From cac2bd1cefb29e7cc7a6602c7a0780a8c0d2fd86 Mon Sep 17 00:00:00 2001 From: Junfeng Wang Date: Mon, 21 Oct 2019 15:15:24 +0800 Subject: enable dpi hw-offload basic feature Change-Id: Id715d39be418471838feaa2e14f6ad805650b177 Signed-off-by: Junfeng Wang --- src/dpi.c | 16 +++++++++++-- src/dpi.h | 60 ++++++++++++++++++++++++++++++++++++++++++++++-- src/dpi_cli.c | 3 +++ src/dpi_node.c | 72 ++++++++++++++-------------------------------------------- 4 files changed, 92 insertions(+), 59 deletions(-) (limited to 'src') diff --git a/src/dpi.c b/src/dpi.c index c91a78a..aabd763 100644 --- a/src/dpi.c +++ b/src/dpi.c @@ -323,6 +323,7 @@ dpi_flow_add_del (dpi_add_del_flow_args_t * a, u32 * flow_idp) int add_failed; if (is_ip6) { + flow->next_index = DPI_INPUT_NEXT_IP6_LOOKUP; key6.value = (u64) flow_id; add_failed = clib_bihash_add_del_48_8 (&dm->dpi6_flow_by_key, &key6, 1 /*add */ ); @@ -530,7 +531,7 @@ dpi_add_del_rx_flow (u32 hw_if_index, u32 flow_id, int is_add, u32 is_ipv6) .actions = VNET_FLOW_ACTION_REDIRECT_TO_NODE | VNET_FLOW_ACTION_MARK, .mark_flow_id = flow_id + dm->flow_id_start, - .redirect_node_index = 0, + .redirect_node_index = dpi4_flow_input_node.index, .type = VNET_FLOW_TYPE_IP4_N_TUPLE, .ip4_n_tuple = { .src_addr = src_addr4, @@ -560,7 +561,7 @@ dpi_add_del_rx_flow (u32 hw_if_index, u32 flow_id, int is_add, u32 is_ipv6) .actions = VNET_FLOW_ACTION_REDIRECT_TO_NODE | VNET_FLOW_ACTION_MARK, .mark_flow_id = flow_id + dm->flow_id_start, - .redirect_node_index = 0, + .redirect_node_index = dpi6_flow_input_node.index, .type = VNET_FLOW_TYPE_IP6_N_TUPLE, .ip6_n_tuple = { .src_addr = src_addr6, @@ -593,6 +594,17 @@ dpi_flow_bypass_mode (u32 sw_if_index, u8 is_ip6, u8 is_enable) sw_if_index, is_enable, 0, 0); } +void +dpi_flow_offload_mode (u32 hw_if_index, u8 is_ip6, u8 is_enable) +{ + if (is_ip6) + vnet_feature_enable_disable ("ip4-unicast", "dpi6-flow-input", + hw_if_index, is_enable, 0, 0); + else + vnet_feature_enable_disable ("ip6-unicast", "dpi4-flow-input", + hw_if_index, is_enable, 0, 0); +} + int dpi_init_hs_database (dpi_entry_t * entry) { diff --git a/src/dpi.h b/src/dpi.h index e3d0add..cc77e29 100644 --- a/src/dpi.h +++ b/src/dpi.h @@ -38,6 +38,9 @@ #include #include "dpi_app_match.h" +extern vlib_node_registration_t dpi4_flow_input_node; +extern vlib_node_registration_t dpi6_flow_input_node; + typedef u8 *regex_t; typedef struct @@ -288,6 +291,7 @@ int dpi_add_del_rx_flow (u32 hw_if_index, u32 flow_id, int is_add, u32 is_ipv6); int dpi_tcp_reass (tcp_reass_args_t * a); void dpi_flow_bypass_mode (u32 sw_if_index, u8 is_ip6, u8 is_enable); +void dpi_flow_offload_mode (u32 sw_if_index, u8 is_ip6, u8 is_enable); int dpi_search_host_protocol (dpi_flow_info_t * flow, char *str_to_match, u32 str_to_match_len, @@ -308,7 +312,8 @@ typedef enum #define foreach_dpi_input_next \ _(DROP, "error-drop") \ -_(IP4_LOOKUP, "ip4-lookup") +_(IP4_LOOKUP, "ip4-lookup") \ +_(IP6_LOOKUP, "ip6-lookup") typedef enum { @@ -318,8 +323,59 @@ typedef enum DPI_INPUT_N_NEXT, } dpi_input_next_t; -#endif /* included_vnet_dpi_h */ +#endif + +#define foreach_dpi_input_error \ + _(NONE, "no error") \ + _(NO_SUCH_FLOW, "flow not existed") + +typedef enum +{ +#define _(sym,str) DPI_INPUT_ERROR_##sym, + foreach_dpi_input_error +#undef _ + DPI_INPUT_N_ERROR, +} dpi_input_error_t; + +static char *dpi_input_error_strings[] = { +#define _(sym,string) string, + foreach_dpi_input_error +#undef _ +}; +#define foreach_dpi_flow_input_next \ +_(DROP, "error-drop") \ +_(IP4_LOOKUP, "ip4-lookup") \ +_(IP6_LOOKUP, "ip6-lookup") + +typedef enum +{ +#define _(s,n) DPI_FLOW_NEXT_##s, + foreach_dpi_flow_input_next +#undef _ + DPI_FLOW_N_NEXT, +} dpi_flow_input_next_t; + +#define foreach_dpi_flow_error \ + _(NONE, "no error") \ + _(IP_CHECKSUM_ERROR, "Rx ip checksum errors") \ + _(IP_HEADER_ERROR, "Rx ip header errors") \ + _(UDP_CHECKSUM_ERROR, "Rx udp checksum errors") \ + _(UDP_LENGTH_ERROR, "Rx udp length errors") + +typedef enum +{ +#define _(f,s) DPI_FLOW_ERROR_##f, + foreach_dpi_flow_error +#undef _ + DPI_FLOW_N_ERROR, +} dpi_flow_error_t; + +static char *dpi_flow_error_strings[] = { +#define _(n,s) s, + foreach_dpi_flow_error +#undef _ +}; /* * fd.io coding-style-patch-verification: ON diff --git a/src/dpi_cli.c b/src/dpi_cli.c index 5810a27..f7f233d 100644 --- a/src/dpi_cli.c +++ b/src/dpi_cli.c @@ -205,6 +205,7 @@ dpi_flow_offload_command_fn (vlib_main_t * vm, u32 hw_if_index = ~0; int is_add = 1; u32 is_ipv6 = 0; + u32 is_enable = 1; dpi_flow_entry_t *flow; vnet_hw_interface_t *hw_if; u32 rx_fib_index = ~0; @@ -260,6 +261,8 @@ dpi_flow_offload_command_fn (vlib_main_t * vm, return clib_error_return (0, "error %s flow", is_add ? "enabling" : "disabling"); + dpi_flow_offload_mode (hw_if_index, is_ipv6, is_enable); + return 0; } diff --git a/src/dpi_node.c b/src/dpi_node.c index 106dd3a..4cbb9c5 100644 --- a/src/dpi_node.c +++ b/src/dpi_node.c @@ -33,25 +33,6 @@ vlib_node_registration_t dpi6_input_node; vlib_node_registration_t dpi4_flow_input_node; vlib_node_registration_t dpi6_flow_input_node; - -#define foreach_dpi_input_error \ - _(NONE, "no error") \ - _(NO_SUCH_FLOW, "flow not existed") - -typedef enum -{ -#define _(sym,str) DPI_INPUT_ERROR_##sym, - foreach_dpi_input_error -#undef _ - DPI_INPUT_N_ERROR, -} dpi_input_error_t; - -static char *dpi_input_error_strings[] = { -#define _(sym,string) string, - foreach_dpi_input_error -#undef _ -}; - typedef struct { u32 next_index; @@ -76,6 +57,22 @@ VNET_FEATURE_INIT (dpi6_input, static) = }; /* *INDENT-on* */ +/* *INDENT-OFF* */ +VNET_FEATURE_INIT (dpi4_flow_input, static) = +{ + .arc_name = "ip4-unicast", + .node_name = "dpi4-flow-input", + .runs_before = VNET_FEATURES ("ip4-lookup"), +}; + +VNET_FEATURE_INIT (dpi6_flow_input, static) = +{ + .arc_name = "ip6-unicast", + .node_name = "dpi6-flow-input", + .runs_before = VNET_FEATURES ("ip6-lookup"), +}; +/* *INDENT-on* */ + static u8 * format_dpi_rx_trace (u8 * s, va_list * args) { @@ -736,40 +733,6 @@ dpi6_input_init (vlib_main_t * vm) VLIB_INIT_FUNCTION (dpi6_input_init); - -#define foreach_dpi_flow_input_next \ -_(DROP, "error-drop") \ -_(IP4_LOOKUP, "ip4-lookup") - -typedef enum -{ -#define _(s,n) DPI_FLOW_NEXT_##s, - foreach_dpi_flow_input_next -#undef _ - DPI_FLOW_N_NEXT, -} dpi_flow_input_next_t; - -#define foreach_dpi_flow_error \ - _(NONE, "no error") \ - _(IP_CHECKSUM_ERROR, "Rx ip checksum errors") \ - _(IP_HEADER_ERROR, "Rx ip header errors") \ - _(UDP_CHECKSUM_ERROR, "Rx udp checksum errors") \ - _(UDP_LENGTH_ERROR, "Rx udp length errors") - -typedef enum -{ -#define _(f,s) DPI_FLOW_ERROR_##f, - foreach_dpi_flow_error -#undef _ - DPI_FLOW_N_ERROR, -} dpi_flow_error_t; - -static char *dpi_flow_error_strings[] = { -#define _(n,s) s, - foreach_dpi_flow_error -#undef _ -}; - static_always_inline u8 dpi_check_ip4 (ip4_header_t * ip4, u16 payload_len) { @@ -805,7 +768,7 @@ dpi_flow_input_inline (vlib_main_t * vm, while (n_left_from > 0 && n_left_to_next > 0) { - u32 bi0, next0 = DPI_FLOW_NEXT_IP4_LOOKUP; + u32 bi0, next0 = 0; vlib_buffer_t *b0; ip4_header_t *ip40; ip6_header_t *ip60; @@ -838,7 +801,6 @@ dpi_flow_input_inline (vlib_main_t * vm, dpi_check_ip6 (ip60, ip_len0); } - ASSERT (b0->flow_id != 0); flow_id0 = b0->flow_id - dm->flow_id_start; is_reverse0 = (u32) ((flow_id0 >> 31) & 0x1); -- cgit 1.2.3-korg