aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJon Loeliger <jdl@netgate.com>2020-10-15 14:41:36 -0400
committerDamjan Marion <dmarion@me.com>2020-12-15 15:14:05 +0000
commit5c1e48c01b50ddbd7623228e3dbc94d835d23813 (patch)
treec38d75e9f471b5dbee8968230c5f0bf538f2d53e /src
parent510aaa8911843206f7b9ff48b41e3c7b8c4a99fe (diff)
classify: add pcap/trace classfier mgmt API calls
Add lookup/get/set API calls to manage both PCAP and Trace filtering Classifier tables. The "lookup" call may be used to identify a Classifier table within a chain of tables taht matches a particular mask vector. For efficiency, this call should be used to determine to which table a match vector should be added. The "get" calls return the first table within a chain (either a PCAP or the Trace) set of tables. The "set" call may be used to add a new table to one such chain. If the "sort_masks" flag is set, the tables within the chain are ordered such that the most-specific mask is first, and the least-specific mask is last. A call that "sets" a chain to ~0 will delete and free all the tables with a chain. The PCAP filters are per-interface, with "local0", (that is, sw_if_index == 0) holding the system-wide PCAP filter. The Classifier used a reference-counted "set" for each PCAP or trace filter that it stored. The ref counts were not used, and the vector of tables was only used temporarily to establish a sorted order for tables based on masks. None of that complexity was actually warranted, and where it was used, the same could be achieved more simply. Type: refactor Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Icc56116cca91b91c631ca0628e814fb53f3677d2
Diffstat (limited to 'src')
-rw-r--r--src/plugins/tracedump/tracedump.c10
-rw-r--r--src/vlib/main.h3
-rw-r--r--src/vlib/trace.c15
-rw-r--r--src/vlib/trace.h1
-rw-r--r--src/vlib/trace_funcs.h2
-rw-r--r--src/vnet/classify/classify.api171
-rw-r--r--src/vnet/classify/classify_api.c297
-rw-r--r--src/vnet/classify/vnet_classify.c405
-rw-r--r--src/vnet/classify/vnet_classify.h24
-rw-r--r--src/vnet/interface_cli.c8
10 files changed, 723 insertions, 213 deletions
diff --git a/src/plugins/tracedump/tracedump.c b/src/plugins/tracedump/tracedump.c
index 53dc1a9e4d6..ab86ef987e2 100644
--- a/src/plugins/tracedump/tracedump.c
+++ b/src/plugins/tracedump/tracedump.c
@@ -102,16 +102,6 @@ vl_api_trace_capture_packets_t_handler (vl_api_trace_capture_packets_t * mp)
goto done;
}
- if (filter)
- {
- if (vlib_enable_disable_pkt_trace_filter (1) < 0) /* enable */
- {
- /* FIXME: Make a new error like "UNSUPPORTED_NODE_OPERATION"? */
- rv = VNET_API_ERROR_NO_SUCH_NODE;
- goto done;
- }
- }
-
if (pre_clear)
vlib_trace_stop_and_clear ();
diff --git a/src/vlib/main.h b/src/vlib/main.h
index 766c9ec3756..adfdc87bf7c 100644
--- a/src/vlib/main.h
+++ b/src/vlib/main.h
@@ -77,8 +77,7 @@ typedef struct
typedef struct
{
u8 trace_filter_enable;
- u32 trace_classify_table_index;
- u32 trace_filter_set_index;
+ u32 classify_table_index;
} vlib_trace_filter_t;
typedef enum
diff --git a/src/vlib/trace.c b/src/vlib/trace.c
index 152744432c5..156378af8e3 100644
--- a/src/vlib/trace.c
+++ b/src/vlib/trace.c
@@ -39,6 +39,7 @@
#include <vlib/vlib.h>
#include <vlib/threads.h>
+#include <vnet/classify/vnet_classify.h>
u8 *vnet_trace_placeholder;
@@ -110,7 +111,7 @@ vlib_trace_frame_buffers_only (vlib_main_t * vm,
}
/* Free up all trace buffer memory. */
-always_inline void
+void
clear_trace_buffer (void)
{
int i;
@@ -416,6 +417,8 @@ trace_update_capture_options (u32 add, u32 node_index, u32 filter, u8 verbose)
tm->trace_enable = 1;
}));
/* *INDENT-ON* */
+
+ vlib_enable_disable_pkt_trace_filter (! !filter);
}
static clib_error_t *
@@ -464,13 +467,11 @@ cli_add_trace_buffer (vlib_main_t * vm,
goto done;
}
- if (filter)
+ u32 filter_table = classify_get_trace_chain ();
+ if (filter && filter_table == ~0)
{
- if (vlib_enable_disable_pkt_trace_filter (1 /* enable */ ))
- {
- error = clib_error_create ("No packet trace filter configured...");
- goto done;
- }
+ error = clib_error_create ("No packet trace filter configured...");
+ goto done;
}
trace_update_capture_options (add, node_index, filter, verbose);
diff --git a/src/vlib/trace.h b/src/vlib/trace.h
index ae9bd6913d3..d045271f853 100644
--- a/src/vlib/trace.h
+++ b/src/vlib/trace.h
@@ -120,6 +120,7 @@ int vlib_enable_disable_pkt_trace_filter (int enable) __attribute__ ((weak));
void trace_update_capture_options (u32 add, u32 node_index,
u32 filter, u8 verbose);
void trace_filter_set (u32 node_index, u32 flag, u32 count);
+void clear_trace_buffer (void);
#endif /* included_vlib_trace_h */
diff --git a/src/vlib/trace_funcs.h b/src/vlib/trace_funcs.h
index 8dd5310ae76..357079c4e3d 100644
--- a/src/vlib/trace_funcs.h
+++ b/src/vlib/trace_funcs.h
@@ -154,7 +154,7 @@ vlib_trace_buffer (vlib_main_t * vm,
{
/* See if we're supposed to trace this packet... */
if (vnet_is_packet_traced
- (b, vlib_global_main.trace_filter.trace_classify_table_index,
+ (b, vlib_global_main.trace_filter.classify_table_index,
0 /* full classify */ ) != 1)
return 0;
}
diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api
index 38c7343af72..c569fe6a599 100644
--- a/src/vnet/classify/classify.api
+++ b/src/vnet/classify/classify.api
@@ -13,7 +13,7 @@
* limitations under the License.
*/
-option version = "3.0.0";
+option version = "3.1.0";
import "vnet/interface_types.api";
@@ -442,6 +442,175 @@ autoreply define output_acl_set_interface
bool is_add;
};
+
+
+/** \brief Find a compatible Classify table in a PCAP chain
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param sw_if_index - interface whose chain will be searched, 0==system-wide
+ @param skip_n_vectors - number of u32x4 skip vectors
+ @param match_n_vectors - number of u32x4 vectors, 1..5
+ @param mask_len - length of mask, match_n_vectors * sizeof(u32x4)
+ @param mask - match mask
+*/
+define classify_pcap_lookup_table
+{
+ u32 client_index;
+ u32 context;
+ vl_api_interface_index_t sw_if_index [default=0xffffffff];
+ u32 skip_n_vectors [default=0];
+ u32 match_n_vectors [default=1];
+ u32 mask_len;
+ u8 mask[mask_len];
+};
+
+/** \brief Classify pcap table lookup response
+ @param context - sender context, to match reply w/ request
+ @param retval - return code for the table lookup request
+ @param table_index - returned index of the found table, or ~0
+ */
+define classify_pcap_lookup_table_reply
+{
+ u32 context;
+ i32 retval;
+ u32 table_index;
+};
+
+/** \brief Add a Classify table into a PCAP chain on an interface
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param sw_if_index - interface whose chain will be searched, 0==system-wide
+ @param table_index - Classify table to be added
+ @param sort_masks - 1=sort masks into most-to-least specific order
+ */
+define classify_pcap_set_table
+{
+ u32 client_index;
+ u32 context;
+ vl_api_interface_index_t sw_if_index;
+ u32 table_index [default=0xffffffff];
+ bool sort_masks [default=0];
+};
+
+/** \brief Classify pcap table lookup response
+ @param context - sender context which was passed in the request
+ @param retval - return code for the table lookup request
+ @param table_index - returned index of the sorted table chain
+ */
+define classify_pcap_set_table_reply
+{
+ u32 context;
+ i32 retval;
+ u32 table_index;
+};
+
+/** \brief Classify get the PCAP table indices for an interface
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ */
+define classify_pcap_get_tables
+{
+ u32 client_index;
+ u32 context;
+ vl_api_interface_index_t sw_if_index;
+};
+
+/** \brief Classify get a PCAP tables response
+ @param context - sender context which was passed in the request
+ @param retval - return code for the request
+ @param count - number of ids returned in response
+ @param indices - array of classify table indices
+ */
+define classify_pcap_get_tables_reply
+{
+ u32 context;
+ i32 retval;
+ u32 count;
+ u32 indices[count];
+};
+
+
+
+/** \brief Find a mask-compatible Classify table in the Trace chain
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param skip_n_vectors - number of u32x4 skip vectors
+ @param match_n_vectors - number of u32x4 vectors, 1..5
+ @param mask_len - length of mask, match_n_vectors * sizeof(u32x4)
+ @param mask - match mask
+*/
+define classify_trace_lookup_table
+{
+ u32 client_index;
+ u32 context;
+ u32 skip_n_vectors [default=0];
+ u32 match_n_vectors [default=1];
+ u32 mask_len;
+ u8 mask[mask_len];
+};
+
+/** \brief Classify trace table lookup response
+ @param context - sender context which was passed in the request
+ @param retval - return code for the table lookup request
+ @param table_index - returned index of the found table, or ~0
+ */
+define classify_trace_lookup_table_reply
+{
+ u32 context;
+ i32 retval;
+ u32 table_index;
+};
+
+/** \brief Add a Classify table into the Trace chain
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param table_index - Classify table to be added
+ @param sort_masks - 1=sort masks into most-to-least specific order
+ */
+define classify_trace_set_table
+{
+ u32 client_index;
+ u32 context;
+ u32 table_index [default=0xffffffff];
+ bool sort_masks [default=0];
+};
+
+/** \brief Classify Trace table lookup response
+ @param context - sender context which was passed in the request
+ @param retval - return code for the table lookup request
+ @param table_index - returned index of the sorted table chain
+ */
+define classify_trace_set_table_reply
+{
+ u32 context;
+ i32 retval;
+ u32 table_index;
+};
+
+/** \brief Classify get the Trace table indices
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ */
+define classify_trace_get_tables
+{
+ u32 client_index;
+ u32 context;
+};
+
+/** \brief Classify get the Trace tables response
+ @param context - sender context which was passed in the request
+ @param retval - return code for the request
+ @param count - number of ids returned in response
+ @param indices - array of classify table indices
+ */
+define classify_trace_get_tables_reply
+{
+ u32 context;
+ i32 retval;
+ u32 count;
+ u32 indices[count];
+};
+
/*
* Local Variables:
* eval: (c-set-style "gnu")
diff --git a/src/vnet/classify/classify_api.c b/src/vnet/classify/classify_api.c
index f489928ae6d..4b182ca9a0a 100644
--- a/src/vnet/classify/classify_api.c
+++ b/src/vnet/classify/classify_api.c
@@ -52,10 +52,10 @@
#define foreach_vpe_api_msg \
_(CLASSIFY_ADD_DEL_TABLE, classify_add_del_table) \
_(CLASSIFY_ADD_DEL_SESSION, classify_add_del_session) \
-_(CLASSIFY_TABLE_IDS,classify_table_ids) \
+_(CLASSIFY_TABLE_IDS, classify_table_ids) \
_(CLASSIFY_TABLE_BY_INTERFACE, classify_table_by_interface) \
-_(CLASSIFY_TABLE_INFO,classify_table_info) \
-_(CLASSIFY_SESSION_DUMP,classify_session_dump) \
+_(CLASSIFY_TABLE_INFO, classify_table_info) \
+_(CLASSIFY_SESSION_DUMP, classify_session_dump) \
_(POLICER_CLASSIFY_SET_INTERFACE, policer_classify_set_interface) \
_(POLICER_CLASSIFY_DUMP, policer_classify_dump) \
_(FLOW_CLASSIFY_SET_INTERFACE, flow_classify_set_interface) \
@@ -63,7 +63,14 @@ _(FLOW_CLASSIFY_DUMP, flow_classify_dump) \
_(INPUT_ACL_SET_INTERFACE, input_acl_set_interface) \
_(CLASSIFY_SET_INTERFACE_IP_TABLE, classify_set_interface_ip_table) \
_(CLASSIFY_SET_INTERFACE_L2_TABLES, classify_set_interface_l2_tables) \
-_(OUTPUT_ACL_SET_INTERFACE, output_acl_set_interface)
+_(OUTPUT_ACL_SET_INTERFACE, output_acl_set_interface) \
+_(CLASSIFY_PCAP_LOOKUP_TABLE, classify_pcap_lookup_table) \
+_(CLASSIFY_PCAP_SET_TABLE, classify_pcap_set_table) \
+_(CLASSIFY_PCAP_GET_TABLES, classify_pcap_get_tables) \
+_(CLASSIFY_TRACE_LOOKUP_TABLE, classify_trace_lookup_table) \
+_(CLASSIFY_TRACE_SET_TABLE, classify_trace_set_table) \
+_(CLASSIFY_TRACE_GET_TABLES, classify_trace_get_tables) \
+
#define foreach_classify_add_del_table_field \
_(table_index) \
@@ -75,6 +82,286 @@ _(next_table_index) \
_(miss_next_index) \
_(mask_len)
+
+static void vl_api_classify_pcap_lookup_table_t_handler
+ (vl_api_classify_pcap_lookup_table_t * mp)
+{
+ vnet_classify_main_t *cm = &vnet_classify_main;
+ vl_api_registration_t *reg;
+ vl_api_classify_pcap_lookup_table_reply_t *rmp;
+ int rv = 0;
+ u32 table_index = ~0;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ u32 n_skip = ntohl (mp->skip_n_vectors);
+ u32 n_match = ntohl (mp->match_n_vectors);
+ u32 mask_len = ntohl (mp->mask_len);
+ u32 sw_if_index = ntohl (mp->sw_if_index);
+
+ if (n_skip > 5
+ || 0 <= n_match || n_match > 5
+ || mask_len != n_match * sizeof (u32x4)
+ || sw_if_index == ~0
+ || sw_if_index >= vec_len (cm->classify_table_index_by_sw_if_index))
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto out;
+ }
+
+ u32 table_chain;
+ table_chain = classify_get_pcap_chain (cm, sw_if_index);
+
+ u8 *mask_vec = 0;
+ vec_validate (mask_vec, mask_len - 1);
+ clib_memcpy (mask_vec, mp->mask, mask_len);
+
+ if (table_chain != ~0)
+ table_index = classify_lookup_chain (table_chain,
+ mask_vec, n_skip, n_match);
+
+ vec_free (mask_vec);
+
+out:
+ rmp = vl_msg_api_alloc (sizeof (*rmp));
+ rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_PCAP_LOOKUP_TABLE_REPLY);
+ rmp->context = mp->context;
+ rmp->retval = ntohl (rv);
+ rmp->table_index = htonl (table_index);
+
+ vl_api_send_msg (reg, (u8 *) rmp);
+}
+
+static void vl_api_classify_pcap_set_table_t_handler
+ (vl_api_classify_pcap_set_table_t * mp)
+{
+ vnet_classify_main_t *cm = &vnet_classify_main;
+ vl_api_classify_pcap_set_table_reply_t *rmp;
+ vl_api_registration_t *reg;
+ int rv = 0;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ u32 table_index = ntohl (mp->table_index);
+ u32 sw_if_index = ntohl (mp->sw_if_index);
+
+ if (sw_if_index == ~0
+ || sw_if_index >= vec_len (cm->classify_table_index_by_sw_if_index)
+ || (table_index != ~0 && pool_is_free_index (cm->tables, table_index)))
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto out;
+ }
+
+ /*
+ * Maybe reorder tables such that masks are most-specify to least-specific.
+ */
+ if (table_index != ~0 && mp->sort_masks)
+ table_index = classify_sort_table_chain (cm, table_index);
+
+ classify_set_pcap_chain (cm, sw_if_index, table_index);
+
+out:
+ rmp = vl_msg_api_alloc (sizeof (*rmp));
+ rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_PCAP_SET_TABLE_REPLY);
+ rmp->context = mp->context;
+ rmp->retval = ntohl (rv);
+ rmp->table_index = htonl (table_index);
+
+ vl_api_send_msg (reg, (u8 *) rmp);
+}
+
+static void vl_api_classify_pcap_get_tables_t_handler
+ (vl_api_classify_pcap_get_tables_t * mp)
+{
+ vnet_classify_main_t *cm = &vnet_classify_main;
+ vl_api_classify_pcap_get_tables_reply_t *rmp;
+ vl_api_registration_t *reg;
+ int rv = 0;
+ u32 *tables = 0;
+ u32 count;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ u32 sw_if_index = ntohl (mp->sw_if_index);
+ if (sw_if_index == ~0
+ || sw_if_index >= vec_len (cm->classify_table_index_by_sw_if_index))
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto out;
+ }
+
+ u32 table_index = classify_get_pcap_chain (cm, sw_if_index);
+ if (table_index == ~0)
+ goto out;
+
+ /*
+ * Form a vector of all classifier tables in this chain.
+ */
+ vnet_classify_table_t *t;
+ u32 i;
+
+ for (i = table_index; i != ~0; i = t->next_table_index)
+ {
+ vec_add1 (tables, i);
+ t = pool_elt_at_index (cm->tables, i);
+ }
+
+out:
+ count = vec_len (tables);
+ rmp = vl_msg_api_alloc_as_if_client (sizeof (*rmp) + count * sizeof (u32));
+ rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_PCAP_GET_TABLES_REPLY);
+ rmp->context = mp->context;
+ rmp->retval = ntohl (rv);
+ rmp->count = htonl (count);
+
+ for (i = 0; i < count; ++i)
+ {
+ rmp->indices[i] = htonl (tables[i]);
+ }
+
+ vec_free (tables);
+
+ vl_api_send_msg (reg, (u8 *) rmp);
+}
+
+
+static void vl_api_classify_trace_lookup_table_t_handler
+ (vl_api_classify_trace_lookup_table_t * mp)
+{
+ vl_api_classify_trace_lookup_table_reply_t *rmp;
+ vl_api_registration_t *reg;
+ int rv = 0;
+ u32 table_index = ~0;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ u32 n_skip = ntohl (mp->skip_n_vectors);
+ u32 n_match = ntohl (mp->match_n_vectors);
+ u32 mask_len = ntohl (mp->mask_len);
+ if (n_skip > 5
+ || n_match == 0 || n_match > 5 || mask_len != n_match * sizeof (u32x4))
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto out;
+ }
+
+ u32 table_chain;
+ table_chain = classify_get_trace_chain ();
+
+ u8 *mask_vec = 0;
+ vec_validate (mask_vec, mask_len - 1);
+ clib_memcpy (mask_vec, mp->mask, mask_len);
+
+ if (table_chain != ~0)
+ table_index = classify_lookup_chain (table_chain,
+ mask_vec, n_skip, n_match);
+ vec_free (mask_vec);
+
+out:
+ rmp = vl_msg_api_alloc (sizeof (*rmp));
+ rmp->_vl_msg_id = ntohs ((VL_API_CLASSIFY_TRACE_LOOKUP_TABLE_REPLY));
+ rmp->context = mp->context;
+ rmp->retval = ntohl (rv);
+ rmp->table_index = htonl (table_index);
+
+ vl_api_send_msg (reg, (u8 *) rmp);
+}
+
+static void vl_api_classify_trace_set_table_t_handler
+ (vl_api_classify_trace_set_table_t * mp)
+{
+ vnet_classify_main_t *cm = &vnet_classify_main;
+ vl_api_classify_trace_set_table_reply_t *rmp;
+ vl_api_registration_t *reg;
+ int rv = 0;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ u32 table_index = ntohl (mp->table_index);
+ if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto out;
+ }
+
+ /*
+ * Maybe reorder tables such that masks are most-specific to least-specific.
+ */
+ if (table_index != ~0 && mp->sort_masks)
+ table_index = classify_sort_table_chain (cm, table_index);
+
+ classify_set_trace_chain (cm, table_index);
+
+out:
+ rmp = vl_msg_api_alloc (sizeof (*rmp));
+ rmp->_vl_msg_id = ntohs ((VL_API_CLASSIFY_TRACE_SET_TABLE_REPLY));
+ rmp->context = mp->context;
+ rmp->retval = ntohl (rv);
+ rmp->table_index = htonl (table_index);
+
+ vl_api_send_msg (reg, (u8 *) rmp);
+}
+
+static void vl_api_classify_trace_get_tables_t_handler
+ (vl_api_classify_trace_get_tables_t * mp)
+{
+ vnet_classify_main_t *cm = &vnet_classify_main;
+ vl_api_classify_trace_get_tables_reply_t *rmp;
+ vl_api_registration_t *reg;
+ int rv = 0;
+ u32 *tables = 0;
+ u32 count;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ u32 table_index = classify_get_trace_chain ();
+ if (table_index == ~0)
+ goto out;
+
+ /*
+ * Form a vector of all classifier tables in this chain.
+ */
+ vnet_classify_table_t *t;
+ u32 i;
+
+ for (i = table_index; i != ~0; i = t->next_table_index)
+ {
+ vec_add1 (tables, i);
+ t = pool_elt_at_index (cm->tables, i);
+ }
+
+out:
+ count = vec_len (tables);
+ rmp = vl_msg_api_alloc_as_if_client (sizeof (*rmp) + count * sizeof (u32));
+ rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_TRACE_GET_TABLES_REPLY);
+ rmp->context = mp->context;
+ rmp->retval = ntohl (rv);
+ rmp->count = htonl (count);
+
+ for (i = 0; i < count; ++i)
+ {
+ rmp->indices[i] = htonl (tables[i]);
+ }
+
+ vec_free (tables);
+
+ vl_api_send_msg (reg, (u8 *) rmp);
+}
+
+
static void vl_api_classify_add_del_table_t_handler
(vl_api_classify_add_del_table_t * mp)
{
@@ -391,7 +678,7 @@ vl_api_classify_table_info_t_handler (vl_api_classify_table_info_t * mp)
if (rmp == 0)
{
rmp = vl_msg_api_alloc (sizeof (*rmp));
- rmp->_vl_msg_id = ntohs ((VL_API_CLASSIFY_TABLE_INFO_REPLY));
+ rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_TABLE_INFO_REPLY);
rmp->context = mp->context;
rmp->retval = ntohl (VNET_API_ERROR_CLASSIFY_TABLE_NOT_FOUND);
}
diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c
index 088890a5717..7e239cc57a7 100644
--- a/src/vnet/classify/vnet_classify.c
+++ b/src/vnet/classify/vnet_classify.c
@@ -12,6 +12,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+
#include <vnet/classify/vnet_classify.h>
#include <vnet/classify/in_out_acl.h>
#include <vnet/ip/ip.h>
@@ -21,6 +22,8 @@
#include <vppinfra/lock.h>
#include <vnet/classify/trace_classify.h>
+
+
/**
* @file
* @brief N-tuple classifier
@@ -1671,6 +1674,165 @@ filter_table_mask_compare (void *a1, void *a2)
return 0;
}
+
+/*
+ * Reorder the chain of tables starting with table_index such
+ * that more more-specific masks come before less-specific masks.
+ * Return the new head of the table chain.
+ */
+u32
+classify_sort_table_chain (vnet_classify_main_t * cm, u32 table_index)
+{
+ /*
+ * Form a vector of all classifier tables in this chain.
+ */
+ u32 *tables = 0;
+ vnet_classify_table_t *t;
+ u32 cti;
+ for (cti = table_index; cti != ~0; cti = t->next_table_index)
+ {
+ vec_add1 (tables, cti);
+ t = pool_elt_at_index (cm->tables, cti);
+ }
+
+ /*
+ * Sort filter tables from most-specific mask to least-specific mask.
+ */
+ vec_sort_with_function (tables, filter_table_mask_compare);
+
+ /*
+ * Relink tables via next_table_index fields.
+ */
+ int i;
+ for (i = 0; i < vec_len (tables); i++)
+ {
+ t = pool_elt_at_index (cm->tables, tables[i]);
+
+ if ((i + 1) < vec_len (tables))
+ t->next_table_index = tables[i + 1];
+ else
+ t->next_table_index = ~0;
+ }
+
+ table_index = tables[0];
+ vec_free (tables);
+
+ return table_index;
+}
+
+
+u32
+classify_get_trace_chain (void)
+{
+ u32 table_index;
+
+ table_index = vlib_global_main.trace_filter.classify_table_index;
+
+ return table_index;
+}
+
+/*
+ * Seting the Trace chain to ~0 is a request to delete and clear it.
+ */
+void
+classify_set_trace_chain (vnet_classify_main_t * cm, u32 table_index)
+{
+ if (table_index == ~0)
+ {
+ u32 old_table_index;
+
+ old_table_index = vlib_global_main.trace_filter.classify_table_index;
+ vnet_classify_delete_table_index (cm, old_table_index, 1);
+ }
+
+ vlib_global_main.trace_filter.classify_table_index = table_index;
+}
+
+
+u32
+classify_get_pcap_chain (vnet_classify_main_t * cm, u32 sw_if_index)
+{
+ u32 table_index = ~0;
+
+ if (sw_if_index != ~0
+ && (sw_if_index < vec_len (cm->classify_table_index_by_sw_if_index)))
+ table_index = cm->classify_table_index_by_sw_if_index[sw_if_index];
+
+ return table_index;
+}
+
+void
+classify_set_pcap_chain (vnet_classify_main_t * cm,
+ u32 sw_if_index, u32 table_index)
+{
+ vnet_main_t *vnm = vnet_get_main ();
+
+ if (sw_if_index != ~0 && table_index != ~0)
+ vec_validate_init_empty (cm->classify_table_index_by_sw_if_index,
+ sw_if_index, ~0);
+
+ if (table_index == ~0)
+ {
+ u32 old_table_index = ~0;
+
+ if (sw_if_index < vec_len (cm->classify_table_index_by_sw_if_index))
+ old_table_index =
+ cm->classify_table_index_by_sw_if_index[sw_if_index];
+
+ vnet_classify_delete_table_index (cm, old_table_index, 1);
+ }
+
+ /*
+ * Put the table index where device drivers can find them.
+ * This table index will be either a valid table or a ~0 to clear it.
+ */
+ cm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
+ if (sw_if_index > 0)
+ {
+ vnet_hw_interface_t *hi;
+ hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
+ hi->trace_classify_table_index = table_index;
+ }
+}
+
+
+/*
+ * Search for a mask-compatible Classify table within the given table chain.
+ */
+u32
+classify_lookup_chain (u32 table_index, u8 * mask, u32 n_skip, u32 n_match)
+{
+ vnet_classify_main_t *cm = &vnet_classify_main;
+ vnet_classify_table_t *t;
+ u32 cti;
+
+ if (table_index == ~0)
+ return ~0;
+
+ for (cti = table_index; cti != ~0; cti = t->next_table_index)
+ {
+ t = pool_elt_at_index (cm->tables, cti);
+
+ /* Classifier geometry mismatch, can't use this table. */
+ if (t->match_n_vectors != n_match || t->skip_n_vectors != n_skip)
+ continue;
+
+ /* Masks aren't congruent, can't use this table. */
+ if (vec_len (t->mask) * sizeof (u32x4) != vec_len (mask))
+ continue;
+
+ /* Masks aren't bit-for-bit identical, can't use this table. */
+ if (memcmp (t->mask, mask, vec_len (mask)))
+ continue;
+
+ /* Winner... */
+ return cti;
+ }
+
+ return ~0;
+}
+
+
static clib_error_t *
classify_filter_command_fn (vlib_main_t * vm,
unformat_input_t * input,
@@ -1683,7 +1845,6 @@ classify_filter_command_fn (vlib_main_t * vm,
u32 match = ~0;
u8 *match_vector;
int is_add = 1;
- int del_chain = 0;
u32 table_index = ~0;
u32 next_table_index = ~0;
u32 miss_next_index = ~0;
@@ -1692,13 +1853,9 @@ classify_filter_command_fn (vlib_main_t * vm,
u32 sw_if_index = ~0;
int pkt_trace = 0;
int pcap = 0;
- int i;
- vnet_classify_table_t *t;
u8 *mask = 0;
vnet_classify_main_t *cm = &vnet_classify_main;
int rv = 0;
- vnet_classify_filter_set_t *set = 0;
- u32 set_index = ~0;
clib_error_t *err = 0;
unformat_input_t _line_input, *line_input = &_line_input;
@@ -1760,149 +1917,78 @@ classify_filter_command_fn (vlib_main_t * vm,
if (!is_add)
{
+ /*
+ * Delete an existing PCAP or trace classify table.
+ */
if (pkt_trace)
- set_index = vlib_global_main.trace_filter.trace_filter_set_index;
- else if (sw_if_index < vec_len (cm->filter_set_by_sw_if_index))
- set_index = cm->filter_set_by_sw_if_index[sw_if_index];
-
- if (set_index == ~0)
- {
- if (pkt_trace)
- err =
- clib_error_return (0, "No pkt trace classify filter set...");
- else if (sw_if_index == 0)
- err = clib_error_return (0, "No pcap classify filter set...");
- else
- err = clib_error_return (0, "No classify filter set for %U...",
- format_vnet_sw_if_index_name, vnm,
- sw_if_index);
- unformat_free (line_input);
- return err;
- }
-
- set = pool_elt_at_index (cm->filter_sets, set_index);
-
- set->refcnt--;
- ASSERT (set->refcnt >= 0);
- if (set->refcnt == 0)
- {
- del_chain = 1;
- table_index = set->table_indices[0];
- vec_reset_length (set->table_indices);
- pool_put (cm->filter_sets, set);
- if (pkt_trace)
- {
- vlib_global_main.trace_filter.trace_filter_set_index = ~0;
- vlib_global_main.trace_filter.trace_classify_table_index = ~0;
- }
- else
- {
- cm->filter_set_by_sw_if_index[sw_if_index] = ~0;
- if (sw_if_index > 0)
- {
- vnet_hw_interface_t *hi =
- vnet_get_sup_hw_interface (vnm, sw_if_index);
- hi->trace_classify_table_index = ~0;
- }
- }
- }
- }
-
- if (is_add)
- {
- if (pkt_trace)
- set_index = vlib_global_main.trace_filter.trace_filter_set_index;
- else if (sw_if_index < vec_len (cm->filter_set_by_sw_if_index))
- set_index = cm->filter_set_by_sw_if_index[sw_if_index];
-
- /* Do we have a filter set for this intfc / pcap yet? */
- if (set_index == ~0)
- {
- pool_get (cm->filter_sets, set);
- set_index = set - cm->filter_sets;
- set->refcnt = 1;
- }
+ classify_set_trace_chain (cm, ~0);
else
- set = pool_elt_at_index (cm->filter_sets, set_index);
-
- ASSERT (set);
-
- for (i = 0; i < vec_len (set->table_indices); i++)
- {
- t = pool_elt_at_index (cm->tables, set->table_indices[i]);
- /* classifier geometry mismatch, can't use this table */
- if (t->match_n_vectors != match || t->skip_n_vectors != skip)
- continue;
- /* Masks aren't congruent, can't use this table */
- if (vec_len (t->mask) * sizeof (u32x4) != vec_len (mask))
- continue;
- /* Masks aren't bit-for-bit identical, can't use this table */
- if (memcmp (t->mask, mask, vec_len (mask)))
- continue;
-
- /* Winner... */
- table_index = set->table_indices[i];
- goto found_table;
- }
- }
+ classify_set_pcap_chain (cm, sw_if_index, ~0);
- rv = vnet_classify_add_del_table (cm, mask, nbuckets, memory_size,
- skip, match, next_table_index,
- miss_next_index, &table_index,
- current_data_flag, current_data_offset,
- is_add, del_chain);
- vec_free (mask);
-
- if (rv != 0)
- {
+ vec_free (mask);
unformat_free (line_input);
- return clib_error_return (0, "vnet_classify_add_del_table returned %d",
- rv);
- }
- if (is_add == 0)
- {
- unformat_free (line_input);
return 0;
}
- /* Remember the table */
- vec_add1 (set->table_indices, table_index);
-
+ /*
+ * Find an existing compatible table or else make a new one.
+ */
if (pkt_trace)
- vlib_global_main.trace_filter.trace_filter_set_index = set_index;
+ table_index = classify_get_trace_chain ();
else
- {
- vec_validate_init_empty (cm->filter_set_by_sw_if_index, sw_if_index,
- ~0);
- cm->filter_set_by_sw_if_index[sw_if_index] = set - cm->filter_sets;
- }
+ table_index = classify_get_pcap_chain (cm, sw_if_index);
- /* Sort filter tables from most-specific mask to least-specific mask */
- vec_sort_with_function (set->table_indices, filter_table_mask_compare);
+ if (table_index != ~0)
+ table_index = classify_lookup_chain (table_index, mask, skip, match);
- /* Setup next_table_index fields */
- for (i = 0; i < vec_len (set->table_indices); i++)
+ /*
+ * When no table is found, make one.
+ */
+ if (table_index == ~0)
{
- t = pool_elt_at_index (cm->tables, set->table_indices[i]);
+ /*
+ * Matching table wasn't found, so create a new one at the
+ * head of the next_table_index chain.
+ */
+ next_table_index = table_index;
+ table_index = ~0;
- if ((i + 1) < vec_len (set->table_indices))
- t->next_table_index = set->table_indices[i + 1];
- else
- t->next_table_index = ~0;
- }
+ rv = vnet_classify_add_del_table (cm, mask, nbuckets, memory_size,
+ skip, match, next_table_index,
+ miss_next_index, &table_index,
+ current_data_flag,
+ current_data_offset, 1, 0);
- /* Put top table index where device drivers can find them */
- if (sw_if_index > 0 && pkt_trace == 0)
- {
- vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
- ASSERT (vec_len (set->table_indices) > 0);
- hi->trace_classify_table_index = set->table_indices[0];
+ if (rv != 0)
+ {
+ vec_free (mask);
+ unformat_free (line_input);
+ return clib_error_return (0,
+ "vnet_classify_add_del_table returned %d",
+ rv);
+ }
+
+ /*
+ * Reorder tables such that masks are most-specify to least-specific.
+ */
+ table_index = classify_sort_table_chain (cm, table_index);
+
+ /*
+ * Put first classifier table in chain in a place where
+ * other data structures expect to find and use it.
+ */
+ if (pkt_trace)
+ classify_set_trace_chain (cm, table_index);
+ else
+ classify_set_pcap_chain (cm, sw_if_index, table_index);
}
-found_table:
+ vec_free (mask);
- /* Now try to parse a session */
+ /*
+ * Now try to parse a and add a filter-match session.
+ */
if (unformat (line_input, "match %U", unformat_classify_match,
cm, &match_vector, table_index) == 0)
return 0;
@@ -1930,16 +2016,6 @@ vlib_enable_disable_pkt_trace_filter (int enable)
{
if (enable)
{
- vnet_classify_main_t *cm = &vnet_classify_main;
- vnet_classify_filter_set_t *set;
- u32 set_index = vlib_global_main.trace_filter.trace_filter_set_index;
-
- if (set_index == ~0)
- return -1;
-
- set = pool_elt_at_index (cm->filter_sets, set_index);
- vlib_global_main.trace_filter.trace_classify_table_index =
- set->table_indices[0];
vlib_global_main.trace_filter.trace_filter_enable = 1;
}
else
@@ -2040,10 +2116,8 @@ show_classify_filter_command_fn (vlib_main_t * vm,
{
vnet_classify_main_t *cm = &vnet_classify_main;
vnet_main_t *vnm = vnet_get_main ();
- vnet_classify_filter_set_t *set;
u8 *name = 0;
u8 *s = 0;
- u32 set_index;
u32 table_index;
int verbose = 0;
int i, j, limit;
@@ -2053,53 +2127,50 @@ show_classify_filter_command_fn (vlib_main_t * vm,
vlib_cli_output (vm, "%-30s%s", "Filter Used By", " Table(s)");
vlib_cli_output (vm, "%-30s%s", "--------------", " --------");
- limit = vec_len (cm->filter_set_by_sw_if_index);
+ limit = vec_len (cm->classify_table_index_by_sw_if_index);
for (i = -1; i < limit; i++)
{
- if (i < 0)
- set_index = vlib_global_main.trace_filter.trace_filter_set_index;
- else
- set_index = cm->filter_set_by_sw_if_index[i];
-
- if (set_index == ~0)
- continue;
-
- set = pool_elt_at_index (cm->filter_sets, set_index);
-
switch (i)
{
case -1:
+ table_index = vlib_global_main.trace_filter.classify_table_index;
name = format (0, "packet tracer:");
break;
+
case 0:
+ table_index = cm->classify_table_index_by_sw_if_index[i];
name = format (0, "pcap rx/tx/drop:");
break;
+
default:
+ table_index = cm->classify_table_index_by_sw_if_index[i];
name = format (0, "%U:", format_vnet_sw_if_index_name, vnm, i);
break;
}
if (verbose)
{
- u32 table_index;
-
- for (j = 0; j < vec_len (set->table_indices); j++)
+ vnet_classify_table_t *t;
+ j = table_index;
+ do
{
- table_index = set->table_indices[j];
- if (table_index != ~0)
- s = format (s, " %u", table_index);
- else
+ if (j == ~0)
s = format (s, " none");
+ else
+ {
+ s = format (s, " %u", j);
+ t = pool_elt_at_index (cm->tables, j);
+ j = t->next_table_index;
+ }
}
+ while (j != ~0);
vlib_cli_output (vm, "%-30v table(s)%v", name, s);
vec_reset_length (s);
}
else
{
- table_index = set->table_indices ? set->table_indices[0] : ~0;
-
if (table_index != ~0)
s = format (s, " %u", table_index);
else
@@ -2942,7 +3013,6 @@ static clib_error_t *
vnet_classify_init (vlib_main_t * vm)
{
vnet_classify_main_t *cm = &vnet_classify_main;
- vnet_classify_filter_set_t *set;
cm->vlib_main = vm;
cm->vnet_main = vnet_get_main ();
@@ -2960,14 +3030,7 @@ vnet_classify_init (vlib_main_t * vm)
vnet_classify_register_unformat_acl_next_index_fn (unformat_acl_next_node);
- /* Filter set 0 is grounded... */
- pool_get_zero (cm->filter_sets, set);
- set->refcnt = 0x7FFFFFFF;
- /* Initialize the pcap filter set */
- vec_validate (cm->filter_set_by_sw_if_index, 0);
- cm->filter_set_by_sw_if_index[0] = 0;
- /* Initialize the packet tracer filter set */
- vlib_global_main.trace_filter.trace_filter_set_index = ~0;
+ vlib_global_main.trace_filter.classify_table_index = ~0;
return 0;
}
diff --git a/src/vnet/classify/vnet_classify.h b/src/vnet/classify/vnet_classify.h
index f0c81241584..1ce29df5f13 100644
--- a/src/vnet/classify/vnet_classify.h
+++ b/src/vnet/classify/vnet_classify.h
@@ -180,12 +180,6 @@ typedef struct
} vnet_classify_table_t;
-typedef struct
-{
- int refcnt;
- u32 *table_indices;
-} vnet_classify_filter_set_t;
-
struct _vnet_classify_main
{
/* Table pool */
@@ -198,11 +192,8 @@ struct _vnet_classify_main
unformat_function_t **unformat_policer_next_index_fns;
unformat_function_t **unformat_opaque_index_fns;
- /* Pool of filter sets */
- vnet_classify_filter_set_t *filter_sets;
-
- /* Per-interface filter set map. [0] is used for pcap */
- u32 *filter_set_by_sw_if_index;
+ /* Per-interface filter table. [0] is used for pcap */
+ u32 *classify_table_index_by_sw_if_index;
/* convenience variables */
vlib_main_t *vlib_main;
@@ -554,6 +545,17 @@ void vnet_classify_register_unformat_policer_next_index_fn
void vnet_classify_register_unformat_opaque_index_fn (unformat_function_t *
fn);
+u32 classify_get_pcap_chain (vnet_classify_main_t * cm, u32 sw_if_index);
+void classify_set_pcap_chain (vnet_classify_main_t * cm,
+ u32 sw_if_index, u32 table_index);
+
+u32 classify_get_trace_chain (void);
+void classify_set_trace_chain (vnet_classify_main_t * cm, u32 table_index);
+
+u32 classify_sort_table_chain (vnet_classify_main_t * cm, u32 table_index);
+u32 classify_lookup_chain (u32 table_index,
+ u8 * mask, u32 n_skip, u32 n_match);
+
#endif /* __included_vnet_classify_h__ */
/*
diff --git a/src/vnet/interface_cli.c b/src/vnet/interface_cli.c
index c9f11546b31..a5b9d63205f 100644
--- a/src/vnet/interface_cli.c
+++ b/src/vnet/interface_cli.c
@@ -1992,7 +1992,6 @@ vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a)
vnet_pcap_t *pp = &vm->pcap;
pcap_main_t *pm = &pp->pcap_main;
vnet_classify_main_t *cm = &vnet_classify_main;
- vnet_classify_filter_set_t *set = 0;
if (a->status)
{
@@ -2028,11 +2027,9 @@ vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a)
&& (pm->n_packets_to_capture != a->packets_to_capture))
return VNET_API_ERROR_INVALID_VALUE_2;
- set = pool_elt_at_index (cm->filter_sets, cm->filter_set_by_sw_if_index[0]);
-
/* Classify filter specified, but no classify filter configured */
if ((a->rx_enable + a->tx_enable + a->drop_enable) && a->filter &&
- (set->table_indices == 0 || set->table_indices[0] == ~0))
+ cm->classify_table_index_by_sw_if_index[0] == ~0)
return VNET_API_ERROR_NO_SUCH_LABEL;
if (a->rx_enable + a->tx_enable + a->drop_enable)
@@ -2089,7 +2086,8 @@ vnet_pcap_dispatch_trace_configure (vnet_pcap_dispatch_trace_args_t * a)
pm->n_packets_to_capture = a->packets_to_capture;
pp->pcap_sw_if_index = a->sw_if_index;
if (a->filter)
- pp->filter_classify_table_index = set->table_indices[0];
+ pp->filter_classify_table_index =
+ cm->classify_table_index_by_sw_if_index[0];
else
pp->filter_classify_table_index = ~0;
pp->pcap_rx_enable = a->rx_enable;