FD.io VPP  v21.06
Vector Packet Processing
l2_in_out_acl.c
Go to the documentation of this file.
1 /*
2  * l2_in_out_acl.c : layer 2 input/output acl processing
3  *
4  * Copyright (c) 2013,2018 Cisco and/or its affiliates.
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 
18 #include <vlib/vlib.h>
19 #include <vnet/vnet.h>
20 #include <vnet/ethernet/ethernet.h>
21 #include <vnet/ethernet/packet.h>
22 #include <vnet/ip/ip_packet.h>
23 #include <vnet/ip/ip4_packet.h>
24 #include <vnet/ip/ip6_packet.h>
25 #include <vlib/cli.h>
26 #include <vnet/l2/l2_input.h>
27 #include <vnet/l2/l2_output.h>
28 #include <vnet/l2/feat_bitmap.h>
29 
30 #include <vppinfra/error.h>
31 #include <vppinfra/hash.h>
32 #include <vppinfra/cache.h>
33 
34 #include <vnet/classify/vnet_classify.h>
35 #include <vnet/classify/in_out_acl.h>
36 
37 typedef struct
38 {
39 
40  /* Next nodes for each feature */
41  u32 feat_next_node_index[IN_OUT_ACL_N_TABLE_GROUPS][32];
42 
43  /* convenience variables */
44  vlib_main_t *vlib_main;
45  vnet_main_t *vnet_main;
46 } l2_in_out_acl_main_t;
47 
48 typedef struct
49 {
50  u32 sw_if_index;
51  u32 next_index;
52  u32 table_index;
53  u32 offset;
54 } l2_in_out_acl_trace_t;
55 
56 /* packet trace format function */
57 static u8 *
58 format_l2_in_out_acl_trace (u8 * s, u32 is_output, va_list * args)
59 {
60  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
61  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
62  l2_in_out_acl_trace_t *t = va_arg (*args, l2_in_out_acl_trace_t *);
63 
64  s = format (s, "%s: sw_if_index %d, next_index %d, table %d, offset %d",
65  is_output ? "OUTACL" : "INACL",
66  t->sw_if_index, t->next_index, t->table_index, t->offset);
67  return s;
68 }
69 
70 static u8 *
71 format_l2_inacl_trace (u8 * s, va_list * args)
72 {
73  return format_l2_in_out_acl_trace (s, IN_OUT_ACL_INPUT_TABLE_GROUP, args);
74 }
75 
76 static u8 *
77 format_l2_outacl_trace (u8 * s, va_list * args)
78 {
79  return format_l2_in_out_acl_trace (s, IN_OUT_ACL_OUTPUT_TABLE_GROUP, args);
80 }
81 
82 extern l2_in_out_acl_main_t l2_in_out_acl_main;
83 
84 #ifndef CLIB_MARCH_VARIANT
85 l2_in_out_acl_main_t l2_in_out_acl_main;
86 #endif /* CLIB_MARCH_VARIANT */
87 
88 extern vlib_node_registration_t l2_inacl_node;
89 extern vlib_node_registration_t l2_outacl_node;
90 
91 #define foreach_l2_inacl_error \
92 _(NONE, "valid input ACL packets") \
93 _(MISS, "input ACL misses") \
94 _(HIT, "input ACL hits") \
95 _(CHAIN_HIT, "input ACL hits after chain walk") \
96 _(TABLE_MISS, "input ACL table-miss drops") \
97 _(SESSION_DENY, "input ACL session deny drops")
98 
99 #define foreach_l2_outacl_error \
100 _(NONE, "valid output ACL packets") \
101 _(MISS, "output ACL misses") \
102 _(HIT, "output ACL hits") \
103 _(CHAIN_HIT, "output ACL hits after chain walk") \
104 _(TABLE_MISS, "output ACL table-miss drops") \
105 _(SESSION_DENY, "output ACL session deny drops")
106 
107 
108 typedef enum
109 {
110 #define _(sym,str) L2_INACL_ERROR_##sym,
111  foreach_l2_inacl_error
112 #undef _
113  L2_INACL_N_ERROR,
114 } l2_inacl_error_t;
115 
116 static char *l2_inacl_error_strings[] = {
117 #define _(sym,string) string,
118  foreach_l2_inacl_error
119 #undef _
120 };
121 
122 typedef enum
123 {
124 #define _(sym,str) L2_OUTACL_ERROR_##sym,
125  foreach_l2_outacl_error
126 #undef _
127  L2_OUTACL_N_ERROR,
128 } l2_outacl_error_t;
129 
130 static char *l2_outacl_error_strings[] = {
131 #define _(sym,string) string,
132  foreach_l2_outacl_error
133 #undef _
134 };
135 
136 
137 static inline uword
138 l2_in_out_acl_node_fn (vlib_main_t * vm,
139  vlib_node_runtime_t * node, vlib_frame_t * frame,
140  int is_output)
141 {
142  u32 n_left_from, *from, *to_next;
143  acl_next_index_t next_index;
144  l2_in_out_acl_main_t *msm = &l2_in_out_acl_main;
145  in_out_acl_main_t *am = &in_out_acl_main;
146  vnet_classify_main_t *vcm = am->vnet_classify_main;
147  in_out_acl_table_id_t tid = IN_OUT_ACL_TABLE_L2;
148  f64 now = vlib_time_now (vm);
149  u32 hits = 0;
150  u32 misses = 0;
151  u32 chain_hits = 0;
152 
153  from = vlib_frame_vector_args (frame);
154  n_left_from = frame->n_vectors; /* number of packets to process */
155  next_index = node->cached_next_index;
156 
157  /* First pass: compute hashes */
158  while (n_left_from > 2)
159  {
160  vlib_buffer_t *b0, *b1;
161  u32 bi0, bi1;
162  u8 *h0, *h1;
163  u32 sw_if_index0, sw_if_index1;
164  u32 table_index0, table_index1;
165  vnet_classify_table_t *t0, *t1;
166 
167  /* prefetch next iteration */
168  {
169  vlib_buffer_t *p1, *p2;
170 
171  p1 = vlib_get_buffer (vm, from[1]);
172  p2 = vlib_get_buffer (vm, from[2]);
173 
174  vlib_prefetch_buffer_header (p1, STORE);
175  CLIB_PREFETCH (p1->data, CLIB_CACHE_LINE_BYTES, STORE);
176  vlib_prefetch_buffer_header (p2, STORE);
177  CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, STORE);
178  }
179 
180  bi0 = from[0];
181  b0 = vlib_get_buffer (vm, bi0);
182 
183  bi1 = from[1];
184  b1 = vlib_get_buffer (vm, bi1);
185 
186  sw_if_index0 =
187  vnet_buffer (b0)->sw_if_index[is_output ? VLIB_TX : VLIB_RX];
188  table_index0 =
189  am->classify_table_index_by_sw_if_index[is_output][tid][sw_if_index0];
190 
191  sw_if_index1 =
192  vnet_buffer (b1)->sw_if_index[is_output ? VLIB_TX : VLIB_RX];
193  table_index1 =
194  am->classify_table_index_by_sw_if_index[is_output][tid][sw_if_index1];
195 
196  t0 = pool_elt_at_index (vcm->tables, table_index0);
197 
198  t1 = pool_elt_at_index (vcm->tables, table_index1);
199 
200  if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
201  h0 = (void *) vlib_buffer_get_current (b0) + t0->current_data_offset;
202  else
203  h0 = (void *) vlib_buffer_get_current (b0);
204 
205  vnet_buffer (b0)->l2_classify.hash =
206  vnet_classify_hash_packet (t0, (u8 *) h0);
207 
208  vnet_classify_prefetch_bucket (t0, vnet_buffer (b0)->l2_classify.hash);
209 
210  if (t1->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
211  h1 = (void *) vlib_buffer_get_current (b1) + t1->current_data_offset;
212  else
213  h1 = (void *) vlib_buffer_get_current (b1);
214 
215  vnet_buffer (b1)->l2_classify.hash =
216  vnet_classify_hash_packet (t1, (u8 *) h1);
217 
218  vnet_classify_prefetch_bucket (t1, vnet_buffer (b1)->l2_classify.hash);
219 
220  vnet_buffer (b0)->l2_classify.table_index = table_index0;
221 
222  vnet_buffer (b1)->l2_classify.table_index = table_index1;
223 
224  from += 2;
225  n_left_from -= 2;
226  }
227 
228  while (n_left_from > 0)
229  {
230  vlib_buffer_t *b0;
231  u32 bi0;
232  u8 *h0;
233  u32 sw_if_index0;
234  u32 table_index0;
235  vnet_classify_table_t *t0;
236 
237  bi0 = from[0];
238  b0 = vlib_get_buffer (vm, bi0);
239 
240  sw_if_index0 =
241  vnet_buffer (b0)->sw_if_index[is_output ? VLIB_TX : VLIB_RX];
242  table_index0 =
243  am->classify_table_index_by_sw_if_index[is_output][tid][sw_if_index0];
244 
245  t0 = pool_elt_at_index (vcm->tables, table_index0);
246 
247  if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
248  h0 = (void *) vlib_buffer_get_current (b0) + t0->current_data_offset;
249  else
250  h0 = (void *) vlib_buffer_get_current (b0);
251 
252  vnet_buffer (b0)->l2_classify.hash =
253  vnet_classify_hash_packet (t0, (u8 *) h0);
254 
255  vnet_buffer (b0)->l2_classify.table_index = table_index0;
256  vnet_classify_prefetch_bucket (t0, vnet_buffer (b0)->l2_classify.hash);
257 
258  from++;
259  n_left_from--;
260  }
261 
262  next_index = node->cached_next_index;
263  from = vlib_frame_vector_args (frame);
264  n_left_from = frame->n_vectors;
265 
266  while (n_left_from > 0)
267  {
268  u32 n_left_to_next;
269 
270  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
271 
272  /* Not enough load/store slots to dual loop... */
273  while (n_left_from > 0 && n_left_to_next > 0)
274  {
275  u32 bi0;
276  vlib_buffer_t *b0;
277  u32 next0 = ACL_NEXT_INDEX_DENY;
278  u32 table_index0;
279  vnet_classify_table_t *t0;
280  vnet_classify_entry_t *e0;
281  u64 hash0;
282  u8 *h0;
283  u8 error0;
284 
285  /* Stride 3 seems to work best */
286  if (PREDICT_TRUE (n_left_from > 3))
287  {
288  vlib_buffer_t *p1 = vlib_get_buffer (vm, from[3]);
289  vnet_classify_table_t *tp1;
290  u32 table_index1;
291  u64 phash1;
292 
293  table_index1 = vnet_buffer (p1)->l2_classify.table_index;
294 
295  if (PREDICT_TRUE (table_index1 != ~0))
296  {
297  tp1 = pool_elt_at_index (vcm->tables, table_index1);
298  phash1 = vnet_buffer (p1)->l2_classify.hash;
299  vnet_classify_prefetch_entry (tp1, phash1);
300  }
301  }
302 
303  /* speculatively enqueue b0 to the current next frame */
304  bi0 = from[0];
305  to_next[0] = bi0;
306  from += 1;
307  to_next += 1;
308  n_left_from -= 1;
309  n_left_to_next -= 1;
310 
311  b0 = vlib_get_buffer (vm, bi0);
312 
313  table_index0 = vnet_buffer (b0)->l2_classify.table_index;
314  e0 = 0;
315  t0 = 0;
316 
317  vnet_buffer (b0)->l2_classify.opaque_index = ~0;
318 
319  /* Determine the next node */
320  next0 =
321  vnet_l2_feature_next (b0, msm->feat_next_node_index[is_output],
322  is_output ? L2OUTPUT_FEAT_ACL :
323  L2INPUT_FEAT_ACL);
324 
325  if (PREDICT_TRUE (table_index0 != ~0))
326  {
327  hash0 = vnet_buffer (b0)->l2_classify.hash;
328  t0 = pool_elt_at_index (vcm->tables, table_index0);
329 
330  if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
331  h0 =
332  (void *) vlib_buffer_get_current (b0) +
333  t0->current_data_offset;
334  else
335  h0 = (void *) vlib_buffer_get_current (b0);
336 
337  e0 = vnet_classify_find_entry (t0, (u8 *) h0, hash0, now);
338  if (e0)
339  {
340  vnet_buffer (b0)->l2_classify.opaque_index
341  = e0->opaque_index;
342  vlib_buffer_advance (b0, e0->advance);
343 
344  next0 = (e0->next_index < ACL_NEXT_INDEX_N_NEXT) ?
345  e0->next_index : next0;
346 
347  hits++;
348 
349  if (is_output)
350  error0 = (next0 == ACL_NEXT_INDEX_DENY) ?
351  L2_OUTACL_ERROR_SESSION_DENY : L2_INACL_ERROR_NONE;
352  else
353  error0 = (next0 == ACL_NEXT_INDEX_DENY) ?
354  L2_OUTACL_ERROR_SESSION_DENY : L2_OUTACL_ERROR_NONE;
355  b0->error = node->errors[error0];
356  }
357  else
358  {
359  while (1)
360  {
361  if (PREDICT_TRUE (t0->next_table_index != ~0))
362  t0 = pool_elt_at_index (vcm->tables,
363  t0->next_table_index);
364  else
365  {
366  next0 =
367  (t0->miss_next_index <
368  ACL_NEXT_INDEX_N_NEXT) ? t0->miss_next_index :
369  next0;
370 
371  misses++;
372 
373  if (is_output)
374  error0 = (next0 == ACL_NEXT_INDEX_DENY) ?
375  L2_OUTACL_ERROR_TABLE_MISS :
376  L2_OUTACL_ERROR_NONE;
377  else
378  error0 = (next0 == ACL_NEXT_INDEX_DENY) ?
379  L2_INACL_ERROR_TABLE_MISS : L2_INACL_ERROR_NONE;
380  b0->error = node->errors[error0];
381  break;
382  }
383 
384  if (t0->current_data_flag ==
385  CLASSIFY_FLAG_USE_CURR_DATA)
386  h0 =
387  (void *) vlib_buffer_get_current (b0) +
388  t0->current_data_offset;
389  else
390  h0 = (void *) vlib_buffer_get_current (b0);
391 
392  hash0 = vnet_classify_hash_packet (t0, (u8 *) h0);
393  e0 = vnet_classify_find_entry
394  (t0, (u8 *) h0, hash0, now);
395  if (e0)
396  {
397  vlib_buffer_advance (b0, e0->advance);
398  next0 = (e0->next_index < ACL_NEXT_INDEX_N_NEXT) ?
399  e0->next_index : next0;
400  hits++;
401  chain_hits++;
402 
403  if (is_output)
404  error0 = (next0 == ACL_NEXT_INDEX_DENY) ?
405  L2_OUTACL_ERROR_SESSION_DENY :
406  L2_OUTACL_ERROR_NONE;
407  else
408  error0 = (next0 == ACL_NEXT_INDEX_DENY) ?
409  L2_INACL_ERROR_SESSION_DENY :
410  L2_INACL_ERROR_NONE;
411  b0->error = node->errors[error0];
412  break;
413  }
414  }
415  }
416  }
417 
418  if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
419  && (b0->flags & VLIB_BUFFER_IS_TRACED)))
420  {
421  l2_in_out_acl_trace_t *t =
422  vlib_add_trace (vm, node, b0, sizeof (*t));
423  t->sw_if_index =
424  vnet_buffer (b0)->sw_if_index[is_output ? VLIB_TX : VLIB_RX];
425  t->next_index = next0;
426  t->table_index = t0 ? t0 - vcm->tables : ~0;
427  t->offset = (t0 && e0) ? vnet_classify_get_offset (t0, e0) : ~0;
428  }
429 
430  /* verify speculative enqueue, maybe switch current next frame */
431  vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
432  to_next, n_left_to_next,
433  bi0, next0);
434  }
435 
436  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
437  }
438 
439  vlib_node_increment_counter (vm, node->node_index,
440  is_output ? L2_OUTACL_ERROR_MISS :
441  L2_INACL_ERROR_MISS, misses);
442  vlib_node_increment_counter (vm, node->node_index,
443  is_output ? L2_OUTACL_ERROR_HIT :
444  L2_INACL_ERROR_HIT, hits);
445  vlib_node_increment_counter (vm, node->node_index,
446  is_output ? L2_OUTACL_ERROR_CHAIN_HIT :
447  L2_INACL_ERROR_CHAIN_HIT, chain_hits);
448  return frame->n_vectors;
449 }
450 
451 VLIB_NODE_FN (l2_inacl_node) (vlib_main_t * vm,
452  vlib_node_runtime_t * node,
453  vlib_frame_t * frame)
454 {
455  return l2_in_out_acl_node_fn (vm, node, frame,
456  IN_OUT_ACL_INPUT_TABLE_GROUP);
457 }
458 
459 VLIB_NODE_FN (l2_outacl_node) (vlib_main_t * vm,
460  vlib_node_runtime_t * node,
461  vlib_frame_t * frame)
462 {
463  return l2_in_out_acl_node_fn (vm, node, frame,
464  IN_OUT_ACL_OUTPUT_TABLE_GROUP);
465 }
466 
467 /* *INDENT-OFF* */
468 VLIB_REGISTER_NODE (l2_inacl_node) = {
469  .name = "l2-input-acl",
470  .vector_size = sizeof (u32),
471  .format_trace = format_l2_inacl_trace,
472  .type = VLIB_NODE_TYPE_INTERNAL,
473 
474  .n_errors = ARRAY_LEN(l2_inacl_error_strings),
475  .error_strings = l2_inacl_error_strings,
476 
477  .n_next_nodes = ACL_NEXT_INDEX_N_NEXT,
478 
479  /* edit / add dispositions here */
480  .next_nodes = {
481  [ACL_NEXT_INDEX_DENY] = "error-drop",
482  },
483 };
484 
485 VLIB_REGISTER_NODE (l2_outacl_node) = {
486  .name = "l2-output-acl",
487  .vector_size = sizeof (u32),
488  .format_trace = format_l2_outacl_trace,
489  .type = VLIB_NODE_TYPE_INTERNAL,
490 
491  .n_errors = ARRAY_LEN(l2_outacl_error_strings),
492  .error_strings = l2_outacl_error_strings,
493 
494  .n_next_nodes = ACL_NEXT_INDEX_N_NEXT,
495 
496  /* edit / add dispositions here */
497  .next_nodes = {
498  [ACL_NEXT_INDEX_DENY] = "error-drop",
499  },
500 };
501 /* *INDENT-ON* */
502 
503 
504 #ifndef CLIB_MARCH_VARIANT
505 clib_error_t *
506 l2_in_out_acl_init (vlib_main_t * vm)
507 {
508  l2_in_out_acl_main_t *mp = &l2_in_out_acl_main;
509 
510  mp->vlib_main = vm;
511  mp->vnet_main = vnet_get_main ();
512 
513  /* Initialize the feature next-node indexes */
514  feat_bitmap_init_next_nodes (vm,
515  l2_inacl_node.index,
516  L2INPUT_N_FEAT,
517  l2input_get_feat_names (),
518  mp->feat_next_node_index
519  [IN_OUT_ACL_INPUT_TABLE_GROUP]);
520  feat_bitmap_init_next_nodes (vm, l2_outacl_node.index, L2OUTPUT_N_FEAT,
521  l2output_get_feat_names (),
522  mp->feat_next_node_index
523  [IN_OUT_ACL_OUTPUT_TABLE_GROUP]);
524 
525  return 0;
526 }
527 
528 VLIB_INIT_FUNCTION (l2_in_out_acl_init);
529 #endif /* CLIB_MARCH_VARIANT */
530 
531 /*
532  * fd.io coding-style-patch-verification: ON
533  *
534  * Local Variables:
535  * eval: (c-set-style "gnu")
536  * End:
537  */
vnet_classify_hash_packet
u64 vnet_classify_hash_packet(vnet_classify_table_t *t, u8 *h)
l2_in_out_acl_node_fn
static uword l2_in_out_acl_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame, int is_output)
Definition: l2_in_out_acl.c:138
l2_inacl_node
vlib_node_registration_t l2_inacl_node
(constructor) VLIB_REGISTER_NODE (l2_inacl_node)
Definition: l2_in_out_acl.c:468
vlib_buffer_t::flags
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
Definition: buffer.h:133
from
from
Definition: nat44_ei_hairpinning.c:415
CLIB_UNUSED
#define CLIB_UNUSED(x)
Definition: clib.h:90
l2output_get_feat_names
char ** l2output_get_feat_names(void)
Definition: l2_output.c:38
IN_OUT_ACL_INPUT_TABLE_GROUP
Definition: in_out_acl.h:39
PREDICT_TRUE
#define PREDICT_TRUE(x)
Definition: clib.h:125
u64
unsigned long u64
Definition: types.h:89
in_out_acl_main_t::classify_table_index_by_sw_if_index
u32 * classify_table_index_by_sw_if_index[IN_OUT_ACL_N_TABLE_GROUPS][IN_OUT_ACL_N_TABLES]
Definition: in_out_acl.h:50
vlib_time_now
static f64 vlib_time_now(vlib_main_t *vm)
Definition: main.h:325
ip6_packet.h
frame
vlib_main_t vlib_node_runtime_t vlib_frame_t * frame
Definition: nat44_ei.c:3048
L2OUTPUT_N_FEAT
Definition: l2_output.h:105
foreach_l2_inacl_error
#define foreach_l2_inacl_error
Definition: l2_in_out_acl.c:91
vnet_classify_table_t::current_data_flag
vnet_classify_flags_t current_data_flag
Definition: vnet_classify.h:174
l2_in_out_acl_main_t::vnet_main
vnet_main_t * vnet_main
Definition: l2_in_out_acl.c:45
VLIB_NODE_FN
#define VLIB_NODE_FN(node)
Definition: node.h:202
vlib_node_runtime_t::errors
vlib_error_t * errors
Vector of errors for this node.
Definition: node.h:461
vnet_classify_table_t
Definition: vnet_classify.h:147
u8
unsigned char u8
Definition: types.h:56
vlib_frame_t
Definition: node.h:373
vnet_l2_feature_next
static u32 vnet_l2_feature_next(vlib_buffer_t *b, u32 *next_nodes, u32 feat_bit)
Return the graph node index for the feature corresponding to the next set bit after clearing the curr...
Definition: feat_bitmap.h:94
format_l2_outacl_trace
static u8 * format_l2_outacl_trace(u8 *s, va_list *args)
Definition: l2_in_out_acl.c:77
in_out_acl.h
f64
double f64
Definition: types.h:142
u32
unsigned int u32
Definition: types.h:88
feat_bitmap.h
vlib_node_runtime_t
Definition: node.h:455
format_l2_inacl_trace
static u8 * format_l2_inacl_trace(u8 *s, va_list *args)
Definition: l2_in_out_acl.c:71
if
if(node->flags &VLIB_NODE_FLAG_TRACE) vnet_interface_output_trace(vm
l2_input.h
ACL_NEXT_INDEX_N_NEXT
Definition: in_out_acl.h:26
VLIB_INIT_FUNCTION
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:172
l2_outacl_error_t
l2_outacl_error_t
Definition: l2_in_out_acl.c:122
l2_in_out_acl_main_t::vlib_main
vlib_main_t * vlib_main
Definition: l2_in_out_acl.c:44
format
description fragment has unexpected format
Definition: map.api:433
vlib_prefetch_buffer_header
#define vlib_prefetch_buffer_header(b, type)
Prefetch buffer metadata.
Definition: buffer.h:231
vnet_get_main
vnet_main_t * vnet_get_main(void)
Definition: pnat_test_stubs.h:56
l2_in_out_acl_main
l2_in_out_acl_main_t l2_in_out_acl_main
Definition: l2_in_out_acl.c:85
L2_OUTACL_N_ERROR
Definition: l2_in_out_acl.c:127
vnet_classify_prefetch_bucket
static void vnet_classify_prefetch_bucket(vnet_classify_table_t *t, u64 hash)
Definition: vnet_classify.h:323
l2_inacl_error_t
l2_inacl_error_t
Definition: l2_in_out_acl.c:108
ip_packet.h
vnet_classify_prefetch_entry
static void vnet_classify_prefetch_entry(vnet_classify_table_t *t, u64 hash)
Definition: vnet_classify.h:371
L2_INACL_N_ERROR
Definition: l2_in_out_acl.c:113
vnet_classify_entry_t
struct _vnet_classify_entry vnet_classify_entry_t
type
vl_api_fib_path_type_t type
Definition: fib_types.api:123
vlib_buffer_t::error
vlib_error_t error
Error code for buffers to be enqueued to error handler.
Definition: buffer.h:145
vnet_classify_table_t::current_data_offset
i16 current_data_offset
Definition: vnet_classify.h:173
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:553
ip4_packet.h
CLASSIFY_FLAG_USE_CURR_DATA
Definition: vnet_classify.h:40
vlib_buffer_get_current
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:257
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:124
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
vlib_node_runtime_t::node_index
u32 node_index
Node index.
Definition: node.h:479
vlib_validate_buffer_enqueue_x1
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
Definition: buffer_node.h:224
vlib_get_next_frame
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
Definition: node_funcs.h:395
vlib_node_increment_counter
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
Definition: node_funcs.h:1244
vnet_classify_get_offset
static uword vnet_classify_get_offset(vnet_classify_table_t *t, vnet_classify_entry_t *v)
Definition: vnet_classify.h:344
foreach_l2_outacl_error
#define foreach_l2_outacl_error
Definition: l2_in_out_acl.c:99
l2_in_out_acl_trace_t::next_index
u32 next_index
Definition: l2_in_out_acl.c:51
VLIB_REGISTER_NODE
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169
vlib_frame_t::n_vectors
u16 n_vectors
Definition: node.h:388
CLIB_PREFETCH
#define CLIB_PREFETCH(addr, size, type)
Definition: cache.h:80
ACL_NEXT_INDEX_DENY
Definition: in_out_acl.h:25
feat_bitmap_init_next_nodes
static void feat_bitmap_init_next_nodes(vlib_main_t *vm, u32 node_index, u32 num_features, char **feat_names, u32 *next_nodes)
Initialize the feature next-node indexes of a graph node.
Definition: feat_bitmap.h:43
l2_in_out_acl_main_t::feat_next_node_index
u32 feat_next_node_index[IN_OUT_ACL_N_TABLE_GROUPS][32]
Definition: l2_in_out_acl.c:41
vlib_buffer_t::data
u8 data[]
Packet data.
Definition: buffer.h:204
vnet_classify.h
ARRAY_LEN
#define ARRAY_LEN(x)
Definition: clib.h:70
in_out_acl_table_id_t
in_out_acl_table_id_t
Definition: in_out_acl.h:29
l2input_get_feat_names
char ** l2input_get_feat_names(void)
Return an array of strings containing graph node names of each feature.
Definition: l2_input.c:59
IN_OUT_ACL_N_TABLE_GROUPS
Definition: in_out_acl.h:41
vnet_classify_main_t
struct _vnet_classify_main vnet_classify_main_t
Definition: vnet_classify.h:61
l2_in_out_acl_init
clib_error_t * l2_in_out_acl_init(vlib_main_t *vm)
Definition: l2_in_out_acl.c:506
vnet_main_t
Definition: vnet.h:76
in_out_acl_main_t
Definition: in_out_acl.h:44
vlib_node_runtime_t::cached_next_index
u16 cached_next_index
Next frame index that vector arguments were last enqueued to last time this node ran.
Definition: node.h:498
l2_in_out_acl_trace_t::offset
u32 offset
Definition: l2_in_out_acl.c:53
vlib_put_next_frame
vlib_put_next_frame(vm, node, next_index, 0)
vlib_buffer_advance
static void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
Definition: buffer.h:276
next_index
nat44_ei_hairpin_src_next_t next_index
Definition: nat44_ei_hairpinning.c:412
l2_inacl_error_strings
static char * l2_inacl_error_strings[]
Definition: l2_in_out_acl.c:116
l2_outacl_error_strings
static char * l2_outacl_error_strings[]
Definition: l2_in_out_acl.c:130
clib_error_t
Definition: clib_error.h:21
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
vnet_classify_table_t::miss_next_index
u32 miss_next_index
Definition: vnet_classify.h:176
VLIB_TX
Definition: defs.h:47
node
vlib_main_t vlib_node_runtime_t * node
Definition: nat44_ei.c:3047
IN_OUT_ACL_OUTPUT_TABLE_GROUP
Definition: in_out_acl.h:40
in_out_acl_main_t::vnet_classify_main
vnet_classify_main_t * vnet_classify_main
Definition: in_out_acl.h:55
vlib_main_t
Definition: main.h:102
vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:111
uword
u64 uword
Definition: types.h:112
l2_in_out_acl_trace_t::sw_if_index
u32 sw_if_index
Definition: l2_in_out_acl.c:50
vlib_node_t
Definition: node.h:248
vlib_frame_vector_args
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:301
l2_in_out_acl_main_t
Definition: l2_in_out_acl.c:37
l2_output.h
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:437
now
f64 now
Definition: nat44_ei_out2in.c:710
in_out_acl_main
in_out_acl_main_t in_out_acl_main
Definition: in_out_acl.c:21
L2INPUT_N_FEAT
Definition: l2_input.h:163
vlib_node_runtime_t::flags
u16 flags
Copy of main node flags.
Definition: node.h:492
vlib_add_trace
void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace.c:628
acl_next_index_t
acl_next_index_t
Definition: in_out_acl.h:23
VLIB_NODE_FLAG_TRACE
#define VLIB_NODE_FLAG_TRACE
Definition: node.h:292
CLIB_CACHE_LINE_BYTES
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
IN_OUT_ACL_TABLE_L2
Definition: in_out_acl.h:33
format_l2_in_out_acl_trace
static u8 * format_l2_in_out_acl_trace(u8 *s, u32 is_output, va_list *args)
Definition: l2_in_out_acl.c:58
vnet_classify_table_t::next_table_index
u32 next_table_index
Definition: vnet_classify.h:170
l2_in_out_acl_trace_t::table_index
u32 table_index
Definition: l2_in_out_acl.c:52
am
app_main_t * am
Definition: application.c:489
vlib_get_buffer
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:111
vnet_classify_find_entry
vnet_classify_entry_t * vnet_classify_find_entry(vnet_classify_table_t *t, u8 *h, u64 hash, f64 now)
Definition: vnet_classify.c:657
l2_in_out_acl_trace_t
Definition: l2_in_out_acl.c:48
VLIB_RX
Definition: defs.h:46
n_left_from
n_left_from
Definition: nat44_ei_hairpinning.c:416
l2_outacl_node
vlib_node_registration_t l2_outacl_node
(constructor) VLIB_REGISTER_NODE (l2_outacl_node)
Definition: l2_in_out_acl.c:485