diff options
| author |   Andrew Yourtchenko <ayourtch@gmail.com> | 2018-06-12 15:15:49 +0200 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2018-06-13 12:13:11 +0000 |
| commit | c7d50970d4ed8a4889b4374e6a1559aef7d3dcc0 (patch) | |
| tree | 1fc664442e2e94cac0edffe73d24e76367fc417e /src/plugins/acl/session_inlines.h | |
| parent | eaba9340dab289109106bed3a0d4c76496e496e5 (diff) | |
acl-plugin: change the src/dst L3 info in 5tuple struct to be always contiguous with L4 data
Using ip46_address_t was convenient from operational point of view but created
some difficulties dealing with IPv4 addresses - the extra 3x of u32 padding
are costly, and the "holes" mean we can not use the smaller key-value
data structures for the lookup.
This commit changes the 5tuple layout for the IPv4 case, such that
the src/dst addresses directly precede the L4 information.
That will allow to treat the same data within 40x8 key-value
structure as a 16x8 key-value structure starting with 24 byte offset.
Change-Id: Ifea8d266ca0b9c931d44440bf6dc62446c1a83ec
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl/session_inlines.h')
| -rw-r--r-- | src/plugins/acl/session_inlines.h | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/src/plugins/acl/session_inlines.h b/src/plugins/acl/session_inlines.h index 709ecc8cae1..01dface323e 100644 --- a/src/plugins/acl/session_inlines.h +++ b/src/plugins/acl/session_inlines.h @@ -262,6 +262,16 @@ acl_fa_restart_timer_for_session (acl_main_t * am, u64 now, } } +always_inline int +is_ip6_5tuple (fa_5tuple_t * p5t) +{ + return (p5t->l3_zero_pad[0] | p5t-> + l3_zero_pad[1] | p5t->l3_zero_pad[2] | p5t->l3_zero_pad[3] | p5t-> + l3_zero_pad[4] | p5t->l3_zero_pad[5]) != 0; +} + + + always_inline u8 acl_fa_track_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now, @@ -355,15 +365,24 @@ reverse_l4_u64 (u64 l4, int is_ip6) } always_inline void -reverse_session_add_del (acl_main_t * am, const int is_ip6, +reverse_session_add_del (acl_main_t * am, int is_ip6, clib_bihash_kv_40_8_t * pkv, int is_add) { clib_bihash_kv_40_8_t kv2; - /* the first 4xu64 is two addresses, so just swap them */ - kv2.key[0] = pkv->key[2]; - kv2.key[1] = pkv->key[3]; - kv2.key[2] = pkv->key[0]; - kv2.key[3] = pkv->key[1]; + if (is_ip6) + { + kv2.key[0] = pkv->key[2]; + kv2.key[1] = pkv->key[3]; + kv2.key[2] = pkv->key[0]; + kv2.key[3] = pkv->key[1]; + } + else + { + kv2.key[0] = kv2.key[1] = kv2.key[2] = 0; + kv2.key[3] = + ((pkv->key[3] & 0xffffffff) << 32) | ((pkv->key[3] >> 32) & + 0xffffffff); + } /* the last u64 needs special treatment (ports, etc.) */ kv2.key[4] = reverse_l4_u64 (pkv->key[4], is_ip6); kv2.value = pkv->value; @@ -379,7 +398,7 @@ acl_fa_deactivate_session (acl_main_t * am, u32 sw_if_index, ASSERT (sess->thread_index == os_get_thread_index ()); clib_bihash_add_del_40_8 (&am->fa_sessions_hash, &sess->info.kv, 0); - reverse_session_add_del (am, sess->info.pkt.is_ip6, &sess->info.kv, 0); + reverse_session_add_del (am, sess->is_ip6, &sess->info.kv, 0); sess->deleted = 1; clib_smp_atomic_add (&am->fa_session_total_deactivations, 1); } @@ -513,6 +532,7 @@ acl_fa_add_session (acl_main_t * am, int is_input, int is_ip6, sess->link_prev_idx = FA_SESSION_BOGUS_INDEX; sess->link_next_idx = FA_SESSION_BOGUS_INDEX; sess->deleted = 0; + sess->is_ip6 = is_ip6; acl_fa_conn_list_add_session (am, f_sess_id, now); |