diff options
Diffstat (limited to 'src')
116 files changed, 4702 insertions, 1866 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 68d0a4fe64e..d5c7fd1c718 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -113,19 +113,20 @@ endif() # cross compiling ############################################################################## -if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") - set(COMPILER_SUFFIX "linux-gnu") -elseif (${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD") - set(COMPILER_SUFFIX "freebsd") -endif() - if(CMAKE_CROSSCOMPILING) + if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + set(COMPILER_SUFFIX "linux-gnu") + elseif (${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD") + set(COMPILER_SUFFIX "freebsd") + endif() + set(CMAKE_IGNORE_PATH /usr/lib/${CMAKE_HOST_SYSTEM_PROCESSOR}-${COMPILER_SUFFIX}/ /usr/lib/${CMAKE_HOST_SYSTEM_PROCESSOR}-${COMPILER_SUFFIX}/lib/ ) -endif() set(CMAKE_C_COMPILER_TARGET ${CMAKE_SYSTEM_PROCESSOR}-${COMPILER_SUFFIX}) +endif() + ############################################################################## # build config ############################################################################## diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index e52e82fcf28..fbd94761027 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -2845,6 +2845,17 @@ acl_set_aclplugin_interface_fn (vlib_main_t * vm, } \ } while (0) +#define vec_validate_macip_acl_rules(v, idx) \ + do \ + { \ + if (vec_len (v) < idx + 1) \ + { \ + vec_validate (v, idx); \ + v[idx].is_permit = 0x1; \ + } \ + } \ + while (0) + static clib_error_t * acl_set_aclplugin_acl_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) @@ -3062,6 +3073,160 @@ acl_show_aclplugin_macip_interface_fn (vlib_main_t * vm, return error; } +static clib_error_t * +acl_set_aclplugin_macip_acl_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + vl_api_macip_acl_rule_t *rules = 0; + int rule_idx = 0; + int rv = 0; + u32 acl_index = ~0; + u32 action = 0; + u8 src_mac[6]; + u8 *tag = 0; + u8 mac_mask_all_1[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + ip_prefix_t src_ip; + + unformat_input_t _line_input, *line_input = &_line_input; + if (!unformat_user (input, unformat_line_input, line_input)) + return 0; + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + vec_validate_macip_acl_rules (rules, rule_idx); + if (unformat (line_input, "permit")) + { + rules[rule_idx].is_permit = 1; + } + else if (unformat (line_input, "deny")) + { + rules[rule_idx].is_permit = 0; + } + else if (unformat (line_input, "action %d", &action)) + { + rules[rule_idx].is_permit = action; + } + else if (unformat (line_input, "ip %U", unformat_ip_prefix, &src_ip)) + { + ip_prefix_encode2 (&src_ip, &rules[rule_idx].src_prefix); + } + else if (unformat (line_input, "src")) + { + /* Everything in MACIP is "source" but allow this verbosity */ + } + else if (unformat (line_input, "mac %U", unformat_mac_address, &src_mac)) + { + memcpy (rules[rule_idx].src_mac, &src_mac, + sizeof (rules[rule_idx].src_mac)); + memcpy (rules[rule_idx].src_mac_mask, &mac_mask_all_1, + sizeof (rules[rule_idx].src_mac_mask)); + } + else if (unformat (line_input, "mask %U", unformat_mac_address, + &src_mac)) + { + memcpy (rules[rule_idx].src_mac_mask, &src_mac, + sizeof (rules[rule_idx].src_mac_mask)); + } + else if (unformat (line_input, "tag %s", &tag)) + ; + else if (unformat (line_input, ",")) + { + rule_idx++; + } + else + break; + } + + if (!tag) + vec_add (tag, "cli", 4); + + rv = macip_acl_add_list (vec_len (rules), rules, &acl_index, tag); + vec_free (rules); + vec_free (tag); + + unformat_free (line_input); + if (rv) + return clib_error_return (0, "Failed to set MACIP ACL rule"); + + vlib_cli_output (vm, "ACL index:%u", acl_index); + return 0; +} + +static clib_error_t * +acl_macip_delete_aclplugin_acl_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + int rv; + u32 macip_acl_index = ~0; + + if (!unformat_user (input, unformat_line_input, line_input)) + return 0; + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "index %u", &macip_acl_index)) + { + /* operate on this acl index (which must exist) */ + } + else + break; + } + + if (macip_acl_index == ~0) + return (clib_error_return (0, "invalid acl index")); + + rv = macip_acl_del_list (macip_acl_index); + + unformat_free (line_input); + if (rv) + return (clib_error_return (0, "Failed to delete ACL index")); + + vlib_cli_output (vm, "Deleted ACL index:%u", macip_acl_index); + return 0; +} + +static clib_error_t * +acl_set_aclplugin_macip_interface_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + int rv = 0; + u32 sw_if_index = ~0; + u32 acl_index = ~0; + u32 is_add = 1; + unformat_input_t _line_input, *line_input = &_line_input; + + if (!unformat_user (input, unformat_line_input, line_input)) + return 0; + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "%U", unformat_vnet_sw_interface, + vnet_get_main (), &sw_if_index)) + ; + else if (unformat (line_input, "add")) + is_add = 1; + else if (unformat (line_input, "del")) + is_add = 0; + else if (unformat (line_input, "acl %u", &acl_index)) + ; + else + break; + } + + if (sw_if_index == ~0) + return (clib_error_return (0, "invalid interface")); + + if (acl_index == ~0) + return (clib_error_return (0, "invalid acl index")); + + rv = macip_acl_interface_add_del_acl (sw_if_index, is_add, acl_index); + + if (rv) + return (clib_error_return (0, "Failed to add acl rule to interface")); + + return 0; +} + static void acl_plugin_show_acl (acl_main_t * am, u32 acl_index) { @@ -3632,6 +3797,38 @@ VLIB_CLI_COMMAND (aclplugin_set_acl_command, static) = { }; /*? + * Create an MACIP Access Control List (ACL) + * A MACIP ACL is used to add L2-L3 ACL rules. + * A MACIP ACL can be added similar to ACL rules by using following command : + * + * @cliexcmd{set acl-plugin macip acl <permit|deny|action N> + * ip <PREFIX> mac <MAC> mask <int> [tag FOO] {use comma + * separated list for multiple rules}} + ?*/ +VLIB_CLI_COMMAND (aclplugin_macip_set_acl_command, static) = { + .path = "set acl-plugin macip acl ", + .short_help = "set acl-plugin macip acl <permit|deny|action N> " + "ip <PREFIX> mac <MAC> mask <int> [tag FOO] {use comma " + "separated list for multiple rules}", + .function = acl_set_aclplugin_macip_acl_fn, +}; + +/*? + * [un]Apply a MACIP ACL to an interface. + * The ACL being applied must already exist. + * + * @cliexpar + * <b><em> set acl-plugin macip interface <interface> <acl INDEX> [del] + </b></em> + * @cliexend + ?*/ +VLIB_CLI_COMMAND (aclplugin_macip_set_interface_command, static) = { + .path = "set acl-plugin macip interface", + .short_help = "set acl-plugin macip interface <interface> <acl INDEX> [del]", + .function = acl_set_aclplugin_macip_interface_fn, +}; + +/*? * Delete an Access Control List (ACL) * Removes an ACL at the specified index, which must exist but not in use by * any interface. @@ -3644,6 +3841,20 @@ VLIB_CLI_COMMAND (aclplugin_delete_acl_command, static) = { .function = acl_delete_aclplugin_acl_fn, }; +/*? + * Delete a MACIP Access Control List (ACL) + * Removes an MACIP ACL at the specified index, which must exist but not in + * use by + * any interface. + * + * @cliexcmd{delete acl-plugin macip acl index <idx>} + ?*/ +VLIB_CLI_COMMAND (aclplugin_macip_delete_acl_command, static) = { + .path = "delete acl-plugin macip acl", + .short_help = "delete acl-plugin macip acl index <idx>", + .function = acl_macip_delete_aclplugin_acl_fn, +}; + static clib_error_t * acl_plugin_config (vlib_main_t * vm, unformat_input_t * input) { diff --git a/src/plugins/builtinurl/CMakeLists.txt b/src/plugins/builtinurl/CMakeLists.txt deleted file mode 100644 index ddbca5e50f1..00000000000 --- a/src/plugins/builtinurl/CMakeLists.txt +++ /dev/null @@ -1,26 +0,0 @@ - -# Copyright (c) <current-year> <your-organization> -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -add_vpp_plugin(builtinurl - SOURCES - builtins.c - builtinurl.c - builtinurl.h - - API_FILES - builtinurl.api - - API_TEST_SOURCES - builtinurl_test.c -) diff --git a/src/plugins/builtinurl/FEATURE.yaml b/src/plugins/builtinurl/FEATURE.yaml deleted file mode 100644 index ba8e3c7ea7b..00000000000 --- a/src/plugins/builtinurl/FEATURE.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -name: Builtin URL support for the static http or https server -maintainer: Dave Barach <dave@barachs.net> -features: - - Builtin URLs for the static http/https server -description: "The (builtinurl) plugin adds a set of URLs to the static http/https server. - Current URLs, all of which return data in .json fmt: - <root-url>/version.json - vpp version info - <root-url>/interface_list.json - list of interfaces - <root-url>/interface_stats - single interface via HTTP POST - <root-url>/interface_stats - all intfcs via HTTP GET." -state: development -properties: [API, CLI, MULTITHREAD] diff --git a/src/plugins/builtinurl/builtins.c b/src/plugins/builtinurl/builtins.c deleted file mode 100644 index 6a0975503a7..00000000000 --- a/src/plugins/builtinurl/builtins.c +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright (c) 2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <vnet/vnet.h> -#include <builtinurl/builtinurl.h> -#include <http_static/http_static.h> -#include <vpp/app/version.h> - -hss_url_handler_rc_t -handle_get_version (hss_url_handler_args_t *args) -{ - u8 *s = 0; - - /* Build some json bullshit */ - s = format (s, "{\"vpp_details\": {"); - s = format (s, " \"version\": \"%s\",", VPP_BUILD_VER); - s = format (s, " \"build_date\": \"%s\"}}\r\n", VPP_BUILD_DATE); - - args->data = s; - args->data_len = vec_len (s); - args->free_vec_data = 1; - return HSS_URL_HANDLER_OK; -} - -void -trim_path_from_request (u8 * s, char *path) -{ - u8 *cp; - int trim_length = strlen (path) + 1 /* remove '?' */ ; - - /* Get rid of the path and question-mark */ - vec_delete (s, trim_length, 0); - - /* Tail trim irrelevant browser info */ - cp = s; - while ((cp - s) < vec_len (s)) - { - if (*cp == ' ') - { - /* - * Makes request a vector which happens to look - * like a c-string. - */ - *cp = 0; - vec_set_len (s, cp - s); - break; - } - cp++; - } -} - -hss_url_handler_rc_t -handle_get_interface_stats (hss_url_handler_args_t *args) -{ - u8 *s = 0, *stats = 0; - uword *p; - u32 *sw_if_indices = 0; - vnet_hw_interface_t *hi; - vnet_sw_interface_t *si; - char *q = "\""; - int i; - int need_comma = 0; - u8 *format_vnet_sw_interface_cntrs (u8 * s, vnet_interface_main_t * im, - vnet_sw_interface_t * si, int json); - vnet_main_t *vnm = vnet_get_main (); - vnet_interface_main_t *im = &vnm->interface_main; - - /* Get stats for a single interface via http POST */ - if (args->req_type == HTTP_REQ_POST) - { - /* Find the sw_if_index */ - p = hash_get (im->hw_interface_by_name, args->req_data); - if (!p) - { - s = format (s, "{\"interface_stats\": {[\n"); - s = format (s, " \"name\": \"%s\",", args->req_data); - s = format (s, " \"error\": \"%s\"", "UnknownInterface"); - s = format (s, "]}\n"); - goto out; - } - - vec_add1 (sw_if_indices, p[0]); - } - else /* default, HTTP_BUILTIN_METHOD_GET */ - { - pool_foreach (hi, im->hw_interfaces) - { - vec_add1 (sw_if_indices, hi->sw_if_index); - } - } - - s = format (s, "{%sinterface_stats%s: [\n", q, q); - - for (i = 0; i < vec_len (sw_if_indices); i++) - { - si = vnet_get_sw_interface (vnm, sw_if_indices[i]); - if (need_comma) - s = format (s, ",\n"); - - need_comma = 1; - - s = format (s, "{%sname%s: %s%U%s, ", q, q, q, - format_vnet_sw_if_index_name, vnm, sw_if_indices[i], q); - - stats = format_vnet_sw_interface_cntrs (stats, &vnm->interface_main, si, - 1 /* want json */ ); - if (vec_len (stats)) - s = format (s, "%v}", stats); - else - s = format (s, "%snone%s: %strue%s}", q, q, q, q); - vec_reset_length (stats); - } - - s = format (s, "]}\n"); - -out: - args->data = s; - args->data_len = vec_len (s); - args->free_vec_data = 1; - vec_free (sw_if_indices); - vec_free (stats); - return HSS_URL_HANDLER_OK; -} - -hss_url_handler_rc_t -handle_get_interface_list (hss_url_handler_args_t *args) -{ - u8 *s = 0; - int i; - vnet_main_t *vnm = vnet_get_main (); - vnet_interface_main_t *im = &vnm->interface_main; - vnet_hw_interface_t *hi; - u32 *hw_if_indices = 0; - int need_comma = 0; - - /* Construct vector of active hw_if_indexes ... */ - pool_foreach (hi, im->hw_interfaces) - { - /* No point in mentioning "local0"... */ - if (hi - im->hw_interfaces) - vec_add1 (hw_if_indices, hi - im->hw_interfaces); - } - - /* Build answer */ - s = format (s, "{\"interface_list\": [\n"); - for (i = 0; i < vec_len (hw_if_indices); i++) - { - if (need_comma) - s = format (s, ",\n"); - hi = pool_elt_at_index (im->hw_interfaces, hw_if_indices[i]); - s = format (s, "\"%v\"", hi->name); - need_comma = 1; - } - s = format (s, "]}\n"); - vec_free (hw_if_indices); - - args->data = s; - args->data_len = vec_len (s); - args->free_vec_data = 1; - return HSS_URL_HANDLER_OK; -} - -void -builtinurl_handler_init (builtinurl_main_t * bm) -{ - - bm->register_handler (handle_get_version, "version.json", HTTP_REQ_GET); - bm->register_handler (handle_get_interface_list, "interface_list.json", - HTTP_REQ_GET); - bm->register_handler (handle_get_interface_stats, "interface_stats.json", - HTTP_REQ_GET); - bm->register_handler (handle_get_interface_stats, "interface_stats.json", - HTTP_REQ_POST); -} - -/* - * fd.io coding-style-patch-verification: ON - * - * Local Variables: - * eval: (c-set-style "gnu") - * End: - */ diff --git a/src/plugins/builtinurl/builtinurl.api b/src/plugins/builtinurl/builtinurl.api deleted file mode 100644 index 80efa73c725..00000000000 --- a/src/plugins/builtinurl/builtinurl.api +++ /dev/null @@ -1,44 +0,0 @@ -/* - * builtinurl.api - binary API skeleton - * - * Copyright (c) <current-year> <your-organization> - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file builtinurl.api - * @brief VPP control-plane API messages. - * - * This file defines VPP control-plane binary API messages which are generally - * called through a shared memory interface. - */ - -/* Version and type recitations */ - -option version = "1.0.0"; - -/** @brief API to enable / disable builtinurl on an interface - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param enable_disable - 1 to enable, 0 to disable the feature - @param sw_if_index - interface handle -*/ - -autoreply define builtinurl_enable { - option deprecated="incorporated in http_static plugin"; - /* Client identifier, set from api_main.my_client_index */ - u32 client_index; - - /* Arbitrary context, so client can match reply to request */ - u32 context; -}; diff --git a/src/plugins/builtinurl/builtinurl.c b/src/plugins/builtinurl/builtinurl.c deleted file mode 100644 index 749a2c93b8a..00000000000 --- a/src/plugins/builtinurl/builtinurl.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * builtinurl.c - skeleton vpp engine plug-in - * - * Copyright (c) 2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <vnet/vnet.h> -#include <vnet/plugin/plugin.h> -#include <builtinurl/builtinurl.h> - -#include <vlibapi/api.h> -#include <vlibmemory/api.h> -#include <vpp/app/version.h> -#include <stdbool.h> - -/* define message IDs */ -#include <builtinurl/builtinurl.api_enum.h> -#include <builtinurl/builtinurl.api_types.h> - -#define REPLY_MSG_ID_BASE bmp->msg_id_base -#include <vlibapi/api_helper_macros.h> - -builtinurl_main_t builtinurl_main; - -/* Action function shared between message handler and debug CLI */ - -int -builtinurl_enable (builtinurl_main_t * bmp) -{ - void (*fp) (void *, char *, int); - - if (bmp->initialized) - return 0; - - /* Look up the builtin URL registration handler */ - fp = vlib_get_plugin_symbol - ("http_static_plugin.so", "http_static_server_register_builtin_handler"); - - /* Most likely, the http_static plugin isn't loaded. Done. */ - if (fp == 0) - return VNET_API_ERROR_NO_SUCH_TABLE; - - bmp->register_handler = fp; - builtinurl_handler_init (bmp); - bmp->initialized = 1; - - return 0; -} - -static clib_error_t * -builtinurl_enable_command_fn (vlib_main_t * vm, - unformat_input_t * input, - vlib_cli_command_t * cmd) -{ - builtinurl_main_t *bmp = &builtinurl_main; - - int rv; - - rv = builtinurl_enable (bmp); - - switch (rv) - { - case 0: - break; - - case VNET_API_ERROR_NO_SUCH_TABLE: - return clib_error_return - (0, "http_static_server_register_builtin_handler undefined"); - break; - - default: - return clib_error_return (0, "builtinurl_enable returned %d", rv); - } - return 0; -} - -VLIB_CLI_COMMAND (builtinurl_enable_command, static) = -{ - .path = "builtinurl enable", - .short_help = "Turn on builtin http/https GET and POST urls", - .function = builtinurl_enable_command_fn, -}; - -/* API message handler */ -static void vl_api_builtinurl_enable_t_handler - (vl_api_builtinurl_enable_t * mp) -{ - vl_api_builtinurl_enable_reply_t *rmp; - builtinurl_main_t *bmp = &builtinurl_main; - int rv; - - rv = builtinurl_enable (bmp); - - REPLY_MACRO (VL_API_BUILTINURL_ENABLE_REPLY); -} - -#include <builtinurl/builtinurl.api.c> -static clib_error_t * -builtinurl_init (vlib_main_t * vm) -{ - builtinurl_main_t *bmp = &builtinurl_main; - - bmp->vlib_main = vm; - bmp->vnet_main = vnet_get_main (); - - /* Ask for a correctly-sized block of API message decode slots */ - bmp->msg_id_base = setup_message_id_table (); - - return 0; -} - -VLIB_INIT_FUNCTION (builtinurl_init); - -VLIB_PLUGIN_REGISTER () = -{ - .version = VPP_BUILD_VER, - .description = "vpp built-in URL support", -}; - -/* - * fd.io coding-style-patch-verification: ON - * - * Local Variables: - * eval: (c-set-style "gnu") - * End: - */ diff --git a/src/plugins/builtinurl/builtinurl.h b/src/plugins/builtinurl/builtinurl.h deleted file mode 100644 index 91302c1eee5..00000000000 --- a/src/plugins/builtinurl/builtinurl.h +++ /dev/null @@ -1,57 +0,0 @@ - -/* - * builtinurl.h - built-in URLs for the http static server - * - * Copyright (c) 2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __included_builtinurl_h__ -#define __included_builtinurl_h__ - -#include <vnet/vnet.h> -#include <vnet/ip/ip.h> -#include <vnet/ethernet/ethernet.h> - -#include <vppinfra/hash.h> -#include <vppinfra/error.h> - -typedef struct -{ - /* API message ID base */ - u16 msg_id_base; - - /* GET / POST handler registration function */ - void (*register_handler) (void *, char *, int); - - /* Been there, done that */ - int initialized; - - /* convenience */ - vlib_main_t *vlib_main; - vnet_main_t *vnet_main; - ethernet_main_t *ethernet_main; -} builtinurl_main_t; - -extern builtinurl_main_t builtinurl_main; - -void builtinurl_handler_init (builtinurl_main_t * bm); - -#endif /* __included_builtinurl_h__ */ - -/* - * fd.io coding-style-patch-verification: ON - * - * Local Variables: - * eval: (c-set-style "gnu") - * End: - */ diff --git a/src/plugins/builtinurl/builtinurl_test.c b/src/plugins/builtinurl/builtinurl_test.c deleted file mode 100644 index 9edfb81c525..00000000000 --- a/src/plugins/builtinurl/builtinurl_test.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * builtinurl.c - skeleton vpp-api-test plug-in - * - * Copyright (c) 2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include <vat/vat.h> -#include <vlibapi/api.h> -#include <vlibmemory/api.h> -#include <vppinfra/error.h> -#include <stdbool.h> - -uword unformat_sw_if_index (unformat_input_t * input, va_list * args); - -/* Declare message IDs */ -#include <builtinurl/builtinurl.api_enum.h> -#include <builtinurl/builtinurl.api_types.h> - -typedef struct -{ - /* API message ID base */ - u16 msg_id_base; - vat_main_t *vat_main; -} builtinurl_test_main_t; - -builtinurl_test_main_t builtinurl_test_main; - -#define __plugin_msg_base builtinurl_test_main.msg_id_base -#include <vlibapi/vat_helper_macros.h> - -static int -api_builtinurl_enable (vat_main_t * vam) -{ - vl_api_builtinurl_enable_t *mp; - int ret; - - /* Construct the API message */ - M (BUILTINURL_ENABLE, mp); - - /* send it... */ - S (mp); - - /* Wait for a reply... */ - W (ret); - return ret; -} - -#include <builtinurl/builtinurl.api_test.c> - -/* - * fd.io coding-style-patch-verification: ON - * - * Local Variables: - * eval: (c-set-style "gnu") - * End: - */ diff --git a/src/plugins/dev_octeon/init.c b/src/plugins/dev_octeon/init.c index fd65ce6d9e2..29d1c16ad96 100644 --- a/src/plugins/dev_octeon/init.c +++ b/src/plugins/dev_octeon/init.c @@ -131,6 +131,9 @@ oct_init_nix (vlib_main_t *vm, vnet_dev_t *dev) .rx_offloads = { .ip4_cksum = 1, }, + .tx_offloads = { + .ip4_cksum = 1, + }, }, .ops = { .init = oct_port_init, diff --git a/src/plugins/dev_octeon/port.c b/src/plugins/dev_octeon/port.c index 8ba9041f858..8290880be31 100644 --- a/src/plugins/dev_octeon/port.c +++ b/src/plugins/dev_octeon/port.c @@ -58,6 +58,7 @@ oct_port_init (vlib_main_t *vm, vnet_dev_port_t *port) vnet_dev_t *dev = port->dev; oct_device_t *cd = vnet_dev_get_data (dev); oct_port_t *cp = vnet_dev_get_port_data (port); + u8 mac_addr[PLT_ETHER_ADDR_LEN]; struct roc_nix *nix = cd->nix; vnet_dev_rv_t rv; int rrv; @@ -75,6 +76,22 @@ oct_port_init (vlib_main_t *vm, vnet_dev_port_t *port) } cp->lf_allocated = 1; + if (!roc_nix_is_vf_or_sdp (nix)) + { + if ((rrv = roc_nix_npc_mac_addr_get (nix, mac_addr))) + { + oct_port_deinit (vm, port); + return oct_roc_err (dev, rrv, "roc_nix_npc_mac_addr_get failed"); + } + + /* Sync MAC address to CGX/RPM table */ + if ((rrv = roc_nix_mac_addr_set (nix, mac_addr))) + { + oct_port_deinit (vm, port); + return oct_roc_err (dev, rrv, "roc_nix_mac_addr_set failed"); + } + } + if ((rrv = roc_nix_tm_init (nix))) { oct_port_deinit (vm, port); @@ -125,6 +142,12 @@ oct_port_init (vlib_main_t *vm, vnet_dev_port_t *port) oct_port_add_counters (vm, port); + if ((rrv = roc_nix_mac_mtu_set (nix, port->max_rx_frame_size))) + { + rv = oct_roc_err (dev, rrv, "roc_nix_mac_mtu_set() failed"); + return rv; + } + return VNET_DEV_OK; } @@ -344,12 +367,6 @@ oct_port_start (vlib_main_t *vm, vnet_dev_port_t *port) ctq->n_enq = 0; } - if ((rrv = roc_nix_mac_mtu_set (nix, 9200))) - { - rv = oct_roc_err (dev, rrv, "roc_nix_mac_mtu_set() failed"); - goto done; - } - if ((rrv = roc_nix_npc_rx_ena_dis (nix, true))) { rv = oct_roc_err (dev, rrv, "roc_nix_npc_rx_ena_dis() failed"); @@ -393,6 +410,18 @@ oct_port_stop (vlib_main_t *vm, vnet_dev_port_t *port) foreach_vnet_dev_port_tx_queue (q, port) oct_txq_stop (vm, q); + + vnet_dev_port_state_change (vm, port, + (vnet_dev_port_state_changes_t){ + .change.link_state = 1, + .change.link_speed = 1, + .link_speed = 0, + .link_state = 0, + }); + + /* Update the device status */ + cd->status = 0; + cd->speed = 0; } vnet_dev_rv_t @@ -445,7 +474,6 @@ oct_port_add_del_eth_addr (vlib_main_t *vm, vnet_dev_port_t *port, oct_device_t *cd = vnet_dev_get_data (dev); struct roc_nix *nix = cd->nix; vnet_dev_rv_t rv = VNET_DEV_OK; - i32 rrv; if (is_primary) @@ -471,6 +499,24 @@ oct_port_add_del_eth_addr (vlib_main_t *vm, vnet_dev_port_t *port, } } } + + return rv; +} + +vnet_dev_rv_t +oct_op_config_max_rx_len (vlib_main_t *vm, vnet_dev_port_t *port, + u32 rx_frame_size) +{ + vnet_dev_t *dev = port->dev; + oct_device_t *cd = vnet_dev_get_data (dev); + struct roc_nix *nix = cd->nix; + vnet_dev_rv_t rv = VNET_DEV_OK; + i32 rrv; + + rrv = roc_nix_mac_max_rx_len_set (nix, rx_frame_size); + if (rrv) + rv = oct_roc_err (dev, rrv, "roc_nix_mac_max_rx_len_set() failed"); + return rv; } @@ -535,6 +581,7 @@ oct_port_cfg_change (vlib_main_t *vm, vnet_dev_port_t *port, break; case VNET_DEV_PORT_CFG_MAX_RX_FRAME_SIZE: + rv = oct_op_config_max_rx_len (vm, port, req->max_rx_frame_size); break; case VNET_DEV_PORT_CFG_ADD_RX_FLOW: diff --git a/src/plugins/dev_octeon/tx_node.c b/src/plugins/dev_octeon/tx_node.c index 0907493814d..6d239836a20 100644 --- a/src/plugins/dev_octeon/tx_node.c +++ b/src/plugins/dev_octeon/tx_node.c @@ -255,19 +255,18 @@ oct_tx_enq1 (vlib_main_t *vm, oct_tx_ctx_t *ctx, vlib_buffer_t *b, if (oflags & VNET_BUFFER_OFFLOAD_F_IP_CKSUM) { d.hdr_w1.ol3type = NIX_SENDL3TYPE_IP4_CKSUM; - d.hdr_w1.ol3ptr = vnet_buffer (b)->l3_hdr_offset; - d.hdr_w1.ol4ptr = - vnet_buffer (b)->l3_hdr_offset + sizeof (ip4_header_t); + d.hdr_w1.ol3ptr = vnet_buffer (b)->l3_hdr_offset - b->current_data; + d.hdr_w1.ol4ptr = d.hdr_w1.ol3ptr + sizeof (ip4_header_t); } if (oflags & VNET_BUFFER_OFFLOAD_F_UDP_CKSUM) { d.hdr_w1.ol4type = NIX_SENDL4TYPE_UDP_CKSUM; - d.hdr_w1.ol4ptr = vnet_buffer (b)->l4_hdr_offset; + d.hdr_w1.ol4ptr = vnet_buffer (b)->l4_hdr_offset - b->current_data; } else if (oflags & VNET_BUFFER_OFFLOAD_F_TCP_CKSUM) { d.hdr_w1.ol4type = NIX_SENDL4TYPE_TCP_CKSUM; - d.hdr_w1.ol4ptr = vnet_buffer (b)->l4_hdr_offset; + d.hdr_w1.ol4ptr = vnet_buffer (b)->l4_hdr_offset - b->current_data; } } diff --git a/src/plugins/dpdk/device/init.c b/src/plugins/dpdk/device/init.c index 453d9cff7ef..1f4aa83b26e 100644 --- a/src/plugins/dpdk/device/init.c +++ b/src/plugins/dpdk/device/init.c @@ -1122,6 +1122,7 @@ dpdk_config (vlib_main_t * vm, unformat_input_t * input) #ifdef __linux vlib_thread_main_t *tm = vlib_get_thread_main (); uword default_hugepage_sz, x; + u8 file_prefix = 0; #endif /* __linux__ */ u8 *s, *tmp = 0; int ret, i; @@ -1129,7 +1130,6 @@ dpdk_config (vlib_main_t * vm, unformat_input_t * input) int eal_no_hugetlb = 0; u8 no_pci = 0; u8 no_vmbus = 0; - u8 file_prefix = 0; u8 *socket_mem = 0; u32 vendor, device, domain, bus, func; void *fmt_func; @@ -1289,6 +1289,7 @@ dpdk_config (vlib_main_t * vm, unformat_input_t * input) } foreach_eal_double_hyphen_predicate_arg #undef _ +#ifdef __linux__ #define _(a) \ else if (unformat(input, #a " %s", &s)) \ { \ @@ -1304,6 +1305,7 @@ dpdk_config (vlib_main_t * vm, unformat_input_t * input) } foreach_eal_double_hyphen_arg #undef _ +#endif /* __linux__ */ #define _(a,b) \ else if (unformat(input, #a " %s", &s)) \ { \ diff --git a/src/plugins/hs_apps/CMakeLists.txt b/src/plugins/hs_apps/CMakeLists.txt index 179c9c7a4c4..ba03e393f44 100644 --- a/src/plugins/hs_apps/CMakeLists.txt +++ b/src/plugins/hs_apps/CMakeLists.txt @@ -21,8 +21,10 @@ add_vpp_plugin(hs_apps hs_apps.c http_cli.c http_client_cli.c + http_simple_post.c http_tps.c proxy.c + test_builtins.c ) ############################################################################## diff --git a/src/plugins/hs_apps/http_cli.c b/src/plugins/hs_apps/http_cli.c index 4970da72012..814f5f15fcf 100644 --- a/src/plugins/hs_apps/http_cli.c +++ b/src/plugins/hs_apps/http_cli.c @@ -17,6 +17,8 @@ #include <vnet/session/application_interface.h> #include <vnet/session/session.h> #include <http/http.h> +#include <http/http_header_names.h> +#include <http/http_content_types.h> #define HCS_DEBUG 0 @@ -43,6 +45,7 @@ typedef struct u8 *tx_buf; u32 tx_offset; u32 vpp_session_index; + http_header_t *resp_headers; } hcs_session_t; typedef struct @@ -148,24 +151,45 @@ hcs_cli_output (uword arg, u8 *buffer, uword buffer_bytes) } static void -start_send_data (hcs_session_t *hs, http_status_code_t status, - http_content_type_t type) +start_send_data (hcs_session_t *hs, http_status_code_t status) { http_msg_t msg; session_t *ts; + u8 *headers_buf = 0; int rv; + if (vec_len (hs->resp_headers)) + { + headers_buf = http_serialize_headers (hs->resp_headers); + vec_free (hs->resp_headers); + msg.data.headers_offset = 0; + msg.data.headers_len = vec_len (headers_buf); + } + else + { + msg.data.headers_offset = 0; + msg.data.headers_len = 0; + } + msg.type = HTTP_MSG_REPLY; msg.code = status; - msg.content_type = type; msg.data.type = HTTP_MSG_DATA_INLINE; - msg.data.len = vec_len (hs->tx_buf); + msg.data.body_len = vec_len (hs->tx_buf); + msg.data.body_offset = msg.data.headers_len; + msg.data.len = msg.data.body_len + msg.data.headers_len; ts = session_get (hs->vpp_session_index, hs->thread_index); rv = svm_fifo_enqueue (ts->tx_fifo, sizeof (msg), (u8 *) &msg); ASSERT (rv == sizeof (msg)); - if (!msg.data.len) + if (msg.data.headers_len) + { + rv = svm_fifo_enqueue (ts->tx_fifo, vec_len (headers_buf), headers_buf); + ASSERT (rv == msg.data.headers_len); + vec_free (headers_buf); + } + + if (!msg.data.body_len) goto done; rv = svm_fifo_enqueue (ts->tx_fifo, vec_len (hs->tx_buf), hs->tx_buf); @@ -183,7 +207,7 @@ start_send_data (hcs_session_t *hs, http_status_code_t status, done: if (svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); } static void @@ -203,7 +227,12 @@ send_data_to_http (void *rpc_args) hs->tx_buf = args->buf; if (args->plain_text) type = HTTP_CONTENT_TEXT_PLAIN; - start_send_data (hs, HTTP_STATUS_OK, type); + + http_add_header (&hs->resp_headers, + http_header_name_token (HTTP_HEADER_CONTENT_TYPE), + http_content_type_token (type)); + + start_send_data (hs, HTTP_STATUS_OK); cleanup: @@ -325,6 +354,7 @@ hcs_ts_rx_callback (session_t *ts) hs = hcs_session_get (ts->thread_index, ts->opaque); hs->tx_buf = 0; + hs->resp_headers = 0; /* Read the http message header */ rv = svm_fifo_dequeue (ts->rx_fifo, sizeof (msg), (u8 *) &msg); @@ -332,16 +362,17 @@ hcs_ts_rx_callback (session_t *ts) if (msg.type != HTTP_MSG_REQUEST || msg.method_type != HTTP_REQ_GET) { - start_send_data (hs, HTTP_STATUS_METHOD_NOT_ALLOWED, - HTTP_CONTENT_TEXT_HTML); + http_add_header (&hs->resp_headers, + http_header_name_token (HTTP_HEADER_ALLOW), + http_token_lit ("GET")); + start_send_data (hs, HTTP_STATUS_METHOD_NOT_ALLOWED); goto done; } if (msg.data.target_path_len == 0 || msg.data.target_form != HTTP_TARGET_ORIGIN_FORM) { - hs->tx_buf = 0; - start_send_data (hs, HTTP_STATUS_BAD_REQUEST, HTTP_CONTENT_TEXT_HTML); + start_send_data (hs, HTTP_STATUS_BAD_REQUEST); goto done; } @@ -353,7 +384,7 @@ hcs_ts_rx_callback (session_t *ts) HCS_DBG ("%v", args.buf); if (http_validate_abs_path_syntax (args.buf, &is_encoded)) { - start_send_data (hs, HTTP_STATUS_BAD_REQUEST, HTTP_CONTENT_TEXT_HTML); + start_send_data (hs, HTTP_STATUS_BAD_REQUEST); vec_free (args.buf); goto done; } @@ -374,13 +405,13 @@ hcs_ts_rx_callback (session_t *ts) ASSERT (rv == msg.data.headers_len); if (http_parse_headers (headers, &ht)) { - start_send_data (hs, HTTP_STATUS_BAD_REQUEST, - HTTP_CONTENT_TEXT_HTML); + start_send_data (hs, HTTP_STATUS_BAD_REQUEST); vec_free (args.buf); vec_free (headers); goto done; } - const char *accept_value = http_get_header (ht, HTTP_HEADER_ACCEPT); + const char *accept_value = + http_get_header (ht, http_header_name_str (HTTP_HEADER_ACCEPT)); if (accept_value) { HCS_DBG ("client accept: %s", accept_value); @@ -438,7 +469,7 @@ hcs_ts_tx_callback (session_t *ts) } if (svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); return 0; } diff --git a/src/plugins/hs_apps/http_client_cli.c b/src/plugins/hs_apps/http_client_cli.c index a99169bafea..722499b24c3 100644 --- a/src/plugins/hs_apps/http_client_cli.c +++ b/src/plugins/hs_apps/http_client_cli.c @@ -16,6 +16,9 @@ #include <vnet/session/application_interface.h> #include <vnet/session/session.h> #include <http/http.h> +#include <http/http_header_names.h> +#include <http/http_content_types.h> +#include <http/http_status_codes.h> #define HCC_DEBUG 0 @@ -34,12 +37,12 @@ typedef struct u32 vpp_session_index; u32 to_recv; u8 is_closed; + http_header_t *req_headers; } hcc_session_t; typedef struct { hcc_session_t *sessions; - u8 *rx_buf; u32 thread_index; } hcc_worker_t; @@ -95,13 +98,6 @@ hcc_session_get (u32 hs_index, u32 thread_index) return pool_elt_at_index (wrk->sessions, hs_index); } -static void -hcc_session_free (u32 thread_index, hcc_session_t *hs) -{ - hcc_worker_t *wrk = hcc_worker_get (thread_index); - pool_put (wrk->sessions, hs); -} - static int hcc_ts_accept_callback (session_t *ts) { @@ -128,6 +124,7 @@ hcc_ts_connected_callback (u32 app_index, u32 hc_index, session_t *as, hcc_session_t *hs, *new_hs; hcc_worker_t *wrk; http_msg_t msg; + u8 *headers_buf; int rv; HCC_DBG ("hc_index: %d", hc_index); @@ -149,24 +146,42 @@ hcc_ts_connected_callback (u32 app_index, u32 hc_index, session_t *as, hs->vpp_session_index = as->session_index; + http_add_header (&hs->req_headers, + http_header_name_token (HTTP_HEADER_ACCEPT), + http_content_type_token (HTTP_CONTENT_TEXT_HTML)); + headers_buf = http_serialize_headers (hs->req_headers); + vec_free (hs->req_headers); + msg.type = HTTP_MSG_REQUEST; msg.method_type = HTTP_REQ_GET; - msg.content_type = HTTP_CONTENT_TEXT_HTML; + /* request target */ + msg.data.target_form = HTTP_TARGET_ORIGIN_FORM; + msg.data.target_path_offset = 0; + msg.data.target_path_len = vec_len (hcm->http_query); + /* custom headers */ + msg.data.headers_offset = msg.data.target_path_len; + msg.data.headers_len = vec_len (headers_buf); + /* request body */ + msg.data.body_len = 0; + /* data type and total length */ msg.data.type = HTTP_MSG_DATA_INLINE; - msg.data.len = vec_len (hcm->http_query); + msg.data.len = + msg.data.target_path_len + msg.data.headers_len + msg.data.body_len; - svm_fifo_seg_t segs[2] = { { (u8 *) &msg, sizeof (msg) }, - { hcm->http_query, vec_len (hcm->http_query) } }; + svm_fifo_seg_t segs[3] = { { (u8 *) &msg, sizeof (msg) }, + { hcm->http_query, vec_len (hcm->http_query) }, + { headers_buf, vec_len (headers_buf) } }; - rv = svm_fifo_enqueue_segments (as->tx_fifo, segs, 2, 0 /* allow partial */); - if (rv < 0 || rv != sizeof (msg) + vec_len (hcm->http_query)) + rv = svm_fifo_enqueue_segments (as->tx_fifo, segs, 3, 0 /* allow partial */); + vec_free (headers_buf); + if (rv < 0 || rv != sizeof (msg) + msg.data.len) { clib_warning ("failed app enqueue"); return -1; } if (svm_fifo_set_event (as->tx_fifo)) - session_send_io_evt_to_thread (as->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (as->handle, SESSION_IO_EVT_TX); return 0; } @@ -221,17 +236,26 @@ hcc_ts_rx_callback (session_t *ts) if (hs->to_recv == 0) { + /* read the http message header */ rv = svm_fifo_dequeue (ts->rx_fifo, sizeof (msg), (u8 *) &msg); ASSERT (rv == sizeof (msg)); - if (msg.type != HTTP_MSG_REPLY || msg.code != HTTP_STATUS_OK) + if (msg.type != HTTP_MSG_REPLY) { clib_warning ("unexpected msg type %d", msg.type); return 0; } - vec_validate (hcm->http_response, msg.data.len - 1); + /* drop everything up to body */ + svm_fifo_dequeue_drop (ts->rx_fifo, msg.data.body_offset); + hs->to_recv = msg.data.body_len; + if (msg.code != HTTP_STATUS_OK && hs->to_recv == 0) + { + hcm->http_response = format (0, "request failed, response code: %U", + format_http_status_code, msg.code); + goto done; + } + vec_validate (hcm->http_response, msg.data.body_len - 1); vec_reset_length (hcm->http_response); - hs->to_recv = msg.data.len; } u32 max_deq = svm_fifo_max_dequeue (ts->rx_fifo); @@ -253,8 +277,10 @@ hcc_ts_rx_callback (session_t *ts) hs->to_recv -= rv; HCC_DBG ("app rcvd %d, remains %d", rv, hs->to_recv); +done: if (hs->to_recv == 0) { + HCC_DBG ("all data received, going to disconnect"); hcc_session_disconnect (ts); vlib_process_signal_event_mt (hcm->vlib_main, hcm->cli_node_index, HCC_REPLY_RECEIVED, 0); @@ -264,18 +290,6 @@ hcc_ts_rx_callback (session_t *ts) } static void -hcc_ts_cleanup_callback (session_t *s, session_cleanup_ntf_t ntf) -{ - hcc_session_t *hs; - - hs = hcc_session_get (s->thread_index, s->opaque); - if (!hs) - return; - - hcc_session_free (s->thread_index, hs); -} - -static void hcc_ts_transport_closed (session_t *s) { hcc_main_t *hcm = &hcc_main; @@ -293,7 +307,6 @@ static session_cb_vft_t hcc_session_cb_vft = { .builtin_app_rx_callback = hcc_ts_rx_callback, .builtin_app_tx_callback = hcc_ts_tx_callback, .session_reset_callback = hcc_ts_reset_callback, - .session_cleanup_callback = hcc_ts_cleanup_callback, .session_transport_closed_callback = hcc_ts_transport_closed, }; @@ -423,7 +436,6 @@ hcc_run (vlib_main_t *vm, int print_output) case HCC_REPLY_RECEIVED: if (print_output) vlib_cli_output (vm, "%v", hcm->http_response); - vec_free (hcm->http_response); break; case HCC_TRANSPORT_CLOSED: err = clib_error_return (0, "error, transport closed"); @@ -460,6 +472,28 @@ hcc_detach () return rv; } +static void +hcc_worker_cleanup (hcc_worker_t *wrk) +{ + pool_free (wrk->sessions); +} + +static void +hcc_cleanup () +{ + hcc_main_t *hcm = &hcc_main; + hcc_worker_t *wrk; + + vec_foreach (wrk, hcm->wrk) + hcc_worker_cleanup (wrk); + + vec_free (hcm->uri); + vec_free (hcm->http_query); + vec_free (hcm->http_response); + vec_free (hcm->appns_id); + vec_free (hcm->wrk); +} + static clib_error_t * hcc_command_fn (vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd) @@ -509,7 +543,6 @@ hcc_command_fn (vlib_main_t *vm, unformat_input_t *input, } } - vec_free (hcm->appns_id); hcm->appns_id = appns_id; hcm->cli_node_index = vlib_get_current_process (vm)->node_runtime.node_index; @@ -540,8 +573,7 @@ hcc_command_fn (vlib_main_t *vm, unformat_input_t *input, } done: - vec_free (hcm->uri); - vec_free (hcm->http_query); + hcc_cleanup (); unformat_free (line_input); return err; } diff --git a/src/plugins/hs_apps/http_simple_post.c b/src/plugins/hs_apps/http_simple_post.c new file mode 100644 index 00000000000..b0b9a38db2d --- /dev/null +++ b/src/plugins/hs_apps/http_simple_post.c @@ -0,0 +1,569 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#include <vnet/session/application.h> +#include <vnet/session/application_interface.h> +#include <vnet/session/session.h> +#include <http/http.h> +#include <http/http_header_names.h> +#include <http/http_content_types.h> +#include <vppinfra/unix.h> + +typedef struct +{ + CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); + u32 session_index; + u32 thread_index; + u32 vpp_session_index; + u8 is_closed; +} hsp_session_t; + +typedef struct +{ + hsp_session_t *sessions; + u32 thread_index; +} hsp_worker_t; + +typedef struct +{ + u32 app_index; + vlib_main_t *vlib_main; + u32 cli_node_index; + u8 attached; + u8 *uri; + session_endpoint_cfg_t connect_sep; + u8 *target; + u8 *headers_buf; + u8 *data; + u32 data_offset; + hsp_worker_t *wrk; + u8 *http_response; + u8 is_file; + u8 use_ptr; +} hsp_main_t; + +typedef enum +{ + HSP_CONNECT_FAILED = 1, + HSP_TRANSPORT_CLOSED, + HSP_REPLY_RECEIVED, +} hsp_cli_signal_t; + +static hsp_main_t hsp_main; + +static inline hsp_worker_t * +hsp_worker_get (u32 thread_index) +{ + return &hsp_main.wrk[thread_index]; +} + +static inline hsp_session_t * +hsp_session_get (u32 session_index, u32 thread_index) +{ + hsp_worker_t *wrk = hsp_worker_get (thread_index); + return pool_elt_at_index (wrk->sessions, session_index); +} + +static hsp_session_t * +hsp_session_alloc (hsp_worker_t *wrk) +{ + hsp_session_t *s; + + pool_get_zero (wrk->sessions, s); + s->session_index = s - wrk->sessions; + s->thread_index = wrk->thread_index; + + return s; +} + +static int +hsp_session_connected_callback (u32 app_index, u32 hsp_session_index, + session_t *s, session_error_t err) +{ + hsp_main_t *hspm = &hsp_main; + hsp_session_t *hsp_session, *new_hsp_session; + hsp_worker_t *wrk; + http_header_t *headers = 0; + http_msg_t msg; + int rv; + + if (err) + { + clib_warning ("hsp_session_index[%d] connected error: %U", + hsp_session_index, format_session_error, err); + vlib_process_signal_event_mt (hspm->vlib_main, hspm->cli_node_index, + HSP_CONNECT_FAILED, 0); + return -1; + } + + hsp_session = hsp_session_get (hsp_session_index, 0); + wrk = hsp_worker_get (s->thread_index); + new_hsp_session = hsp_session_alloc (wrk); + clib_memcpy_fast (new_hsp_session, hsp_session, sizeof (*hsp_session)); + hsp_session->vpp_session_index = s->session_index; + + if (hspm->is_file) + { + http_add_header ( + &headers, http_header_name_token (HTTP_HEADER_CONTENT_TYPE), + http_content_type_token (HTTP_CONTENT_APP_OCTET_STREAM)); + } + else + { + http_add_header ( + &headers, http_header_name_token (HTTP_HEADER_CONTENT_TYPE), + http_content_type_token (HTTP_CONTENT_APP_X_WWW_FORM_URLENCODED)); + } + hspm->headers_buf = http_serialize_headers (headers); + vec_free (headers); + + msg.type = HTTP_MSG_REQUEST; + msg.method_type = HTTP_REQ_POST; + /* request target */ + msg.data.target_form = HTTP_TARGET_ORIGIN_FORM; + msg.data.target_path_len = vec_len (hspm->target); + /* custom headers */ + msg.data.headers_len = vec_len (hspm->headers_buf); + /* request body */ + msg.data.body_len = vec_len (hspm->data); + /* total length */ + msg.data.len = + msg.data.target_path_len + msg.data.headers_len + msg.data.body_len; + + if (hspm->use_ptr) + { + uword target = pointer_to_uword (hspm->target); + uword headers = pointer_to_uword (hspm->headers_buf); + uword body = pointer_to_uword (hspm->data); + msg.data.type = HTTP_MSG_DATA_PTR; + svm_fifo_seg_t segs[4] = { + { (u8 *) &msg, sizeof (msg) }, + { (u8 *) &target, sizeof (target) }, + { (u8 *) &headers, sizeof (headers) }, + { (u8 *) &body, sizeof (body) }, + }; + + rv = + svm_fifo_enqueue_segments (s->tx_fifo, segs, 4, 0 /* allow partial */); + ASSERT (rv == (sizeof (msg) + sizeof (target) + sizeof (headers) + + sizeof (body))); + goto done; + } + + msg.data.type = HTTP_MSG_DATA_INLINE; + msg.data.target_path_offset = 0; + msg.data.headers_offset = msg.data.target_path_len; + msg.data.body_offset = msg.data.headers_offset + msg.data.headers_len; + + rv = svm_fifo_enqueue (s->tx_fifo, sizeof (msg), (u8 *) &msg); + ASSERT (rv == sizeof (msg)); + + rv = svm_fifo_enqueue (s->tx_fifo, vec_len (hspm->target), hspm->target); + ASSERT (rv == vec_len (hspm->target)); + + rv = svm_fifo_enqueue (s->tx_fifo, vec_len (hspm->headers_buf), + hspm->headers_buf); + ASSERT (rv == msg.data.headers_len); + + rv = svm_fifo_enqueue (s->tx_fifo, vec_len (hspm->data), hspm->data); + if (rv != vec_len (hspm->data)) + { + hspm->data_offset = (rv > 0) ? rv : 0; + svm_fifo_add_want_deq_ntf (s->tx_fifo, SVM_FIFO_WANT_DEQ_NOTIF); + } + +done: + if (svm_fifo_set_event (s->tx_fifo)) + session_program_tx_io_evt (s->handle, SESSION_IO_EVT_TX); + + return 0; +} + +static void +hsp_session_disconnect_callback (session_t *s) +{ + hsp_main_t *hspm = &hsp_main; + vnet_disconnect_args_t _a = { 0 }, *a = &_a; + int rv; + + a->handle = session_handle (s); + a->app_index = hspm->app_index; + if ((rv = vnet_disconnect_session (a))) + clib_warning ("warning: disconnect returned: %U", format_session_error, + rv); +} + +static void +hsp_session_transport_closed_callback (session_t *s) +{ + hsp_main_t *hspm = &hsp_main; + + vlib_process_signal_event_mt (hspm->vlib_main, hspm->cli_node_index, + HSP_TRANSPORT_CLOSED, 0); +} + +static void +hsp_session_reset_callback (session_t *s) +{ + hsp_main_t *hspm = &hsp_main; + hsp_session_t *hsp_session; + vnet_disconnect_args_t _a = { 0 }, *a = &_a; + int rv; + + hsp_session = hsp_session_get (s->opaque, s->thread_index); + hsp_session->is_closed = 1; + + a->handle = session_handle (s); + a->app_index = hspm->app_index; + if ((rv = vnet_disconnect_session (a))) + clib_warning ("warning: disconnect returned: %U", format_session_error, + rv); +} + +static int +hsp_rx_callback (session_t *s) +{ + hsp_main_t *hspm = &hsp_main; + hsp_session_t *hsp_session; + http_msg_t msg; + int rv; + + hsp_session = hsp_session_get (s->opaque, s->thread_index); + + if (hsp_session->is_closed) + { + clib_warning ("hsp_session_index[%d] is closed", s->opaque); + return -1; + } + + rv = svm_fifo_dequeue (s->rx_fifo, sizeof (msg), (u8 *) &msg); + ASSERT (rv == sizeof (msg)); + + if (msg.type != HTTP_MSG_REPLY) + { + clib_warning ("unexpected msg type %d", msg.type); + return -1; + } + + svm_fifo_dequeue_drop_all (s->rx_fifo); + + if (msg.code == HTTP_STATUS_OK) + hspm->http_response = format (0, "request success"); + else + hspm->http_response = format (0, "request failed"); + + hsp_session_disconnect_callback (s); + vlib_process_signal_event_mt (hspm->vlib_main, hspm->cli_node_index, + HSP_REPLY_RECEIVED, 0); + return 0; +} + +static int +hsp_tx_callback (session_t *s) +{ + hsp_main_t *hspm = &hsp_main; + u32 to_send; + int rv; + + to_send = vec_len (hspm->data) - hspm->data_offset; + rv = svm_fifo_enqueue (s->tx_fifo, to_send, hspm->data + hspm->data_offset); + + if (rv <= 0) + { + svm_fifo_add_want_deq_ntf (s->tx_fifo, SVM_FIFO_WANT_DEQ_NOTIF); + return 0; + } + + if (rv < to_send) + { + hspm->data_offset += rv; + svm_fifo_add_want_deq_ntf (s->tx_fifo, SVM_FIFO_WANT_DEQ_NOTIF); + } + + if (svm_fifo_set_event (s->tx_fifo)) + session_program_tx_io_evt (s->handle, SESSION_IO_EVT_TX); + + return 0; +} + +static session_cb_vft_t hsp_session_cb_vft = { + .session_connected_callback = hsp_session_connected_callback, + .session_disconnect_callback = hsp_session_disconnect_callback, + .session_transport_closed_callback = hsp_session_transport_closed_callback, + .session_reset_callback = hsp_session_reset_callback, + .builtin_app_rx_callback = hsp_rx_callback, + .builtin_app_tx_callback = hsp_tx_callback, +}; + +static clib_error_t * +hsp_attach () +{ + hsp_main_t *hspm = &hsp_main; + vnet_app_attach_args_t _a, *a = &_a; + u64 options[18]; + int rv; + + clib_memset (a, 0, sizeof (*a)); + clib_memset (options, 0, sizeof (options)); + + a->api_client_index = APP_INVALID_INDEX; + a->name = format (0, "http_simple_post"); + a->session_cb_vft = &hsp_session_cb_vft; + a->options = options; + a->options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN; + + if ((rv = vnet_application_attach (a))) + return clib_error_return (0, "attach returned: %U", format_session_error, + rv); + + hspm->app_index = a->app_index; + vec_free (a->name); + hspm->attached = 1; + + return 0; +} + +static int +hsp_connect_rpc (void *rpc_args) +{ + vnet_connect_args_t *a = rpc_args; + int rv; + + rv = vnet_connect (a); + if (rv) + clib_warning (0, "connect returned: %U", format_session_error, rv); + + vec_free (a); + return rv; +} + +static void +hsp_connect () +{ + hsp_main_t *hspm = &hsp_main; + vnet_connect_args_t *a = 0; + hsp_worker_t *wrk; + hsp_session_t *hsp_session; + + vec_validate (a, 0); + clib_memset (a, 0, sizeof (a[0])); + + clib_memcpy (&a->sep_ext, &hspm->connect_sep, sizeof (hspm->connect_sep)); + a->app_index = hspm->app_index; + + /* allocate http session on main thread */ + wrk = hsp_worker_get (0); + hsp_session = hsp_session_alloc (wrk); + a->api_context = hsp_session->session_index; + + session_send_rpc_evt_to_thread_force (transport_cl_thread (), + hsp_connect_rpc, a); +} + +static clib_error_t * +hsp_run (vlib_main_t *vm) +{ + hsp_main_t *hspm = &hsp_main; + vlib_thread_main_t *vtm = vlib_get_thread_main (); + u32 num_threads; + hsp_worker_t *wrk; + uword event_type, *event_data = 0; + clib_error_t *err; + + num_threads = 1 /* main thread */ + vtm->n_threads; + vec_validate (hspm->wrk, num_threads); + vec_foreach (wrk, hspm->wrk) + wrk->thread_index = wrk - hspm->wrk; + + if ((err = hsp_attach ())) + return clib_error_return (0, "http simple post attach: %U", + format_clib_error, err); + + hsp_connect (); + + vlib_process_wait_for_event_or_clock (vm, 10); + event_type = vlib_process_get_events (vm, &event_data); + switch (event_type) + { + case ~0: + err = clib_error_return (0, "error: timeout"); + break; + case HSP_CONNECT_FAILED: + err = clib_error_return (0, "error: failed to connect"); + break; + case HSP_TRANSPORT_CLOSED: + err = clib_error_return (0, "error: transport closed"); + break; + case HSP_REPLY_RECEIVED: + vlib_cli_output (vm, "%v", hspm->http_response); + break; + default: + err = clib_error_return (0, "error: unexpected event %d", event_type); + break; + } + + vec_free (event_data); + return err; +} + +static int +hsp_detach () +{ + hsp_main_t *hspm = &hsp_main; + vnet_app_detach_args_t _da, *da = &_da; + int rv; + + if (!hspm->attached) + return 0; + + da->app_index = hspm->app_index; + da->api_client_index = APP_INVALID_INDEX; + rv = vnet_application_detach (da); + hspm->attached = 0; + hspm->app_index = APP_INVALID_INDEX; + + return rv; +} + +static void +hcc_worker_cleanup (hsp_worker_t *wrk) +{ + pool_free (wrk->sessions); +} + +static void +hsp_cleanup () +{ + hsp_main_t *hspm = &hsp_main; + hsp_worker_t *wrk; + + vec_foreach (wrk, hspm->wrk) + hcc_worker_cleanup (wrk); + + vec_free (hspm->uri); + vec_free (hspm->target); + vec_free (hspm->headers_buf); + vec_free (hspm->data); + vec_free (hspm->http_response); + vec_free (hspm->wrk); +} + +static clib_error_t * +hsp_command_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + hsp_main_t *hspm = &hsp_main; + clib_error_t *err = 0; + unformat_input_t _line_input, *line_input = &_line_input; + u8 *path = 0; + u8 *file_data; + int rv; + + if (hspm->attached) + return clib_error_return (0, "failed: already running!"); + + hspm->use_ptr = 0; + + /* Get a line of input. */ + if (!unformat_user (input, unformat_line_input, line_input)) + return clib_error_return (0, "expected required arguments"); + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "uri %s", &hspm->uri)) + ; + else if (unformat (line_input, "data %v", &hspm->data)) + hspm->is_file = 0; + else if (unformat (line_input, "target %s", &hspm->target)) + ; + else if (unformat (line_input, "file %s", &path)) + hspm->is_file = 1; + else if (unformat (line_input, "use-ptr")) + hspm->use_ptr = 1; + else + { + err = clib_error_return (0, "unknown input `%U'", + format_unformat_error, line_input); + goto done; + } + } + + if (!hspm->uri) + { + err = clib_error_return (0, "URI not defined"); + goto done; + } + if (!hspm->target) + { + err = clib_error_return (0, "target not defined"); + goto done; + } + if (!hspm->data) + { + if (path) + { + err = clib_file_contents ((char *) path, &file_data); + if (err) + goto done; + hspm->data = file_data; + } + else + { + err = clib_error_return (0, "data not defined"); + goto done; + } + } + + if ((rv = parse_uri ((char *) hspm->uri, &hspm->connect_sep))) + { + err = + clib_error_return (0, "URI parse error: %U", format_session_error, rv); + goto done; + } + + vlib_worker_thread_barrier_sync (vm); + vnet_session_enable_disable (vm, 1 /* turn on TCP, etc. */); + vlib_worker_thread_barrier_release (vm); + + hspm->cli_node_index = + vlib_get_current_process (vm)->node_runtime.node_index; + + err = hsp_run (vm); + + if ((rv = hsp_detach ())) + { + /* don't override last error */ + if (!err) + err = clib_error_return (0, "detach returned: %U", + format_session_error, rv); + else + clib_warning ("warning: detach returned: %U", format_session_error, + rv); + } + +done: + hsp_cleanup (); + unformat_free (line_input); + return err; +} + +VLIB_CLI_COMMAND (hsp_command, static) = { + .path = "http post", + .short_help = "uri http://<ip-addr> target <origin-form> " + "[data <form-urlencoded> | file <file-path>] [use-ptr]", + .function = hsp_command_fn, + .is_mp_safe = 1, +}; + +static clib_error_t * +hsp_main_init (vlib_main_t *vm) +{ + hsp_main_t *hspm = &hsp_main; + + hspm->app_index = APP_INVALID_INDEX; + hspm->vlib_main = vm; + return 0; +} + +VLIB_INIT_FUNCTION (hsp_main_init);
\ No newline at end of file diff --git a/src/plugins/hs_apps/http_tps.c b/src/plugins/hs_apps/http_tps.c index 3a086501f86..b37c447295a 100644 --- a/src/plugins/hs_apps/http_tps.c +++ b/src/plugins/hs_apps/http_tps.c @@ -17,6 +17,8 @@ #include <vnet/session/application_interface.h> #include <vnet/session/session.h> #include <http/http.h> +#include <http/http_header_names.h> +#include <http/http_content_types.h> typedef struct { @@ -34,6 +36,7 @@ typedef struct u32 close_rate; }; u8 *uri; + http_header_t *resp_headers; } hts_session_t; typedef struct hts_listen_cfg_ @@ -151,7 +154,7 @@ hts_session_tx_zc (hts_session_t *hs, session_t *ts) svm_fifo_add_want_deq_ntf (ts->tx_fifo, SVM_FIFO_WANT_DEQ_NOTIF); if (svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); } static void @@ -198,7 +201,7 @@ hts_session_tx_no_zc (hts_session_t *hs, session_t *ts) svm_fifo_add_want_deq_ntf (ts->tx_fifo, SVM_FIFO_WANT_DEQ_NOTIF); if (svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); } static inline void @@ -223,22 +226,44 @@ hts_start_send_data (hts_session_t *hs, http_status_code_t status) { http_msg_t msg; session_t *ts; + u8 *headers_buf = 0; int rv; + if (vec_len (hs->resp_headers)) + { + headers_buf = http_serialize_headers (hs->resp_headers); + vec_free (hs->resp_headers); + msg.data.headers_offset = 0; + msg.data.headers_len = vec_len (headers_buf); + } + else + { + msg.data.headers_offset = 0; + msg.data.headers_len = 0; + } + msg.type = HTTP_MSG_REPLY; msg.code = status; - msg.content_type = HTTP_CONTENT_APP_OCTET_STREAM; msg.data.type = HTTP_MSG_DATA_INLINE; - msg.data.len = hs->data_len; + msg.data.body_len = hs->data_len; + msg.data.body_offset = msg.data.headers_len; + msg.data.len = msg.data.body_len + msg.data.headers_len; ts = session_get (hs->vpp_session_index, hs->thread_index); rv = svm_fifo_enqueue (ts->tx_fifo, sizeof (msg), (u8 *) &msg); ASSERT (rv == sizeof (msg)); - if (!msg.data.len) + if (msg.data.headers_len) + { + rv = svm_fifo_enqueue (ts->tx_fifo, vec_len (headers_buf), headers_buf); + ASSERT (rv == msg.data.headers_len); + vec_free (headers_buf); + } + + if (!msg.data.body_len) { if (svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); return; } @@ -286,6 +311,10 @@ try_test_file (hts_session_t *hs, u8 *target) } } + http_add_header (&hs->resp_headers, + http_header_name_token (HTTP_HEADER_CONTENT_TYPE), + http_content_type_token (HTTP_CONTENT_APP_OCTET_STREAM)); + hts_start_send_data (hs, HTTP_STATUS_OK); done: @@ -304,6 +333,8 @@ hts_ts_rx_callback (session_t *ts) int rv; hs = hts_session_get (ts->thread_index, ts->opaque); + hs->data_len = 0; + hs->resp_headers = 0; /* Read the http message header */ rv = svm_fifo_dequeue (ts->rx_fifo, sizeof (msg), (u8 *) &msg); @@ -311,6 +342,9 @@ hts_ts_rx_callback (session_t *ts) if (msg.type != HTTP_MSG_REQUEST || msg.method_type != HTTP_REQ_GET) { + http_add_header (&hs->resp_headers, + http_header_name_token (HTTP_HEADER_ALLOW), + http_token_lit ("GET")); hts_start_send_data (hs, HTTP_STATUS_METHOD_NOT_ALLOWED); goto done; } diff --git a/src/plugins/hs_apps/test_builtins.c b/src/plugins/hs_apps/test_builtins.c new file mode 100644 index 00000000000..cd6b00d0251 --- /dev/null +++ b/src/plugins/hs_apps/test_builtins.c @@ -0,0 +1,171 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#include <http_static/http_static.h> +#include <vppinfra/tw_timer_2t_1w_2048sl.h> + +typedef struct +{ + u32 stop_timer_handle; + hss_session_handle_t sh; +} tw_timer_elt_t; + +typedef struct tb_main_ +{ + tw_timer_elt_t *delayed_resps; + tw_timer_wheel_2t_1w_2048sl_t tw; + hss_session_send_fn send_data; +} tb_main_t; + +static tb_main_t tb_main; + +static uword +test_builtins_timer_process (vlib_main_t *vm, vlib_node_runtime_t *rt, + vlib_frame_t *f) +{ + tb_main_t *tbm = &tb_main; + f64 now, timeout = 1.0; + uword *event_data = 0; + uword __clib_unused event_type; + + while (1) + { + vlib_process_wait_for_event_or_clock (vm, timeout); + now = vlib_time_now (vm); + event_type = vlib_process_get_events (vm, (uword **) &event_data); + + /* expire timers */ + tw_timer_expire_timers_2t_1w_2048sl (&tbm->tw, now); + + vec_reset_length (event_data); + } + return 0; +} + +VLIB_REGISTER_NODE (test_builtins_timer_process_node) = { + .function = test_builtins_timer_process, + .type = VLIB_NODE_TYPE_PROCESS, + .name = "test-builtins-timer-process", + .state = VLIB_NODE_STATE_DISABLED, +}; + +static void +send_data_to_hss (hss_session_handle_t sh, u8 *data) +{ + tb_main_t *tbm = &tb_main; + hss_url_handler_args_t args = {}; + + args.sh = sh; + args.data = data; + args.data_len = vec_len (data); + args.ct = HTTP_CONTENT_TEXT_PLAIN; + args.sc = HTTP_STATUS_OK; + args.free_vec_data = 1; + + tbm->send_data (&args); +} + +static hss_url_handler_rc_t +handle_get_test1 (hss_url_handler_args_t *args) +{ + u8 *data; + + clib_warning ("get request on test1"); + data = format (0, "hello"); + send_data_to_hss (args->sh, data); + + return HSS_URL_HANDLER_ASYNC; +} + +static hss_url_handler_rc_t +handle_get_test2 (hss_url_handler_args_t *args) +{ + u8 *data; + + clib_warning ("get request on test2"); + data = format (0, "some data"); + send_data_to_hss (args->sh, data); + + return HSS_URL_HANDLER_ASYNC; +} + +static void +delayed_resp_cb (u32 *expired_timers) +{ + tb_main_t *tbm = &tb_main; + int i; + u32 pool_index; + tw_timer_elt_t *e; + u8 *data; + + for (i = 0; i < vec_len (expired_timers); i++) + { + pool_index = expired_timers[i] & 0x7FFFFFFF; + e = pool_elt_at_index (tbm->delayed_resps, pool_index); + clib_warning ("sending delayed data"); + data = format (0, "delayed data"); + send_data_to_hss (e->sh, data); + pool_put (tbm->delayed_resps, e); + } +} + +static hss_url_handler_rc_t +handle_get_test_delayed (hss_url_handler_args_t *args) +{ + tb_main_t *tbm = &tb_main; + tw_timer_elt_t *e; + + clib_warning ("get request on test_delayed"); + pool_get (tbm->delayed_resps, e); + e->sh = args->sh; + e->stop_timer_handle = + tw_timer_start_2t_1w_2048sl (&tbm->tw, e - tbm->delayed_resps, 0, 5); + + return HSS_URL_HANDLER_ASYNC; +} + +static void +test_builtins_init (vlib_main_t *vm) +{ + tb_main_t *tbm = &tb_main; + hss_register_url_fn fp; + vlib_node_t *n; + + fp = vlib_get_plugin_symbol ("http_static_plugin.so", + "hss_register_url_handler"); + + if (fp == 0) + { + clib_warning ("http_static_plugin.so not loaded..."); + return; + } + + (*fp) (handle_get_test1, "test1", HTTP_REQ_GET); + (*fp) (handle_get_test2, "test2", HTTP_REQ_GET); + (*fp) (handle_get_test_delayed, "test_delayed", HTTP_REQ_GET); + + tbm->send_data = + vlib_get_plugin_symbol ("http_static_plugin.so", "hss_session_send_data"); + + tw_timer_wheel_init_2t_1w_2048sl (&tbm->tw, delayed_resp_cb, 1.0, ~0); + + vlib_node_set_state (vm, test_builtins_timer_process_node.index, + VLIB_NODE_STATE_POLLING); + n = vlib_get_node (vm, test_builtins_timer_process_node.index); + vlib_start_process (vm, n->runtime_index); +} + +static clib_error_t * +test_builtins_enable_command_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + test_builtins_init (vm); + return 0; +} + +VLIB_CLI_COMMAND (test_builtins_enable_command, static) = { + .path = "test-url-handler enable", + .short_help = "test-url-handler enable", + .function = test_builtins_enable_command_fn, +}; diff --git a/src/plugins/http/CMakeLists.txt b/src/plugins/http/CMakeLists.txt index d9cd84a3955..c51a7dce36d 100644 --- a/src/plugins/http/CMakeLists.txt +++ b/src/plugins/http/CMakeLists.txt @@ -16,4 +16,5 @@ add_vpp_plugin(http http.c http_buffer.c http_timer.c + http_test.c ) diff --git a/src/plugins/http/http.c b/src/plugins/http/http.c index 22aaaeb59b5..f4b330a19fc 100644 --- a/src/plugins/http/http.c +++ b/src/plugins/http/http.c @@ -16,11 +16,11 @@ #include <http/http.h> #include <vnet/session/session.h> #include <http/http_timer.h> +#include <http/http_status_codes.h> static http_main_t http_main; #define HTTP_FIFO_THRESH (16 << 10) -#define CONTENT_LEN_STR "Content-Length: " /* HTTP state machine result */ typedef enum http_sm_result_t_ @@ -30,24 +30,12 @@ typedef enum http_sm_result_t_ HTTP_SM_ERROR = -1, } http_sm_result_t; -const char *http_status_code_str[] = { -#define _(c, s, str) str, - foreach_http_status_code -#undef _ -}; - -const char *http_content_type_str[] = { -#define _(s, ext, str) str, - foreach_http_content_type -#undef _ -}; - const http_buffer_type_t msg_to_buf_type[] = { [HTTP_MSG_DATA_INLINE] = HTTP_BUFFER_FIFO, [HTTP_MSG_DATA_PTR] = HTTP_BUFFER_PTR, }; -u8 * +static u8 * format_http_state (u8 *s, va_list *va) { http_state_t state = va_arg (*va, http_state_t); @@ -88,11 +76,19 @@ http_state_is_tx_valid (http_conn_t *hc) { http_state_t state = hc->http_state; return (state == HTTP_STATE_APP_IO_MORE_DATA || - state == HTTP_STATE_CLIENT_IO_MORE_DATA || state == HTTP_STATE_WAIT_APP_REPLY || state == HTTP_STATE_WAIT_APP_METHOD); } +static inline int +http_state_is_rx_valid (http_conn_t *hc) +{ + http_state_t state = hc->http_state; + return (state == HTTP_STATE_WAIT_SERVER_REPLY || + state == HTTP_STATE_CLIENT_IO_MORE_DATA || + state == HTTP_STATE_WAIT_CLIENT_METHOD); +} + static inline http_worker_t * http_worker_get (u32 thread_index) { @@ -374,26 +370,31 @@ http_ts_reset_callback (session_t *ts) */ static const char *http_error_template = "HTTP/1.1 %s\r\n" "Date: %U GMT\r\n" - "Content-Type: text/html\r\n" "Connection: close\r\n" - "Pragma: no-cache\r\n" "Content-Length: 0\r\n\r\n"; -static const char *http_redirect_template = "HTTP/1.1 %s\r\n"; - /** * http response boilerplate */ static const char *http_response_template = "HTTP/1.1 %s\r\n" "Date: %U GMT\r\n" - "Expires: %U GMT\r\n" "Server: %v\r\n" - "Content-Type: %s\r\n" - "Content-Length: %lu\r\n\r\n"; + "Content-Length: %u\r\n" + "%s"; -static const char *http_request_template = "GET %s HTTP/1.1\r\n" - "User-Agent: %v\r\n" - "Accept: */*\r\n\r\n"; +/** + * http request boilerplate + */ +static const char *http_get_request_template = "GET %s HTTP/1.1\r\n" + "Host: %v\r\n" + "User-Agent: %v\r\n" + "%s"; + +static const char *http_post_request_template = "POST %s HTTP/1.1\r\n" + "Host: %v\r\n" + "User-Agent: %v\r\n" + "Content-Length: %u\r\n" + "%s"; static u32 http_send_data (http_conn_t *hc, u8 *data, u32 length, u32 offset) @@ -412,7 +413,7 @@ http_send_data (http_conn_t *hc, u8 *data, u32 length, u32 offset) return offset; if (svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); return (offset + sent); } @@ -430,6 +431,7 @@ http_send_error (http_conn_t *hc, http_status_code_t ec) now = clib_timebase_now (&hm->timebase); data = format (0, http_error_template, http_status_code_str[ec], format_clib_timebase_time, now); + HTTP_DBG (1, "%v", data); http_send_data (hc, data, vec_len (data), 0); vec_free (data); } @@ -437,26 +439,48 @@ http_send_error (http_conn_t *hc, http_status_code_t ec) static int http_read_message (http_conn_t *hc) { - u32 max_deq, cursize; + u32 max_deq; session_t *ts; int n_read; ts = session_get_from_handle (hc->h_tc_session_handle); - cursize = vec_len (hc->rx_buf); max_deq = svm_fifo_max_dequeue (ts->rx_fifo); if (PREDICT_FALSE (max_deq == 0)) return -1; - vec_validate (hc->rx_buf, cursize + max_deq - 1); - n_read = svm_fifo_dequeue (ts->rx_fifo, max_deq, hc->rx_buf + cursize); + vec_validate (hc->rx_buf, max_deq - 1); + n_read = svm_fifo_peek (ts->rx_fifo, 0, max_deq, hc->rx_buf); ASSERT (n_read == max_deq); + HTTP_DBG (1, "read %u bytes from rx_fifo", n_read); + + return 0; +} + +static void +http_read_message_drop (http_conn_t *hc, u32 len) +{ + session_t *ts; + + ts = session_get_from_handle (hc->h_tc_session_handle); + svm_fifo_dequeue_drop (ts->rx_fifo, len); + vec_reset_length (hc->rx_buf); if (svm_fifo_is_empty (ts->rx_fifo)) svm_fifo_unset_event (ts->rx_fifo); +} - vec_set_len (hc->rx_buf, cursize + n_read); - return 0; +static void +http_read_message_drop_all (http_conn_t *hc) +{ + session_t *ts; + + ts = session_get_from_handle (hc->h_tc_session_handle); + svm_fifo_dequeue_drop_all (ts->rx_fifo); + vec_reset_length (hc->rx_buf); + + if (svm_fifo_is_empty (ts->rx_fifo)) + svm_fifo_unset_event (ts->rx_fifo); } /** @@ -574,7 +598,8 @@ http_parse_request_line (http_conn_t *hc, http_status_code_t *ec) return -1; } HTTP_DBG (0, "request line length: %d", i); - next_line_offset = i + 2; + hc->control_data_len = i + 2; + next_line_offset = hc->control_data_len; /* there should be at least one more CRLF */ if (vec_len (hc->rx_buf) < (next_line_offset + 2)) @@ -658,6 +683,112 @@ http_parse_request_line (http_conn_t *hc, http_status_code_t *ec) return 0; } +#define expect_char(c) \ + if (*p++ != c) \ + { \ + clib_warning ("unexpected character"); \ + return -1; \ + } + +#define parse_int(val, mul) \ + do \ + { \ + if (!isdigit (*p)) \ + { \ + clib_warning ("expected digit"); \ + return -1; \ + } \ + val += mul * (*p++ - '0'); \ + } \ + while (0) + +static int +http_parse_status_line (http_conn_t *hc) +{ + int i; + u32 next_line_offset; + u8 *p, *end; + u16 status_code = 0; + + i = v_find_index (hc->rx_buf, 0, 0, "\r\n"); + /* status-line = HTTP-version SP status-code SP [ reason-phrase ] CRLF */ + if (i < 0) + { + clib_warning ("status line incomplete"); + return -1; + } + HTTP_DBG (0, "status line length: %d", i); + if (i < 12) + { + clib_warning ("status line too short (%d)", i); + return -1; + } + hc->control_data_len = i + 2; + next_line_offset = hc->control_data_len; + p = hc->rx_buf; + end = hc->rx_buf + i; + + /* there should be at least one more CRLF */ + if (vec_len (hc->rx_buf) < (next_line_offset + 2)) + { + clib_warning ("malformed message, too short"); + return -1; + } + + /* parse version */ + expect_char ('H'); + expect_char ('T'); + expect_char ('T'); + expect_char ('P'); + expect_char ('/'); + expect_char ('1'); + expect_char ('.'); + if (!isdigit (*p++)) + { + clib_warning ("invalid HTTP minor version"); + return -1; + } + + /* skip space(s) */ + if (*p != ' ') + { + clib_warning ("no space after HTTP version"); + return -1; + } + do + { + p++; + if (p == end) + { + clib_warning ("no status code"); + return -1; + } + } + while (*p == ' '); + + /* parse status code */ + if ((end - p) < 3) + { + clib_warning ("not enough characters for status code"); + return -1; + } + parse_int (status_code, 100); + parse_int (status_code, 10); + parse_int (status_code, 1); + if (status_code < 100 || status_code > 599) + { + clib_warning ("invalid status code %d", status_code); + return -1; + } + hc->status_code = status_code; + HTTP_DBG (0, "status code: %d", hc->status_code); + + /* set buffer offset to nex line start */ + hc->rx_buf_offset = next_line_offset; + + return 0; +} + static int http_identify_headers (http_conn_t *hc, http_status_code_t *ec) { @@ -670,6 +801,7 @@ http_identify_headers (http_conn_t *hc, http_status_code_t *ec) /* just another CRLF -> no headers */ HTTP_DBG (0, "no headers"); hc->headers_len = 0; + hc->control_data_len += 2; return 0; } @@ -683,6 +815,7 @@ http_identify_headers (http_conn_t *hc, http_status_code_t *ec) } hc->headers_offset = hc->rx_buf_offset; hc->headers_len = i - hc->rx_buf_offset + 2; + hc->control_data_len += (hc->headers_len + 2); HTTP_DBG (0, "headers length: %u", hc->headers_len); HTTP_DBG (0, "headers offset: %u", hc->headers_offset); @@ -695,6 +828,7 @@ http_identify_message_body (http_conn_t *hc, http_status_code_t *ec) unformat_input_t input; int i, len; u8 *line; + u32 body_len; hc->body_len = 0; @@ -736,13 +870,14 @@ http_identify_message_body (http_conn_t *hc, http_status_code_t *ec) HTTP_DBG (0, "%v", line); unformat_init_vector (&input, line); - if (!unformat (&input, "%lu", &hc->body_len)) + if (!unformat (&input, "%u", &body_len)) { clib_warning ("failed to unformat content length value"); *ec = HTTP_STATUS_BAD_REQUEST; return -1; } unformat_free (&input); + hc->body_len = body_len; hc->body_offset = hc->headers_offset + hc->headers_len + 2; HTTP_DBG (0, "body length: %u", hc->body_len); @@ -751,61 +886,16 @@ http_identify_message_body (http_conn_t *hc, http_status_code_t *ec) return 0; } -static int -http_parse_header (http_conn_t *hc, int *content_length) -{ - unformat_input_t input; - int i, len; - u8 *line; - - i = v_find_index (hc->rx_buf, hc->rx_buf_offset, 0, CONTENT_LEN_STR); - if (i < 0) - { - clib_warning ("cannot find '%s' in the header!", CONTENT_LEN_STR); - return -1; - } - - hc->rx_buf_offset = i; - - i = v_find_index (hc->rx_buf, hc->rx_buf_offset, 0, "\n"); - if (i < 0) - { - clib_warning ("end of line missing; incomplete data"); - return -1; - } - - len = i - hc->rx_buf_offset; - line = vec_new (u8, len); - clib_memcpy (line, hc->rx_buf + hc->rx_buf_offset, len); - - unformat_init_vector (&input, line); - if (!unformat (&input, CONTENT_LEN_STR "%d", content_length)) - { - clib_warning ("failed to unformat content length!"); - return -1; - } - unformat_free (&input); - - /* skip rest of the header */ - hc->rx_buf_offset += len; - i = v_find_index (hc->rx_buf, hc->rx_buf_offset, 0, "<html>"); - if (i < 0) - { - clib_warning ("<html> tag not found"); - return -1; - } - hc->rx_buf_offset = i; - - return 0; -} - static http_sm_result_t http_state_wait_server_reply (http_conn_t *hc, transport_send_params_t *sp) { - int i, rv, content_length; + int rv; http_msg_t msg = {}; app_worker_t *app_wrk; session_t *as; + u32 len, max_enq; + http_status_code_t ec; + http_main_t *hm = &http_main; rv = http_read_message (hc); @@ -816,72 +906,74 @@ http_state_wait_server_reply (http_conn_t *hc, transport_send_params_t *sp) return HTTP_SM_STOP; } + HTTP_DBG (0, "%v", hc->rx_buf); + if (vec_len (hc->rx_buf) < 8) { clib_warning ("response buffer too short"); goto error; } - if ((i = v_find_index (hc->rx_buf, 0, 0, "200 OK")) >= 0) + rv = http_parse_status_line (hc); + if (rv) + goto error; + + rv = http_identify_headers (hc, &ec); + if (rv) + goto error; + + rv = http_identify_message_body (hc, &ec); + if (rv) + goto error; + + /* send at least "control data" which is necessary minimum, + * if there is some space send also portion of body */ + as = session_get_from_handle (hc->h_pa_session_handle); + max_enq = svm_fifo_max_enqueue (as->rx_fifo); + if (max_enq < hc->control_data_len) { - msg.type = HTTP_MSG_REPLY; - msg.content_type = HTTP_CONTENT_TEXT_HTML; - msg.code = HTTP_STATUS_OK; - msg.data.type = HTTP_MSG_DATA_INLINE; - msg.data.len = 0; + clib_warning ("not enough room for control data in app's rx fifo"); + goto error; + } + len = clib_min (max_enq, vec_len (hc->rx_buf)); - rv = http_parse_header (hc, &content_length); - if (rv) - { - clib_warning ("failed to parse http reply"); - goto error; - } - msg.data.len = content_length; - u32 dlen = vec_len (hc->rx_buf) - hc->rx_buf_offset; - as = session_get_from_handle (hc->h_pa_session_handle); - svm_fifo_seg_t segs[2] = { { (u8 *) &msg, sizeof (msg) }, - { &hc->rx_buf[hc->rx_buf_offset], dlen } }; - - rv = svm_fifo_enqueue_segments (as->rx_fifo, segs, 2, - 0 /* allow partial */); - if (rv < 0) - { - clib_warning ("error enqueue"); - return HTTP_SM_ERROR; - } + msg.type = HTTP_MSG_REPLY; + msg.code = hm->sc_by_u16[hc->status_code]; + msg.data.headers_offset = hc->headers_offset; + msg.data.headers_len = hc->headers_len; + msg.data.body_offset = hc->body_offset; + msg.data.body_len = hc->body_len; + msg.data.type = HTTP_MSG_DATA_INLINE; + msg.data.len = len; - hc->rx_buf_offset += dlen; - hc->to_recv = content_length - dlen; + svm_fifo_seg_t segs[2] = { { (u8 *) &msg, sizeof (msg) }, + { hc->rx_buf, len } }; - if (hc->rx_buf_offset == vec_len (hc->rx_buf)) - { - vec_reset_length (hc->rx_buf); - hc->rx_buf_offset = 0; - } + rv = svm_fifo_enqueue_segments (as->rx_fifo, segs, 2, 0 /* allow partial */); + ASSERT (rv == (sizeof (msg) + len)); - if (hc->to_recv == 0) - { - hc->rx_buf_offset = 0; - vec_reset_length (hc->rx_buf); - http_state_change (hc, HTTP_STATE_WAIT_APP_METHOD); - } - else - { - http_state_change (hc, HTTP_STATE_CLIENT_IO_MORE_DATA); - } + http_read_message_drop (hc, len); - app_wrk = app_worker_get_if_valid (as->app_wrk_index); - if (app_wrk) - app_worker_rx_notify (app_wrk, as); - return HTTP_SM_STOP; + if (hc->body_len == 0) + { + /* no response body, we are done */ + hc->to_recv = 0; + http_state_change (hc, HTTP_STATE_WAIT_APP_METHOD); } else { - clib_warning ("Unknown http method %v", hc->rx_buf); - goto error; + /* stream response body */ + hc->to_recv = hc->body_len; + http_state_change (hc, HTTP_STATE_CLIENT_IO_MORE_DATA); } + app_wrk = app_worker_get_if_valid (as->app_wrk_index); + if (app_wrk) + app_worker_rx_notify (app_wrk, as); + return HTTP_SM_STOP; + error: + http_read_message_drop_all (hc); session_transport_closing_notify (&hc->connection); session_transport_closed_notify (&hc->connection); http_disconnect_transport (hc); @@ -896,7 +988,7 @@ http_state_wait_client_method (http_conn_t *hc, transport_send_params_t *sp) http_msg_t msg; session_t *as; int rv; - u32 len; + u32 len, max_enq; rv = http_read_message (hc); @@ -924,11 +1016,19 @@ http_state_wait_client_method (http_conn_t *hc, transport_send_params_t *sp) if (rv) goto error; - len = vec_len (hc->rx_buf); + /* send "control data" and request body */ + as = session_get_from_handle (hc->h_pa_session_handle); + len = hc->control_data_len + hc->body_len; + max_enq = svm_fifo_max_enqueue (as->rx_fifo); + if (max_enq < len) + { + /* TODO stream body of large POST */ + clib_warning ("not enough room for data in app's rx fifo"); + goto error; + } msg.type = HTTP_MSG_REQUEST; msg.method_type = hc->method; - msg.content_type = HTTP_CONTENT_TEXT_HTML; msg.data.type = HTTP_MSG_DATA_INLINE; msg.data.len = len; msg.data.target_form = hc->target_form; @@ -944,18 +1044,11 @@ http_state_wait_client_method (http_conn_t *hc, transport_send_params_t *sp) svm_fifo_seg_t segs[2] = { { (u8 *) &msg, sizeof (msg) }, { hc->rx_buf, len } }; - as = session_get_from_handle (hc->h_pa_session_handle); rv = svm_fifo_enqueue_segments (as->rx_fifo, segs, 2, 0 /* allow partial */); - if (rv < 0 || rv != sizeof (msg) + len) - { - clib_warning ("failed app enqueue"); - /* This should not happen as we only handle 1 request per session, - * and fifo is allocated, but going forward we should consider - * rescheduling */ - return HTTP_SM_ERROR; - } + ASSERT (rv == (sizeof (msg) + len)); - vec_free (hc->rx_buf); + /* drop everything, we do not support pipelining */ + http_read_message_drop_all (hc); http_state_change (hc, HTTP_STATE_WAIT_APP_REPLY); app_wrk = app_worker_get_if_valid (as->app_wrk_index); @@ -965,7 +1058,7 @@ http_state_wait_client_method (http_conn_t *hc, transport_send_params_t *sp) return HTTP_SM_STOP; error: - + http_read_message_drop_all (hc); http_send_error (hc, ec); session_transport_closing_notify (&hc->connection); http_disconnect_transport (hc); @@ -1004,49 +1097,54 @@ http_state_wait_app_reply (http_conn_t *hc, transport_send_params_t *sp) goto error; } - http_buffer_init (&hc->tx_buf, msg_to_buf_type[msg.data.type], as->tx_fifo, - msg.data.len); + if (msg.code >= HTTP_N_STATUS) + { + clib_warning ("unsupported status code: %d", msg.code); + return HTTP_SM_ERROR; + } /* - * Add headers. For now: + * Add "protocol layer" headers: * - current time - * - expiration time * - server name - * - content type * - data length */ now = clib_timebase_now (&hm->timebase); - - switch (msg.code) - { - case HTTP_STATUS_NOT_FOUND: - case HTTP_STATUS_METHOD_NOT_ALLOWED: - case HTTP_STATUS_BAD_REQUEST: - case HTTP_STATUS_INTERNAL_ERROR: - case HTTP_STATUS_FORBIDDEN: - case HTTP_STATUS_OK: - header = - format (0, http_response_template, http_status_code_str[msg.code], - /* Date */ - format_clib_timebase_time, now, - /* Expires */ - format_clib_timebase_time, now + 600.0, - /* Server */ - hc->app_name, - /* Content type */ - http_content_type_str[msg.content_type], - /* Length */ - msg.data.len); - break; - case HTTP_STATUS_MOVED: - header = - format (0, http_redirect_template, http_status_code_str[msg.code]); - /* Location: http(s)://new-place already queued up as data */ - break; - default: - clib_warning ("unsupported status code: %d", msg.code); - return HTTP_SM_ERROR; + header = format (0, http_response_template, http_status_code_str[msg.code], + /* Date */ + format_clib_timebase_time, now, + /* Server */ + hc->app_name, + /* Length */ + msg.data.body_len, + /* Any headers from app? */ + msg.data.headers_len ? "" : "\r\n"); + + /* Add headers from app (if any) */ + if (msg.data.headers_len) + { + HTTP_DBG (0, "got headers from app, len %d", msg.data.headers_len); + if (msg.data.type == HTTP_MSG_DATA_PTR) + { + uword app_headers_ptr; + rv = svm_fifo_dequeue (as->tx_fifo, sizeof (app_headers_ptr), + (u8 *) &app_headers_ptr); + ASSERT (rv == sizeof (app_headers_ptr)); + vec_append (header, uword_to_pointer (app_headers_ptr, u8 *)); + } + else + { + u32 orig_len = vec_len (header); + vec_resize (header, msg.data.headers_len); + u8 *p = header + orig_len; + rv = svm_fifo_dequeue (as->tx_fifo, msg.data.headers_len, p); + ASSERT (rv == msg.data.headers_len); + } } + HTTP_DBG (0, "%v", header); + + http_buffer_init (&hc->tx_buf, msg_to_buf_type[msg.data.type], as->tx_fifo, + msg.data.body_len); offset = http_send_data (hc, header, vec_len (header), 0); if (offset != vec_len (header)) @@ -1066,7 +1164,6 @@ http_state_wait_app_reply (http_conn_t *hc, transport_send_params_t *sp) return HTTP_SM_CONTINUE; error: - clib_warning ("unexpected msg type from app %u", msg.type); http_send_error (hc, sc); http_state_change (hc, HTTP_STATE_WAIT_CLIENT_METHOD); session_transport_closing_notify (&hc->connection); @@ -1079,9 +1176,11 @@ http_state_wait_app_method (http_conn_t *hc, transport_send_params_t *sp) { http_msg_t msg; session_t *as; - u8 *buf = 0, *request; + u8 *target_buff = 0, *request = 0, *target; u32 offset; int rv; + http_sm_result_t sm_result = HTTP_SM_ERROR; + http_state_t next_state; as = session_get_from_handle (hc->h_pa_session_handle); @@ -1100,38 +1199,131 @@ http_state_wait_app_method (http_conn_t *hc, transport_send_params_t *sp) goto error; } - /* currently we support only GET method */ - if (msg.method_type != HTTP_REQ_GET) + /* read request target */ + if (msg.data.type == HTTP_MSG_DATA_PTR) + { + uword target_ptr; + rv = svm_fifo_dequeue (as->tx_fifo, sizeof (target_ptr), + (u8 *) &target_ptr); + ASSERT (rv == sizeof (target_ptr)); + target = uword_to_pointer (target_ptr, u8 *); + } + else + { + vec_validate (target_buff, msg.data.target_path_len - 1); + rv = + svm_fifo_dequeue (as->tx_fifo, msg.data.target_path_len, target_buff); + ASSERT (rv == msg.data.target_path_len); + target = target_buff; + } + + /* currently we support only GET and POST method */ + if (msg.method_type == HTTP_REQ_GET) + { + if (msg.data.body_len) + { + clib_warning ("GET request shouldn't include data"); + goto error; + } + /* + * Add "protocol layer" headers: + * - host + * - user agent + */ + request = format (0, http_get_request_template, + /* target */ + target, + /* Host */ + hc->host, + /* User-Agent */ + hc->app_name, + /* Any headers from app? */ + msg.data.headers_len ? "" : "\r\n"); + + next_state = HTTP_STATE_WAIT_SERVER_REPLY; + sm_result = HTTP_SM_STOP; + } + else if (msg.method_type == HTTP_REQ_POST) + { + if (!msg.data.body_len) + { + clib_warning ("POST request should include data"); + goto error; + } + /* + * Add "protocol layer" headers: + * - host + * - user agent + * - content length + */ + request = format (0, http_post_request_template, + /* target */ + target, + /* Host */ + hc->host, + /* User-Agent */ + hc->app_name, + /* Content-Length */ + msg.data.body_len, + /* Any headers from app? */ + msg.data.headers_len ? "" : "\r\n"); + + http_buffer_init (&hc->tx_buf, msg_to_buf_type[msg.data.type], + as->tx_fifo, msg.data.body_len); + + next_state = HTTP_STATE_APP_IO_MORE_DATA; + sm_result = HTTP_SM_CONTINUE; + } + else { clib_warning ("unsupported method %d", msg.method_type); goto error; } - vec_validate (buf, msg.data.len - 1); - rv = svm_fifo_dequeue (as->tx_fifo, msg.data.len, buf); - ASSERT (rv == msg.data.len); + /* Add headers from app (if any) */ + if (msg.data.headers_len) + { + HTTP_DBG (0, "got headers from app, len %d", msg.data.headers_len); + if (msg.data.type == HTTP_MSG_DATA_PTR) + { + uword app_headers_ptr; + rv = svm_fifo_dequeue (as->tx_fifo, sizeof (app_headers_ptr), + (u8 *) &app_headers_ptr); + ASSERT (rv == sizeof (app_headers_ptr)); + vec_append (request, uword_to_pointer (app_headers_ptr, u8 *)); + } + else + { + u32 orig_len = vec_len (request); + vec_resize (request, msg.data.headers_len); + u8 *p = request + orig_len; + rv = svm_fifo_dequeue (as->tx_fifo, msg.data.headers_len, p); + ASSERT (rv == msg.data.headers_len); + } + } + HTTP_DBG (0, "%v", request); - request = format (0, http_request_template, buf, hc->app_name); offset = http_send_data (hc, request, vec_len (request), 0); if (offset != vec_len (request)) { clib_warning ("sending request failed!"); + sm_result = HTTP_SM_ERROR; goto error; } - http_state_change (hc, HTTP_STATE_WAIT_SERVER_REPLY); - - vec_free (buf); - vec_free (request); - - return HTTP_SM_STOP; + http_state_change (hc, next_state); + goto done; error: svm_fifo_dequeue_drop_all (as->tx_fifo); session_transport_closing_notify (&hc->connection); session_transport_closed_notify (&hc->connection); http_disconnect_transport (hc); - return HTTP_SM_ERROR; + +done: + vec_free (target_buff); + vec_free (request); + return sm_result; } static http_sm_result_t @@ -1189,11 +1381,7 @@ http_state_client_io_more_data (http_conn_t *hc, transport_send_params_t *sp) HTTP_DBG (1, "drained %d from ts; remains %d", rv, hc->to_recv); if (hc->to_recv == 0) - { - hc->rx_buf_offset = 0; - vec_reset_length (hc->rx_buf); - http_state_change (hc, HTTP_STATE_WAIT_APP_METHOD); - } + http_state_change (hc, HTTP_STATE_WAIT_APP_METHOD); app_wrk = app_worker_get_if_valid (as->app_wrk_index); if (app_wrk) @@ -1231,7 +1419,7 @@ http_state_app_io_more_data (http_conn_t *hc, transport_send_params_t *sp) if (!http_buffer_is_drained (hb)) { if (sent && svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); if (svm_fifo_max_enqueue (ts->tx_fifo) < HTTP_FIFO_THRESH) { @@ -1245,10 +1433,13 @@ http_state_app_io_more_data (http_conn_t *hc, transport_send_params_t *sp) else { if (sent && svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX_FLUSH); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX_FLUSH); - /* Finished transaction, back to HTTP_STATE_WAIT_METHOD */ - http_state_change (hc, HTTP_STATE_WAIT_CLIENT_METHOD); + /* Finished transaction: + * server back to HTTP_STATE_WAIT_METHOD + * client to HTTP_STATE_WAIT_SERVER_REPLY */ + http_state_change (hc, hc->is_server ? HTTP_STATE_WAIT_CLIENT_METHOD : + HTTP_STATE_WAIT_SERVER_REPLY); http_buffer_free (&hc->tx_buf); } @@ -1300,12 +1491,16 @@ http_ts_rx_callback (session_t *ts) return -1; } - if (hc->state == HTTP_CONN_STATE_CLOSED) + if (!http_state_is_rx_valid (hc)) { + if (hc->state != HTTP_CONN_STATE_CLOSED) + clib_warning ("app data req state '%U' session state %u", + format_http_state, hc->http_state, hc->state); svm_fifo_dequeue_drop_all (ts->tx_fifo); return 0; } + HTTP_DBG (1, "run state machine"); http_req_run_state_machine (hc, 0); if (hc->state == HTTP_CONN_STATE_TRANSPORT_CLOSED) @@ -1341,6 +1536,7 @@ http_ts_cleanup_callback (session_t *ts, session_cleanup_ntf_t ntf) clib_warning ("no http connection for %u", ts->session_index); return; } + HTTP_DBG (1, "going to free session %x", ts->opaque); vec_free (hc->rx_buf); @@ -1348,6 +1544,12 @@ http_ts_cleanup_callback (session_t *ts, session_cleanup_ntf_t ntf) http_conn_timer_stop (hc); session_transport_delete_notify (&hc->connection); + + if (!hc->is_server) + { + vec_free (hc->app_name); + vec_free (hc->host); + } http_conn_free (hc); } @@ -1392,8 +1594,6 @@ http_transport_enable (vlib_main_t *vm, u8 is_en) return 0; } - vec_validate (hm->wrk, vlib_num_workers ()); - clib_memset (a, 0, sizeof (*a)); clib_memset (options, 0, sizeof (options)); @@ -1415,10 +1615,16 @@ http_transport_enable (vlib_main_t *vm, u8 is_en) hm->app_index = a->app_index; vec_free (a->name); + if (hm->is_init) + return 0; + + vec_validate (hm->wrk, vlib_num_workers ()); + clib_timebase_init (&hm->timebase, 0 /* GMT */, CLIB_TIMEBASE_DAYLIGHT_NONE, &vm->clib_time /* share the system clock */); http_timers_init (vm, http_conn_timeout_cb); + hm->is_init = 1; return 0; } @@ -1449,11 +1655,20 @@ http_transport_connect (transport_endpoint_cfg_t *tep) hc->state = HTTP_CONN_STATE_CONNECTING; cargs->api_context = hc_index; + hc->is_server = 0; + if (vec_len (app->name)) hc->app_name = vec_dup (app->name); else hc->app_name = format (0, "VPP HTTP client"); + if (sep->is_ip4) + hc->host = format (0, "%U:%d", format_ip4_address, &sep->ip.ip4, + clib_net_to_host_u16 (sep->port)); + else + hc->host = format (0, "%U:%d", format_ip6_address, &sep->ip.ip6, + clib_net_to_host_u16 (sep->port)); + HTTP_DBG (1, "hc ho_index %x", hc_index); if ((error = vnet_connect (cargs))) @@ -1506,6 +1721,8 @@ http_start_listen (u32 app_listener_index, transport_endpoint_cfg_t *tep) lhc->c_s_index = app_listener_index; lhc->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP; + lhc->is_server = 1; + if (vec_len (app->name)) lhc->app_name = vec_dup (app->name); else @@ -1607,6 +1824,7 @@ http_app_tx_callback (void *session, transport_send_params_t *sp) max_burst_sz = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS; sp->max_burst_size = max_burst_sz; + HTTP_DBG (1, "run state machine"); http_req_run_state_machine (hc, sp); if (hc->state == HTTP_CONN_STATE_APP_CLOSED) @@ -1752,6 +1970,7 @@ static clib_error_t * http_transport_init (vlib_main_t *vm) { http_main_t *hm = &http_main; + int i; transport_register_protocol (TRANSPORT_PROTO_HTTP, &http_proto, FIB_PROTOCOL_IP4, ~0); @@ -1763,7 +1982,26 @@ http_transport_init (vlib_main_t *vm) hm->first_seg_size = 32 << 20; hm->fifo_size = 512 << 10; - return 0; + /* Setup u16 to http_status_code_t map */ + /* Unrecognized status code is equivalent to the x00 status */ + vec_validate (hm->sc_by_u16, 599); + for (i = 100; i < 200; i++) + hm->sc_by_u16[i] = HTTP_STATUS_CONTINUE; + for (i = 200; i < 300; i++) + hm->sc_by_u16[i] = HTTP_STATUS_OK; + for (i = 300; i < 400; i++) + hm->sc_by_u16[i] = HTTP_STATUS_MULTIPLE_CHOICES; + for (i = 400; i < 500; i++) + hm->sc_by_u16[i] = HTTP_STATUS_BAD_REQUEST; + for (i = 500; i < 600; i++) + hm->sc_by_u16[i] = HTTP_STATUS_INTERNAL_ERROR; + + /* Registered status codes */ +#define _(c, s, str) hm->sc_by_u16[c] = HTTP_STATUS_##s; + foreach_http_status_code +#undef _ + + return 0; } VLIB_INIT_FUNCTION (http_transport_init); diff --git a/src/plugins/http/http.h b/src/plugins/http/http.h index e3ee93b6291..35e7d4dcfb6 100644 --- a/src/plugins/http/http.h +++ b/src/plugins/http/http.h @@ -51,6 +51,14 @@ typedef struct http_conn_id_ STATIC_ASSERT (sizeof (http_conn_id_t) <= TRANSPORT_CONN_ID_LEN, "ctx id must be less than TRANSPORT_CONN_ID_LEN"); +typedef struct +{ + char *base; + uword len; +} http_token_t; + +#define http_token_lit(s) (s), sizeof (s) - 1 + typedef enum http_conn_state_ { HTTP_CONN_STATE_LISTEN, @@ -94,85 +102,87 @@ typedef enum http_target_form_ } http_target_form_t; #define foreach_http_content_type \ - _ (APP_7Z, ".7z", "application / x - 7z - compressed") \ - _ (APP_DOC, ".doc", "application / msword") \ + _ (APP_7Z, ".7z", "application/x-7z-compressed") \ + _ (APP_DOC, ".doc", "application/msword") \ _ (APP_DOCX, ".docx", \ - "application / vnd.openxmlformats - " \ + "application/vnd.openxmlformats-" \ "officedocument.wordprocessingml.document") \ - _ (APP_EPUB, ".epub", "application / epub + zip") \ - _ (APP_FONT, ".eot", "application / vnd.ms - fontobject") \ - _ (APP_JAR, ".jar", "application / java - archive") \ - _ (APP_JSON, ".json", "application / json") \ - _ (APP_JSON_LD, ".jsonld", "application / ld + json") \ - _ (APP_MPKG, ".mpkg", "application / vnd.apple.installer + xml") \ - _ (APP_ODP, ".odp", "application / vnd.oasis.opendocument.presentation") \ - _ (APP_ODS, ".ods", "application / vnd.oasis.opendocument.spreadsheet") \ - _ (APP_ODT, ".odt", "application / vnd.oasis.opendocument.text") \ - _ (APP_OGX, ".ogx", "application / ogg") \ - _ (APP_PDF, ".pdf", "application / pdf") \ - _ (APP_PHP, ".php", "application / x - httpd - php") \ - _ (APP_PPT, ".ppt", "application / vnd.ms - powerpoint") \ - _ (APP_PPTX, ".pptx", "application / vnd.ms - powerpoint") \ - _ (APP_RAR, ".rar", "application / vnd.rar") \ - _ (APP_RTF, ".rtf", "application / rtf") \ - _ (APP_SH, ".sh", "application / x - sh") \ - _ (APP_TAR, ".tar", "application / x - tar") \ - _ (APP_VSD, ".vsd", "application / vnd.visio") \ - _ (APP_XHTML, ".xhtml", "application / xhtml + xml") \ - _ (APP_XLS, ".xls", "application / vnd.ms - excel") \ - _ (APP_XML, ".xml", "application / xml") \ + _ (APP_EPUB, ".epub", "application/epub+zip") \ + _ (APP_FONT, ".eot", "application/vnd.ms-fontobject") \ + _ (APP_JAR, ".jar", "application/java-archive") \ + _ (APP_JSON, ".json", "application/json") \ + _ (APP_JSON_LD, ".jsonld", "application/ld+json") \ + _ (APP_MPKG, ".mpkg", "application/vnd.apple.installer+xml") \ + _ (APP_ODP, ".odp", "application/vnd.oasis.opendocument.presentation") \ + _ (APP_ODS, ".ods", "application/vnd.oasis.opendocument.spreadsheet") \ + _ (APP_ODT, ".odt", "application/vnd.oasis.opendocument.text") \ + _ (APP_OGX, ".ogx", "application/ogg") \ + _ (APP_PDF, ".pdf", "application/pdf") \ + _ (APP_PHP, ".php", "application/x-httpd-php") \ + _ (APP_PPT, ".ppt", "application/vnd.ms-powerpoint") \ + _ (APP_PPTX, ".pptx", "application/vnd.ms-powerpoint") \ + _ (APP_RAR, ".rar", "application/vnd.rar") \ + _ (APP_RTF, ".rtf", "application/rtf") \ + _ (APP_SH, ".sh", "application/x-sh") \ + _ (APP_TAR, ".tar", "application/x-tar") \ + _ (APP_VSD, ".vsd", "application/vnd.visio") \ + _ (APP_XHTML, ".xhtml", "application/xhtml+xml") \ + _ (APP_XLS, ".xls", "application/vnd.ms-excel") \ + _ (APP_XML, ".xml", "application/xml") \ _ (APP_XSLX, ".xlsx", \ - "application / vnd.openxmlformats - officedocument.spreadsheetml.sheet") \ - _ (APP_XUL, ".xul", "application / vnd.mozilla.xul + xml") \ - _ (APP_ZIP, ".zip", "application / zip") \ - _ (AUDIO_AAC, ".aac", "audio / aac") \ - _ (AUDIO_CD, ".cda", "application / x - cdf") \ - _ (AUDIO_WAV, ".wav", "audio / wav") \ - _ (AUDIO_WEBA, ".weba", "audio / webm") \ - _ (AUDO_MIDI, ".midi", "audio / midi") \ - _ (AUDO_MID, ".mid", "audo / midi") \ - _ (AUDO_MP3, ".mp3", "audio / mpeg") \ - _ (AUDO_OGA, ".oga", "audio / ogg") \ - _ (AUDO_OPUS, ".opus", "audio / opus") \ - _ (APP_OCTET_STREAM, ".bin", "application / octet - stream") \ - _ (BZIP2, ".bz2", "application / x - bzip2") \ - _ (BZIP, ".bz", "application / x - bzip") \ - _ (FONT_OTF, ".otf", "font / otf") \ - _ (FONT_TTF, ".ttf", "font / ttf") \ - _ (FONT_WOFF2, ".woff2", "font / woff2") \ - _ (FONT_WOFF, ".woff", "font / woff") \ - _ (GZIP, ".gz", "application / gzip") \ - _ (IMAGE_AVIF, ".avif", "image / avif") \ - _ (IMAGE_BMP, ".bmp", "image / bmp") \ - _ (IMAGE_GIF, ".gif", "image / gif") \ - _ (IMAGE_ICON, ".ico", "image / vnd.microsoft.icon") \ - _ (IMAGE_JPEG, ".jpeg", "image / jpeg") \ - _ (IMAGE_JPG, ".jpg", "image / jpeg") \ - _ (IMAGE_PNG, ".png", "image / png") \ - _ (IMAGE_SVG, ".svg", "image / svg + xml") \ - _ (IMAGE_TIFF, ".tiff", "image / tiff") \ - _ (IMAGE_TIF, ".tif", "image / tiff") \ - _ (IMAGE_WEBP, ".webp", "image / webp") \ - _ (SCRIPT_CSH, ".csh", "application / x - csh") \ - _ (TEXT_ABIWORD, ".abw", "application / x - abiword") \ - _ (TEXT_ARCHIVE, ".arc", "application / x - freearc") \ - _ (TEXT_AZW, ".azw", "application / vnd.amazon.ebook") \ - _ (TEXT_CALENDAR, ".ics", "text / calendar") \ - _ (TEXT_CSS, ".css", "text / css") \ - _ (TEXT_CSV, ".csv", "text / csv") \ - _ (TEXT_HTM, ".htm", "text / html") \ - _ (TEXT_HTML, ".html", "text / html") \ - _ (TEXT_JS, ".js", "text / javascript") \ - _ (TEXT_MJS, ".mjs", "text / javascript") \ - _ (TEXT_PLAIN, ".txt", "text / plain") \ - _ (VIDEO_3GP2, ".3g2", "video / 3gpp2") \ - _ (VIDEO_3GP, ".3gp", "video / 3gpp") \ - _ (VIDEO_AVI, ".avi", "video / x - msvideo") \ - _ (VIDEO_MP4, ".mp4", "video / mp4") \ - _ (VIDEO_MPEG, ".mpeg", "video / mpeg") \ - _ (VIDEO_OGG, ".ogv", "video / ogg") \ - _ (VIDEO_TS, ".ts", "video / mp2t") \ - _ (VIDEO_WEBM, ".webm", "video / webm") + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet") \ + _ (APP_XUL, ".xul", "application/vnd.mozilla.xul+xml") \ + _ (APP_X_WWW_FORM_URLENCODED, ".invalid", \ + "application/x-www-form-urlencoded") \ + _ (APP_ZIP, ".zip", "application/zip") \ + _ (AUDIO_AAC, ".aac", "audio/aac") \ + _ (AUDIO_CD, ".cda", "application/x-cdf") \ + _ (AUDIO_WAV, ".wav", "audio/wav") \ + _ (AUDIO_WEBA, ".weba", "audio/webm") \ + _ (AUDO_MIDI, ".midi", "audio/midi") \ + _ (AUDO_MID, ".mid", "audo/midi") \ + _ (AUDO_MP3, ".mp3", "audio/mpeg") \ + _ (AUDO_OGA, ".oga", "audio/ogg") \ + _ (AUDO_OPUS, ".opus", "audio/opus") \ + _ (APP_OCTET_STREAM, ".bin", "application/octet-stream") \ + _ (BZIP2, ".bz2", "application/x-bzip2") \ + _ (BZIP, ".bz", "application/x-bzip") \ + _ (FONT_OTF, ".otf", "font/otf") \ + _ (FONT_TTF, ".ttf", "font/ttf") \ + _ (FONT_WOFF2, ".woff2", "font/woff2") \ + _ (FONT_WOFF, ".woff", "font/woff") \ + _ (GZIP, ".gz", "application/gzip") \ + _ (IMAGE_AVIF, ".avif", "image/avif") \ + _ (IMAGE_BMP, ".bmp", "image/bmp") \ + _ (IMAGE_GIF, ".gif", "image/gif") \ + _ (IMAGE_ICON, ".ico", "image/vnd.microsoft.icon") \ + _ (IMAGE_JPEG, ".jpeg", "image/jpeg") \ + _ (IMAGE_JPG, ".jpg", "image/jpeg") \ + _ (IMAGE_PNG, ".png", "image/png") \ + _ (IMAGE_SVG, ".svg", "image/svg+xml") \ + _ (IMAGE_TIFF, ".tiff", "image/tiff") \ + _ (IMAGE_TIF, ".tif", "image/tiff") \ + _ (IMAGE_WEBP, ".webp", "image/webp") \ + _ (SCRIPT_CSH, ".csh", "application/x-csh") \ + _ (TEXT_ABIWORD, ".abw", "application/x-abiword") \ + _ (TEXT_ARCHIVE, ".arc", "application/x-freearc") \ + _ (TEXT_AZW, ".azw", "application/vnd.amazon.ebook") \ + _ (TEXT_CALENDAR, ".ics", "text/calendar") \ + _ (TEXT_CSS, ".css", "text/css") \ + _ (TEXT_CSV, ".csv", "text/csv") \ + _ (TEXT_HTM, ".htm", "text/html") \ + _ (TEXT_HTML, ".html", "text/html") \ + _ (TEXT_JS, ".js", "text/javascript") \ + _ (TEXT_MJS, ".mjs", "text/javascript") \ + _ (TEXT_PLAIN, ".txt", "text/plain") \ + _ (VIDEO_3GP2, ".3g2", "video/3gpp2") \ + _ (VIDEO_3GP, ".3gp", "video/3gpp") \ + _ (VIDEO_AVI, ".avi", "video/x-msvideo") \ + _ (VIDEO_MP4, ".mp4", "video/mp4") \ + _ (VIDEO_MPEG, ".mpeg", "video/mpeg") \ + _ (VIDEO_OGG, ".ogv", "video/ogg") \ + _ (VIDEO_TS, ".ts", "video/mp2t") \ + _ (VIDEO_WEBM, ".webm", "video/webm") typedef enum http_content_type_ { @@ -235,50 +245,100 @@ typedef enum http_status_code_ HTTP_N_STATUS } http_status_code_t; -#define HTTP_HEADER_ACCEPT "Accept" -#define HTTP_HEADER_ACCEPT_CHARSET "Accept-Charset" -#define HTTP_HEADER_ACCEPT_ENCODING "Accept-Encoding" -#define HTTP_HEADER_ACCEPT_LANGUAGE "Accept-Language" -#define HTTP_HEADER_ACCEPT_RANGES "Accept-Ranges" -#define HTTP_HEADER_ALLOW "Allow" -#define HTTP_HEADER_AUTHENTICATION_INFO "Authentication-Info" -#define HTTP_HEADER_AUTHORIZATION "Authorization" -#define HTTP_HEADER_CLOSE "Close" -#define HTTP_HEADER_CONNECTION "Connection" -#define HTTP_HEADER_CONTENT_ENCODING "Content-Encoding" -#define HTTP_HEADER_CONTENT_LANGUAGE "Content-Language" -#define HTTP_HEADER_CONTENT_LENGTH "Content-Length" -#define HTTP_HEADER_CONTENT_LOCATION "Content-Location" -#define HTTP_HEADER_CONTENT_RANGE "Content-Range" -#define HTTP_HEADER_CONTENT_TYPE "Content-Type" -#define HTTP_HEADER_DATE "Date" -#define HTTP_HEADER_ETAG "ETag" -#define HTTP_HEADER_EXPECT "Expect" -#define HTTP_HEADER_FROM "From" -#define HTTP_HEADER_HOST "Host" -#define HTTP_HEADER_IF_MATCH "If-Match" -#define HTTP_HEADER_IF_MODIFIED_SINCE "If-Modified-Since" -#define HTTP_HEADER_IF_NONE_MATCH "If-None-Match" -#define HTTP_HEADER_IF_RANGE "If-Range" -#define HTTP_HEADER_IF_UNMODIFIED_SINCE "If-Unmodified-Since" -#define HTTP_HEADER_LAST_MODIFIED "Last-Modified" -#define HTTP_HEADER_LOCATION "Location" -#define HTTP_HEADER_MAX_FORWARDS "Max-Forwards" -#define HTTP_HEADER_PROXY_AUTHENTICATE "Proxy-Authenticate" -#define HTTP_HEADER_PROXY_AUTHENTICATION_INFO "Proxy-Authentication-Info" -#define HTTP_HEADER_PROXY_AUTHORIZATION "Proxy-Authorization" -#define HTTP_HEADER_RANGE "Range" -#define HTTP_HEADER_REFERER "Referer" -#define HTTP_HEADER_RETRY_AFTER "Retry-After" -#define HTTP_HEADER_SERVER "Server" -#define HTTP_HEADER_TE "TE" -#define HTTP_HEADER_TRAILER "Trailer" -#define HTTP_HEADER_TRANSFER_ENCODING "Transfer-Encoding" -#define HTTP_HEADER_UPGRADE "Upgrade" -#define HTTP_HEADER_USER_AGENT "User-Agent" -#define HTTP_HEADER_VARY "Vary" -#define HTTP_HEADER_VIA "Via" -#define HTTP_HEADER_WWW_AUTHENTICATE "WWW-Authenticate" +#define foreach_http_header_name \ + _ (ACCEPT, "Accept") \ + _ (ACCEPT_CHARSET, "Accept-Charset") \ + _ (ACCEPT_ENCODING, "Accept-Encoding") \ + _ (ACCEPT_LANGUAGE, "Accept-Language") \ + _ (ACCEPT_RANGES, "Accept-Ranges") \ + _ (ACCESS_CONTROL_ALLOW_CREDENTIALS, "Access-Control-Allow-Credentials") \ + _ (ACCESS_CONTROL_ALLOW_HEADERS, "Access-Control-Allow-Headers") \ + _ (ACCESS_CONTROL_ALLOW_METHODS, "Access-Control-Allow-Methods") \ + _ (ACCESS_CONTROL_ALLOW_ORIGIN, "Access-Control-Allow-Origin") \ + _ (ACCESS_CONTROL_EXPOSE_HEADERS, "Access-Control-Expose-Headers") \ + _ (ACCESS_CONTROL_MAX_AGE, "Access-Control-Max-Age") \ + _ (ACCESS_CONTROL_REQUEST_HEADERS, "Access-Control-Request-Headers") \ + _ (ACCESS_CONTROL_REQUEST_METHOD, "Access-Control-Request-Method") \ + _ (AGE, "Age") \ + _ (ALLOW, "Allow") \ + _ (ALPN, "ALPN") \ + _ (ALT_SVC, "Alt-Svc") \ + _ (ALT_USED, "Alt-Used") \ + _ (ALTERNATES, "Alternates") \ + _ (AUTHENTICATION_CONTROL, "Authentication-Control") \ + _ (AUTHENTICATION_INFO, "Authentication-Info") \ + _ (AUTHORIZATION, "Authorization") \ + _ (CACHE_CONTROL, "Cache-Control") \ + _ (CACHE_STATUS, "Cache-Status") \ + _ (CAPSULE_PROTOCOL, "Capsule-Protocol") \ + _ (CDN_CACHE_CONTROL, "CDN-Cache-Control") \ + _ (CDN_LOOP, "CDN-Loop") \ + _ (CLIENT_CERT, "Client-Cert") \ + _ (CLIENT_CERT_CHAIN, "Client-Cert-Chain") \ + _ (CLOSE, "Close") \ + _ (CONNECTION, "Connection") \ + _ (CONTENT_DIGEST, "Content-Digest") \ + _ (CONTENT_DISPOSITION, "Content-Disposition") \ + _ (CONTENT_ENCODING, "Content-Encoding") \ + _ (CONTENT_LANGUAGE, "Content-Language") \ + _ (CONTENT_LENGTH, "Content-Length") \ + _ (CONTENT_LOCATION, "Content-Location") \ + _ (CONTENT_RANGE, "Content-Range") \ + _ (CONTENT_TYPE, "Content-Type") \ + _ (COOKIE, "Cookie") \ + _ (DATE, "Date") \ + _ (DIGEST, "Digest") \ + _ (DPOP, "DPoP") \ + _ (DPOP_NONCE, "DPoP-Nonce") \ + _ (EARLY_DATA, "Early-Data") \ + _ (ETAG, "ETag") \ + _ (EXPECT, "Expect") \ + _ (EXPIRES, "Expires") \ + _ (FORWARDED, "Forwarded") \ + _ (FROM, "From") \ + _ (HOST, "Host") \ + _ (IF_MATCH, "If-Match") \ + _ (IF_MODIFIED_SINCE, "If-Modified-Since") \ + _ (IF_NONE_MATCH, "If-None-Match") \ + _ (IF_RANGE, "If-Range") \ + _ (IF_UNMODIFIED_SINCE, "If-Unmodified-Since") \ + _ (KEEP_ALIVE, "Keep-Alive") \ + _ (LAST_MODIFIED, "Last-Modified") \ + _ (LINK, "Link") \ + _ (LOCATION, "Location") \ + _ (MAX_FORWARDS, "Max-Forwards") \ + _ (ORIGIN, "Origin") \ + _ (PRIORITY, "Priority") \ + _ (PROXY_AUTHENTICATE, "Proxy-Authenticate") \ + _ (PROXY_AUTHENTICATION_INFO, "Proxy-Authentication-Info") \ + _ (PROXY_AUTHORIZATION, "Proxy-Authorization") \ + _ (PROXY_STATUS, "Proxy-Status") \ + _ (RANGE, "Range") \ + _ (REFERER, "Referer") \ + _ (REPR_DIGEST, "Repr-Digest") \ + _ (SET_COOKIE, "Set-Cookie") \ + _ (SIGNATURE, "Signature") \ + _ (SIGNATURE_INPUT, "Signature-Input") \ + _ (STRICT_TRANSPORT_SECURITY, "Strict-Transport-Security") \ + _ (RETRY_AFTER, "Retry-After") \ + _ (SERVER, "Server") \ + _ (TE, "TE") \ + _ (TRAILER, "Trailer") \ + _ (TRANSFER_ENCODING, "Transfer-Encoding") \ + _ (UPGRADE, "Upgrade") \ + _ (USER_AGENT, "User-Agent") \ + _ (VARY, "Vary") \ + _ (VIA, "Via") \ + _ (WANT_CONTENT_DIGEST, "Want-Content-Digest") \ + _ (WANT_REPR_DIGEST, "Want-Repr-Digest") \ + _ (WWW_AUTHENTICATE, "WWW-Authenticate") + +typedef enum http_header_name_ +{ +#define _(sym, str) HTTP_HEADER_##sym, + foreach_http_header_name +#undef _ +} http_header_name_t; typedef enum http_msg_data_type_ { @@ -310,7 +370,6 @@ typedef struct http_msg_ http_req_method_t method_type; http_status_code_t code; }; - http_content_type_t content_type; http_msg_data_t data; } http_msg_t; @@ -330,6 +389,8 @@ typedef struct http_tc_ http_conn_state_t state; u32 timer_handle; u8 *app_name; + u8 *host; + u8 is_server; /* * Current request @@ -341,6 +402,7 @@ typedef struct http_tc_ http_buffer_t tx_buf; u32 to_recv; u32 bytes_dequeued; + u32 control_data_len; /* start line + headers + empty line */ http_target_form_t target_form; u32 target_path_offset; u32 target_path_len; @@ -350,6 +412,7 @@ typedef struct http_tc_ u32 headers_len; u32 body_offset; u32 body_len; + u16 status_code; } http_conn_t; typedef struct http_worker_ @@ -365,10 +428,12 @@ typedef struct http_main_ clib_timebase_t timebase; + u16 *sc_by_u16; /* * Runtime config */ u8 debug_level; + u8 is_init; /* * Config @@ -668,11 +733,17 @@ typedef struct { u8 *name; u8 *value; +} http_header_ht_t; + +typedef struct +{ + http_token_t name; + http_token_t value; } http_header_t; typedef struct { - http_header_t *headers; + http_header_ht_t *headers; uword *value_by_name; } http_header_table_t; @@ -684,7 +755,7 @@ typedef struct always_inline void http_free_header_table (http_header_table_t *ht) { - http_header_t *header; + http_header_ht_t *header; vec_foreach (header, ht->headers) { vec_free (header->name); @@ -712,7 +783,7 @@ http_parse_headers (u8 *headers, http_header_table_t **header_table) u8 *pos, *end, *name_start, *value_start, *name; u32 name_len, value_len; int rv; - http_header_t *header; + http_header_ht_t *header; http_header_table_t *ht; uword *p; @@ -778,7 +849,7 @@ always_inline const char * http_get_header (http_header_table_t *header_table, const char *name) { uword *p; - http_header_t *header; + http_header_ht_t *header; p = hash_get_mem (header_table->value_by_name, name); if (p) @@ -790,6 +861,119 @@ http_get_header (http_header_table_t *header_table, const char *name) return 0; } +/** + * Add header to the list. + * + * @param headers Header list. + * @param name Pointer to header's name buffer. + * @param name_len Length of the name. + * @param value Pointer to header's value buffer. + * @param value_len Length of the value. + * + * @note Headers added at protocol layer: Date, Server, Content-Length + */ +always_inline void +http_add_header (http_header_t **headers, const char *name, uword name_len, + const char *value, uword value_len) +{ + http_header_t *header; + vec_add2 (*headers, header, 1); + header->name.base = (char *) name; + header->name.len = name_len; + header->value.base = (char *) value; + header->value.len = value_len; +} + +/** + * Serialize the header list. + * + * @param headers Header list to serialize. + * + * @return New vector with serialized headers. + * + * The caller is always responsible to free the returned vector. + */ +always_inline u8 * +http_serialize_headers (http_header_t *headers) +{ + u8 *headers_buf = 0, *dst; + u32 headers_buf_len = 2; + http_header_t *header; + + vec_foreach (header, headers) + headers_buf_len += header->name.len + header->value.len + 4; + + vec_validate (headers_buf, headers_buf_len - 1); + dst = headers_buf; + + vec_foreach (header, headers) + { + clib_memcpy (dst, header->name.base, header->name.len); + dst += header->name.len; + *dst++ = ':'; + *dst++ = ' '; + clib_memcpy (dst, header->value.base, header->value.len); + dst += header->value.len; + *dst++ = '\r'; + *dst++ = '\n'; + } + *dst++ = '\r'; + *dst = '\n'; + return headers_buf; +} + +typedef struct +{ + ip46_address_t ip; + u16 port; + u8 is_ip4; +} http_uri_t; + +always_inline int +http_parse_authority_form_target (u8 *target, http_uri_t *authority) +{ + unformat_input_t input; + u32 port; + int rv = 0; + + unformat_init_vector (&input, vec_dup (target)); + if (unformat (&input, "[%U]:%d", unformat_ip6_address, &authority->ip.ip6, + &port)) + { + authority->port = clib_host_to_net_u16 (port); + authority->is_ip4 = 0; + } + else if (unformat (&input, "%U:%d", unformat_ip4_address, &authority->ip.ip4, + &port)) + { + authority->port = clib_host_to_net_u16 (port); + authority->is_ip4 = 1; + } + /* TODO reg-name resolution */ + else + { + clib_warning ("unsupported format '%v'", target); + rv = -1; + } + unformat_free (&input); + return rv; +} + +always_inline u8 * +http_serialize_authority_form_target (http_uri_t *authority) +{ + u8 *s; + + if (authority->is_ip4) + s = format (0, "%U:%d", format_ip4_address, &authority->ip.ip4, + clib_net_to_host_u16 (authority->port)); + else + s = format (0, "[%U]:%d", format_ip6_address, &authority->ip.ip6, + clib_net_to_host_u16 (authority->port)); + + return s; +} + #endif /* SRC_PLUGINS_HTTP_HTTP_H_ */ /* diff --git a/src/plugins/http/http_buffer.c b/src/plugins/http/http_buffer.c index f3dc308dbf8..bc1b8c08630 100644 --- a/src/plugins/http/http_buffer.c +++ b/src/plugins/http/http_buffer.c @@ -173,7 +173,7 @@ buf_ptr_drain (http_buffer_t *hb, u32 len) bf->segs[1].data += len; bf->segs[0].len -= len; - HTTP_DBG (1, "drained %u left %u", len, bf->segs[1].len); + HTTP_DBG (1, "drained %u left %u", len, bf->segs[0].len); if (!bf->segs[0].len) { diff --git a/src/plugins/http/http_content_types.h b/src/plugins/http/http_content_types.h new file mode 100644 index 00000000000..ddc02566db7 --- /dev/null +++ b/src/plugins/http/http_content_types.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#ifndef SRC_PLUGINS_HTTP_HTTP_CONTENT_TYPES_H_ +#define SRC_PLUGINS_HTTP_HTTP_CONTENT_TYPES_H_ + +#include <http/http.h> + +static http_token_t http_content_types[] = { +#define _(s, ext, str) { http_token_lit (str) }, + foreach_http_content_type +#undef _ +}; + +#define http_content_type_token(e) \ + http_content_types[e].base, http_content_types[e].len + +#endif /* SRC_PLUGINS_HTTP_HTTP_CONTENT_TYPES_H_ */ diff --git a/src/plugins/http/http_header_names.h b/src/plugins/http/http_header_names.h new file mode 100644 index 00000000000..99acac786db --- /dev/null +++ b/src/plugins/http/http_header_names.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#ifndef SRC_PLUGINS_HTTP_HTTP_HEADER_NAMES_H_ +#define SRC_PLUGINS_HTTP_HTTP_HEADER_NAMES_H_ + +#include <http/http.h> + +static http_token_t http_header_names[] = { +#define _(sym, str) { http_token_lit (str) }, + foreach_http_header_name +#undef _ +}; + +#define http_header_name_token(e) \ + http_header_names[e].base, http_header_names[e].len + +#define http_header_name_str(e) http_header_names[e].base + +#endif /* SRC_PLUGINS_HTTP_HTTP_HEADER_NAMES_H_ */ diff --git a/src/plugins/http/http_plugin.rst b/src/plugins/http/http_plugin.rst index c4c4d2c8234..4daef79b9cf 100644 --- a/src/plugins/http/http_plugin.rst +++ b/src/plugins/http/http_plugin.rst @@ -9,14 +9,14 @@ Overview -------- This plugin adds the HTTP protocol to VPP's Host Stack. -As a result parsing of HTTP/1 request or response is available for internal VPP applications. +As a result parsing and serializing of HTTP/1 requests or responses are available for internal VPP applications. Usage ----- The plugin exposes following inline functions: ``http_validate_abs_path_syntax``, ``http_validate_query_syntax``, ``http_percent_decode``, ``http_path_remove_dot_segments``, ``http_parse_headers``, ``http_get_header``, -``http_free_header_table``. +``http_free_header_table``, ``http_add_header``, ``http_serialize_headers``. It relies on the hoststack constructs and uses ``http_msg_data_t`` data structure for passing metadata to/from applications. @@ -121,6 +121,7 @@ Following example shows how to parse headers: .. code-block:: C + #include <http/http_header_names.h> if (msg.data.headers_len) { u8 *headers = 0; @@ -134,7 +135,7 @@ Following example shows how to parse headers: /* your error handling */ } /* get Accept header */ - const char *accept_value = http_get_header (ht, HTTP_HEADER_ACCEPT); + const char *accept_value = http_get_header (ht, http_header_name_str (HTTP_HEADER_ACCEPT)); if (accept_value) { /* do something interesting */ @@ -154,3 +155,321 @@ Finally application reads body: rv = svm_fifo_peek (ts->rx_fifo, msg.data.body_offset, msg.data.body_len, body); ASSERT (rv == msg.data.body_len); } + +Sending data +"""""""""""""" + +When server application sends response back to HTTP layer it starts with message metadata, followed by optional serialized headers and finally body (if any). + +Application should set following items: + +* Status code +* target form +* header section offset and length +* body offset and length + +Application could pass headers back to HTTP layer. Header list is created dynamically as vector of ``http_header_t``, +where we store only pointers to buffers (zero copy). +Well known header names are predefined. +The list is serialized just before you send buffer to HTTP layer. + +.. note:: + Following headers are added at protocol layer and **MUST NOT** be set by application: Date, Server, Content-Length + +Following example shows how to create headers section: + +.. code-block:: C + + #include <http/http.h> + #include <http/http_header_names.h> + #include <http/http_content_types.h> + http_header_t *resp_headers = 0; + u8 *headers_buf = 0; + http_add_header (resp_headers, + http_header_name_token (HTTP_HEADER_CONTENT_TYPE), + http_content_type_token (HTTP_CONTENT_TEXT_HTML)); + http_add_header (resp_headers, + http_header_name_token (HTTP_HEADER_CACHE_CONTROL), + http_token_lit ("max-age=600")); + http_add_header (resp_headers, + http_header_name_token (HTTP_HEADER_LOCATION), + (const char *) redirect, vec_len (redirect)); + headers_buf = http_serialize_headers (resp_headers); + +The example below show how to create and send response HTTP message metadata: + +.. code-block:: C + + http_msg_t msg; + msg.type = HTTP_MSG_REPLY; + msg.code = HTTP_STATUS_MOVED + msg.data.headers_offset = 0; + msg.data.headers_len = vec_len (headers_buf); + msg.data.type = HTTP_MSG_DATA_INLINE; + msg.data.body_len = vec_len (tx_buf); + msg.data.body_offset = msg.data.headers_len; + msg.data.len = msg.data.body_len + msg.data.headers_len; + ts = session_get (hs->vpp_session_index, hs->thread_index); + rv = svm_fifo_enqueue (ts->tx_fifo, sizeof (msg), (u8 *) &msg); + ASSERT (rv == sizeof (msg)); + +Next you will send your serialized headers: + +.. code-block:: C + + rv = svm_fifo_enqueue (ts->tx_fifo, vec_len (headers_buf), headers_buf); + ASSERT (rv == msg.data.headers_len); + vec_free (headers_buf); + +Finally application sends response body: + +.. code-block:: C + + rv = svm_fifo_enqueue (ts->tx_fifo, vec_len (tx_buf), tx_buf); + if (rv != vec_len (hs->tx_buf)) + { + hs->tx_offset = rv; + svm_fifo_add_want_deq_ntf (ts->tx_fifo, SVM_FIFO_WANT_DEQ_NOTIF); + } + else + { + vec_free (tx_buf); + } + if (svm_fifo_set_event (ts->tx_fifo)) + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); + +Examples above shows how to send body and headers by copy, alternatively you could pass them as pointer: + +.. code-block:: C + + msg.data.type = HTTP_MSG_DATA_PTR; + /* code omitted for brevity */ + if (msg.data.headers_len) + { + uword headers = pointer_to_uword (headers_buf); + rv = svm_fifo_enqueue (ts->tx_fifo, sizeof (headers), (u8 *) &headers); + ASSERT (rv == sizeof (headers)); + } + uword data = pointer_to_uword (tx_buf); + rv = svm_fifo_enqueue (ts->tx_fifo, sizeof (data), (u8 *) &data); + ASSERT (rv == sizeof (data)); + +In this case you need to free data when you receive next request or when session is closed. + + +Client application +^^^^^^^^^^^^^^^^^^ + +Client application opens connection with vnet URI where transport protocol is set to ``http``. + +Sending data +"""""""""""""" + +HTTP request is sent when connection is successfully established in ``session_connected_callback``. + +When client application sends message to HTTP layer it starts with message metadata, followed by request target, optional headers and body (if any) buffers. + +Application should set following items: + +* HTTP method +* target form, offset and length +* header section offset and length +* body offset and length + +Application could pass headers to HTTP layer. Header list is created dynamically as vector of ``http_header_t``, +where we store only pointers to buffers (zero copy). +Well known header names are predefined. +The list is serialized just before you send buffer to HTTP layer. + +.. note:: + Following headers are added at protocol layer and **MUST NOT** be set by application: Host, User-Agent + + +The example below shows how to create headers section: + +.. code-block:: C + + #include <http/http.h> + #include <http/http_header_names.h> + #include <http/http_content_types.h> + http_header_t *req_headers = 0; + u8 *headers_buf = 0; + http_add_header (req_headers, + http_header_name_token (HTTP_HEADER_ACCEPT), + http_content_type_token (HTTP_CONTENT_TEXT_HTML)); + headers_buf = http_serialize_headers (req_headers); + vec_free (hs->req_headers); + +Following example shows how to set message metadata: + +.. code-block:: C + + http_msg_t msg; + msg.type = HTTP_MSG_REQUEST; + msg.method_type = HTTP_REQ_GET; + msg.data.headers_offset = 0; + /* request target */ + msg.data.target_form = HTTP_TARGET_ORIGIN_FORM; + msg.data.target_path_offset = 0; + msg.data.target_path_len = vec_len (target); + /* custom headers */ + msg.data.headers_offset = msg.data.target_path_len; + msg.data.headers_len = vec_len (headers_buf); + /* no request body because we are doing GET request */ + msg.data.body_len = 0; + /* data type and total length */ + msg.data.type = HTTP_MSG_DATA_INLINE; + msg.data.len = msg.data.target_path_len + msg.data.headers_len + msg.data.body_len; + +Finally application sends everything to HTTP layer: + +.. code-block:: C + + svm_fifo_seg_t segs[3] = { { (u8 *) &msg, sizeof (msg) }, /* message metadata */ + { target, vec_len (target) }, /* request target */ + { headers_buf, vec_len (headers_buf) } }; /* serialized headers */ + rv = svm_fifo_enqueue_segments (as->tx_fifo, segs, 3, 0 /* allow partial */); + vec_free (headers_buf); + if (rv < 0 || rv != sizeof (msg) + msg.data.len) + { + clib_warning ("failed app enqueue"); + return -1; + } + if (svm_fifo_set_event (as->tx_fifo)) + session_program_tx_io_evt (as->handle, SESSION_IO_EVT_TX); + +Examples above shows how to send buffers by copy, alternatively you could pass them as pointer: + +.. code-block:: C + + msg.data.type = HTTP_MSG_DATA_PTR; + msg.method_type = HTTP_REQ_POST; + msg.data.body_len = vec_len (data); + /* code omitted for brevity */ + uword target = pointer_to_uword (target); + uword headers = pointer_to_uword (headers_buf); + uword body = pointer_to_uword (data); + svm_fifo_seg_t segs[4] = { + { (u8 *) &msg, sizeof (msg) }, + { (u8 *) &target, sizeof (target) }, + { (u8 *) &headers, sizeof (headers) }, + { (u8 *) &body, sizeof (body) }, + }; + rv = svm_fifo_enqueue_segments (s->tx_fifo, segs, 4, 0 /* allow partial */); + ASSERT (rv == (sizeof (msg) + sizeof (target) + sizeof (headers) + sizeof (body))); + +In this case you need to free data when you receive response or when session is closed. + +Receiving data +"""""""""""""" + +HTTP plugin sends message header with metadata for parsing, in form of offset and length, followed by all data bytes as received from transport. + +Application will get pre-parsed following items: + +* status code +* header section offset and length +* body offset and length + +The example below reads HTTP message header in ``builtin_app_rx_callback``, which is first step application should do: + +.. code-block:: C + + #include <http/http.h> + http_msg_t msg; + rv = svm_fifo_dequeue (ts->rx_fifo, sizeof (msg), (u8 *) &msg); + ASSERT (rv == sizeof (msg)); + +As next step application might validate message type and status code: + +.. code-block:: C + + if (msg.type != HTTP_MSG_REPLY) + { + /* your error handling */ + } + if (msg.code != HTTP_STATUS_OK) + { + /* your error handling */ + /* of course you can continue with steps bellow */ + /* you might be interested in some headers or body content (if any) */ + } + +Headers are parsed using a generic algorithm, independent of the individual header names. +When header is repeated, its combined value consists of all values separated by comma, concatenated in order as received. +Following example shows how to parse headers: + +.. code-block:: C + + #include <http/http_header_names.h> + if (msg.data.headers_len) + { + u8 *headers = 0; + http_header_table_t *ht; + vec_validate (headers, msg.data.headers_len - 1); + rv = svm_fifo_peek (ts->rx_fifo, msg.data.headers_offset, + msg.data.headers_len, headers); + ASSERT (rv == msg.data.headers_len); + if (http_parse_headers (headers, &ht)) + { + /* your error handling */ + } + /* get Content-Type header */ + const char *content_type = http_get_header (ht, http_header_name_str (HTTP_HEADER_CONTENT_TYPE)); + if (content_type) + { + /* do something interesting */ + } + http_free_header_table (ht); + vec_free (headers); + } + +Finally application reads body, which might be received in multiple pieces (depends on size), so we might need some state machine in ``builtin_app_rx_callback``. +We will add following members to our session context structure: + +.. code-block:: C + + typedef struct + { + /* ... */ + u32 to_recv; + u8 *resp_body; + } session_ctx_t; + +First we prepare vector for response body, do it only once when you are reading metadata: + +.. code-block:: C + + /* drop everything up to body */ + svm_fifo_dequeue_drop (ts->rx_fifo, msg.data.body_offset); + ctx->to_recv = msg.data.body_len; + /* prepare vector for response body */ + vec_validate (ctx->resp_body, msg.data.body_len - 1); + vec_reset_length (ctx->resp_body); + +Now we can start reading body content, following block of code could be executed multiple times: + +.. code-block:: C + + /* dequeue */ + u32 max_deq = svm_fifo_max_dequeue (ts->rx_fifo); + u32 n_deq = clib_min (to_recv, max_deq); + /* current offset */ + u32 curr = vec_len (ctx->resp_body); + rv = svm_fifo_dequeue (ts->rx_fifo, n_deq, ctx->resp_body + curr); + if (rv < 0 || rv != n_deq) + { + /* your error handling */ + } + /* update length of the vector */ + vec_set_len (ctx->resp_body, curr + n_deq); + /* update number of remaining bytes to receive */ + ASSERT (to_recv >= rv); + ctx->to_recv -= rv; + /* check if all data received */ + if (ctx->to_recv == 0) + { + /* we are done */ + /* close the session if you don't want to send another request */ + /* and update state machine... */ + } diff --git a/src/plugins/http/http_status_codes.h b/src/plugins/http/http_status_codes.h new file mode 100644 index 00000000000..14b6b7db42d --- /dev/null +++ b/src/plugins/http/http_status_codes.h @@ -0,0 +1,27 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#ifndef SRC_PLUGINS_HTTP_HTTP_STATUS_CODES_H_ +#define SRC_PLUGINS_HTTP_HTTP_STATUS_CODES_H_ + +#include <http/http.h> + +const char *http_status_code_str[] = { +#define _(c, s, str) str, + foreach_http_status_code +#undef _ +}; + +static inline u8 * +format_http_status_code (u8 *s, va_list *va) +{ + http_status_code_t status_code = va_arg (*va, http_status_code_t); + if (status_code < HTTP_N_STATUS) + s = format (s, "%s", http_status_code_str[status_code]); + else + s = format (s, "invalid status code %d", status_code); + return s; +} + +#endif /* SRC_PLUGINS_HTTP_HTTP_STATUS_CODES_H_ */ diff --git a/src/plugins/http/http_test.c b/src/plugins/http/http_test.c new file mode 100644 index 00000000000..1f2f21dd19a --- /dev/null +++ b/src/plugins/http/http_test.c @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#include <http/http.h> + +static clib_error_t * +test_http_authority_command_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + u8 *target = 0; + http_uri_t authority; + int rv; + + if (!unformat (input, "%v", &target)) + return clib_error_return (0, "error: no input provided"); + + rv = http_parse_authority_form_target (target, &authority); + vec_free (target); + if (rv) + return clib_error_return (0, "error: parsing failed"); + + target = http_serialize_authority_form_target (&authority); + vlib_cli_output (vm, "%v", target); + vec_free (target); + + return 0; +} + +VLIB_CLI_COMMAND (test_http_authority_command) = { + .path = "test http authority-form", + .short_help = "test dns authority-form", + .function = test_http_authority_command_fn, +}; diff --git a/src/plugins/http/http_timer.c b/src/plugins/http/http_timer.c index c8fc6328855..5ee8efc8551 100644 --- a/src/plugins/http/http_timer.c +++ b/src/plugins/http/http_timer.c @@ -71,8 +71,8 @@ http_timers_init (vlib_main_t *vm, http_conn_timeout_fn *cb_fn) http_tw_ctx_t *twc = &http_tw_ctx; vlib_node_t *n; - if (twc->tw.timers) - return; + ASSERT (twc->tw.timers == 0); + tw_timer_wheel_init_2t_1w_2048sl (&twc->tw, http_timer_process_expired_cb, 1.0 /* timer interval */, ~0); clib_spinlock_init (&twc->tw_lock); diff --git a/src/plugins/http_static/builtinurl/json_urls.c b/src/plugins/http_static/builtinurl/json_urls.c index 8578be147f3..19c5245e4b2 100644 --- a/src/plugins/http_static/builtinurl/json_urls.c +++ b/src/plugins/http_static/builtinurl/json_urls.c @@ -45,6 +45,7 @@ handle_get_version (hss_url_handler_args_t *args) args->data = s; args->data_len = vec_len (s); + args->ct = HTTP_CONTENT_APP_JSON; args->free_vec_data = 1; return HSS_URL_HANDLER_OK; } @@ -117,6 +118,7 @@ handle_get_interface_stats (hss_url_handler_args_t *args) out: args->data = s; args->data_len = vec_len (s); + args->ct = HTTP_CONTENT_APP_JSON; args->free_vec_data = 1; vec_free (sw_if_indices); vec_free (stats); @@ -157,6 +159,7 @@ handle_get_interface_list (hss_url_handler_args_t *args) args->data = s; args->data_len = vec_len (s); + args->ct = HTTP_CONTENT_APP_JSON; args->free_vec_data = 1; return HSS_URL_HANDLER_OK; } diff --git a/src/plugins/http_static/http_cache.c b/src/plugins/http_static/http_cache.c index 8b9751b7f78..7a069dace00 100644 --- a/src/plugins/http_static/http_cache.c +++ b/src/plugins/http_static/http_cache.c @@ -421,19 +421,19 @@ format_hss_cache (u8 *s, va_list *args) { s = format (s, "cache size %lld bytes, limit %lld bytes, evictions %lld", hc->cache_size, hc->cache_limit, hc->cache_evictions); - return 0; + return s; } vm = vlib_get_main (); now = vlib_time_now (vm); - s = format (s, "%U", format_hss_cache_entry, 0 /* header */, now); + s = format (s, "%U\n", format_hss_cache_entry, 0 /* header */, now); for (index = hc->first_index; index != ~0;) { ce = pool_elt_at_index (hc->cache_pool, index); index = ce->next_index; - s = format (s, "%U", format_hss_cache_entry, ce, now); + s = format (s, "%U\n", format_hss_cache_entry, ce, now); } s = format (s, "%40s%12lld", "Total Size", hc->cache_size); diff --git a/src/plugins/http_static/http_static.api b/src/plugins/http_static/http_static.api index 4d6d8bfe9b5..dd4f513a420 100644 --- a/src/plugins/http_static/http_static.api +++ b/src/plugins/http_static/http_static.api @@ -2,7 +2,8 @@ /** \file This file defines static http server control-plane API messages */ -option version = "2.1.0"; + +option version = "2.2.0"; /** \brief Configure and enable the static http server @param client_index - opaque cookie to identify the sender @@ -16,6 +17,39 @@ option version = "2.1.0"; */ autoreply define http_static_enable { + option deprecated; + + /* Client identifier, set from api_main.my_client_index */ + u32 client_index; + + /* Arbitrary context, so client can match reply to request */ + u32 context; + /* Typical options */ + u32 fifo_size; + u32 cache_size_limit; + /* Unusual options */ + u32 prealloc_fifos; + u32 private_segment_size; + + /* Root of the html path */ + string www_root[256]; + /* The bind URI */ + string uri[256]; +}; + +/** \brief Configure and enable the static http server + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param fifo_size - size (in bytes) of the session FIFOs + @param cache_size_limit - size (in bytes) of the in-memory file data cache + @param max_age - how long a response is considered fresh (in seconds) + @param prealloc_fifos - number of preallocated fifos (usually 0) + @param private_segment_size - fifo segment size (usually 0) + @param www_root - html root path + @param uri - bind URI, defaults to "tcp://0.0.0.0/80" +*/ + +autoreply define http_static_enable_v2 { /* Client identifier, set from api_main.my_client_index */ u32 client_index; @@ -24,6 +58,7 @@ autoreply define http_static_enable { /* Typical options */ u32 fifo_size; u32 cache_size_limit; + u32 max_age [default=600]; /* Unusual options */ u32 prealloc_fifos; u32 private_segment_size; diff --git a/src/plugins/http_static/http_static.c b/src/plugins/http_static/http_static.c index 8f8fe37b7c1..9a98763b312 100644 --- a/src/plugins/http_static/http_static.c +++ b/src/plugins/http_static/http_static.c @@ -66,7 +66,7 @@ hss_register_url_handler (hss_url_handler_fn fp, const char *url, */ static int hss_enable_api (u32 fifo_size, u32 cache_limit, u32 prealloc_fifos, - u32 private_segment_size, u8 *www_root, u8 *uri) + u32 private_segment_size, u8 *www_root, u8 *uri, u32 max_age) { hss_main_t *hsm = &hss_main; int rv; @@ -77,6 +77,7 @@ hss_enable_api (u32 fifo_size, u32 cache_limit, u32 prealloc_fifos, hsm->private_segment_size = private_segment_size; hsm->www_root = format (0, "%s%c", www_root, 0); hsm->uri = format (0, "%s%c", uri, 0); + hsm->max_age = max_age; if (vec_len (hsm->www_root) < 2) return VNET_API_ERROR_INVALID_VALUE; @@ -110,14 +111,33 @@ static void vl_api_http_static_enable_t_handler mp->uri[ARRAY_LEN (mp->uri) - 1] = 0; mp->www_root[ARRAY_LEN (mp->www_root) - 1] = 0; - rv = - hss_enable_api (ntohl (mp->fifo_size), ntohl (mp->cache_size_limit), - ntohl (mp->prealloc_fifos), - ntohl (mp->private_segment_size), mp->www_root, mp->uri); + rv = hss_enable_api (ntohl (mp->fifo_size), ntohl (mp->cache_size_limit), + ntohl (mp->prealloc_fifos), + ntohl (mp->private_segment_size), mp->www_root, mp->uri, + HSS_DEFAULT_MAX_AGE); REPLY_MACRO (VL_API_HTTP_STATIC_ENABLE_REPLY); } +/* API message handler */ +static void +vl_api_http_static_enable_v2_t_handler (vl_api_http_static_enable_v2_t *mp) +{ + vl_api_http_static_enable_v2_reply_t *rmp; + hss_main_t *hsm = &hss_main; + int rv; + + mp->uri[ARRAY_LEN (mp->uri) - 1] = 0; + mp->www_root[ARRAY_LEN (mp->www_root) - 1] = 0; + + rv = hss_enable_api (ntohl (mp->fifo_size), ntohl (mp->cache_size_limit), + ntohl (mp->prealloc_fifos), + ntohl (mp->private_segment_size), mp->www_root, mp->uri, + ntohl (mp->max_age)); + + REPLY_MACRO (VL_API_HTTP_STATIC_ENABLE_V2_REPLY); +} + #include <http_static/http_static.api.c> static clib_error_t * hss_api_init (vlib_main_t *vm) diff --git a/src/plugins/http_static/http_static.h b/src/plugins/http_static/http_static.h index 8f336e83d58..f9364801a71 100644 --- a/src/plugins/http_static/http_static.h +++ b/src/plugins/http_static/http_static.h @@ -23,6 +23,8 @@ #include <vppinfra/error.h> #include <http_static/http_cache.h> +#define HSS_DEFAULT_MAX_AGE 600 + /** @file http_static.h * Static http server definitions */ @@ -50,8 +52,10 @@ typedef struct int free_data; /** File cache pool index */ u32 cache_pool_index; - /** Content type, e.g. text, text/javascript, etc. */ - http_content_type_t content_type; + /** Response header list */ + http_header_t *resp_headers; + /** Serialized headers to send */ + u8 *headers_buf; } hss_session_t; typedef struct hss_session_handle_ @@ -91,6 +95,7 @@ typedef struct hss_url_handler_args_ uword data_len; u8 free_vec_data; http_status_code_t sc; + http_content_type_t ct; }; }; } hss_url_handler_args_t; @@ -153,6 +158,10 @@ typedef struct u8 enable_url_handlers; /** Max cache size before LRU occurs */ u64 cache_size; + /** How long a response is considered fresh (in seconds) */ + u32 max_age; + /** Formatted max_age: "max-age=xyz" */ + u8 *max_age_formatted; /** hash table of file extensions to mime types string indices */ uword *mime_type_indices_by_file_extensions; diff --git a/src/plugins/http_static/http_static_test.c b/src/plugins/http_static/http_static_test.c index 3503a1b0812..f701c8b9ee7 100644 --- a/src/plugins/http_static/http_static_test.c +++ b/src/plugins/http_static/http_static_test.c @@ -18,6 +18,7 @@ #include <vlibapi/api.h> #include <vlibmemory/api.h> #include <vppinfra/error.h> +#include <http_static/http_static.h> uword unformat_sw_if_index (unformat_input_t * input, va_list * args); @@ -126,6 +127,96 @@ api_http_static_enable (vat_main_t * vam) return ret; } +static int +api_http_static_enable_v2 (vat_main_t *vam) +{ + unformat_input_t *line_input = vam->input; + vl_api_http_static_enable_v2_t *mp; + u64 tmp; + u8 *www_root = 0; + u8 *uri = 0; + u32 prealloc_fifos = 0; + u32 private_segment_size = 0; + u32 fifo_size = 8 << 10; + u32 cache_size_limit = 1 << 20; + u32 max_age = HSS_DEFAULT_MAX_AGE; + int ret; + + /* Parse args required to build the message */ + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "www-root %s", &www_root)) + ; + else if (unformat (line_input, "prealloc-fifos %d", &prealloc_fifos)) + ; + else if (unformat (line_input, "private-segment-size %U", + unformat_memory_size, &tmp)) + { + if (tmp >= 0x100000000ULL) + { + errmsg ("private segment size %llu, too large", tmp); + return -99; + } + private_segment_size = (u32) tmp; + } + else if (unformat (line_input, "fifo-size %U", unformat_memory_size, + &tmp)) + { + if (tmp >= 0x100000000ULL) + { + errmsg ("fifo-size %llu, too large", tmp); + return -99; + } + fifo_size = (u32) tmp; + } + else if (unformat (line_input, "cache-size %U", unformat_memory_size, + &tmp)) + { + if (tmp < (128ULL << 10)) + { + errmsg ("cache-size must be at least 128kb"); + return -99; + } + cache_size_limit = (u32) tmp; + } + else if (unformat (line_input, "max-age %d", &max_age)) + ; + else if (unformat (line_input, "uri %s", &uri)) + ; + else + { + errmsg ("unknown input `%U'", format_unformat_error, line_input); + return -99; + } + } + + if (www_root == 0) + { + errmsg ("Must specify www-root"); + return -99; + } + + if (uri == 0) + uri = format (0, "tcp://0.0.0.0/80%c", 0); + + /* Construct the API message */ + M (HTTP_STATIC_ENABLE_V2, mp); + strncpy_s ((char *) mp->www_root, 256, (const char *) www_root, 256); + strncpy_s ((char *) mp->uri, 256, (const char *) uri, 256); + mp->fifo_size = ntohl (fifo_size); + mp->cache_size_limit = ntohl (cache_size_limit); + mp->prealloc_fifos = ntohl (prealloc_fifos); + mp->private_segment_size = ntohl (private_segment_size); + mp->max_age = ntohl (max_age); + + /* send it... */ + S (mp); + + /* Wait for a reply... */ + W (ret); + return ret; +} + #include <http_static/http_static.api_test.c> /* diff --git a/src/plugins/http_static/static_server.c b/src/plugins/http_static/static_server.c index 26224989332..40de6cb578d 100644 --- a/src/plugins/http_static/static_server.c +++ b/src/plugins/http_static/static_server.c @@ -19,6 +19,9 @@ #include <sys/stat.h> #include <unistd.h> +#include <http/http_header_names.h> +#include <http/http_content_types.h> + /** @file static_server.c * Static http server, sufficient to serve .html / .css / .js content. */ @@ -83,48 +86,79 @@ start_send_data (hss_session_t *hs, http_status_code_t status) { http_msg_t msg; session_t *ts; + u8 *headers_buf = 0; int rv; ts = session_get (hs->vpp_session_index, hs->thread_index); + if (vec_len (hs->resp_headers)) + { + headers_buf = http_serialize_headers (hs->resp_headers); + vec_free (hs->resp_headers); + msg.data.headers_offset = 0; + msg.data.headers_len = vec_len (headers_buf); + } + else + { + msg.data.headers_offset = 0; + msg.data.headers_len = 0; + } + msg.type = HTTP_MSG_REPLY; msg.code = status; - msg.content_type = hs->content_type; - msg.data.len = hs->data_len; + msg.data.body_len = hs->data_len; + msg.data.len = msg.data.body_len + msg.data.headers_len; - if (hs->data_len > hss_main.use_ptr_thresh) + if (msg.data.len > hss_main.use_ptr_thresh) { msg.data.type = HTTP_MSG_DATA_PTR; rv = svm_fifo_enqueue (ts->tx_fifo, sizeof (msg), (u8 *) &msg); ASSERT (rv == sizeof (msg)); + if (msg.data.headers_len) + { + hs->headers_buf = headers_buf; + uword headers = pointer_to_uword (hs->headers_buf); + rv = + svm_fifo_enqueue (ts->tx_fifo, sizeof (headers), (u8 *) &headers); + ASSERT (rv == sizeof (headers)); + } + uword data = pointer_to_uword (hs->data); rv = svm_fifo_enqueue (ts->tx_fifo, sizeof (data), (u8 *) &data); - ASSERT (rv == sizeof (sizeof (data))); + ASSERT (rv == sizeof (data)); goto done; } msg.data.type = HTTP_MSG_DATA_INLINE; + msg.data.body_offset = msg.data.headers_len; rv = svm_fifo_enqueue (ts->tx_fifo, sizeof (msg), (u8 *) &msg); ASSERT (rv == sizeof (msg)); - if (!msg.data.len) + if (msg.data.headers_len) + { + rv = svm_fifo_enqueue (ts->tx_fifo, vec_len (headers_buf), headers_buf); + ASSERT (rv == msg.data.headers_len); + vec_free (headers_buf); + } + + if (!msg.data.body_len) goto done; rv = svm_fifo_enqueue (ts->tx_fifo, hs->data_len, hs->data); if (rv != hs->data_len) { - hs->data_offset = rv; + hs->data_offset = (rv > 0) ? rv : 0; svm_fifo_add_want_deq_ntf (ts->tx_fifo, SVM_FIFO_WANT_DEQ_NOTIF); } done: if (svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); } __clib_export void @@ -142,6 +176,15 @@ hss_session_send_data (hss_url_handler_args_t *args) hs->data = args->data; hs->data_len = args->data_len; hs->free_data = args->free_vec_data; + + /* Set content type only if we have some response data */ + if (hs->data_len) + { + http_add_header (&hs->resp_headers, + http_header_name_token (HTTP_HEADER_CONTENT_TYPE), + http_content_type_token (args->ct)); + } + start_send_data (hs, args->sc); } @@ -217,7 +260,6 @@ try_url_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt, http_status_code_t sc = HTTP_STATUS_OK; hss_url_handler_args_t args = {}; uword *p, *url_table; - http_content_type_t type; int rv; if (!hsm->enable_url_handlers || !target_path) @@ -229,8 +271,6 @@ try_url_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt, target_path = format (target_path, "index.html"); } - type = content_type_from_request (target_path); - /* Look for built-in GET / POST handlers */ url_table = (rt == HTTP_REQ_GET) ? hsm->get_url_handlers : hsm->post_url_handlers; @@ -263,17 +303,24 @@ try_url_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt, { clib_warning ("builtin handler %llx hit on %s '%s' but failed!", p[0], (rt == HTTP_REQ_GET) ? "GET" : "POST", target_path); - sc = HTTP_STATUS_NOT_FOUND; + sc = HTTP_STATUS_BAD_GATEWAY; } hs->data = args.data; hs->data_len = args.data_len; hs->free_data = args.free_vec_data; - hs->content_type = type; + + /* Set content type only if we have some response data */ + if (hs->data_len) + { + http_add_header (&hs->resp_headers, + http_header_name_token (HTTP_HEADER_CONTENT_TYPE), + http_content_type_token (args.ct)); + } start_send_data (hs, sc); - if (!hs->data) + if (!hs->data_len) hss_session_disconnect_transport (hs); return 0; @@ -337,18 +384,20 @@ try_index_file (hss_main_t *hsm, hss_session_t *hs, u8 *path) } redirect = - format (0, - "Location: http%s://%U%s%s\r\n\r\n", - proto == TRANSPORT_PROTO_TLS ? "s" : "", format_ip46_address, - &endpt.ip, endpt.is_ip4, print_port ? port_str : (u8 *) "", path); + format (0, "http%s://%U%s%s", proto == TRANSPORT_PROTO_TLS ? "s" : "", + format_ip46_address, &endpt.ip, endpt.is_ip4, + print_port ? port_str : (u8 *) "", path); if (hsm->debug_level > 0) clib_warning ("redirect: %s", redirect); vec_free (port_str); - hs->data = redirect; - hs->data_len = vec_len (redirect); + http_add_header (&hs->resp_headers, + http_header_name_token (HTTP_HEADER_LOCATION), + (const char *) redirect, vec_len (redirect)); + hs->data = redirect; /* TODO: find better way */ + hs->data_len = 0; hs->free_data = 1; return HTTP_STATUS_MOVED; @@ -367,8 +416,6 @@ try_file_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt, if (!hsm->www_root) return -1; - type = content_type_from_request (target); - /* Remove dot segments to prevent path traversal */ sanitized_path = http_path_remove_dot_segments (target); @@ -420,11 +467,22 @@ try_file_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt, hs->path = path; hs->cache_pool_index = ce_index; + /* Set following headers only for happy path: + * Content-Type + * Cache-Control max-age + */ + type = content_type_from_request (target); + http_add_header (&hs->resp_headers, + http_header_name_token (HTTP_HEADER_CONTENT_TYPE), + http_content_type_token (type)); + http_add_header ( + &hs->resp_headers, http_header_name_token (HTTP_HEADER_CACHE_CONTROL), + (const char *) hsm->max_age_formatted, vec_len (hsm->max_age_formatted)); + done: vec_free (sanitized_path); - hs->content_type = type; start_send_data (hs, sc); - if (!hs->data) + if (!hs->data_len) hss_session_disconnect_transport (hs); return 0; @@ -459,6 +517,8 @@ hss_ts_rx_callback (session_t *ts) if (hs->free_data) vec_free (hs->data); hs->data = 0; + hs->resp_headers = 0; + vec_free (hs->headers_buf); /* Read the http message header */ rv = svm_fifo_dequeue (ts->rx_fifo, sizeof (msg), (u8 *) &msg); @@ -467,6 +527,9 @@ hss_ts_rx_callback (session_t *ts) if (msg.type != HTTP_MSG_REQUEST || (msg.method_type != HTTP_REQ_GET && msg.method_type != HTTP_REQ_POST)) { + http_add_header (&hs->resp_headers, + http_header_name_token (HTTP_HEADER_ALLOW), + http_token_lit ("GET, POST")); start_send_data (hs, HTTP_STATUS_METHOD_NOT_ALLOWED); goto done; } @@ -554,7 +617,7 @@ hss_ts_tx_callback (session_t *ts) } if (svm_fifo_set_event (ts->tx_fifo)) - session_send_io_evt_to_thread (ts->tx_fifo, SESSION_IO_EVT_TX); + session_program_tx_io_evt (ts->handle, SESSION_IO_EVT_TX); return 0; } @@ -648,6 +711,7 @@ hss_ts_cleanup (session_t *s, session_cleanup_ntf_t ntf) hs->data = 0; hs->data_offset = 0; hs->free_data = 0; + vec_free (hs->headers_buf); vec_free (hs->path); hss_session_free (hs); @@ -798,6 +862,8 @@ hss_create (vlib_main_t *vm) if (hsm->enable_url_handlers) hss_url_handlers_init (hsm); + hsm->max_age_formatted = format (0, "max-age=%d", hsm->max_age); + return 0; } @@ -818,6 +884,7 @@ hss_create_command_fn (vlib_main_t *vm, unformat_input_t *input, hsm->private_segment_size = 0; hsm->fifo_size = 0; hsm->cache_size = 10 << 20; + hsm->max_age = HSS_DEFAULT_MAX_AGE; /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) @@ -849,6 +916,8 @@ hss_create_command_fn (vlib_main_t *vm, unformat_input_t *input, ; else if (unformat (line_input, "url-handlers")) hsm->enable_url_handlers = 1; + else if (unformat (line_input, "max-age %d", &hsm->max_age)) + ; else { error = clib_error_return (0, "unknown input `%U'", @@ -906,8 +975,8 @@ VLIB_CLI_COMMAND (hss_create_command, static) = { .path = "http static server", .short_help = "http static server www-root <path> [prealloc-fifos <nn>]\n" - "[private-segment-size <nnMG>] [fifo-size <nbytes>] [uri <uri>]\n" - "[ptr-thresh <nn>] [url-handlers] [debug [nn]]\n", + "[private-segment-size <nnMG>] [fifo-size <nbytes>] [max-age <nseconds>]\n" + "[uri <uri>] [ptr-thresh <nn>] [url-handlers] [debug [nn]]\n", .function = hss_create_command_fn, }; diff --git a/src/plugins/ikev2/CMakeLists.txt b/src/plugins/ikev2/CMakeLists.txt index 568271ed7d9..dd2b49d6651 100644 --- a/src/plugins/ikev2/CMakeLists.txt +++ b/src/plugins/ikev2/CMakeLists.txt @@ -27,6 +27,7 @@ add_vpp_plugin(ikev2 ikev2_crypto.c ikev2_format.c ikev2_payload.c + ikev2_handoff.c API_FILES ikev2_types.api diff --git a/src/plugins/ikev2/ikev2.api b/src/plugins/ikev2/ikev2.api index de276e7f3ea..e2ff8fb8268 100644 --- a/src/plugins/ikev2/ikev2.api +++ b/src/plugins/ikev2/ikev2.api @@ -658,6 +658,12 @@ counters ikev2 { units "packets"; description "IKE AUTH SA requests received"; }; + handoff { + severity info; + type counter64; + units "packets"; + description "IKE packets handoff"; + }; }; paths { "/err/ikev2-ip4" "ike"; diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index 9bea2c96d12..f66469a24d1 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -97,6 +97,7 @@ format_ikev2_gen_sa_error (u8 * s, va_list * args) typedef enum { IKEV2_NEXT_IP4_LOOKUP, + IKEV2_NEXT_IP4_HANDOFF, IKEV2_NEXT_IP4_ERROR_DROP, IKEV2_IP4_N_NEXT, } ikev2_ip4_next_t; @@ -104,6 +105,7 @@ typedef enum typedef enum { IKEV2_NEXT_IP6_LOOKUP, + IKEV2_NEXT_IP6_HANDOFF, IKEV2_NEXT_IP6_ERROR_DROP, IKEV2_IP6_N_NEXT, } ikev2_ip6_next_t; @@ -3187,6 +3189,7 @@ ikev2_node_internal (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b; u16 nexts[VLIB_FRAME_SIZE], *next = nexts; ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data (); + u32 thread_index = vm->thread_index; ikev2_stats_t _stats, *stats = &_stats; int res; @@ -3213,6 +3216,14 @@ ikev2_node_internal (vlib_main_t *vm, vlib_node_runtime_t *node, int ip_hdr_sz = 0; int is_req = 0; + if (PREDICT_TRUE (thread_index != km->handoff_thread)) + { + vlib_node_increment_counter (vm, node->node_index, + IKEV2_ERROR_HANDOFF, 1); + + next[0] = is_ip4 ? IKEV2_NEXT_IP4_HANDOFF : IKEV2_NEXT_IP6_HANDOFF; + goto out; + } if (natt) { u8 *ptr = vlib_buffer_get_current (b0); @@ -3723,6 +3734,8 @@ ikev2_node_internal (vlib_main_t *vm, vlib_node_runtime_t *node, ikev2_delete_sa (ptd, sa0); } + + out: if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) && (b0->flags & VLIB_BUFFER_IS_TRACED))) { @@ -3775,6 +3788,7 @@ VLIB_REGISTER_NODE (ikev2_node_ip4,static) = { .n_next_nodes = IKEV2_IP4_N_NEXT, .next_nodes = { [IKEV2_NEXT_IP4_LOOKUP] = "ip4-lookup", + [IKEV2_NEXT_IP4_HANDOFF] = "ikev2-ip4-handoff", [IKEV2_NEXT_IP4_ERROR_DROP] = "error-drop", }, }; @@ -3792,6 +3806,7 @@ VLIB_REGISTER_NODE (ikev2_node_ip4_natt,static) = { .n_next_nodes = IKEV2_IP4_N_NEXT, .next_nodes = { [IKEV2_NEXT_IP4_LOOKUP] = "ip4-lookup", + [IKEV2_NEXT_IP4_HANDOFF] = "ikev2-ip4-natt-handoff", [IKEV2_NEXT_IP4_ERROR_DROP] = "error-drop", }, }; @@ -3809,6 +3824,7 @@ VLIB_REGISTER_NODE (ikev2_node_ip6,static) = { .n_next_nodes = IKEV2_IP6_N_NEXT, .next_nodes = { [IKEV2_NEXT_IP6_LOOKUP] = "ip6-lookup", + [IKEV2_NEXT_IP4_HANDOFF] = "ikev2-ip6-handoff", [IKEV2_NEXT_IP6_ERROR_DROP] = "error-drop", }, }; @@ -5126,6 +5142,8 @@ ikev2_init (vlib_main_t * vm) km->liveness_period = IKEV2_LIVENESS_PERIOD_CHECK; km->liveness_max_retries = IKEV2_LIVENESS_RETRIES; + km->handoff_thread = vlib_num_workers () ? 1 : 0; + return 0; } @@ -5133,6 +5151,31 @@ VLIB_INIT_FUNCTION (ikev2_init) = { .runs_after = VLIB_INITS ("ipsec_init", "ipsec_punt_init"), }; +static clib_error_t * +ikev2_config (vlib_main_t *vm, unformat_input_t *input) +{ + ikev2_main_t *km = &ikev2_main; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "handoff-thread %d", &km->handoff_thread)) + { + if (km->handoff_thread > vlib_num_workers ()) + { + return clib_error_return (0, "wrong handoff-thread %d", + km->handoff_thread); + } + } + else + return clib_error_return (0, "unknown input `%U'", format_unformat_error, + input); + } + + return 0; +} + +VLIB_CONFIG_FUNCTION (ikev2_config, "ikev2"); + static u8 ikev2_mngr_process_child_sa (ikev2_sa_t * sa, ikev2_child_sa_t * csa, u8 del_old_ids) @@ -5447,6 +5490,7 @@ ikev2_send_informational_request (ikev2_sa_t * sa) } dp = sa->dst_port ? sa->dst_port : ikev2_get_port (sa); + ikev2_send_ike (km->vlib_main, src, dst, bi0, len, ikev2_get_port (sa), dp, sa->sw_if_index); } @@ -5625,6 +5669,15 @@ ikev2_lazy_init (ikev2_main_t *km) if (!km->dns_resolve_name_ptr) ikev2_log_error ("cannot load symbols from dns plugin"); + km->handoff_ip4_fq_index = + vlib_frame_queue_main_init (ikev2_node_ip4.index, 0); + + km->handoff_ip4_natt_fq_index = + vlib_frame_queue_main_init (ikev2_node_ip4_natt.index, 0); + + km->handoff_ip6_fq_index = + vlib_frame_queue_main_init (ikev2_node_ip6.index, 0); + /* wake up ikev2 process */ vlib_process_signal_event (vlib_get_first_main (), ikev2_mngr_process_node.index, 0, 0); diff --git a/src/plugins/ikev2/ikev2_api.c b/src/plugins/ikev2/ikev2_api.c index c9608aa660b..e09bde3cbe2 100644 --- a/src/plugins/ikev2/ikev2_api.c +++ b/src/plugins/ikev2/ikev2_api.c @@ -577,6 +577,7 @@ vl_api_ikev2_child_sa_dump_t_handler (vl_api_ikev2_child_sa_dump_t * mp) vec_foreach (child, sa->childs) { u32 child_sa_index = child - sa->childs; + sai = ikev2_encode_sa_index (sai, tkm - im->per_thread_data); send_child_sa (child, mp, child_sa_index, sai); } } diff --git a/src/plugins/ikev2/ikev2_crypto.c b/src/plugins/ikev2/ikev2_crypto.c index 3d4ad0a28ed..58167e2322e 100644 --- a/src/plugins/ikev2/ikev2_crypto.c +++ b/src/plugins/ikev2/ikev2_crypto.c @@ -481,15 +481,14 @@ ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa, int BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen) { - int r = BN_bn2bin (a, to); + int r = BN_num_bytes (a); ASSERT (tolen >= r); int pad = tolen - r; if (pad) { - vec_insert (to, pad, 0); clib_memset (to, 0, pad); - vec_dec_len (to, pad); } + BN_bn2bin (a, to + pad); return tolen; } #endif diff --git a/src/plugins/ikev2/ikev2_handoff.c b/src/plugins/ikev2/ikev2_handoff.c new file mode 100644 index 00000000000..8f55985bce8 --- /dev/null +++ b/src/plugins/ikev2/ikev2_handoff.c @@ -0,0 +1,165 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <vlib/vlib.h> +#include <vnet/vnet.h> +#include <ikev2/ikev2_priv.h> + +extern ikev2_main_t ikev2_main; + +#define foreach_ikev2_handoff_error _ (CONGESTION_DROP, "congestion drop") + +typedef enum +{ +#define _(sym, str) IKEV2_HANDOFF_ERROR_##sym, + foreach_ikev2_handoff_error +#undef _ + IKEV2_HANDOFF_N_ERROR, +} ikev2_handoff_error_t; + +static char *ikev2_handoff_error_strings[] = { +#define _(sym, string) string, + foreach_ikev2_handoff_error +#undef _ +}; + +typedef struct ikev2_handoff_trace_t_ +{ + u32 current_worker_index; + u32 next_worker_index; +} ikev2_handoff_trace_t; + +u8 * +format_ikev2_handoff_trace (u8 *s, va_list *args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + + ikev2_handoff_trace_t *t = va_arg (*args, ikev2_handoff_trace_t *); + s = format (s, "ikev2 handoff %d to %d", t->current_worker_index, + t->next_worker_index); + return s; +} + +static_always_inline uword +ikev2_handoff_inline (vlib_main_t *vm, vlib_node_runtime_t *node, + vlib_frame_t *frame, u32 fq_index) +{ + ikev2_main_t *km = &ikev2_main; + vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b; + u16 thread_indices[VLIB_FRAME_SIZE], *ti; + u32 n_enq, n_left_from, *from; + u32 this_thread; + + this_thread = vm->thread_index; + + from = vlib_frame_vector_args (frame); + n_left_from = frame->n_vectors; + vlib_get_buffers (vm, from, bufs, n_left_from); + + b = bufs; + ti = thread_indices; + + while (n_left_from > 0) + { + ti[0] = km->handoff_thread; + + if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) && + b[0]->flags & VLIB_BUFFER_IS_TRACED)) + { + ikev2_handoff_trace_t *t = + vlib_add_trace (vm, node, b[0], sizeof (*t)); + t->current_worker_index = this_thread; + t->next_worker_index = ti[0]; + } + n_left_from--; + ti++; + b++; + } + + n_enq = vlib_buffer_enqueue_to_thread (vm, node, fq_index, from, + thread_indices, frame->n_vectors, 1); + + if (n_enq < frame->n_vectors) + vlib_node_increment_counter (vm, node->node_index, + IKEV2_HANDOFF_ERROR_CONGESTION_DROP, + frame->n_vectors - n_enq); + return n_enq; +} + +/* Do worker handoff based on the ikev2's thread_index */ +VLIB_NODE_FN (ikev2_ip4_handoff) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *from_frame) +{ + ikev2_main_t *km = &ikev2_main; + + return ikev2_handoff_inline (vm, node, from_frame, km->handoff_ip4_fq_index); +} + +VLIB_NODE_FN (ikev2_ip4_natt_handoff) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *from_frame) +{ + ikev2_main_t *km = &ikev2_main; + + return ikev2_handoff_inline (vm, node, from_frame, + km->handoff_ip4_natt_fq_index); +} + +VLIB_NODE_FN (ikev2_ip6_handoff) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *from_frame) +{ + ikev2_main_t *km = &ikev2_main; + + return ikev2_handoff_inline (vm, node, from_frame, km->handoff_ip6_fq_index); +} + +VLIB_REGISTER_NODE (ikev2_ip4_handoff) = { + .name = "ikev2-ip4-handoff", + .vector_size = sizeof (u32), + .format_trace = format_ikev2_handoff_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = ARRAY_LEN(ikev2_handoff_error_strings), + .error_strings = ikev2_handoff_error_strings, + .n_next_nodes = 1, + .next_nodes = { + [0] = "error-drop", + }, +}; + +VLIB_REGISTER_NODE (ikev2_ip4_natt_handoff) = { + .name = "ikev2-ip4-natt-handoff", + .vector_size = sizeof (u32), + .format_trace = format_ikev2_handoff_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = ARRAY_LEN(ikev2_handoff_error_strings), + .error_strings = ikev2_handoff_error_strings, + .n_next_nodes = 1, + .next_nodes = { + [0] = "error-drop", + }, +}; + +VLIB_REGISTER_NODE (ikev2_ip6_handoff) = { + .name = "ikev2-ip6-handoff", + .vector_size = sizeof (u32), + .format_trace = format_ikev2_handoff_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = ARRAY_LEN(ikev2_handoff_error_strings), + .error_strings = ikev2_handoff_error_strings, + .n_next_nodes = 1, + .next_nodes = { + [0] = "error-drop", + }, +}; diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h index 0639809e9b1..96313182552 100644 --- a/src/plugins/ikev2/ikev2_priv.h +++ b/src/plugins/ikev2/ikev2_priv.h @@ -571,6 +571,12 @@ typedef struct /* punt handle for IPsec NATT IPSEC_PUNT_IP4_SPI_UDP_0 reason */ vlib_punt_hdl_t punt_hdl; + /** Worker handoff */ + u32 handoff_thread; + u32 handoff_ip4_fq_index; + u32 handoff_ip4_natt_fq_index; + u32 handoff_ip6_fq_index; + } ikev2_main_t; extern ikev2_main_t ikev2_main; diff --git a/src/plugins/mactime/builtins.c b/src/plugins/mactime/builtins.c index c487d0375bf..f726d3c03ed 100644 --- a/src/plugins/mactime/builtins.c +++ b/src/plugins/mactime/builtins.c @@ -147,6 +147,7 @@ handle_get_mactime (hss_url_handler_args_t *args) args->data = s; args->data_len = vec_len (s); + args->ct = HTTP_CONTENT_APP_JSON; args->free_vec_data = 1; return HSS_URL_HANDLER_OK; } diff --git a/src/plugins/npt66/npt66.api b/src/plugins/npt66/npt66.api index 63640ac2097..dab09cda31f 100644 --- a/src/plugins/npt66/npt66.api +++ b/src/plugins/npt66/npt66.api @@ -36,5 +36,16 @@ counters npt66 { units "packets"; description "packet translation failed"; }; - + icmp6_checksum { + severity error; + type counter64; + units "packets"; + description "ICMP6 checksum validation failed"; + }; + icmp6_truncated { + severity error; + type counter64; + units "packets"; + description "ICMP6 packet truncated"; + }; };
\ No newline at end of file diff --git a/src/plugins/npt66/npt66_node.c b/src/plugins/npt66/npt66_node.c index f74f9143998..0d0c475f2c3 100644 --- a/src/plugins/npt66/npt66_node.c +++ b/src/plugins/npt66/npt66_node.c @@ -127,10 +127,7 @@ npt66_translate (ip6_header_t *ip, npt66_binding_t *binding, int dir) if (!ip6_prefix_cmp (ip->src_address, binding->internal, binding->internal_plen)) { - clib_warning ( - "npt66_translate: src address is not internal (%U -> %U)", - format_ip6_address, &ip->src_address, format_ip6_address, - &ip->dst_address); + /* Packet is not for us */ goto done; } ip->src_address = ip6_prefix_copy (ip->src_address, binding->external, @@ -144,10 +141,7 @@ npt66_translate (ip6_header_t *ip, npt66_binding_t *binding, int dir) if (!ip6_prefix_cmp (ip->dst_address, binding->external, binding->external_plen)) { - clib_warning ( - "npt66_translate: dst address is not external (%U -> %U)", - format_ip6_address, &ip->src_address, format_ip6_address, - &ip->dst_address); + /* Packet is not for us */ goto done; } ip->dst_address = ip6_prefix_copy (ip->dst_address, binding->internal, @@ -162,7 +156,7 @@ done: static int npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip, icmp46_header_t *icmp, npt66_binding_t *binding, - int dir) + int dir, u32 *error) { ip6_header_t *ip = (ip6_header_t *) (icmp + 2); int rv = 0; @@ -171,7 +165,7 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip, if (clib_net_to_host_u16 (outer_ip->payload_length) < sizeof (icmp46_header_t) + 4 + sizeof (ip6_header_t)) { - clib_warning ("ICMP6 payload too short"); + *error = NPT66_ERROR_ICMP6_TRUNCATED; return -1; } @@ -181,7 +175,7 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip, sum16 = ip6_tcp_udp_icmp_compute_checksum (vm, b, outer_ip, &bogus_length); if (sum16 != 0 && sum16 != 0xffff) { - clib_warning ("ICMP6 checksum failed"); + *error = NPT66_ERROR_ICMP6_CHECKSUM; return -1; } if (dir == VLIB_RX) @@ -189,10 +183,7 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip, if (!ip6_prefix_cmp (ip->src_address, binding->external, binding->external_plen)) { - clib_warning ( - "npt66_icmp6_translate: src address is not internal (%U -> %U)", - format_ip6_address, &ip->src_address, format_ip6_address, - &ip->dst_address); + /* Not for us */ goto done; } ip->src_address = ip6_prefix_copy (ip->src_address, binding->internal, @@ -206,10 +197,7 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip, if (!ip6_prefix_cmp (ip->dst_address, binding->external, binding->external_plen)) { - clib_warning ( - "npt66_icmp6_translate: dst address is not external (%U -> %U)", - format_ip6_address, &ip->src_address, format_ip6_address, - &ip->dst_address); + /* Not for us */ goto done; } ip->dst_address = ip6_prefix_copy (ip->dst_address, binding->internal, @@ -217,8 +205,8 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip, rv = npt66_adjust_checksum (binding->internal_plen, false, binding->delta, &ip->dst_address); } -done: +done: return rv; } @@ -243,10 +231,12 @@ npt66_node_inline (vlib_main_t *vm, vlib_node_runtime_t *node, n_left_from = frame->n_vectors; vlib_get_buffers (vm, from, b, n_left_from); npt66_binding_t *binding; + u32 translated = 0; /* Stage 1: build vector of flow hash (based on lookup mask) */ while (n_left_from > 0) { + u32 error = NPT66_ERROR_TRANSLATION; u32 sw_if_index = vnet_buffer (b[0])->sw_if_index[dir]; u32 iph_offset = dir == VLIB_TX ? vnet_buffer (b[0])->ip.save_rewrite_length : 0; @@ -261,28 +251,26 @@ npt66_node_inline (vlib_main_t *vm, vlib_node_runtime_t *node, icmp46_header_t *icmp = (icmp46_header_t *) (ip + 1); if (ip->protocol == IP_PROTOCOL_ICMP6 && icmp->type < 128) { - rv = npt66_icmp6_translate (b[0], ip, icmp, binding, dir); + rv = npt66_icmp6_translate (b[0], ip, icmp, binding, dir, &error); if (rv < 0) { - clib_warning ("ICMP6 npt66_translate failed"); *next = NPT66_NEXT_DROP; + b[0]->error = node->errors[error]; goto next; } } - rv = npt66_translate (ip, binding, dir); + rv = npt66_translate (ip, binding, dir); if (rv < 0) { - vlib_node_increment_counter (vm, node->node_index, - NPT66_ERROR_TRANSLATION, 1); + b[0]->error = node->errors[error]; *next = NPT66_NEXT_DROP; goto next; } - else if (dir == VLIB_TX) - vlib_node_increment_counter (vm, node->node_index, NPT66_ERROR_TX, 1); else - vlib_node_increment_counter (vm, node->node_index, NPT66_ERROR_RX, 1); - + { + translated++; + } next: next += 1; n_left_from -= 1; @@ -321,6 +309,9 @@ npt66_node_inline (vlib_main_t *vm, vlib_node_runtime_t *node, break; } } + vlib_node_increment_counter ( + vm, node->node_index, dir == VLIB_TX ? NPT66_ERROR_TX : NPT66_ERROR_RX, + translated); vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors); return frame->n_vectors; @@ -338,17 +329,17 @@ VLIB_NODE_FN (npt66_output_node) } VLIB_REGISTER_NODE(npt66_input_node) = { - .name = "npt66-input", - .vector_size = sizeof(u32), - .format_trace = format_npt66_trace, - .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = NPT66_N_ERROR, - .error_counters = npt66_error_counters, - .n_next_nodes = NPT66_N_NEXT, - .next_nodes = - { - [NPT66_NEXT_DROP] = "error-drop", - }, + .name = "npt66-input", + .vector_size = sizeof(u32), + .format_trace = format_npt66_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = NPT66_N_ERROR, + .error_counters = npt66_error_counters, + .n_next_nodes = NPT66_N_NEXT, + .next_nodes = + { + [NPT66_NEXT_DROP] = "error-drop", + }, }; VLIB_REGISTER_NODE (npt66_output_node) = { diff --git a/src/plugins/prom/prom.c b/src/plugins/prom/prom.c index 934e8480d3c..475e98b1038 100644 --- a/src/plugins/prom/prom.c +++ b/src/plugins/prom/prom.c @@ -191,6 +191,7 @@ send_data_to_hss (hss_session_handle_t sh) args.sh = sh; args.data = vec_dup (pm->stats); args.data_len = vec_len (pm->stats); + args.ct = HTTP_CONTENT_TEXT_PLAIN; args.sc = HTTP_STATUS_OK; args.free_vec_data = 1; @@ -207,7 +208,7 @@ static uword prom_scraper_process (vlib_main_t *vm, vlib_node_runtime_t *rt, vlib_frame_t *f) { - uword *event_data = 0, event_type; + uword *event_data = 0, event_type, *sh_as_uword; prom_main_t *pm = &prom_main; hss_session_handle_t sh; f64 timeout = 10000.0; @@ -222,12 +223,15 @@ prom_scraper_process (vlib_main_t *vm, vlib_node_runtime_t *rt, /* timeout, do nothing */ break; case PROM_SCRAPER_EVT_RUN: - sh.as_u64 = event_data[0]; vec_reset_length (pm->stats); pm->stats = scrape_stats_segment (pm->stats, pm->stats_patterns, pm->used_only); - session_send_rpc_evt_to_thread_force (sh.thread_index, - send_data_to_hss_rpc, &sh); + vec_foreach (sh_as_uword, event_data) + { + sh.as_u64 = (u64) *sh_as_uword; + session_send_rpc_evt_to_thread_force ( + sh.thread_index, send_data_to_hss_rpc, sh_as_uword); + } pm->last_scrape = vlib_time_now (vm); break; default: diff --git a/src/plugins/unittest/fib_test.c b/src/plugins/unittest/fib_test.c index fbac809d726..491d135322c 100644 --- a/src/plugins/unittest/fib_test.c +++ b/src/plugins/unittest/fib_test.c @@ -10264,7 +10264,57 @@ fib_test_inherit (void) &l99_o_10_10_10_3), "%U via interposer label", format_fib_prefix,&pfx_10_10_10_21_s_32); + fib_table_entry_special_remove(0, + &pfx_10_10_10_0_s_24, + FIB_SOURCE_SPECIAL); + + const ip46_address_t nh_0_0_0_0 = { + .ip4.as_u32 = clib_host_to_net_u32(0x00000000), + }; + const fib_prefix_t pfx_0_0_0_0_s_0 = { + .fp_len = 0, + .fp_proto = FIB_PROTOCOL_IP4, + .fp_addr = nh_0_0_0_0, + }; + /* we have prio(API) < prio(hi_src) < prio(SPECIAL) */ + /* Add/remove an interposer source from the top of the subtrie. The + * interposer source is inherited. + */ + fib_table_entry_special_dpo_add(0, + &pfx_0_0_0_0_s_0, + hi_src, + (FIB_ENTRY_FLAG_COVERED_INHERIT | + FIB_ENTRY_FLAG_INTERPOSE), + &interposer); + /* + * Add/remove an interposer source from the top of the subtrie. The + * interposer source is inherited, the previous inheritance is discarded. + */ + fib_table_entry_special_dpo_add(0, + &pfx_10_10_10_0_s_24, + FIB_SOURCE_SPECIAL, + (FIB_ENTRY_FLAG_COVERED_INHERIT | + FIB_ENTRY_FLAG_INTERPOSE), + &interposer); + /* force a tree walk */ + fib_table_entry_update_one_path(0, + &pfx_0_0_0_0_s_0, + FIB_SOURCE_API, + FIB_ENTRY_FLAG_NONE, + DPO_PROTO_IP4, + &nh_10_10_10_3, + tm->hw[0]->sw_if_index, + ~0, + 1, + NULL, + FIB_ROUTE_PATH_FLAG_NONE); + fib_table_entry_special_remove(0, + &pfx_10_10_10_0_s_24, + FIB_SOURCE_SPECIAL); + fib_table_entry_special_remove(0, + &pfx_0_0_0_0_s_0, + hi_src); /* * cleanup */ @@ -10275,6 +10325,7 @@ fib_test_inherit (void) fib_table_entry_delete(0, &pfx_10_10_10_0_s_24, FIB_SOURCE_API); fib_table_entry_delete(0, &pfx_10_10_0_0_s_16, FIB_SOURCE_API); fib_table_entry_delete(0, &pfx_10_10_10_0_s_24, FIB_SOURCE_SPECIAL); + fib_table_entry_delete(0, &pfx_0_0_0_0_s_0, FIB_SOURCE_API); adj_unlock(ai_10_10_10_1); adj_unlock(ai_10_10_10_2); adj_unlock(ai_10_10_10_3); diff --git a/src/plugins/unittest/session_test.c b/src/plugins/unittest/session_test.c index 12d000bd46f..6d28b2d25ec 100644 --- a/src/plugins/unittest/session_test.c +++ b/src/plugins/unittest/session_test.c @@ -133,7 +133,8 @@ session_create_lookpback (u32 table_id, u32 * sw_if_index, if (table_id != 0) { - ip_table_create (FIB_PROTOCOL_IP4, table_id, 0, 0); + ip_table_create (FIB_PROTOCOL_IP4, table_id, 0 /* is_api */, + 1 /* create_mfib */, 0); ip_table_bind (FIB_PROTOCOL_IP4, *sw_if_index, table_id); } diff --git a/src/plugins/unittest/util_test.c b/src/plugins/unittest/util_test.c index 53384e55494..5b7e30bc21f 100644 --- a/src/plugins/unittest/util_test.c +++ b/src/plugins/unittest/util_test.c @@ -101,6 +101,36 @@ VLIB_CLI_COMMAND (test_hash_command, static) = .function = test_hash_command_fn, }; +static void * +leak_memory_fn (void *args) +{ + u8 *p = 0; + vec_validate (p, 100); + p = 0; + return 0; +} + +static clib_error_t * +test_mem_leak_command_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + /* do memory leak from thread, so no 'unix_cli' in traceback */ + pthread_t thread; + int rv = pthread_create (&thread, NULL, leak_memory_fn, 0); + if (rv) + { + return clib_error_return (0, "pthread_create failed"); + } + + return 0; +} + +VLIB_CLI_COMMAND (test_mem_leak_command, static) = { + .path = "test mem-leak", + .short_help = "leak some memory", + .function = test_mem_leak_command_fn, +}; + /* * fd.io coding-style-patch-verification: ON * diff --git a/src/svm/svmdb.c b/src/svm/svmdb.c index 3c69dbf45ba..98bb96f3dd4 100644 --- a/src/svm/svmdb.c +++ b/src/svm/svmdb.c @@ -436,7 +436,7 @@ svmdb_local_serialize_strings (svmdb_client_t * client, char *filename) u8 *sanitized_name = 0; int fd = 0; - if (strstr (filename, "..") || index (filename, '/')) + if (strstr (filename, "..") || strchr (filename, '/')) { error = clib_error_return (0, "Illegal characters in filename '%s'", filename); diff --git a/src/tools/vppapigen/vppapigen_c.py b/src/tools/vppapigen/vppapigen_c.py index c2e1e7da7b7..2cd3c7989b3 100755 --- a/src/tools/vppapigen/vppapigen_c.py +++ b/src/tools/vppapigen/vppapigen_c.py @@ -171,14 +171,10 @@ class ToJSON: write(" {\n") # What is length field doing here? write( - ' u8 *s = format(0, "0x%U", format_hex_bytes, ' + ' char *s = format_c_string(0, "0x%U", format_hex_bytes_no_wrap, ' "&a->{n}, {lfield});\n".format(n=o.fieldname, lfield=lfield) ) - write( - ' cJSON_AddStringToObject(o, "{n}", (char *)s);\n'.format( - n=o.fieldname - ) - ) + write(' cJSON_AddStringToObject(o, "{n}", s);\n'.format(n=o.fieldname)) write(" vec_free(s);\n") write(" }\n") return @@ -275,8 +271,12 @@ class ToJSON: "(vl_api_{name}_t *a) {{\n".format(name=o.name) ) - write(' u8 *s = format(0, "%U", format_vl_api_{}_t, a);\n'.format(o.name)) - write(" cJSON *o = cJSON_CreateString((char *)s);\n") + write( + ' char *s = format_c_string(0, "%U", format_vl_api_{}_t, a);\n'.format( + o.name + ) + ) + write(" cJSON *o = cJSON_CreateString(s);\n") write(" vec_free(s);\n") write(" return o;\n") write("}\n") diff --git a/src/vat/api_format.c b/src/vat/api_format.c index 45ba025f191..48c1ccaa820 100644 --- a/src/vat/api_format.c +++ b/src/vat/api_format.c @@ -2151,7 +2151,7 @@ elog_save (vat_main_t * vam) } /* It's fairly hard to get "../oopsie" through unformat; just in case */ - if (strstr (file, "..") || index (file, '/')) + if (strstr (file, "..") || strchr (file, '/')) { errmsg ("illegal characters in filename '%s'", file); return 0; diff --git a/src/vcl/vppcom.c b/src/vcl/vppcom.c index a557093e897..56f650438a4 100644 --- a/src/vcl/vppcom.c +++ b/src/vcl/vppcom.c @@ -2619,6 +2619,7 @@ vppcom_select_eventfd (vcl_worker_t * wrk, int n_bits, vcl_mq_evt_conn_t *mqc; int __clib_unused n_read; int n_mq_evts, i; + double end = -1; u64 buf; if (PREDICT_FALSE (wrk->api_client_handle == ~0)) @@ -2628,23 +2629,45 @@ vppcom_select_eventfd (vcl_worker_t * wrk, int n_bits, } vec_validate (wrk->mq_events, pool_elts (wrk->mq_evt_conns)); - n_mq_evts = epoll_wait (wrk->mqs_epfd, wrk->mq_events, - vec_len (wrk->mq_events), time_to_wait); - for (i = 0; i < n_mq_evts; i++) + if (time_to_wait > 0) + end = clib_time_now (&wrk->clib_time) + (time_to_wait / 1e3); + + do { - if (PREDICT_FALSE (wrk->mq_events[i].data.u32 == ~0)) + n_mq_evts = epoll_wait (wrk->mqs_epfd, wrk->mq_events, + vec_len (wrk->mq_events), time_to_wait); + if (n_mq_evts < 0) { - vcl_api_handle_disconnect (wrk); - continue; + if (errno == EINTR) + continue; + + VDBG (0, "epoll_wait error %u", errno); + return 0; + } + + if (n_mq_evts == 0) + return 0; + + for (i = 0; i < n_mq_evts; i++) + { + if (PREDICT_FALSE (wrk->mq_events[i].data.u32 == ~0)) + { + vcl_api_handle_disconnect (wrk); + continue; + } + + mqc = vcl_mq_evt_conn_get (wrk, wrk->mq_events[i].data.u32); + n_read = read (mqc->mq_fd, &buf, sizeof (buf)); + vcl_select_handle_mq (wrk, mqc->mq, n_bits, read_map, write_map, + except_map, 0, bits_set); } - mqc = vcl_mq_evt_conn_get (wrk, wrk->mq_events[i].data.u32); - n_read = read (mqc->mq_fd, &buf, sizeof (buf)); - vcl_select_handle_mq (wrk, mqc->mq, n_bits, read_map, write_map, - except_map, 0, bits_set); + if (*bits_set || !time_to_wait) + return (int) *bits_set; } + while (end == -1 || clib_time_now (&wrk->clib_time) < end); - return (n_mq_evts > 0 ? (int) *bits_set : 0); + return 0; } int @@ -3407,6 +3430,9 @@ vppcom_epoll_wait_eventfd (vcl_worker_t *wrk, struct epoll_event *events, vec_len (wrk->mq_events), timeout_ms); if (n_mq_evts < 0) { + if (errno == EINTR) + continue; + VDBG (0, "epoll_wait error %u", errno); return n_evts; } diff --git a/src/vlib/cli.c b/src/vlib/cli.c index 98d57c6ccb0..4198b4b0976 100644 --- a/src/vlib/cli.c +++ b/src/vlib/cli.c @@ -43,6 +43,7 @@ #include <vppinfra/callback.h> #include <vppinfra/cpu.h> #include <vppinfra/elog.h> +#include <vppinfra/cJSON.h> #include <unistd.h> #include <ctype.h> @@ -1115,6 +1116,111 @@ VLIB_CLI_COMMAND (enable_disable_memory_trace_command, static) = { }; static clib_error_t * +save_memory_trace (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + char *file, *chroot_file; + uword was_enabled; + mheap_trace_t *t, *mem_traces = 0; + u8 *tmp; + cJSON *traces, *trace, *traceback, *symbol; + int i; + FILE *fp; + char *json_str = 0; + + cJSON_Hooks cjson_hooks = { + .malloc_fn = clib_mem_alloc, + .free_fn = clib_mem_free, + .realloc_fn = clib_mem_realloc, + }; + cJSON_InitHooks (&cjson_hooks); + + if (!unformat (input, "%s", &file)) + { + vlib_cli_output (vm, "expected file name, got `%U'", + format_unformat_error, input); + return 0; + } + + /* It's fairly hard to get "../oopsie" through unformat; just in case */ + if (strstr (file, "..") || strchr (file, '/')) + { + vlib_cli_output (vm, "illegal characters in filename '%s'", file); + return 0; + } + chroot_file = (char *) format (0, "/tmp/%s%c", file, 0); + vec_free (file); + fp = fopen ((char *) chroot_file, "w"); + if (fp == NULL) + { + vlib_cli_output (vm, "couldn't open output file %s '%s'", chroot_file); + vec_free (chroot_file); + return 0; + } + + was_enabled = clib_mem_trace_enable_disable (0); + vlib_cli_output (vm, "Saving trace to '%s'", chroot_file); + mem_traces = clib_mem_trace_dup (current_traced_heap); + traces = cJSON_CreateArray (); + vec_foreach (t, mem_traces) + { + /* Skip over free elements. */ + if (t->n_allocations == 0) + continue; + + trace = cJSON_CreateObject (); + cJSON_AddNumberToObject (trace, "count", t->n_allocations); + cJSON_AddNumberToObject (trace, "bytes", t->n_bytes); + tmp = format (0, "%p%c", t->offset, 0); + cJSON_AddStringToObject (trace, "sample", (char *) tmp); + vec_free (tmp); + traceback = cJSON_AddArrayToObject (trace, "traceback"); + for (i = 0; i < ARRAY_LEN (t->callers) && t->callers[i]; i++) + { +#if defined(CLIB_UNIX) && !defined(__APPLE__) + tmp = format (0, "%U%c\n", format_clib_elf_symbol_with_address, + t->callers[i], 0); + symbol = cJSON_CreateString ((char *) tmp); + cJSON_AddItemToArray (traceback, symbol); + vec_free (tmp); +#else + tmp = format (0, "%p%c\n", t->callers[i], 0); + symbol = cJSON_CreateString ((char *) tmp); + cJSON_AddItemToArray (traceback, symbol); + vec_free (tmp); +#endif + } + + cJSON_AddItemToArray (traces, trace); + } + json_str = cJSON_PrintUnformatted (traces); + cJSON_Delete (traces); + fputs (json_str, fp); + fclose (fp); + clib_mem_free (json_str); + + vec_free (mem_traces); + clib_mem_trace_enable_disable (was_enabled); + + vec_free (chroot_file); + + return 0; +} + +/*? + * Save memory traces of the currently traced heap in JSON format to file. + * Only filename can be specified, path is fixed (/tmp/<filename>). + * + * @cliexpar + * @cliexcmd{save memory-trace mem_trace.json} +?*/ +VLIB_CLI_COMMAND (save_memory_trace_command, static) = { + .path = "save memory-trace", + .short_help = "save memory-trace <filename>", + .function = save_memory_trace, +}; + +static clib_error_t * restart_cmd_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { diff --git a/src/vlib/format.c b/src/vlib/format.c index 7de6417be69..98010620a5d 100644 --- a/src/vlib/format.c +++ b/src/vlib/format.c @@ -198,7 +198,7 @@ unformat_vlib_tmpfile (unformat_input_t * input, va_list * args) return 0; /* Brain-police user path input */ - if (strstr ((char *) filename, "..") || index ((char *) filename, '/')) + if (strstr ((char *) filename, "..") || strchr ((char *) filename, '/')) { vec_free (filename); return 0; diff --git a/src/vlib/main.c b/src/vlib/main.c index 04b58762646..8f87df997e5 100644 --- a/src/vlib/main.c +++ b/src/vlib/main.c @@ -655,7 +655,7 @@ elog_save_buffer (vlib_main_t * vm, } /* It's fairly hard to get "../oopsie" through unformat; just in case */ - if (strstr (file, "..") || index (file, '/')) + if (strstr (file, "..") || strchr (file, '/')) { vlib_cli_output (vm, "illegal characters in filename '%s'", file); return 0; diff --git a/src/vlib/unix/cli.c b/src/vlib/unix/cli.c index 90cf61d811d..051c5730aed 100644 --- a/src/vlib/unix/cli.c +++ b/src/vlib/unix/cli.c @@ -3329,6 +3329,12 @@ VLIB_CLI_COMMAND (unix_cli_q_command, static) = { .function = unix_cli_quit, }; +VLIB_CLI_COMMAND (unix_cli_exit_command, static) = { + .path = "exit", + .short_help = "Exit CLI", + .function = unix_cli_quit, +}; + /** CLI command to execute a VPP command script. */ static clib_error_t * unix_cli_exec (vlib_main_t * vm, diff --git a/src/vnet/CMakeLists.txt b/src/vnet/CMakeLists.txt index 01958225343..ca35d0dba4e 100644 --- a/src/vnet/CMakeLists.txt +++ b/src/vnet/CMakeLists.txt @@ -1053,10 +1053,13 @@ list(APPEND VNET_API_FILES session/session.api) list(APPEND VNET_SOURCES tls/tls.c + tls/tls_record.c ) list(APPEND VNET_HEADERS tls/tls.h + tls/tls_inlines.h + tls/tls_record.h tls/tls_test.h ) diff --git a/src/vnet/dev/port.c b/src/vnet/dev/port.c index 5b4b8cdc7b8..df7805c1ff2 100644 --- a/src/vnet/dev/port.c +++ b/src/vnet/dev/port.c @@ -305,7 +305,8 @@ vnet_dev_port_cfg_change_req_validate (vlib_main_t *vm, vnet_dev_port_t *port, switch (req->type) { case VNET_DEV_PORT_CFG_MAX_RX_FRAME_SIZE: - if (req->max_rx_frame_size > port->attr.max_supported_rx_frame_size) + if ((req->max_rx_frame_size > port->attr.max_supported_rx_frame_size) || + (req->max_rx_frame_size < ETHERNET_MIN_PACKET_BYTES)) return VNET_DEV_ERR_INVALID_VALUE; if (req->max_rx_frame_size == port->max_rx_frame_size) return VNET_DEV_ERR_NO_CHANGE; diff --git a/src/vnet/error.c b/src/vnet/error.c index 473d11135f1..7ae32962132 100644 --- a/src/vnet/error.c +++ b/src/vnet/error.c @@ -37,6 +37,10 @@ u8 * format_vnet_api_errno (u8 *s, va_list *args) { vnet_api_error_t api_error = va_arg (*args, vnet_api_error_t); + + if (0 == api_error) + return format (s, "Success"); + #ifdef _ #undef _ #endif diff --git a/src/vnet/fib/fib_entry.c b/src/vnet/fib/fib_entry.c index b78346ce45a..adf880b8bbb 100644 --- a/src/vnet/fib/fib_entry.c +++ b/src/vnet/fib/fib_entry.c @@ -1828,10 +1828,18 @@ fib_entry_pool_size (void) return (pool_elts(fib_entry_pool)); } -#if CLIB_DEBUG > 0 void fib_table_assert_empty (const fib_table_t *fib_table) { + if (0 == fib_table->ft_total_route_counts) + return; + + vlib_log_err (fib_entry_logger, + "BUG: %U table %d (index %d) is not empty", + format_fib_protocol, fib_table->ft_proto, + fib_table->ft_table_id, fib_table->ft_index); + +#if CLIB_DEBUG > 0 fib_node_index_t *fei, *feis = NULL; fib_entry_t *fib_entry; @@ -1848,8 +1856,8 @@ fib_table_assert_empty (const fib_table_t *fib_table) } ASSERT(0); -} #endif +} static clib_error_t * show_fib_entry_command (vlib_main_t * vm, diff --git a/src/vnet/fib/fib_entry_src.c b/src/vnet/fib/fib_entry_src.c index 8ddb967a328..d9cf82343c5 100644 --- a/src/vnet/fib/fib_entry_src.c +++ b/src/vnet/fib/fib_entry_src.c @@ -875,8 +875,12 @@ fib_entry_src_covered_inherit_add_i (fib_entry_t *fib_entry, * The covered's source data has been inherited, presumably * from this cover, i.e. this is a modify. */ - esrc = fib_entry_src_action_update_from_cover(fib_entry, cover_src); - fib_entry_source_change(fib_entry, esrc->fes_src, esrc->fes_src); + fib_source_t best_source; + + best_source = fib_entry_get_best_source( + fib_entry_get_index(fib_entry)); + fib_entry_src_action_update_from_cover(fib_entry, cover_src); + fib_entry_source_change(fib_entry, best_source, cover_src->fes_src); } else { diff --git a/src/vnet/fib/fib_table.h b/src/vnet/fib/fib_table.h index 0eaaa67eea2..d78c9e619b8 100644 --- a/src/vnet/fib/fib_table.h +++ b/src/vnet/fib/fib_table.h @@ -980,9 +980,7 @@ extern u8 *format_fib_table_memory(u8 *s, va_list *args); /** * Debug function */ -#if CLIB_DEBUG > 0 extern void fib_table_assert_empty(const fib_table_t *fib_table); -#endif #endif diff --git a/src/vnet/fib/ip4_fib.c b/src/vnet/fib/ip4_fib.c index 0eff8d0d485..23f70a770bf 100644 --- a/src/vnet/fib/ip4_fib.c +++ b/src/vnet/fib/ip4_fib.c @@ -201,10 +201,7 @@ ip4_fib_table_destroy (u32 fib_index) /* * validate no more routes. */ -#if CLIB_DEBUG > 0 - if (0 != fib_table->ft_total_route_counts) - fib_table_assert_empty(fib_table); -#endif + fib_table_assert_empty(fib_table); vec_foreach(n_locks, fib_table->ft_src_route_counts) { diff --git a/src/vnet/fib/ip6_fib.c b/src/vnet/fib/ip6_fib.c index d37b77e08a4..f844cfaa420 100644 --- a/src/vnet/fib/ip6_fib.c +++ b/src/vnet/fib/ip6_fib.c @@ -20,14 +20,20 @@ #include <vppinfra/bihash_24_8.h> #include <vppinfra/bihash_template.c> -ip6_fib_table_instance_t ip6_fib_table[IP6_FIB_NUM_TABLES]; +ip6_fib_fwding_table_instance_t ip6_fib_fwding_table; /* ip6 lookup table config parameters */ u32 ip6_fib_table_nbuckets; uword ip6_fib_table_size; +typedef struct ip6_fib_hash_key_t_ +{ + ip6_address_t addr; + u8 len; +} ip6_fib_hash_key_t; + static void -vnet_ip6_fib_init (u32 fib_index) +ip6_fib_hash_load_specials (u32 fib_index) { fib_prefix_t pfx = { .fp_proto = FIB_PROTOCOL_IP6, @@ -77,7 +83,7 @@ create_fib_with_table_id (u32 table_id, ASSERT((fib_table - ip6_main.fibs) == (v6_fib - ip6_main.v6_fibs)); - + fib_table->ft_proto = FIB_PROTOCOL_IP6; fib_table->ft_index = v6_fib->index = @@ -92,9 +98,15 @@ create_fib_with_table_id (u32 table_id, fib_table->ft_flags = flags; fib_table->ft_desc = desc; - vnet_ip6_fib_init(fib_table->ft_index); fib_table_lock(fib_table->ft_index, FIB_PROTOCOL_IP6, src); + v6_fib->fib_entry_by_dst_address = hash_create_mem(2, sizeof(ip6_fib_hash_key_t), sizeof(fib_node_index_t)); + + /* + * add the special entries into the new FIB + */ + ip6_fib_hash_load_specials (fib_table->ft_index); + return (fib_table->ft_index); } @@ -160,10 +172,7 @@ ip6_fib_table_destroy (u32 fib_index) /* * validate no more routes. */ -#if CLIB_DEBUG > 0 - if (0 != fib_table->ft_total_route_counts) - fib_table_assert_empty(fib_table); -#endif + fib_table_assert_empty(fib_table); vec_foreach_index(source, fib_table->ft_src_route_counts) { @@ -176,54 +185,40 @@ ip6_fib_table_destroy (u32 fib_index) } vec_free (fib_table->ft_locks); vec_free(fib_table->ft_src_route_counts); + hash_free(pool_elt_at_index(ip6_main.v6_fibs, fib_index)->fib_entry_by_dst_address); pool_put_index(ip6_main.v6_fibs, fib_table->ft_index); pool_put(ip6_main.fibs, fib_table); } +static void +ip6_fib_table_mk_key (ip6_fib_hash_key_t *key, const ip6_address_t *addr, u8 len) +{ + const ip6_address_t *mask = &ip6_main.fib_masks[len]; + key->addr.as_u64[0] = addr->as_u64[0] & mask->as_u64[0]; + key->addr.as_u64[1] = addr->as_u64[1] & mask->as_u64[1]; + key->len = len; +} + fib_node_index_t ip6_fib_table_lookup (u32 fib_index, const ip6_address_t *addr, u32 len) { - ip6_fib_table_instance_t *table; - clib_bihash_kv_24_8_t kv, value; - int i, n_p, rv; - u64 fib; - - table = &ip6_fib_table[IP6_FIB_TABLE_NON_FWDING]; - n_p = vec_len (table->prefix_lengths_in_search_order); - - kv.key[0] = addr->as_u64[0]; - kv.key[1] = addr->as_u64[1]; - fib = ((u64)((fib_index))<<32); + uword *hash = pool_elt_at_index(ip6_main.v6_fibs, fib_index)->fib_entry_by_dst_address; + ip6_fib_hash_key_t key; + i32 mask_len; + uword *result; - /* - * start search from a mask length same length or shorter. - * we don't want matches longer than the mask passed - */ - i = 0; - while (i < n_p && table->prefix_lengths_in_search_order[i] > len) + for (mask_len = len; mask_len >= 0; mask_len--) { - i++; + ip6_fib_table_mk_key (&key, addr, mask_len); + result = hash_get_mem(hash, &key); + if (result) { + return result[0]; + } } - for (; i < n_p; i++) - { - int dst_address_length = table->prefix_lengths_in_search_order[i]; - ip6_address_t * mask = &ip6_main.fib_masks[dst_address_length]; - - ASSERT(dst_address_length >= 0 && dst_address_length <= 128); - //As lengths are decreasing, masks are increasingly specific. - kv.key[0] &= mask->as_u64[0]; - kv.key[1] &= mask->as_u64[1]; - kv.key[2] = fib | dst_address_length; - - rv = clib_bihash_search_inline_2_24_8(&table->ip6_hash, &kv, &value); - if (rv == 0) - return value.value; - } - - return (FIB_NODE_INDEX_INVALID); + return FIB_NODE_INDEX_INVALID; } fib_node_index_t @@ -231,53 +226,11 @@ ip6_fib_table_lookup_exact_match (u32 fib_index, const ip6_address_t *addr, u32 len) { - ip6_fib_table_instance_t *table; - clib_bihash_kv_24_8_t kv, value; - ip6_address_t *mask; - u64 fib; - int rv; - - table = &ip6_fib_table[IP6_FIB_TABLE_NON_FWDING]; - mask = &ip6_main.fib_masks[len]; - fib = ((u64)((fib_index))<<32); - - kv.key[0] = addr->as_u64[0] & mask->as_u64[0]; - kv.key[1] = addr->as_u64[1] & mask->as_u64[1]; - kv.key[2] = fib | len; - - rv = clib_bihash_search_inline_2_24_8(&table->ip6_hash, &kv, &value); - if (rv == 0) - return value.value; - - return (FIB_NODE_INDEX_INVALID); -} - -static void -compute_prefix_lengths_in_search_order (ip6_fib_table_instance_t *table) -{ - u8 *old, *prefix_lengths_in_search_order = NULL; - int i; - - /* - * build the list in a scratch space then cutover so the workers - * can continue uninterrupted. - */ - old = table->prefix_lengths_in_search_order; - - /* Note: bitmap reversed so this is in fact a longest prefix match */ - clib_bitmap_foreach (i, table->non_empty_dst_address_length_bitmap) - { - int dst_address_length = 128 - i; - vec_add1(prefix_lengths_in_search_order, dst_address_length); - } - - table->prefix_lengths_in_search_order = prefix_lengths_in_search_order; - - /* - * let the workers go once round the track before we free the old set - */ - vlib_worker_wait_one_loop(); - vec_free(old); + uword *hash = pool_elt_at_index(ip6_main.v6_fibs, fib_index)->fib_entry_by_dst_address; + ip6_fib_hash_key_t key; + ip6_fib_table_mk_key (&key, addr, len); + uword *result = hash_get(hash, &key); + return result ? result[0] : FIB_NODE_INDEX_INVALID; } void @@ -285,30 +238,10 @@ ip6_fib_table_entry_remove (u32 fib_index, const ip6_address_t *addr, u32 len) { - ip6_fib_table_instance_t *table; - clib_bihash_kv_24_8_t kv; - ip6_address_t *mask; - u64 fib; - - table = &ip6_fib_table[IP6_FIB_TABLE_NON_FWDING]; - mask = &ip6_main.fib_masks[len]; - fib = ((u64)((fib_index))<<32); - - kv.key[0] = addr->as_u64[0] & mask->as_u64[0]; - kv.key[1] = addr->as_u64[1] & mask->as_u64[1]; - kv.key[2] = fib | len; - - clib_bihash_add_del_24_8(&table->ip6_hash, &kv, 0); - - /* refcount accounting */ - ASSERT (table->dst_address_length_refcounts[len] > 0); - if (--table->dst_address_length_refcounts[len] == 0) - { - table->non_empty_dst_address_length_bitmap = - clib_bitmap_set (table->non_empty_dst_address_length_bitmap, - 128 - len, 0); - compute_prefix_lengths_in_search_order (table); - } + uword **hash = &pool_elt_at_index(ip6_main.v6_fibs, fib_index)->fib_entry_by_dst_address; + ip6_fib_hash_key_t key; + ip6_fib_table_mk_key (&key, addr, len); + hash_unset_mem_free(hash, &key); } void @@ -317,29 +250,11 @@ ip6_fib_table_entry_insert (u32 fib_index, u32 len, fib_node_index_t fib_entry_index) { - ip6_fib_table_instance_t *table; - clib_bihash_kv_24_8_t kv; - ip6_address_t *mask; - u64 fib; - - table = &ip6_fib_table[IP6_FIB_TABLE_NON_FWDING]; - mask = &ip6_main.fib_masks[len]; - fib = ((u64)((fib_index))<<32); - - kv.key[0] = addr->as_u64[0] & mask->as_u64[0]; - kv.key[1] = addr->as_u64[1] & mask->as_u64[1]; - kv.key[2] = fib | len; - kv.value = fib_entry_index; - - clib_bihash_add_del_24_8(&table->ip6_hash, &kv, 1); - - if (0 == table->dst_address_length_refcounts[len]++) - { - table->non_empty_dst_address_length_bitmap = - clib_bitmap_set (table->non_empty_dst_address_length_bitmap, - 128 - len, 1); - compute_prefix_lengths_in_search_order (table); - } + uword **hash = &pool_elt_at_index(ip6_main.v6_fibs, fib_index)->fib_entry_by_dst_address; + ip6_fib_hash_key_t key; + ip6_fib_table_mk_key (&key, addr, len); + ASSERT (0 == hash_get(*hash, &key) && "entry already exists"); + hash_set_mem_alloc(hash, &key, fib_entry_index); } u32 ip6_fib_table_fwding_lookup_with_if_index (ip6_main_t * im, @@ -364,18 +279,46 @@ ip6_fib_table_get_index_for_sw_if_index (u32 sw_if_index) return (ip6_main.fib_index_by_sw_if_index[sw_if_index]); } +static void +compute_prefix_lengths_in_search_order (ip6_fib_fwding_table_instance_t *table) +{ + u8 *old, *prefix_lengths_in_search_order = NULL; + int i; + + /* + * build the list in a scratch space then cutover so the workers + * can continue uninterrupted. + */ + old = table->prefix_lengths_in_search_order; + + /* Note: bitmap reversed so this is in fact a longest prefix match */ + clib_bitmap_foreach (i, table->non_empty_dst_address_length_bitmap) + { + int dst_address_length = 128 - i; + vec_add1(prefix_lengths_in_search_order, dst_address_length); + } + + table->prefix_lengths_in_search_order = prefix_lengths_in_search_order; + + /* + * let the workers go once round the track before we free the old set + */ + vlib_worker_wait_one_loop(); + vec_free(old); +} + void ip6_fib_table_fwding_dpo_update (u32 fib_index, const ip6_address_t *addr, u32 len, const dpo_id_t *dpo) { - ip6_fib_table_instance_t *table; + ip6_fib_fwding_table_instance_t *table; clib_bihash_kv_24_8_t kv; ip6_address_t *mask; u64 fib; - table = &ip6_fib_table[IP6_FIB_TABLE_FWDING]; + table = &ip6_fib_fwding_table; mask = &ip6_main.fib_masks[len]; fib = ((u64)((fib_index))<<32); @@ -401,12 +344,12 @@ ip6_fib_table_fwding_dpo_remove (u32 fib_index, u32 len, const dpo_id_t *dpo) { - ip6_fib_table_instance_t *table; + ip6_fib_fwding_table_instance_t *table; clib_bihash_kv_24_8_t kv; ip6_address_t *mask; u64 fib; - table = &ip6_fib_table[IP6_FIB_TABLE_FWDING]; + table = &ip6_fib_fwding_table; mask = &ip6_main.fib_masks[len]; fib = ((u64)((fib_index))<<32); @@ -428,101 +371,18 @@ ip6_fib_table_fwding_dpo_remove (u32 fib_index, } } -/** - * @brief Context when walking the IPv6 table. Since all VRFs are in the - * same hash table, we need to filter only those we need as we walk - */ -typedef struct ip6_fib_walk_ctx_t_ -{ - u32 i6w_fib_index; - fib_table_walk_fn_t i6w_fn; - void *i6w_ctx; - fib_prefix_t i6w_root; - fib_prefix_t *i6w_sub_trees; -} ip6_fib_walk_ctx_t; - -static int -ip6_fib_walk_cb (clib_bihash_kv_24_8_t * kvp, - void *arg) -{ - ip6_fib_walk_ctx_t *ctx = arg; - ip6_address_t key; - - if ((kvp->key[2] >> 32) == ctx->i6w_fib_index) - { - key.as_u64[0] = kvp->key[0]; - key.as_u64[1] = kvp->key[1]; - - if (ip6_destination_matches_route(&ip6_main, - &key, - &ctx->i6w_root.fp_addr.ip6, - ctx->i6w_root.fp_len)) - { - const fib_prefix_t *sub_tree; - int skip = 0; - - /* - * exclude sub-trees the walk does not want to explore - */ - vec_foreach(sub_tree, ctx->i6w_sub_trees) - { - if (ip6_destination_matches_route(&ip6_main, - &key, - &sub_tree->fp_addr.ip6, - sub_tree->fp_len)) - { - skip = 1; - break; - } - } - - if (!skip) - { - switch (ctx->i6w_fn(kvp->value, ctx->i6w_ctx)) - { - case FIB_TABLE_WALK_CONTINUE: - break; - case FIB_TABLE_WALK_SUB_TREE_STOP: { - fib_prefix_t pfx = { - .fp_proto = FIB_PROTOCOL_IP6, - .fp_len = kvp->key[2] & 0xffffffff, - .fp_addr.ip6 = key, - }; - vec_add1(ctx->i6w_sub_trees, pfx); - break; - } - case FIB_TABLE_WALK_STOP: - goto done; - } - } - } - } -done: - - return (1); -} - void ip6_fib_table_walk (u32 fib_index, fib_table_walk_fn_t fn, void *arg) { - ip6_fib_walk_ctx_t ctx = { - .i6w_fib_index = fib_index, - .i6w_fn = fn, - .i6w_ctx = arg, - .i6w_root = { - .fp_proto = FIB_PROTOCOL_IP6, - }, - .i6w_sub_trees = NULL, + const fib_prefix_t root = { + .fp_proto = FIB_PROTOCOL_IP6, + // address and length default to all 0 }; - - clib_bihash_foreach_key_value_pair_24_8( - &ip6_fib_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash, - ip6_fib_walk_cb, - &ctx); - - vec_free(ctx.i6w_sub_trees); + /* A full tree walk is the dengenerate case of a sub-tree from + * the very root */ + return (ip6_fib_table_sub_tree_walk(fib_index, &root, fn, arg)); } void @@ -531,17 +391,43 @@ ip6_fib_table_sub_tree_walk (u32 fib_index, fib_table_walk_fn_t fn, void *arg) { - ip6_fib_walk_ctx_t ctx = { - .i6w_fib_index = fib_index, - .i6w_fn = fn, - .i6w_ctx = arg, - .i6w_root = *root, - }; + uword *hash = pool_elt_at_index(ip6_main.v6_fibs, fib_index)->fib_entry_by_dst_address; + const ip6_fib_hash_key_t *key, *sub_tree; + ip6_fib_hash_key_t *sub_trees = 0; + u32 fei; - clib_bihash_foreach_key_value_pair_24_8( - &ip6_fib_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash, - ip6_fib_walk_cb, - &ctx); + /* + * There is no efficient way to walk this hash table. + * so we walk over all entries and check it is covered by the root. + */ + hash_foreach_mem(key, fei, hash, ({ + /* check if the prefix is covered by the root */ + if (!ip6_destination_matches_route(&ip6_main, &key->addr, &root->fp_addr.ip6, root->fp_len)) + continue; /* not covered by root, ignore */ + + /* exclude sub-trees the walk does not want to explore */ + vec_foreach (sub_tree, sub_trees) + { + if (ip6_destination_matches_route(&ip6_main, &key->addr, &sub_tree->addr, sub_tree->len)) + goto ignore_sub_tree; + } + + switch (fn(fei, arg)) + { + case FIB_TABLE_WALK_STOP: + goto done; + case FIB_TABLE_WALK_CONTINUE: + break; + case FIB_TABLE_WALK_SUB_TREE_STOP: + vec_add1(sub_trees, *key); + break; + } + +ignore_sub_tree:; + })); + +done: + vec_free(sub_trees); } typedef struct ip6_fib_show_ctx_t_ { @@ -602,8 +488,7 @@ format_ip6_fib_table_memory (u8 * s, va_list * args) { uword bytes_inuse; - bytes_inuse = (alloc_arena_next(&(ip6_fib_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash)) + - alloc_arena_next(&(ip6_fib_table[IP6_FIB_TABLE_FWDING].ip6_hash))); + bytes_inuse = alloc_arena_next(&ip6_fib_fwding_table.ip6_hash); s = format(s, "%=30s %=6d %=12ld\n", "IPv6 unicast", @@ -612,26 +497,60 @@ format_ip6_fib_table_memory (u8 * s, va_list * args) return (s); } -typedef struct { - u32 fib_index; - u64 count_by_prefix_length[129]; -} count_routes_in_fib_at_prefix_length_arg_t; - -static int -count_routes_in_fib_at_prefix_length (clib_bihash_kv_24_8_t * kvp, - void *arg) +void +ip6_fib_table_show (vlib_main_t *vm, fib_table_t *fib_table, int summary) { - count_routes_in_fib_at_prefix_length_arg_t * ap = arg; - int mask_width; + ip6_main_t * im6 = &ip6_main; + ip6_fib_t *fib = pool_elt_at_index(im6->v6_fibs, fib_table->ft_index); + fib_source_t source; + u8 *s = NULL; + + s = format(s, "%U, fib_index:%d, flow hash:[%U] epoch:%d flags:%U locks:[", + format_fib_table_name, fib->index, + FIB_PROTOCOL_IP6, + fib->index, + format_ip_flow_hash_config, + fib_table->ft_flow_hash_config, + fib_table->ft_epoch, + format_fib_table_flags, fib_table->ft_flags); + + vec_foreach_index(source, fib_table->ft_locks) + { + if (0 != fib_table->ft_locks[source]) + { + s = format(s, "%U:%d, ", + format_fib_source, source, + fib_table->ft_locks[source]); + } + } + s = format (s, "]"); + vlib_cli_output (vm, "%v", s); + vec_free(s); - if ((kvp->key[2]>>32) != ap->fib_index) - return (BIHASH_WALK_CONTINUE); + /* Show summary? */ + if (summary) + { + u32 count_by_prefix_length[129]; + const ip6_fib_hash_key_t *key; + u32 fei; + int len; - mask_width = kvp->key[2] & 0xFF; + vlib_cli_output (vm, "%=20s%=16s", "Prefix length", "Count"); - ap->count_by_prefix_length[mask_width]++; + clib_memset (count_by_prefix_length, 0, sizeof(count_by_prefix_length)); - return (BIHASH_WALK_CONTINUE); + hash_foreach_mem(key, fei, fib->fib_entry_by_dst_address, ({ + ASSERT(key->len <= 128); + count_by_prefix_length[key->len]++; + })); + + for (len = 128; len >= 0; len--) + { + if (count_by_prefix_length[len]) + vlib_cli_output (vm, "%=20d%=16lld", + len, count_by_prefix_length[len]); + } + } } static clib_error_t * @@ -639,7 +558,6 @@ ip6_show_fib (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { - count_routes_in_fib_at_prefix_length_arg_t _ca, *ca = &_ca; ip6_main_t * im6 = &ip6_main; fib_table_t *fib_table; ip6_fib_t * fib; @@ -686,22 +604,15 @@ ip6_show_fib (vlib_main_t * vm, if (hash) { - vlib_cli_output (vm, "IPv6 Non-Forwarding Hash Table:\n%U\n", - BV (format_bihash), - &ip6_fib_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash, - detail); vlib_cli_output (vm, "IPv6 Forwarding Hash Table:\n%U\n", BV (format_bihash), - &ip6_fib_table[IP6_FIB_TABLE_FWDING].ip6_hash, + &ip6_fib_fwding_table.ip6_hash, detail); return (NULL); } pool_foreach (fib_table, im6->fibs) { - fib_source_t source; - u8 *s = NULL; - fib = pool_elt_at_index(im6->v6_fibs, fib_table->ft_index); if (table_id >= 0 && table_id != (int)fib->table_id) continue; @@ -710,50 +621,9 @@ ip6_show_fib (vlib_main_t * vm, if (fib_table->ft_flags & FIB_TABLE_FLAG_IP6_LL) continue; - s = format(s, "%U, fib_index:%d, flow hash:[%U] epoch:%d flags:%U locks:[", - format_fib_table_name, fib->index, - FIB_PROTOCOL_IP6, - fib->index, - format_ip_flow_hash_config, - fib_table->ft_flow_hash_config, - fib_table->ft_epoch, - format_fib_table_flags, fib_table->ft_flags); - - vec_foreach_index(source, fib_table->ft_locks) - { - if (0 != fib_table->ft_locks[source]) - { - s = format(s, "%U:%d, ", - format_fib_source, source, - fib_table->ft_locks[source]); - } - } - s = format (s, "]"); - vlib_cli_output (vm, "%v", s); - vec_free(s); - - /* Show summary? */ - if (! verbose) - { - clib_bihash_24_8_t * h = &ip6_fib_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash; - int len; - - vlib_cli_output (vm, "%=20s%=16s", "Prefix length", "Count"); - - clib_memset (ca, 0, sizeof(*ca)); - ca->fib_index = fib->index; - - clib_bihash_foreach_key_value_pair_24_8 - (h, count_routes_in_fib_at_prefix_length, ca); - - for (len = 128; len >= 0; len--) - { - if (ca->count_by_prefix_length[len]) - vlib_cli_output (vm, "%=20d%=16lld", - len, ca->count_by_prefix_length[len]); - } - continue; - } + ip6_fib_table_show(vm, fib_table, !verbose); + if (!verbose) + continue; if (!matching) { @@ -909,12 +779,9 @@ ip6_fib_init (vlib_main_t * vm) if (ip6_fib_table_size == 0) ip6_fib_table_size = IP6_FIB_DEFAULT_HASH_MEMORY_SIZE; - clib_bihash_init_24_8 (&(ip6_fib_table[IP6_FIB_TABLE_FWDING].ip6_hash), + clib_bihash_init_24_8 (&(ip6_fib_fwding_table.ip6_hash), "ip6 FIB fwding table", ip6_fib_table_nbuckets, ip6_fib_table_size); - clib_bihash_init_24_8 (&ip6_fib_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash, - "ip6 FIB non-fwding table", - ip6_fib_table_nbuckets, ip6_fib_table_size); return (NULL); } diff --git a/src/vnet/fib/ip6_fib.h b/src/vnet/fib/ip6_fib.h index 706bebbce09..80d56b1a7ba 100644 --- a/src/vnet/fib/ip6_fib.h +++ b/src/vnet/fib/ip6_fib.h @@ -26,36 +26,15 @@ #include <vppinfra/bihash_template.h> /* - * Default size of the ip6 fib hash table + * Default size of the ip6 fib forwarding hash table */ #define IP6_FIB_DEFAULT_HASH_NUM_BUCKETS (64 * 1024) #define IP6_FIB_DEFAULT_HASH_MEMORY_SIZE (32<<20) /** - * Enumeration of the FIB table instance types + * A representation the forwarding IP6 table */ -typedef enum ip6_fib_table_instance_type_t_ -{ - /** - * This table stores the routes that are used to forward traffic. - * The key is the prefix, the result the adjacency to forward on. - */ - IP6_FIB_TABLE_FWDING, - /** - * The table that stores ALL routes learned by the DP. - * Some of these routes may not be ready to install in forwarding - * at a given time. - * The key in this table is the prefix, the result is the fib_entry_t - */ - IP6_FIB_TABLE_NON_FWDING, -} ip6_fib_table_instance_type_t; - -#define IP6_FIB_NUM_TABLES (IP6_FIB_TABLE_NON_FWDING+1) - -/** - * A representation of a single IP6 table - */ -typedef struct ip6_fib_table_instance_t_ +typedef struct ip6_fib_fwding_table_instance_t_ { /* The hash table */ clib_bihash_24_8_t ip6_hash; @@ -64,12 +43,12 @@ typedef struct ip6_fib_table_instance_t_ uword *non_empty_dst_address_length_bitmap; u8 *prefix_lengths_in_search_order; i32 dst_address_length_refcounts[129]; -} ip6_fib_table_instance_t; +} ip6_fib_fwding_table_instance_t; /** * The two FIB tables; fwding and non-fwding */ -extern ip6_fib_table_instance_t ip6_fib_table[IP6_FIB_NUM_TABLES]; +extern ip6_fib_fwding_table_instance_t ip6_fib_fwding_table; extern fib_node_index_t ip6_fib_table_lookup(u32 fib_index, const ip6_address_t *addr, @@ -115,13 +94,13 @@ always_inline u32 ip6_fib_table_fwding_lookup (u32 fib_index, const ip6_address_t * dst) { - ip6_fib_table_instance_t *table; + ip6_fib_fwding_table_instance_t *table; clib_bihash_kv_24_8_t kv, value; int i, len; int rv; u64 fib; - table = &ip6_fib_table[IP6_FIB_TABLE_FWDING]; + table = &ip6_fib_fwding_table; len = vec_len (table->prefix_lengths_in_search_order); kv.key[0] = dst->as_u64[0]; @@ -230,6 +209,7 @@ u32 ip6_fib_index_from_table_id (u32 table_id) } extern u32 ip6_fib_table_get_index_for_sw_if_index(u32 sw_if_index); +extern void ip6_fib_table_show (vlib_main_t *vm, fib_table_t *fib_table, int summary); #endif diff --git a/src/vnet/interface_api.c b/src/vnet/interface_api.c index c727e519138..69bf4b72ba4 100644 --- a/src/vnet/interface_api.c +++ b/src/vnet/interface_api.c @@ -579,7 +579,7 @@ ip_table_bind (fib_protocol_t fproto, u32 sw_if_index, u32 table_id) fib_index = fib_table_find (fproto, table_id); mfib_index = mfib_table_find (fproto, table_id); - if (~0 == fib_index || ~0 == mfib_index) + if (~0 == fib_index) { return (VNET_API_ERROR_NO_SUCH_FIB); } @@ -601,7 +601,8 @@ ip_table_bind (fib_protocol_t fproto, u32 sw_if_index, u32 table_id) /* clang-format on */ fib_table_bind (fproto, sw_if_index, fib_index); - mfib_table_bind (fproto, sw_if_index, mfib_index); + if (mfib_index != ~0) + mfib_table_bind (fproto, sw_if_index, mfib_index); return (0); } diff --git a/src/vnet/ip/ip.api b/src/vnet/ip/ip.api index 967f56cf917..fc7d7582dec 100644 --- a/src/vnet/ip/ip.api +++ b/src/vnet/ip/ip.api @@ -57,6 +57,23 @@ autoreply define ip_table_add_del vl_api_ip_table_t table; }; +/** \brief Add / del table request - version 2 + A table can be added multiple times, but need be deleted only once. + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param table - the FIB table to add or del + @param create_mfib - whether to create mfib or not + @param is_add - add or del +*/ +autoreply define ip_table_add_del_v2 +{ + u32 client_index; + u32 context; + vl_api_ip_table_t table; + bool create_mfib [default=true]; + bool is_add [default=true]; +}; + /** \brief Allocate an unused table A table can be added multiple times. If a large number of tables are in use (millions), this API might diff --git a/src/vnet/ip/ip.h b/src/vnet/ip/ip.h index 9ebefa0cf5d..084243dccfa 100644 --- a/src/vnet/ip/ip.h +++ b/src/vnet/ip/ip.h @@ -262,7 +262,7 @@ extern vlib_node_registration_t ip4_inacl_node; extern vlib_node_registration_t ip6_inacl_node; void ip_table_create (fib_protocol_t fproto, u32 table_id, u8 is_api, - const u8 * name); + u8 create_mfib, const u8 *name); void ip_table_delete (fib_protocol_t fproto, u32 table_id, u8 is_api); diff --git a/src/vnet/ip/ip6.h b/src/vnet/ip/ip6.h index 56eec523d5b..f8462a5cbff 100644 --- a/src/vnet/ip/ip6.h +++ b/src/vnet/ip/ip6.h @@ -68,6 +68,11 @@ typedef struct /* Index into FIB vector. */ u32 index; + + /** + * The hash table DB + */ + uword *fib_entry_by_dst_address; } ip6_fib_t; typedef struct ip6_mfib_t diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c index 22201123680..31adc90ecab 100644 --- a/src/vnet/ip/ip6_forward.c +++ b/src/vnet/ip/ip6_forward.c @@ -51,6 +51,7 @@ #include <vnet/dpo/receive_dpo.h> #include <vnet/dpo/classify_dpo.h> #include <vnet/classify/vnet_classify.h> +#include <vnet/adj/adj_dp.h> #include <vnet/pg/pg.h> #ifndef CLIB_MARCH_VARIANT @@ -1897,18 +1898,6 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, vnet_buffer (p0)->ip.save_rewrite_length = rw_len0; vnet_buffer (p1)->ip.save_rewrite_length = rw_len1; - if (do_counters) - { - vlib_increment_combined_counter - (&adjacency_counters, - thread_index, adj_index0, 1, - vlib_buffer_length_in_chain (vm, p0) + rw_len0); - vlib_increment_combined_counter - (&adjacency_counters, - thread_index, adj_index1, 1, - vlib_buffer_length_in_chain (vm, p1) + rw_len1); - } - /* Check MTU of outgoing interface. */ u16 ip0_len = clib_net_to_host_u16 (ip0->payload_length) + @@ -1933,16 +1922,15 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, * wants to see the IP header */ if (PREDICT_TRUE (error0 == IP6_ERROR_NONE)) { - p0->current_data -= rw_len0; - p0->current_length += rw_len0; + vlib_buffer_advance (p0, -(word) rw_len0); tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index; vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0; next0 = adj0[0].rewrite_header.next_index; if (PREDICT_FALSE (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES)) - vnet_feature_arc_start_w_cfg_index - (lm->output_feature_arc_index, tx_sw_if_index0, &next0, p0, - adj0->ia_cfg_index); + vnet_feature_arc_start_w_cfg_index ( + lm->output_feature_arc_index, tx_sw_if_index0, &next0, p0, + adj0->ia_cfg_index); } else { @@ -1950,18 +1938,16 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, } if (PREDICT_TRUE (error1 == IP6_ERROR_NONE)) { - p1->current_data -= rw_len1; - p1->current_length += rw_len1; - + vlib_buffer_advance (p1, -(word) rw_len1); tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index; vnet_buffer (p1)->sw_if_index[VLIB_TX] = tx_sw_if_index1; next1 = adj1[0].rewrite_header.next_index; if (PREDICT_FALSE (adj1[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES)) - vnet_feature_arc_start_w_cfg_index - (lm->output_feature_arc_index, tx_sw_if_index1, &next1, p1, - adj1->ia_cfg_index); + vnet_feature_arc_start_w_cfg_index ( + lm->output_feature_arc_index, tx_sw_if_index1, &next1, p1, + adj1->ia_cfg_index); } else { @@ -1969,40 +1955,46 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, } if (is_midchain) - { - /* Guess we are only writing on ipv6 header. */ - vnet_rewrite_two_headers (adj0[0], adj1[0], - ip0, ip1, sizeof (ip6_header_t)); - } + /* Guess we are only writing on ipv6 header. */ + vnet_rewrite_two_headers (adj0[0], adj1[0], ip0, ip1, + sizeof (ip6_header_t)); else /* Guess we are only writing on simple Ethernet header. */ vnet_rewrite_two_headers (adj0[0], adj1[0], ip0, ip1, sizeof (ethernet_header_t)); + if (do_counters) + { + if (error0 == IP6_ERROR_NONE) + vlib_increment_combined_counter ( + &adjacency_counters, thread_index, adj_index0, 1, + vlib_buffer_length_in_chain (vm, p0) + rw_len0); + if (error1 == IP6_ERROR_NONE) + vlib_increment_combined_counter ( + &adjacency_counters, thread_index, adj_index1, 1, + vlib_buffer_length_in_chain (vm, p1) + rw_len1); + } + if (is_midchain) { - if (adj0->sub_type.midchain.fixup_func) - adj0->sub_type.midchain.fixup_func - (vm, adj0, p0, adj0->sub_type.midchain.fixup_data); - if (adj1->sub_type.midchain.fixup_func) - adj1->sub_type.midchain.fixup_func - (vm, adj1, p1, adj1->sub_type.midchain.fixup_data); + if (error0 == IP6_ERROR_NONE) + adj_midchain_fixup (vm, adj0, p0, VNET_LINK_IP6); + if (error1 == IP6_ERROR_NONE) + adj_midchain_fixup (vm, adj1, p1, VNET_LINK_IP6); } if (is_mcast) { /* * copy bytes from the IP address into the MAC rewrite */ - vnet_ip_mcast_fixup_header (IP6_MCAST_ADDR_MASK, - adj0-> - rewrite_header.dst_mcast_offset, - &ip0->dst_address.as_u32[3], - (u8 *) ip0); - vnet_ip_mcast_fixup_header (IP6_MCAST_ADDR_MASK, - adj1-> - rewrite_header.dst_mcast_offset, - &ip1->dst_address.as_u32[3], - (u8 *) ip1); + if (error0 == IP6_ERROR_NONE) + vnet_ip_mcast_fixup_header ( + IP6_MCAST_ADDR_MASK, adj0->rewrite_header.dst_mcast_offset, + &ip0->dst_address.as_u32[3], (u8 *) ip0); + if (error1 == IP6_ERROR_NONE) + vnet_ip_mcast_fixup_header ( + IP6_MCAST_ADDR_MASK, adj1->rewrite_header.dst_mcast_offset, + &ip1->dst_address.as_u32[3], (u8 *) ip1); } vlib_validate_buffer_enqueue_x2 (vm, node, next_index, @@ -2061,28 +2053,10 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, } } - if (is_midchain) - { - /* Guess we are only writing on ip6 header. */ - vnet_rewrite_one_header (adj0[0], ip0, sizeof (ip6_header_t)); - } - else - /* Guess we are only writing on simple Ethernet header. */ - vnet_rewrite_one_header (adj0[0], ip0, - sizeof (ethernet_header_t)); - /* Update packet buffer attributes/set output interface. */ rw_len0 = adj0[0].rewrite_header.data_bytes; vnet_buffer (p0)->ip.save_rewrite_length = rw_len0; - if (do_counters) - { - vlib_increment_combined_counter - (&adjacency_counters, - thread_index, adj_index0, 1, - vlib_buffer_length_in_chain (vm, p0) + rw_len0); - } - /* Check MTU of outgoing interface. */ u16 ip0_len = clib_net_to_host_u16 (ip0->payload_length) + @@ -2098,9 +2072,7 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, * wants to see the IP header */ if (PREDICT_TRUE (error0 == IP6_ERROR_NONE)) { - p0->current_data -= rw_len0; - p0->current_length += rw_len0; - + vlib_buffer_advance (p0, -(word) rw_len0); tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index; vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0; @@ -2108,30 +2080,37 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, if (PREDICT_FALSE (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES)) - vnet_feature_arc_start_w_cfg_index - (lm->output_feature_arc_index, tx_sw_if_index0, &next0, p0, - adj0->ia_cfg_index); + vnet_feature_arc_start_w_cfg_index ( + lm->output_feature_arc_index, tx_sw_if_index0, &next0, p0, + adj0->ia_cfg_index); + + if (is_midchain) + /* Guess we are only writing on ip6 header. */ + vnet_rewrite_one_header (adj0[0], ip0, sizeof (ip6_header_t)); + else + /* Guess we are only writing on simple Ethernet header. */ + vnet_rewrite_one_header (adj0[0], ip0, + sizeof (ethernet_header_t)); + + if (do_counters) + { + vlib_increment_combined_counter ( + &adjacency_counters, thread_index, adj_index0, 1, + vlib_buffer_length_in_chain (vm, p0) + rw_len0); + } + + if (is_midchain && adj0->sub_type.midchain.fixup_func) + adj_midchain_fixup (vm, adj0, p0, VNET_LINK_IP6); + if (is_mcast) + vnet_ip_mcast_fixup_header ( + IP6_MCAST_ADDR_MASK, adj0->rewrite_header.dst_mcast_offset, + &ip0->dst_address.as_u32[3], (u8 *) ip0); } else { p0->error = error_node->errors[error0]; } - if (is_midchain) - { - if (adj0->sub_type.midchain.fixup_func) - adj0->sub_type.midchain.fixup_func - (vm, adj0, p0, adj0->sub_type.midchain.fixup_data); - } - if (is_mcast) - { - vnet_ip_mcast_fixup_header (IP6_MCAST_ADDR_MASK, - adj0-> - rewrite_header.dst_mcast_offset, - &ip0->dst_address.as_u32[3], - (u8 *) ip0); - } - from += 1; n_left_from -= 1; to_next += 1; diff --git a/src/vnet/ip/ip6_input.h b/src/vnet/ip/ip6_input.h index 49e37ec1808..809083137e3 100644 --- a/src/vnet/ip/ip6_input.h +++ b/src/vnet/ip/ip6_input.h @@ -53,11 +53,9 @@ typedef enum } ip6_input_next_t; always_inline void -ip6_input_check_x2 (vlib_main_t * vm, - vlib_node_runtime_t * error_node, - vlib_buffer_t * p0, vlib_buffer_t * p1, - ip6_header_t * ip0, ip6_header_t * ip1, - u32 * next0, u32 * next1) +ip6_input_check_x2 (vlib_main_t *vm, vlib_node_runtime_t *error_node, + vlib_buffer_t *p0, vlib_buffer_t *p1, ip6_header_t *ip0, + ip6_header_t *ip1, u32 *next0, u32 *next1) { u8 error0, error1; @@ -65,13 +63,15 @@ ip6_input_check_x2 (vlib_main_t * vm, /* Version != 6? Drop it. */ error0 = - (clib_net_to_host_u32 - (ip0->ip_version_traffic_class_and_flow_label) >> 28) != - 6 ? IP6_ERROR_VERSION : error0; + (clib_net_to_host_u32 (ip0->ip_version_traffic_class_and_flow_label) >> + 28) != 6 ? + IP6_ERROR_VERSION : + error0; error1 = - (clib_net_to_host_u32 - (ip1->ip_version_traffic_class_and_flow_label) >> 28) != - 6 ? IP6_ERROR_VERSION : error1; + (clib_net_to_host_u32 (ip1->ip_version_traffic_class_and_flow_label) >> + 28) != 6 ? + IP6_ERROR_VERSION : + error1; /* hop limit < 1? Drop it. for link-local broadcast packets, * like dhcpv6 packets from client has hop-limit 1, which should not @@ -81,18 +81,18 @@ ip6_input_check_x2 (vlib_main_t * vm, error1 = ip1->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error1; /* L2 length must be at least minimal IP header. */ - error0 = - p0->current_length < sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0; - error1 = - p1->current_length < sizeof (ip1[0]) ? IP6_ERROR_TOO_SHORT : error1; + error0 = p0->current_length < sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0; + error1 = p1->current_length < sizeof (ip1[0]) ? IP6_ERROR_TOO_SHORT : error1; if (PREDICT_FALSE (error0 != IP6_ERROR_NONE)) { + p0->error = error_node->errors[error0]; + if (error0 == IP6_ERROR_TIME_EXPIRED) { - icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded, - ICMP6_time_exceeded_ttl_exceeded_in_transit, - 0); + icmp6_error_set_vnet_buffer ( + p0, ICMP6_time_exceeded, + ICMP6_time_exceeded_ttl_exceeded_in_transit, 0); *next0 = IP6_INPUT_NEXT_ICMP_ERROR; } else @@ -102,11 +102,13 @@ ip6_input_check_x2 (vlib_main_t * vm, } if (PREDICT_FALSE (error1 != IP6_ERROR_NONE)) { + p1->error = error_node->errors[error0]; + if (error1 == IP6_ERROR_TIME_EXPIRED) { - icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded, - ICMP6_time_exceeded_ttl_exceeded_in_transit, - 0); + icmp6_error_set_vnet_buffer ( + p1, ICMP6_time_exceeded, + ICMP6_time_exceeded_ttl_exceeded_in_transit, 0); *next1 = IP6_INPUT_NEXT_ICMP_ERROR; } else @@ -117,9 +119,8 @@ ip6_input_check_x2 (vlib_main_t * vm, } always_inline void -ip6_input_check_x1 (vlib_main_t * vm, - vlib_node_runtime_t * error_node, - vlib_buffer_t * p0, ip6_header_t * ip0, u32 * next0) +ip6_input_check_x1 (vlib_main_t *vm, vlib_node_runtime_t *error_node, + vlib_buffer_t *p0, ip6_header_t *ip0, u32 *next0) { u8 error0; @@ -127,9 +128,10 @@ ip6_input_check_x1 (vlib_main_t * vm, /* Version != 6? Drop it. */ error0 = - (clib_net_to_host_u32 - (ip0->ip_version_traffic_class_and_flow_label) >> 28) != - 6 ? IP6_ERROR_VERSION : error0; + (clib_net_to_host_u32 (ip0->ip_version_traffic_class_and_flow_label) >> + 28) != 6 ? + IP6_ERROR_VERSION : + error0; /* hop limit < 1? Drop it. for link-local broadcast packets, * like dhcpv6 packets from client has hop-limit 1, which should not @@ -138,16 +140,16 @@ ip6_input_check_x1 (vlib_main_t * vm, error0 = ip0->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error0; /* L2 length must be at least minimal IP header. */ - error0 = - p0->current_length < sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0; + error0 = p0->current_length < sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0; if (PREDICT_FALSE (error0 != IP6_ERROR_NONE)) { + p0->error = error_node->errors[error0]; if (error0 == IP6_ERROR_TIME_EXPIRED) { - icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded, - ICMP6_time_exceeded_ttl_exceeded_in_transit, - 0); + icmp6_error_set_vnet_buffer ( + p0, ICMP6_time_exceeded, + ICMP6_time_exceeded_ttl_exceeded_in_transit, 0); *next0 = IP6_INPUT_NEXT_ICMP_ERROR; } else diff --git a/src/vnet/ip/ip6_ll_table.c b/src/vnet/ip/ip6_ll_table.c index f9172f6c50c..2234ea9df37 100644 --- a/src/vnet/ip/ip6_ll_table.c +++ b/src/vnet/ip/ip6_ll_table.c @@ -144,17 +144,20 @@ ip6_ll_table_entry_delete (const ip6_ll_prefix_t * ilp) fib_node_index_t ip6_ll_entry_index; u32 fib_index; + fib_index = ip6_ll_fib_get (ilp->ilp_sw_if_index); + if (~0 == fib_index) + return; + ip6_ll_entry_index = ip6_ll_table_lookup_exact_match (ilp); + if (FIB_NODE_INDEX_INVALID == ip6_ll_entry_index) + return; - if (FIB_NODE_INDEX_INVALID != ip6_ll_entry_index) - fib_table_entry_delete_index (ip6_ll_entry_index, FIB_SOURCE_IP6_ND); + fib_table_entry_delete_index (ip6_ll_entry_index, FIB_SOURCE_IP6_ND); /* * if there are no ND sourced prefixes left, then we can clean up this FIB */ - fib_index = ip6_ll_fib_get (ilp->ilp_sw_if_index); - if (~0 != fib_index && - 0 == fib_table_get_num_entries (fib_index, FIB_PROTOCOL_IP6, + if (0 == fib_table_get_num_entries (fib_index, FIB_PROTOCOL_IP6, FIB_SOURCE_IP6_ND)) { fib_table_unlock (fib_index, FIB_PROTOCOL_IP6, FIB_SOURCE_IP6_ND); @@ -208,33 +211,10 @@ ip6_ll_table_show_all (vlib_main_t * vm, u32 fib_index) vec_free (ctx.entries); } -typedef struct -{ - u32 fib_index; - u64 count_by_prefix_length[129]; -} count_routes_in_fib_at_prefix_length_arg_t; - -static int -count_routes_in_fib_at_prefix_length (clib_bihash_kv_24_8_t * kvp, void *arg) -{ - count_routes_in_fib_at_prefix_length_arg_t *ap = arg; - int mask_width; - - if ((kvp->key[2] >> 32) != ap->fib_index) - return (BIHASH_WALK_CONTINUE); - - mask_width = kvp->key[2] & 0xFF; - - ap->count_by_prefix_length[mask_width]++; - - return (BIHASH_WALK_CONTINUE); -} - static clib_error_t * ip6_ll_show_fib (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { - count_routes_in_fib_at_prefix_length_arg_t _ca, *ca = &_ca; fib_table_t *fib_table; int verbose, matching; ip6_address_t matching_address; @@ -272,9 +252,6 @@ ip6_ll_show_fib (vlib_main_t * vm, vec_foreach_index (sw_if_index, ip6_ll_table.ilt_fibs) { - fib_source_t source; - u8 *s = NULL; - fib_index = ip6_ll_table.ilt_fibs[sw_if_index]; if (~0 == fib_index) continue; @@ -284,44 +261,9 @@ ip6_ll_show_fib (vlib_main_t * vm, if (!(fib_table->ft_flags & FIB_TABLE_FLAG_IP6_LL)) continue; - s = format (s, "%U, fib_index:%d, locks:[", - format_fib_table_name, fib_index, - FIB_PROTOCOL_IP6, fib_index); - vec_foreach_index (source, fib_table->ft_locks) - { - if (0 != fib_table->ft_locks[source]) - { - s = format (s, "%U:%d, ", - format_fib_source, source, fib_table->ft_locks[source]); - } - } - s = format (s, "]"); - vlib_cli_output (vm, "%v", s); - vec_free (s); - - /* Show summary? */ + ip6_fib_table_show (vm, fib_table, !verbose); if (!verbose) - { - clib_bihash_24_8_t *h = - &ip6_fib_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash; - int len; - - vlib_cli_output (vm, "%=20s%=16s", "Prefix length", "Count"); - - clib_memset (ca, 0, sizeof (*ca)); - ca->fib_index = fib_index; - - clib_bihash_foreach_key_value_pair_24_8 - (h, count_routes_in_fib_at_prefix_length, ca); - - for (len = 128; len >= 0; len--) - { - if (ca->count_by_prefix_length[len]) - vlib_cli_output (vm, "%=20d%=16lld", - len, ca->count_by_prefix_length[len]); - } - continue; - } + continue; if (!matching) { diff --git a/src/vnet/ip/ip_api.c b/src/vnet/ip/ip_api.c index 6dd95140f4b..5ced88fec2e 100644 --- a/src/vnet/ip/ip_api.c +++ b/src/vnet/ip/ip_api.c @@ -636,7 +636,8 @@ vl_api_ip_table_add_del_t_handler (vl_api_ip_table_add_del_t * mp) if (mp->is_add) { - ip_table_create (fproto, table_id, 1, mp->table.name); + ip_table_create (fproto, table_id, 1 /* is_api */, 1 /* create_mfib */, + mp->table.name); } else { @@ -647,6 +648,28 @@ vl_api_ip_table_add_del_t_handler (vl_api_ip_table_add_del_t * mp) } void +vl_api_ip_table_add_del_v2_t_handler (vl_api_ip_table_add_del_v2_t *mp) +{ + vl_api_ip_table_add_del_v2_reply_t *rmp; + fib_protocol_t fproto = + (mp->table.is_ip6 ? FIB_PROTOCOL_IP6 : FIB_PROTOCOL_IP4); + u32 table_id = ntohl (mp->table.table_id); + int rv = 0; + + if (mp->is_add) + { + ip_table_create (fproto, table_id, 1 /* is_api */, mp->create_mfib, + mp->table.name); + } + else + { + ip_table_delete (fproto, table_id, 1); + } + + REPLY_MACRO (VL_API_IP_TABLE_ADD_DEL_V2_REPLY); +} + +void vl_api_ip_table_allocate_t_handler (vl_api_ip_table_allocate_t *mp) { vl_api_ip_table_allocate_reply_t *rmp; @@ -661,7 +684,8 @@ vl_api_ip_table_allocate_t_handler (vl_api_ip_table_allocate_t *mp) if (~0 == table_id) rv = VNET_API_ERROR_EAGAIN; else - ip_table_create (fproto, table_id, 1, mp->table.name); + ip_table_create (fproto, table_id, 1 /* is_api */, 1 /* create_mfib */, + mp->table.name); REPLY_MACRO2 (VL_API_IP_TABLE_ALLOCATE_REPLY, { clib_memcpy_fast (&rmp->table, &mp->table, sizeof (mp->table)); @@ -915,8 +939,8 @@ vl_api_ip_route_lookup_v2_t_handler (vl_api_ip_route_lookup_v2_t *mp) } void -ip_table_create (fib_protocol_t fproto, - u32 table_id, u8 is_api, const u8 * name) +ip_table_create (fib_protocol_t fproto, u32 table_id, u8 is_api, + u8 create_mfib, const u8 *name) { u32 fib_index, mfib_index; vnet_main_t *vnm = vnet_get_main (); @@ -936,16 +960,23 @@ ip_table_create (fib_protocol_t fproto, * their own unicast tables. */ fib_index = fib_table_find (fproto, table_id); - mfib_index = mfib_table_find (fproto, table_id); - /* * Always try to re-lock in case the fib was deleted by an API call * but was not yet freed because some other locks were held */ fib_table_find_or_create_and_lock_w_name ( fproto, table_id, (is_api ? FIB_SOURCE_API : FIB_SOURCE_CLI), name); - mfib_table_find_or_create_and_lock_w_name ( - fproto, table_id, (is_api ? MFIB_SOURCE_API : MFIB_SOURCE_CLI), name); + + if (create_mfib) + { + /* same for mfib, if needs be */ + mfib_index = mfib_table_find (fproto, table_id); + mfib_table_find_or_create_and_lock_w_name ( + fproto, table_id, (is_api ? MFIB_SOURCE_API : MFIB_SOURCE_CLI), + name); + } + else + mfib_index = 0; if ((~0 == fib_index) || (~0 == mfib_index)) call_elf_section_ip_table_callbacks (vnm, table_id, 1 /* is_add */ , @@ -1655,9 +1686,10 @@ vl_api_ip_table_replace_begin_t_handler (vl_api_ip_table_replace_begin_t * mp) rv = VNET_API_ERROR_NO_SUCH_FIB; else { + u32 mfib_index = mfib_table_find (fproto, ntohl (mp->table.table_id)); fib_table_mark (fib_index, fproto, FIB_SOURCE_API); - mfib_table_mark (mfib_table_find (fproto, ntohl (mp->table.table_id)), - fproto, MFIB_SOURCE_API); + if (mfib_index != INDEX_INVALID) + mfib_table_mark (mfib_index, fproto, MFIB_SOURCE_API); } REPLY_MACRO (VL_API_IP_TABLE_REPLACE_BEGIN_REPLY); } @@ -1677,10 +1709,10 @@ vl_api_ip_table_replace_end_t_handler (vl_api_ip_table_replace_end_t * mp) rv = VNET_API_ERROR_NO_SUCH_FIB; else { + u32 mfib_index = mfib_table_find (fproto, ntohl (mp->table.table_id)); fib_table_sweep (fib_index, fproto, FIB_SOURCE_API); - mfib_table_sweep (mfib_table_find - (fproto, ntohl (mp->table.table_id)), fproto, - MFIB_SOURCE_API); + if (mfib_index != INDEX_INVALID) + mfib_table_sweep (mfib_index, fproto, MFIB_SOURCE_API); } REPLY_MACRO (VL_API_IP_TABLE_REPLACE_END_REPLY); } @@ -1703,6 +1735,7 @@ vl_api_ip_table_flush_t_handler (vl_api_ip_table_flush_t * mp) vnet_main_t *vnm = vnet_get_main (); vnet_interface_main_t *im = &vnm->interface_main; vnet_sw_interface_t *si; + u32 mfib_index; /* Shut down interfaces in this FIB / clean out intfc routes */ pool_foreach (si, im->sw_interfaces) @@ -1717,8 +1750,10 @@ vl_api_ip_table_flush_t_handler (vl_api_ip_table_flush_t * mp) } fib_table_flush (fib_index, fproto, FIB_SOURCE_API); - mfib_table_flush (mfib_table_find (fproto, ntohl (mp->table.table_id)), - fproto, MFIB_SOURCE_API); + + mfib_index = mfib_table_find (fproto, ntohl (mp->table.table_id)); + if (mfib_index != INDEX_INVALID) + mfib_table_flush (mfib_index, fproto, MFIB_SOURCE_API); } REPLY_MACRO (VL_API_IP_TABLE_FLUSH_REPLY); diff --git a/src/vnet/ip/ip_sas.c b/src/vnet/ip/ip_sas.c index 0fc261724f1..01f6c90baf8 100644 --- a/src/vnet/ip/ip_sas.c +++ b/src/vnet/ip/ip_sas.c @@ -54,6 +54,8 @@ ip6_sas_commonlen (const ip6_address_t *a1, const ip6_address_t *a2) static int ip4_sas_commonlen (const ip4_address_t *a1, const ip4_address_t *a2) { + if (!a1 || !a2) + return 0; u64 a = clib_net_to_host_u32 (a1->as_u32) ^ clib_net_to_host_u32 (a2->as_u32); if (a == 0) diff --git a/src/vnet/ip/ip_test.c b/src/vnet/ip/ip_test.c index 727afba67f4..0d1c71063ae 100644 --- a/src/vnet/ip/ip_test.c +++ b/src/vnet/ip/ip_test.c @@ -464,6 +464,60 @@ api_ip_table_add_del (vat_main_t *vam) } static int +api_ip_table_add_del_v2 (vat_main_t *vam) +{ + unformat_input_t *i = vam->input; + vl_api_ip_table_add_del_v2_t *mp; + u8 create_mfib = 1; + u32 table_id = ~0; + u8 is_ipv6 = 0; + u8 is_add = 1; + int ret = 0; + + /* Parse args required to build the message */ + while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) + { + if (unformat (i, "ipv6")) + is_ipv6 = 1; + else if (unformat (i, "del")) + is_add = 0; + else if (unformat (i, "add")) + is_add = 1; + else if (unformat (i, "table %d", &table_id)) + ; + else if (unformat (i, "no-mfib")) + create_mfib = 0; + else + { + clib_warning ("parse error '%U'", format_unformat_error, i); + return -99; + } + } + + if (~0 == table_id) + { + errmsg ("missing table-ID"); + return -99; + } + + /* Construct the API message */ + M (IP_TABLE_ADD_DEL_V2, mp); + + mp->table.table_id = ntohl (table_id); + mp->table.is_ip6 = is_ipv6; + mp->is_add = is_add; + mp->create_mfib = create_mfib; + + /* send it... */ + S (mp); + + /* Wait for a reply... */ + W (ret); + + return ret; +} + +static int api_ip_table_replace_begin (vat_main_t *vam) { unformat_input_t *i = vam->input; diff --git a/src/vnet/ip/lookup.c b/src/vnet/ip/lookup.c index c0fa430e0aa..b978bd79742 100644 --- a/src/vnet/ip/lookup.c +++ b/src/vnet/ip/lookup.c @@ -419,10 +419,12 @@ vnet_ip_table_cmd (vlib_main_t * vm, unformat_input_t _line_input, *line_input = &_line_input; clib_error_t *error = NULL; u32 table_id, is_add; + u8 create_mfib; u8 *name = NULL; is_add = 1; table_id = ~0; + create_mfib = 1; /* Get a line of input. */ if (!unformat_user (main_input, unformat_line_input, line_input)) @@ -438,6 +440,8 @@ vnet_ip_table_cmd (vlib_main_t * vm, is_add = 1; else if (unformat (line_input, "name %s", &name)) ; + else if (unformat (line_input, "no-mfib")) + create_mfib = 0; else { error = unformat_parse_error (line_input); @@ -459,7 +463,8 @@ vnet_ip_table_cmd (vlib_main_t * vm, table_id = ip_table_get_unused_id (fproto); vlib_cli_output (vm, "%u\n", table_id); } - ip_table_create (fproto, table_id, 0, name); + ip_table_create (fproto, table_id, 0 /* is_api */, create_mfib, + name); } else { diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h index 4f73f1eab0f..640d9288a42 100644 --- a/src/vnet/ipsec/ipsec_sa.h +++ b/src/vnet/ipsec/ipsec_sa.h @@ -486,7 +486,7 @@ ipsec_sa_anti_replay_and_sn_advance (const ipsec_sa_t *sa, u32 seq, return 0; } - if (PREDICT_TRUE (sa->seq >= window_size - 1)) + if (PREDICT_TRUE (window_size > 0 && sa->seq >= window_size - 1)) { /* * the last sequence number VPP received is more than one diff --git a/src/vnet/pg/output.c b/src/vnet/pg/output.c index 042591a7709..fa1a14cc4af 100644 --- a/src/vnet/pg/output.c +++ b/src/vnet/pg/output.c @@ -88,7 +88,13 @@ pg_output (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) pcap_add_buffer (&pif->pcap_main, vm, bi0, ETHERNET_MAX_PACKET_BYTES); } if (pif->pcap_file_name != 0) - pcap_write (&pif->pcap_main); + { + pcap_packet_type_t pm_pt = pif->pcap_main.packet_type; + pif->pcap_main.packet_type = + pg_intf_mode_to_pcap_packet_type (pif->mode); + pcap_write (&pif->pcap_main); + pif->pcap_main.packet_type = pm_pt; + } if ((pif->pcap_main.flags & PCAP_MAIN_INIT_DONE) && pif->pcap_main.n_packets_captured >= pif->pcap_main.n_packets_to_capture) diff --git a/src/vnet/pg/pg.h b/src/vnet/pg/pg.h index 6d5b25ba25a..bede747428c 100644 --- a/src/vnet/pg/pg.h +++ b/src/vnet/pg/pg.h @@ -306,6 +306,15 @@ typedef enum pg_interface_mode_t_ PG_MODE_IP6, } pg_interface_mode_t; +always_inline pcap_packet_type_t +pg_intf_mode_to_pcap_packet_type (pg_interface_mode_t mode) +{ + if ((mode == PG_MODE_IP4) || (mode == PG_MODE_IP6)) + return PCAP_PACKET_TYPE_ip; + else + return PCAP_PACKET_TYPE_ethernet; +} + typedef struct { /* TX lock */ diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c index c66548507e5..7c63ada2774 100644 --- a/src/vnet/session/application.c +++ b/src/vnet/session/application.c @@ -968,7 +968,7 @@ application_namespace_cleanup (app_namespace_t *app_ns) ns_index = app_namespace_index (app_ns); pool_foreach (app, app_main.app_pool) if (app->ns_index == ns_index) - vec_add1 (app_indices, app->ns_index); + vec_add1 (app_indices, app->app_index); vec_foreach (app_index, app_indices) { diff --git a/src/vnet/session/application_local.c b/src/vnet/session/application_local.c index 064dd6fe77e..3ac2ba4cfbc 100644 --- a/src/vnet/session/application_local.c +++ b/src/vnet/session/application_local.c @@ -70,6 +70,7 @@ typedef struct ct_main_ u32 **fwrk_pending_connects; /**< First wrk pending half-opens */ u32 fwrk_thread; /**< First worker thread */ u8 fwrk_have_flush; /**< Flag for connect flush rpc */ + u8 is_init; } ct_main_t; static ct_main_t ct_main; @@ -1353,19 +1354,19 @@ ct_enable_disable (vlib_main_t * vm, u8 is_en) if (is_en == 0) return 0; + if (cm->is_init) + return 0; + cm->n_workers = vlib_num_workers (); cm->fwrk_thread = transport_cl_thread (); vec_validate (cm->wrk, vtm->n_vlib_mains); - vec_foreach (wrk, cm->wrk) - { - if (wrk->pending_connects_lock == 0) - clib_spinlock_init (&wrk->pending_connects_lock); - } - if (cm->ho_reuseable_lock == 0) - clib_spinlock_init (&cm->ho_reuseable_lock); - if (cm->app_segs_lock == 0) - clib_rwlock_init (&cm->app_segs_lock); vec_validate (cm->fwrk_pending_connects, cm->n_workers); + vec_foreach (wrk, cm->wrk) + clib_spinlock_init (&wrk->pending_connects_lock); + clib_spinlock_init (&cm->ho_reuseable_lock); + clib_rwlock_init (&cm->app_segs_lock); + cm->is_init = 1; + return 0; } diff --git a/src/vnet/session/application_namespace.c b/src/vnet/session/application_namespace.c index f547dcfc031..dbc6a6be80f 100644 --- a/src/vnet/session/application_namespace.c +++ b/src/vnet/session/application_namespace.c @@ -136,12 +136,10 @@ vnet_app_namespace_add_del (vnet_app_namespace_add_del_args_t *a) app_ns->ns_secret = a->secret; app_ns->sw_if_index = a->sw_if_index; - app_ns->ip4_fib_index = - fib_table_find (FIB_PROTOCOL_IP4, a->ip4_fib_id); - app_ns->ip6_fib_index = - fib_table_find (FIB_PROTOCOL_IP6, a->ip6_fib_id); - session_lookup_set_tables_appns (app_ns); + app_ns->ip4_fib_index = fib_table_find (FIB_PROTOCOL_IP4, a->ip4_fib_id); + app_ns->ip6_fib_index = fib_table_find (FIB_PROTOCOL_IP6, a->ip6_fib_id); + session_lookup_set_tables_appns (app_ns); } else { @@ -164,6 +162,9 @@ vnet_app_namespace_add_del (vnet_app_namespace_add_del_args_t *a) if (app_ns->sock_name) vec_free (app_ns->sock_name); + session_lookup_table_cleanup (FIB_PROTOCOL_IP4, app_ns->ip4_fib_index); + session_lookup_table_cleanup (FIB_PROTOCOL_IP6, app_ns->ip6_fib_index); + app_namespace_free (app_ns); } diff --git a/src/vnet/session/application_worker.c b/src/vnet/session/application_worker.c index befdb7c7002..43007ad76ed 100644 --- a/src/vnet/session/application_worker.c +++ b/src/vnet/session/application_worker.c @@ -836,9 +836,12 @@ app_worker_mq_wrk_is_congested (app_worker_t *app_wrk, u32 thread_index) void app_worker_set_mq_wrk_congested (app_worker_t *app_wrk, u32 thread_index) { - clib_atomic_fetch_add_relax (&app_wrk->mq_congested, 1); ASSERT (thread_index == vlib_get_thread_index ()); - app_wrk->wrk_mq_congested[thread_index] = 1; + if (!app_wrk->wrk_mq_congested[thread_index]) + { + clib_atomic_fetch_add_relax (&app_wrk->mq_congested, 1); + app_wrk->wrk_mq_congested[thread_index] = 1; + } } void diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c index 5897693c34e..c1becf2c5ea 100644 --- a/src/vnet/session/session.c +++ b/src/vnet/session/session.c @@ -104,6 +104,22 @@ session_program_tx_io_evt (session_handle_tu_t sh, session_evt_type_t evt_type) } int +session_program_rx_io_evt (session_handle_tu_t sh) +{ + if (sh.thread_index == vlib_get_thread_index ()) + { + session_t *s = session_get_from_handle (sh); + return session_enqueue_notify (s); + } + else + { + return session_send_evt_to_thread ((void *) &sh.session_index, 0, + (u32) sh.thread_index, + SESSION_IO_EVT_BUILTIN_RX); + } +} + +int session_send_ctrl_evt_to_thread (session_t * s, session_evt_type_t evt_type) { /* only events supported are disconnect, shutdown and reset */ @@ -2152,6 +2168,16 @@ session_node_enable_dma (u8 is_en, int n_vlibs) } } +static void +session_main_start_q_process (vlib_main_t *vm, vlib_node_state_t state) +{ + vlib_node_t *n; + + vlib_node_set_state (vm, session_queue_process_node.index, state); + n = vlib_get_node (vm, session_queue_process_node.index); + vlib_start_process (vm, n->runtime_index); +} + void session_node_enable_disable (u8 is_en) { @@ -2159,7 +2185,6 @@ session_node_enable_disable (u8 is_en) u8 state = is_en ? VLIB_NODE_STATE_POLLING : VLIB_NODE_STATE_DISABLED; session_main_t *sm = &session_main; vlib_main_t *vm; - vlib_node_t *n; int n_vlibs, i; n_vlibs = vlib_get_n_threads (); @@ -2173,10 +2198,7 @@ session_node_enable_disable (u8 is_en) if (is_en) { session_main_get_worker (0)->state = SESSION_WRK_INTERRUPT; - vlib_node_set_state (vm, session_queue_process_node.index, - state); - n = vlib_get_node (vm, session_queue_process_node.index); - vlib_start_process (vm, n->runtime_index); + session_main_start_q_process (vm, state); } else { diff --git a/src/vnet/session/session.h b/src/vnet/session/session.h index a5604bf8725..67a182573e4 100644 --- a/src/vnet/session/session.h +++ b/src/vnet/session/session.h @@ -461,6 +461,7 @@ int session_send_io_evt_to_thread_custom (void *data, u32 thread_index, session_evt_type_t evt_type); int session_program_tx_io_evt (session_handle_tu_t sh, session_evt_type_t evt_type); +int session_program_rx_io_evt (session_handle_tu_t sh); void session_send_rpc_evt_to_thread (u32 thread_index, void *fp, void *rpc_args); void session_send_rpc_evt_to_thread_force (u32 thread_index, void *fp, diff --git a/src/vnet/session/session_api.c b/src/vnet/session/session_api.c index 48eb932a2c9..8bb38398e3f 100644 --- a/src/vnet/session/session_api.c +++ b/src/vnet/session/session_api.c @@ -962,6 +962,12 @@ vl_api_session_rule_add_del_t_handler (vl_api_session_rule_add_del_t * mp) session_rule_table_add_del_args_t *table_args = &args.table_args; int rv = 0; + if (session_main_is_enabled () == 0) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto done; + } + clib_memset (&args, 0, sizeof (args)); ip_prefix_decode (&mp->lcl, &table_args->lcl); @@ -986,6 +992,7 @@ vl_api_session_rule_add_del_t_handler (vl_api_session_rule_add_del_t * mp) rv = VNET_API_ERROR_UNSPECIFIED; } vec_free (table_args->tag); +done: REPLY_MACRO (VL_API_SESSION_RULE_ADD_DEL_REPLY); } @@ -1012,6 +1019,8 @@ send_session_rule_details4 (mma_rule_16_t * rule, u8 is_local, ip_set (&rmt.fp_addr, &match->rmt_ip, 1); lcl.fp_len = ip4_mask_to_preflen (&mask->lcl_ip); rmt.fp_len = ip4_mask_to_preflen (&mask->rmt_ip); + lcl.fp_proto = FIB_PROTOCOL_IP4; + rmt.fp_proto = FIB_PROTOCOL_IP4; ip_prefix_encode (&lcl, &rmp->lcl); ip_prefix_encode (&rmt, &rmp->rmt); @@ -1054,6 +1063,8 @@ send_session_rule_details6 (mma_rule_40_t * rule, u8 is_local, ip_set (&rmt.fp_addr, &match->rmt_ip, 0); lcl.fp_len = ip6_mask_to_preflen (&mask->lcl_ip); rmt.fp_len = ip6_mask_to_preflen (&mask->rmt_ip); + lcl.fp_proto = FIB_PROTOCOL_IP6; + rmt.fp_proto = FIB_PROTOCOL_IP6; ip_prefix_encode (&lcl, &rmp->lcl); ip_prefix_encode (&rmt, &rmp->rmt); diff --git a/src/vnet/session/session_lookup.c b/src/vnet/session/session_lookup.c index ff20bc2d835..217fe9ad209 100644 --- a/src/vnet/session/session_lookup.c +++ b/src/vnet/session/session_lookup.c @@ -37,6 +37,8 @@ static session_lookup_main_t sl_main; */ static u32 *fib_index_to_table_index[2]; +static u32 *fib_index_to_lock_count[2]; + /* 16 octets */ typedef CLIB_PACKED (struct { union @@ -593,7 +595,7 @@ session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep) st = session_table_get (table_index); if (!st) - return SESSION_INVALID_INDEX; + return SESSION_INVALID_HANDLE; ASSERT (st->is_local); if (sep->is_ip4) @@ -1392,6 +1394,23 @@ vnet_session_rule_add_del (session_rule_add_del_args_t *args) return rv; } +static void +session_lookup_fib_table_lock (u32 fib_index, u32 protocol) +{ + fib_table_lock (fib_index, protocol, sl_main.fib_src); + vec_validate (fib_index_to_lock_count[protocol], fib_index); + fib_index_to_lock_count[protocol][fib_index]++; + ASSERT (fib_index_to_lock_count[protocol][fib_index] > 0); +} + +static void +session_lookup_fib_table_unlock (u32 fib_index, u32 protocol) +{ + fib_table_unlock (fib_index, protocol, sl_main.fib_src); + ASSERT (fib_index_to_lock_count[protocol][fib_index] > 0); + fib_index_to_lock_count[protocol][fib_index]--; +} + /** * Mark (global) tables as pertaining to app ns */ @@ -1407,7 +1426,10 @@ session_lookup_set_tables_appns (app_namespace_t * app_ns) fib_index = app_namespace_get_fib_index (app_ns, fp); st = session_table_get_or_alloc (fp, fib_index); if (st) - st->appns_index = app_namespace_index (app_ns); + { + st->appns_index = app_namespace_index (app_ns); + session_lookup_fib_table_lock (fib_index, fp); + } } } @@ -1665,9 +1687,9 @@ show_session_rules_command_fn (vlib_main_t * vm, unformat_input_t * input, else if (unformat (input, "appns %_%v%_", &ns_id)) ; else if (unformat (input, "scope global")) - scope = 1; + scope = SESSION_RULE_SCOPE_GLOBAL; else if (unformat (input, "scope local")) - scope = 2; + scope = SESSION_RULE_SCOPE_LOCAL; else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address, &lcl_ip.ip4, &lcl_plen, &lcl_port, unformat_ip4_address, &rmt_ip.ip4, &rmt_plen, @@ -1685,14 +1707,17 @@ show_session_rules_command_fn (vlib_main_t * vm, unformat_input_t * input, show_one = 1; } else - return clib_error_return (0, "unknown input `%U'", - format_unformat_error, input); + { + vec_free (ns_id); + return clib_error_return (0, "unknown input `%U'", + format_unformat_error, input); + } } if (transport_proto == ~0) { vlib_cli_output (vm, "transport proto must be set"); - return 0; + goto done; } if (ns_id) @@ -1701,7 +1726,7 @@ show_session_rules_command_fn (vlib_main_t * vm, unformat_input_t * input, if (!app_ns) { vlib_cli_output (vm, "appns %v doesn't exist", ns_id); - return 0; + goto done; } } else @@ -1709,7 +1734,7 @@ show_session_rules_command_fn (vlib_main_t * vm, unformat_input_t * input, app_ns = app_namespace_get_default (); } - if (scope == 1 || scope == 0) + if (scope == SESSION_RULE_SCOPE_GLOBAL || scope == 0) { fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6; fib_index = is_ip4 ? app_ns->ip4_fib_index : app_ns->ip6_fib_index; @@ -1725,15 +1750,42 @@ show_session_rules_command_fn (vlib_main_t * vm, unformat_input_t * input, srt = &st->session_rules[transport_proto]; session_rules_table_show_rule (vm, srt, &lcl_ip, lcl_port, &rmt_ip, rmt_port, is_ip4); - return 0; + goto done; } vlib_cli_output (vm, "%U rules table", format_transport_proto, transport_proto); - srt = &st->session_rules[transport_proto]; - session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4); - session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP6); + if (scope == SESSION_RULE_SCOPE_LOCAL) + { + if (st) + { + srt = &st->session_rules[transport_proto]; + session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4); + session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP6); + } + } + else + { + /* + * 2 separate session tables for global entries, 1 for ip4 and 1 for ip6 + */ + st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, + app_ns->ip4_fib_index); + if (st) + { + srt = &st->session_rules[transport_proto]; + session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4); + } + st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, + app_ns->ip6_fib_index); + if (st) + { + srt = &st->session_rules[transport_proto]; + session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP6); + } + } +done: vec_free (ns_id); return 0; } @@ -1832,6 +1884,14 @@ session_lookup_init (void) clib_spinlock_init (&slm->st_alloc_lock); + /* We are not contributing any route to the fib. But we allocate a fib source + * so that when we lock the fib table, we can view that we have a lock on the + * particular fib table in case we wonder why the fib table is not free after + * "ip table del" + */ + slm->fib_src = fib_source_allocate ( + "session lookup", FIB_SOURCE_PRIORITY_LOW, FIB_SOURCE_BH_SIMPLE); + /* * Allocate default table and map it to fib_index 0 */ @@ -1847,6 +1907,26 @@ session_lookup_init (void) session_table_init (st, FIB_PROTOCOL_IP6); } +void +session_lookup_table_cleanup (u32 fib_proto, u32 fib_index) +{ + session_table_t *st; + u32 table_index; + + session_lookup_fib_table_unlock (fib_index, fib_proto); + if (fib_index_to_lock_count[fib_proto][fib_index] == 0) + { + table_index = session_lookup_get_index_for_fib (fib_proto, fib_index); + st = session_table_get (table_index); + if (st) + { + session_table_free (st, fib_proto); + if (vec_len (fib_index_to_table_index[fib_proto]) > fib_index) + fib_index_to_table_index[fib_proto][fib_index] = ~0; + } + } +} + /* * fd.io coding-style-patch-verification: ON * diff --git a/src/vnet/session/session_lookup.h b/src/vnet/session/session_lookup.h index f9ffc15165a..95fcca6ff69 100644 --- a/src/vnet/session/session_lookup.h +++ b/src/vnet/session/session_lookup.h @@ -32,6 +32,7 @@ typedef enum session_lookup_result_ typedef struct session_lookup_main_ { clib_spinlock_t st_alloc_lock; + fib_source_t fib_src; } session_lookup_main_t; session_t *session_lookup_safe4 (u32 fib_index, ip4_address_t * lcl, diff --git a/src/vnet/session/session_node.c b/src/vnet/session/session_node.c index 0ec158fb429..a6804f7882e 100644 --- a/src/vnet/session/session_node.c +++ b/src/vnet/session/session_node.c @@ -2163,6 +2163,8 @@ session_queue_process (vlib_main_t * vm, vlib_node_runtime_t * rt, session_queue_run_on_main (vm); break; case SESSION_Q_PROCESS_STOP: + /* Free event_data, the node will be restarted if needed */ + vec_free (event_data); vlib_node_set_state (vm, session_queue_process_node.index, VLIB_NODE_STATE_DISABLED); timeout = 100000.0; diff --git a/src/vnet/session/session_rules_table.c b/src/vnet/session/session_rules_table.c index 70a702cf55c..d15df48d7b5 100644 --- a/src/vnet/session/session_rules_table.c +++ b/src/vnet/session/session_rules_table.c @@ -75,6 +75,7 @@ session_rules_table_del_tag (session_rules_table_t * srt, u8 * tag, u8 is_ip4) ASSERT (rt); hash_unset_mem (srt->rules_by_tag, tag); hash_unset (srt->tags_by_rules, rti_key); + vec_free (rt->tag); pool_put (srt->rule_tags, rt); } @@ -518,6 +519,9 @@ session_rules_table_free (session_rules_table_t *srt) { mma_rules_table_free_16 (&srt->session_rules_tables_16); mma_rules_table_free_40 (&srt->session_rules_tables_40); + + hash_free (srt->tags_by_rules); + hash_free (srt->rules_by_tag); } void diff --git a/src/vnet/session/session_table.h b/src/vnet/session/session_table.h index 636b8d77bee..bcbb6ec3037 100644 --- a/src/vnet/session/session_table.h +++ b/src/vnet/session/session_table.h @@ -78,6 +78,8 @@ session_table_t *_get_session_tables (); #define session_table_foreach(VAR, BODY) \ pool_foreach (VAR, _get_session_tables ()) BODY +void session_lookup_table_cleanup (u32 fib_proto, u32 fib_index); + #endif /* SRC_VNET_SESSION_SESSION_TABLE_H_ */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/vnet/tcp/tcp.c b/src/vnet/tcp/tcp.c index 28d7ed9fac1..1afc07918b7 100644 --- a/src/vnet/tcp/tcp.c +++ b/src/vnet/tcp/tcp.c @@ -879,6 +879,8 @@ format_tcp_listener_session (u8 * s, va_list * args) if (verbose) s = format (s, "%-" SESSION_CLI_STATE_LEN "U", format_tcp_state, tc->state); + if (verbose == 2) + s = format (s, "\n%U", format_tcp_listener_connection, tc); return s; } @@ -1512,6 +1514,10 @@ tcp_main_enable (vlib_main_t * vm) clib_error_t *error = 0; int thread; + /* Already initialized */ + if (tm->wrk_ctx) + return 0; + if ((error = vlib_call_init_function (vm, ip_main_init))) return error; if ((error = vlib_call_init_function (vm, ip4_lookup_init))) diff --git a/src/vnet/tcp/tcp.h b/src/vnet/tcp/tcp.h index 3d678006f70..8676db413a0 100644 --- a/src/vnet/tcp/tcp.h +++ b/src/vnet/tcp/tcp.h @@ -45,19 +45,21 @@ typedef struct _tcp_lookup_dispatch u8 next, error; } tcp_lookup_dispatch_t; -#define foreach_tcp_wrk_stat \ - _(timer_expirations, u64, "timer expirations") \ - _(rxt_segs, u64, "segments retransmitted") \ - _(tr_events, u32, "timer retransmit events") \ - _(to_closewait, u32, "timeout close-wait") \ - _(to_closewait2, u32, "timeout close-wait w/data") \ - _(to_finwait1, u32, "timeout fin-wait-1") \ - _(to_finwait2, u32, "timeout fin-wait-2") \ - _(to_lastack, u32, "timeout last-ack") \ - _(to_closing, u32, "timeout closing") \ - _(tr_abort, u32, "timer retransmit abort") \ - _(rst_unread, u32, "reset on close due to unread data") \ - _(no_buffer, u32, "out of buffers") \ +#define foreach_tcp_wrk_stat \ + _ (timer_expirations, u64, "timer expirations") \ + _ (rxt_segs, u64, "segments retransmitted") \ + _ (tr_events, u32, "timer retransmit events") \ + _ (to_establish, u32, "timeout establish") \ + _ (to_persist, u32, "timeout persist") \ + _ (to_closewait, u32, "timeout close-wait") \ + _ (to_closewait2, u32, "timeout close-wait w/data") \ + _ (to_finwait1, u32, "timeout fin-wait-1") \ + _ (to_finwait2, u32, "timeout fin-wait-2") \ + _ (to_lastack, u32, "timeout last-ack") \ + _ (to_closing, u32, "timeout closing") \ + _ (tr_abort, u32, "timer retransmit abort") \ + _ (rst_unread, u32, "reset on close due to unread data") \ + _ (no_buffer, u32, "out of buffers") typedef struct tcp_wrk_stats_ { @@ -357,6 +359,7 @@ format_function_t format_tcp_flags; format_function_t format_tcp_sacks; format_function_t format_tcp_rcv_sacks; format_function_t format_tcp_connection; +format_function_t format_tcp_listener_connection; format_function_t format_tcp_connection_id; #define tcp_validate_txf_size(_tc, _a) \ diff --git a/src/vnet/tcp/tcp_cli.c b/src/vnet/tcp/tcp_cli.c index e26488342d2..55bc5764df2 100644 --- a/src/vnet/tcp/tcp_cli.c +++ b/src/vnet/tcp/tcp_cli.c @@ -250,6 +250,21 @@ format_tcp_connection_id (u8 * s, va_list * args) } u8 * +format_tcp_listener_connection (u8 *s, va_list *args) +{ + tcp_connection_t *tc = va_arg (*args, tcp_connection_t *); + + s = format (s, " index: %u cfg_flags: %U cong_algo: %s snd_mss: %u\n", + tc->c_c_index, format_tcp_cfg_flags, tc, tc->cc_algo->name, + tc->snd_mss); + s = format (s, " next_node %u opaque 0x%x fib_index %u sw_if_index %d", + tc->next_node_index, tc->next_node_opaque, tc->c_fib_index, + tc->sw_if_index); + + return s; +} + +u8 * format_tcp_connection (u8 * s, va_list * args) { tcp_connection_t *tc = va_arg (*args, tcp_connection_t *); @@ -825,6 +840,74 @@ VLIB_CLI_COMMAND (show_tcp_punt_command, static) = .function = show_tcp_punt_fn, }; +static u8 * +format_tcp_cfg (u8 *s, va_list *args) +{ + tcp_configuration_t tm_cfg = va_arg (*args, tcp_configuration_t); + + s = format (s, "max rx fifo size: %U\n", format_memory_size, + tm_cfg.max_rx_fifo); + s = format (s, "min rx fifo size: %U\n", format_memory_size, + tm_cfg.min_rx_fifo); + s = format (s, "default mtu: %u\n", tm_cfg.default_mtu); + s = format (s, "initial cwnd multiplier: %u\n", + tm_cfg.initial_cwnd_multiplier); + s = format (s, "tx pacing: %s\n", + tm_cfg.enable_tx_pacing ? "enabled" : "disabled"); + s = format (s, "tso: %s\n", tm_cfg.allow_tso ? "allowed" : "disallowed"); + s = format (s, "checksum offload: %s\n", + tm_cfg.csum_offload ? "enabled" : "disabled"); + s = format (s, "congestion control algorithm: %s\n", + tcp_cc_algo_get (tm_cfg.cc_algo)->name); + s = format (s, "min rwnd update ack: %u\n", tm_cfg.rwnd_min_update_ack); + s = format (s, "max gso packet size: %U\n", format_memory_size, + tm_cfg.max_gso_size); + s = format (s, "close_wait time: %u sec\n", + (u32) (tm_cfg.closewait_time * TCP_TIMER_TICK)); + s = format (s, "time_wait time: %u sec\n", + (u32) (tm_cfg.timewait_time * TCP_TIMER_TICK)); + s = format (s, "fin_wait1 time: %u sec\n", + (u32) (tm_cfg.finwait1_time * TCP_TIMER_TICK)); + s = format (s, "fin_wait2 time: %u sec\n", + (u32) (tm_cfg.finwait2_time * TCP_TIMER_TICK)); + s = format (s, "last_ack time: %u sec\n", + (u32) (tm_cfg.lastack_time * TCP_TIMER_TICK)); + s = format (s, "fin_ack time: %u sec\n", + (u32) (tm_cfg.closing_time * TCP_TIMER_TICK)); + s = format (s, "syn_rcvd time: %u sec\n", + (u32) (tm_cfg.syn_rcvd_time * TCP_TICK)); + s = format (s, "tcp allocation error cleanup time: %0.2f sec\n", + (f32) (tm_cfg.alloc_err_timeout * TCP_TIMER_TICK)); + s = format (s, "connection cleanup time: %.2f sec\n", tm_cfg.cleanup_time); + s = format (s, "tcp preallocated connections: %u", + tm_cfg.preallocated_connections); + + return s; +} + +static clib_error_t * +show_tcp_cfg_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + tcp_main_t *tm = vnet_get_tcp_main (); + + if (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + return clib_error_return (0, "unknown input `%U'", format_unformat_error, + input); + vlib_cli_output (vm, "-----------"); + vlib_cli_output (vm, "tcp config"); + vlib_cli_output (vm, "-----------"); + vlib_cli_output (vm, "%U\n", format_tcp_cfg, tm->cfg); + + return 0; +} + +VLIB_CLI_COMMAND (show_tcp_cfg_command, static) = { + .path = "show tcp config", + .short_help = "show tcp config", + .function = show_tcp_cfg_fn, +}; + static clib_error_t * show_tcp_stats_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) diff --git a/src/vnet/tcp/tcp_output.c b/src/vnet/tcp/tcp_output.c index 373bb2a9e0f..dd1ec555902 100644 --- a/src/vnet/tcp/tcp_output.c +++ b/src/vnet/tcp/tcp_output.c @@ -1458,6 +1458,8 @@ tcp_timer_retransmit_syn_handler (tcp_connection_t * tc) TCP_EVT (TCP_EVT_CC_EVT, tc, 2); tc->rtt_ts = 0; + tcp_worker_stats_inc (wrk, to_establish, 1); + /* Active open establish timeout */ if (tc->rto >= TCP_ESTABLISH_TIME >> 1) { @@ -1507,6 +1509,8 @@ tcp_timer_persist_handler (tcp_connection_t * tc) int n_bytes = 0; u8 *data; + tcp_worker_stats_inc (wrk, to_persist, 1); + /* Problem already solved or worse */ if (tc->state == TCP_STATE_CLOSED || tc->snd_wnd > tc->snd_mss || (tc->flags & TCP_CONN_FINSNT)) diff --git a/src/vnet/tcp/tcp_timer.c b/src/vnet/tcp/tcp_timer.c index 8ae3f22eaa6..4d1c0624fee 100644 --- a/src/vnet/tcp/tcp_timer.c +++ b/src/vnet/tcp/tcp_timer.c @@ -20,8 +20,7 @@ void tcp_timer_initialize_wheel (tcp_timer_wheel_t * tw, void (*expired_timer_cb) (u32 *), f64 now) { - if (tw->timers) - return; + ASSERT (tw->timers == 0); tw_timer_wheel_init_tcp_twsl (tw, expired_timer_cb, TCP_TIMER_TICK, ~0); tw->last_run_time = now; } diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 5f00e6e302d..9ca3a91af29 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -16,13 +16,10 @@ #include <vnet/session/application_interface.h> #include <vppinfra/lock.h> #include <vnet/tls/tls.h> +#include <vnet/tls/tls_inlines.h> static tls_main_t tls_main; -static tls_engine_vft_t *tls_vfts; - -#define TLS_INVALID_HANDLE ~0 -#define TLS_IDX_MASK 0x00FFFFFF -#define TLS_ENGINE_TYPE_SHIFT 28 +tls_engine_vft_t *tls_vfts; void tls_disconnect (u32 ctx_handle, u32 thread_index); @@ -31,7 +28,7 @@ tls_disconnect_transport (tls_ctx_t * ctx) { vnet_disconnect_args_t a = { .handle = ctx->tls_session_handle, - .app_index = tls_main.app_index, + .app_index = ctx->ts_app_index, }; if (vnet_disconnect_session (&a)) @@ -50,6 +47,21 @@ tls_get_available_engine (void) return CRYPTO_ENGINE_NONE; } +static crypto_engine_type_t +tls_get_engine_type (crypto_engine_type_t requested, + crypto_engine_type_t preferred) +{ + if (requested != CRYPTO_ENGINE_NONE) + { + if (tls_vfts[requested].ctx_alloc) + return requested; + return CRYPTO_ENGINE_NONE; + } + if (!tls_vfts[preferred].ctx_alloc) + return tls_get_available_engine (); + return preferred; +} + int tls_add_vpp_q_rx_evt (session_t * s) { @@ -295,140 +307,6 @@ send_reply: ctx->parent_app_api_context); } -static inline void -tls_ctx_parse_handle (u32 ctx_handle, u32 * ctx_index, u32 * engine_type) -{ - *ctx_index = ctx_handle & TLS_IDX_MASK; - *engine_type = ctx_handle >> TLS_ENGINE_TYPE_SHIFT; -} - -static inline crypto_engine_type_t -tls_get_engine_type (crypto_engine_type_t requested, - crypto_engine_type_t preferred) -{ - if (requested != CRYPTO_ENGINE_NONE) - { - if (tls_vfts[requested].ctx_alloc) - return requested; - return CRYPTO_ENGINE_NONE; - } - if (!tls_vfts[preferred].ctx_alloc) - return tls_get_available_engine (); - return preferred; -} - -static inline u32 -tls_ctx_alloc (crypto_engine_type_t engine_type) -{ - u32 ctx_index; - ctx_index = tls_vfts[engine_type].ctx_alloc (); - return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); -} - -static inline u32 -tls_ctx_alloc_w_thread (crypto_engine_type_t engine_type, u32 thread_index) -{ - u32 ctx_index; - ctx_index = tls_vfts[engine_type].ctx_alloc_w_thread (thread_index); - return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); -} - -static inline u32 -tls_ctx_attach (crypto_engine_type_t engine_type, u32 thread_index, void *ctx) -{ - u32 ctx_index; - ctx_index = tls_vfts[engine_type].ctx_attach (thread_index, ctx); - return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); -} - -static inline void * -tls_ctx_detach (tls_ctx_t *ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_detach (ctx); -} - -static inline tls_ctx_t * -tls_ctx_get (u32 ctx_handle) -{ - u32 ctx_index, engine_type; - tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type); - return tls_vfts[engine_type].ctx_get (ctx_index); -} - -static inline tls_ctx_t * -tls_ctx_get_w_thread (u32 ctx_handle, u8 thread_index) -{ - u32 ctx_index, engine_type; - tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type); - return tls_vfts[engine_type].ctx_get_w_thread (ctx_index, thread_index); -} - -static inline int -tls_ctx_init_server (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_init_server (ctx); -} - -static inline int -tls_ctx_init_client (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_init_client (ctx); -} - -static inline int -tls_ctx_write (tls_ctx_t * ctx, session_t * app_session, - transport_send_params_t * sp) -{ - u32 n_wrote; - - sp->max_burst_size = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS; - n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, sp); - sp->bytes_dequeued = n_wrote; - return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0; -} - -static inline int -tls_ctx_read (tls_ctx_t * ctx, session_t * tls_session) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_read (ctx, tls_session); -} - -static inline int -tls_ctx_transport_close (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_transport_close (ctx); -} - -static inline int -tls_ctx_transport_reset (tls_ctx_t *ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_transport_reset (ctx); -} - -static inline int -tls_ctx_app_close (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_app_close (ctx); -} - -void -tls_ctx_free (tls_ctx_t * ctx) -{ - tls_vfts[ctx->tls_ctx_engine].ctx_free (ctx); -} - -u8 -tls_ctx_handshake_is_over (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx); -} - -int -tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id) -{ - return tls_vfts[tls_engine_id].ctx_reinit_cachain (); -} - void tls_notify_app_io_error (tls_ctx_t *ctx) { @@ -771,6 +649,7 @@ tls_connect (transport_endpoint_cfg_t * tep) ctx = tls_ctx_half_open_get (ctx_index); ctx->parent_app_wrk_index = sep->app_wrk_index; ctx->parent_app_api_context = sep->opaque; + ctx->ts_app_index = tm->app_index; ctx->tcp_is_ip4 = sep->is_ip4; ctx->tls_type = sep->transport_proto; ctx->ckpair_index = ccfg->ckpair_index; @@ -870,6 +749,7 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_cfg_t *tep) lctx = tls_listener_ctx_get (lctx_index); lctx->parent_app_wrk_index = sep->app_wrk_index; + lctx->ts_app_index = tm->app_index; lctx->tls_session_handle = tls_al_handle; lctx->app_session_handle = listen_session_get_handle (app_listener); lctx->tcp_is_ip4 = sep->is_ip4; diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h index 6bd1371b984..30bcce005fb 100644 --- a/src/vnet/tls/tls.h +++ b/src/vnet/tls/tls.h @@ -28,6 +28,10 @@ #define TLS_CHUNK_SIZE (1 << 14) #define TLS_CA_CERT_PATH "/etc/ssl/certs/ca-certificates.crt" +#define TLS_INVALID_HANDLE ~0 +#define TLS_IDX_MASK 0x00FFFFFF +#define TLS_ENGINE_TYPE_SHIFT 28 + #if TLS_DEBUG #define TLS_DBG(_lvl, _fmt, _args...) \ if (_lvl <= TLS_DEBUG) \ @@ -98,6 +102,7 @@ typedef struct tls_ctx_ #define parent_app_api_context c_tls_ctx_id.parent_app_api_ctx #define migration_ctx c_tls_ctx_id.migrate_ctx + u32 ts_app_index; tls_conn_flags_t flags; u8 *srv_hostname; u32 evt_index; @@ -148,6 +153,8 @@ typedef struct tls_engine_vft_ int (*ctx_reinit_cachain) (void); } tls_engine_vft_t; +extern tls_engine_vft_t *tls_vfts; + tls_main_t *vnet_tls_get_main (void); void tls_register_engine (const tls_engine_vft_t * vft, crypto_engine_type_t type); @@ -160,7 +167,6 @@ int tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err); void tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session); void tls_notify_app_io_error (tls_ctx_t *ctx); void tls_disconnect_transport (tls_ctx_t * ctx); -int tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id); void tls_add_postponed_ho_cleanups (u32 ho_index); void tls_flush_postponed_ho_cleanups (); diff --git a/src/vnet/tls/tls_inlines.h b/src/vnet/tls/tls_inlines.h new file mode 100644 index 00000000000..18002730a30 --- /dev/null +++ b/src/vnet/tls/tls_inlines.h @@ -0,0 +1,129 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#ifndef SRC_VNET_TLS_TLS_INLINES_H_ +#define SRC_VNET_TLS_TLS_INLINES_H_ + +#include <vnet/tls/tls.h> + +static inline void +tls_ctx_parse_handle (u32 ctx_handle, u32 *ctx_index, u32 *engine_type) +{ + *ctx_index = ctx_handle & TLS_IDX_MASK; + *engine_type = ctx_handle >> TLS_ENGINE_TYPE_SHIFT; +} + +static inline u32 +tls_ctx_alloc (crypto_engine_type_t engine_type) +{ + u32 ctx_index; + ctx_index = tls_vfts[engine_type].ctx_alloc (); + return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); +} + +static inline u32 +tls_ctx_alloc_w_thread (crypto_engine_type_t engine_type, u32 thread_index) +{ + u32 ctx_index; + ctx_index = tls_vfts[engine_type].ctx_alloc_w_thread (thread_index); + return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); +} + +static inline tls_ctx_t * +tls_ctx_get (u32 ctx_handle) +{ + u32 ctx_index, engine_type; + tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type); + return tls_vfts[engine_type].ctx_get (ctx_index); +} + +static inline tls_ctx_t * +tls_ctx_get_w_thread (u32 ctx_handle, u8 thread_index) +{ + u32 ctx_index, engine_type; + tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type); + return tls_vfts[engine_type].ctx_get_w_thread (ctx_index, thread_index); +} + +static inline void +tls_ctx_free (tls_ctx_t *ctx) +{ + tls_vfts[ctx->tls_ctx_engine].ctx_free (ctx); +} + +static inline int +tls_ctx_init_server (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_init_server (ctx); +} + +static inline int +tls_ctx_init_client (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_init_client (ctx); +} + +static inline u32 +tls_ctx_attach (crypto_engine_type_t engine_type, u32 thread_index, void *ctx) +{ + u32 ctx_index; + ctx_index = tls_vfts[engine_type].ctx_attach (thread_index, ctx); + return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); +} + +static inline void * +tls_ctx_detach (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_detach (ctx); +} + +static inline int +tls_ctx_write (tls_ctx_t *ctx, session_t *app_session, + transport_send_params_t *sp) +{ + u32 n_wrote; + + sp->max_burst_size = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS; + n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, sp); + sp->bytes_dequeued = n_wrote; + return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0; +} + +static inline int +tls_ctx_read (tls_ctx_t *ctx, session_t *tls_session) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_read (ctx, tls_session); +} + +static inline int +tls_ctx_transport_close (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_transport_close (ctx); +} + +static inline int +tls_ctx_transport_reset (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_transport_reset (ctx); +} + +static inline int +tls_ctx_app_close (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_app_close (ctx); +} + +static inline u8 +tls_ctx_handshake_is_over (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx); +} + +static inline int +tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id) +{ + return tls_vfts[tls_engine_id].ctx_reinit_cachain (); +} + +#endif /* SRC_VNET_TLS_TLS_INLINES_H_ */
\ No newline at end of file diff --git a/src/vnet/tls/tls_record.c b/src/vnet/tls/tls_record.c new file mode 100644 index 00000000000..af7d54c466b --- /dev/null +++ b/src/vnet/tls/tls_record.c @@ -0,0 +1,279 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#include <vnet/tls/tls_record.h> + +/* + * rfc8446#section-4.1.2 + * struct { + * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 + * Random random; + * opaque legacy_session_id<0..32>; + * CipherSuite cipher_suites<2..2^16-2>; + * opaque legacy_compression_methods<1..2^8-1>; + * Extension extensions<8..2^16-1>; + * } ClientHello; + */ +tls_handshake_parse_error_t +tls_handshake_client_hello_parse (u8 *b, int len, + tls_handshake_msg_info_t *info) +{ + u8 *p = b; + + if (PREDICT_FALSE (len < 2 + 32 + 1 + 2 + 2 + 2)) + return TLS_HS_PARSE_ERR_INVALID_LEN; + /* skip legacy version and random */ + p += 2 + 32; + /* legacy_session_id */ + info->legacy_session_id_len = *p; + info->legacy_session_id = p + 1; + p = info->legacy_session_id + info->legacy_session_id_len; + if (PREDICT_FALSE (p - b >= len)) + return TLS_HS_PARSE_ERR_SESSION_ID_LEN; + /* cipher_suites */ + info->cipher_suite_len = clib_net_to_host_u16 (*(u16 *) p); + info->cipher_suites = p + 2; + p = info->cipher_suites + info->cipher_suite_len; + if (PREDICT_FALSE (p - b >= len)) + return TLS_HS_PARSE_ERR_CIPHER_SUITE_LEN; + /* legacy_compression_method, only support null */ + if (PREDICT_FALSE (*p != 1 || *(p + 1) != 0)) + return TLS_HS_PARSE_ERR_COMPRESSION_METHOD; + p += 2; + /* extensions */ + info->extensions_len = clib_net_to_host_u16 (*(u16 *) p); + info->extensions = p + 2; + if (PREDICT_FALSE (info->extensions + info->extensions_len - b > len)) + return TLS_HS_PARSE_ERR_CIPHER_SUITE_LEN; + + return TLS_HS_PARSE_ERR_OK; +} + +typedef tls_handshake_parse_error_t (*tls_handshake_msg_parser) ( + u8 *b, int len, tls_handshake_msg_info_t *info); + +static tls_handshake_msg_parser tls_handshake_msg_parsers[] = { + [TLS_HS_CLIENT_HELLO] = tls_handshake_client_hello_parse, +}; + +static inline u32 +tls_handshake_ext_requested (const tls_handshake_ext_info_t *req_exts, + u32 n_reqs, tls_handshake_ext_type_t ext_type) +{ + for (int i = 0; i < n_reqs; i++) + { + if (req_exts[i].type == ext_type) + return i; + } + + return ~0; +} + +tls_handshake_parse_error_t +tls_hanshake_extensions_parse (tls_handshake_msg_info_t *info, + tls_handshake_ext_info_t **exts) +{ + tls_handshake_ext_info_t *ext; + u16 ext_type, ext_len; + u8 *b, *b_end; + + ASSERT (info->extensions != 0); + + if (info->extensions_len < 2) + return TLS_HS_PARSE_ERR_EXTENSIONS_LEN; + + b = info->extensions; + b_end = info->extensions + info->extensions_len; + + while (b < b_end) + { + ext_type = clib_net_to_host_u16 (*(u16 *) b); + b += 2; + ext_len = clib_net_to_host_u16 (*(u16 *) b); + b += 2; + + if (b + ext_len > b_end) + return TLS_HS_PARSE_ERR_EXTENSIONS_LEN; + + vec_add2 (*exts, ext, 1); + ext->type = ext_type; + ext->len = ext_len; + ext->data = b; + + b += ext_len; + } + + return TLS_HS_PARSE_ERR_OK; +} + +tls_handshake_parse_error_t +tls_hanshake_extensions_try_parse (tls_handshake_msg_info_t *info, + tls_handshake_ext_info_t *req_exts, + u32 n_reqs) +{ + u8 *b, *b_end; + u16 ext_type, ext_len; + u32 n_found = 0, ext_pos; + + ASSERT (info->extensions != 0); + + if (info->extensions_len < 2) + return TLS_HS_PARSE_ERR_EXTENSIONS_LEN; + + b = info->extensions; + b_end = info->extensions + info->extensions_len; + + while (b < b_end && n_found < n_reqs) + { + ext_type = clib_net_to_host_u16 (*(u16 *) b); + b += 2; + ext_len = clib_net_to_host_u16 (*(u16 *) b); + b += 2; + + if (b + ext_len > b_end) + return TLS_HS_PARSE_ERR_EXTENSIONS_LEN; + + ext_pos = tls_handshake_ext_requested (req_exts, n_reqs, ext_type); + if (ext_pos == ~0) + { + b += ext_len; + continue; + } + + req_exts[ext_pos].len = ext_len; + req_exts[ext_pos].data = b; + + b += ext_len; + n_found++; + } + + return TLS_HS_PARSE_ERR_OK; +} + +tls_handshake_parse_error_t +tls_handshake_message_try_parse (u8 *msg, int len, + tls_handshake_msg_info_t *info) +{ + tls_handshake_msg_t *msg_hdr = (tls_handshake_msg_t *) msg; + u8 *b = msg_hdr->message; + + info->len = tls_handshake_message_len (msg_hdr); + if (info->len > len) + return info->len > TLS_FRAGMENT_MAX_ENC_LEN ? + TLS_HS_PARSE_ERR_INVALID_LEN : + TLS_HS_PARSE_ERR_WANT_MORE; + + if (msg_hdr->msg_type >= ARRAY_LEN (tls_handshake_msg_parsers) || + !tls_handshake_msg_parsers[msg_hdr->msg_type]) + return TLS_HS_PARSE_ERR_UNSUPPORTED; + + return tls_handshake_msg_parsers[msg_hdr->msg_type](b, info->len, info); +} + +/** + * As per rfc6066#section-3 + * struct { + * NameType name_type; + * select (name_type) { + * case host_name: HostName; + * } name; + * } ServerName; + * + * enum { + * host_name(0), (255) + * } NameType; + * + * opaque HostName<1..2^16-1>; + * + * struct { + * ServerName server_name_list<1..2^16-1> + * } ServerNameList; + */ +tls_handshake_parse_error_t +tls_handshake_ext_sni_parse (tls_handshake_ext_info_t *ext_info, + tls_handshake_ext_t *ext) +{ + tls_handshake_ext_sni_t *sni = (tls_handshake_ext_sni_t *) ext; + tls_handshake_ext_sni_sn_t *sn; + u16 n_names, sn_len; + u8 *b, *b_end; + + b = ext_info->data; + b_end = b + ext_info->len; + + sni->ext.type = ext_info->type; + sni->names = 0; + n_names = clib_net_to_host_u16 (*(u16 *) b); + b += 2; + + while (b < b_end && vec_len (sni->names) < n_names) + { + /* only host name supported */ + if (b[0] != 0) + return TLS_HS_PARSE_ERR_EXT_SNI_NAME_TYPE; + + b++; + /* server name length */ + sn_len = clib_net_to_host_u16 (*(u16 *) b); + if (sn_len > TLS_EXT_SNI_MAX_LEN) + return TLS_HS_PARSE_ERR_EXT_SNI_LEN; + + b += 2; + + vec_add2 (sni->names, sn, 1); + sn->name_type = 0; + vec_validate (sn->host_name, sn_len - 1); + clib_memcpy (sn->host_name, b, sn_len); + + b += sn_len; + } + + return TLS_HS_PARSE_ERR_OK; +} + +typedef tls_handshake_parse_error_t (*tls_handshake_ext_parser) ( + tls_handshake_ext_info_t *ext_info, tls_handshake_ext_t *ext); + +static tls_handshake_ext_parser tls_handshake_ext_parsers[] = { + [TLS_EXT_SERVER_NAME] = tls_handshake_ext_sni_parse, +}; + +tls_handshake_parse_error_t +tls_handshake_ext_parse (tls_handshake_ext_info_t *ext_info, + tls_handshake_ext_t *ext) +{ + if (ext_info->type >= ARRAY_LEN (tls_handshake_ext_parsers) || + !tls_handshake_ext_parsers[ext_info->type]) + return TLS_HS_PARSE_ERR_UNSUPPORTED; + + return tls_handshake_ext_parsers[ext_info->type](ext_info, ext); +} + +static void +tls_handshake_ext_sni_free (tls_handshake_ext_t *ext) +{ + tls_handshake_ext_sni_t *sni = (tls_handshake_ext_sni_t *) ext; + tls_handshake_ext_sni_sn_t *sn; + + vec_foreach (sn, sni->names) + vec_free (sn->host_name); + + vec_free (sni->names); +} + +typedef void (*tls_handshake_ext_free_fn) (tls_handshake_ext_t *ext); + +static tls_handshake_ext_free_fn tls_handshake_ext_free_fns[] = { + [TLS_EXT_SERVER_NAME] = tls_handshake_ext_sni_free, +}; + +void +tls_handshake_ext_free (tls_handshake_ext_t *ext) +{ + if (ext->type >= ARRAY_LEN (tls_handshake_ext_free_fns) || + !tls_handshake_ext_free_fns[ext->type]) + return; + + tls_handshake_ext_free_fns[ext->type](ext); +} diff --git a/src/vnet/tls/tls_record.h b/src/vnet/tls/tls_record.h new file mode 100644 index 00000000000..3f7723f06d5 --- /dev/null +++ b/src/vnet/tls/tls_record.h @@ -0,0 +1,250 @@ + +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#ifndef SRC_VNET_TLS_TLS_RECORD_H__ +#define SRC_VNET_TLS_TLS_RECORD_H__ + +#include <vppinfra/clib.h> +#include <vppinfra/error.h> + +/** + * TLS record types as per rfc8446#appendix-B.1 + */ +#define foreach_tls_content_type \ + _ (INVALID, 0) \ + _ (CHANGE_CIPHER_SPEC, 20) \ + _ (ALERT, 21) \ + _ (HANDSHAKE, 22) \ + _ (APPLICATION_DATA, 23) \ + _ (HEARTBEAT, 24) /* RFC 6520 */ + +typedef enum tls_record_type_ +{ +#define _(sym, val) TLS_REC_##sym = val, + foreach_tls_content_type +#undef _ +} __clib_packed tls_record_type_t; + +typedef struct tls_protocol_version_ +{ + u8 major; + u8 minor; +} __clib_packed tls_protocol_version_t; + +#define TLS_MAJOR_VERSION 3 +#define TLS_MINOR_VERSION_MIN 0 /**< SSLv3 */ +#define TLS_MINOR_VERSION_MAX 4 /**< TLS1.3 */ + +typedef struct tls_record_header_ +{ + tls_record_type_t type; /**< content type */ + tls_protocol_version_t version; /**< version (deprecated) */ + u16 length; /**< fragment length */ + u8 fragment[0]; /**< fragment/payload */ +} __clib_packed tls_record_header_t; + +#define TLS_FRAGMENT_MAX_LEN (1 << 14) /**< 16KB rfc8446 */ +/** rfc5246 (TLS1.2) allows 2048 bytes of protection */ +#define TLS12_FRAGMENT_MAX_ENC_LEN (TLS_FRAGMENT_MAX_LEN + (2 << 10)) +#define TLS13_FRAGMENT_MAX_ENC_LEN (TLS_FRAGMENT_MAX_LEN + 256) +#define TLS_FRAGMENT_MAX_ENC_LEN TLS12_FRAGMENT_MAX_ENC_LEN + +/* + * Handshake message types as per rfc8446#appendix-B.3 + */ +#define foreach_tls_handshake_type \ + _ (HELLO_REQUEST, 0) \ + _ (CLIENT_HELLO, 1) \ + _ (SERVER_HELLO, 2) \ + _ (HELLO_VERIFY_REQUEST, 3) \ + _ (NEW_SESSION_TICKET, 4) \ + _ (END_OF_EARLY_DATA, 5) \ + _ (HELLO_RETRY_REQUEST, 6) \ + _ (ENCRYPTED_EXTENSIONS, 8) \ + _ (CERTIFICATE, 11) \ + _ (SERVER_KEY_EXCHANGE, 12) \ + _ (CERTIFICATE_REQUEST, 13) \ + _ (SERVER_HELLO_DONE, 14) \ + _ (CERTIFICATE_VERIFY, 15) \ + _ (CLIENT_KEY_EXCHANGE, 16) \ + _ (FINISHED, 20) \ + _ (CERTIFICATE_URL, 21) \ + _ (CERTIFICATE_STATUS, 22) \ + _ (SUPPLEMENTAL_DATA, 23) \ + _ (KEY_UPDATE, 24) \ + _ (MESSAGE_HASH, 254) + +typedef enum tls_handshake_type_ +{ +#define _(sym, val) TLS_HS_##sym = val, + foreach_tls_handshake_type +#undef _ +} tls_handshake_type_t; + +typedef struct +{ + u32 msg_type : 8; /**< message type */ + u32 length : 24; /**< message length */ + u8 message[0]; /**< message contents */ +} __clib_packed tls_handshake_msg_t; + +static inline u32 +tls_handshake_message_len (tls_handshake_msg_t *msg) +{ + u8 *p = (u8 *) msg; + return p[1] << 16 | p[2] << 8 | p[3]; +} + +/** + * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + */ +#define foreach_tls_hanshake_extensions \ + _ (SERVER_NAME, 0) \ + _ (MAX_FRAGMENT_LENGTH, 1) \ + _ (STATUS_REQUEST, 5) \ + _ (SUPPORTED_GROUPS, 10) \ + _ (EC_POINT_FORMATS, 11) \ + _ (SIGNATURE_ALGORITHMS, 13) \ + _ (APPLICATION_LAYER_PROTOCOL_NEGOTIATION, 16) \ + _ (SIGNED_CERTIFICATE_TIMESTAMP, 18) \ + _ (CLIENT_CERTIFICATE_TYPE, 19) \ + _ (SERVER_CERTIFICATE_TYPE, 20) \ + _ (PADDING, 21) \ + _ (TOKEN_BINDING, 24) \ + _ (RECORD_SIZE_LIMIT, 28) \ + _ (SESSION_TICKET, 35) \ + _ (PRE_SHARED_KEY, 41) \ + _ (EARLY_DATA, 42) \ + _ (SUPPORTED_VERSIONS, 43) \ + _ (COOKIE, 44) \ + _ (PSK_KEY_EXCHANGE_MODES, 45) \ + _ (CERTIFICATE_AUTHORITIES, 47) \ + _ (OID_FILTERS, 48) \ + _ (SIGNATURE_ALGORITHMS_CERT, 50) \ + _ (POST_HANDSHAKE_AUTH, 49) \ + _ (KEY_SHARE, 51) \ + _ (CONNECTION_ID, 54) \ + _ (QUIC_TRANSPORT_PARAMETERS, 57) \ + _ (TICKET_REQUEST, 58) \ + _ (DNSSEC_CHAIN, 59) + +typedef enum tls_handshake_extension_type_ +{ +#define _(sym, val) TLS_EXT_##sym = val, + foreach_tls_hanshake_extensions +#undef _ +} tls_handshake_ext_type_t; + +/* Base struct for all extensions */ +typedef struct tls_handshake_ext_ +{ + tls_handshake_ext_type_t type; + u8 extension[0]; +} tls_handshake_ext_t; + +typedef struct tls_handshake_ext_server_name_ +{ + u8 name_type; + u8 *host_name; +} tls_handshake_ext_sni_sn_t; + +typedef struct tls_handshake_ext_sni_ +{ + tls_handshake_ext_t ext; + tls_handshake_ext_sni_sn_t *names; +} tls_handshake_ext_sni_t; + +/* FQDN length as per rfc1035 */ +#define TLS_EXT_SNI_MAX_LEN 255 + +#define foreach_tls_handshake_parse_error \ + _ (OK, "ok") \ + _ (WANT_MORE, "want_more") \ + _ (UNSUPPORTED, "unsupported") \ + _ (INVALID_LEN, "invalid_len") \ + _ (SESSION_ID_LEN, "session_id_len") \ + _ (CIPHER_SUITE_LEN, "cipher_suite_len") \ + _ (COMPRESSION_METHOD, "compression_method") \ + _ (EXTENSIONS_LEN, "extensions_len") \ + _ (EXT_SNI_NAME_TYPE, "ext_sni_name_type") \ + _ (EXT_SNI_LEN, "ext_sni_len") + +typedef enum tls_handshake_parse_error_ +{ +#define _(sym, str) TLS_HS_PARSE_ERR_##sym, + foreach_tls_handshake_parse_error +#undef _ +} tls_handshake_parse_error_t; + +typedef struct tls_hanshake_ext_info_ +{ + tls_handshake_ext_type_t type; + u16 len; + u8 *data; +} tls_handshake_ext_info_t; + +typedef struct tls_handshake_msg_info_ +{ + tls_handshake_type_t type; + u32 len; + u8 legacy_session_id_len; + u8 *legacy_session_id; + u16 cipher_suite_len; + u8 *cipher_suites; + u16 extensions_len; + u8 *extensions; +} tls_handshake_msg_info_t; + +static inline u8 +tls_record_type_is_valid (tls_record_type_t type) +{ + switch (type) + { + case TLS_REC_CHANGE_CIPHER_SPEC: + case TLS_REC_ALERT: + case TLS_REC_HANDSHAKE: + case TLS_REC_APPLICATION_DATA: + case TLS_REC_HEARTBEAT: + return 1; + default: + return 0; + } +} + +static inline u8 +tls_record_hdr_is_valid (tls_record_header_t rec_hdr) +{ + u16 rec_len; + + if (!tls_record_type_is_valid (rec_hdr.type)) + return 0; + + /* Support for SSLv3 and TLS1.0 to TLS1.3 */ + if (rec_hdr.version.major != TLS_MAJOR_VERSION) + return 0; + + rec_len = clib_net_to_host_u16 (rec_hdr.length); + if (rec_len == 0 || rec_len > TLS_FRAGMENT_MAX_ENC_LEN) + return 0; + + return 1; +} + +tls_handshake_parse_error_t +tls_handshake_message_try_parse (u8 *msg, int len, + tls_handshake_msg_info_t *info); +tls_handshake_parse_error_t +tls_hanshake_extensions_parse (tls_handshake_msg_info_t *info, + tls_handshake_ext_info_t **exts); +tls_handshake_parse_error_t +tls_hanshake_extensions_try_parse (tls_handshake_msg_info_t *info, + tls_handshake_ext_info_t *req_exts, + u32 n_reqs); +tls_handshake_parse_error_t +tls_handshake_ext_parse (tls_handshake_ext_info_t *ext_info, + tls_handshake_ext_t *ext); +void tls_handshake_ext_free (tls_handshake_ext_t *ext); + +#endif /* SRC_VNET_TLS_TLS_RECORD_H__ */ diff --git a/src/vnet/udp/udp.c b/src/vnet/udp/udp.c index 9c1121f7cfb..8deeb9e41ee 100644 --- a/src/vnet/udp/udp.c +++ b/src/vnet/udp/udp.c @@ -590,6 +590,9 @@ udp_enable_disable (vlib_main_t *vm, u8 is_en) { udp_main_t *um = &udp_main; + if (!is_en || um->is_init) + return 0; + /* Not ideal. The sparse vector used to map ports to next nodes assumes * only a few ports are ever used. When udp transport is enabled this does * not hold and, to make matters worse, ports are consumed in a random @@ -610,6 +613,7 @@ udp_enable_disable (vlib_main_t *vm, u8 is_en) vec_validate (um->transport_ports_refcnt[0], 65535); vec_validate (um->transport_ports_refcnt[1], 65535); + um->is_init = 1; return 0; } diff --git a/src/vnet/udp/udp.h b/src/vnet/udp/udp.h index 8e4e87f85a8..c6f867500e0 100644 --- a/src/vnet/udp/udp.h +++ b/src/vnet/udp/udp.h @@ -154,6 +154,7 @@ typedef struct u16 default_mtu; u16 msg_id_base; u8 csum_offload; + u8 is_init; u8 icmp_send_unreachable_disabled; } udp_main_t; diff --git a/src/vppinfra/CMakeLists.txt b/src/vppinfra/CMakeLists.txt index 233e75d6e2a..0b8b6ae1226 100644 --- a/src/vppinfra/CMakeLists.txt +++ b/src/vppinfra/CMakeLists.txt @@ -16,15 +16,7 @@ enable_language(ASM) ############################################################################## # find libdl ############################################################################## -vpp_find_path(LIBDL_INCLUDE_DIR dlfcn.h) -vpp_find_library(LIBDL_LIB NAMES dl) - -if (LIBDL_INCLUDE_DIR AND LIBDL_LIB) - message(STATUS "libdl found at ${LIBDL_LIB}") - list(APPEND VPPINFRA_LIBS ${LIBDL_LIB}) -else() - message(FATAL_ERROR "libdl not found") -endif() +list(APPEND VPPINFRA_LIBS ${CMAKE_DL_LIBS}) ############################################################################## # find libunwind diff --git a/src/vppinfra/cache.h b/src/vppinfra/cache.h index 4229a068486..13778a423fd 100644 --- a/src/vppinfra/cache.h +++ b/src/vppinfra/cache.h @@ -68,6 +68,17 @@ #define CLIB_PREFETCH_WRITE 1 #define CLIB_PREFETCH_STORE 1 /* alias for write */ +/* locality arguments to __builtin_prefetch. */ +#define CLIB_PREFETCH_TO_STREAM 0 // NTA +#define CLIB_PREFETCH_TO_L3 1 // T2 +#define CLIB_PREFETCH_TO_L2 2 // T1 +#define CLIB_PREFETCH_TO_L1 3 // T0 + +#define _CLIB_TARGETED_PREFETCH(n, size, type, loc) \ + if ((size) > (n) *CLIB_CACHE_PREFETCH_BYTES) \ + __builtin_prefetch (_addr + (n) *CLIB_CACHE_PREFETCH_BYTES, \ + CLIB_PREFETCH_##type, CLIB_PREFETCH_TO_##loc); + #define _CLIB_PREFETCH(n, size, type) \ if ((size) > (n) *CLIB_CACHE_PREFETCH_BYTES) \ __builtin_prefetch (_addr + (n) *CLIB_CACHE_PREFETCH_BYTES, \ @@ -86,6 +97,19 @@ } \ while (0) +#define CLIB_TARGETED_PREFETCH(addr, size, type, locality) \ + do \ + { \ + void *_addr = (addr); \ + \ + ASSERT ((size) <= 4 * CLIB_CACHE_PREFETCH_BYTES); \ + _CLIB_TARGETED_PREFETCH (0, size, type, locality); \ + _CLIB_TARGETED_PREFETCH (1, size, type, locality); \ + _CLIB_TARGETED_PREFETCH (2, size, type, locality); \ + _CLIB_TARGETED_PREFETCH (3, size, type, locality); \ + } \ + while (0) + #undef _ static_always_inline void diff --git a/src/vppinfra/cpu.h b/src/vppinfra/cpu.h index 7a1b75fcf7d..b3743d4c26d 100644 --- a/src/vppinfra/cpu.h +++ b/src/vppinfra/cpu.h @@ -150,6 +150,7 @@ _CLIB_MARCH_FN_REGISTRATION(fn) _ (movdir64b, 7, ecx, 28) \ _ (enqcmd, 7, ecx, 29) \ _ (avx512_fp16, 7, edx, 23) \ + _ (aperfmperf, 0x00000006, ecx, 0) \ _ (invariant_tsc, 0x80000007, edx, 8) \ _ (monitorx, 0x80000001, ecx, 29) diff --git a/src/vppinfra/format.c b/src/vppinfra/format.c index cf17b8a1acb..642d3e20654 100644 --- a/src/vppinfra/format.c +++ b/src/vppinfra/format.c @@ -833,6 +833,16 @@ done: return s; } +__clib_export char * +format_c_string (u8 *s, const char *fmt, ...) +{ + va_list args; + va_start (args, fmt); + s = va_format (s, fmt, &args); + va_end (args); + vec_add1 (s, '\0'); + return (char *) s; +} /* * fd.io coding-style-patch-verification: ON diff --git a/src/vppinfra/format.h b/src/vppinfra/format.h index a1a70a2d64f..14bac869f89 100644 --- a/src/vppinfra/format.h +++ b/src/vppinfra/format.h @@ -372,6 +372,8 @@ int test_unformat_main (unformat_input_t * input); created circular dependency problems. */ int test_vec_main (unformat_input_t * input); +char *format_c_string (u8 *s, const char *fmt, ...); + #endif /* included_format_h */ /* diff --git a/src/vppinfra/jsonformat.c b/src/vppinfra/jsonformat.c index 1aa3864be04..73cb94769d8 100644 --- a/src/vppinfra/jsonformat.c +++ b/src/vppinfra/jsonformat.c @@ -500,12 +500,13 @@ format_vl_api_mac_address_t (u8 * s, va_list * args) mac->bytes[0], mac->bytes[1], mac->bytes[2], mac->bytes[3], mac->bytes[4], mac->bytes[5]); } -#define _(T) \ - cJSON *vl_api_ ##T## _t_tojson (vl_api_ ##T## _t *a) { \ - u8 *s = format(0, "%U", format_vl_api_ ##T## _t, a); \ - cJSON *o = cJSON_CreateString((char *)s); \ - vec_free(s); \ - return o; \ +#define _(T) \ + cJSON *vl_api_##T##_t_tojson (vl_api_##T##_t *a) \ + { \ + char *s = format_c_string (0, "%U", format_vl_api_##T##_t, a, 0); \ + cJSON *o = cJSON_CreateString (s); \ + vec_free (s); \ + return o; \ } foreach_type_tojson #undef _ diff --git a/src/vppinfra/linux/mem.c b/src/vppinfra/linux/mem.c index 734f5c4788c..17b4412e6c9 100644 --- a/src/vppinfra/linux/mem.c +++ b/src/vppinfra/linux/mem.c @@ -101,11 +101,13 @@ legacy_get_log2_default_hugepage_size (void) void clib_mem_main_init (void) { + unsigned long nodemask = 0, maxnode = CLIB_MAX_NUMAS; + unsigned long flags = MPOL_F_MEMS_ALLOWED; clib_mem_main_t *mm = &clib_mem_main; long sysconf_page_size; uword page_size; - void *va; - int fd; + void *va = 0; + int fd, mode; if (mm->log2_page_sz != CLIB_MEM_PAGE_SZ_UNKNOWN) return; @@ -131,23 +133,8 @@ clib_mem_main_init (void) mm->log2_sys_default_hugepage_sz = mm->log2_default_hugepage_sz; /* numa nodes */ - va = mmap (0, page_size, PROT_READ | PROT_WRITE, MAP_PRIVATE | - MAP_ANONYMOUS, -1, 0); - if (va == MAP_FAILED) - return; - - if (mlock (va, page_size)) - goto done; - - for (int i = 0; i < CLIB_MAX_NUMAS; i++) - { - int status; - if (syscall (__NR_move_pages, 0, 1, &va, &i, &status, 0) == 0) - mm->numa_node_bitmap |= 1ULL << i; - } - -done: - munmap (va, page_size); + if (syscall (__NR_get_mempolicy, &mode, &nodemask, maxnode, va, flags) == 0) + mm->numa_node_bitmap = nodemask; } __clib_export u64 @@ -530,6 +517,7 @@ clib_mem_get_page_stats (void *start, clib_mem_page_sz_t log2_page_size, { int i, *status = 0; void **ptr = 0; + unsigned char incore; log2_page_size = clib_mem_log2_page_size_validate (log2_page_size); @@ -551,6 +539,19 @@ clib_mem_get_page_stats (void *start, clib_mem_page_sz_t log2_page_size, for (i = 0; i < n_pages; i++) { + /* move_pages() returns -ENONET in status for huge pages on 5.19+ kernel. + * Retry with get_mempolicy() to obtain NUMA node info only if the pages + * are allocated and in memory, which is checked by mincore(). */ + if (status[i] == -ENOENT && + syscall (__NR_mincore, ptr[i], 1, &incore) == 0 && (incore & 1) != 0) + { + if (syscall (__NR_get_mempolicy, &status[i], 0, 0, ptr[i], + MPOL_F_NODE | MPOL_F_ADDR) != 0) + { + /* if get_mempolicy fails, keep the original value in status */ + status[i] = -ENONET; + } + } if (status[i] >= 0 && status[i] < CLIB_MAX_NUMAS) { stats->mapped++; diff --git a/src/vppinfra/mem.h b/src/vppinfra/mem.h index 75015d59a4a..ab9c5da30ec 100644 --- a/src/vppinfra/mem.h +++ b/src/vppinfra/mem.h @@ -299,10 +299,27 @@ void *clib_mem_init_thread_safe (void *memory, uword memory_size); void clib_mem_exit (void); +typedef struct +{ + /* Address of callers: outer first, inner last. */ + uword callers[12]; + + /* Count of allocations with this traceback. */ + u32 n_allocations; + + /* Count of bytes allocated with this traceback. */ + u32 n_bytes; + + /* Offset of this item */ + uword offset; +} mheap_trace_t; + void clib_mem_trace (int enable); int clib_mem_is_traced (void); +mheap_trace_t *clib_mem_trace_dup (clib_mem_heap_t *heap); + typedef struct { /* Total number of objects allocated. */ diff --git a/src/vppinfra/mem_dlmalloc.c b/src/vppinfra/mem_dlmalloc.c index e98687fff2a..d5ff21e58c0 100644 --- a/src/vppinfra/mem_dlmalloc.c +++ b/src/vppinfra/mem_dlmalloc.c @@ -23,21 +23,6 @@ typedef struct { - /* Address of callers: outer first, inner last. */ - uword callers[12]; - - /* Count of allocations with this traceback. */ - u32 n_allocations; - - /* Count of bytes allocated with this traceback. */ - u32 n_bytes; - - /* Offset of this item */ - uword offset; -} mheap_trace_t; - -typedef struct -{ clib_spinlock_t lock; mheap_trace_t *traces; @@ -574,6 +559,23 @@ clib_mem_trace_enable_disable (uword enable) return rv; } +__clib_export mheap_trace_t * +clib_mem_trace_dup (clib_mem_heap_t *heap) +{ + mheap_trace_main_t *tm = &mheap_trace_main; + mheap_trace_t *traces_copy = 0; + + clib_spinlock_lock (&tm->lock); + if (vec_len (tm->traces) > 0 && heap == tm->current_traced_mheap) + { + traces_copy = vec_dup (tm->traces); + qsort (traces_copy, vec_len (traces_copy), sizeof (traces_copy[0]), + mheap_trace_sort); + } + clib_spinlock_unlock (&tm->lock); + return traces_copy; +} + __clib_export clib_mem_heap_t * clib_mem_create_heap (void *base, uword size, int is_locked, char *fmt, ...) { diff --git a/src/vppinfra/time.c b/src/vppinfra/time.c index 5a6aaf182e4..f1736499a0a 100644 --- a/src/vppinfra/time.c +++ b/src/vppinfra/time.c @@ -76,8 +76,11 @@ clock_frequency_from_proc_filesystem (void) f64 ppc_timebase = 0; /* warnings be gone */ unformat_input_t input; -/* $$$$ aarch64 kernel doesn't report "cpu MHz" */ -#if defined(__aarch64__) +#if defined(__x86_64__) + if (clib_cpu_supports_aperfmperf ()) + return 0.0; +#elif defined(__aarch64__) + /* $$$$ aarch64 kernel doesn't report "cpu MHz" */ return 0.0; #endif diff --git a/src/vppinfra/time_range.c b/src/vppinfra/time_range.c index 4b5e1303763..54f5629641a 100644 --- a/src/vppinfra/time_range.c +++ b/src/vppinfra/time_range.c @@ -264,11 +264,10 @@ format_clib_timebase_time (u8 * s, va_list * args) clib_timebase_time_to_components (now, cp); - s = format (s, "%s, %u %s %u %u:%02u:%02u", - day_names_epoch_order[cp->day_name_index], - cp->day, - month_short_names[cp->month], - cp->year, cp->hour, cp->minute, cp->second); + s = format (s, "%s, %02u %s %u %02u:%02u:%02u", + day_names_epoch_order[cp->day_name_index], cp->day, + month_short_names[cp->month], cp->year, cp->hour, cp->minute, + cp->second); return (s); } |