diff options
author | Jon Loeliger <jdl@netgate.com> | 2020-10-15 14:41:36 -0400 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2020-12-15 15:14:05 +0000 |
commit | 5c1e48c01b50ddbd7623228e3dbc94d835d23813 (patch) | |
tree | c38d75e9f471b5dbee8968230c5f0bf538f2d53e /src/vnet/classify | |
parent | 510aaa8911843206f7b9ff48b41e3c7b8c4a99fe (diff) |
classify: add pcap/trace classfier mgmt API calls
Add lookup/get/set API calls to manage both PCAP and Trace
filtering Classifier tables.
The "lookup" call may be used to identify a Classifier table
within a chain of tables taht matches a particular mask vector.
For efficiency, this call should be used to determine to which
table a match vector should be added.
The "get" calls return the first table within a chain (either
a PCAP or the Trace) set of tables. The "set" call may be
used to add a new table to one such chain. If the "sort_masks"
flag is set, the tables within the chain are ordered such that
the most-specific mask is first, and the least-specific mask
is last. A call that "sets" a chain to ~0 will delete and free
all the tables with a chain.
The PCAP filters are per-interface, with "local0", (that is,
sw_if_index == 0) holding the system-wide PCAP filter.
The Classifier used a reference-counted "set" for each PCAP
or trace filter that it stored. The ref counts were not used,
and the vector of tables was only used temporarily to establish
a sorted order for tables based on masks. None of that
complexity was actually warranted, and where it was used,
the same could be achieved more simply.
Type: refactor
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Icc56116cca91b91c631ca0628e814fb53f3677d2
Diffstat (limited to 'src/vnet/classify')
-rw-r--r-- | src/vnet/classify/classify.api | 171 | ||||
-rw-r--r-- | src/vnet/classify/classify_api.c | 297 | ||||
-rw-r--r-- | src/vnet/classify/vnet_classify.c | 405 | ||||
-rw-r--r-- | src/vnet/classify/vnet_classify.h | 24 |
4 files changed, 709 insertions, 188 deletions
diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api index 38c7343af72..c569fe6a599 100644 --- a/src/vnet/classify/classify.api +++ b/src/vnet/classify/classify.api @@ -13,7 +13,7 @@ * limitations under the License. */ -option version = "3.0.0"; +option version = "3.1.0"; import "vnet/interface_types.api"; @@ -442,6 +442,175 @@ autoreply define output_acl_set_interface bool is_add; }; + + +/** \brief Find a compatible Classify table in a PCAP chain + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param sw_if_index - interface whose chain will be searched, 0==system-wide + @param skip_n_vectors - number of u32x4 skip vectors + @param match_n_vectors - number of u32x4 vectors, 1..5 + @param mask_len - length of mask, match_n_vectors * sizeof(u32x4) + @param mask - match mask +*/ +define classify_pcap_lookup_table +{ + u32 client_index; + u32 context; + vl_api_interface_index_t sw_if_index [default=0xffffffff]; + u32 skip_n_vectors [default=0]; + u32 match_n_vectors [default=1]; + u32 mask_len; + u8 mask[mask_len]; +}; + +/** \brief Classify pcap table lookup response + @param context - sender context, to match reply w/ request + @param retval - return code for the table lookup request + @param table_index - returned index of the found table, or ~0 + */ +define classify_pcap_lookup_table_reply +{ + u32 context; + i32 retval; + u32 table_index; +}; + +/** \brief Add a Classify table into a PCAP chain on an interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param sw_if_index - interface whose chain will be searched, 0==system-wide + @param table_index - Classify table to be added + @param sort_masks - 1=sort masks into most-to-least specific order + */ +define classify_pcap_set_table +{ + u32 client_index; + u32 context; + vl_api_interface_index_t sw_if_index; + u32 table_index [default=0xffffffff]; + bool sort_masks [default=0]; +}; + +/** \brief Classify pcap table lookup response + @param context - sender context which was passed in the request + @param retval - return code for the table lookup request + @param table_index - returned index of the sorted table chain + */ +define classify_pcap_set_table_reply +{ + u32 context; + i32 retval; + u32 table_index; +}; + +/** \brief Classify get the PCAP table indices for an interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + */ +define classify_pcap_get_tables +{ + u32 client_index; + u32 context; + vl_api_interface_index_t sw_if_index; +}; + +/** \brief Classify get a PCAP tables response + @param context - sender context which was passed in the request + @param retval - return code for the request + @param count - number of ids returned in response + @param indices - array of classify table indices + */ +define classify_pcap_get_tables_reply +{ + u32 context; + i32 retval; + u32 count; + u32 indices[count]; +}; + + + +/** \brief Find a mask-compatible Classify table in the Trace chain + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param skip_n_vectors - number of u32x4 skip vectors + @param match_n_vectors - number of u32x4 vectors, 1..5 + @param mask_len - length of mask, match_n_vectors * sizeof(u32x4) + @param mask - match mask +*/ +define classify_trace_lookup_table +{ + u32 client_index; + u32 context; + u32 skip_n_vectors [default=0]; + u32 match_n_vectors [default=1]; + u32 mask_len; + u8 mask[mask_len]; +}; + +/** \brief Classify trace table lookup response + @param context - sender context which was passed in the request + @param retval - return code for the table lookup request + @param table_index - returned index of the found table, or ~0 + */ +define classify_trace_lookup_table_reply +{ + u32 context; + i32 retval; + u32 table_index; +}; + +/** \brief Add a Classify table into the Trace chain + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param table_index - Classify table to be added + @param sort_masks - 1=sort masks into most-to-least specific order + */ +define classify_trace_set_table +{ + u32 client_index; + u32 context; + u32 table_index [default=0xffffffff]; + bool sort_masks [default=0]; +}; + +/** \brief Classify Trace table lookup response + @param context - sender context which was passed in the request + @param retval - return code for the table lookup request + @param table_index - returned index of the sorted table chain + */ +define classify_trace_set_table_reply +{ + u32 context; + i32 retval; + u32 table_index; +}; + +/** \brief Classify get the Trace table indices + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + */ +define classify_trace_get_tables +{ + u32 client_index; + u32 context; +}; + +/** \brief Classify get the Trace tables response + @param context - sender context which was passed in the request + @param retval - return code for the request + @param count - number of ids returned in response + @param indices - array of classify table indices + */ +define classify_trace_get_tables_reply +{ + u32 context; + i32 retval; + u32 count; + u32 indices[count]; +}; + /* * Local Variables: * eval: (c-set-style "gnu") diff --git a/src/vnet/classify/classify_api.c b/src/vnet/classify/classify_api.c index f489928ae6d..4b182ca9a0a 100644 --- a/src/vnet/classify/classify_api.c +++ b/src/vnet/classify/classify_api.c @@ -52,10 +52,10 @@ #define foreach_vpe_api_msg \ _(CLASSIFY_ADD_DEL_TABLE, classify_add_del_table) \ _(CLASSIFY_ADD_DEL_SESSION, classify_add_del_session) \ -_(CLASSIFY_TABLE_IDS,classify_table_ids) \ +_(CLASSIFY_TABLE_IDS, classify_table_ids) \ _(CLASSIFY_TABLE_BY_INTERFACE, classify_table_by_interface) \ -_(CLASSIFY_TABLE_INFO,classify_table_info) \ -_(CLASSIFY_SESSION_DUMP,classify_session_dump) \ +_(CLASSIFY_TABLE_INFO, classify_table_info) \ +_(CLASSIFY_SESSION_DUMP, classify_session_dump) \ _(POLICER_CLASSIFY_SET_INTERFACE, policer_classify_set_interface) \ _(POLICER_CLASSIFY_DUMP, policer_classify_dump) \ _(FLOW_CLASSIFY_SET_INTERFACE, flow_classify_set_interface) \ @@ -63,7 +63,14 @@ _(FLOW_CLASSIFY_DUMP, flow_classify_dump) \ _(INPUT_ACL_SET_INTERFACE, input_acl_set_interface) \ _(CLASSIFY_SET_INTERFACE_IP_TABLE, classify_set_interface_ip_table) \ _(CLASSIFY_SET_INTERFACE_L2_TABLES, classify_set_interface_l2_tables) \ -_(OUTPUT_ACL_SET_INTERFACE, output_acl_set_interface) +_(OUTPUT_ACL_SET_INTERFACE, output_acl_set_interface) \ +_(CLASSIFY_PCAP_LOOKUP_TABLE, classify_pcap_lookup_table) \ +_(CLASSIFY_PCAP_SET_TABLE, classify_pcap_set_table) \ +_(CLASSIFY_PCAP_GET_TABLES, classify_pcap_get_tables) \ +_(CLASSIFY_TRACE_LOOKUP_TABLE, classify_trace_lookup_table) \ +_(CLASSIFY_TRACE_SET_TABLE, classify_trace_set_table) \ +_(CLASSIFY_TRACE_GET_TABLES, classify_trace_get_tables) \ + #define foreach_classify_add_del_table_field \ _(table_index) \ @@ -75,6 +82,286 @@ _(next_table_index) \ _(miss_next_index) \ _(mask_len) + +static void vl_api_classify_pcap_lookup_table_t_handler + (vl_api_classify_pcap_lookup_table_t * mp) +{ + vnet_classify_main_t *cm = &vnet_classify_main; + vl_api_registration_t *reg; + vl_api_classify_pcap_lookup_table_reply_t *rmp; + int rv = 0; + u32 table_index = ~0; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + u32 n_skip = ntohl (mp->skip_n_vectors); + u32 n_match = ntohl (mp->match_n_vectors); + u32 mask_len = ntohl (mp->mask_len); + u32 sw_if_index = ntohl (mp->sw_if_index); + + if (n_skip > 5 + || 0 <= n_match || n_match > 5 + || mask_len != n_match * sizeof (u32x4) + || sw_if_index == ~0 + || sw_if_index >= vec_len (cm->classify_table_index_by_sw_if_index)) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto out; + } + + u32 table_chain; + table_chain = classify_get_pcap_chain (cm, sw_if_index); + + u8 *mask_vec = 0; + vec_validate (mask_vec, mask_len - 1); + clib_memcpy (mask_vec, mp->mask, mask_len); + + if (table_chain != ~0) + table_index = classify_lookup_chain (table_chain, + mask_vec, n_skip, n_match); + + vec_free (mask_vec); + +out: + rmp = vl_msg_api_alloc (sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_PCAP_LOOKUP_TABLE_REPLY); + rmp->context = mp->context; + rmp->retval = ntohl (rv); + rmp->table_index = htonl (table_index); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void vl_api_classify_pcap_set_table_t_handler + (vl_api_classify_pcap_set_table_t * mp) +{ + vnet_classify_main_t *cm = &vnet_classify_main; + vl_api_classify_pcap_set_table_reply_t *rmp; + vl_api_registration_t *reg; + int rv = 0; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + u32 table_index = ntohl (mp->table_index); + u32 sw_if_index = ntohl (mp->sw_if_index); + + if (sw_if_index == ~0 + || sw_if_index >= vec_len (cm->classify_table_index_by_sw_if_index) + || (table_index != ~0 && pool_is_free_index (cm->tables, table_index))) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto out; + } + + /* + * Maybe reorder tables such that masks are most-specify to least-specific. + */ + if (table_index != ~0 && mp->sort_masks) + table_index = classify_sort_table_chain (cm, table_index); + + classify_set_pcap_chain (cm, sw_if_index, table_index); + +out: + rmp = vl_msg_api_alloc (sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_PCAP_SET_TABLE_REPLY); + rmp->context = mp->context; + rmp->retval = ntohl (rv); + rmp->table_index = htonl (table_index); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void vl_api_classify_pcap_get_tables_t_handler + (vl_api_classify_pcap_get_tables_t * mp) +{ + vnet_classify_main_t *cm = &vnet_classify_main; + vl_api_classify_pcap_get_tables_reply_t *rmp; + vl_api_registration_t *reg; + int rv = 0; + u32 *tables = 0; + u32 count; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + u32 sw_if_index = ntohl (mp->sw_if_index); + if (sw_if_index == ~0 + || sw_if_index >= vec_len (cm->classify_table_index_by_sw_if_index)) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto out; + } + + u32 table_index = classify_get_pcap_chain (cm, sw_if_index); + if (table_index == ~0) + goto out; + + /* + * Form a vector of all classifier tables in this chain. + */ + vnet_classify_table_t *t; + u32 i; + + for (i = table_index; i != ~0; i = t->next_table_index) + { + vec_add1 (tables, i); + t = pool_elt_at_index (cm->tables, i); + } + +out: + count = vec_len (tables); + rmp = vl_msg_api_alloc_as_if_client (sizeof (*rmp) + count * sizeof (u32)); + rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_PCAP_GET_TABLES_REPLY); + rmp->context = mp->context; + rmp->retval = ntohl (rv); + rmp->count = htonl (count); + + for (i = 0; i < count; ++i) + { + rmp->indices[i] = htonl (tables[i]); + } + + vec_free (tables); + + vl_api_send_msg (reg, (u8 *) rmp); +} + + +static void vl_api_classify_trace_lookup_table_t_handler + (vl_api_classify_trace_lookup_table_t * mp) +{ + vl_api_classify_trace_lookup_table_reply_t *rmp; + vl_api_registration_t *reg; + int rv = 0; + u32 table_index = ~0; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + u32 n_skip = ntohl (mp->skip_n_vectors); + u32 n_match = ntohl (mp->match_n_vectors); + u32 mask_len = ntohl (mp->mask_len); + if (n_skip > 5 + || n_match == 0 || n_match > 5 || mask_len != n_match * sizeof (u32x4)) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto out; + } + + u32 table_chain; + table_chain = classify_get_trace_chain (); + + u8 *mask_vec = 0; + vec_validate (mask_vec, mask_len - 1); + clib_memcpy (mask_vec, mp->mask, mask_len); + + if (table_chain != ~0) + table_index = classify_lookup_chain (table_chain, + mask_vec, n_skip, n_match); + vec_free (mask_vec); + +out: + rmp = vl_msg_api_alloc (sizeof (*rmp)); + rmp->_vl_msg_id = ntohs ((VL_API_CLASSIFY_TRACE_LOOKUP_TABLE_REPLY)); + rmp->context = mp->context; + rmp->retval = ntohl (rv); + rmp->table_index = htonl (table_index); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void vl_api_classify_trace_set_table_t_handler + (vl_api_classify_trace_set_table_t * mp) +{ + vnet_classify_main_t *cm = &vnet_classify_main; + vl_api_classify_trace_set_table_reply_t *rmp; + vl_api_registration_t *reg; + int rv = 0; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + u32 table_index = ntohl (mp->table_index); + if (table_index != ~0 && pool_is_free_index (cm->tables, table_index)) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto out; + } + + /* + * Maybe reorder tables such that masks are most-specific to least-specific. + */ + if (table_index != ~0 && mp->sort_masks) + table_index = classify_sort_table_chain (cm, table_index); + + classify_set_trace_chain (cm, table_index); + +out: + rmp = vl_msg_api_alloc (sizeof (*rmp)); + rmp->_vl_msg_id = ntohs ((VL_API_CLASSIFY_TRACE_SET_TABLE_REPLY)); + rmp->context = mp->context; + rmp->retval = ntohl (rv); + rmp->table_index = htonl (table_index); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void vl_api_classify_trace_get_tables_t_handler + (vl_api_classify_trace_get_tables_t * mp) +{ + vnet_classify_main_t *cm = &vnet_classify_main; + vl_api_classify_trace_get_tables_reply_t *rmp; + vl_api_registration_t *reg; + int rv = 0; + u32 *tables = 0; + u32 count; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + u32 table_index = classify_get_trace_chain (); + if (table_index == ~0) + goto out; + + /* + * Form a vector of all classifier tables in this chain. + */ + vnet_classify_table_t *t; + u32 i; + + for (i = table_index; i != ~0; i = t->next_table_index) + { + vec_add1 (tables, i); + t = pool_elt_at_index (cm->tables, i); + } + +out: + count = vec_len (tables); + rmp = vl_msg_api_alloc_as_if_client (sizeof (*rmp) + count * sizeof (u32)); + rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_TRACE_GET_TABLES_REPLY); + rmp->context = mp->context; + rmp->retval = ntohl (rv); + rmp->count = htonl (count); + + for (i = 0; i < count; ++i) + { + rmp->indices[i] = htonl (tables[i]); + } + + vec_free (tables); + + vl_api_send_msg (reg, (u8 *) rmp); +} + + static void vl_api_classify_add_del_table_t_handler (vl_api_classify_add_del_table_t * mp) { @@ -391,7 +678,7 @@ vl_api_classify_table_info_t_handler (vl_api_classify_table_info_t * mp) if (rmp == 0) { rmp = vl_msg_api_alloc (sizeof (*rmp)); - rmp->_vl_msg_id = ntohs ((VL_API_CLASSIFY_TABLE_INFO_REPLY)); + rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_TABLE_INFO_REPLY); rmp->context = mp->context; rmp->retval = ntohl (VNET_API_ERROR_CLASSIFY_TABLE_NOT_FOUND); } diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c index 088890a5717..7e239cc57a7 100644 --- a/src/vnet/classify/vnet_classify.c +++ b/src/vnet/classify/vnet_classify.c @@ -12,6 +12,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + #include <vnet/classify/vnet_classify.h> #include <vnet/classify/in_out_acl.h> #include <vnet/ip/ip.h> @@ -21,6 +22,8 @@ #include <vppinfra/lock.h> #include <vnet/classify/trace_classify.h> + + /** * @file * @brief N-tuple classifier @@ -1671,6 +1674,165 @@ filter_table_mask_compare (void *a1, void *a2) return 0; } + +/* + * Reorder the chain of tables starting with table_index such + * that more more-specific masks come before less-specific masks. + * Return the new head of the table chain. + */ +u32 +classify_sort_table_chain (vnet_classify_main_t * cm, u32 table_index) +{ + /* + * Form a vector of all classifier tables in this chain. + */ + u32 *tables = 0; + vnet_classify_table_t *t; + u32 cti; + for (cti = table_index; cti != ~0; cti = t->next_table_index) + { + vec_add1 (tables, cti); + t = pool_elt_at_index (cm->tables, cti); + } + + /* + * Sort filter tables from most-specific mask to least-specific mask. + */ + vec_sort_with_function (tables, filter_table_mask_compare); + + /* + * Relink tables via next_table_index fields. + */ + int i; + for (i = 0; i < vec_len (tables); i++) + { + t = pool_elt_at_index (cm->tables, tables[i]); + + if ((i + 1) < vec_len (tables)) + t->next_table_index = tables[i + 1]; + else + t->next_table_index = ~0; + } + + table_index = tables[0]; + vec_free (tables); + + return table_index; +} + + +u32 +classify_get_trace_chain (void) +{ + u32 table_index; + + table_index = vlib_global_main.trace_filter.classify_table_index; + + return table_index; +} + +/* + * Seting the Trace chain to ~0 is a request to delete and clear it. + */ +void +classify_set_trace_chain (vnet_classify_main_t * cm, u32 table_index) +{ + if (table_index == ~0) + { + u32 old_table_index; + + old_table_index = vlib_global_main.trace_filter.classify_table_index; + vnet_classify_delete_table_index (cm, old_table_index, 1); + } + + vlib_global_main.trace_filter.classify_table_index = table_index; +} + + +u32 +classify_get_pcap_chain (vnet_classify_main_t * cm, u32 sw_if_index) +{ + u32 table_index = ~0; + + if (sw_if_index != ~0 + && (sw_if_index < vec_len (cm->classify_table_index_by_sw_if_index))) + table_index = cm->classify_table_index_by_sw_if_index[sw_if_index]; + + return table_index; +} + +void +classify_set_pcap_chain (vnet_classify_main_t * cm, + u32 sw_if_index, u32 table_index) +{ + vnet_main_t *vnm = vnet_get_main (); + + if (sw_if_index != ~0 && table_index != ~0) + vec_validate_init_empty (cm->classify_table_index_by_sw_if_index, + sw_if_index, ~0); + + if (table_index == ~0) + { + u32 old_table_index = ~0; + + if (sw_if_index < vec_len (cm->classify_table_index_by_sw_if_index)) + old_table_index = + cm->classify_table_index_by_sw_if_index[sw_if_index]; + + vnet_classify_delete_table_index (cm, old_table_index, 1); + } + + /* + * Put the table index where device drivers can find them. + * This table index will be either a valid table or a ~0 to clear it. + */ + cm->classify_table_index_by_sw_if_index[sw_if_index] = table_index; + if (sw_if_index > 0) + { + vnet_hw_interface_t *hi; + hi = vnet_get_sup_hw_interface (vnm, sw_if_index); + hi->trace_classify_table_index = table_index; + } +} + + +/* + * Search for a mask-compatible Classify table within the given table chain. + */ +u32 +classify_lookup_chain (u32 table_index, u8 * mask, u32 n_skip, u32 n_match) +{ + vnet_classify_main_t *cm = &vnet_classify_main; + vnet_classify_table_t *t; + u32 cti; + + if (table_index == ~0) + return ~0; + + for (cti = table_index; cti != ~0; cti = t->next_table_index) + { + t = pool_elt_at_index (cm->tables, cti); + + /* Classifier geometry mismatch, can't use this table. */ + if (t->match_n_vectors != n_match || t->skip_n_vectors != n_skip) + continue; + + /* Masks aren't congruent, can't use this table. */ + if (vec_len (t->mask) * sizeof (u32x4) != vec_len (mask)) + continue; + + /* Masks aren't bit-for-bit identical, can't use this table. */ + if (memcmp (t->mask, mask, vec_len (mask))) + continue; + + /* Winner... */ + return cti; + } + + return ~0; +} + + static clib_error_t * classify_filter_command_fn (vlib_main_t * vm, unformat_input_t * input, @@ -1683,7 +1845,6 @@ classify_filter_command_fn (vlib_main_t * vm, u32 match = ~0; u8 *match_vector; int is_add = 1; - int del_chain = 0; u32 table_index = ~0; u32 next_table_index = ~0; u32 miss_next_index = ~0; @@ -1692,13 +1853,9 @@ classify_filter_command_fn (vlib_main_t * vm, u32 sw_if_index = ~0; int pkt_trace = 0; int pcap = 0; - int i; - vnet_classify_table_t *t; u8 *mask = 0; vnet_classify_main_t *cm = &vnet_classify_main; int rv = 0; - vnet_classify_filter_set_t *set = 0; - u32 set_index = ~0; clib_error_t *err = 0; unformat_input_t _line_input, *line_input = &_line_input; @@ -1760,149 +1917,78 @@ classify_filter_command_fn (vlib_main_t * vm, if (!is_add) { + /* + * Delete an existing PCAP or trace classify table. + */ if (pkt_trace) - set_index = vlib_global_main.trace_filter.trace_filter_set_index; - else if (sw_if_index < vec_len (cm->filter_set_by_sw_if_index)) - set_index = cm->filter_set_by_sw_if_index[sw_if_index]; - - if (set_index == ~0) - { - if (pkt_trace) - err = - clib_error_return (0, "No pkt trace classify filter set..."); - else if (sw_if_index == 0) - err = clib_error_return (0, "No pcap classify filter set..."); - else - err = clib_error_return (0, "No classify filter set for %U...", - format_vnet_sw_if_index_name, vnm, - sw_if_index); - unformat_free (line_input); - return err; - } - - set = pool_elt_at_index (cm->filter_sets, set_index); - - set->refcnt--; - ASSERT (set->refcnt >= 0); - if (set->refcnt == 0) - { - del_chain = 1; - table_index = set->table_indices[0]; - vec_reset_length (set->table_indices); - pool_put (cm->filter_sets, set); - if (pkt_trace) - { - vlib_global_main.trace_filter.trace_filter_set_index = ~0; - vlib_global_main.trace_filter.trace_classify_table_index = ~0; - } - else - { - cm->filter_set_by_sw_if_index[sw_if_index] = ~0; - if (sw_if_index > 0) - { - vnet_hw_interface_t *hi = - vnet_get_sup_hw_interface (vnm, sw_if_index); - hi->trace_classify_table_index = ~0; - } - } - } - } - - if (is_add) - { - if (pkt_trace) - set_index = vlib_global_main.trace_filter.trace_filter_set_index; - else if (sw_if_index < vec_len (cm->filter_set_by_sw_if_index)) - set_index = cm->filter_set_by_sw_if_index[sw_if_index]; - - /* Do we have a filter set for this intfc / pcap yet? */ - if (set_index == ~0) - { - pool_get (cm->filter_sets, set); - set_index = set - cm->filter_sets; - set->refcnt = 1; - } + classify_set_trace_chain (cm, ~0); else - set = pool_elt_at_index (cm->filter_sets, set_index); - - ASSERT (set); - - for (i = 0; i < vec_len (set->table_indices); i++) - { - t = pool_elt_at_index (cm->tables, set->table_indices[i]); - /* classifier geometry mismatch, can't use this table */ - if (t->match_n_vectors != match || t->skip_n_vectors != skip) - continue; - /* Masks aren't congruent, can't use this table */ - if (vec_len (t->mask) * sizeof (u32x4) != vec_len (mask)) - continue; - /* Masks aren't bit-for-bit identical, can't use this table */ - if (memcmp (t->mask, mask, vec_len (mask))) - continue; - - /* Winner... */ - table_index = set->table_indices[i]; - goto found_table; - } - } + classify_set_pcap_chain (cm, sw_if_index, ~0); - rv = vnet_classify_add_del_table (cm, mask, nbuckets, memory_size, - skip, match, next_table_index, - miss_next_index, &table_index, - current_data_flag, current_data_offset, - is_add, del_chain); - vec_free (mask); - - if (rv != 0) - { + vec_free (mask); unformat_free (line_input); - return clib_error_return (0, "vnet_classify_add_del_table returned %d", - rv); - } - if (is_add == 0) - { - unformat_free (line_input); return 0; } - /* Remember the table */ - vec_add1 (set->table_indices, table_index); - + /* + * Find an existing compatible table or else make a new one. + */ if (pkt_trace) - vlib_global_main.trace_filter.trace_filter_set_index = set_index; + table_index = classify_get_trace_chain (); else - { - vec_validate_init_empty (cm->filter_set_by_sw_if_index, sw_if_index, - ~0); - cm->filter_set_by_sw_if_index[sw_if_index] = set - cm->filter_sets; - } + table_index = classify_get_pcap_chain (cm, sw_if_index); - /* Sort filter tables from most-specific mask to least-specific mask */ - vec_sort_with_function (set->table_indices, filter_table_mask_compare); + if (table_index != ~0) + table_index = classify_lookup_chain (table_index, mask, skip, match); - /* Setup next_table_index fields */ - for (i = 0; i < vec_len (set->table_indices); i++) + /* + * When no table is found, make one. + */ + if (table_index == ~0) { - t = pool_elt_at_index (cm->tables, set->table_indices[i]); + /* + * Matching table wasn't found, so create a new one at the + * head of the next_table_index chain. + */ + next_table_index = table_index; + table_index = ~0; - if ((i + 1) < vec_len (set->table_indices)) - t->next_table_index = set->table_indices[i + 1]; - else - t->next_table_index = ~0; - } + rv = vnet_classify_add_del_table (cm, mask, nbuckets, memory_size, + skip, match, next_table_index, + miss_next_index, &table_index, + current_data_flag, + current_data_offset, 1, 0); - /* Put top table index where device drivers can find them */ - if (sw_if_index > 0 && pkt_trace == 0) - { - vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index); - ASSERT (vec_len (set->table_indices) > 0); - hi->trace_classify_table_index = set->table_indices[0]; + if (rv != 0) + { + vec_free (mask); + unformat_free (line_input); + return clib_error_return (0, + "vnet_classify_add_del_table returned %d", + rv); + } + + /* + * Reorder tables such that masks are most-specify to least-specific. + */ + table_index = classify_sort_table_chain (cm, table_index); + + /* + * Put first classifier table in chain in a place where + * other data structures expect to find and use it. + */ + if (pkt_trace) + classify_set_trace_chain (cm, table_index); + else + classify_set_pcap_chain (cm, sw_if_index, table_index); } -found_table: + vec_free (mask); - /* Now try to parse a session */ + /* + * Now try to parse a and add a filter-match session. + */ if (unformat (line_input, "match %U", unformat_classify_match, cm, &match_vector, table_index) == 0) return 0; @@ -1930,16 +2016,6 @@ vlib_enable_disable_pkt_trace_filter (int enable) { if (enable) { - vnet_classify_main_t *cm = &vnet_classify_main; - vnet_classify_filter_set_t *set; - u32 set_index = vlib_global_main.trace_filter.trace_filter_set_index; - - if (set_index == ~0) - return -1; - - set = pool_elt_at_index (cm->filter_sets, set_index); - vlib_global_main.trace_filter.trace_classify_table_index = - set->table_indices[0]; vlib_global_main.trace_filter.trace_filter_enable = 1; } else @@ -2040,10 +2116,8 @@ show_classify_filter_command_fn (vlib_main_t * vm, { vnet_classify_main_t *cm = &vnet_classify_main; vnet_main_t *vnm = vnet_get_main (); - vnet_classify_filter_set_t *set; u8 *name = 0; u8 *s = 0; - u32 set_index; u32 table_index; int verbose = 0; int i, j, limit; @@ -2053,53 +2127,50 @@ show_classify_filter_command_fn (vlib_main_t * vm, vlib_cli_output (vm, "%-30s%s", "Filter Used By", " Table(s)"); vlib_cli_output (vm, "%-30s%s", "--------------", " --------"); - limit = vec_len (cm->filter_set_by_sw_if_index); + limit = vec_len (cm->classify_table_index_by_sw_if_index); for (i = -1; i < limit; i++) { - if (i < 0) - set_index = vlib_global_main.trace_filter.trace_filter_set_index; - else - set_index = cm->filter_set_by_sw_if_index[i]; - - if (set_index == ~0) - continue; - - set = pool_elt_at_index (cm->filter_sets, set_index); - switch (i) { case -1: + table_index = vlib_global_main.trace_filter.classify_table_index; name = format (0, "packet tracer:"); break; + case 0: + table_index = cm->classify_table_index_by_sw_if_index[i]; name = format (0, "pcap rx/tx/drop:"); break; + default: + table_index = cm->classify_table_index_by_sw_if_index[i]; name = format (0, "%U:", format_vnet_sw_if_index_name, vnm, i); break; } if (verbose) { - u32 table_index; - - for (j = 0; j < vec_len (set->table_indices); j++) + vnet_classify_table_t *t; + j = table_index; + do { - table_index = set->table_indices[j]; - if (table_index != ~0) - s = format (s, " %u", table_index); - else + if (j == ~0) s = format (s, " none"); + else + { + s = format (s, " %u", j); + t = pool_elt_at_index (cm->tables, j); + j = t->next_table_index; + } } + while (j != ~0); vlib_cli_output (vm, "%-30v table(s)%v", name, s); vec_reset_length (s); } else { - table_index = set->table_indices ? set->table_indices[0] : ~0; - if (table_index != ~0) s = format (s, " %u", table_index); else @@ -2942,7 +3013,6 @@ static clib_error_t * vnet_classify_init (vlib_main_t * vm) { vnet_classify_main_t *cm = &vnet_classify_main; - vnet_classify_filter_set_t *set; cm->vlib_main = vm; cm->vnet_main = vnet_get_main (); @@ -2960,14 +3030,7 @@ vnet_classify_init (vlib_main_t * vm) vnet_classify_register_unformat_acl_next_index_fn (unformat_acl_next_node); - /* Filter set 0 is grounded... */ - pool_get_zero (cm->filter_sets, set); - set->refcnt = 0x7FFFFFFF; - /* Initialize the pcap filter set */ - vec_validate (cm->filter_set_by_sw_if_index, 0); - cm->filter_set_by_sw_if_index[0] = 0; - /* Initialize the packet tracer filter set */ - vlib_global_main.trace_filter.trace_filter_set_index = ~0; + vlib_global_main.trace_filter.classify_table_index = ~0; return 0; } diff --git a/src/vnet/classify/vnet_classify.h b/src/vnet/classify/vnet_classify.h index f0c81241584..1ce29df5f13 100644 --- a/src/vnet/classify/vnet_classify.h +++ b/src/vnet/classify/vnet_classify.h @@ -180,12 +180,6 @@ typedef struct } vnet_classify_table_t; -typedef struct -{ - int refcnt; - u32 *table_indices; -} vnet_classify_filter_set_t; - struct _vnet_classify_main { /* Table pool */ @@ -198,11 +192,8 @@ struct _vnet_classify_main unformat_function_t **unformat_policer_next_index_fns; unformat_function_t **unformat_opaque_index_fns; - /* Pool of filter sets */ - vnet_classify_filter_set_t *filter_sets; - - /* Per-interface filter set map. [0] is used for pcap */ - u32 *filter_set_by_sw_if_index; + /* Per-interface filter table. [0] is used for pcap */ + u32 *classify_table_index_by_sw_if_index; /* convenience variables */ vlib_main_t *vlib_main; @@ -554,6 +545,17 @@ void vnet_classify_register_unformat_policer_next_index_fn void vnet_classify_register_unformat_opaque_index_fn (unformat_function_t * fn); +u32 classify_get_pcap_chain (vnet_classify_main_t * cm, u32 sw_if_index); +void classify_set_pcap_chain (vnet_classify_main_t * cm, + u32 sw_if_index, u32 table_index); + +u32 classify_get_trace_chain (void); +void classify_set_trace_chain (vnet_classify_main_t * cm, u32 table_index); + +u32 classify_sort_table_chain (vnet_classify_main_t * cm, u32 table_index); +u32 classify_lookup_chain (u32 table_index, + u8 * mask, u32 n_skip, u32 n_match); + #endif /* __included_vnet_classify_h__ */ /* |