35 s =
format (s,
"%s: sw_if_index %d, next_index %d, table %d, offset %d",
36 is_output ?
"OUTACL" :
"INACL",
58 #define foreach_ip_inacl_error \ 59 _(MISS, "input ACL misses") \ 60 _(HIT, "input ACL hits") \ 61 _(CHAIN_HIT, "input ACL hits after chain walk") 63 #define foreach_ip_outacl_error \ 64 _(MISS, "output ACL misses") \ 65 _(HIT, "output ACL hits") \ 66 _(CHAIN_HIT, "output ACL hits after chain walk") 70 #define _(sym,str) IP_INACL_ERROR_##sym, 77 #define _(sym,string) string, 84 #define _(sym,str) IP_OUTACL_ERROR_##sym, 91 #define _(sym,string) string, 99 int is_ip4,
int is_output)
101 u32 n_left_from, *from, *to_next;
131 while (n_left_from > 2)
136 u32 sw_if_index0, sw_if_index1;
137 u32 table_index0, table_index1;
211 vnet_buffer (b0)->l2_classify.table_index = table_index0;
213 vnet_buffer (b1)->l2_classify.table_index = table_index1;
219 while (n_left_from > 0)
255 vnet_buffer (b0)->l2_classify.table_index = table_index0;
266 while (n_left_from > 0)
273 while (n_left_from > 0 && n_left_to_next > 0)
280 vnet_classify_entry_t *e0;
293 table_index1 =
vnet_buffer (p1)->l2_classify.table_index;
313 table_index0 =
vnet_buffer (b0)->l2_classify.table_index;
345 next0 = (e0->next_index < n_next_nodes) ?
346 e0->next_index : next0;
352 (is_output ? IP4_ERROR_OUTACL_SESSION_DENY :
353 IP4_ERROR_INACL_SESSION_DENY) : IP4_ERROR_NONE;
356 (is_output ? IP6_ERROR_OUTACL_SESSION_DENY :
357 IP6_ERROR_INACL_SESSION_DENY) : IP6_ERROR_NONE;
386 (is_output ? IP4_ERROR_OUTACL_TABLE_MISS :
387 IP4_ERROR_INACL_TABLE_MISS) : IP4_ERROR_NONE;
390 (is_output ? IP6_ERROR_OUTACL_TABLE_MISS :
391 IP6_ERROR_INACL_TABLE_MISS) : IP6_ERROR_NONE;
410 (t0, (
u8 *) h0, hash0, now);
416 next0 = (e0->next_index < n_next_nodes) ?
417 e0->next_index : next0;
423 (is_output ? IP4_ERROR_OUTACL_SESSION_DENY :
424 IP4_ERROR_INACL_SESSION_DENY) : IP4_ERROR_NONE;
427 (is_output ? IP6_ERROR_OUTACL_SESSION_DENY :
428 IP6_ERROR_INACL_SESSION_DENY) : IP6_ERROR_NONE;
439 else if (e0->action ==
451 && (b0->
flags & VLIB_BUFFER_IS_TRACED)))
470 to_next, n_left_to_next,
478 is_output ? IP_OUTACL_ERROR_MISS :
479 IP_INACL_ERROR_MISS, misses);
481 is_output ? IP_OUTACL_ERROR_HIT :
482 IP_INACL_ERROR_HIT, hits);
484 is_output ? IP_OUTACL_ERROR_CHAIN_HIT :
485 IP_INACL_ERROR_CHAIN_HIT, chain_hits);
507 .vector_size =
sizeof (
u32),
519 .name =
"ip4-outacl",
520 .vector_size =
sizeof (
u32),
549 .vector_size =
sizeof (
u32),
561 .name =
"ip6-outacl",
562 .vector_size =
sizeof (
u32),
574 #ifndef CLIB_MARCH_VARIANT u64 vnet_classify_hash_packet(vnet_classify_table_t *t, u8 *h)
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
vlib_node_registration_t ip4_inacl_node
(constructor) VLIB_REGISTER_NODE (ip4_inacl_node)
static u8 * format_ip_in_out_acl_trace(u8 *s, u32 is_output, va_list *args)
u32 * classify_table_index_by_sw_if_index[IN_OUT_ACL_N_TABLE_GROUPS][IN_OUT_ACL_N_TABLES]
static f64 vlib_time_now(vlib_main_t *vm)
static uword ip_in_out_acl_inline(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame, int is_ip4, int is_output)
#define VLIB_NODE_FN(node)
vlib_error_t * errors
Vector of errors for this node.
#define CLASSIFY_FLAG_USE_CURR_DATA
#define VLIB_INIT_FUNCTION(x)
#define vlib_prefetch_buffer_header(b, type)
Prefetch buffer metadata.
#define foreach_ip_outacl_error
vnet_config_main_t * vnet_config_main[IN_OUT_ACL_N_TABLE_GROUPS][IN_OUT_ACL_N_TABLES]
static void vnet_classify_prefetch_bucket(vnet_classify_table_t *t, u64 hash)
static void vnet_classify_prefetch_entry(vnet_classify_table_t *t, u64 hash)
vlib_error_t error
Error code for buffers to be enqueued to error handler.
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
vlib_node_registration_t ip4_input_node
Global ip4 input node.
vlib_node_registration_t ip6_input_node
(constructor) VLIB_REGISTER_NODE (ip6_input_node)
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
static char * ip_inacl_error_strings[]
static void * vnet_get_config_data(vnet_config_main_t *cm, u32 *config_index, u32 *next_index, u32 n_data_bytes)
u32 node_index
Node index.
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
static uword vnet_classify_get_offset(vnet_classify_table_t *t, vnet_classify_entry_t *v)
vlib_node_registration_t ip6_inacl_node
(constructor) VLIB_REGISTER_NODE (ip6_inacl_node)
#define VLIB_REGISTER_NODE(x,...)
#define CLIB_PREFETCH(addr, size, type)
#define foreach_ip_inacl_error
static vlib_node_runtime_t * vlib_node_get_runtime(vlib_main_t *vm, u32 node_index)
Get node runtime by node index.
u32 current_config_index
Used by feature subgraph arcs to visit enabled feature nodes.
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
vlib_node_registration_t ip6_outacl_node
(constructor) VLIB_REGISTER_NODE (ip6_outacl_node)
vlib_main_t vlib_node_runtime_t * node
struct _vnet_classify_main vnet_classify_main_t
u16 cached_next_index
Next frame index that vector arguments were last enqueued to last time this node ran.
static u8 * format_ip_outacl_trace(u8 *s, va_list *args)
static void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
vlib_node_registration_t ip4_outacl_node
(constructor) VLIB_REGISTER_NODE (ip4_outacl_node)
static char * ip_outacl_error_strings[]
static u8 * format_ip_inacl_trace(u8 *s, va_list *args)
struct _vlib_node_registration vlib_node_registration_t
vnet_classify_main_t * vnet_classify_main
vlib_main_t vlib_node_runtime_t vlib_frame_t * frame
VLIB buffer representation.
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
in_out_acl_main_t in_out_acl_main
u16 flags
Copy of main node flags.
void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
#define VLIB_NODE_FLAG_TRACE
#define CLIB_CACHE_LINE_BYTES
static clib_error_t * ip_in_out_acl_init(vlib_main_t *vm)
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
vnet_classify_entry_t * vnet_classify_find_entry(vnet_classify_table_t *t, u8 *h, u64 hash, f64 now)