FD.io VPP  v19.04.4-rc0-5-ge88582fac
Vector Packet Processing
session_inlines.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 
17 /* ICMPv4 invert type for stateful ACL */
18 static const u8 icmp4_invmap[] = {
19  [ICMP4_echo_request] = ICMP4_echo_reply + 1,
20  [ICMP4_timestamp_request] = ICMP4_timestamp_reply + 1,
21  [ICMP4_information_request] = ICMP4_information_reply + 1,
22  [ICMP4_address_mask_request] = ICMP4_address_mask_reply + 1
23 };
24 
25 /* Supported ICMPv4 messages for session creation */
26 static const u8 icmp4_valid_new[] = {
27  [ICMP4_echo_request] = 1,
28  [ICMP4_timestamp_request] = 1,
29  [ICMP4_information_request] = 1,
30  [ICMP4_address_mask_request] = 1
31 };
32 
33 /* ICMPv6 invert type for stateful ACL */
34 static const u8 icmp6_invmap[] = {
35  [ICMP6_echo_request - 128] = ICMP6_echo_reply + 1,
36  [ICMP6_node_information_request - 128] = ICMP6_node_information_response + 1
37 };
38 
39 /* Supported ICMPv6 messages for session creation */
40 static const u8 icmp6_valid_new[] = {
41  [ICMP6_echo_request - 128] = 1,
42  [ICMP6_node_information_request - 128] = 1
43 };
44 
45 /* IP4 and IP6 protocol numbers of ICMP */
46 static u8 icmp_protos[] = { IP_PROTOCOL_ICMP, IP_PROTOCOL_ICMP6 };
47 
48 
49 
50 always_inline int
51 acl_fa_ifc_has_sessions (acl_main_t * am, int sw_if_index0)
52 {
54 }
55 
56 always_inline int
57 acl_fa_ifc_has_in_acl (acl_main_t * am, int sw_if_index0)
58 {
59  int it_has = clib_bitmap_get (am->fa_in_acl_on_sw_if_index, sw_if_index0);
60  return it_has;
61 }
62 
63 always_inline int
64 acl_fa_ifc_has_out_acl (acl_main_t * am, int sw_if_index0)
65 {
66  int it_has = clib_bitmap_get (am->fa_out_acl_on_sw_if_index, sw_if_index0);
67  return it_has;
68 }
69 
70 always_inline int
72 {
73  /* seen both SYNs and ACKs but not FINs means we are in established state */
74  u16 masked_flags =
77  switch (sess->info.l4.proto)
78  {
79  case IPPROTO_TCP:
80  if (((TCP_FLAGS_ACKSYN << 8) + TCP_FLAGS_ACKSYN) == masked_flags)
81  {
82  return ACL_TIMEOUT_TCP_IDLE;
83  }
84  else
85  {
87  }
88  break;
89  case IPPROTO_UDP:
90  return ACL_TIMEOUT_UDP_IDLE;
91  break;
92  default:
93  return ACL_TIMEOUT_UDP_IDLE;
94  }
95 }
96 
97 /*
98  * Get the idle timeout of a session.
99  */
100 
103 {
104  u64 timeout = (am->vlib_main->clib_time.clocks_per_second);
105  if (sess->link_list_id == ACL_TIMEOUT_PURGATORY)
106  {
107  timeout /= (1000000 / SESSION_PURGATORY_TIMEOUT_USEC);
108  }
109  else
110  {
111  int timeout_type = fa_session_get_timeout_type (am, sess);
112  timeout *= am->session_timeout_sec[timeout_type];
113  }
114  return timeout;
115 }
116 
119  u32 session_index)
120 {
121  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
122  return pool_elt_at_index (pw->fa_sessions_pool, session_index);
123 }
124 
125 
127 get_session_ptr (acl_main_t * am, u16 thread_index, u32 session_index)
128 {
129  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
130 
131  if (PREDICT_FALSE (session_index >= vec_len (pw->fa_sessions_pool)))
132  return 0;
133 
134  return pool_elt_at_index (pw->fa_sessions_pool, session_index);
135 }
136 
137 always_inline int
138 is_valid_session_ptr (acl_main_t * am, u16 thread_index, fa_session_t * sess)
139 {
140  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
141  return ((sess != 0)
142  && ((sess - pw->fa_sessions_pool) <
143  pool_len (pw->fa_sessions_pool)));
144 }
145 
146 always_inline void
148  u64 now)
149 {
150  fa_session_t *sess =
151  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
152  u8 list_id =
154  sess);
155  uword thread_index = os_get_thread_index ();
156  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
157  /* the retrieved session thread index must be necessarily the same as the one in the key */
158  ASSERT (sess->thread_index == sess_id.thread_index);
159  /* the retrieved session thread index must be the same as current thread */
160  ASSERT (sess->thread_index == thread_index);
161  sess->link_enqueue_time = now;
162  sess->link_list_id = list_id;
164  sess->link_prev_idx = pw->fa_conn_list_tail[list_id];
165  if (FA_SESSION_BOGUS_INDEX != pw->fa_conn_list_tail[list_id])
166  {
167  fa_session_t *prev_sess =
168  get_session_ptr (am, thread_index, pw->fa_conn_list_tail[list_id]);
169  prev_sess->link_next_idx = sess_id.session_index;
170  /* We should never try to link with a session on another thread */
171  ASSERT (prev_sess->thread_index == sess->thread_index);
172  }
173  pw->fa_conn_list_tail[list_id] = sess_id.session_index;
174 
175 #ifdef FA_NODE_VERBOSE_DEBUG
177  ("FA-SESSION-DEBUG: add session id %d on thread %d sw_if_index %d",
178  sess_id.session_index, thread_index, sess->sw_if_index);
179 #endif
182 
183  if (FA_SESSION_BOGUS_INDEX == pw->fa_conn_list_head[list_id])
184  {
185  pw->fa_conn_list_head[list_id] = sess_id.session_index;
186  /* set the head expiry time because it is the first element */
187  pw->fa_conn_list_head_expiry_time[list_id] =
188  now + fa_session_get_timeout (am, sess);
189  }
190 }
191 
192 static int
194  fa_full_session_id_t sess_id, u64 now)
195 {
196  uword thread_index = os_get_thread_index ();
197  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
198  if (thread_index != sess_id.thread_index)
199  {
200  /* If another thread attempts to delete the session, fail it. */
201 #ifdef FA_NODE_VERBOSE_DEBUG
202  clib_warning ("thread id in key %d != curr thread index, not deleting");
203 #endif
204  return 0;
205  }
206  fa_session_t *sess =
207  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
208  u64 next_expiry_time = ~0ULL;
209  /* we should never try to delete the session with another thread index */
210  if (sess->thread_index != os_get_thread_index ())
211  {
212  clib_error
213  ("Attempting to delete session belonging to thread %d by thread %d",
214  sess->thread_index, thread_index);
215  }
217  {
218  fa_session_t *prev_sess =
219  get_session_ptr (am, thread_index, sess->link_prev_idx);
220  /* the previous session must be in the same list as this one */
221  ASSERT (prev_sess->link_list_id == sess->link_list_id);
222  prev_sess->link_next_idx = sess->link_next_idx;
223  }
225  {
226  fa_session_t *next_sess =
227  get_session_ptr (am, thread_index, sess->link_next_idx);
228  /* The next session must be in the same list as the one we are deleting */
229  ASSERT (next_sess->link_list_id == sess->link_list_id);
230  next_sess->link_prev_idx = sess->link_prev_idx;
231  next_expiry_time = now + fa_session_get_timeout (am, next_sess);
232  }
233  if (pw->fa_conn_list_head[sess->link_list_id] == sess_id.session_index)
234  {
235  pw->fa_conn_list_head[sess->link_list_id] = sess->link_next_idx;
237  next_expiry_time;
238  }
239  if (pw->fa_conn_list_tail[sess->link_list_id] == sess_id.session_index)
240  {
241  pw->fa_conn_list_tail[sess->link_list_id] = sess->link_prev_idx;
242  }
243  return 1;
244 }
245 
246 always_inline int
248  fa_full_session_id_t sess_id)
249 {
250  if (acl_fa_conn_list_delete_session (am, sess_id, now))
251  {
252  acl_fa_conn_list_add_session (am, sess_id, now);
253  return 1;
254  }
255  else
256  {
257  /*
258  * Our thread does not own this connection, so we can not requeue
259  * The session. So we post the signal to the owner.
260  */
262  sess_id.session_index,
264  return 0;
265  }
266 }
267 
268 always_inline int
270 {
271  return (p5t->l3_zero_pad[0] | p5t->
272  l3_zero_pad[1] | p5t->l3_zero_pad[2] | p5t->l3_zero_pad[3] | p5t->
273  l3_zero_pad[4] | p5t->l3_zero_pad[5]) != 0;
274 }
275 
278  fa_session_t * sess, fa_5tuple_t * pkt_5tuple,
279  u32 pkt_len)
280 {
281  sess->last_active_time = now;
282  u8 old_flags = sess->tcp_flags_seen.as_u8[is_input];
283  u8 new_flags = old_flags | pkt_5tuple->pkt.tcp_flags;
284 
285  int flags_need_update = pkt_5tuple->pkt.tcp_flags_valid
286  && (old_flags != new_flags);
287  if (PREDICT_FALSE (flags_need_update))
288  {
289  sess->tcp_flags_seen.as_u8[is_input] = new_flags;
290  }
291  return 3;
292 }
293 
295 reverse_l4_u64_fastpath (u64 l4, int is_ip6)
296 {
297  fa_session_l4_key_t l4i = {.as_u64 = l4 };
299 
300  l4o.port[1] = l4i.port[0];
301  l4o.port[0] = l4i.port[1];
302 
305  return l4o.as_u64;
306 }
307 
308 always_inline int
309 reverse_l4_u64_slowpath_valid (u64 l4, int is_ip6, u64 * out)
310 {
311  fa_session_l4_key_t l4i = {.as_u64 = l4 };
313 
314  if (l4i.proto == icmp_protos[is_ip6])
315  {
316  static const u8 *icmp_invmap[] = { icmp4_invmap, icmp6_invmap };
317  static const u8 *icmp_valid_new[] =
319  static const u8 icmp_invmap_size[] = { sizeof (icmp4_invmap),
320  sizeof (icmp6_invmap)
321  };
322  static const u8 icmp_valid_new_size[] = { sizeof (icmp4_valid_new),
323  sizeof (icmp6_valid_new)
324  };
325  int type = is_ip6 ? l4i.port[0] - 128 : l4i.port[0];
326 
328  l4o.port[0] = l4i.port[0];
329  l4o.port[1] = l4i.port[1];
330 
331 
332  /*
333  * ONLY ICMP messages defined in icmp4_valid_new/icmp6_valid_new table
334  * are allowed to create stateful ACL.
335  * The other messages will be forwarded without creating a reverse session.
336  */
337 
338  int valid_reverse_sess = (type >= 0
339  && (type <= icmp_valid_new_size[is_ip6])
340  && (icmp_valid_new[is_ip6][type])
341  && (type <= icmp_invmap_size[is_ip6])
342  && icmp_invmap[is_ip6][type]);
343  if (valid_reverse_sess)
344  {
346  l4o.port[0] = icmp_invmap[is_ip6][type] - 1;
347  }
348 
349  *out = l4o.as_u64;
350  return valid_reverse_sess;
351  }
352  else
353  *out = reverse_l4_u64_fastpath (l4, is_ip6);
354 
355  return 1;
356 }
357 
358 always_inline void
360  clib_bihash_kv_40_8_t * pkv, int is_add)
361 {
363  kv2.key[0] = pkv->key[2];
364  kv2.key[1] = pkv->key[3];
365  kv2.key[2] = pkv->key[0];
366  kv2.key[3] = pkv->key[1];
367  /* the last u64 needs special treatment (ports, etc.) so we do it last */
368  kv2.value = pkv->value;
370  {
371  if (reverse_l4_u64_slowpath_valid (pkv->key[4], 1, &kv2.key[4]))
372  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash, &kv2, is_add);
373  }
374  else
375  {
376  kv2.key[4] = reverse_l4_u64_fastpath (pkv->key[4], 1);
377  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash, &kv2, is_add);
378  }
379 }
380 
381 always_inline void
383  clib_bihash_kv_16_8_t * pkv, int is_add)
384 {
386  kv2.key[0] =
387  ((pkv->key[0] & 0xffffffff) << 32) | ((pkv->key[0] >> 32) & 0xffffffff);
388  /* the last u64 needs special treatment (ports, etc.) so we do it last */
389  kv2.value = pkv->value;
391  {
392  if (reverse_l4_u64_slowpath_valid (pkv->key[1], 0, &kv2.key[1]))
393  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash, &kv2, is_add);
394  }
395  else
396  {
397  kv2.key[1] = reverse_l4_u64_fastpath (pkv->key[1], 0);
398  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash, &kv2, is_add);
399  }
400 }
401 
402 always_inline void
404  fa_full_session_id_t sess_id)
405 {
406  fa_session_t *sess =
407  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
409  void *oldheap = clib_mem_set_heap (am->acl_mheap);
410  if (sess->is_ip6)
411  {
412  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash,
413  &sess->info.kv_40_8, 0);
414  reverse_session_add_del_ip6 (am, &sess->info.kv_40_8, 0);
415  }
416  else
417  {
418  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash,
419  &sess->info.kv_16_8, 0);
420  reverse_session_add_del_ip4 (am, &sess->info.kv_16_8, 0);
421  }
422 
423  sess->deleted = 1;
425  clib_mem_set_heap (oldheap);
426 }
427 
428 always_inline void
430  fa_full_session_id_t sess_id)
431 {
432  if (sess_id.thread_index != os_get_thread_index ())
433  {
434  clib_error
435  ("Attempting to delete session belonging to thread %d by thread %d",
436  sess_id.thread_index, os_get_thread_index ());
437  }
438  void *oldheap = clib_mem_set_heap (am->acl_mheap);
441  /* Deleting from timer structures not needed,
442  as the caller must have dealt with the timers. */
443  vec_validate (pw->fa_session_dels_by_sw_if_index, sw_if_index);
444  clib_mem_set_heap (oldheap);
447 }
448 
449 always_inline int
451  fa_full_session_id_t sess_id, u64 now)
452 {
453  fa_session_t *sess =
454  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
455  if (sess->deleted)
456  {
457  acl_fa_put_session (am, sw_if_index, sess_id);
458  return 1;
459  }
460  else
461  {
462  acl_fa_deactivate_session (am, sw_if_index, sess_id);
463  acl_fa_conn_list_add_session (am, sess_id, now);
464  return 0;
465  }
466 }
467 
468 always_inline int
470 {
471  u64 curr_sess_count;
472  curr_sess_count = am->fa_session_total_adds - am->fa_session_total_dels;
473  return (curr_sess_count + vec_len (vlib_mains) <
475 }
476 
477 
478 always_inline void
479 acl_fa_try_recycle_session (acl_main_t * am, int is_input, u16 thread_index,
480  u32 sw_if_index, u64 now)
481 {
482  /* try to recycle a TCP transient session */
483  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
484  fa_full_session_id_t volatile sess_id;
485  int n_recycled = 0;
486 
487  /* clean up sessions from purgatory, if we can */
489  while ((FA_SESSION_BOGUS_INDEX != sess_id.session_index)
490  && n_recycled < am->fa_max_deleted_sessions_per_interval)
491  {
492  sess_id.thread_index = thread_index;
493  fa_session_t *sess =
494  get_session_ptr (am, sess_id.thread_index, sess_id.session_index);
495  if (sess->link_enqueue_time + fa_session_get_timeout (am, sess) < now)
496  {
497  acl_fa_conn_list_delete_session (am, sess_id, now);
498  /* interface that needs the sessions may not be the interface of the session. */
499  acl_fa_put_session (am, sess->sw_if_index, sess_id);
500  n_recycled++;
501  }
502  else
503  break; /* too early to try to recycle from here, bail out */
505  }
507  if (FA_SESSION_BOGUS_INDEX != sess_id.session_index)
508  {
509  sess_id.thread_index = thread_index;
510  acl_fa_conn_list_delete_session (am, sess_id, now);
511  acl_fa_deactivate_session (am, sw_if_index, sess_id);
512  /* this goes to purgatory list */
513  acl_fa_conn_list_add_session (am, sess_id, now);
514  }
515 }
516 
517 
519 acl_fa_add_session (acl_main_t * am, int is_input, int is_ip6,
520  u32 sw_if_index, u64 now, fa_5tuple_t * p5tuple,
521  u16 current_policy_epoch)
522 {
523  fa_full_session_id_t f_sess_id;
524  uword thread_index = os_get_thread_index ();
525  void *oldheap = clib_mem_set_heap (am->acl_mheap);
526  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
527 
528  f_sess_id.thread_index = thread_index;
529  fa_session_t *sess;
530 
531  if (f_sess_id.as_u64 == ~0)
532  {
533  clib_error ("Adding session with invalid value");
534  }
535 
537  f_sess_id.session_index = sess - pw->fa_sessions_pool;
538  f_sess_id.intf_policy_epoch = current_policy_epoch;
539 
540  if (is_ip6)
541  {
542  sess->info.kv_40_8.key[0] = p5tuple->kv_40_8.key[0];
543  sess->info.kv_40_8.key[1] = p5tuple->kv_40_8.key[1];
544  sess->info.kv_40_8.key[2] = p5tuple->kv_40_8.key[2];
545  sess->info.kv_40_8.key[3] = p5tuple->kv_40_8.key[3];
546  sess->info.kv_40_8.key[4] = p5tuple->kv_40_8.key[4];
547  sess->info.kv_40_8.value = f_sess_id.as_u64;
548  }
549  else
550  {
551  sess->info.kv_16_8.key[0] = p5tuple->kv_16_8.key[0];
552  sess->info.kv_16_8.key[1] = p5tuple->kv_16_8.key[1];
553  sess->info.kv_16_8.value = f_sess_id.as_u64;
554  }
555 
556  sess->last_active_time = now;
557  sess->sw_if_index = sw_if_index;
558  sess->tcp_flags_seen.as_u16 = 0;
559  sess->thread_index = thread_index;
563  sess->deleted = 0;
564  sess->is_ip6 = is_ip6;
565 
566  acl_fa_conn_list_add_session (am, f_sess_id, now);
567 
569  if (is_ip6)
570  {
571  reverse_session_add_del_ip6 (am, &sess->info.kv_40_8, 1);
572  clib_bihash_add_del_40_8 (&am->fa_ip6_sessions_hash,
573  &sess->info.kv_40_8, 1);
574  }
575  else
576  {
577  reverse_session_add_del_ip4 (am, &sess->info.kv_16_8, 1);
578  clib_bihash_add_del_16_8 (&am->fa_ip4_sessions_hash,
579  &sess->info.kv_16_8, 1);
580  }
581 
582  vec_validate (pw->fa_session_adds_by_sw_if_index, sw_if_index);
583  clib_mem_set_heap (oldheap);
586  return f_sess_id;
587 }
588 
589 always_inline int
590 acl_fa_find_session (acl_main_t * am, int is_ip6, u32 sw_if_index0,
591  fa_5tuple_t * p5tuple, u64 * pvalue_sess)
592 {
593  int res = 0;
594  if (is_ip6)
595  {
596  clib_bihash_kv_40_8_t kv_result;
597  res = (clib_bihash_search_inline_2_40_8
598  (&am->fa_ip6_sessions_hash, &p5tuple->kv_40_8, &kv_result) == 0);
599  *pvalue_sess = kv_result.value;
600  }
601  else
602  {
603  clib_bihash_kv_16_8_t kv_result;
604  res = (clib_bihash_search_inline_2_16_8
605  (&am->fa_ip4_sessions_hash, &p5tuple->kv_16_8, &kv_result) == 0);
606  *pvalue_sess = kv_result.value;
607  }
608  return res;
609 }
610 
612 acl_fa_make_session_hash (acl_main_t * am, int is_ip6, u32 sw_if_index0,
613  fa_5tuple_t * p5tuple)
614 {
615  if (is_ip6)
616  return clib_bihash_hash_40_8 (&p5tuple->kv_40_8);
617  else
618  return clib_bihash_hash_16_8 (&p5tuple->kv_16_8);
619 }
620 
621 always_inline void
623  u64 hash)
624 {
625  if (is_ip6)
626  clib_bihash_prefetch_bucket_40_8 (&am->fa_ip6_sessions_hash, hash);
627  else
628  clib_bihash_prefetch_bucket_16_8 (&am->fa_ip4_sessions_hash, hash);
629 }
630 
631 always_inline void
633 {
634  if (is_ip6)
635  clib_bihash_prefetch_data_40_8 (&am->fa_ip6_sessions_hash, hash);
636  else
637  clib_bihash_prefetch_data_16_8 (&am->fa_ip4_sessions_hash, hash);
638 }
639 
640 always_inline int
641 acl_fa_find_session_with_hash (acl_main_t * am, int is_ip6, u32 sw_if_index0,
642  u64 hash, fa_5tuple_t * p5tuple,
643  u64 * pvalue_sess)
644 {
645  int res = 0;
646  if (is_ip6)
647  {
648  clib_bihash_kv_40_8_t kv_result;
649  kv_result.value = ~0ULL;
650  res = (clib_bihash_search_inline_2_with_hash_40_8
651  (&am->fa_ip6_sessions_hash, hash, &p5tuple->kv_40_8,
652  &kv_result) == 0);
653  *pvalue_sess = kv_result.value;
654  }
655  else
656  {
657  clib_bihash_kv_16_8_t kv_result;
658  kv_result.value = ~0ULL;
659  res = (clib_bihash_search_inline_2_with_hash_16_8
660  (&am->fa_ip4_sessions_hash, hash, &p5tuple->kv_16_8,
661  &kv_result) == 0);
662  *pvalue_sess = kv_result.value;
663  }
664  return res;
665 }
666 
667 
668 /*
669  * fd.io coding-style-patch-verification: ON
670  *
671  * Local Variables:
672  * eval: (c-set-style "gnu")
673  * End:
674  */
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:439
u32 sw_if_index
Definition: ipsec_gre.api:37
static u8 icmp_protos[]
#define TCP_FLAGS_ACKSYN
Definition: fa_node.h:21
u32 session_timeout_sec[ACL_N_TIMEOUTS]
Definition: acl.h:246
uword * fa_out_acl_on_sw_if_index
Definition: acl.h:238
#define FA_SESSION_BOGUS_INDEX
Definition: fa_node.h:166
static const u8 icmp6_valid_new[]
static int acl_fa_conn_list_delete_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
fa_session_l4_key_t l4
Definition: fa_node.h:81
clib_bihash_40_8_t fa_ip6_sessions_hash
Definition: acl.h:241
fa_packet_info_t pkt
Definition: fa_node.h:83
#define SESSION_PURGATORY_TIMEOUT_USEC
Definition: acl.h:43
uword * fa_in_acl_on_sw_if_index
Definition: acl.h:237
#define clib_error(format, args...)
Definition: error.h:62
static void acl_fa_deactivate_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
void aclp_post_session_change_request(acl_main_t *am, u32 target_thread, u32 target_session, acl_fa_sess_req_t request_type)
unsigned long u64
Definition: types.h:89
static void acl_fa_conn_list_add_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
f64 clocks_per_second
Definition: time.h:53
#define TCP_FLAGS_RSTFINACKSYN
Definition: fa_node.h:20
fa_5tuple_t info
Definition: fa_node.h:106
static int acl_fa_ifc_has_sessions(acl_main_t *am, int sw_if_index0)
static int reverse_l4_u64_slowpath_valid(u64 l4, int is_ip6, u64 *out)
static int acl_fa_two_stage_delete_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id, u64 now)
static uword * clib_bitmap_set(uword *ai, uword i, uword value)
Sets the ith bit of a bitmap to new_value Removes trailing zeros from the bitmap. ...
Definition: bitmap.h:167
fa_session_t * fa_sessions_pool
Definition: fa_node.h:170
clib_time_t clib_time
Definition: main.h:72
u8 link_list_id
Definition: fa_node.h:117
static void reverse_session_add_del_ip4(acl_main_t *am, clib_bihash_kv_16_8_t *pkv, int is_add)
vlib_main_t ** vlib_mains
Definition: buffer.c:321
unsigned char u8
Definition: types.h:56
#define pool_len(p)
Number of elements in pool vector.
Definition: pool.h:140
static fa_session_t * get_session_ptr(acl_main_t *am, u16 thread_index, u32 session_index)
static int acl_fa_ifc_has_in_acl(acl_main_t *am, int sw_if_index0)
u32 link_prev_idx
Definition: fa_node.h:115
#define always_inline
Definition: clib.h:98
u64 fa_conn_table_max_entries
Definition: acl.h:262
unsigned int u32
Definition: types.h:88
static u8 acl_fa_track_session(acl_main_t *am, int is_input, u32 sw_if_index, u64 now, fa_session_t *sess, fa_5tuple_t *pkt_5tuple, u32 pkt_len)
static u64 acl_fa_make_session_hash(acl_main_t *am, int is_ip6, u32 sw_if_index0, fa_5tuple_t *p5tuple)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:514
u32 l3_zero_pad[6]
Definition: fa_node.h:76
static void acl_fa_try_recycle_session(acl_main_t *am, int is_input, u16 thread_index, u32 sw_if_index, u64 now)
unsigned short u16
Definition: types.h:57
#define PREDICT_FALSE(x)
Definition: clib.h:111
static int acl_fa_find_session_with_hash(acl_main_t *am, int is_ip6, u32 sw_if_index0, u64 hash, fa_5tuple_t *p5tuple, u64 *pvalue_sess)
static u64 clib_bihash_hash_40_8(const clib_bihash_kv_40_8_t *v)
Definition: bihash_40_8.h:47
static_always_inline int is_session_l4_key_u64_slowpath(u64 l4key)
Definition: fa_node.h:63
u64 last_active_time
Definition: fa_node.h:107
u64 * fa_conn_list_head_expiry_time
Definition: fa_node.h:181
u64 * fa_session_adds_by_sw_if_index
Definition: fa_node.h:184
u64 * fa_session_dels_by_sw_if_index
Definition: fa_node.h:183
#define pool_get_aligned(P, E, A)
Allocate an object E from a pool P with alignment A.
Definition: pool.h:230
static u64 fa_session_get_timeout(acl_main_t *am, fa_session_t *sess)
static u64 reverse_l4_u64_fastpath(u64 l4, int is_ip6)
u64 fa_session_total_adds
Definition: acl.h:248
clib_bihash_kv_40_8_t kv_40_8
Definition: fa_node.h:85
static fa_full_session_id_t acl_fa_add_session(acl_main_t *am, int is_input, int is_ip6, u32 sw_if_index, u64 now, fa_5tuple_t *p5tuple, u16 current_policy_epoch)
static void * clib_mem_set_heap(void *heap)
Definition: mem.h:261
#define clib_warning(format, args...)
Definition: error.h:59
u32 sw_if_index
Definition: fa_node.h:108
static uword clib_bitmap_get(uword *ai, uword i)
Gets the ith bit value from a bitmap.
Definition: bitmap.h:197
static int acl_fa_restart_timer_for_session(acl_main_t *am, u64 now, fa_full_session_id_t sess_id)
static int acl_fa_find_session(acl_main_t *am, int is_ip6, u32 sw_if_index0, fa_5tuple_t *p5tuple, u64 *pvalue_sess)
u8 as_u8[2]
Definition: fa_node.h:110
static int fa_session_get_timeout_type(acl_main_t *am, fa_session_t *sess)
#define pool_put_index(p, i)
Free pool element with given index.
Definition: pool.h:311
#define ASSERT(truth)
u8 tcp_flags_valid
Definition: fa_node.h:33
u8 is_add
Definition: ipsec_gre.api:36
static const u8 icmp6_invmap[]
static void acl_fa_prefetch_session_bucket_for_hash(acl_main_t *am, int is_ip6, u64 hash)
static int acl_fa_can_add_session(acl_main_t *am, int is_input, u32 sw_if_index)
clib_bihash_kv_16_8_t kv_16_8
Definition: fa_node.h:88
uword * serviced_sw_if_index_bitmap
Definition: fa_node.h:204
u32 link_next_idx
Definition: fa_node.h:116
#define clib_atomic_fetch_add(a, b)
Definition: atomics.h:23
union fa_session_t::@402 tcp_flags_seen
u16 as_u16
Definition: fa_node.h:111
static void reverse_session_add_del_ip6(acl_main_t *am, clib_bihash_kv_40_8_t *pkv, int is_add)
static fa_session_t * get_session_ptr_no_check(acl_main_t *am, u16 thread_index, u32 session_index)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
acl_fa_per_worker_data_t * per_worker_data
Definition: acl.h:291
u64 uword
Definition: types.h:112
static_always_inline uword os_get_thread_index(void)
Definition: os.h:62
static const u8 icmp4_valid_new[]
void * acl_mheap
Definition: acl.h:129
u16 thread_index
Definition: fa_node.h:112
static int is_valid_session_ptr(acl_main_t *am, u16 thread_index, fa_session_t *sess)
static int is_ip6_5tuple(fa_5tuple_t *p5t)
u64 fa_session_total_deactivations
Definition: acl.h:251
static void acl_fa_put_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id)
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
static const u8 icmp4_invmap[]
clib_bihash_16_8_t fa_ip4_sessions_hash
Definition: acl.h:242
static int acl_fa_ifc_has_out_acl(acl_main_t *am, int sw_if_index0)
static void acl_fa_prefetch_session_data_for_hash(acl_main_t *am, int is_ip6, u64 hash)
int fa_sessions_hash_is_initialized
Definition: acl.h:240
static u64 clib_bihash_hash_16_8(clib_bihash_kv_16_8_t *v)
Definition: bihash_16_8.h:46
u64 link_enqueue_time
Definition: fa_node.h:114
u64 fa_session_total_dels
Definition: acl.h:249
foreach_fa_cleaner_counter vlib_main_t * vlib_main
Definition: acl.h:313