summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJunfeng Wang <drenfong.wang@intel.com>2019-10-21 15:15:24 +0800
committerJunfeng Wang <drenfong.wang@intel.com>2019-10-22 12:56:06 +0800
commitcac2bd1cefb29e7cc7a6602c7a0780a8c0d2fd86 (patch)
tree8719cbac4f7d165401080e5cdce4bc0b9a0be2c7 /src
parent6e5bd265d4f8444eba5b181ece713227fafd1934 (diff)
enable dpi hw-offload basic feature
Change-Id: Id715d39be418471838feaa2e14f6ad805650b177 Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Diffstat (limited to 'src')
-rw-r--r--src/dpi.c16
-rw-r--r--src/dpi.h60
-rw-r--r--src/dpi_cli.c3
-rw-r--r--src/dpi_node.c72
4 files changed, 92 insertions, 59 deletions
diff --git a/src/dpi.c b/src/dpi.c
index c91a78a..aabd763 100644
--- a/src/dpi.c
+++ b/src/dpi.c
@@ -323,6 +323,7 @@ dpi_flow_add_del (dpi_add_del_flow_args_t * a, u32 * flow_idp)
int add_failed;
if (is_ip6)
{
+ flow->next_index = DPI_INPUT_NEXT_IP6_LOOKUP;
key6.value = (u64) flow_id;
add_failed = clib_bihash_add_del_48_8 (&dm->dpi6_flow_by_key,
&key6, 1 /*add */ );
@@ -530,7 +531,7 @@ dpi_add_del_rx_flow (u32 hw_if_index, u32 flow_id, int is_add, u32 is_ipv6)
.actions =
VNET_FLOW_ACTION_REDIRECT_TO_NODE | VNET_FLOW_ACTION_MARK,
.mark_flow_id = flow_id + dm->flow_id_start,
- .redirect_node_index = 0,
+ .redirect_node_index = dpi4_flow_input_node.index,
.type = VNET_FLOW_TYPE_IP4_N_TUPLE,
.ip4_n_tuple = {
.src_addr = src_addr4,
@@ -560,7 +561,7 @@ dpi_add_del_rx_flow (u32 hw_if_index, u32 flow_id, int is_add, u32 is_ipv6)
.actions =
VNET_FLOW_ACTION_REDIRECT_TO_NODE | VNET_FLOW_ACTION_MARK,
.mark_flow_id = flow_id + dm->flow_id_start,
- .redirect_node_index = 0,
+ .redirect_node_index = dpi6_flow_input_node.index,
.type = VNET_FLOW_TYPE_IP6_N_TUPLE,
.ip6_n_tuple = {
.src_addr = src_addr6,
@@ -593,6 +594,17 @@ dpi_flow_bypass_mode (u32 sw_if_index, u8 is_ip6, u8 is_enable)
sw_if_index, is_enable, 0, 0);
}
+void
+dpi_flow_offload_mode (u32 hw_if_index, u8 is_ip6, u8 is_enable)
+{
+ if (is_ip6)
+ vnet_feature_enable_disable ("ip4-unicast", "dpi6-flow-input",
+ hw_if_index, is_enable, 0, 0);
+ else
+ vnet_feature_enable_disable ("ip6-unicast", "dpi4-flow-input",
+ hw_if_index, is_enable, 0, 0);
+}
+
int
dpi_init_hs_database (dpi_entry_t * entry)
{
diff --git a/src/dpi.h b/src/dpi.h
index e3d0add..cc77e29 100644
--- a/src/dpi.h
+++ b/src/dpi.h
@@ -38,6 +38,9 @@
#include <hs/hs_runtime.h>
#include "dpi_app_match.h"
+extern vlib_node_registration_t dpi4_flow_input_node;
+extern vlib_node_registration_t dpi6_flow_input_node;
+
typedef u8 *regex_t;
typedef struct
@@ -288,6 +291,7 @@ int dpi_add_del_rx_flow (u32 hw_if_index, u32 flow_id, int is_add,
u32 is_ipv6);
int dpi_tcp_reass (tcp_reass_args_t * a);
void dpi_flow_bypass_mode (u32 sw_if_index, u8 is_ip6, u8 is_enable);
+void dpi_flow_offload_mode (u32 sw_if_index, u8 is_ip6, u8 is_enable);
int dpi_search_host_protocol (dpi_flow_info_t * flow,
char *str_to_match,
u32 str_to_match_len,
@@ -308,7 +312,8 @@ typedef enum
#define foreach_dpi_input_next \
_(DROP, "error-drop") \
-_(IP4_LOOKUP, "ip4-lookup")
+_(IP4_LOOKUP, "ip4-lookup") \
+_(IP6_LOOKUP, "ip6-lookup")
typedef enum
{
@@ -318,8 +323,59 @@ typedef enum
DPI_INPUT_N_NEXT,
} dpi_input_next_t;
-#endif /* included_vnet_dpi_h */
+#endif
+
+#define foreach_dpi_input_error \
+ _(NONE, "no error") \
+ _(NO_SUCH_FLOW, "flow not existed")
+
+typedef enum
+{
+#define _(sym,str) DPI_INPUT_ERROR_##sym,
+ foreach_dpi_input_error
+#undef _
+ DPI_INPUT_N_ERROR,
+} dpi_input_error_t;
+
+static char *dpi_input_error_strings[] = {
+#define _(sym,string) string,
+ foreach_dpi_input_error
+#undef _
+};
+#define foreach_dpi_flow_input_next \
+_(DROP, "error-drop") \
+_(IP4_LOOKUP, "ip4-lookup") \
+_(IP6_LOOKUP, "ip6-lookup")
+
+typedef enum
+{
+#define _(s,n) DPI_FLOW_NEXT_##s,
+ foreach_dpi_flow_input_next
+#undef _
+ DPI_FLOW_N_NEXT,
+} dpi_flow_input_next_t;
+
+#define foreach_dpi_flow_error \
+ _(NONE, "no error") \
+ _(IP_CHECKSUM_ERROR, "Rx ip checksum errors") \
+ _(IP_HEADER_ERROR, "Rx ip header errors") \
+ _(UDP_CHECKSUM_ERROR, "Rx udp checksum errors") \
+ _(UDP_LENGTH_ERROR, "Rx udp length errors")
+
+typedef enum
+{
+#define _(f,s) DPI_FLOW_ERROR_##f,
+ foreach_dpi_flow_error
+#undef _
+ DPI_FLOW_N_ERROR,
+} dpi_flow_error_t;
+
+static char *dpi_flow_error_strings[] = {
+#define _(n,s) s,
+ foreach_dpi_flow_error
+#undef _
+};
/*
* fd.io coding-style-patch-verification: ON
diff --git a/src/dpi_cli.c b/src/dpi_cli.c
index 5810a27..f7f233d 100644
--- a/src/dpi_cli.c
+++ b/src/dpi_cli.c
@@ -205,6 +205,7 @@ dpi_flow_offload_command_fn (vlib_main_t * vm,
u32 hw_if_index = ~0;
int is_add = 1;
u32 is_ipv6 = 0;
+ u32 is_enable = 1;
dpi_flow_entry_t *flow;
vnet_hw_interface_t *hw_if;
u32 rx_fib_index = ~0;
@@ -260,6 +261,8 @@ dpi_flow_offload_command_fn (vlib_main_t * vm,
return clib_error_return (0, "error %s flow",
is_add ? "enabling" : "disabling");
+ dpi_flow_offload_mode (hw_if_index, is_ipv6, is_enable);
+
return 0;
}
diff --git a/src/dpi_node.c b/src/dpi_node.c
index 106dd3a..4cbb9c5 100644
--- a/src/dpi_node.c
+++ b/src/dpi_node.c
@@ -33,25 +33,6 @@ vlib_node_registration_t dpi6_input_node;
vlib_node_registration_t dpi4_flow_input_node;
vlib_node_registration_t dpi6_flow_input_node;
-
-#define foreach_dpi_input_error \
- _(NONE, "no error") \
- _(NO_SUCH_FLOW, "flow not existed")
-
-typedef enum
-{
-#define _(sym,str) DPI_INPUT_ERROR_##sym,
- foreach_dpi_input_error
-#undef _
- DPI_INPUT_N_ERROR,
-} dpi_input_error_t;
-
-static char *dpi_input_error_strings[] = {
-#define _(sym,string) string,
- foreach_dpi_input_error
-#undef _
-};
-
typedef struct
{
u32 next_index;
@@ -76,6 +57,22 @@ VNET_FEATURE_INIT (dpi6_input, static) =
};
/* *INDENT-on* */
+/* *INDENT-OFF* */
+VNET_FEATURE_INIT (dpi4_flow_input, static) =
+{
+ .arc_name = "ip4-unicast",
+ .node_name = "dpi4-flow-input",
+ .runs_before = VNET_FEATURES ("ip4-lookup"),
+};
+
+VNET_FEATURE_INIT (dpi6_flow_input, static) =
+{
+ .arc_name = "ip6-unicast",
+ .node_name = "dpi6-flow-input",
+ .runs_before = VNET_FEATURES ("ip6-lookup"),
+};
+/* *INDENT-on* */
+
static u8 *
format_dpi_rx_trace (u8 * s, va_list * args)
{
@@ -736,40 +733,6 @@ dpi6_input_init (vlib_main_t * vm)
VLIB_INIT_FUNCTION (dpi6_input_init);
-
-#define foreach_dpi_flow_input_next \
-_(DROP, "error-drop") \
-_(IP4_LOOKUP, "ip4-lookup")
-
-typedef enum
-{
-#define _(s,n) DPI_FLOW_NEXT_##s,
- foreach_dpi_flow_input_next
-#undef _
- DPI_FLOW_N_NEXT,
-} dpi_flow_input_next_t;
-
-#define foreach_dpi_flow_error \
- _(NONE, "no error") \
- _(IP_CHECKSUM_ERROR, "Rx ip checksum errors") \
- _(IP_HEADER_ERROR, "Rx ip header errors") \
- _(UDP_CHECKSUM_ERROR, "Rx udp checksum errors") \
- _(UDP_LENGTH_ERROR, "Rx udp length errors")
-
-typedef enum
-{
-#define _(f,s) DPI_FLOW_ERROR_##f,
- foreach_dpi_flow_error
-#undef _
- DPI_FLOW_N_ERROR,
-} dpi_flow_error_t;
-
-static char *dpi_flow_error_strings[] = {
-#define _(n,s) s,
- foreach_dpi_flow_error
-#undef _
-};
-
static_always_inline u8
dpi_check_ip4 (ip4_header_t * ip4, u16 payload_len)
{
@@ -805,7 +768,7 @@ dpi_flow_input_inline (vlib_main_t * vm,
while (n_left_from > 0 && n_left_to_next > 0)
{
- u32 bi0, next0 = DPI_FLOW_NEXT_IP4_LOOKUP;
+ u32 bi0, next0 = 0;
vlib_buffer_t *b0;
ip4_header_t *ip40;
ip6_header_t *ip60;
@@ -838,7 +801,6 @@ dpi_flow_input_inline (vlib_main_t * vm,
dpi_check_ip6 (ip60, ip_len0);
}
- ASSERT (b0->flow_id != 0);
flow_id0 = b0->flow_id - dm->flow_id_start;
is_reverse0 = (u32) ((flow_id0 >> 31) & 0x1);