FD.io VPP  v18.04-17-g3a0d853
Vector Packet Processing
lookup_context.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <plugins/acl/acl.h>
17 #include <plugins/acl/fa_node.h>
18 #include <plugins/acl/public_inlines.h>
19 #include <vlib/unix/plugin.h>
20 #include "hash_lookup.h"
21 #include "elog_acl_trace.h"
22 
23 /* check if a given ACL exists */
24 u8 acl_plugin_acl_exists (u32 acl_index);
25 
26 static u32 get_acl_user_id(acl_main_t *am, char *user_module_name, char *val1_label, char *val2_label)
27 {
28  acl_lookup_context_user_t *auser;
29 
30  pool_foreach (auser, am->acl_users,
31  ({
32  if (0 == strcmp(auser->user_module_name, user_module_name)) {
33  return (auser - am->acl_users);
34  }
35  }));
36 
37  pool_get(am->acl_users, auser);
38  auser->user_module_name = user_module_name;
39  auser->val1_label = val1_label;
40  auser->val2_label = val2_label;
41  return (auser - am->acl_users);
42 }
43 
44 static int acl_user_id_valid(acl_main_t *am, u32 acl_user_id)
45 {
46 
47  if (pool_is_free_index (am->acl_users, acl_user_id))
48  return 0;
49 
50  return 1;
51 }
52 
53 static int acl_lc_index_valid(acl_main_t *am, u32 lc_index)
54 {
55 
56  if (pool_is_free_index (am->acl_lookup_contexts, lc_index))
57  return 0;
58 
59  return 1;
60 }
61 
62 /*
63  * If you are using ACL plugin, get this unique ID first,
64  * so you can identify yourself when creating the lookup contexts.
65  */
66 
67 u32 acl_plugin_register_user_module (char *user_module_name, char *val1_label, char *val2_label)
68 {
69  acl_main_t *am = &acl_main;
70  void *oldheap = acl_plugin_set_heap();
71  u32 user_id = get_acl_user_id(am, user_module_name, val1_label, val2_label);
72  clib_mem_set_heap (oldheap);
73  return user_id;
74 }
75 
76 /*
77  * Allocate a new lookup context index.
78  * Supply the id assigned to your module during registration,
79  * and two values of your choice identifying instances
80  * of use within your module. They are useful for debugging.
81  * If >= 0 - context id. If < 0 - error code.
82  */
83 
84 int acl_plugin_get_lookup_context_index (u32 acl_user_id, u32 val1, u32 val2)
85 {
86  acl_main_t *am = &acl_main;
87  acl_lookup_context_t *acontext;
88 
89  if (!acl_user_id_valid(am, acl_user_id))
90  return VNET_API_ERROR_INVALID_REGISTRATION;
91 
92  void *oldheap = acl_plugin_set_heap ();
93 
94 
95  pool_get(am->acl_lookup_contexts, acontext);
96  acontext->acl_indices = 0;
97  acontext->context_user_id = acl_user_id;
98  acontext->user_val1 = val1;
99  acontext->user_val2 = val2;
100 
101  u32 new_context_id = acontext - am->acl_lookup_contexts;
102  vec_add1(am->acl_users[acl_user_id].lookup_contexts, new_context_id);
103 
104  clib_mem_set_heap (oldheap);
105  return new_context_id;
106 }
107 
108 static void
109 lock_acl(acl_main_t *am, u32 acl, u32 lc_index)
110 {
111  vec_validate(am->lc_index_vec_by_acl, acl);
112  elog_acl_cond_trace_X2(am, (am->trace_acl), "lock acl %d in lc_index %d", "i4i4", acl, lc_index);
113  vec_add1(am->lc_index_vec_by_acl[acl], lc_index);
114 }
115 
116 static void
117 lock_acl_vec(u32 lc_index, u32 *acls)
118 {
119  int i;
120  acl_main_t *am = &acl_main;
121  for(i=0; i<vec_len(acls); i++) {
122  lock_acl(am, acls[i], lc_index);
123  }
124 }
125 
126 static void
127 unlock_acl(acl_main_t *am, u32 acl, u32 lc_index)
128 {
129  vec_validate(am->lc_index_vec_by_acl, acl);
130  elog_acl_cond_trace_X2(am, (am->trace_acl), "unlock acl %d in lc_index %d", "i4i4", acl, lc_index);
131  u32 index = vec_search(am->lc_index_vec_by_acl[acl], lc_index);
132  if (index != ~0)
133  vec_del1(am->lc_index_vec_by_acl[acl], index);
134  else
135  clib_warning("BUG: can not unlock acl %d lc_index %d", acl, lc_index);
136 }
137 
138 static void
139 unlock_acl_vec(u32 lc_index, u32 *acls)
140 {
141  int i;
142  acl_main_t *am = &acl_main;
143  for(i=0; i<vec_len(acls); i++)
144  unlock_acl(am, acls[i], lc_index);
145 }
146 
147 
148 static void
149 apply_acl_vec(u32 lc_index, u32 *acls)
150 {
151  int i;
152  acl_main_t *am = &acl_main;
153 
154  for(i=0; i<vec_len(acls); i++)
155  hash_acl_apply(am, lc_index, acls[i], i);
156 }
157 
158 
159 static void
160 unapply_acl_vec(u32 lc_index, u32 *acls)
161 {
162  int i;
163  acl_main_t *am = &acl_main;
164  if (vec_len(acls) == 0)
165  return;
166  for(i=vec_len(acls); i > 0; i--)
167  hash_acl_unapply(am, lc_index, acls[i-1]);
168 }
169 
170 /*
171  * Release the lookup context index and destroy
172  * any asssociated data structures.
173  */
174 void acl_plugin_put_lookup_context_index (u32 lc_index)
175 {
176  acl_main_t *am = &acl_main;
177 
178  elog_acl_cond_trace_X1(am, (am->trace_acl), "LOOKUP-CONTEXT: put-context lc_index %d", "i4", lc_index);
179  if (!acl_lc_index_valid(am, lc_index)) {
180  clib_warning("BUG: lc_index %d is not valid", lc_index);
181  return;
182  }
183 
184  void *oldheap = acl_plugin_set_heap ();
185  acl_lookup_context_t *acontext = pool_elt_at_index(am->acl_lookup_contexts, lc_index);
186 
187  u32 index = vec_search(am->acl_users[acontext->context_user_id].lookup_contexts, lc_index);
188  ASSERT(index != ~0);
189 
190  vec_del1(am->acl_users[acontext->context_user_id].lookup_contexts, index);
191  unapply_acl_vec(lc_index, acontext->acl_indices);
192  unlock_acl_vec(lc_index, acontext->acl_indices);
193  vec_free(acontext->acl_indices);
194  pool_put(am->acl_lookup_contexts, acontext);
195  clib_mem_set_heap (oldheap);
196 }
197 
198 /*
199  * Prepare the sequential vector of ACL#s to lookup within a given context.
200  * Any existing list will be overwritten. acl_list is a vector.
201  */
202 int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
203 {
204  int rv = 0;
205  uword *seen_acl_bitmap = 0;
206  u32 *pacln = 0;
207  acl_main_t *am = &acl_main;
208  acl_lookup_context_t *acontext;
209  if (am->trace_acl) {
210  u32 i;
211  elog_acl_cond_trace_X1(am, (1), "LOOKUP-CONTEXT: set-acl-list lc_index %d", "i4", lc_index);
212  for(i=0; i<vec_len(acl_list); i++) {
213  elog_acl_cond_trace_X2(am, (1), " acl-list[%d]: %d", "i4i4", i, acl_list[i]);
214  }
215  }
216  if (!acl_lc_index_valid(am, lc_index)) {
217  clib_warning("BUG: lc_index %d is not valid", lc_index);
218  return -1;
219  }
220  void *oldheap = acl_plugin_set_heap ();
221 
222  vec_foreach (pacln, acl_list)
223  {
224  if (pool_is_free_index (am->acls, *pacln))
225  {
226  /* ACL is not defined. Can not apply */
227  clib_warning ("ERROR: ACL %d not defined", *pacln);
228  rv = VNET_API_ERROR_NO_SUCH_ENTRY;
229  goto done;
230  }
231  if (clib_bitmap_get (seen_acl_bitmap, *pacln))
232  {
233  /* ACL being applied twice within the list. error. */
234  clib_warning ("ERROR: ACL %d being applied twice", *pacln);
235  rv = VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
236  goto done;
237  }
238  seen_acl_bitmap = clib_bitmap_set (seen_acl_bitmap, *pacln, 1);
239  }
240 
241  acontext = pool_elt_at_index(am->acl_lookup_contexts, lc_index);
242  u32 *old_acl_vector = acontext->acl_indices;
243  acontext->acl_indices = vec_dup(acl_list);
244 
245  unapply_acl_vec(lc_index, old_acl_vector);
246  unlock_acl_vec(lc_index, old_acl_vector);
247  lock_acl_vec(lc_index, acontext->acl_indices);
248  apply_acl_vec(lc_index, acontext->acl_indices);
249 
250  vec_free(old_acl_vector);
251 
252 done:
253  clib_bitmap_free (seen_acl_bitmap);
254  clib_mem_set_heap (oldheap);
255  return rv;
256 }
257 
258 
259 void acl_plugin_lookup_context_notify_acl_change(u32 acl_num)
260 {
261  acl_main_t *am = &acl_main;
262  if (acl_plugin_acl_exists(acl_num)) {
263  if (hash_acl_exists(am, acl_num)) {
264  /* this is a modification, clean up the older entries */
265  hash_acl_delete(am, acl_num);
266  }
267  hash_acl_add(am, acl_num);
268  } else {
269  /* this is a deletion notification */
270  hash_acl_delete(am, acl_num);
271  }
272 }
273 
274 
275 /* Fill the 5-tuple from the packet */
276 
277 void acl_plugin_fill_5tuple (u32 lc_index, vlib_buffer_t * b0, int is_ip6, int is_input,
278  int is_l2_path, fa_5tuple_opaque_t * p5tuple_pkt)
279 {
280  acl_plugin_fill_5tuple_inline(lc_index, b0, is_ip6, is_input, is_l2_path, p5tuple_pkt);
281 }
282 
283 int acl_plugin_match_5tuple (u32 lc_index,
284  fa_5tuple_opaque_t * pkt_5tuple,
285  int is_ip6, u8 * r_action,
286  u32 * r_acl_pos_p,
287  u32 * r_acl_match_p,
288  u32 * r_rule_match_p,
289  u32 * trace_bitmap)
290 {
291  return acl_plugin_match_5tuple_inline (lc_index, pkt_5tuple, is_ip6, r_action, r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap);
292 }
293 
294 
295 void
296 acl_plugin_show_lookup_user (u32 user_index)
297 {
298  acl_main_t *am = &acl_main;
299  vlib_main_t *vm = am->vlib_main;
300  acl_lookup_context_user_t *auser;
301 
302  pool_foreach (auser, am->acl_users,
303  ({
304  u32 curr_user_index = (auser - am->acl_users);
305  if (user_index == ~0 || (curr_user_index == user_index)) {
306  vlib_cli_output (vm, "index %d:%s:%s:%s", curr_user_index, auser->user_module_name, auser->val1_label, auser->val2_label);
307  }
308  }));
309 }
310 
311 
312 void
313 acl_plugin_show_lookup_context (u32 lc_index)
314 {
315  acl_main_t *am = &acl_main;
316  vlib_main_t *vm = am->vlib_main;
317  acl_lookup_context_t *acontext;
318  // clib_warning("LOOKUP-CONTEXT: lc_index %d acl_list [ %U ]", lc_index, format_vec32, acl_list, "%d");
319  if (!am->acl_lookup_contexts)
320  {
321  vlib_cli_output(vm, "ACL lookup contexts are not initialized");
322  return;
323  }
324 
325  pool_foreach (acontext, am->acl_lookup_contexts,
326  ({
327  u32 curr_lc_index = (acontext - am->acl_lookup_contexts);
328  if ((lc_index == ~0) || (curr_lc_index == lc_index)) {
329  if (acl_user_id_valid(am, acontext->context_user_id)) {
330  acl_lookup_context_user_t *auser = pool_elt_at_index(am->acl_users, acontext->context_user_id);
331  vlib_cli_output (vm, "index %d:%s %s: %d %s: %d, acl_indices: %U",
332  curr_lc_index, auser->user_module_name, auser->val1_label,
333  acontext->user_val1, auser->val2_label, acontext->user_val2,
334  format_vec32, acontext->acl_indices, "%d");
335  } else {
336  vlib_cli_output (vm, "index %d: user_id: %d user_val1: %d user_val2: %d, acl_indices: %U",
337  curr_lc_index, acontext->context_user_id,
338  acontext->user_val1, acontext->user_val2,
339  format_vec32, acontext->acl_indices, "%d");
340  }
341  }
342  }));
343 }
vec_validate
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:434
acl_lookup_context_t::acl_indices
u32 * acl_indices
Definition: lookup_context.h:32
acl_plugin_fill_5tuple
void acl_plugin_fill_5tuple(u32 lc_index, vlib_buffer_t *b0, int is_ip6, int is_input, int is_l2_path, fa_5tuple_opaque_t *p5tuple_pkt)
Definition: lookup_context.c:277
acl_lookup_context_t
Definition: lookup_context.h:30
public_inlines.h
unapply_acl_vec
static void unapply_acl_vec(u32 lc_index, u32 *acls)
Definition: lookup_context.c:160
hash_acl_unapply
void hash_acl_unapply(acl_main_t *am, u32 lc_index, int acl_index)
Definition: hash_lookup.c:415
unlock_acl
static void unlock_acl(acl_main_t *am, u32 acl, u32 lc_index)
Definition: lookup_context.c:127
acl_lookup_context_t::context_user_id
u32 context_user_id
Definition: lookup_context.h:34
vec_add1
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:520
i
int i
Definition: flowhash_template.h:376
acl_main
acl_main_t acl_main
Definition: jvpp_acl.h:39
clib_bitmap_set
static uword * clib_bitmap_set(uword *ai, uword i, uword value)
Sets the ith bit of a bitmap to new_value Removes trailing zeros from the bitmap. ...
Definition: bitmap.h:167
pool_get
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:227
acl_plugin_lookup_context_notify_acl_change
void acl_plugin_lookup_context_notify_acl_change(u32 acl_num)
Definition: lookup_context.c:259
acl_lookup_context_t::user_val1
u32 user_val1
Definition: lookup_context.h:36
hash_acl_add
void hash_acl_add(acl_main_t *am, int acl_index)
Definition: hash_lookup.c:669
acl_main_t::lc_index_vec_by_acl
u32 ** lc_index_vec_by_acl
Definition: acl.h:193
pool_foreach
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
Definition: pool.h:440
acl_plugin_set_acl_vec_for_context
int acl_plugin_set_acl_vec_for_context(u32 lc_index, u32 *acl_list)
Definition: lookup_context.c:202
elog_acl_cond_trace_X1
#define elog_acl_cond_trace_X1(am, trace_cond, acl_elog_trace_format_label, acl_elog_trace_format_args, acl_elog_val1)
Definition: elog_acl_trace.h:22
lock_acl
static void lock_acl(acl_main_t *am, u32 acl, u32 lc_index)
Definition: lookup_context.c:109
vec_search
#define vec_search(v, E)
Search a vector for the index of the entry that matches.
Definition: vec.h:939
acl_lc_index_valid
static int acl_lc_index_valid(acl_main_t *am, u32 lc_index)
Definition: lookup_context.c:53
hash_acl_apply
void hash_acl_apply(acl_main_t *am, u32 lc_index, int acl_index, u32 acl_position)
Definition: hash_lookup.c:197
acl_plugin_put_lookup_context_index
void acl_plugin_put_lookup_context_index(u32 lc_index)
Definition: lookup_context.c:174
hash_acl_exists
int hash_acl_exists(acl_main_t *am, int acl_index)
Definition: hash_lookup.c:660
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:461
hash_lookup.h
apply_acl_vec
static void apply_acl_vec(u32 lc_index, u32 *acls)
Definition: lookup_context.c:149
pool_put
#define pool_put(P, E)
Free an object E in pool P.
Definition: pool.h:273
vec_dup
#define vec_dup(V)
Return copy of vector (no header, no alignment)
Definition: vec.h:370
elog_acl_cond_trace_X2
#define elog_acl_cond_trace_X2(am, trace_cond, acl_elog_trace_format_label, acl_elog_trace_format_args,acl_elog_val1, acl_elog_val2)
Definition: elog_acl_trace.h:47
vec_del1
#define vec_del1(v, i)
Delete the element at index I.
Definition: vec.h:803
acl_lookup_context_t::user_val2
u32 user_val2
Definition: lookup_context.h:38
acl_lookup_context_user_t::lookup_contexts
u32 * lookup_contexts
Definition: lookup_context.h:27
elog_acl_trace.h
acl_plugin_get_lookup_context_index
int acl_plugin_get_lookup_context_index(u32 acl_user_id, u32 val1, u32 val2)
Definition: lookup_context.c:84
fa_node.h
vm
vlib_main_t * vm
Definition: buffer.c:294
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:336
clib_mem_set_heap
static void * clib_mem_set_heap(void *heap)
Definition: mem.h:226
hash_acl_delete
void hash_acl_delete(acl_main_t *am, int acl_index)
Definition: hash_lookup.c:721
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
vlib_buffer_t
Definition: buffer.h:98
acl_plugin_show_lookup_user
void acl_plugin_show_lookup_user(u32 user_index)
Definition: lookup_context.c:296
pool_is_free_index
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
Definition: pool.h:270
clib_bitmap_get
static uword clib_bitmap_get(uword *ai, uword i)
Gets the ith bit value from a bitmap.
Definition: bitmap.h:197
acl_main_t
Definition: jvpp_acl.h:26
acl_main_t::trace_acl
int trace_acl
Definition: acl.h:278
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
u32
unsigned int u32
Definition: types.h:88
get_acl_user_id
static u32 get_acl_user_id(acl_main_t *am, char *user_module_name, char *val1_label, char *val2_label)
Definition: lookup_context.c:26
acl_plugin_match_5tuple_inline
static int acl_plugin_match_5tuple_inline(u32 lc_index, fa_5tuple_opaque_t *pkt_5tuple, int is_ip6, u8 *r_action, u32 *r_acl_pos_p, u32 *r_acl_match_p, u32 *r_rule_match_p, u32 *trace_bitmap)
Definition: public_inlines.h:720
acl_plugin_show_lookup_context
void acl_plugin_show_lookup_context(u32 lc_index)
Definition: lookup_context.c:313
clib_bitmap_free
#define clib_bitmap_free(v)
Free a bitmap.
Definition: bitmap.h:92
uword
u64 uword
Definition: types.h:112
acl_main_t::acl_lookup_contexts
acl_lookup_context_t * acl_lookup_contexts
Definition: acl.h:151
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
u8
unsigned char u8
Definition: types.h:56
vlib_main_t
Definition: main.h:59
unlock_acl_vec
static void unlock_acl_vec(u32 lc_index, u32 *acls)
Definition: lookup_context.c:139
acl_plugin_set_heap
void * acl_plugin_set_heap()
Definition: acl.c:161
acl_plugin_acl_exists
u8 acl_plugin_acl_exists(u32 acl_index)
Definition: acl.c:110
fa_5tuple_opaque_t
Definition: fa_node.h:57
vec_foreach
#define vec_foreach(var, vec)
Vector iterator.
Definition: vec_bootstrap.h:184
acl_user_id_valid
static int acl_user_id_valid(acl_main_t *am, u32 acl_user_id)
Definition: lookup_context.c:44
lock_acl_vec
static void lock_acl_vec(u32 lc_index, u32 *acls)
Definition: lookup_context.c:117
vlib_cli_output
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
Definition: cli.c:680
acl_main_t::acls
acl_list_t * acls
Definition: acl.h:153
acl_main_t::acl_users
acl_lookup_context_user_t * acl_users
Definition: acl.h:149
acl_plugin_fill_5tuple_inline
static void acl_plugin_fill_5tuple_inline(u32 lc_index, vlib_buffer_t *b0, int is_ip6, int is_input, int is_l2_path, fa_5tuple_opaque_t *p5tuple_pkt)
Definition: public_inlines.h:353
acl_plugin_register_user_module
u32 acl_plugin_register_user_module(char *user_module_name, char *val1_label, char *val2_label)
Definition: lookup_context.c:67
acl_lookup_context_user_t
Definition: lookup_context.h:19
acl_main_t::vlib_main
foreach_fa_cleaner_counter vlib_main_t * vlib_main
Definition: acl.h:326
acl_plugin_match_5tuple
int acl_plugin_match_5tuple(u32 lc_index, fa_5tuple_opaque_t *pkt_5tuple, int is_ip6, u8 *r_action, u32 *r_acl_pos_p, u32 *r_acl_match_p, u32 *r_rule_match_p, u32 *trace_bitmap)
Definition: lookup_context.c:283