summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/acl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/acl/acl.c')
-rw-r--r--src/plugins/acl/acl.c161
1 files changed, 12 insertions, 149 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 4944ebd5e16..b4770a70db0 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -77,66 +77,6 @@ format_vec16 (u8 * s, va_list * va)
return s;
}
-static void *
-acl_set_heap (acl_main_t * am)
-{
- if (0 == am->acl_mheap)
- {
- if (0 == am->acl_mheap_size)
- {
- vlib_thread_main_t *tm = vlib_get_thread_main ();
- u64 per_worker_slack = 1000000LL;
- u64 per_worker_size =
- per_worker_slack +
- ((u64) am->fa_conn_table_max_entries) * sizeof (fa_session_t);
- u64 per_worker_size_with_slack = per_worker_slack + per_worker_size;
- u64 main_slack = 2000000LL;
- u64 bihash_size = (u64) am->fa_conn_table_hash_memory_size;
-
- am->acl_mheap_size =
- per_worker_size_with_slack * tm->n_vlib_mains + bihash_size +
- main_slack;
- }
- u64 max_possible = ((uword) ~ 0);
- if (am->acl_mheap_size > max_possible)
- {
- clib_warning ("ACL heap size requested: %lld, max possible %lld",
- am->acl_mheap_size, max_possible);
- }
-
- am->acl_mheap = mheap_alloc_with_lock (0 /* use VM */ ,
- am->acl_mheap_size,
- 1 /* locked */ );
- if (0 == am->acl_mheap)
- {
- clib_error
- ("ACL plugin failed to allocate main heap of %U bytes, abort",
- format_memory_size, am->acl_mheap_size);
- }
- }
- void *oldheap = clib_mem_set_heap (am->acl_mheap);
- return oldheap;
-}
-
-void *
-acl_plugin_set_heap ()
-{
- acl_main_t *am = &acl_main;
- return acl_set_heap (am);
-}
-
-void
-acl_plugin_acl_set_validate_heap (acl_main_t * am, int on)
-{
- clib_mem_set_heap (acl_set_heap (am));
-}
-
-void
-acl_plugin_acl_set_trace_heap (acl_main_t * am, int on)
-{
- clib_mem_set_heap (acl_set_heap (am));
-}
-
static void
vl_api_acl_plugin_get_version_t_handler (vl_api_acl_plugin_get_version_t * mp)
{
@@ -398,8 +338,6 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
*acl_list_index, tag);
}
- void *oldheap = acl_set_heap (am);
-
/* Create and populate the rules */
if (count > 0)
vec_validate (acl_new_rules, count - 1);
@@ -447,15 +385,8 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
/* a change in an ACLs if they are applied may mean a new policy epoch */
policy_notify_acl_change (am, *acl_list_index);
}
-
- /* stats segment expects global heap, so restore it temporarily */
- clib_mem_set_heap (oldheap);
validate_and_reset_acl_counters (am, *acl_list_index);
- oldheap = acl_set_heap (am);
-
- /* notify the lookup contexts about the ACL changes */
acl_plugin_lookup_context_notify_acl_change (*acl_list_index);
- clib_mem_set_heap (oldheap);
return 0;
}
@@ -490,8 +421,6 @@ acl_del_list (u32 acl_list_index)
if (acl_is_used_by (acl_list_index, am->lc_index_vec_by_acl))
return VNET_API_ERROR_ACL_IN_USE_BY_LOOKUP_CONTEXT;
- void *oldheap = acl_set_heap (am);
-
/* now we can delete the ACL itself */
a = pool_elt_at_index (am->acls, acl_list_index);
if (a->rules)
@@ -499,7 +428,6 @@ acl_del_list (u32 acl_list_index)
pool_put (am->acls, a);
/* acl_list_index is now free, notify the lookup contexts */
acl_plugin_lookup_context_notify_acl_change (acl_list_index);
- clib_mem_set_heap (oldheap);
return 0;
}
@@ -535,14 +463,12 @@ acl_classify_add_del_table_small (vnet_classify_main_t * cm, u8 * mask,
if (0 == match)
match = 1;
- void *oldheap = clib_mem_set_heap (cm->vlib_main->heap_base);
int ret = vnet_classify_add_del_table (cm, skip_mask_ptr, nbuckets,
memory_size, skip, match,
next_table_index, miss_next_index,
table_index, current_data_flag,
current_data_offset, is_add,
1 /* delete_chain */ );
- clib_mem_set_heap (oldheap);
return ret;
}
@@ -559,11 +485,9 @@ intf_has_etype_whitelist (acl_main_t * am, u32 sw_if_index, int is_input)
static void
acl_clear_sessions (acl_main_t * am, u32 sw_if_index)
{
- void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX,
sw_if_index);
- clib_mem_set_heap (oldheap);
}
@@ -584,7 +508,6 @@ acl_interface_in_enable_disable (acl_main_t * am, u32 sw_if_index,
acl_fa_enable_disable (sw_if_index, 1, enable_disable);
- void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
rv = vnet_l2_feature_enable_disable ("l2-input-ip4", "acl-plugin-in-ip4-l2",
sw_if_index, enable_disable, 0, 0);
if (rv)
@@ -598,9 +521,6 @@ acl_interface_in_enable_disable (acl_main_t * am, u32 sw_if_index,
vnet_l2_feature_enable_disable ("l2-input-nonip",
"acl-plugin-in-nonip-l2", sw_if_index,
enable_disable, 0, 0);
-
- clib_mem_set_heap (oldheap);
-
am->in_acl_on_sw_if_index =
clib_bitmap_set (am->in_acl_on_sw_if_index, sw_if_index, enable_disable);
@@ -624,7 +544,6 @@ acl_interface_out_enable_disable (acl_main_t * am, u32 sw_if_index,
acl_fa_enable_disable (sw_if_index, 0, enable_disable);
- void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
rv =
vnet_l2_feature_enable_disable ("l2-output-ip4", "acl-plugin-out-ip4-l2",
sw_if_index, enable_disable, 0, 0);
@@ -639,10 +558,6 @@ acl_interface_out_enable_disable (acl_main_t * am, u32 sw_if_index,
vnet_l2_feature_enable_disable ("l2-output-nonip",
"acl-plugin-out-nonip-l2", sw_if_index,
enable_disable, 0, 0);
-
-
- clib_mem_set_heap (oldheap);
-
am->out_acl_on_sw_if_index =
clib_bitmap_set (am->out_acl_on_sw_if_index, sw_if_index, enable_disable);
@@ -782,8 +697,6 @@ acl_interface_set_inout_acl_list (acl_main_t * am, u32 sw_if_index,
*/
vec_validate_init_empty ((*pinout_lc_index_by_sw_if_index), sw_if_index,
~0);
- /* lookup context creation is to be done in global heap */
- void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
if (vec_len (vec_acl_list_index) > 0)
{
u32 lc_index = (*pinout_lc_index_by_sw_if_index)[sw_if_index];
@@ -804,8 +717,6 @@ acl_interface_set_inout_acl_list (acl_main_t * am, u32 sw_if_index,
(*pinout_lc_index_by_sw_if_index)[sw_if_index] = ~0;
}
}
- clib_mem_set_heap (oldheap);
-
/* ensure ACL processing is enabled/disabled as needed */
acl_interface_inout_enable_disable (am, sw_if_index, is_input,
vec_len (vec_acl_list_index) > 0);
@@ -822,10 +733,8 @@ acl_interface_reset_inout_acls (u32 sw_if_index, u8 is_input,
int *may_clear_sessions)
{
acl_main_t *am = &acl_main;
- void *oldheap = acl_set_heap (am);
acl_interface_set_inout_acl_list (am, sw_if_index, is_input, 0,
may_clear_sessions);
- clib_mem_set_heap (oldheap);
}
static int
@@ -844,8 +753,6 @@ acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input,
is_input ? &am->
input_acl_vec_by_sw_if_index : &am->output_acl_vec_by_sw_if_index;
int rv = 0;
- void *oldheap = acl_set_heap (am);
-
if (is_add)
{
vec_validate ((*pinout_acl_vec_by_sw_if_index), sw_if_index);
@@ -886,7 +793,6 @@ acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input,
&may_clear_sessions);
done:
vec_free (acl_vec);
- clib_mem_set_heap (oldheap);
return rv;
}
@@ -1643,7 +1549,6 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
/* if replacing the ACL, unapply the classifier tables first - they will be gone.. */
if (~0 != *acl_list_index)
rv = macip_maybe_apply_unapply_classifier_tables (am, *acl_list_index, 0);
- void *oldheap = acl_set_heap (am);
/* Create and populate the rules */
if (count > 0)
vec_validate (acl_new_rules, count - 1);
@@ -1684,7 +1589,6 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
/* Create and populate the classifier tables */
macip_create_classify_tables (am, *acl_list_index);
- clib_mem_set_heap (oldheap);
/* If the ACL was already applied somewhere, reapply the newly created tables */
rv = rv
|| macip_maybe_apply_unapply_classifier_tables (am, *acl_list_index, 1);
@@ -1745,12 +1649,10 @@ macip_acl_interface_add_acl (acl_main_t * am, u32 sw_if_index,
{
return VNET_API_ERROR_NO_SUCH_ENTRY;
}
- void *oldheap = acl_set_heap (am);
a = pool_elt_at_index (am->macip_acls, macip_acl_index);
vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
vec_validate (am->sw_if_index_vec_by_macip_acl, macip_acl_index);
vec_add1 (am->sw_if_index_vec_by_macip_acl[macip_acl_index], sw_if_index);
- clib_mem_set_heap (oldheap);
/* If there already a MACIP ACL applied, unapply it */
if (~0 != am->macip_acl_by_sw_if_index[sw_if_index])
macip_acl_interface_del_acl (am, sw_if_index);
@@ -1787,7 +1689,6 @@ macip_acl_del_list (u32 acl_list_index)
}
}
- void *oldheap = acl_set_heap (am);
/* Now that classifier tables are detached, clean them up */
macip_destroy_classify_tables (am, acl_list_index);
@@ -1798,7 +1699,6 @@ macip_acl_del_list (u32 acl_list_index)
vec_free (a->rules);
}
pool_put (am->macip_acls, a);
- clib_mem_set_heap (oldheap);
return 0;
}
@@ -1952,8 +1852,6 @@ static void
}
if (0 == rv)
{
- void *oldheap = acl_set_heap (am);
-
u32 *in_acl_vec = 0;
u32 *out_acl_vec = 0;
for (i = 0; i < mp->count; i++)
@@ -1971,7 +1869,6 @@ static void
&may_clear_sessions);
vec_free (in_acl_vec);
vec_free (out_acl_vec);
- clib_mem_set_heap (oldheap);
}
}
@@ -2006,7 +1903,6 @@ send_acl_details (acl_main_t * am, vl_api_registration_t * reg,
int i;
acl_rule_t *acl_rules = acl->rules;
int msg_size = sizeof (*mp) + sizeof (mp->r[0]) * vec_len (acl_rules);
- void *oldheap = acl_set_heap (am);
mp = vl_msg_api_alloc (msg_size);
clib_memset (mp, 0, msg_size);
@@ -2024,7 +1920,6 @@ send_acl_details (acl_main_t * am, vl_api_registration_t * reg,
copy_acl_rule_to_api_rule (&rules[i], &acl_rules[i]);
}
- clib_mem_set_heap (oldheap);
vl_api_send_msg (reg, (u8 *) mp);
}
@@ -2080,13 +1975,10 @@ send_acl_interface_list_details (acl_main_t * am,
int n_output;
int count;
int i = 0;
- void *oldheap = acl_set_heap (am);
vec_validate (am->input_acl_vec_by_sw_if_index, sw_if_index);
vec_validate (am->output_acl_vec_by_sw_if_index, sw_if_index);
- clib_mem_set_heap (oldheap);
-
n_input = vec_len (am->input_acl_vec_by_sw_if_index[sw_if_index]);
n_output = vec_len (am->output_acl_vec_by_sw_if_index[sw_if_index]);
count = n_input + n_output;
@@ -2416,7 +2308,6 @@ static void
vnet_interface_main_t *im = &am->vnet_main->interface_main;
u32 sw_if_index = ntohl (mp->sw_if_index);
u16 *vec_in = 0, *vec_out = 0;
- void *oldheap = acl_set_heap (am);
if (pool_is_free_index (im->sw_interfaces, sw_if_index))
rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
@@ -2432,7 +2323,6 @@ static void
rv = acl_set_etype_whitelists (am, sw_if_index, vec_in, vec_out);
}
- clib_mem_set_heap (oldheap);
REPLY_MACRO (VL_API_ACL_INTERFACE_SET_ETYPE_WHITELIST_REPLY);
}
@@ -2462,8 +2352,6 @@ send_acl_interface_etype_whitelist_details (acl_main_t * am,
if ((0 == whitelist_in) && (0 == whitelist_out))
return; /* nothing to do */
- void *oldheap = acl_set_heap (am);
-
n_input = vec_len (whitelist_in);
n_output = vec_len (whitelist_out);
count = n_input + n_output;
@@ -2489,7 +2377,6 @@ send_acl_interface_etype_whitelist_details (acl_main_t * am,
{
mp->whitelist[n_input + i] = htons (whitelist_out[i]);
}
- clib_mem_set_heap (oldheap);
vl_api_send_msg (reg, (u8 *) mp);
}
@@ -2573,11 +2460,6 @@ static clib_error_t *
acl_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
{
acl_main_t *am = &acl_main;
- if (0 == am->acl_mheap)
- {
- /* ACL heap is not initialized, so definitely nothing to do. */
- return 0;
- }
if (0 == is_add)
{
int may_clear_sessions = 1;
@@ -2650,17 +2532,17 @@ acl_set_aclplugin_fn (vlib_main_t * vm,
if (unformat (input, "main"))
{
if (unformat (input, "validate %u", &val))
- acl_plugin_acl_set_validate_heap (am, val);
+ clib_warning ("ACL local heap is deprecated");
else if (unformat (input, "trace %u", &val))
- acl_plugin_acl_set_trace_heap (am, val);
+ clib_warning ("ACL local heap is deprecated");
goto done;
}
else if (unformat (input, "hash"))
{
if (unformat (input, "validate %u", &val))
- acl_plugin_hash_acl_set_validate_heap (val);
+ clib_warning ("ACL local heap is deprecated");
else if (unformat (input, "trace %u", &val))
- acl_plugin_hash_acl_set_trace_heap (val);
+ clib_warning ("ACL local heap is deprecated");
goto done;
}
goto done;
@@ -3300,26 +3182,7 @@ acl_show_aclplugin_memory_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
clib_error_t *error = 0;
- acl_main_t *am = &acl_main;
-
- vlib_cli_output (vm, "ACL plugin main heap statistics:\n");
- if (am->acl_mheap)
- {
- vlib_cli_output (vm, " %U\n", format_mheap, am->acl_mheap, 1);
- }
- else
- {
- vlib_cli_output (vm, " Not initialized\n");
- }
- vlib_cli_output (vm, "ACL hash lookup support heap statistics:\n");
- if (am->hash_lookup_mheap)
- {
- vlib_cli_output (vm, " %U\n", format_mheap, am->hash_lookup_mheap, 1);
- }
- else
- {
- vlib_cli_output (vm, " Not initialized\n");
- }
+ vlib_cli_output (vm, "ACL memory is now part of the main heap");
return error;
}
@@ -3707,14 +3570,17 @@ acl_plugin_config (vlib_main_t * vm, unformat_input_t * input)
if (unformat
(input, "main heap size %U", unformat_memory_size,
&main_heap_size))
- am->acl_mheap_size = main_heap_size;
+ clib_warning
+ ("WARNING: ACL heap is now part of the main heap. 'main heap size' is ineffective.");
else
if (unformat
(input, "hash lookup heap size %U", unformat_memory_size,
&hash_heap_size))
- am->hash_lookup_mheap_size = hash_heap_size;
- else if (unformat (input, "hash lookup hash buckets %d",
- &hash_lookup_hash_buckets))
+ clib_warning
+ ("WARNING: ACL heap is now part of the main heap. 'hash lookup heap size' is ineffective.");
+ else
+ if (unformat
+ (input, "hash lookup hash buckets %d", &hash_lookup_hash_buckets))
am->hash_lookup_hash_buckets = hash_lookup_hash_buckets;
else
if (unformat
@@ -3764,9 +3630,6 @@ acl_init (vlib_main_t * vm)
if (error)
return error;
- am->acl_mheap_size = 0; /* auto size when initializing */
- am->hash_lookup_mheap_size = ACL_PLUGIN_HASH_LOOKUP_HEAP_SIZE;
-
am->hash_lookup_hash_buckets = ACL_PLUGIN_HASH_LOOKUP_HASH_BUCKETS;
am->hash_lookup_hash_memory = ACL_PLUGIN_HASH_LOOKUP_HASH_MEMORY;