/*
 * Copyright (c) 2015 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
/*
 * main.c: main vector processing loop
 *
 * Copyright (c) 2008 Eliot Dresselhaus
 *
 * Permission is hereby granted, free of charge, to any person obtaining
 * a copy of this software and associated documentation files (the
 * "Software"), to deal in the Software without restriction, including
 * without limitation the rights to use, copy, modify, merge, publish,
 * distribute, sublicense, and/or sell copies of the Software, and to
 * permit persons to whom the Software is furnished to do so, subject to
 * the following conditions:
 *
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 *  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 *  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 *  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 *  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 *  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 *  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */

#include <math.h>
#include <vppinfra/format.h>
#include <vlib/vlib.h>
#include <vlib/threads.h>
#include <vppinfra/tw_timer_1t_3w_1024sl_ov.h>

#include <vlib/unix/unix.h>

/* Actually allocate a few extra slots of vector data to support
   speculative vector enqueues which overflow vector data in next frame. */
#define VLIB_FRAME_SIZE_ALLOC (VLIB_FRAME_SIZE + 4)

always_inline u32
vlib_frame_bytes (u32 n_scalar_bytes, u32 n_vector_bytes)
{
  u32 n_bytes;

  /* Make room for vlib_frame_t plus scalar arguments. */
  n_bytes = vlib_frame_vector_byte_offset (n_scalar_bytes);

  /* Make room for vector arguments.
     Allocate a few extra slots of vector data to support
     speculative vector enqueues which overflow vector data in next frame. */
#define VLIB_FRAME_SIZE_EXTRA 4
  n_bytes += (VLIB_FRAME_SIZE + VLIB_FRAME_SIZE_EXTRA) * n_vector_bytes;

  /* Magic number is first 32bit number after vector data.
     Used to make sure that vector data is never overrun. */
#define VLIB_FRAME_MAGIC (0xabadc0ed)
  n_bytes += sizeof (u32);

  /* Pad to cache line. */
  n_bytes = round_pow2 (n_bytes, CLIB_CACHE_LINE_BYTES);

  return n_bytes;
}

always_inline u32 *
vlib_frame_find_magic (vlib_frame_t * f, vlib_node_t * node)
{
  void *p = f;

  p += vlib_frame_vector_byte_offset (node->scalar_size);

  p += (VLIB_FRAME_SIZE + VLIB_FRAME_SIZE_EXTRA) * node->vector_size;

  return p;
}

static inline vlib_frame_size_t *
get_frame_size_info (vlib_node_main_t * nm,
		     u32 n_scalar_bytes, u32 n_vector_bytes)
{
#ifdef VLIB_SUPPORTS_ARBITRARY_SCALAR_SIZES
  uword key = (n_scalar_bytes << 16) | n_vector_bytes;
  uword *p, i;

  p = hash_get (nm->frame_size_hash, key);
  if (p)
    i = p[0];
  else
    {
      i = vec_len (nm->frame_sizes);
      vec_validate (nm->frame_sizes, i);
      hash_set (nm->frame_size_hash, key, i);
    }

  return vec_elt_at_index (nm->frame_sizes, i);
#else
  ASSERT (vlib_frame_bytes (n_scalar_bytes, n_vector_bytes)
	  == (vlib_frame_bytes (0, 4)));
  return vec_elt_at_index (nm->frame_sizes, 0);
#endif
}

static vlib_frame_t *
vlib_frame_alloc_to_node (vlib_main_t * vm, u32 to_node_index,
			  u32 frame_flags)
{
  vlib_node_main_t *nm = &vm->node_main;
  vlib_frame_size_t *fs;
  vlib_node_t *to_node;
  vlib_frame_t *f;
  u32 l, n, scalar_size, vector_size;

  ASSERT (vm == vlib_get_main ());

  to_node = vlib_get_node (vm, to_node_index);

  scalar_size = to_node->scalar_size;
  vector_size = to_node->vector_size;

  fs = get_frame_size_info (nm, scalar_size, vector_size);
  n = vlib_frame_bytes (scalar_size, vector_size);
  if ((l = vec_len (fs->free_frames)) > 0)
    {
      /* Allocate from end of free list. */
      f = fs->free_frames[l - 1];
      _vec_len (fs->free_frames) = l - 1;
    }
  else
    {
      f = clib_mem_alloc_aligned_no_fail (n, VLIB_FRAME_ALIGN);
    }

  /* Poison frame when debugging. */
  if (CLIB_DEBUG > 0)
    clib_memset (f, 0xfe, n);

  /* Insert magic number. */
  {
    u32 *magic;

    magic = vlib_frame_find_magic (f, to_node);
    *magic = VLIB_FRAME_MAGIC;
  }

  f->frame_flags = VLIB_FRAME_IS_ALLOCATED | frame_flags;
  f->n_vectors = 0;
  f->scalar_size = scalar_size;
  f->vector_size = vector_size;
  f->flags = 0;

  fs->n_alloc_frames += 1;

  return f;
}

/* Allocate a frame for from FROM_NODE to TO_NODE via TO_NEXT_INDEX.
   Returns frame index. */
static vlib_frame_t *
vlib_frame_alloc (vlib_main_t * vm, vlib_node_runtime_t * from_node_runtime,
		  u32 to_next_index)
{
  vlib_node_t *from_node;

  from_node = vlib_get_node (vm, from_node_runtime->node_index);
  ASSERT (to_next_index < vec_len (from_node->next_nodes));

  return vlib_frame_alloc_to_node (vm, from_node->next_nodes[to_next_index],
				   /* frame_flags */ 0);
}

vlib_frame_t *
vlib_get_frame_to_node (vlib_main_t * vm, u32 to_node_index)
{
  vlib_frame_t *f = vlib_frame_alloc_to_node (vm, to_node_index,
					      /* frame_flags */
					      VLIB_FRAME_FREE_AFTER_DISPATCH);
  return vlib_get_frame (vm, f);
}

static inline void
vlib_validate_frame_indices (vlib_frame_t * f)
{
  if (CLIB_DEBUG > 0)
    {
      int i;
      u32 *from = vlib_frame_vector_args (f);

      /* Check for bad buffer index values */
      for (i = 0; i < f->n_vectors; i++)
	{
	  if (from[i] == 0)
	    {
	      clib_warning ("BUG: buffer index 0 at index %d", i);
	      ASSERT (0);
	    }
	  else if (from[i] == 0xfefefefe)
	    {
	      clib_warning ("BUG: frame poison pattern at index %d", i);
	      ASSERT (0);
	    }
	}
    }
}

void
vlib_put_frame_to_node (vlib_main_t * vm, u32 to_node_index, vlib_frame_t * f)
{
  vlib_pending_frame_t *p;
  vlib_node_t *to_node;

  if (f->n_vectors == 0)
    return;

  ASSERT (vm == vlib_get_main ());

  vlib_validate_frame_indices (f);

  to_node = vlib_get_node (vm, to_node_index);

  vec_add2 (vm->node_main.pending_frames, p, 1);

  f->frame_flags |= VLIB_FRAME_PENDING;
  p->frame = vlib_get_frame (vm, f);
  p->node_runtime_index = to_node->runtime_index;
  p->next_frame_index = VLIB_PENDING_FRAME_NO_NEXT_FRAME;
}

/* Free given frame. */
void
vlib_frame_free (vlib_main_t * vm, vlib_node_runtime_t * r, vlib_frame_t * f)
{
  vlib_node_main_t *nm = &vm->node_main;
  vlib_node_t *node;
  vlib_frame_size_t *fs;

  ASSERT (vm == vlib_get_main ());
  ASSERT (f->frame_flags & VLIB_FRAME_IS_ALLOCATED);

  node = vlib_get_node (vm, r->node_index);
  fs = get_frame_size_info (nm, node->scalar_size, node->vector_size);

  ASSERT (f->frame_flags & VLIB_FRAME_IS_ALLOCATED);

  /* No next frames may point to freed frame. */
  if (CLIB_DEBUG > 0)
    {
      vlib_next_frame_t *nf;
      vec_foreach (nf, vm->node_main.next_frames) ASSERT (nf->frame != f);
    }

  f->frame_flags &= ~(VLIB_FRAME_IS_ALLOCATED | VLIB_FRAME_NO_APPEND);

  vec_add1 (fs->free_frames, f);
  ASSERT (fs->n_alloc_frames > 0);
  fs->n_alloc_frames -= 1;
}

static clib_error_t *
show_frame_stats (vlib_main_t * vm,
		  unformat_input_t * input, vlib_cli_command_t * cmd)
{
  vlib_node_main_t *nm = &vm->node_main;
  vlib_frame_size_t *fs;

  vlib_cli_output (vm, "%=6s%=12s%=12s", "Size", "# Alloc", "# Free");
  vec_foreach (fs, nm->frame_sizes)
  {
    u32 n_alloc = fs->n_alloc_frames;
    u32 n_free = vec_len (fs->free_frames);

    if (n_alloc + n_free > 0)
      vlib_cli_output (vm, "%=6d%=12d%=12d",
		       fs - nm->frame_sizes, n_alloc, n_free);
  }

  return 0;
}

/* *INDENT-OFF* */
VLIB_CLI_COMMAND (show_frame_stats_cli, static) = {
  .path = "show vlib frame-allocation",
  .short_help = "Show node dispatch frame statistics",
  .function = show_frame_stats,
};
/* *INDENT-ON* */

/* Change ownership of enqueue rights to given next node. */
static void
vlib_next_frame_change_ownership (vlib_main_t * vm,
				  vlib_node_runtime_t * node_runtime,
				  u32 next_index)
{
  vlib_node_main_t *nm = &vm->node_main;
  vlib_next_frame_t *next_frame;
  vlib_node_t *node, *next_node;

  node = vec_elt (nm->nodes, node_runtime->node_index);

  /* Only internal & input nodes are allowed to call other nodes. */
  ASSERT (node->type == VLIB_NODE_TYPE_INTERNAL
	  || node->type == VLIB_NODE_TYPE_INPUT
	  || node->type == VLIB_NODE_TYPE_PROCESS);

  ASSERT (vec_len (node->next_nodes) == node_runtime->n_next_nodes);

  next_frame =
    vlib_node_runtime_get_next_frame (vm, node_runtime, next_index);
  next_node = vec_elt (nm->nodes, node->next_nodes[next_index]);

  if (next_node->owner_node_index != VLIB_INVALID_NODE_INDEX)
    {
      /* Get frame from previous owner. */
      vlib_next_frame_t *owner_next_frame;
      vlib_next_frame_t tmp;

      owner_next_frame =
	vlib_node_get_next_frame (vm,
				  next_node->owner_node_index,
				  next_node->owner_next_index);

      /* Swap target next frame with owner's. */
      tmp = owner_next_frame[0];
      owner_next_frame[0] = next_frame[0];
      next_frame[0] = tmp;

      /*
       * If next_frame is already pending, we have to track down
       * all pending frames and fix their next_frame_index fields.
       */
      if (next_frame->flags & VLIB_FRAME_PENDING)
	{
	  vlib_pending_frame_t *p;
	  if (next_frame->frame != NULL)
	    {
	      vec_foreach (p, nm->pending_frames)
	      {
		if (p->frame == next_frame->frame)
		  {
		    p->next_frame_index =
		      next_frame - vm->node_main.next_frames;
		  }
	      }
	    }
	}
    }
  else
    {
      /* No previous owner. Take ownership. */
      next_frame->flags |= VLIB_FRAME_OWNER;
    }

  /* Record new owner. */
  next_node->owner_node_index = node->index;
  next_node->owner_next_index = next_index;

  /* Now we should be owner. */
  ASSERT (next_frame->flags & VLIB_FRAME_OWNER);
}

/* Make sure that magic number is still there.
   Otherwise, it is likely that caller has overrun frame arguments. */
always_inline void
validate_frame_magic (vlib_main_t * vm,
		      vlib_frame_t * f, vlib_node_t * n, uword next_index)
{
  vlib_node_t *next_node = vlib_get_node (vm, n->next_nodes[next_index]);
  u32 *magic = vlib_frame_find_magic (f, next_node);
  ASSERT (VLIB_FRAME_MAGIC == magic[0]);
}

vlib_frame_t *
vlib_get_next_frame_internal (vlib_main_t * vm,
			      vlib_node_runtime_t * node,
			      u32 next_index, u32 allocate_new_next_frame)
{
  vlib_frame_t *f;
  vlib_next_frame_t *nf;
  u32 n_used;

  nf = vlib_node_runtime_get_next_frame (vm, node, next_index);

  /* Make sure this next frame owns right to enqueue to destination frame. */
  if (PREDICT_FALSE (!(nf->flags & VLIB_FRAME_OWNER)))
    vlib_next_frame_change_ownership (vm, node, next_index);

  /* ??? Don't need valid flag: can use frame_index == ~0 */
  if (PREDICT_FALSE (!(nf->flags & VLIB_FRAME_IS_ALLOCATED)))
    {
      nf->frame = vlib_frame_alloc (vm, node, next_index);
      nf->flags |= VLIB_FRAME_IS_ALLOCATED;
    }

  f = nf->frame;

  /* Has frame been removed from pending vector (e.g. finished dispatching)?
     If so we can reuse frame. */
  if ((nf->flags & VLIB_FRAME_PENDING)
      && !(f->frame_flags & VLIB_FRAME_PENDING))
    {
      nf->flags &= ~VLIB_FRAME_PENDING;
      f->n_vectors = 0;
      f->flags = 0;
    }

  /* Allocate new frame if current one is marked as no-append or
     it is already full. */
  n_used = f->n_vectors;
  if (n_used >= VLIB_FRAME_SIZE || (allocate_new_next_frame && n_used > 0) ||
      (f->frame_flags & VLIB_FRAME_NO_APPEND))
    {
      /* Old frame may need to be freed after dispatch, since we'll have
         two redundant frames from node -> next node. */
      if (!(nf->flags & VLIB_FRAME_NO_FREE_AFTER_DISPATCH))
	{
	  vlib_frame_t *f_old = vlib_get_frame (vm, nf->frame);
	  f_old->frame_flags |= VLIB_FRAME_FREE_AFTER_DISPATCH;
	}

      /* Allocate new frame to replace full one. */
      f = nf->frame = vlib_frame_alloc (vm, node, next_index);
      n_used = f->n_vectors;
    }

  /* Should have free vectors in frame now. */
  ASSERT (n_used < VLIB_FRAME_SIZE);

  if (CLIB_DEBUG > 0)
    {
      validate_frame_magic (vm, f,
			    vlib_get_node (vm, node->node_index), next_index);
    }

  return f;
}

static void
vlib_put_next_frame_validate (vlib_main_t * vm,
			      vlib_node_runtime_t * rt,
			      u32 next_index, u32 n_vectors_left)
{
  vlib_node_main_t *nm = &vm->node_main;
  vlib_next_frame_t *nf;
  vlib_frame_t *f;
  vlib_node_runtime_t *next_rt;
  vlib_node_t *next_node;
  u32 n_before, n_after;

  nf = vlib_node_runtime_get_next_frame (vm, rt, next_index);
  f = vlib_get_frame (vm, nf->frame);

  ASSERT (n_vectors_left <= VLIB_FRAME_SIZE);

  vlib_validate_frame_indices (f);

  n_after = VLIB_FRAME_SIZE - n_vectors_left;
  n_before = f->n_vectors;

  ASSERT (n_after >= n_before);

  next_rt = vec_elt_at_index (nm->nodes_by_type[VLIB_NODE_TYPE_INTERNAL],
			      nf->node_runtime_index);
  next_node = vlib_get_node (vm, next_rt->node_index);
  if (n_after > 0 && next_node->validate_frame)
    {
      u8 *msg = next_node->validate_frame (vm, rt, f);
      if (msg)
	{
	  clib_warning ("%v", msg);
	  ASSERT (0);
	}
      vec_free (msg);
    }
}

void
vlib_put_next_frame (vlib_main_t * vm,
		     vlib_node_runtime_t * r,
		     u32 next_index, u32 n_vectors_left)
{
  vlib_node_main_t *nm = &vm->node_main;
  vlib_next_frame_t *nf;
  vlib_frame_t *f;
  u32 n_vectors_in_frame;

  if (CLIB_DEBUG > 0)
    vlib_put_next_frame_validate (vm, r, next_index, n_vectors_left);

  nf = vlib_node_runtime_get_next_frame (vm, r, next_index);
  f = vlib_get_frame (vm, nf->frame);

  /* Make sure that magic number is still there.  Otherwise, caller
     has overrun frame meta data. */
  if (CLIB_DEBUG > 0)
    {
      vlib_node_t *node = vlib_get_node (vm, r->node_index);
      validate_frame_magic (vm, f, node, next_index);
    }

  /* Convert # of vectors left -> number of vectors there. */
  ASSERT (n_vectors_left <= VLIB_FRAME_SIZE);
  n_vectors_in_frame = VLIB_FRAME_SIZE - n_vectors_left;

  f->n_vectors = n_vectors_in_frame;

  /* If vectors were added to frame, add to pending vector. */
  if (PREDICT_TRUE (n_vectors_in_frame > 0))
    {
      vlib_pending_frame_t *p;
      u32 v0, v1;

      r->cached_next_index = next_index;

      if (!(f->frame_flags & VLIB_FRAME_PENDING))
	{
	  __attribute__ ((unused)) vlib_node_t *node;
	  vlib_node_t *next_node;
	  vlib_node_runtime_t *next_runtime;

	  node = vlib_get_node (vm, r->node_index);
	  next_node = vlib_get_next_node (vm, r->node_index, next_index);
	  next_runtime = vlib_node_get_runtime (vm, next_node->index);

	  vec_add2 (nm->pending_frames, p, 1);

	  p->frame = nf->frame;
	  p->node_runtime_index = nf->node_runtime_index;
	  p->next_frame_index = nf - nm->next_frames;
	  nf->flags |= VLIB_FRAME_PENDING;
	  f->frame_flags |= VLIB_FRAME_PENDING;

	  /*
	   * If we're going to dispatch this frame on another thread,
	   * force allocation of a new frame. Otherwise, we create
	   * a dangling frame reference. Each thread has its own copy of
	   * the next_frames vector.
	   */
	  if (0 && r->thread_index != next_runtime->thread_index)
	    {
	      nf->frame = NULL;
	      nf->flags &= ~(VLIB_FRAME_PENDING | VLIB_FRAME_IS_ALLOCATED);
	    }
	}

      /* Copy trace flag from next_frame and from runtime. */
      nf->flags |=
	(nf->flags & VLIB_NODE_FLAG_TRACE) | (r->
					      flags & VLIB_NODE_FLAG_TRACE);

      v0 = nf->vectors_since_last_overflow;
      v1 = v0 + n_vectors_in_frame;
      nf->vectors_since_last_overflow = v1;
      if (PREDICT_FALSE (v1 < v0))
	{
	  vlib_node_t *node = vlib_get_node (vm, r->node_index);
	  vec_elt (node->n_vectors_by_next_node, next_index) += v0;
	}
    }
}

/* Sync up runtime (32 bit counters) and main node stats (64 bit counters). */
void
vlib_node_runtime_sync_stats_node (vlib_node_t *n, vlib_node_runtime_t *r,
				   uword n_calls, uword n_vectors,
				   uword n_clocks)
{
  n->stats_total.calls += n_calls + r->calls_since_last_overflow;
  n->stats_total.vectors += n_vectors + r->vectors_since_last_overflow;
  n->stats_total.clocks += n_clocks + r->clocks_since_last_overflow;
  n->stats_total.max_clock = r->max_clock;
  n->stats_total.max_clock_n = r->max_clock_n;

  r->calls_since_last_overflow = 0;
  r->vectors_since_last_overflow = 0;
  r->clocks_since_last_overflow = 0;
}

void
vlib_node_runtime_sync_stats (vlib_main_t *vm, vlib_node_runtime_t *r,
			      uword n_calls, uword n_vectors, uword n_clocks)
{
  vlib_node_t *n = vlib_get_node (vm, r->node_index);
  vlib_node_runtime_sync_stats_node (n, r, n_calls, n_vectors, n_clocks);
}

always_inline void __attribute__ ((unused))
vlib_process_sync_stats (vlib_main_t * vm,
			 vlib_process_t * p,
			 uword n_calls, uword n_vectors, uword n_clocks)
{
  vlib_node_runtime_t *rt = &p->node_runtime;
  vlib_node_t *n = vlib_get_node (vm, rt->node_index);
  vlib_node_runtime_sync_stats (vm, rt, n_calls, n_vectors, n_clocks);
  n->stats_total.suspends += p->n_suspends;
  p->n_suspends = 0;
}

void
vlib_node_sync_stats (vlib_main_t * vm, vlib_node_t * n)
{
  vlib_node_runtime_t *rt;

  if (n->type == VLIB_NODE_TYPE_PROCESS)
    {
      /* Nothing to do for PROCESS nodes except in main thread */
      if (vm != vlib_get_first_main ())
	return;

      vlib_process_t *p = vlib_get_process_from_node (vm, n);
      n->stats_total.suspends += p->n_suspends;
      p->n_suspends = 0;
      rt = &p->node_runtime;
    }
  else
    rt =
      vec_elt_at_index (vm->node_main.nodes_by_type[n->type],
			n->runtime_index);

  vlib_node_runtime_sync_stats (vm, rt, 0, 0, 0);

  /* Sync up runtime next frame vector counters with main node structure. */
  {
    vlib_next_frame_t *nf;
    uword i;
    for (i = 0; i < rt->n_next_nodes; i++)
      {
	nf = vlib_node_runtime_get_next_frame (vm, rt, i);
	vec_elt (n->n_vectors_by_next_node, i) +=
	  nf->vectors_since_last_overflow;
	nf->vectors_since_last_overflow = 0;
      }
  }
}

always_inline u32
vlib_node_runtime_update_stats (vlib_main_t * vm,
				vlib_node_runtime_t * node,
				uword n_calls,
				uword n_vectors, uword n_clocks)
{
  u32 ca0, ca1, v0, v1, cl0, cl1, r;

  cl0 = cl1 = node->clocks_since_last_overflow;
  ca0 = ca1 = node->calls_since_last_overflow;
  v0 = v1 = node->vectors_since_last_overflow;

  ca1 = ca0 + n_calls;
  v1 = v0 + n_vectors;
  cl1 = cl0 + n_clocks;

  node->calls_since_last_overflow = ca1;
  node->clocks_since_last_overflow = cl1;
  node->vectors_since_last_overflow = v1;

  node->max_clock_n = node->max_clock > n_clocks ?
    node->max_clock_n : n_vectors;
  node->max_clock = node->max_clock > n_clocks ? node->max_clock : n_clocks;

  r = vlib_node_runtime_update_main_loop_vector_stats (vm, node, n_vectors);

  if (PREDICT_FALSE (ca1 < ca0 || v1 < v0 || cl1 < cl0))
    {
      node->calls_since_last_overflow = ca0;
      node->clocks_since_last_overflow = cl0;
      node->vectors_since_last_overflow = v0;

      vlib_node_runtime_sync_stats (vm, node, n_calls, n_vectors, n_clocks);
    }

  return r;
}

always_inline void
vlib_process_update_stats (vlib_main_t * vm,
			   vlib_process_t * p,
			   uword n_calls, uword n_vectors, uword n_clocks)
{
  vlib_node_runtime_update_stats (vm, &p->node_runtime,
				  n_calls, n_vectors, n_clocks);
}

static clib_error_t *
vlib_cli_elog_clear (vlib_main_t * vm,
		     unformat_input_t * input, vlib_cli_command_t * cmd)
{
  elog_reset_buffer (&vlib_global_main.elog_main);
  return 0;
}

/* *INDENT-OFF* */
VLIB_CLI_COMMAND (elog_clear_cli, static) = {
  .path = "event-logger clear",
  .short_help = "Clear the event log",
  .function = vlib_cli_elog_clear,
};
/* *INDENT-ON* */

#ifdef CLIB_UNIX
static clib_error_t *
elog_save_buffer (vlib_main_t * vm,
		  unformat_input_t * input, vlib_cli_command_t * cmd)
{
  elog_main_t *em = &vlib_global_main.elog_main;
  char *file, *chroot_file;
  clib_error_t *error = 0;

  if (!unformat (input, "%s", &file))
    {
      vlib_cli_output (vm, "expected file name, got `%U'",
		       format_unformat_error, input);
      return 0;
    }

  /* It's fairly hard to get "../oopsie" through unformat; just in case */
  if (strstr (file, "..") || index (file, '/'))
    {
      vlib_cli_output (vm, "illegal characters in filename '%s'", file);
      return 0;
    }

  chroot_file = (char *) format (0, "/tmp/%s%c", file, 0);

  vec_free (file);

  vlib_cli_output (vm, "Saving %wd of %wd events to %s",
		   elog_n_events_in_buffer (em),
		   elog_buffer_capacity (em), chroot_file);

  vlib_worker_thread_barrier_sync (vm);
  error = elog_write_file (em, chroot_file, 1 /* flush ring */ );
  vlib_worker_thread_barrier_release (vm);
  vec_free (chroot_file);
  return error;
}

void
vlib_post_mortem_dump (void)
{
  vlib_global_main_t *vgm = vlib_get_global_main ();

  for (int i = 0; i < vec_len (vgm->post_mortem_callbacks); i++)
    (vgm->post_mortem_callbacks[i]) ();
}

/* *INDENT-OFF* */
VLIB_CLI_COMMAND (elog_save_cli, static) = {
  .path = "event-logger save",
  .short_help = "event-logger save <filename> (<style>
@media only all and (prefers-color-scheme: dark) {
.highlight .hll { background-color: #49483e }
.highlight .c { color: #75715e } /* Comment */
.highlight .err { color: #960050; background-color: #1e0010 } /* Error */
.highlight .k { color: #66d9ef } /* Keyword */
.highlight .l { color: #ae81ff } /* Literal */
.highlight .n { color: #f8f8f2 } /* Name */
.highlight .o { color: #f92672 } /* Operator */
.highlight .p { color: #f8f8f2 } /* Punctuation */
.highlight .ch { color: #75715e } /* Comment.Hashbang */
.highlight .cm { color: #75715e } /* Comment.Multiline */
.highlight .cp { color: #75715e } /* Comment.Preproc */
.highlight .cpf { color: #75715e } /* Comment.PreprocFile */
.highlight .c1 { color: #75715e } /* Comment.Single */
.highlight .cs { color: #75715e } /* Comment.Special */
.highlight .gd { color: #f92672 } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gi { color: #a6e22e } /* Generic.Inserted */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #75715e } /* Generic.Subheading */
.highlight .kc { color: #66d9ef } /* Keyword.Constant */
.highlight .kd { color: #66d9ef } /* Keyword.Declaration */
.highlight .kn { color: #f92672 } /* Keyword.Namespace */
.highlight .kp { color: #66d9ef } /* Keyword.Pseudo */
.highlight .kr { color: #66d9ef } /* Keyword.Reserved */
.highlight .kt { color: #66d9ef } /* Keyword.Type */
.highlight .ld { color: #e6db74 } /* Literal.Date */
.highlight .m { color: #ae81ff } /* Literal.Number */
.highlight .s { color: #e6db74 } /* Literal.String */
.highlight .na { color: #a6e22e } /* Name.Attribute */
.highlight .nb { color: #f8f8f2 } /* Name.Builtin */
.highlight .nc { color: #a6e22e } /* Name.Class */
.highlight .no { color: #66d9ef } /* Name.Constant */
.highlight .nd { color: #a6e22e } /* Name.Decorator */
.highlight .ni { color: #f8f8f2 } /* Name.Entity */
.highlight .ne { color: #a6e22e } /* Name.Exception */
.highlight .nf { color: #a6e22e } /* Name.Function */
.highlight .nl { color: #f8f8f2 } /* Name.Label */
.highlight .nn { color: #f8f8f2 } /* Name.Namespace */
.highlight .nx { color: #a6e22e } /* Name.Other */
.highlight .py { color: #f8f8f2 } /* Name.Property */
.highlight .nt { color: #f92672 } /* Name.Tag */
.highlight .nv { color: #f8f8f2 } /* Name.Variable */
.highlight .ow { color: #f92672 } /* Operator.Word */
.highlight .w { color: #f8f8f2 } /* Text.Whitespace */
.highlight .mb { color: #ae81ff } /* Literal.Number.Bin */
.highlight .mf { color: #ae81ff } /* Literal.Number.Float */
.highlight .mh { color: #ae81ff } /* Literal.Number.Hex */
.highlight .mi { color: #ae81ff } /* Literal.Number.Integer */
.highlight .mo { color: #ae81ff } /* Literal.Number.Oct */
.highlight .sa { color: #e6db74 } /* Literal.String.Affix */
.highlight .sb { color: #e6db74 } /* Literal.String.Backtick */
.highlight .sc { color: #e6db74 } /* Literal.String.Char */
.highlight .dl { color: #e6db74 } /* Literal.String.Delimiter */
.highlight .sd { color: #e6db74 } /* Literal.String.Doc */
.highlight .s2 { color: #e6db74 } /* Literal.String.Double */
.highlight .se { color: #ae81ff } /* Literal.String.Escape */
.highlight .sh { color: #e6db74 } /* Literal.String.Heredoc */
.highlight .si { color: #e6db74 } /* Literal.String.Interpol */
.highlight .sx { color: #e6db74 } /* Literal.String.Other */
.highlight .sr { color: #e6db74 } /* Literal.String.Regex */
.highlight .s1 { color: #e6db74 } /* Literal.String.Single */
.highlight .ss { color: #e6db74 } /* Literal.String.Symbol */
.highlight .bp { color: #f8f8f2 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #a6e22e } /* Name.Function.Magic */
.highlight .vc { color: #f8f8f2 } /* Name.Variable.Class */
.highlight .vg { color: #f8f8f2 } /* Name.Variable.Global */
.highlight .vi { color: #f8f8f2 } /* Name.Variable.Instance */
.highlight .vm { color: #f8f8f2 } /* Name.Variable.Magic */
.highlight .il { color: #ae81ff } /* Literal.Number.Integer.Long */
}
@media (prefers-color-scheme: light) {
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
}
</style><div class="highlight"><pre><span></span><span class="cm">/*</span>
<span class="cm"> * ipsec_itf.c: IPSec dedicated interface type</span>
<span class="cm"> *</span>
<span class="cm"> * Copyright (c) 2020 Cisco and/or its affiliates.</span>
<span class="cm"> * Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);</span>
<span class="cm"> * you may not use this file except in compliance with the License.</span>
<span class="cm"> * You may obtain a copy of the License at:</span>
<span class="cm"> *</span>
<span class="cm"> *     http://www.apache.org/licenses/LICENSE-2.0</span>
<span class="cm"> *</span>
<span class="cm"> * Unless required by applicable law or agreed to in writing, software</span>
<span class="cm"> * distributed under the License is distributed on an &quot;AS IS&quot; BASIS,</span>
<span class="cm"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
<span class="cm"> * See the License for the specific language governing permissions and</span>
<span class="cm"> * limitations under the License.</span>
<span class="cm"> */</span>

<span class="cp">#include</span> <span class="cpf">&lt;vnet/ip/ip.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;vnet/ipsec/ipsec_itf.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;vnet/ipsec/ipsec_tun.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;vnet/ipsec/ipsec.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;vnet/adj/adj_midchain.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;vnet/ethernet/mac_address.h&gt;</span><span class="cp"></span>

<span class="cm">/* bitmap of Allocated IPSEC_ITF instances */</span>
<span class="k">static</span> <span class="n">uword</span> <span class="o">*</span><span class="n">ipsec_itf_instances</span><span class="p">;</span>

<span class="cm">/* pool of interfaces */</span>
<span class="k">static</span> <span class="n">ipsec_itf_t</span> <span class="o">*</span><span class="n">ipsec_itf_pool</span><span class="p">;</span>

<span class="k">static</span> <span class="n">u32</span> <span class="o">*</span><span class="n">ipsec_itf_index_by_sw_if_index</span><span class="p">;</span>

<span class="n">ipsec_itf_t</span> <span class="o">*</span>
<span class="nf">ipsec_itf_get</span> <span class="p">(</span><span class="n">index_t</span> <span class="n">ii</span><span class="p">)</span>
<span class="p">{</span>
  <span class="k">return</span> <span class="p">(</span><span class="n">pool_elt_at_index</span> <span class="p">(</span><span class="n">ipsec_itf_pool</span><span class="p">,</span> <span class="n">ii</span><span class="p">));</span>
<span class="p">}</span>

<span class="k">static</span> <span class="n">ipsec_itf_t</span> <span class="o">*</span>
<span class="nf">ipsec_itf_find_by_sw_if_index</span> <span class="p">(</span><span class="n">u32</span> <span class="n">sw_if_index</span><span class="p">)</span>
<span class="p">{</span>
  <span class="k">if</span> <span class="p">(</span><span class="n">vec_len</span> <span class="p">(</span><span class="n">ipsec_itf_index_by_sw_if_index</span><span class="p">)</span> <span class="o">&lt;=</span> <span class="n">sw_if_index</span><span class="p">)</span>
    <span class="k">return</span> <span class="nb">NULL</span><span class="p">;</span>
  <span class="n">u32</span> <span class="n">ti</span> <span class="o">=</span> <span class="n">ipsec_itf_index_by_sw_if_index</span><span class="p">[</span><span class="n">sw_if_index</span><span class="p">];</span>
  <span class="k">if</span> <span class="p">(</span><span class="n">ti</span> <span class="o">==</span> <span class="o">~</span><span class="mi">0</span><span class="p">)</span>
    <span class="k">return</span> <span class="nb">NULL</span><span class="p">;</span>
  <span class="k">return</span> <span class="n">pool_elt_at_index</span> <span class="p">(</span><span class="n">ipsec_itf_pool</span><span class="p">,</span> <span class="n">ti</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span> <span class="n">u8</span> <span class="o">*</span>
<span class="nf">format_ipsec_itf_name</span> <span class="p">(</span><span class="n">u8</span> <span class="o">*</span> <span class="n">s</span><span class="p">,</span> <span class="kt">va_list</span> <span class="o">*</span> <span class="n">args</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">u32</span> <span class="n">dev_instance</span> <span class="o">=</span> <span class="n">va_arg</span> <span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="n">u32</span><span class="p">);</span>
  <span class="k">return</span> <span class="n">format</span> <span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="s">&quot;ipsec%d&quot;</span><span class="p">,</span> <span class="n">dev_instance</span><span class="p">);</span>
<span class="p">}</span>

<span class="kt">void</span>
<span class="nf">ipsec_itf_adj_unstack</span> <span class="p">(</span><span class="n">adj_index_t</span> <span class="n">ai</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">adj_midchain_delegate_unstack</span> <span class="p">(</span><span class="n">ai</span><span class="p">);</span>
<span class="p">}</span>

<span class="kt">void</span>
<span class="nf">ipsec_itf_adj_stack</span> <span class="p">(</span><span class="n">adj_index_t</span> <span class="n">ai</span><span class="p">,</span> <span class="n">u32</span> <span class="n">sai</span><span class="p">)</span>
<span class="p">{</span>
  <span class="k">const</span> <span class="n">vnet_hw_interface_t</span> <span class="o">*</span><span class="n">hw</span><span class="p">;</span>

  <span class="n">hw</span> <span class="o">=</span> <span class="n">vnet_get_sup_hw_interface</span> <span class="p">(</span><span class="n">vnet_get_main</span> <span class="p">(),</span> <span class="n">adj_get_sw_if_index</span> <span class="p">(</span><span class="n">ai</span><span class="p">));</span>

  <span class="k">if</span> <span class="p">(</span><span class="n">hw</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">VNET_HW_INTERFACE_FLAG_LINK_UP</span><span class="p">)</span>
    <span class="p">{</span>
      <span class="k">const</span> <span class="n">ipsec_sa_t</span> <span class="o">*</span><span class="n">sa</span><span class="p">;</span>
      <span class="n">fib_prefix_t</span> <span class="n">dst</span><span class="p">;</span>

      <span class="n">sa</span> <span class="o">=</span> <span class="n">ipsec_sa_get</span> <span class="p">(</span><span class="n">sai</span><span class="p">);</span>
      <span class="n">ip_address_to_fib_prefix</span> <span class="p">(</span><span class="o">&amp;</span><span class="n">sa</span><span class="o">-&gt;</span><span class="n">tunnel</span><span class="p">.</span><span class="n">t_dst</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">dst</span><span class="p">);</span>
      <span class="n">adj_midchain_delegate_stack</span> <span class="p">(</span><span class="n">ai</span><span class="p">,</span> <span class="n">sa</span><span class="o">-&gt;</span><span class="n">tunnel</span><span class="p">.</span><span class="n">t_fib_index</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">dst</span><span class="p">);</span>
    <span class="p">}</span>
  <span class="k">else</span>
    <span class="n">adj_midchain_delegate_unstack</span> <span class="p">(</span><span class="n">ai</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span> <span class="n">adj_walk_rc_t</span>
<span class="nf">ipsec_itf_adj_stack_cb</span> <span class="p">(</span><span class="n">adj_index_t</span> <span class="n">ai</span><span class="p">,</span> <span class="kt">void</span> <span class="o">*</span><span class="n">arg</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">ipsec_tun_protect_t</span> <span class="o">*</span><span class="n">itp</span> <span class="o">=</span> <span class="n">arg</span><span class="p">;</span>

  <span class="n">ipsec_itf_adj_stack</span> <span class="p">(</span><span class="n">ai</span><span class="p">,</span> <span class="n">itp</span><span class="o">-&gt;</span><span class="n">itp_out_sa</span><span class="p">);</span>

  <span class="k">return</span> <span class="p">(</span><span class="n">ADJ_WALK_RC_CONTINUE</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span> <span class="kt">void</span>
<span class="nf">ipsec_itf_restack</span> <span class="p">(</span><span class="n">index_t</span> <span class="n">itpi</span><span class="p">,</span> <span class="k">const</span> <span class="n">ipsec_itf_t</span> <span class="o">*</span> <span class="n">itf</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">ipsec_tun_protect_t</span> <span class="o">*</span><span class="n">itp</span><span class="p">;</span>
  <span class="n">fib_protocol_t</span> <span class="n">proto</span><span class="p">;</span>

  <span class="n">itp</span> <span class="o">=</span> <span class="n">ipsec_tun_protect_get</span> <span class="p">(</span><span class="n">itpi</span><span class="p">);</span>

  <span class="cm">/*</span>
<span class="cm">   * walk all the adjacencies on the interface and restack them</span>
<span class="cm">   */</span>
  <span class="n">FOR_EACH_FIB_IP_PROTOCOL</span> <span class="p">(</span><span class="n">proto</span><span class="p">)</span>
  <span class="p">{</span>
    <span class="n">adj_nbr_walk</span> <span class="p">(</span><span class="n">itf</span><span class="o">-&gt;</span><span class="n">ii_sw_if_index</span><span class="p">,</span> <span class="n">proto</span><span class="p">,</span> <span class="n">ipsec_itf_adj_stack_cb</span><span class="p">,</span> <span class="n">itp</span><span class="p">);</span>
  <span class="p">}</span>
<span class="p">}</span>

<span class="k">static</span> <span class="n">walk_rc_t</span>
<span class="nf">ipsec_tun_protect_walk_state_change</span> <span class="p">(</span><span class="n">index_t</span> <span class="n">itpi</span><span class="p">,</span> <span class="kt">void</span> <span class="o">*</span><span class="n">arg</span><span class="p">)</span>
<span class="p">{</span>
  <span class="k">const</span> <span class="n">ipsec_itf_t</span> <span class="o">*</span><span class="n">itf</span> <span class="o">=</span> <span class="n">arg</span><span class="p">;</span>

  <span class="n">ipsec_itf_restack</span> <span class="p">(</span><span class="n">itpi</span><span class="p">,</span> <span class="n">itf</span><span class="p">);</span>

  <span class="k">return</span> <span class="p">(</span><span class="n">WALK_CONTINUE</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span> <span class="n">clib_error_t</span> <span class="o">*</span>
<span class="nf">ipsec_itf_admin_up_down</span> <span class="p">(</span><span class="n">vnet_main_t</span> <span class="o">*</span> <span class="n">vnm</span><span class="p">,</span> <span class="n">u32</span> <span class="n">hw_if_index</span><span class="p">,</span> <span class="n">u32</span> <span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">vnet_hw_interface_t</span> <span class="o">*</span><span class="n">hi</span><span class="p">;</span>
  <span class="n">ipsec_itf_t</span> <span class="o">*</span><span class="n">itf</span><span class="p">;</span>
  <span class="n">u32</span> <span class="n">hw_flags</span><span class="p">;</span>

  <span class="n">hi</span> <span class="o">=</span> <span class="n">vnet_get_hw_interface</span> <span class="p">(</span><span class="n">vnm</span><span class="p">,</span> <span class="n">hw_if_index</span><span class="p">);</span>
  <span class="n">hw_flags</span> <span class="o">=</span> <span class="p">(</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">VNET_SW_INTERFACE_FLAG_ADMIN_UP</span> <span class="o">?</span>
	      <span class="nl">VNET_HW_INTERFACE_FLAG_LINK_UP</span> <span class="p">:</span> <span class="mi">0</span><span class="p">);</span>
  <span class="n">vnet_hw_interface_set_flags</span> <span class="p">(</span><span class="n">vnm</span><span class="p">,</span> <span class="n">hw_if_index</span><span class="p">,</span> <span class="n">hw_flags</span><span class="p">);</span>

  <span class="n">itf</span> <span class="o">=</span> <span class="n">ipsec_itf_find_by_sw_if_index</span> <span class="p">(</span><span class="n">hi</span><span class="o">-&gt;</span><span class="n">sw_if_index</span><span class="p">);</span>

  <span class="k">if</span> <span class="p">(</span><span class="n">itf</span><span class="p">)</span>
    <span class="n">ipsec_tun_protect_walk_itf</span> <span class="p">(</span><span class="n">itf</span><span class="o">-&gt;</span><span class="n">ii_sw_if_index</span><span class="p">,</span>
				<span class="n">ipsec_tun_protect_walk_state_change</span><span class="p">,</span> <span class="n">itf</span><span class="p">);</span>

  <span class="k">return</span> <span class="p">(</span><span class="nb">NULL</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span> <span class="kt">int</span>
<span class="nf">ipsec_itf_tunnel_desc</span> <span class="p">(</span><span class="n">u32</span> <span class="n">sw_if_index</span><span class="p">,</span>
		       <span class="n">ip46_address_t</span> <span class="o">*</span> <span class="n">src</span><span class="p">,</span> <span class="n">ip46_address_t</span> <span class="o">*</span> <span class="n">dst</span><span class="p">,</span> <span class="n">u8</span> <span class="o">*</span> <span class="n">is_l2</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">ip46_address_reset</span> <span class="p">(</span><span class="n">src</span><span class="p">);</span>
  <span class="n">ip46_address_reset</span> <span class="p">(</span><span class="n">dst</span><span class="p">);</span>
  <span class="o">*</span><span class="n">is_l2</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>

  <span class="k">return</span> <span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span> <span class="n">u8</span> <span class="o">*</span>
<span class="nf">ipsec_itf_build_rewrite</span> <span class="p">(</span><span class="kt">void</span><span class="p">)</span>
<span class="p">{</span>
  <span class="cm">/*</span>
<span class="cm">   * passing the adj code a NULL rewrite means &#39;i don&#39;t have one cos</span>
<span class="cm">   * t&#39;other end is unresolved&#39;. That&#39;s not the case here. For the ipsec</span>
<span class="cm">   * tunnel there are just no bytes of encap to apply in the adj.</span>
<span class="cm">   * So return a zero length rewrite. Encap will be added by a tunnel mode SA.</span>
<span class="cm">   */</span>
  <span class="n">u8</span> <span class="o">*</span><span class="n">rewrite</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span>

  <span class="n">vec_validate</span> <span class="p">(</span><span class="n">rewrite</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
  <span class="n">vec_reset_length</span> <span class="p">(</span><span class="n">rewrite</span><span class="p">);</span>

  <span class="k">return</span> <span class="p">(</span><span class="n">rewrite</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span> <span class="n">u8</span> <span class="o">*</span>
<span class="nf">ipsec_itf_build_rewrite_i</span> <span class="p">(</span><span class="n">vnet_main_t</span> <span class="o">*</span> <span class="n">vnm</span><span class="p">,</span>
			   <span class="n">u32</span> <span class="n">sw_if_index</span><span class="p">,</span>
			   <span class="n">vnet_link_t</span> <span class="n">link_type</span><span class="p">,</span> <span class="k">const</span> <span class="kt">void</span> <span class="o">*</span><span class="n">dst_address</span><span class="p">)</span>
<span class="p">{</span>
  <span class="k">return</span> <span class="p">(</span><span class="n">ipsec_itf_build_rewrite</span> <span class="p">());</span>
<span class="p">}</span>

<span class="kt">void</span>
<span class="nf">ipsec_itf_update_adj</span> <span class="p">(</span><span class="n">vnet_main_t</span> <span class="o">*</span> <span class="n">vnm</span><span class="p">,</span> <span class="n">u32</span> <span class="n">sw_if_index</span><span class="p">,</span> <span class="n">adj_index_t</span> <span class="n">ai</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">adj_nbr_midchain_update_rewrite</span>
    <span class="p">(</span><span class="n">ai</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="n">ADJ_FLAG_MIDCHAIN_IP_STACK</span><span class="p">,</span> <span class="n">ipsec_itf_build_rewrite</span> <span class="p">());</span>
<span class="p">}</span>

<span class="cm">/* *INDENT-OFF* */</span>
<span class="n">VNET_DEVICE_CLASS</span> <span class="p">(</span><span class="n">ipsec_itf_device_class</span><span class="p">)</span> <span class="o">=</span> <span class="p">{</span>
  <span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="s">&quot;IPSEC Tunnel&quot;</span><span class="p">,</span>
  <span class="p">.</span><span class="n">format_device_name</span> <span class="o">=</span> <span class="n">format_ipsec_itf_name</span><span class="p">,</span>
  <span class="p">.</span><span class="n">admin_up_down_function</span> <span class="o">=</span> <span class="n">ipsec_itf_admin_up_down</span><span class="p">,</span>
  <span class="p">.</span><span class="n">ip_tun_desc</span> <span class="o">=</span> <span class="n">ipsec_itf_tunnel_desc</span><span class="p">,</span>
<span class="p">};</span>

<span class="n">VNET_HW_INTERFACE_CLASS</span><span class="p">(</span><span class="n">ipsec_hw_interface_class</span><span class="p">)</span> <span class="o">=</span> <span class="p">{</span>
  <span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="s">&quot;IPSec&quot;</span><span class="p">,</span>
  <span class="p">.</span><span class="n">build_rewrite</span> <span class="o">=</span> <span class="n">ipsec_itf_build_rewrite_i</span><span class="p">,</span>
  <span class="p">.</span><span class="n">update_adjacency</span> <span class="o">=</span> <span class="n">ipsec_itf_update_adj</span><span class="p">,</span>
  <span class="p">.</span><span class="n">flags</span> <span class="o">=</span> <span class="n">VNET_HW_INTERFACE_CLASS_FLAG_P2P</span><span class="p">,</span>
<span class="p">};</span>
<span class="n">VNET_HW_INTERFACE_CLASS</span><span class="p">(</span><span class="n">ipsec_p2mp_hw_interface_class</span><span class="p">)</span> <span class="o">=</span> <span class="p">{</span>
  <span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="s">&quot;IPSec&quot;</span><span class="p">,</span>
  <span class="p">.</span><span class="n">build_rewrite</span> <span class="o">=</span> <span class="n">ipsec_itf_build_rewrite_i</span><span class="p">,</span>
  <span class="p">.</span><span class="n">update_adjacency</span> <span class="o">=</span> <span class="n">ipsec_itf_update_adj</span><span class="p">,</span>
  <span class="p">.</span><span class="n">flags</span> <span class="o">=</span> <span class="n">VNET_HW_INTERFACE_CLASS_FLAG_NBMA</span><span class="p">,</span>
<span class="p">};</span>
<span class="cm">/* *INDENT-ON* */</span>

<span class="cm">/*</span>
<span class="cm"> * Maintain a bitmap of allocated ipsec_itf instance numbers.</span>
<span class="cm"> */</span>
<span class="cp">#define IPSEC_ITF_MAX_INSTANCE		(16 * 1024)</span>

<span class="k">static</span> <span class="n">u32</span>
<span class="nf">ipsec_itf_instance_alloc</span> <span class="p">(</span><span class="n">u32</span> <span class="n">want</span><span class="p">)</span>
<span class="p">{</span>
  <span class="cm">/*</span>
<span class="cm">   * Check for dynamically allocated instance number.</span>
<span class="cm">   */</span>
  <span class="k">if</span> <span class="p">(</span><span class="o">~</span><span class="mi">0</span> <span class="o">==</span> <span class="n">want</span><span class="p">)</span>
    <span class="p">{</span>
      <span class="n">u32</span> <span class="n">bit</span><span class="p">;</span>

      <span class="n">bit</span> <span class="o">=</span> <span class="n">clib_bitmap_first_clear</span> <span class="p">(</span><span class="n">ipsec_itf_instances</span><span class="p">);</span>
      <span class="k">if</span> <span class="p">(</span><span class="n">bit</span> <span class="o">&gt;=</span> <span class="n">IPSEC_ITF_MAX_INSTANCE</span><span class="p">)</span>
	<span class="p">{</span>
	  <span class="k">return</span> <span class="o">~</span><span class="mi">0</span><span class="p">;</span>
	<span class="p">}</span>
      <span class="n">ipsec_itf_instances</span> <span class="o">=</span> <span class="n">clib_bitmap_set</span> <span class="p">(</span><span class="n">ipsec_itf_instances</span><span class="p">,</span> <span class="n">bit</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span>
      <span class="k">return</span> <span class="n">bit</span><span class="p">;</span>
    <span class="p">}</span>

  <span class="cm">/*</span>
<span class="cm">   * In range?</span>
<span class="cm">   */</span>
  <span class="k">if</span> <span class="p">(</span><span class="n">want</span> <span class="o">&gt;=</span> <span class="n">IPSEC_ITF_MAX_INSTANCE</span><span class="p">)</span>
    <span class="p">{</span>
      <span class="k">return</span> <span class="o">~</span><span class="mi">0</span><span class="p">;</span>
    <span class="p">}</span>

  <span class="cm">/*</span>
<span class="cm">   * Already in use?</span>
<span class="cm">   */</span>
  <span class="k">if</span> <span class="p">(</span><span class="n">clib_bitmap_get</span> <span class="p">(</span><span class="n">ipsec_itf_instances</span><span class="p">,</span> <span class="n">want</span><span class="p">))</span>
    <span class="p">{</span>
      <span class="k">return</span> <span class="o">~</span><span class="mi">0</span><span class="p">;</span>
    <span class="p">}</span>

  <span class="cm">/*</span>
<span class="cm">   * Grant allocation request.</span>
<span class="cm">   */</span>
  <span class="n">ipsec_itf_instances</span> <span class="o">=</span> <span class="n">clib_bitmap_set</span> <span class="p">(</span><span class="n">ipsec_itf_instances</span><span class="p">,</span> <span class="n">want</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span>

  <span class="k">return</span> <span class="n">want</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span> <span class="kt">int</span>
<span class="nf">ipsec_itf_instance_free</span> <span class="p">(</span><span class="n">u32</span> <span class="n">instance</span><span class="p">)</span>
<span class="p">{</span>
  <span class="k">if</span> <span class="p">(</span><span class="n">instance</span> <span class="o">&gt;=</span> <span class="n">IPSEC_ITF_MAX_INSTANCE</span><span class="p">)</span>
    <span class="p">{</span>
      <span class="k">return</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span>
    <span class="p">}</span>

  <span class="k">if</span> <span class="p">(</span><span class="n">clib_bitmap_get</span> <span class="p">(</span><span class="n">ipsec_itf_instances</span><span class="p">,</span> <span class="n">instance</span><span class="p">)</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span>
    <span class="p">{</span>
      <span class="k">return</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span>
    <span class="p">}</span>

  <span class="n">ipsec_itf_instances</span> <span class="o">=</span> <span class="n">clib_bitmap_set</span> <span class="p">(</span><span class="n">ipsec_itf_instances</span><span class="p">,</span> <span class="n">instance</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
  <span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>

<span class="kt">int</span>
<span class="nf">ipsec_itf_create</span> <span class="p">(</span><span class="n">u32</span> <span class="n">user_instance</span><span class="p">,</span> <span class="n">tunnel_mode_t</span> <span class="n">mode</span><span class="p">,</span> <span class="n">u32</span> <span class="o">*</span> <span class="n">sw_if_indexp</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">vnet_main_t</span> <span class="o">*</span><span class="n">vnm</span> <span class="o">=</span> <span class="n">vnet_get_main</span> <span class="p">();</span>
  <span class="n">u32</span> <span class="n">instance</span><span class="p">,</span> <span class="n">hw_if_index</span><span class="p">;</span>
  <span class="n">vnet_hw_interface_t</span> <span class="o">*</span><span class="n">hi</span><span class="p">;</span>
  <span class="n">ipsec_itf_t</span> <span class="o">*</span><span class="n">ipsec_itf</span><span class="p">;</span>

  <span class="n">ASSERT</span> <span class="p">(</span><span class="n">sw_if_indexp</span><span class="p">);</span>

  <span class="o">*</span><span class="n">sw_if_indexp</span> <span class="o">=</span> <span class="p">(</span><span class="n">u32</span><span class="p">)</span> <span class="o">~</span> <span class="mi">0</span><span class="p">;</span>

  <span class="cm">/*</span>
<span class="cm">   * Allocate a ipsec_itf instance.  Either select on dynamically</span>
<span class="cm">   * or try to use the desired user_instance number.</span>
<span class="cm">   */</span>
  <span class="n">instance</span> <span class="o">=</span> <span class="n">ipsec_itf_instance_alloc</span> <span class="p">(</span><span class="n">user_instance</span><span class="p">);</span>
  <span class="k">if</span> <span class="p">(</span><span class="n">instance</span> <span class="o">==</span> <span class="o">~</span><span class="mi">0</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">VNET_API_ERROR_INVALID_REGISTRATION</span><span class="p">;</span>

  <span class="n">pool_get</span> <span class="p">(</span><span class="n">ipsec_itf_pool</span><span class="p">,</span> <span class="n">ipsec_itf</span><span class="p">);</span>

  <span class="cm">/* tunnel index (or instance) */</span>
  <span class="n">u32</span> <span class="n">t_idx</span> <span class="o">=</span> <span class="n">ipsec_itf</span> <span class="o">-</span> <span class="n">ipsec_itf_pool</span><span class="p">;</span>

  <span class="n">ipsec_itf</span><span class="o">-&gt;</span><span class="n">ii_mode</span> <span class="o">=</span> <span class="n">mode</span><span class="p">;</span>
  <span class="n">ipsec_itf</span><span class="o">-&gt;</span><span class="n">ii_user_instance</span> <span class="o">=</span> <span class="n">instance</span><span class="p">;</span>

  <span class="n">hw_if_index</span> <span class="o">=</span> <span class="n">vnet_register_interface</span> <span class="p">(</span><span class="n">vnm</span><span class="p">,</span>
					 <span class="n">ipsec_itf_device_class</span><span class="p">.</span><span class="n">index</span><span class="p">,</span>
					 <span class="n">ipsec_itf</span><span class="o">-&gt;</span><span class="n">ii_user_instance</span><span class="p">,</span>
					 <span class="p">(</span><span class="n">mode</span> <span class="o">==</span> <span class="n">TUNNEL_MODE_P2P</span> <span class="o">?</span>
					  <span class="n">ipsec_hw_interface_class</span><span class="p">.</span><span class="nl">index</span> <span class="p">:</span>
					  <span class="n">ipsec_p2mp_hw_interface_class</span><span class="p">.</span><span class="n">index</span><span class="p">),</span>
					 <span class="n">t_idx</span><s