summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2019-09-25 11:27:46 -0400
committerAndrew Yourtchenko <ayourtch@gmail.com>2019-10-04 14:21:39 +0000
commit24f486cb563399babf553eb0a09082572ab4a303 (patch)
tree1a0f4c3135e960ab7fc5e0a4eb3330f09efbd9ba
parentcefa74829acab2426a0d984f754d2efd6d4a65a4 (diff)
misc: add vnet classify filter set support
Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I79b216d2499df143f53977e5b70382f6f887e0bc (cherry picked from commit f5667c3055dbd6755277f085c6778c2b1104aa6e)
-rw-r--r--docs/gettingstarted/developers/vnet.md27
-rwxr-xr-xsrc/vnet/classify/vnet_classify.c207
-rw-r--r--src/vnet/classify/vnet_classify.h12
-rwxr-xr-xsrc/vnet/ethernet/node.c6
-rw-r--r--src/vnet/interface.c1
-rw-r--r--src/vnet/interface.h6
-rw-r--r--src/vnet/interface_cli.c22
-rw-r--r--src/vnet/interface_output.c22
-rw-r--r--src/vnet/vnet.h3
9 files changed, 248 insertions, 58 deletions
diff --git a/docs/gettingstarted/developers/vnet.md b/docs/gettingstarted/developers/vnet.md
index 826af0a90a9..97336a4cdf2 100644
--- a/docs/gettingstarted/developers/vnet.md
+++ b/docs/gettingstarted/developers/vnet.md
@@ -497,6 +497,11 @@ These commands have the following optional parameters:
on a per-paket basis. Must be >32 and less than 9000. Default value:
512.
+- <b>filter</b> - Use the pcap rx / tx / drop trace filter, which must
+ be configured. Use <b>classify filter pcap...</b> to configure the
+ filter. The filter will only be executed if the per-interface or
+ any-interface tests fail.
+
- <b>intfc _interface_ | _any_</b> - Used to specify a given interface,
or use '<em>any</em>' to run packet capture on all interfaces.
'<em>any</em>' is the default if not provided. Settings from a previous
@@ -521,9 +526,10 @@ These commands have the following optional parameters:
## packet trace capture filtering
-The "classify filter" debug CLI command constructs an arbitrary set of
- packet classifier tables for use with "pcap rx | tx trace," and
- (eventually) with the vpp packet tracer
+The "classify filter pcap | <interface-name> " debug CLI command
+constructs an arbitrary set of packet classifier tables for use with
+"pcap rx | tx | drop trace," and with the vpp packet tracer on a
+per-interrface basis.
Packets which match a rule in the classifier table chain will be
traced. The tables are automatically ordered so that matches in the
@@ -540,17 +546,24 @@ and match values. If a classifier table with a suitable mask already
exists, the CLI command adds a match rule to the existing table. If
not, the CLI command add a new table and the indicated mask rule
-### Configure a simple classify filter
+### Configure a simple pcap classify filter
```
- classify filter mask l3 ip4 src match l3 ip4 src 192.168.1.11"
+ classify filter pcap mask l3 ip4 src match l3 ip4 src 192.168.1.11"
pcap rx trace on max 100 filter
```
-### Configure another fairly simple filter
+### Configure a simple interface packet-tracer filter
+
+```
+ classify filter GigabitEthernet3/0/0 mask l3 ip4 src match l3 ip4 src 192.168.1.11"
+ [device-driver debug CLI TBD]
+```
+
+### Configure another fairly simple pcap classify filter
```
- classify filter mask l3 ip4 src dst match l3 ip4 src 192.168.1.10 dst 192.168.2.10
+ classify filter pcap mask l3 ip4 src dst match l3 ip4 src 192.168.1.10 dst 192.168.2.10
pcap tx trace on max 100 filter
```
diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c
index 94cc2419775..fb61401b49c 100755
--- a/src/vnet/classify/vnet_classify.c
+++ b/src/vnet/classify/vnet_classify.c
@@ -1691,16 +1691,23 @@ classify_filter_command_fn (vlib_main_t * vm,
u32 miss_next_index = ~0;
u32 current_data_flag = 0;
int current_data_offset = 0;
+ u32 sw_if_index = ~0;
int i;
vnet_classify_table_t *t;
u8 *mask = 0;
vnet_classify_main_t *cm = &vnet_classify_main;
int rv = 0;
+ vnet_classify_filter_set_t *set = 0;
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (input, "del"))
is_add = 0;
+ else if (unformat (input, "pcap %=", &sw_if_index, 0))
+ ;
+ else if (unformat (input, "%U",
+ unformat_vnet_sw_interface, vnm, &sw_if_index))
+ ;
else if (unformat (input, "buckets %d", &nbuckets))
;
else if (unformat (input, "mask %U", unformat_classify_mask,
@@ -1722,21 +1729,63 @@ classify_filter_command_fn (vlib_main_t * vm,
if (is_add && match == ~0 && table_index == ~0)
return clib_error_return (0, "match count required");
+ if (sw_if_index == ~0)
+ return clib_error_return (0, "Must specify pcap or interface...");
+
if (!is_add)
{
- if (vec_len (vnm->classify_filter_table_indices) == 0)
- return clib_error_return (0, "No classify filter set...");
+ u32 set_index = 0;
- del_chain = 1;
- table_index = vnm->classify_filter_table_indices[0];
- vec_reset_length (vnm->classify_filter_table_indices);
- }
+ if (sw_if_index < vec_len (cm->filter_set_by_sw_if_index))
+ set_index = cm->filter_set_by_sw_if_index[sw_if_index];
- /* see if we already have a table for that... */
+ if (set_index == 0)
+ {
+ if (sw_if_index == 0)
+ return clib_error_return (0, "No pcap classify filter set...");
+ else
+ return clib_error_return (0, "No classify filter set for %U...",
+ format_vnet_sw_if_index_name, vnm,
+ sw_if_index);
+ }
+
+ set = pool_elt_at_index (cm->filter_sets, set_index);
+
+ set->refcnt--;
+ ASSERT (set->refcnt >= 0);
+ if (set->refcnt == 0)
+ {
+ del_chain = 1;
+ table_index = set->table_indices[0];
+ vec_reset_length (set->table_indices);
+ pool_put (cm->filter_sets, set);
+ cm->filter_set_by_sw_if_index[sw_if_index] = 0;
+ if (sw_if_index > 0)
+ {
+ vnet_hw_interface_t *hi =
+ vnet_get_sup_hw_interface (vnm, sw_if_index);
+ hi->trace_classify_table_index = ~0;
+ }
+ }
+ }
if (is_add)
{
- for (i = 0; i < vec_len (vnm->classify_filter_table_indices); i++)
+ u32 set_index = 0;
+
+ if (sw_if_index < vec_len (cm->filter_set_by_sw_if_index))
+ set_index = cm->filter_set_by_sw_if_index[sw_if_index];
+
+ /* Do we have a filter set for this intfc / pcap yet? */
+ if (set_index == 0)
+ {
+ pool_get (cm->filter_sets, set);
+ set->refcnt = 1;
+ }
+ else
+ set = pool_elt_at_index (cm->filter_sets, set_index);
+
+ for (i = 0; i < vec_len (set->table_indices); i++)
{
t = pool_elt_at_index (cm->tables, i);
/* classifier geometry mismatch, can't use this table */
@@ -1776,7 +1825,33 @@ classify_filter_command_fn (vlib_main_t * vm,
return 0;
/* Remember the table */
- vec_add1 (vnm->classify_filter_table_indices, table_index);
+ vec_add1 (set->table_indices, table_index);
+ vec_validate_init_empty (cm->filter_set_by_sw_if_index, sw_if_index, 0);
+ cm->filter_set_by_sw_if_index[sw_if_index] = set - cm->filter_sets;
+
+ /* Put top table index where device drivers can find them */
+ if (sw_if_index > 0)
+ {
+ vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
+ ASSERT (vec_len (set->table_indices) > 0);
+ hi->trace_classify_table_index = set->table_indices[0];
+ }
+
+ /* Sort filter tables from most-specific mask to least-specific mask */
+ vec_sort_with_function (set->table_indices, filter_table_mask_compare);
+
+ ASSERT (set);
+
+ /* Setup next_table_index fields */
+ for (i = 0; i < vec_len (set->table_indices); i++)
+ {
+ t = pool_elt_at_index (cm->tables, set->table_indices[i]);
+
+ if ((i + 1) < vec_len (set->table_indices))
+ t->next_table_index = set->table_indices[i + 1];
+ else
+ t->next_table_index = ~0;
+ }
found_table:
@@ -1785,7 +1860,6 @@ found_table:
cm, &match_vector, table_index) == 0)
return 0;
-
/*
* We use hit or miss to determine whether to trace or pcap pkts
* so the session setup is very limited
@@ -1800,24 +1874,6 @@ found_table:
vec_free (match_vector);
- /* Sort filter tables from most-specific mask to least-specific mask */
- vec_sort_with_function (vnm->classify_filter_table_indices,
- filter_table_mask_compare);
-
- ASSERT (vec_len (vnm->classify_filter_table_indices));
-
- /* Setup next_table_index fields */
- for (i = 0; i < vec_len (vnm->classify_filter_table_indices); i++)
- {
- t = pool_elt_at_index (cm->tables,
- vnm->classify_filter_table_indices[i]);
-
- if ((i + 1) < vec_len (vnm->classify_filter_table_indices))
- t->next_table_index = vnm->classify_filter_table_indices[i + 1];
- else
- t->next_table_index = ~0;
- }
-
return 0;
}
@@ -1891,12 +1947,96 @@ VLIB_CLI_COMMAND (classify_filter, static) =
{
.path = "classify filter",
.short_help =
- "classify filter mask <mask-value> match <match-value> [del]"
+ "classify filter <intfc> | pcap mask <mask-value> match <match-value> [del]"
"[buckets <nn>] [memory-size <n>]",
.function = classify_filter_command_fn,
};
/* *INDENT-ON* */
+static clib_error_t *
+show_classify_filter_command_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ vnet_classify_main_t *cm = &vnet_classify_main;
+ vnet_main_t *vnm = vnet_get_main ();
+ vnet_classify_filter_set_t *set;
+ u8 *name = 0;
+ u8 *s = 0;
+ u32 set_index;
+ u32 table_index;
+ int verbose = 0;
+ int i, j;
+
+ (void) unformat (input, "verbose %=", &verbose, 1);
+
+ vlib_cli_output (vm, "%-30s%s", "Filter Used By", " Table(s)");
+ vlib_cli_output (vm, "%-30s%s", "--------------", " --------");
+
+ for (i = 0; i < vec_len (cm->filter_set_by_sw_if_index); i++)
+ {
+ set_index = cm->filter_set_by_sw_if_index[i];
+
+ if (set_index == 0 && verbose == 0)
+ continue;
+
+ set = pool_elt_at_index (cm->filter_sets, set_index);
+
+ if (i == 0)
+ name = format (0, "pcap rx/tx/drop:");
+ else
+ name = format (0, "%U:", format_vnet_sw_if_index_name, vnm, i);
+
+ if (verbose)
+ {
+ u8 *s = 0;
+ u32 table_index;
+
+ for (j = 0; j < vec_len (set->table_indices); j++)
+ {
+ table_index = set->table_indices[j];
+ if (table_index != ~0)
+ s = format (s, " %u", table_index);
+ else
+ s = format (s, " none");
+ }
+
+ vlib_cli_output (vm, "%-30s table(s)%s", name, s);
+ vec_reset_length (s);
+ }
+ else
+ {
+ u8 *s = 0;
+ table_index = set->table_indices[0];
+
+ if (table_index != ~0)
+ s = format (s, " %u", table_index);
+ else
+ s = format (s, " none");
+
+ vlib_cli_output (vm, "%-30s first table%s", name, s);
+ vec_reset_length (s);
+ }
+ vec_reset_length (name);
+ }
+ vec_free (s);
+ vec_free (name);
+ return 0;
+}
+
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (show_classify_filter, static) =
+{
+ .path = "show classify filter",
+ .short_help = "show classify filter [verbose [nn]]",
+ .function = show_classify_filter_command_fn,
+};
+/* *INDENT-ON* */
+
+
+
+
static u8 *
format_vnet_classify_table (u8 * s, va_list * args)
{
@@ -2710,6 +2850,7 @@ static clib_error_t *
vnet_classify_init (vlib_main_t * vm)
{
vnet_classify_main_t *cm = &vnet_classify_main;
+ vnet_classify_filter_set_t *set;
cm->vlib_main = vm;
cm->vnet_main = vnet_get_main ();
@@ -2727,6 +2868,14 @@ vnet_classify_init (vlib_main_t * vm)
vnet_classify_register_unformat_acl_next_index_fn (unformat_acl_next_node);
+ /* Filter set 0 is grounded... */
+ pool_get (cm->filter_sets, set);
+ set->refcnt = 0x7FFFFFFF;
+ vec_validate (set->table_indices, 0);
+ set->table_indices[0] = ~0;
+ /* Initialize the pcap filter set */
+ vec_validate (cm->filter_set_by_sw_if_index, 0);
+
return 0;
}
diff --git a/src/vnet/classify/vnet_classify.h b/src/vnet/classify/vnet_classify.h
index 35a5db3d27b..c08cedf6b03 100644
--- a/src/vnet/classify/vnet_classify.h
+++ b/src/vnet/classify/vnet_classify.h
@@ -179,6 +179,12 @@ typedef struct
} vnet_classify_table_t;
+typedef struct
+{
+ int refcnt;
+ u32 *table_indices;
+} vnet_classify_filter_set_t;
+
struct _vnet_classify_main
{
/* Table pool */
@@ -191,6 +197,12 @@ struct _vnet_classify_main
unformat_function_t **unformat_policer_next_index_fns;
unformat_function_t **unformat_opaque_index_fns;
+ /* Pool of filter sets */
+ vnet_classify_filter_set_t *filter_sets;
+
+ /* Per-interface filter set map. [0] is used for pcap */
+ u32 *filter_set_by_sw_if_index;
+
/* convenience variables */
vlib_main_t *vlib_main;
vnet_main_t *vnet_main;
diff --git a/src/vnet/ethernet/node.c b/src/vnet/ethernet/node.c
index ee14e40d881..63ce0ce1c6c 100755
--- a/src/vnet/ethernet/node.c
+++ b/src/vnet/ethernet/node.c
@@ -1001,7 +1001,6 @@ ethernet_input_trace (vlib_main_t * vm, vlib_node_runtime_t * node,
if (PREDICT_FALSE (vlib_global_main.pcap.pcap_rx_enable))
{
u32 bi0;
- vnet_main_t *vnm = vnet_get_main ();
vnet_pcap_t *pp = &vlib_global_main.pcap;
from = vlib_frame_vector_args (from_frame);
@@ -1014,12 +1013,11 @@ ethernet_input_trace (vlib_main_t * vm, vlib_node_runtime_t * node,
from++;
n_left--;
b0 = vlib_get_buffer (vm, bi0);
- if (vec_len (vnm->classify_filter_table_indices))
+ if (pp->filter_classify_table_index != ~0)
{
classify_filter_result =
vnet_is_packet_traced_inline
- (b0, vnm->classify_filter_table_indices[0],
- 0 /* full classify */ );
+ (b0, pp->filter_classify_table_index, 0 /* full classify */ );
if (classify_filter_result)
pcap_add_buffer (&pp->pcap_main, vm, bi0,
pp->max_bytes_per_pkt);
diff --git a/src/vnet/interface.c b/src/vnet/interface.c
index 9aaca46f74a..0f6b8aeab07 100644
--- a/src/vnet/interface.c
+++ b/src/vnet/interface.c
@@ -768,6 +768,7 @@ vnet_register_interface (vnet_main_t * vnm,
pool_get (im->hw_interfaces, hw);
clib_memset (hw, 0, sizeof (*hw));
+ hw->trace_classify_table_index = ~0;
hw_index = hw - im->hw_interfaces;
hw->hw_if_index = hw_index;
diff --git a/src/vnet/interface.h b/src/vnet/interface.h
index 00ed1f03151..7d73c5f6473 100644
--- a/src/vnet/interface.h
+++ b/src/vnet/interface.h
@@ -498,6 +498,7 @@ typedef enum vnet_hw_interface_flags_t_
that packets flow over. */
typedef struct vnet_hw_interface_t
{
+ CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
/* Interface name. */
u8 *name;
@@ -579,7 +580,10 @@ typedef struct vnet_hw_interface_t
/* numa node that hardware device connects to */
u8 numa_node;
- u8 padding[3];
+ /* trace */
+ i32 n_trace;
+
+ u32 trace_classify_table_index;
} vnet_hw_interface_t;
extern vnet_device_class_t vnet_local_interface_device_class;
diff --git a/src/vnet/interface_cli.c b/src/vnet/interface_cli.c
index e6b251da17f..c622a605be8 100644
--- a/src/vnet/interface_cli.c
+++ b/src/vnet/interface_cli.c
@@ -1734,9 +1734,10 @@ int
vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a)
{
vlib_main_t *vm = vlib_get_main ();
- vnet_main_t *vnm = vnet_get_main ();
vnet_pcap_t *pp = &vm->pcap;
pcap_main_t *pm = &pp->pcap_main;
+ vnet_classify_main_t *cm = &vnet_classify_main;
+ vnet_classify_filter_set_t *set = 0;
if (a->status)
{
@@ -1772,9 +1773,11 @@ vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a)
&& (pm->n_packets_to_capture != a->packets_to_capture))
return VNET_API_ERROR_INVALID_VALUE_2;
+ set = pool_elt_at_index (cm->filter_sets, cm->filter_set_by_sw_if_index[0]);
+
/* Classify filter specified, but no classify filter configured */
- if ((a->rx_enable + a->tx_enable + a->drop_enable) && a->filter
- && (vec_len (vnm->classify_filter_table_indices) == 0))
+ if ((a->rx_enable + a->tx_enable + a->drop_enable) && a->filter &&
+ (set->table_indices[0] == ~0))
return VNET_API_ERROR_NO_SUCH_LABEL;
if (a->rx_enable + a->tx_enable + a->drop_enable)
@@ -1812,8 +1815,7 @@ vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a)
pm->n_packets_to_capture = a->packets_to_capture;
pp->pcap_sw_if_index = a->sw_if_index;
if (a->filter)
- pp->filter_classify_table_index =
- vnm->classify_filter_table_indices[0];
+ pp->filter_classify_table_index = set->table_indices[0];
else
pp->filter_classify_table_index = ~0;
pp->pcap_rx_enable = a->rx_enable;
@@ -1826,6 +1828,7 @@ vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a)
pp->pcap_rx_enable = 0;
pp->pcap_tx_enable = 0;
pp->pcap_drop_enable = 0;
+ pp->filter_classify_table_index = ~0;
if (pm->n_packets_captured)
{
clib_error_t *error;
@@ -1866,7 +1869,7 @@ pcap_trace_command_fn (vlib_main_t * vm,
int drop_enable = 0;
int status = 0;
int filter = 0;
- u32 sw_if_index = 0;
+ u32 sw_if_index = ~0;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
@@ -1989,6 +1992,11 @@ pcap_trace_command_fn (vlib_main_t * vm,
* packet capture are preserved, so '<em>any</em>' can be used to reset
* the interface setting.
*
+ * - <b>filter</b> - Use the pcap rx / tx / drop trace filter, which
+ * must be configured. Use <b>classify filter pcap...</b> to configure the
+ * filter. The filter will only be executed if the per-interface or
+ * any-interface tests fail.
+ *
* - <b>file <name></b> - Used to specify the output filename. The file will
* be placed in the '<em>/tmp</em>' directory, so only the filename is
* supported. Directory should not be entered. If file already exists, file
@@ -2027,7 +2035,7 @@ pcap_trace_command_fn (vlib_main_t * vm,
VLIB_CLI_COMMAND (pcap_tx_trace_command, static) = {
.path = "pcap trace",
.short_help =
- "pcap trace rx tx drop off [max <nn>] [intfc <interface>|any] [file <name>] [status] [max-bytes-per-pkt <nnnn>]",
+ "pcap trace rx tx drop off [max <nn>] [intfc <interface>|any] [file <name>] [status] [max-bytes-per-pkt <nnnn>][filter]",
.function = pcap_trace_command_fn,
};
/* *INDENT-ON* */
diff --git a/src/vnet/interface_output.c b/src/vnet/interface_output.c
index 8e257014789..707b1167a48 100644
--- a/src/vnet/interface_output.c
+++ b/src/vnet/interface_output.c
@@ -802,7 +802,6 @@ static_always_inline void vnet_interface_pcap_tx_trace
{
u32 n_left_from, *from;
u32 sw_if_index;
- vnet_main_t *vnm;
vnet_pcap_t *pp = &vlib_global_main.pcap;
if (PREDICT_TRUE (pp->pcap_tx_enable == 0))
@@ -816,7 +815,6 @@ static_always_inline void vnet_interface_pcap_tx_trace
else
sw_if_index = ~0;
- vnm = vnet_get_main ();
n_left_from = frame->n_vectors;
from = vlib_frame_vector_args (frame);
@@ -828,12 +826,11 @@ static_always_inline void vnet_interface_pcap_tx_trace
from++;
n_left_from--;
- if (vec_len (vnm->classify_filter_table_indices))
+ if (pp->filter_classify_table_index != ~0)
{
classify_filter_result =
vnet_is_packet_traced_inline
- (b0, vnm->classify_filter_table_indices[0],
- 0 /* full classify */ );
+ (b0, pp->filter_classify_table_index, 0 /* full classify */ );
if (classify_filter_result)
pcap_add_buffer (&pp->pcap_main, vm, bi0, pp->max_bytes_per_pkt);
continue;
@@ -1178,6 +1175,8 @@ pcap_drop_trace (vlib_main_t * vm,
i16 save_current_data;
u16 save_current_length;
vlib_error_main_t *em = &vm->error_main;
+ int do_trace = 0;
+
from = vlib_frame_vector_args (f);
@@ -1199,9 +1198,18 @@ pcap_drop_trace (vlib_main_t * vm,
&& hash_get (im->pcap_drop_filter_hash, b0->error))
continue;
+ do_trace = (pp->pcap_sw_if_index == 0) ||
+ pp->pcap_sw_if_index == vnet_buffer (b0)->sw_if_index[VLIB_RX];
+
+ if (PREDICT_FALSE
+ (do_trace == 0 && pp->filter_classify_table_index != ~0))
+ {
+ do_trace = vnet_is_packet_traced_inline
+ (b0, pp->filter_classify_table_index, 0 /* full classify */ );
+ }
+
/* Trace all drops, or drops received on a specific interface */
- if (pp->pcap_sw_if_index == 0 ||
- pp->pcap_sw_if_index == vnet_buffer (b0)->sw_if_index[VLIB_RX])
+ if (do_trace)
{
save_current_data = b0->current_data;
save_current_length = b0->current_length;
diff --git a/src/vnet/vnet.h b/src/vnet/vnet.h
index a726f0379ef..3b20f71917b 100644
--- a/src/vnet/vnet.h
+++ b/src/vnet/vnet.h
@@ -77,9 +77,6 @@ typedef struct vnet_main_t
*/
vnet_api_error_t api_errno;
- /* pcap rx/tx, packet tracer filter tables */
- u32 *classify_filter_table_indices;
-
vlib_main_t *vlib_main;
} vnet_main_t;