aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/dataplane_node.c
AgeCommit message (Collapse)AuthorFilesLines
2020-02-25feature: provide a u16 version of vnet_feature_nextNeale Ranns1-3/+2
Type: improvement when using vlib_buffer_enqueue_to_next the 'nexts' parameter is an array of u16, but vnet_feautre_next takes a u32. this is a simple wrapper to address the impedence mismatch. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0fa86629e979e313344eb68442dc35a7b9537a8f
2019-07-24acl: implement countersAndrew Yourtchenko1-7/+43
implement per-acl-number counters in the stats segment. They are created during the ACL creation, the counters are incremented in the dataplane using the new inline function with the extra parameter being the packet size. Counting in shared segment adds a noticeable overhead, so add also an API to turn the counters on. Type: feature Change-Id: I8af7b0c31a3d986b68089eb52452aed45df66c7b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-02-19acl-plugin: split the dataplane function into two, save 10sec in compile timeAndrew Yourtchenko1-87/+110
Change-Id: I00618f12dfd5ab4a2baf6c8ec1f53b4c7179aed7 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-11-20acl-plugin: performance optimizations for established connectionsAndrew Yourtchenko1-188/+455
Change-Id: Id5b7429ca7cce10ce8022c9b8a223bd02f6c3b5f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-10-26acl-plugin: fix the node multiarch function selectionAndrew Yourtchenko1-33/+19
Thanks to Damjan for rewriting my previous patch into not-to-be-deprecated soon form! Change-Id: I595a13c44ed07d4c6d60e2aef0f0bd807a76cbba Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-10-24acl-plugin: introduce a format function for l4 session keyAndrew Yourtchenko1-22/+29
Abstracting out the internal format function for L4 session key type makes the other acl plugin format/print functions more maintainable. Change-Id: Ica1302263a42981555462b5338d18d9a9f9c8342 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-10-20acl-plugin: use the L2 feature arc infrastructure instead of L2 classifier ↵Andrew Yourtchenko1-25/+266
for plumbing This makes ACL plugin use the new feature arcs, which slightly increases performance. Since for ethertype whitelisting we were using the L2 classifier, to retain the functionality, make a simple node doing that, and plug it into non-ip L2 feature arc whenever needed. Change-Id: I3add377a6c790117dd3fd056e5615cb4c4438cf4 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-08-13Multiarch handling in different constructor macrosDamjan Marion1-4/+3
This significantly reduces need for ... in multiarch code. Simply constructor macros will jost create static unused entry if CLIB_MARCH_VARIANT is defined and that will be optimized out by compiler. Change-Id: I17d1c4ac0c903adcfadaa4a07de1b854c7ab14ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-08-03acl-plugin: fill in the 5tuple structure all at once, avoid short writesAndrew Yourtchenko1-5/+3
This change avoids the long-read-after-short-write, resulting in a small performance improvement. Change-Id: Ic01d1fd19182e96100ccaf441d7ab5e5898b9734 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-07-31acl-plugin: move the acl epoch calculation into inline functionAndrew Yourtchenko1-7/+15
Change-Id: Ifc8b3d30d66c7ade1e3584844ce3f82d42d2fb94 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-07-19Remove unused argument to vlib_feature_nextDamjan Marion1-1/+1
Change-Id: Ieb8b53977fc8484c19780941e232ee072b667de3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-20acl-plugin: acl-as-a-service: VPP-1248: fix the error if exports.h included ↵Andrew Yourtchenko1-3/+3
in more than one C file Including the exports.h from multiple .c files belonging to a single plugin results in an error. Rework the approach to require the table of function pointers to be filled in by the initialization function. Since the inline functions are compiled in the "caller" context, there is no knowledge about the acl_main structure used by the ACL plugin. To help with that, the signature of inline functions is slightly different, taking the p_acl_main pointer as the first parameter. That pointer is filled into the .p_acl_main field of the method table during the initialization - since the calling of non-inline variants would have required filling the method table, this should give minimal headaches during the use and switch between the two methods. Change-Id: Icb70695efa23579c46c716944838766cebc8573e Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-14acl-plugin: use 16_8 bihash for IPv4 sessions and 40_8 bihash for IPv6 sessionsAndrew Yourtchenko1-10/+11
Add a new kv_16_8 field into 5tuple union, rename the existing kv into kv_40_8 for clarity, and add the compile-time alignment constraints. Change-Id: I9bfca91f34850a5c89cba590fbfe9b865e63ef94 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-13acl-plugin: change the src/dst L3 info in 5tuple struct to be always ↵Andrew Yourtchenko1-13/+24
contiguous with L4 data Using ip46_address_t was convenient from operational point of view but created some difficulties dealing with IPv4 addresses - the extra 3x of u32 padding are costly, and the "holes" mean we can not use the smaller key-value data structures for the lookup. This commit changes the 5tuple layout for the IPv4 case, such that the src/dst addresses directly precede the L4 information. That will allow to treat the same data within 40x8 key-value structure as a 16x8 key-value structure starting with 24 byte offset. Change-Id: Ifea8d266ca0b9c931d44440bf6dc62446c1a83ec Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-02acl-plugin: multicore: session management fixesAndrew Yourtchenko1-4/+7
- implement a 1us purgatory for the session structures by adding a special connection list, where all connections about to be deleted go. - add per-list-head timeouts updated upon the list enqueue/dequeue for connection idle management - add a "unused" session list with list ID#0, which should never be used unless there is a logic error. Use this ID to initialize the sessions. - improve the maintainability of the session linked list structures by using symbolic bogus index name instead of ~0 - change the ordering of session creations - first reverse, then local. To minimize the potential for two workers competing for the same session in the corner case of the two packets on different workers creating the same logical session - reduce the maximum session count to keep the memory usage the same - add extra log/debug/trace to session cleaning logic - be more aggressive with cleaning up sessions - wind up the interrupts from the workers to themselves if there is more work to do Change-Id: I3aa1c91a925a08e83793467cb15bda178c21e426 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-29Add VLIB_NODE_FN() macro to simplify multiversioning of node functionsDamjan Marion1-117/+25
Change-Id: Ibab5e27277f618ceb2d543b9d6a1a5f191e7d1db Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-28acl-plugin: move to per-frame buffer pointer calculations and enqueue to ↵Andrew Yourtchenko1-208/+191
next nodes Use the new frame-at-once functions vlib_get_buffers() and vlib_buffer_enqueue_to_next() to calculate the buffer pointers and to dispatch the packets after the processing. This simplifies the dataplane node processing loop. Change-Id: I454308f847aac76a199f8dd7490c1e176414bde7 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-26acl-plugin: create forward and return sessions in lieu of making a special ↵Andrew Yourtchenko1-34/+11
per-packet session key Using a separate session key has proven to be tricky for the following reasons: - it's a lot of storage to have what looks to be nearly identical to 5tuple, just maybe with some fields swapped - shuffling the fields from 5tuple adds to memory pressure - the fact that the fields do not coincide with the packet memory means for any staged processing we need to use up a lot of memory Thus, just add two entries into the bihash table pointing to the same session entry, so we could match the packets from either direction. With this we have the key layout of L3 info (which takes up the majority of space for IPv6 case) the same as in the packet, thus, opening up the possibility for other optimizations. Not having to create and store a separate session key should also give us a small performance win in itself. Also, add the routine to show the session bihash in a better way than a bunch of numbers. Alas, the memory usage in the bihash obviously doubles. Change-Id: I8fd2ed4714ad7fc447c4fa224d209bc0b736b371 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-22acl-plugin: refactor to introduce multiarch dataplane functionsAndrew Yourtchenko1-0/+758
This commit splits the functions from fa_node.c into the pure dataplane node functions (which are multiarch-compiled), session management node functions (which are compiled only once), and session find/add/delete functions which are split out into the inlines. As part of the refactoring: - get rid of BV() macros in the affected chunk of code, rather use the explicit bihash function names. - add the magic trailer to the new files to ensure make checkstyle watches them. - move the bihash_template.c include for 40_8 bihash into acl.c Change-Id: I4d781e9ec4307ea84e92af93c09470ea2bd0c375 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>