FD.io VPP  v21.06-3-gbb25fbf28
Vector Packet Processing
dataplane_node.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016-2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include <stddef.h>
16 #include <netinet/in.h>
17 
18 #include <vlib/vlib.h>
19 #include <vnet/vnet.h>
20 #include <vppinfra/error.h>
21 
22 
23 #include <acl/acl.h>
24 #include <vnet/ip/icmp46_packet.h>
25 
26 #include <plugins/acl/fa_node.h>
27 #include <plugins/acl/acl.h>
31 
32 #include <vppinfra/bihash_40_8.h>
34 
35 typedef struct
36 {
42  u64 packet_info[6];
46 
47 /* *INDENT-OFF* */
48 #define foreach_acl_fa_error \
49 _(ACL_DROP, "ACL deny packets") \
50 _(ACL_PERMIT, "ACL permit packets") \
51 _(ACL_NEW_SESSION, "new sessions added") \
52 _(ACL_EXIST_SESSION, "existing session packets") \
53 _(ACL_CHECK, "checked packets") \
54 _(ACL_RESTART_SESSION_TIMER, "restart session timer") \
55 _(ACL_TOO_MANY_SESSIONS, "too many sessions to add new") \
56 /* end of errors */
57 
58 typedef enum
59 {
60 #define _(sym,str) ACL_FA_ERROR_##sym,
62 #undef _
65 
66 /* *INDENT-ON* */
67 
69 get_current_policy_epoch (acl_main_t * am, int is_input, u32 sw_if_index0)
70 {
71  u32 **p_epoch_vec =
72  is_input ? &am->input_policy_epoch_by_sw_if_index :
73  &am->output_policy_epoch_by_sw_if_index;
74  u16 current_policy_epoch =
75  sw_if_index0 < vec_len (*p_epoch_vec) ? vec_elt (*p_epoch_vec,
76  sw_if_index0)
77  : (is_input * FA_POLICY_EPOCH_IS_INPUT);
78  return current_policy_epoch;
79 }
80 
81 always_inline void
83  vlib_buffer_t * b, u32 sw_if_index0, u32 lc_index0,
84  u16 next0, int match_acl_in_index, int match_rule_index,
85  fa_5tuple_t * fa_5tuple, u8 action, u32 trace_bitmap)
86 {
87  if (PREDICT_FALSE (b->flags & VLIB_BUFFER_IS_TRACED))
88  {
89  acl_fa_trace_t *t = vlib_add_trace (vm, node, b, sizeof (*t));
90  t->sw_if_index = sw_if_index0;
91  t->lc_index = lc_index0;
92  t->next_index = next0;
93  t->match_acl_in_index = match_acl_in_index;
94  t->match_rule_index = match_rule_index;
95  t->packet_info[0] = fa_5tuple->kv_40_8.key[0];
96  t->packet_info[1] = fa_5tuple->kv_40_8.key[1];
97  t->packet_info[2] = fa_5tuple->kv_40_8.key[2];
98  t->packet_info[3] = fa_5tuple->kv_40_8.key[3];
99  t->packet_info[4] = fa_5tuple->kv_40_8.key[4];
100  t->packet_info[5] = fa_5tuple->kv_40_8.value;
101  t->action = action;
102  t->trace_bitmap = trace_bitmap;
103  }
104 }
105 
106 
107 always_inline int
110  u32 sw_if_index0, fa_full_session_id_t f_sess_id)
111 {
112  u16 current_policy_epoch =
113  get_current_policy_epoch (am, is_input, sw_if_index0);
114 
115  /* if the MSB of policy epoch matches but not the LSB means it is a stale session */
116  if ((0 ==
117  ((current_policy_epoch ^
118  f_sess_id.intf_policy_epoch) &
120  && (current_policy_epoch != f_sess_id.intf_policy_epoch))
121  {
122  /* delete session and increment the counter */
124  vec_elt (pw->fa_session_epoch_change_by_sw_if_index, sw_if_index0)++;
125  if (acl_fa_conn_list_delete_session (am, f_sess_id, now))
126  {
127  /* delete the session only if we were able to unlink it */
128  acl_fa_two_stage_delete_session (am, sw_if_index0, f_sess_id, now);
129  }
130  return 1;
131  }
132  else
133  return 0;
134 }
135 
136 
137 
138 
139 
140 always_inline void
141 get_sw_if_index_xN (int vector_sz, int is_input, vlib_buffer_t ** b,
142  u32 * out_sw_if_index)
143 {
144  int ii;
145  for (ii = 0; ii < vector_sz; ii++)
146  if (is_input)
147  out_sw_if_index[ii] = vnet_buffer (b[ii])->sw_if_index[VLIB_RX];
148  else
149  out_sw_if_index[ii] = vnet_buffer (b[ii])->sw_if_index[VLIB_TX];
150 }
151 
152 always_inline void
153 fill_5tuple_xN (int vector_sz, acl_main_t * am, int is_ip6, int is_input,
154  int is_l2_path, vlib_buffer_t ** b, u32 * sw_if_index,
155  fa_5tuple_t * out_fa_5tuple)
156 {
157  int ii;
158  for (ii = 0; ii < vector_sz; ii++)
159  acl_fill_5tuple (am, sw_if_index[ii], b[ii], is_ip6,
160  is_input, is_l2_path, &out_fa_5tuple[ii]);
161 }
162 
163 always_inline void
164 make_session_hash_xN (int vector_sz, acl_main_t * am, int is_ip6,
165  u32 * sw_if_index, fa_5tuple_t * fa_5tuple,
166  u64 * out_hash)
167 {
168  int ii;
169  for (ii = 0; ii < vector_sz; ii++)
170  out_hash[ii] =
171  acl_fa_make_session_hash (am, is_ip6, sw_if_index[ii], &fa_5tuple[ii]);
172 }
173 
174 always_inline void
176 {
178  f_sess_id.session_index);
179  CLIB_PREFETCH (sess, 2 * CLIB_CACHE_LINE_BYTES, STORE);
180 }
181 
184  u32 counter_node_index, int is_input, u64 now,
185  fa_full_session_id_t f_sess_id,
186  u32 * sw_if_index, fa_5tuple_t * fa_5tuple,
187  u32 pkt_len, int node_trace_on,
188  u32 * trace_bitmap)
189 {
190  u8 action = 0;
192  f_sess_id.session_index);
193 
194  int old_timeout_type = fa_session_get_timeout_type (am, sess);
195  action =
196  acl_fa_track_session (am, is_input, sw_if_index[0], now,
197  sess, &fa_5tuple[0], pkt_len);
198  int new_timeout_type = fa_session_get_timeout_type (am, sess);
199  /* Tracking might have changed the session timeout type, e.g. from transient to established */
200  if (PREDICT_FALSE (old_timeout_type != new_timeout_type))
201  {
203  vlib_node_increment_counter (vm, counter_node_index,
204  ACL_FA_ERROR_ACL_RESTART_SESSION_TIMER, 1);
205  if (node_trace_on)
206  *trace_bitmap |=
207  0x00010000 + ((0xff & old_timeout_type) << 8) +
208  (0xff & new_timeout_type);
209  }
210  /*
211  * I estimate the likelihood to be very low - the VPP needs
212  * to have >64K interfaces to start with and then on
213  * exactly 64K indices apart needs to be exactly the same
214  * 5-tuple... Anyway, since this probability is nonzero -
215  * print an error and drop the unlucky packet.
216  * If this shows up in real world, we would need to bump
217  * the hash key length.
218  */
219  if (PREDICT_FALSE (sess->sw_if_index != sw_if_index[0]))
220  {
222  ("BUG: session LSB16(sw_if_index)=%d and 5-tuple=%d collision!",
223  sess->sw_if_index, sw_if_index[0]);
224  action = 0;
225  }
226  return action;
227 
228 }
229 
230 #define ACL_PLUGIN_VECTOR_SIZE 4
231 #define ACL_PLUGIN_PREFETCH_GAP 3
232 
233 always_inline void
236  vlib_frame_t * frame, int is_ip6, int is_input,
237  int is_l2_path, int with_stateful_datapath)
238  /* , int node_trace_on,
239  int reclassify_sessions) */
240 {
241  u32 n_left, *from;
242  acl_main_t *am = &acl_main;
244  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
245 
246  vlib_buffer_t **b;
247  u32 *sw_if_index;
248  fa_5tuple_t *fa_5tuple;
249  u64 *hash;
250 
251 
252 
254  vlib_get_buffers (vm, from, pw->bufs, frame->n_vectors);
255 
256  /* set the initial values for the current buffer the next pointers */
257  b = pw->bufs;
259  fa_5tuple = pw->fa_5tuples;
260  hash = pw->hashes;
261 
262 
263  /*
264  * fill the sw_if_index, 5tuple and session hash,
265  * First in strides of size ACL_PLUGIN_VECTOR_SIZE,
266  * with buffer prefetch being
267  * ACL_PLUGIN_PREFETCH_GAP * ACL_PLUGIN_VECTOR_SIZE entries
268  * in front. Then with a simple single loop.
269  */
270 
271  n_left = frame->n_vectors;
273  {
274  const int vec_sz = ACL_PLUGIN_VECTOR_SIZE;
275  {
276  int ii;
277  for (ii = ACL_PLUGIN_PREFETCH_GAP * vec_sz;
278  ii < (ACL_PLUGIN_PREFETCH_GAP + 1) * vec_sz; ii++)
279  {
281  CLIB_PREFETCH (b[ii]->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
282  }
283  }
284 
285 
286  get_sw_if_index_xN (vec_sz, is_input, b, sw_if_index);
287  fill_5tuple_xN (vec_sz, am, is_ip6, is_input, is_l2_path, &b[0],
288  &sw_if_index[0], &fa_5tuple[0]);
289  if (with_stateful_datapath)
290  make_session_hash_xN (vec_sz, am, is_ip6, &sw_if_index[0],
291  &fa_5tuple[0], &hash[0]);
292 
293  n_left -= vec_sz;
294 
295  fa_5tuple += vec_sz;
296  b += vec_sz;
297  sw_if_index += vec_sz;
298  hash += vec_sz;
299  }
300 
301  while (n_left > 0)
302  {
303  const int vec_sz = 1;
304 
305  get_sw_if_index_xN (vec_sz, is_input, b, sw_if_index);
306  fill_5tuple_xN (vec_sz, am, is_ip6, is_input, is_l2_path, &b[0],
307  &sw_if_index[0], &fa_5tuple[0]);
308  if (with_stateful_datapath)
309  make_session_hash_xN (vec_sz, am, is_ip6, &sw_if_index[0],
310  &fa_5tuple[0], &hash[0]);
311 
312  n_left -= vec_sz;
313 
314  fa_5tuple += vec_sz;
315  b += vec_sz;
316  sw_if_index += vec_sz;
317  hash += vec_sz;
318  }
319 }
320 
321 
325  int is_ip6, int is_input, int is_l2_path,
326  int with_stateful_datapath, int node_trace_on,
327  int reclassify_sessions)
328 {
329  u32 n_left;
330  u32 pkts_exist_session = 0;
331  u32 pkts_new_session = 0;
332  u32 pkts_acl_permit = 0;
333  u32 trace_bitmap = 0;
334  acl_main_t *am = &acl_main;
335  vlib_node_runtime_t *error_node;
336  vlib_error_t no_error_existing_session;
339  acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
340 
341  u16 *next;
342  vlib_buffer_t **b;
343  u32 *sw_if_index;
344  fa_5tuple_t *fa_5tuple;
345  u64 *hash;
346  /* for the delayed counters */
347  u32 saved_matched_acl_index = 0;
348  u32 saved_matched_ace_index = 0;
349  u32 saved_packet_count = 0;
350  u32 saved_byte_count = 0;
351 
352  error_node = vlib_node_get_runtime (vm, node->node_index);
353  no_error_existing_session =
354  error_node->errors[ACL_FA_ERROR_ACL_EXIST_SESSION];
355 
356  b = pw->bufs;
357  next = pw->nexts;
359  fa_5tuple = pw->fa_5tuples;
360  hash = pw->hashes;
361 
362  /*
363  * Now the "hard" work of session lookups and ACL lookups for new sessions.
364  * Due to the complexity, do it for the time being in single loop with
365  * the pipeline of three prefetches:
366  * 1) bucket for the session bihash
367  * 2) data for the session bihash
368  * 3) worker session record
369  */
370 
371  fa_full_session_id_t f_sess_id_next = {.as_u64 = ~0ULL };
372 
373  /* find the "next" session so we can kickstart the pipeline */
374  if (with_stateful_datapath)
376  &fa_5tuple[0], &f_sess_id_next.as_u64);
377 
378  n_left = frame->n_vectors;
379  while (n_left > 0)
380  {
381  u8 action = 0;
382  u32 lc_index0 = ~0;
383  int acl_check_needed = 1;
384  u32 match_acl_in_index = ~0;
385  u32 match_acl_pos = ~0;
386  u32 match_rule_index = ~0;
387 
388  next[0] = 0; /* drop by default */
389 
390  /* Try to match an existing session first */
391 
392  if (with_stateful_datapath)
393  {
394  fa_full_session_id_t f_sess_id = f_sess_id_next;
395  switch (n_left)
396  {
397  default:
399  /* fallthrough */
400  case 5:
401  case 4:
403  /* fallthrough */
404  case 3:
405  case 2:
407  hash[1], &fa_5tuple[1],
408  &f_sess_id_next.as_u64);
409  if (f_sess_id_next.as_u64 != ~0ULL)
410  {
411  prefetch_session_entry (am, f_sess_id_next);
412  }
413  /* fallthrough */
414  case 1:
415  if (f_sess_id.as_u64 != ~0ULL)
416  {
417  if (node_trace_on)
418  {
419  trace_bitmap |= 0x80000000;
420  }
421  ASSERT (f_sess_id.thread_index < vlib_get_n_threads ());
422  b[0]->error = no_error_existing_session;
423  acl_check_needed = 0;
424  pkts_exist_session += 1;
425  action =
426  process_established_session (vm, am, node->node_index,
427  is_input, now, f_sess_id,
428  &sw_if_index[0],
429  &fa_5tuple[0],
430  b[0]->current_length,
431  node_trace_on,
432  &trace_bitmap);
433 
434  /* expose the session id to the tracer */
435  if (node_trace_on)
436  {
437  match_rule_index = f_sess_id.session_index;
438  }
439 
440  if (reclassify_sessions)
441  {
442  if (PREDICT_FALSE
444  (am, is_input, pw, now, sw_if_index[0],
445  f_sess_id)))
446  {
447  acl_check_needed = 1;
448  if (node_trace_on)
449  {
450  trace_bitmap |= 0x40000000;
451  }
452  /*
453  * If we have just deleted the session, and the next
454  * buffer is the same 5-tuple, that session prediction
455  * is wrong, correct it.
456  */
457  if ((f_sess_id_next.as_u64 != ~0ULL)
458  && 0 == memcmp (&fa_5tuple[1], &fa_5tuple[0],
459  sizeof (fa_5tuple[1])))
460  f_sess_id_next.as_u64 = ~0ULL;
461  }
462  }
463  }
464  }
465 
466  if (acl_check_needed)
467  {
468  if (is_input)
469  lc_index0 = am->input_lc_index_by_sw_if_index[sw_if_index[0]];
470  else
471  lc_index0 =
472  am->output_lc_index_by_sw_if_index[sw_if_index[0]];
473 
474  action = 0; /* deny by default */
475  int is_match = acl_plugin_match_5tuple_inline (am, lc_index0,
476  (fa_5tuple_opaque_t *) & fa_5tuple[0], is_ip6,
477  &action,
478  &match_acl_pos,
479  &match_acl_in_index,
480  &match_rule_index,
481  &trace_bitmap);
482  if (PREDICT_FALSE
483  (is_match && am->interface_acl_counters_enabled))
484  {
485  u32 buf_len = vlib_buffer_length_in_chain (vm, b[0]);
486  vlib_increment_combined_counter (am->combined_acl_counters +
487  saved_matched_acl_index,
488  thread_index,
489  saved_matched_ace_index,
490  saved_packet_count,
491  saved_byte_count);
492  saved_matched_acl_index = match_acl_in_index;
493  saved_matched_ace_index = match_rule_index;
494  saved_packet_count = 1;
495  saved_byte_count = buf_len;
496  /* prefetch the counter that we are going to increment */
497  vlib_prefetch_combined_counter (am->combined_acl_counters +
498  saved_matched_acl_index,
499  thread_index,
500  saved_matched_ace_index);
501  }
502 
503  b[0]->error = error_node->errors[action];
504 
505  if (1 == action)
506  pkts_acl_permit++;
507 
508  if (2 == action)
509  {
510  if (!acl_fa_can_add_session (am, is_input, sw_if_index[0]))
511  acl_fa_try_recycle_session (am, is_input,
512  thread_index,
513  sw_if_index[0], now);
514 
515  if (acl_fa_can_add_session (am, is_input, sw_if_index[0]))
516  {
517  u16 current_policy_epoch =
518  get_current_policy_epoch (am, is_input,
519  sw_if_index[0]);
520  fa_full_session_id_t f_sess_id =
521  acl_fa_add_session (am, is_input, is_ip6,
522  sw_if_index[0],
523  now, &fa_5tuple[0],
524  current_policy_epoch);
525 
526  /* perform the accounting for the newly added session */
528  node->node_index,
529  is_input, now,
530  f_sess_id,
531  &sw_if_index[0],
532  &fa_5tuple[0],
533  b[0]->current_length,
534  node_trace_on,
535  &trace_bitmap);
536  pkts_new_session++;
537  /*
538  * If the next 5tuple is the same and we just added the session,
539  * the f_sess_id_next can not be ~0. Correct it.
540  */
541  if ((f_sess_id_next.as_u64 == ~0ULL)
542  && 0 == memcmp (&fa_5tuple[1], &fa_5tuple[0],
543  sizeof (fa_5tuple[1])))
544  f_sess_id_next = f_sess_id;
545  }
546  else
547  {
548  action = 0;
549  b[0]->error =
550  error_node->errors
551  [ACL_FA_ERROR_ACL_TOO_MANY_SESSIONS];
552  }
553  }
554 
555  }
556 
557  {
558  /* speculatively get the next0 */
559  vnet_feature_next_u16 (&next[0], b[0]);
560  /* if the action is not deny - then use that next */
561  next[0] = action ? next[0] : 0;
562  }
563 
564  if (node_trace_on) // PREDICT_FALSE (node->flags & VLIB_NODE_FLAG_TRACE))
565  {
566  maybe_trace_buffer (vm, node, b[0], sw_if_index[0], lc_index0,
567  next[0], match_acl_in_index,
568  match_rule_index, &fa_5tuple[0], action,
569  trace_bitmap);
570  }
571 
572  next++;
573  b++;
574  fa_5tuple++;
575  sw_if_index++;
576  hash++;
577  n_left -= 1;
578  }
579  }
580 
581  /*
582  * if we were had an acl match then we have a counter to increment.
583  * else it is all zeroes, so this will be harmless.
584  */
585  vlib_increment_combined_counter (am->combined_acl_counters +
586  saved_matched_acl_index,
587  thread_index,
588  saved_matched_ace_index,
589  saved_packet_count, saved_byte_count);
590 
591  vlib_node_increment_counter (vm, node->node_index,
592  ACL_FA_ERROR_ACL_CHECK, frame->n_vectors);
593  vlib_node_increment_counter (vm, node->node_index,
594  ACL_FA_ERROR_ACL_EXIST_SESSION,
595  pkts_exist_session);
596  vlib_node_increment_counter (vm, node->node_index,
597  ACL_FA_ERROR_ACL_NEW_SESSION,
598  pkts_new_session);
599  vlib_node_increment_counter (vm, node->node_index,
600  ACL_FA_ERROR_ACL_PERMIT, pkts_acl_permit);
601  return frame->n_vectors;
602 }
603 
607  int is_ip6, int is_input, int is_l2_path,
608  int do_stateful_datapath)
609 {
610  acl_main_t *am = &acl_main;
611 
613  is_l2_path, do_stateful_datapath);
614 
615  if (am->reclassify_sessions)
616  {
617  if (PREDICT_FALSE (node->flags & VLIB_NODE_FLAG_TRACE))
618  return acl_fa_inner_node_fn (vm, node, frame, is_ip6, is_input,
619  is_l2_path, do_stateful_datapath,
620  1 /* trace */ ,
621  1 /* reclassify */ );
622  else
623  return acl_fa_inner_node_fn (vm, node, frame, is_ip6, is_input,
624  is_l2_path, do_stateful_datapath, 0,
625  1 /* reclassify */ );
626  }
627  else
628  {
629  if (PREDICT_FALSE (node->flags & VLIB_NODE_FLAG_TRACE))
630  return acl_fa_inner_node_fn (vm, node, frame, is_ip6, is_input,
631  is_l2_path, do_stateful_datapath,
632  1 /* trace */ ,
633  0);
634  else
635  return acl_fa_inner_node_fn (vm, node, frame, is_ip6, is_input,
636  is_l2_path, do_stateful_datapath, 0, 0);
637  }
638 }
639 
643  int is_input, int is_l2_path)
644 {
645  /* select the reclassify/no-reclassify version of the datapath */
646  acl_main_t *am = &acl_main;
647  acl_fa_per_worker_data_t *pw = &am->per_worker_data[vm->thread_index];
648  uword rv;
649 
650  if (am->fa_sessions_hash_is_initialized)
651  rv = acl_fa_outer_node_fn (vm, node, frame, is_ip6, is_input,
652  is_l2_path, 1);
653  else
654  rv = acl_fa_outer_node_fn (vm, node, frame, is_ip6, is_input,
655  is_l2_path, 0);
656 
658  pw->nexts, frame->n_vectors);
659  return rv;
660 }
661 
662 
663 static u8 *
664 format_fa_5tuple (u8 * s, va_list * args)
665 {
666  fa_5tuple_t *p5t = va_arg (*args, fa_5tuple_t *);
667  void *paddr0;
668  void *paddr1;
669  void *format_address_func;
670  void *ip_af;
671  void *ip_frag_txt =
672  p5t->pkt.is_nonfirst_fragment ? " non-initial fragment" : "";
673 
674  if (p5t->pkt.is_ip6)
675  {
676  ip_af = "ip6";
677  format_address_func = format_ip6_address;
678  paddr0 = &p5t->ip6_addr[0];
679  paddr1 = &p5t->ip6_addr[1];
680  }
681  else
682  {
683  ip_af = "ip4";
684  format_address_func = format_ip4_address;
685  paddr0 = &p5t->ip4_addr[0];
686  paddr1 = &p5t->ip4_addr[1];
687  }
688 
689  s =
690  format (s, "lc_index %d l3 %s%s ", p5t->pkt.lc_index, ip_af, ip_frag_txt);
691  s =
692  format (s, "%U -> %U ", format_address_func, paddr0, format_address_func,
693  paddr1);
694  s = format (s, "%U ", format_fa_session_l4_key, &p5t->l4);
695  s = format (s, "tcp flags (%s) %02x rsvd %x",
696  p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
697  p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
698  return s;
699 }
700 
701 #ifndef CLIB_MARCH_VARIANT
702 u8 *
703 format_acl_plugin_5tuple (u8 * s, va_list * args)
704 {
705  return format_fa_5tuple (s, args);
706 }
707 #endif
708 
709 /* packet trace format function */
710 static u8 *
711 format_acl_plugin_trace (u8 * s, va_list * args)
712 {
713  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
714  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
715  acl_fa_trace_t *t = va_arg (*args, acl_fa_trace_t *);
716 
717  s =
718  format (s,
719  "acl-plugin: lc_index: %d, sw_if_index %d, next index %d, action: %d, match: acl %d rule %d trace_bits %08x\n"
720  " pkt info %016llx %016llx %016llx %016llx %016llx %016llx",
721  t->lc_index, t->sw_if_index, t->next_index, t->action,
723  t->packet_info[0], t->packet_info[1], t->packet_info[2],
724  t->packet_info[3], t->packet_info[4], t->packet_info[5]);
725 
726  /* Now also print out the packet_info in a form usable by humans */
727  s = format (s, "\n %U", format_fa_5tuple, t->packet_info);
728  return s;
729 }
730 
731 /* *INDENT-OFF* */
732 
733 static char *acl_fa_error_strings[] = {
734 #define _(sym,string) string,
736 #undef _
737 };
738 
742 {
743  return acl_fa_node_fn (vm, node, frame, 1, 1, 1);
744 }
745 
749 {
750  return acl_fa_node_fn (vm, node, frame, 0, 1, 1);
751 }
752 
756 {
757  return acl_fa_node_fn (vm, node, frame, 1, 0, 1);
758 }
759 
763 {
764  return acl_fa_node_fn (vm, node, frame, 0, 0, 1);
765 }
766 
767 /**** L3 processing path nodes ****/
768 
772 {
773  return acl_fa_node_fn (vm, node, frame, 1, 1, 0);
774 }
775 
779 {
780  return acl_fa_node_fn (vm, node, frame, 0, 1, 0);
781 }
782 
786 {
787  return acl_fa_node_fn (vm, node, frame, 1, 0, 0);
788 }
789 
793 {
794  return acl_fa_node_fn (vm, node, frame, 0, 0, 0);
795 }
796 
798 {
799  .name = "acl-plugin-in-ip6-l2",
800  .vector_size = sizeof (u32),
801  .format_trace = format_acl_plugin_trace,
803  .n_errors = ARRAY_LEN (acl_fa_error_strings),
804  .error_strings = acl_fa_error_strings,
805  .n_next_nodes = ACL_FA_N_NEXT,
806  .next_nodes =
807  {
808  [ACL_FA_ERROR_DROP] = "error-drop",
809  }
810 };
811 
812 VNET_FEATURE_INIT (acl_in_l2_ip6_fa_feature, static) =
813 {
814  .arc_name = "l2-input-ip6",
815  .node_name = "acl-plugin-in-ip6-l2",
816  .runs_before = VNET_FEATURES ("l2-input-feat-arc-end"),
817 };
818 
820 {
821  .name = "acl-plugin-in-ip4-l2",
822  .vector_size = sizeof (u32),
823  .format_trace = format_acl_plugin_trace,
825  .n_errors = ARRAY_LEN (acl_fa_error_strings),
826  .error_strings = acl_fa_error_strings,
827  .n_next_nodes = ACL_FA_N_NEXT,
828  .next_nodes =
829  {
830  [ACL_FA_ERROR_DROP] = "error-drop",
831  }
832 };
833 
834 VNET_FEATURE_INIT (acl_in_l2_ip4_fa_feature, static) =
835 {
836  .arc_name = "l2-input-ip4",
837  .node_name = "acl-plugin-in-ip4-l2",
838  .runs_before = VNET_FEATURES ("l2-input-feat-arc-end"),
839 };
840 
841 
843 {
844  .name = "acl-plugin-out-ip6-l2",
845  .vector_size = sizeof (u32),
846  .format_trace = format_acl_plugin_trace,
848  .n_errors = ARRAY_LEN (acl_fa_error_strings),
849  .error_strings = acl_fa_error_strings,
850  .n_next_nodes = ACL_FA_N_NEXT,
851  .next_nodes =
852  {
853  [ACL_FA_ERROR_DROP] = "error-drop",
854  }
855 };
856 
857 VNET_FEATURE_INIT (acl_out_l2_ip6_fa_feature, static) =
858 {
859  .arc_name = "l2-output-ip6",
860  .node_name = "acl-plugin-out-ip6-l2",
861  .runs_before = VNET_FEATURES ("l2-output-feat-arc-end"),
862 };
863 
864 
866 {
867  .name = "acl-plugin-out-ip4-l2",
868  .vector_size = sizeof (u32),
869  .format_trace = format_acl_plugin_trace,
871  .n_errors = ARRAY_LEN (acl_fa_error_strings),
872  .error_strings = acl_fa_error_strings,
873  .n_next_nodes = ACL_FA_N_NEXT,
874  .next_nodes =
875  {
876  [ACL_FA_ERROR_DROP] = "error-drop",
877  }
878 };
879 
880 VNET_FEATURE_INIT (acl_out_l2_ip4_fa_feature, static) =
881 {
882  .arc_name = "l2-output-ip4",
883  .node_name = "acl-plugin-out-ip4-l2",
884  .runs_before = VNET_FEATURES ("l2-output-feat-arc-end"),
885 };
886 
887 
889 {
890  .name = "acl-plugin-in-ip6-fa",
891  .vector_size = sizeof (u32),
892  .format_trace = format_acl_plugin_trace,
894  .n_errors = ARRAY_LEN (acl_fa_error_strings),
895  .error_strings = acl_fa_error_strings,
896  .n_next_nodes = ACL_FA_N_NEXT,
897  .next_nodes =
898  {
899  [ACL_FA_ERROR_DROP] = "error-drop",
900  }
901 };
902 
903 VNET_FEATURE_INIT (acl_in_ip6_fa_feature, static) =
904 {
905  .arc_name = "ip6-unicast",
906  .node_name = "acl-plugin-in-ip6-fa",
907  .runs_before = VNET_FEATURES ("ip6-flow-classify"),
908 };
909 
911 {
912  .name = "acl-plugin-in-ip4-fa",
913  .vector_size = sizeof (u32),
914  .format_trace = format_acl_plugin_trace,
916  .n_errors = ARRAY_LEN (acl_fa_error_strings),
917  .error_strings = acl_fa_error_strings,
918  .n_next_nodes = ACL_FA_N_NEXT,
919  .next_nodes =
920  {
921  [ACL_FA_ERROR_DROP] = "error-drop",
922  }
923 };
924 
925 VNET_FEATURE_INIT (acl_in_ip4_fa_feature, static) =
926 {
927  .arc_name = "ip4-unicast",
928  .node_name = "acl-plugin-in-ip4-fa",
929  .runs_before = VNET_FEATURES ("ip4-flow-classify"),
930 };
931 
932 
934 {
935  .name = "acl-plugin-out-ip6-fa",
936  .vector_size = sizeof (u32),
937  .format_trace = format_acl_plugin_trace,
939  .n_errors = ARRAY_LEN (acl_fa_error_strings),
940  .error_strings = acl_fa_error_strings,
941  .n_next_nodes = ACL_FA_N_NEXT,
942  .next_nodes =
943  {
944  [ACL_FA_ERROR_DROP] = "error-drop",
945  }
946 };
947 
948 VNET_FEATURE_INIT (acl_out_ip6_fa_feature, static) =
949 {
950  .arc_name = "ip6-output",
951  .node_name = "acl-plugin-out-ip6-fa",
952  .runs_before = VNET_FEATURES ("interface-output"),
953 };
954 
956 {
957  .name = "acl-plugin-out-ip4-fa",
958  .vector_size = sizeof (u32),
959  .format_trace = format_acl_plugin_trace,
961  .n_errors = ARRAY_LEN (acl_fa_error_strings),
962  .error_strings = acl_fa_error_strings,
963  .n_next_nodes = ACL_FA_N_NEXT,
964  /* edit / add dispositions here */
965  .next_nodes =
966  {
967  [ACL_FA_ERROR_DROP] = "error-drop",
968  }
969 };
970 
971 VNET_FEATURE_INIT (acl_out_ip4_fa_feature, static) =
972 {
973  .arc_name = "ip4-output",
974  .node_name = "acl-plugin-out-ip4-fa",
975  .runs_before = VNET_FEATURES ("interface-output"),
976 };
977 
978 /* *INDENT-ON* */
979 
980 /*
981  * fd.io coding-style-patch-verification: ON
982  *
983  * Local Variables:
984  * eval: (c-set-style "gnu")
985  * End:
986  */
vlib.h
acl_fa_can_add_session
static int acl_fa_can_add_session(acl_main_t *am, int is_input, u32 sw_if_index)
Definition: session_inlines.h:465
acl_fa_trace_t::sw_if_index
u32 sw_if_index
Definition: dataplane_node.c:38
clib_bihash_kv_40_8_t::value
u64 value
Definition: bihash_40_8.h:44
stale_session_deleted
static int stale_session_deleted(acl_main_t *am, int is_input, acl_fa_per_worker_data_t *pw, u64 now, u32 sw_if_index0, fa_full_session_id_t f_sess_id)
Definition: dataplane_node.c:108
acl_fa_prefetch_session_bucket_for_hash
static void acl_fa_prefetch_session_bucket_for_hash(acl_main_t *am, int is_ip6, u64 hash)
Definition: session_inlines.h:616
fa_session_t::sw_if_index
u32 sw_if_index
Definition: fa_node.h:108
public_inlines.h
get_sw_if_index_xN
static void get_sw_if_index_xN(int vector_sz, int is_input, vlib_buffer_t **b, u32 *out_sw_if_index)
Definition: dataplane_node.c:141
thread_index
u32 thread_index
Definition: nat44_ei_hairpinning.c:492
acl_plugin_match_5tuple_inline
static int acl_plugin_match_5tuple_inline(void *p_acl_main, u32 lc_index, fa_5tuple_opaque_t *pkt_5tuple, int is_ip6, u8 *r_action, u32 *r_acl_pos_p, u32 *r_acl_match_p, u32 *r_rule_match_p, u32 *trace_bitmap)
Definition: public_inlines.h:653
fa_packet_info_t::is_ip6
u8 is_ip6
Definition: fa_node.h:36
frame
vlib_main_t vlib_node_runtime_t vlib_frame_t * frame
Definition: nat44_ei.c:3048
acl_fa_find_session_with_hash
static int acl_fa_find_session_with_hash(acl_main_t *am, int is_ip6, u32 sw_if_index0, u64 hash, fa_5tuple_t *p5tuple, u64 *pvalue_sess)
Definition: session_inlines.h:635
format_ip4_address
format_function_t format_ip4_address
Definition: format.h:73
fa_5tuple_t
Definition: fa_node.h:68
VNET_FEATURE_INIT
VNET_FEATURE_INIT(acl_in_l2_ip6_fa_feature, static)
acl_in_l2_ip6_node
vlib_node_registration_t acl_in_l2_ip6_node
(constructor) VLIB_REGISTER_NODE (acl_in_l2_ip6_node)
Definition: dataplane_node.c:797
acl_fa_trace_t::match_acl_in_index
u32 match_acl_in_index
Definition: dataplane_node.c:40
fa_5tuple_t::ip4_addr
ip4_address_t ip4_addr[2]
Definition: fa_node.h:77
fa_packet_info_t::lc_index
u32 lc_index
Definition: fa_node.h:30
fa_full_session_id_t::intf_policy_epoch
u16 intf_policy_epoch
Definition: fa_node.h:137
acl_fa_node_fn
static uword acl_fa_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame, int is_ip6, int is_input, int is_l2_path)
Definition: dataplane_node.c:641
bihash_template.h
acl_in_fa_ip6_node
vlib_node_registration_t acl_in_fa_ip6_node
(constructor) VLIB_REGISTER_NODE (acl_in_fa_ip6_node)
Definition: dataplane_node.c:888
fa_packet_info_t::flags_reserved
u8 flags_reserved
Definition: fa_node.h:37
acl_fa_per_worker_data_t
Definition: fa_node.h:168
acl_fa_trace_t
Definition: dataplane_node.c:35
ACL_PLUGIN_PREFETCH_GAP
#define ACL_PLUGIN_PREFETCH_GAP
Definition: dataplane_node.c:231
format_fa_session_l4_key
static_always_inline u8 * format_fa_session_l4_key(u8 *s, va_list *args)
Definition: fa_node.h:93
vlib_get_buffers
vlib_get_buffers(vm, from, b, n_left_from)
next
u16 * next
Definition: nat44_ei_out2in.c:718
VLIB_NODE_TYPE_INTERNAL
@ VLIB_NODE_TYPE_INTERNAL
Definition: node.h:72
node
vlib_main_t vlib_node_runtime_t * node
Definition: nat44_ei.c:3047
format_fa_5tuple
static u8 * format_fa_5tuple(u8 *s, va_list *args)
Definition: dataplane_node.c:664
u16
unsigned short u16
Definition: types.h:57
acl_out_l2_ip6_node
vlib_node_registration_t acl_out_l2_ip6_node
(constructor) VLIB_REGISTER_NODE (acl_out_l2_ip6_node)
Definition: dataplane_node.c:842
acl_fa_try_recycle_session
static void acl_fa_try_recycle_session(acl_main_t *am, int is_input, u16 thread_index, u32 sw_if_index, u64 now)
Definition: session_inlines.h:475
am
app_main_t * am
Definition: application.c:489
acl_fa_error_t
acl_fa_error_t
Definition: dataplane_node.c:58
acl_fa_outer_node_fn
static uword acl_fa_outer_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame, int is_ip6, int is_input, int is_l2_path, int do_stateful_datapath)
Definition: dataplane_node.c:605
acl_in_fa_ip4_node
vlib_node_registration_t acl_in_fa_ip4_node
(constructor) VLIB_REGISTER_NODE (acl_in_fa_ip4_node)
Definition: dataplane_node.c:910
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
acl_fa_inner_node_fn
static uword acl_fa_inner_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame, int is_ip6, int is_input, int is_l2_path, int with_stateful_datapath, int node_trace_on, int reclassify_sessions)
Definition: dataplane_node.c:323
VLIB_RX
@ VLIB_RX
Definition: defs.h:46
acl_fa_add_session
static fa_full_session_id_t acl_fa_add_session(acl_main_t *am, int is_input, int is_ip6, u32 sw_if_index, u64 now, fa_5tuple_t *p5tuple, u16 current_policy_epoch)
Definition: session_inlines.h:515
acl_fa_restart_timer_for_session
static int acl_fa_restart_timer_for_session(acl_main_t *am, u64 now, fa_full_session_id_t sess_id)
Definition: session_inlines.h:247
vlib_buffer_enqueue_to_next
vlib_buffer_enqueue_to_next(vm, node, from,(u16 *) nexts, frame->n_vectors)
fa_packet_info_t::tcp_flags
u8 tcp_flags
Definition: fa_node.h:32
vlib_frame_t
Definition: node.h:372
ACL_FA_N_NEXT
@ ACL_FA_N_NEXT
Definition: fa_node.h:240
vlib_buffer_length_in_chain
static uword vlib_buffer_length_in_chain(vlib_main_t *vm, vlib_buffer_t *b)
Get length in bytes of the buffer chain.
Definition: buffer_funcs.h:433
acl_in_l2_ip4_node
vlib_node_registration_t acl_in_l2_ip4_node
(constructor) VLIB_REGISTER_NODE (acl_in_l2_ip4_node)
Definition: dataplane_node.c:819
fill_5tuple_xN
static void fill_5tuple_xN(int vector_sz, acl_main_t *am, int is_ip6, int is_input, int is_l2_path, vlib_buffer_t **b, u32 *sw_if_index, fa_5tuple_t *out_fa_5tuple)
Definition: dataplane_node.c:153
acl_main
acl_main_t acl_main
Definition: acl.c:44
vec_elt
#define vec_elt(v, i)
Get vector value at index i.
Definition: vec_bootstrap.h:210
clib_bihash_kv_40_8_t::key
u64 key[5]
Definition: bihash_40_8.h:43
CLIB_PREFETCH
#define CLIB_PREFETCH(addr, size, type)
Definition: cache.h:80
session_inlines.h
vlib_node_runtime_t::errors
vlib_error_t * errors
Vector of errors for this node.
Definition: node.h:460
fa_5tuple_opaque_t
Definition: exported_types.h:25
maybe_trace_buffer
static void maybe_trace_buffer(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_buffer_t *b, u32 sw_if_index0, u32 lc_index0, u16 next0, int match_acl_in_index, int match_rule_index, fa_5tuple_t *fa_5tuple, u8 action, u32 trace_bitmap)
Definition: dataplane_node.c:82
acl_fa_trace_t::trace_bitmap
u32 trace_bitmap
Definition: dataplane_node.c:43
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
vlib_buffer_t::error
vlib_error_t error
Error code for buffers to be enqueued to error handler.
Definition: buffer.h:145
error.h
VLIB_NODE_FN
#define VLIB_NODE_FN(node)
Definition: node.h:202
get_current_policy_epoch
static u16 get_current_policy_epoch(acl_main_t *am, int is_input, u32 sw_if_index0)
Definition: dataplane_node.c:69
acl.h
CLIB_UNUSED
#define CLIB_UNUSED(x)
Definition: clib.h:90
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:437
vnet_feature_next_u16
static_always_inline void vnet_feature_next_u16(u16 *next0, vlib_buffer_t *b0)
Definition: feature.h:328
VLIB_NODE_FLAG_TRACE
#define VLIB_NODE_FLAG_TRACE
Definition: node.h:291
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:124
acl_fa_trace_t::packet_info
u64 packet_info[6]
Definition: dataplane_node.c:42
ARRAY_LEN
#define ARRAY_LEN(x)
Definition: clib.h:70
vlib_frame_vector_args
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:301
vlib_prefetch_combined_counter
static void vlib_prefetch_combined_counter(const vlib_combined_counter_main_t *cm, u32 thread_index, u32 index)
Pre-fetch a per-thread combined counter for the given object index.
Definition: counter.h:248
acl_fa_two_stage_delete_session
static int acl_fa_two_stage_delete_session(acl_main_t *am, u32 sw_if_index, fa_full_session_id_t sess_id, u64 now)
Definition: session_inlines.h:446
uword
u64 uword
Definition: types.h:112
prefetch_session_entry
static void prefetch_session_entry(acl_main_t *am, fa_full_session_id_t f_sess_id)
Definition: dataplane_node.c:175
fa_5tuple_t::l4
fa_session_l4_key_t l4
Definition: fa_node.h:81
vlib_main_t::thread_index
u32 thread_index
Definition: main.h:213
acl_fa_per_worker_data_t::sw_if_indices
u32 sw_if_indices[VLIB_FRAME_SIZE]
Definition: fa_node.h:230
vlib_node_increment_counter
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
Definition: node_funcs.h:1244
acl_fa_per_worker_data_t::bufs
vlib_buffer_t * bufs[VLIB_FRAME_SIZE]
Definition: fa_node.h:229
get_session_ptr_no_check
static fa_session_t * get_session_ptr_no_check(acl_main_t *am, u16 thread_index, u32 session_index)
Definition: session_inlines.h:118
fa_packet_info_t::tcp_flags_valid
u8 tcp_flags_valid
Definition: fa_node.h:33
vec_validate
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment)
Definition: vec.h:523
ACL_FA_ERROR_DROP
@ ACL_FA_ERROR_DROP
Definition: fa_node.h:239
fa_full_session_id_t::session_index
u32 session_index
Definition: fa_node.h:135
ACL_FA_N_ERROR
@ ACL_FA_N_ERROR
Definition: dataplane_node.c:63
process_established_session
static u8 process_established_session(vlib_main_t *vm, acl_main_t *am, u32 counter_node_index, int is_input, u64 now, fa_full_session_id_t f_sess_id, u32 *sw_if_index, fa_5tuple_t *fa_5tuple, u32 pkt_len, int node_trace_on, u32 *trace_bitmap)
Definition: dataplane_node.c:183
ACL_PLUGIN_VECTOR_SIZE
#define ACL_PLUGIN_VECTOR_SIZE
Definition: dataplane_node.c:230
CLIB_CACHE_LINE_BYTES
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
os_get_thread_index
static_always_inline uword os_get_thread_index(void)
Definition: os.h:63
vlib_buffer_t::current_length
u16 current_length
Nbytes between current data and the end of this buffer.
Definition: buffer.h:122
acl_out_fa_ip6_node
vlib_node_registration_t acl_out_fa_ip6_node
(constructor) VLIB_REGISTER_NODE (acl_out_fa_ip6_node)
Definition: dataplane_node.c:933
fa_full_session_id_t
Definition: fa_node.h:131
data
u8 data[128]
Definition: ipsec_types.api:92
acl_fa_track_session
static u8 acl_fa_track_session(acl_main_t *am, int is_input, u32 sw_if_index, u64 now, fa_session_t *sess, fa_5tuple_t *pkt_5tuple, u32 pkt_len)
Definition: session_inlines.h:277
format_acl_plugin_5tuple
u8 * format_acl_plugin_5tuple(u8 *s, va_list *args)
Definition: dataplane_node.c:703
lookup_context.h
is_ip6
bool is_ip6
Definition: ip.api:43
always_inline
#define always_inline
Definition: rdma_mlx5dv.h:23
format_acl_plugin_trace
static u8 * format_acl_plugin_trace(u8 *s, va_list *args)
Definition: dataplane_node.c:711
acl_out_l2_ip4_node
vlib_node_registration_t acl_out_l2_ip4_node
(constructor) VLIB_REGISTER_NODE (acl_out_l2_ip4_node)
Definition: dataplane_node.c:865
acl_fa_conn_list_delete_session
static int acl_fa_conn_list_delete_session(acl_main_t *am, fa_full_session_id_t sess_id, u64 now)
Definition: session_inlines.h:193
acl_fa_per_worker_data_t::fa_5tuples
fa_5tuple_t fa_5tuples[VLIB_FRAME_SIZE]
Definition: fa_node.h:231
u64
unsigned long u64
Definition: types.h:89
acl_fa_error_strings
static char * acl_fa_error_strings[]
Definition: dataplane_node.c:733
format
description fragment has unexpected format
Definition: map.api:433
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
acl_fa_trace_t::match_rule_index
u32 match_rule_index
Definition: dataplane_node.c:41
fa_5tuple_t::pkt
fa_packet_info_t pkt
Definition: fa_node.h:83
acl_fa_per_worker_data_t::fa_session_epoch_change_by_sw_if_index
u64 * fa_session_epoch_change_by_sw_if_index
Definition: fa_node.h:186
acl_fa_per_worker_data_t::hashes
u64 hashes[VLIB_FRAME_SIZE]
Definition: fa_node.h:232
u32
unsigned int u32
Definition: types.h:88
bihash_40_8.h
fa_full_session_id_t::as_u64
u64 as_u64
Definition: fa_node.h:133
acl_main_t
Definition: acl.h:116
FA_POLICY_EPOCH_IS_INPUT
#define FA_POLICY_EPOCH_IS_INPUT
Definition: fa_node.h:126
acl_fill_5tuple
static void acl_fill_5tuple(acl_main_t *am, u32 sw_if_index0, vlib_buffer_t *b0, int is_ip6, int is_input, int is_l2_path, fa_5tuple_t *p5tuple_pkt)
Definition: public_inlines.h:207
acl_fa_trace_t::lc_index
u32 lc_index
Definition: dataplane_node.c:39
n_left
u32 n_left
Definition: interface_output.c:1078
vlib_node_get_runtime
static vlib_node_runtime_t * vlib_node_get_runtime(vlib_main_t *vm, u32 node_index)
Get node runtime by node index.
Definition: node_funcs.h:116
now
f64 now
Definition: nat44_ei_out2in.c:710
fa_5tuple_t::ip6_addr
ip6_address_t ip6_addr[2]
Definition: fa_node.h:79
vlib_main_t
Definition: main.h:102
vlib_get_n_threads
static u32 vlib_get_n_threads()
Definition: global_funcs.h:23
vlib_node_t
Definition: node.h:247
vlib_add_trace
void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace.c:628
acl_fa_trace_t::next_index
u32 next_index
Definition: dataplane_node.c:37
b
vlib_buffer_t ** b
Definition: nat44_ei_out2in.c:717
VNET_FEATURES
#define VNET_FEATURES(...)
Definition: feature.h:470
u8
unsigned char u8
Definition: types.h:56
fa_node.h
icmp46_packet.h
format_ip6_address
format_function_t format_ip6_address
Definition: format.h:91
make_session_hash_xN
static void make_session_hash_xN(int vector_sz, acl_main_t *am, int is_ip6, u32 *sw_if_index, fa_5tuple_t *fa_5tuple, u64 *out_hash)
Definition: dataplane_node.c:164
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
foreach_acl_fa_error
#define foreach_acl_fa_error
Definition: dataplane_node.c:48
rv
int __clib_unused rv
Definition: application.c:491
vlib_error_t
u16 vlib_error_t
Definition: error.h:45
vnet.h
vlib_node_runtime_t
Definition: node.h:454
clib_cpu_time_now
static u64 clib_cpu_time_now(void)
Definition: time.h:81
from
from
Definition: nat44_ei_hairpinning.c:415
fa_session_t
Definition: fa_node.h:105
fa_5tuple_t::kv_40_8
clib_bihash_kv_40_8_t kv_40_8
Definition: fa_node.h:85
action
vl_api_mac_event_action_t action
Definition: l2.api:211
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:34
VLIB_TX
@ VLIB_TX
Definition: defs.h:47
fa_packet_info_t::is_nonfirst_fragment
u8 is_nonfirst_fragment
Definition: fa_node.h:35
acl_fa_node_common_prepare_fn
static void acl_fa_node_common_prepare_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame, int is_ip6, int is_input, int is_l2_path, int with_stateful_datapath)
Definition: dataplane_node.c:234
acl_fa_prefetch_session_data_for_hash
static void acl_fa_prefetch_session_data_for_hash(acl_main_t *am, int is_ip6, u64 hash)
Definition: session_inlines.h:626
acl_out_fa_ip4_node
vlib_node_registration_t acl_out_fa_ip4_node
(constructor) VLIB_REGISTER_NODE (acl_out_fa_ip4_node)
Definition: dataplane_node.c:955
acl_fa_per_worker_data_t::nexts
u16 nexts[VLIB_FRAME_SIZE]
Definition: fa_node.h:233
type
vl_api_fib_path_type_t type
Definition: fib_types.api:123
vlib_increment_combined_counter
vlib_increment_combined_counter(ccm, ti, sw_if_index, n_buffers, n_bytes)
acl_fa_trace_t::action
u8 action
Definition: dataplane_node.c:44
fa_session_get_timeout_type
static int fa_session_get_timeout_type(acl_main_t *am, fa_session_t *sess)
Definition: session_inlines.h:71
acl_fa_make_session_hash
static u64 acl_fa_make_session_hash(acl_main_t *am, int is_ip6, u32 sw_if_index0, fa_5tuple_t *p5tuple)
Definition: session_inlines.h:606
vlib_buffer_t::flags
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index,...
Definition: buffer.h:133
fa_full_session_id_t::thread_index
u16 thread_index
Definition: fa_node.h:136
vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:111
VLIB_REGISTER_NODE
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169