summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/session_inlines.h
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2018-06-12 15:15:49 +0200
committerDamjan Marion <dmarion@me.com>2018-06-13 12:13:11 +0000
commitc7d50970d4ed8a4889b4374e6a1559aef7d3dcc0 (patch)
tree1fc664442e2e94cac0edffe73d24e76367fc417e /src/plugins/acl/session_inlines.h
parenteaba9340dab289109106bed3a0d4c76496e496e5 (diff)
acl-plugin: change the src/dst L3 info in 5tuple struct to be always contiguous with L4 data
Using ip46_address_t was convenient from operational point of view but created some difficulties dealing with IPv4 addresses - the extra 3x of u32 padding are costly, and the "holes" mean we can not use the smaller key-value data structures for the lookup. This commit changes the 5tuple layout for the IPv4 case, such that the src/dst addresses directly precede the L4 information. That will allow to treat the same data within 40x8 key-value structure as a 16x8 key-value structure starting with 24 byte offset. Change-Id: Ifea8d266ca0b9c931d44440bf6dc62446c1a83ec Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl/session_inlines.h')
-rw-r--r--src/plugins/acl/session_inlines.h34
1 files changed, 27 insertions, 7 deletions
diff --git a/src/plugins/acl/session_inlines.h b/src/plugins/acl/session_inlines.h
index 709ecc8cae1..01dface323e 100644
--- a/src/plugins/acl/session_inlines.h
+++ b/src/plugins/acl/session_inlines.h
@@ -262,6 +262,16 @@ acl_fa_restart_timer_for_session (acl_main_t * am, u64 now,
}
}
+always_inline int
+is_ip6_5tuple (fa_5tuple_t * p5t)
+{
+ return (p5t->l3_zero_pad[0] | p5t->
+ l3_zero_pad[1] | p5t->l3_zero_pad[2] | p5t->l3_zero_pad[3] | p5t->
+ l3_zero_pad[4] | p5t->l3_zero_pad[5]) != 0;
+}
+
+
+
always_inline u8
acl_fa_track_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
@@ -355,15 +365,24 @@ reverse_l4_u64 (u64 l4, int is_ip6)
}
always_inline void
-reverse_session_add_del (acl_main_t * am, const int is_ip6,
+reverse_session_add_del (acl_main_t * am, int is_ip6,
clib_bihash_kv_40_8_t * pkv, int is_add)
{
clib_bihash_kv_40_8_t kv2;
- /* the first 4xu64 is two addresses, so just swap them */
- kv2.key[0] = pkv->key[2];
- kv2.key[1] = pkv->key[3];
- kv2.key[2] = pkv->key[0];
- kv2.key[3] = pkv->key[1];
+ if (is_ip6)
+ {
+ kv2.key[0] = pkv->key[2];
+ kv2.key[1] = pkv->key[3];
+ kv2.key[2] = pkv->key[0];
+ kv2.key[3] = pkv->key[1];
+ }
+ else
+ {
+ kv2.key[0] = kv2.key[1] = kv2.key[2] = 0;
+ kv2.key[3] =
+ ((pkv->key[3] & 0xffffffff) << 32) | ((pkv->key[3] >> 32) &
+ 0xffffffff);
+ }
/* the last u64 needs special treatment (ports, etc.) */
kv2.key[4] = reverse_l4_u64 (pkv->key[4], is_ip6);
kv2.value = pkv->value;
@@ -379,7 +398,7 @@ acl_fa_deactivate_session (acl_main_t * am, u32 sw_if_index,
ASSERT (sess->thread_index == os_get_thread_index ());
clib_bihash_add_del_40_8 (&am->fa_sessions_hash, &sess->info.kv, 0);
- reverse_session_add_del (am, sess->info.pkt.is_ip6, &sess->info.kv, 0);
+ reverse_session_add_del (am, sess->is_ip6, &sess->info.kv, 0);
sess->deleted = 1;
clib_smp_atomic_add (&am->fa_session_total_deactivations, 1);
}
@@ -513,6 +532,7 @@ acl_fa_add_session (acl_main_t * am, int is_input, int is_ip6,
sess->link_prev_idx = FA_SESSION_BOGUS_INDEX;
sess->link_next_idx = FA_SESSION_BOGUS_INDEX;
sess->deleted = 0;
+ sess->is_ip6 = is_ip6;
acl_fa_conn_list_add_session (am, f_sess_id, now);