diff options
author | Dave Barach <dave@barachs.net> | 2019-09-25 11:27:46 -0400 |
---|---|---|
committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2019-10-04 14:21:39 +0000 |
commit | 24f486cb563399babf553eb0a09082572ab4a303 (patch) | |
tree | 1a0f4c3135e960ab7fc5e0a4eb3330f09efbd9ba | |
parent | cefa74829acab2426a0d984f754d2efd6d4a65a4 (diff) |
misc: add vnet classify filter set support
Type: feature
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I79b216d2499df143f53977e5b70382f6f887e0bc
(cherry picked from commit f5667c3055dbd6755277f085c6778c2b1104aa6e)
-rw-r--r-- | docs/gettingstarted/developers/vnet.md | 27 | ||||
-rwxr-xr-x | src/vnet/classify/vnet_classify.c | 207 | ||||
-rw-r--r-- | src/vnet/classify/vnet_classify.h | 12 | ||||
-rwxr-xr-x | src/vnet/ethernet/node.c | 6 | ||||
-rw-r--r-- | src/vnet/interface.c | 1 | ||||
-rw-r--r-- | src/vnet/interface.h | 6 | ||||
-rw-r--r-- | src/vnet/interface_cli.c | 22 | ||||
-rw-r--r-- | src/vnet/interface_output.c | 22 | ||||
-rw-r--r-- | src/vnet/vnet.h | 3 |
9 files changed, 248 insertions, 58 deletions
diff --git a/docs/gettingstarted/developers/vnet.md b/docs/gettingstarted/developers/vnet.md index 826af0a90a9..97336a4cdf2 100644 --- a/docs/gettingstarted/developers/vnet.md +++ b/docs/gettingstarted/developers/vnet.md @@ -497,6 +497,11 @@ These commands have the following optional parameters: on a per-paket basis. Must be >32 and less than 9000. Default value: 512. +- <b>filter</b> - Use the pcap rx / tx / drop trace filter, which must + be configured. Use <b>classify filter pcap...</b> to configure the + filter. The filter will only be executed if the per-interface or + any-interface tests fail. + - <b>intfc _interface_ | _any_</b> - Used to specify a given interface, or use '<em>any</em>' to run packet capture on all interfaces. '<em>any</em>' is the default if not provided. Settings from a previous @@ -521,9 +526,10 @@ These commands have the following optional parameters: ## packet trace capture filtering -The "classify filter" debug CLI command constructs an arbitrary set of - packet classifier tables for use with "pcap rx | tx trace," and - (eventually) with the vpp packet tracer +The "classify filter pcap | <interface-name> " debug CLI command +constructs an arbitrary set of packet classifier tables for use with +"pcap rx | tx | drop trace," and with the vpp packet tracer on a +per-interrface basis. Packets which match a rule in the classifier table chain will be traced. The tables are automatically ordered so that matches in the @@ -540,17 +546,24 @@ and match values. If a classifier table with a suitable mask already exists, the CLI command adds a match rule to the existing table. If not, the CLI command add a new table and the indicated mask rule -### Configure a simple classify filter +### Configure a simple pcap classify filter ``` - classify filter mask l3 ip4 src match l3 ip4 src 192.168.1.11" + classify filter pcap mask l3 ip4 src match l3 ip4 src 192.168.1.11" pcap rx trace on max 100 filter ``` -### Configure another fairly simple filter +### Configure a simple interface packet-tracer filter + +``` + classify filter GigabitEthernet3/0/0 mask l3 ip4 src match l3 ip4 src 192.168.1.11" + [device-driver debug CLI TBD] +``` + +### Configure another fairly simple pcap classify filter ``` - classify filter mask l3 ip4 src dst match l3 ip4 src 192.168.1.10 dst 192.168.2.10 + classify filter pcap mask l3 ip4 src dst match l3 ip4 src 192.168.1.10 dst 192.168.2.10 pcap tx trace on max 100 filter ``` diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c index 94cc2419775..fb61401b49c 100755 --- a/src/vnet/classify/vnet_classify.c +++ b/src/vnet/classify/vnet_classify.c @@ -1691,16 +1691,23 @@ classify_filter_command_fn (vlib_main_t * vm, u32 miss_next_index = ~0; u32 current_data_flag = 0; int current_data_offset = 0; + u32 sw_if_index = ~0; int i; vnet_classify_table_t *t; u8 *mask = 0; vnet_classify_main_t *cm = &vnet_classify_main; int rv = 0; + vnet_classify_filter_set_t *set = 0; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { if (unformat (input, "del")) is_add = 0; + else if (unformat (input, "pcap %=", &sw_if_index, 0)) + ; + else if (unformat (input, "%U", + unformat_vnet_sw_interface, vnm, &sw_if_index)) + ; else if (unformat (input, "buckets %d", &nbuckets)) ; else if (unformat (input, "mask %U", unformat_classify_mask, @@ -1722,21 +1729,63 @@ classify_filter_command_fn (vlib_main_t * vm, if (is_add && match == ~0 && table_index == ~0) return clib_error_return (0, "match count required"); + if (sw_if_index == ~0) + return clib_error_return (0, "Must specify pcap or interface..."); + if (!is_add) { - if (vec_len (vnm->classify_filter_table_indices) == 0) - return clib_error_return (0, "No classify filter set..."); + u32 set_index = 0; - del_chain = 1; - table_index = vnm->classify_filter_table_indices[0]; - vec_reset_length (vnm->classify_filter_table_indices); - } + if (sw_if_index < vec_len (cm->filter_set_by_sw_if_index)) + set_index = cm->filter_set_by_sw_if_index[sw_if_index]; - /* see if we already have a table for that... */ + if (set_index == 0) + { + if (sw_if_index == 0) + return clib_error_return (0, "No pcap classify filter set..."); + else + return clib_error_return (0, "No classify filter set for %U...", + format_vnet_sw_if_index_name, vnm, + sw_if_index); + } + + set = pool_elt_at_index (cm->filter_sets, set_index); + + set->refcnt--; + ASSERT (set->refcnt >= 0); + if (set->refcnt == 0) + { + del_chain = 1; + table_index = set->table_indices[0]; + vec_reset_length (set->table_indices); + pool_put (cm->filter_sets, set); + cm->filter_set_by_sw_if_index[sw_if_index] = 0; + if (sw_if_index > 0) + { + vnet_hw_interface_t *hi = + vnet_get_sup_hw_interface (vnm, sw_if_index); + hi->trace_classify_table_index = ~0; + } + } + } if (is_add) { - for (i = 0; i < vec_len (vnm->classify_filter_table_indices); i++) + u32 set_index = 0; + + if (sw_if_index < vec_len (cm->filter_set_by_sw_if_index)) + set_index = cm->filter_set_by_sw_if_index[sw_if_index]; + + /* Do we have a filter set for this intfc / pcap yet? */ + if (set_index == 0) + { + pool_get (cm->filter_sets, set); + set->refcnt = 1; + } + else + set = pool_elt_at_index (cm->filter_sets, set_index); + + for (i = 0; i < vec_len (set->table_indices); i++) { t = pool_elt_at_index (cm->tables, i); /* classifier geometry mismatch, can't use this table */ @@ -1776,7 +1825,33 @@ classify_filter_command_fn (vlib_main_t * vm, return 0; /* Remember the table */ - vec_add1 (vnm->classify_filter_table_indices, table_index); + vec_add1 (set->table_indices, table_index); + vec_validate_init_empty (cm->filter_set_by_sw_if_index, sw_if_index, 0); + cm->filter_set_by_sw_if_index[sw_if_index] = set - cm->filter_sets; + + /* Put top table index where device drivers can find them */ + if (sw_if_index > 0) + { + vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index); + ASSERT (vec_len (set->table_indices) > 0); + hi->trace_classify_table_index = set->table_indices[0]; + } + + /* Sort filter tables from most-specific mask to least-specific mask */ + vec_sort_with_function (set->table_indices, filter_table_mask_compare); + + ASSERT (set); + + /* Setup next_table_index fields */ + for (i = 0; i < vec_len (set->table_indices); i++) + { + t = pool_elt_at_index (cm->tables, set->table_indices[i]); + + if ((i + 1) < vec_len (set->table_indices)) + t->next_table_index = set->table_indices[i + 1]; + else + t->next_table_index = ~0; + } found_table: @@ -1785,7 +1860,6 @@ found_table: cm, &match_vector, table_index) == 0) return 0; - /* * We use hit or miss to determine whether to trace or pcap pkts * so the session setup is very limited @@ -1800,24 +1874,6 @@ found_table: vec_free (match_vector); - /* Sort filter tables from most-specific mask to least-specific mask */ - vec_sort_with_function (vnm->classify_filter_table_indices, - filter_table_mask_compare); - - ASSERT (vec_len (vnm->classify_filter_table_indices)); - - /* Setup next_table_index fields */ - for (i = 0; i < vec_len (vnm->classify_filter_table_indices); i++) - { - t = pool_elt_at_index (cm->tables, - vnm->classify_filter_table_indices[i]); - - if ((i + 1) < vec_len (vnm->classify_filter_table_indices)) - t->next_table_index = vnm->classify_filter_table_indices[i + 1]; - else - t->next_table_index = ~0; - } - return 0; } @@ -1891,12 +1947,96 @@ VLIB_CLI_COMMAND (classify_filter, static) = { .path = "classify filter", .short_help = - "classify filter mask <mask-value> match <match-value> [del]" + "classify filter <intfc> | pcap mask <mask-value> match <match-value> [del]" "[buckets <nn>] [memory-size <n>]", .function = classify_filter_command_fn, }; /* *INDENT-ON* */ +static clib_error_t * +show_classify_filter_command_fn (vlib_main_t * vm, + unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + vnet_classify_main_t *cm = &vnet_classify_main; + vnet_main_t *vnm = vnet_get_main (); + vnet_classify_filter_set_t *set; + u8 *name = 0; + u8 *s = 0; + u32 set_index; + u32 table_index; + int verbose = 0; + int i, j; + + (void) unformat (input, "verbose %=", &verbose, 1); + + vlib_cli_output (vm, "%-30s%s", "Filter Used By", " Table(s)"); + vlib_cli_output (vm, "%-30s%s", "--------------", " --------"); + + for (i = 0; i < vec_len (cm->filter_set_by_sw_if_index); i++) + { + set_index = cm->filter_set_by_sw_if_index[i]; + + if (set_index == 0 && verbose == 0) + continue; + + set = pool_elt_at_index (cm->filter_sets, set_index); + + if (i == 0) + name = format (0, "pcap rx/tx/drop:"); + else + name = format (0, "%U:", format_vnet_sw_if_index_name, vnm, i); + + if (verbose) + { + u8 *s = 0; + u32 table_index; + + for (j = 0; j < vec_len (set->table_indices); j++) + { + table_index = set->table_indices[j]; + if (table_index != ~0) + s = format (s, " %u", table_index); + else + s = format (s, " none"); + } + + vlib_cli_output (vm, "%-30s table(s)%s", name, s); + vec_reset_length (s); + } + else + { + u8 *s = 0; + table_index = set->table_indices[0]; + + if (table_index != ~0) + s = format (s, " %u", table_index); + else + s = format (s, " none"); + + vlib_cli_output (vm, "%-30s first table%s", name, s); + vec_reset_length (s); + } + vec_reset_length (name); + } + vec_free (s); + vec_free (name); + return 0; +} + + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (show_classify_filter, static) = +{ + .path = "show classify filter", + .short_help = "show classify filter [verbose [nn]]", + .function = show_classify_filter_command_fn, +}; +/* *INDENT-ON* */ + + + + static u8 * format_vnet_classify_table (u8 * s, va_list * args) { @@ -2710,6 +2850,7 @@ static clib_error_t * vnet_classify_init (vlib_main_t * vm) { vnet_classify_main_t *cm = &vnet_classify_main; + vnet_classify_filter_set_t *set; cm->vlib_main = vm; cm->vnet_main = vnet_get_main (); @@ -2727,6 +2868,14 @@ vnet_classify_init (vlib_main_t * vm) vnet_classify_register_unformat_acl_next_index_fn (unformat_acl_next_node); + /* Filter set 0 is grounded... */ + pool_get (cm->filter_sets, set); + set->refcnt = 0x7FFFFFFF; + vec_validate (set->table_indices, 0); + set->table_indices[0] = ~0; + /* Initialize the pcap filter set */ + vec_validate (cm->filter_set_by_sw_if_index, 0); + return 0; } diff --git a/src/vnet/classify/vnet_classify.h b/src/vnet/classify/vnet_classify.h index 35a5db3d27b..c08cedf6b03 100644 --- a/src/vnet/classify/vnet_classify.h +++ b/src/vnet/classify/vnet_classify.h @@ -179,6 +179,12 @@ typedef struct } vnet_classify_table_t; +typedef struct +{ + int refcnt; + u32 *table_indices; +} vnet_classify_filter_set_t; + struct _vnet_classify_main { /* Table pool */ @@ -191,6 +197,12 @@ struct _vnet_classify_main unformat_function_t **unformat_policer_next_index_fns; unformat_function_t **unformat_opaque_index_fns; + /* Pool of filter sets */ + vnet_classify_filter_set_t *filter_sets; + + /* Per-interface filter set map. [0] is used for pcap */ + u32 *filter_set_by_sw_if_index; + /* convenience variables */ vlib_main_t *vlib_main; vnet_main_t *vnet_main; diff --git a/src/vnet/ethernet/node.c b/src/vnet/ethernet/node.c index ee14e40d881..63ce0ce1c6c 100755 --- a/src/vnet/ethernet/node.c +++ b/src/vnet/ethernet/node.c @@ -1001,7 +1001,6 @@ ethernet_input_trace (vlib_main_t * vm, vlib_node_runtime_t * node, if (PREDICT_FALSE (vlib_global_main.pcap.pcap_rx_enable)) { u32 bi0; - vnet_main_t *vnm = vnet_get_main (); vnet_pcap_t *pp = &vlib_global_main.pcap; from = vlib_frame_vector_args (from_frame); @@ -1014,12 +1013,11 @@ ethernet_input_trace (vlib_main_t * vm, vlib_node_runtime_t * node, from++; n_left--; b0 = vlib_get_buffer (vm, bi0); - if (vec_len (vnm->classify_filter_table_indices)) + if (pp->filter_classify_table_index != ~0) { classify_filter_result = vnet_is_packet_traced_inline - (b0, vnm->classify_filter_table_indices[0], - 0 /* full classify */ ); + (b0, pp->filter_classify_table_index, 0 /* full classify */ ); if (classify_filter_result) pcap_add_buffer (&pp->pcap_main, vm, bi0, pp->max_bytes_per_pkt); diff --git a/src/vnet/interface.c b/src/vnet/interface.c index 9aaca46f74a..0f6b8aeab07 100644 --- a/src/vnet/interface.c +++ b/src/vnet/interface.c @@ -768,6 +768,7 @@ vnet_register_interface (vnet_main_t * vnm, pool_get (im->hw_interfaces, hw); clib_memset (hw, 0, sizeof (*hw)); + hw->trace_classify_table_index = ~0; hw_index = hw - im->hw_interfaces; hw->hw_if_index = hw_index; diff --git a/src/vnet/interface.h b/src/vnet/interface.h index 00ed1f03151..7d73c5f6473 100644 --- a/src/vnet/interface.h +++ b/src/vnet/interface.h @@ -498,6 +498,7 @@ typedef enum vnet_hw_interface_flags_t_ that packets flow over. */ typedef struct vnet_hw_interface_t { + CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); /* Interface name. */ u8 *name; @@ -579,7 +580,10 @@ typedef struct vnet_hw_interface_t /* numa node that hardware device connects to */ u8 numa_node; - u8 padding[3]; + /* trace */ + i32 n_trace; + + u32 trace_classify_table_index; } vnet_hw_interface_t; extern vnet_device_class_t vnet_local_interface_device_class; diff --git a/src/vnet/interface_cli.c b/src/vnet/interface_cli.c index e6b251da17f..c622a605be8 100644 --- a/src/vnet/interface_cli.c +++ b/src/vnet/interface_cli.c @@ -1734,9 +1734,10 @@ int vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a) { vlib_main_t *vm = vlib_get_main (); - vnet_main_t *vnm = vnet_get_main (); vnet_pcap_t *pp = &vm->pcap; pcap_main_t *pm = &pp->pcap_main; + vnet_classify_main_t *cm = &vnet_classify_main; + vnet_classify_filter_set_t *set = 0; if (a->status) { @@ -1772,9 +1773,11 @@ vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a) && (pm->n_packets_to_capture != a->packets_to_capture)) return VNET_API_ERROR_INVALID_VALUE_2; + set = pool_elt_at_index (cm->filter_sets, cm->filter_set_by_sw_if_index[0]); + /* Classify filter specified, but no classify filter configured */ - if ((a->rx_enable + a->tx_enable + a->drop_enable) && a->filter - && (vec_len (vnm->classify_filter_table_indices) == 0)) + if ((a->rx_enable + a->tx_enable + a->drop_enable) && a->filter && + (set->table_indices[0] == ~0)) return VNET_API_ERROR_NO_SUCH_LABEL; if (a->rx_enable + a->tx_enable + a->drop_enable) @@ -1812,8 +1815,7 @@ vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a) pm->n_packets_to_capture = a->packets_to_capture; pp->pcap_sw_if_index = a->sw_if_index; if (a->filter) - pp->filter_classify_table_index = - vnm->classify_filter_table_indices[0]; + pp->filter_classify_table_index = set->table_indices[0]; else pp->filter_classify_table_index = ~0; pp->pcap_rx_enable = a->rx_enable; @@ -1826,6 +1828,7 @@ vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a) pp->pcap_rx_enable = 0; pp->pcap_tx_enable = 0; pp->pcap_drop_enable = 0; + pp->filter_classify_table_index = ~0; if (pm->n_packets_captured) { clib_error_t *error; @@ -1866,7 +1869,7 @@ pcap_trace_command_fn (vlib_main_t * vm, int drop_enable = 0; int status = 0; int filter = 0; - u32 sw_if_index = 0; + u32 sw_if_index = ~0; /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) @@ -1989,6 +1992,11 @@ pcap_trace_command_fn (vlib_main_t * vm, * packet capture are preserved, so '<em>any</em>' can be used to reset * the interface setting. * + * - <b>filter</b> - Use the pcap rx / tx / drop trace filter, which + * must be configured. Use <b>classify filter pcap...</b> to configure the + * filter. The filter will only be executed if the per-interface or + * any-interface tests fail. + * * - <b>file <name></b> - Used to specify the output filename. The file will * be placed in the '<em>/tmp</em>' directory, so only the filename is * supported. Directory should not be entered. If file already exists, file @@ -2027,7 +2035,7 @@ pcap_trace_command_fn (vlib_main_t * vm, VLIB_CLI_COMMAND (pcap_tx_trace_command, static) = { .path = "pcap trace", .short_help = - "pcap trace rx tx drop off [max <nn>] [intfc <interface>|any] [file <name>] [status] [max-bytes-per-pkt <nnnn>]", + "pcap trace rx tx drop off [max <nn>] [intfc <interface>|any] [file <name>] [status] [max-bytes-per-pkt <nnnn>][filter]", .function = pcap_trace_command_fn, }; /* *INDENT-ON* */ diff --git a/src/vnet/interface_output.c b/src/vnet/interface_output.c index 8e257014789..707b1167a48 100644 --- a/src/vnet/interface_output.c +++ b/src/vnet/interface_output.c @@ -802,7 +802,6 @@ static_always_inline void vnet_interface_pcap_tx_trace { u32 n_left_from, *from; u32 sw_if_index; - vnet_main_t *vnm; vnet_pcap_t *pp = &vlib_global_main.pcap; if (PREDICT_TRUE (pp->pcap_tx_enable == 0)) @@ -816,7 +815,6 @@ static_always_inline void vnet_interface_pcap_tx_trace else sw_if_index = ~0; - vnm = vnet_get_main (); n_left_from = frame->n_vectors; from = vlib_frame_vector_args (frame); @@ -828,12 +826,11 @@ static_always_inline void vnet_interface_pcap_tx_trace from++; n_left_from--; - if (vec_len (vnm->classify_filter_table_indices)) + if (pp->filter_classify_table_index != ~0) { classify_filter_result = vnet_is_packet_traced_inline - (b0, vnm->classify_filter_table_indices[0], - 0 /* full classify */ ); + (b0, pp->filter_classify_table_index, 0 /* full classify */ ); if (classify_filter_result) pcap_add_buffer (&pp->pcap_main, vm, bi0, pp->max_bytes_per_pkt); continue; @@ -1178,6 +1175,8 @@ pcap_drop_trace (vlib_main_t * vm, i16 save_current_data; u16 save_current_length; vlib_error_main_t *em = &vm->error_main; + int do_trace = 0; + from = vlib_frame_vector_args (f); @@ -1199,9 +1198,18 @@ pcap_drop_trace (vlib_main_t * vm, && hash_get (im->pcap_drop_filter_hash, b0->error)) continue; + do_trace = (pp->pcap_sw_if_index == 0) || + pp->pcap_sw_if_index == vnet_buffer (b0)->sw_if_index[VLIB_RX]; + + if (PREDICT_FALSE + (do_trace == 0 && pp->filter_classify_table_index != ~0)) + { + do_trace = vnet_is_packet_traced_inline + (b0, pp->filter_classify_table_index, 0 /* full classify */ ); + } + /* Trace all drops, or drops received on a specific interface */ - if (pp->pcap_sw_if_index == 0 || - pp->pcap_sw_if_index == vnet_buffer (b0)->sw_if_index[VLIB_RX]) + if (do_trace) { save_current_data = b0->current_data; save_current_length = b0->current_length; diff --git a/src/vnet/vnet.h b/src/vnet/vnet.h index a726f0379ef..3b20f71917b 100644 --- a/src/vnet/vnet.h +++ b/src/vnet/vnet.h @@ -77,9 +77,6 @@ typedef struct vnet_main_t */ vnet_api_error_t api_errno; - /* pcap rx/tx, packet tracer filter tables */ - u32 *classify_filter_table_indices; - vlib_main_t *vlib_main; } vnet_main_t; |