bihash_kv_16_8_t kv_16_8
Definition: fa_node.h:78
bihash_40_8.h
acl_fa_per_worker_data_t::serviced_sw_if_index_bitmap
uword * serviced_sw_if_index_bitmap
Definition: fa_node.h:181
fa_session_t::link_next_idx
u32 link_next_idx
Definition: fa_node.h:93
ACL_FA_N_NEXT
Definition: fa_node.h:208
fa_session_t::as_u16
u16 as_u16
Definition: fa_node.h:88
acl_fa_per_worker_data_t::swipe_end_time
u64 swipe_end_time
Definition: fa_node.h:179
bihash_16_8.h
vlib_main_t
Definition: main.h:59
uword
u64 uword
Definition: types.h:112
format_acl_plugin_5tuple
u8 * format_acl_plugin_5tuple(u8 *s, va_list *args)
Definition: dataplane_node.c:451
ACL_FA_CLEANER_RESCHEDULE
Definition: fa_node.h:214
acl_fa_per_worker_data_t::cnt_already_deleted_sessions
u64 cnt_already_deleted_sessions
Definition: fa_node.h:175
fa_session_l4_key_t
Definition: fa_node.h:41
acl_fa_per_worker_data_t::fa_conn_list_head
u32 * fa_conn_list_head
Definition: fa_node.h:155
acl_fa_per_worker_data_t::expired
u32 * expired
Definition: fa_node.h:165
fa_session_t::thread_index
u16 thread_index
Definition: fa_node.h:89
fa_session_t
Definition: fa_node.h:82
fa_packet_info_t::tcp_flags
u8 tcp_flags
Definition: fa_node.h:32
fa_packet_info_t
Definition: fa_node.h:27
fa_packet_info_t::as_u64
u64 as_u64
Definition: fa_node.h:28
fa_5tuple_opaque_t
Definition: exported_types.h:25
acl_fa_per_worker_data_t::pending_session_change_request_lock
clib_spinlock_t pending_session_change_request_lock
Definition: fa_node.h:149
show_fa_sessions_hash
void show_fa_sessions_hash(vlib_main_t *vm, u32 verbose)
Definition: sess_mgmt_node.c:909
fa_packet_info_t::mask_type_index_lsb
u16 mask_type_index_lsb
Definition: fa_node.h:31
acl_fa_per_worker_data_t::pending_session_change_requests
u64 * pending_session_change_requests
Definition: fa_node.h:150
ip6_address_t
Definition: ip6_packet.h:46
acl_fa_per_worker_data_t::current_time_wait_interval
u64 current_time_wait_interval
Definition: fa_node.h:171
fa_session_t::link_enqueue_time
u64 link_enqueue_time
Definition: fa_node.h:91
acl_fa_per_worker_data_t::clear_in_process
u32 clear_in_process
Definition: fa_node.h:185
acl_fa_per_worker_data_t::interrupt_generation
int interrupt_generation
Definition: fa_node.h:202
fa_5tuple_t
Definition: fa_node.h:58