summaryrefslogtreecommitdiffstats
path: root/VNFs/vACL
diff options
context:
space:
mode:
Diffstat (limited to 'VNFs/vACL')
-rw-r--r--VNFs/vACL/pipeline/pipeline_acl_be.c265
1 files changed, 109 insertions, 156 deletions
diff --git a/VNFs/vACL/pipeline/pipeline_acl_be.c b/VNFs/vACL/pipeline/pipeline_acl_be.c
index 039d6d59..b9386e61 100644
--- a/VNFs/vACL/pipeline/pipeline_acl_be.c
+++ b/VNFs/vACL/pipeline/pipeline_acl_be.c
@@ -144,6 +144,7 @@ static void *pipeline_acl_msg_req_dbg_handler(struct pipeline *p, void *msg);
static pipeline_msg_req_handler custom_handlers[] = {
[PIPELINE_ACL_MSG_REQ_DBG] = pipeline_acl_msg_req_dbg_handler,
};
+uint64_t arp_pkts_mask;
uint8_t ACL_DEBUG;
uint32_t local_get_nh_ipv4(uint32_t ip,
@@ -154,8 +155,8 @@ uint32_t local_get_nh_ipv4(uint32_t ip,
for (i = 0; i < p_acl->local_lib_arp_route_ent_cnt; i++) {
if (((p_acl->local_lib_arp_route_table[i].ip &
- p_acl->local_lib_arp_route_table[i].mask) ==
- (ip & p_acl->local_lib_arp_route_table[i].mask))) {
+ p_acl->local_lib_arp_route_table[i].mask) ==
+ (ip & p_acl->local_lib_arp_route_table[i].mask))) {
*port = p_acl->local_lib_arp_route_table[i].port;
*nhip = p_acl->local_lib_arp_route_table[i].nh;
@@ -175,8 +176,8 @@ static void do_local_nh_ipv4_cache(uint32_t dest_if, struct pipeline_acl *p_acl)
if (lib_arp_route_table[i].port == dest_if) {
struct lib_arp_route_table_entry *lentry =
- &p_acl->local_lib_arp_route_table
- [p_acl->local_lib_arp_route_ent_cnt];
+ &p_acl->local_lib_arp_route_table
+ [p_acl->local_lib_arp_route_ent_cnt];
lentry->ip = lib_arp_route_table[i].ip;
lentry->mask = lib_arp_route_table[i].mask;
@@ -463,6 +464,7 @@ pkt_work_acl_key(struct rte_pipeline *p,
uint64_t conntrack_mask = 0;
uint64_t connexist_mask = 0;
uint32_t dest_address = 0;
+ arp_pkts_mask = 0;
int dest_if = 0;
int status;
uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t);
@@ -918,103 +920,57 @@ pkt_work_acl_key(struct rte_pipeline *p,
nhip));
uint32_t packet_length = rte_pktmbuf_pkt_len(pkt);
*nhip = 0;
- if (is_phy_port_privte(phy_port)) {
- dest_address = rte_bswap32(*dst_addr);
- ret =
- local_get_nh_ipv4(dest_address, &dest_if,
- nhip, p_acl);
- if (!ret) {
- dest_if =
- get_prv_to_pub_port(&dest_address,
- IP_VERSION_4);
- do_local_nh_ipv4_cache(dest_if, p_acl);
+ struct arp_entry_data *ret_arp_data = NULL;
+ ret_arp_data = get_dest_mac_addr_port
+ (dest_address, &dest_if, (struct ether_addr *) eth_dest);
+ *port_out_id = p_acl->port_out_id[dest_if];
+ if (arp_cache_dest_mac_present(dest_if)) {
+ ether_addr_copy(get_link_hw_addr(dest_if), (struct ether_addr *)eth_src);
+ arp_data_ptr[dest_if]->n_last_update = time(NULL);
+
+ if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) {
+ printf("sending buffered packets\n");
+ arp_send_buffered_pkts(ret_arp_data,
+ (struct ether_addr *)eth_dest, *port_out_id);
+
}
- *port_out_id = p_acl->port_out_id[dest_if];
} else {
- dest_address = rte_bswap32(*dst_addr);
-
- ret = local_get_nh_ipv4(dest_address, &dest_if,
- nhip, p_acl);
- if (!ret) {
- dest_if =
- get_pub_to_prv_port(&dest_address,
- IP_VERSION_4);
- do_local_nh_ipv4_cache(dest_if, p_acl);
- };
- *port_out_id = p_acl->port_out_id[dest_if];
- }
- /* port = ACL_PRV_PORT_ID; */
+ if (unlikely(ret_arp_data == NULL)) {
- int ret_mac = 0;
+ printf("%s: NHIP Not Found, "
+ "outport_id: %d\n", __func__,
+ *port_out_id);
- ret_mac = get_dest_mac_addr_port
- (dest_address, &dest_if, &hw_addr);
- if (ret_mac == ARP_FOUND) {
- if (ACL_DEBUG) {
- printf("MAC found for ip 0x%x, "
- "port %d - %02x:%02x:%02x:%02x:%02x:%02x\n",
- dest_address, phy_port,
- hw_addr.addr_bytes[0],
- hw_addr.addr_bytes[1],
- hw_addr.addr_bytes[2],
- hw_addr.addr_bytes[3],
- hw_addr.addr_bytes[4],
- hw_addr.addr_bytes[5]);
- printf("Dest MAC before - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
+ /* Drop the pkt */
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n",
+ pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
}
- memcpy(eth_dest, &hw_addr,
- sizeof(struct ether_addr));
- if (ACL_DEBUG) {
- printf("PktP %p, dest_macP %p\n", pkt,
- eth_dest);
- printf("Dest MAC after - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
+ if (ret_arp_data->status == INCOMPLETE ||
+ ret_arp_data->status == PROBE) {
+ if (ret_arp_data->num_pkts >= NUM_DESC) {
+ /* Drop the pkt */
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n",
+ pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
+ } else {
+ arp_pkts_mask |= pkt_mask;
+ arp_queue_unresolved_packet(ret_arp_data, pkt);
+ continue;
+ }
}
- if (is_phy_port_privte(phy_port))
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- else
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- p_acl->counters->tpkts_processed++;
- p_acl->counters->bytes_processed +=
- packet_length;
}
- else {
- if (*nhip != 0) {
- if (ACL_DEBUG)
- printf("ACL requesting ARP for "
- "ip %x, port %d\n",
- dest_address, phy_port);
- if (ret_mac == ARP_NOT_FOUND)
- request_arp(dest_if, *nhip);
-
- /* request_arp(p_acl->links_map[phy_port], *nhip); */
- }
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf("ACL before drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
- }
- }
+ } /* end of if (hdr_chk == IPv4_HDR_VERSION) */
if (hdr_chk == IPv6_HDR_VERSION) {
@@ -1053,7 +1009,7 @@ pkt_work_acl_key(struct rte_pipeline *p,
uint8_t nhip[16];
nhip[0] =
- RTE_MBUF_METADATA_UINT8(pkt,
+ RTE_MBUF_METADATA_UINT8(pkt,
META_DATA_OFFSET +
offsetof(struct
mbuf_acl_meta_data,
@@ -1176,6 +1132,11 @@ pkt_work_acl_key(struct rte_pipeline *p,
rte_pipeline_ah_packet_drop(p, pkts_drop_mask);
keep_mask = pkts_mask;
+ if (arp_pkts_mask) {
+ keep_mask &= ~(arp_pkts_mask);
+ rte_pipeline_ah_packet_hijack(p, arp_pkts_mask);
+ }
+
/* don't bother measuring if traffic very low, might skew stats */
uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask);
@@ -1238,6 +1199,7 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p,
uint64_t conntrack_mask = 0;
uint64_t connexist_mask = 0;
uint32_t dest_address = 0;
+ arp_pkts_mask = 0;
int dest_if = 0;
int status;
uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t);
@@ -1711,76 +1673,56 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p,
*port_out_id = p_acl->port_out_id[dest_if];
}
/* port = ACL_PRV_PORT_ID; */
- int ret_mac = 0;
- ret_mac = get_dest_mac_addr_port
- (dest_address, &dest_if, &hw_addr);
+ struct arp_entry_data *ret_arp_data = NULL;
+ ret_arp_data = get_dest_mac_addr_port
+ (dest_address, &dest_if, (struct ether_addr *)eth_dest);
+ *port_out_id = p_acl->port_out_id[dest_if];
- if (ret_mac == ARP_FOUND) {
- if (ACL_DEBUG) {
- printf("MAC found for ip 0x%x, port "
- "%d - %02x:%02x:%02x:%02x:%02x:%02x\n",
- dest_address, phy_port,
- hw_addr.addr_bytes[0],
- hw_addr.addr_bytes[1],
- hw_addr.addr_bytes[2],
- hw_addr.addr_bytes[3],
- hw_addr.addr_bytes[4],
- hw_addr.addr_bytes[5]);
- printf("Dest MAC before - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
- }
+ if (arp_cache_dest_mac_present(dest_if)) {
+ ether_addr_copy(get_link_hw_addr(dest_if), (struct ether_addr *)eth_src);
+ arp_data_ptr[dest_if]->n_last_update = time(NULL);
+
+ if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) {
+ printf("sending buffered packets\n");
+ arp_send_buffered_pkts(ret_arp_data,
+ (struct ether_addr *)eth_dest, *port_out_id);
- memcpy(eth_dest, &hw_addr,
- sizeof(struct ether_addr));
- if (ACL_DEBUG) {
- printf("PktP %p, dest_macP %p\n", pkt,
- eth_dest);
- printf("Dest MAC after - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
}
- if (is_phy_port_privte(phy_port))
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- else
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- p_acl->counters->tpkts_processed++;
- p_acl->counters->bytes_processed +=
- packet_length;
- }
+ } else {
+ if (unlikely(ret_arp_data == NULL)) {
- else {
- if (*nhip != 0) {
- if (ACL_DEBUG)
- printf("ACL requesting ARP for "
- "ip %x, port %d\n",
- dest_address, phy_port);
- if (ret_mac == ARP_NOT_FOUND)
- request_arp(dest_if, *nhip);
+ printf("%s: NHIP Not Found, "
+ "outport_id: %d\n", __func__,
+ *port_out_id);
- /* request_arp(p_acl->links_map[phy_port], *nhip); */
+ /* Drop the pkt */
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n",
+ pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
}
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf
- ("ACL before drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
+
+ if (ret_arp_data->status == INCOMPLETE ||
+ ret_arp_data->status == PROBE) {
+ if (ret_arp_data->num_pkts >= NUM_DESC) {
+ /* Drop the pkt */
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
"%lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
+ pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
+ } else {
+ arp_pkts_mask |= pkt_mask;
+ arp_queue_unresolved_packet(ret_arp_data, pkt);
+ continue;
+ }
+ }
}
}
#if 0
@@ -1923,6 +1865,11 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p,
rte_pipeline_ah_packet_drop(p, pkts_drop_mask);
keep_mask = pkts_mask;
+ if (arp_pkts_mask) {
+ keep_mask &= ~(arp_pkts_mask);
+ rte_pipeline_ah_packet_hijack(p, arp_pkts_mask);
+ }
+
/* don't bother measuring if traffic very low, might skew stats */
uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask);
@@ -1934,7 +1881,7 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p,
}
if (ACL_DEBUG)
printf("Leaving pkt_work_acl_key pkts_mask = %p\n",
- (void *)pkts_mask);
+ (void *)pkts_mask);
return 0;
}
@@ -1983,6 +1930,7 @@ pkt_work_acl_ipv6_key(struct rte_pipeline *p,
uint64_t conntrack_mask = 0;
uint64_t connexist_mask = 0;
uint32_t dest_address = 0;
+ arp_pkts_mask = 0;
int dest_if = 0;
int status;
uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t);
@@ -2691,6 +2639,11 @@ pkt_work_acl_ipv6_key(struct rte_pipeline *p,
rte_pipeline_ah_packet_drop(p, pkts_drop_mask);
keep_mask = pkts_mask;
+ if (arp_pkts_mask) {
+ keep_mask &= ~(arp_pkts_mask);
+ rte_pipeline_ah_packet_hijack(p, arp_pkts_mask);
+ }
+
/* don't bother measuring if traffic very low, might skew stats */
uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask);