summaryrefslogtreecommitdiffstats
path: root/VNFs/vACL
diff options
context:
space:
mode:
Diffstat (limited to 'VNFs/vACL')
-rw-r--r--VNFs/vACL/init.c15
-rw-r--r--VNFs/vACL/pipeline/pipeline_acl_be.c779
-rw-r--r--VNFs/vACL/pipeline/pipeline_acl_be.h1
3 files changed, 216 insertions, 579 deletions
diff --git a/VNFs/vACL/init.c b/VNFs/vACL/init.c
index 6eb39bf3..71dd50e4 100644
--- a/VNFs/vACL/init.c
+++ b/VNFs/vACL/init.c
@@ -24,6 +24,7 @@
#include <rte_ip.h>
#include <rte_eal.h>
#include <rte_malloc.h>
+#include <rte_version.h>
#include "app.h"
#include "pipeline.h"
@@ -512,6 +513,8 @@ app_link_filter_sctp_del(struct app_link_params *l1, struct app_link_params *l2)
&filter);
}
+/* rte_eth_dev is removed in DPDK version 16.11 and onwards */
+#if RTE_VERSION < 0x100b0000
static int
app_link_is_virtual(struct app_link_params *p)
{
@@ -523,6 +526,7 @@ app_link_is_virtual(struct app_link_params *p)
return 0;
}
+#endif
void
app_link_up_internal(struct app_params *app, struct app_link_params *cp)
@@ -534,13 +538,14 @@ app_link_up_internal(struct app_params *app, struct app_link_params *cp)
if(app == NULL || cp == NULL)
printf("NULL Pointers");
+#if RTE_VERSION < 0x100b0000
if (app_link_is_virtual(cp)) {
cp->state = 1;
return;
}
-
+#endif
ifm_update_linkstatus(cp->pmd_id, IFM_ETH_LINK_UP);
-
+
/* Mark link as UP */
cp->state = 1;
@@ -555,11 +560,13 @@ app_link_down_internal(struct app_params *app, struct app_link_params *cp)
if(app == NULL || cp == NULL)
printf("NULL Pointers");
-
+
+#if RTE_VERSION < 0x100b0000
if (app_link_is_virtual(cp)) {
cp->state = 0;
return;
}
+#endif
ifm_update_linkstatus(cp->pmd_id, IFM_ETH_LINK_DOWN);
@@ -1292,11 +1299,13 @@ int app_init(struct app_params *app)
app_init_pipelines(app);
app_init_threads(app);
+ #ifdef L3_STACK_SUPPORT
l3fwd_init();
create_arp_table();
create_nd_table();
populate_lpm_routes();
print_interface_details();
+ #endif
return 0;
}
diff --git a/VNFs/vACL/pipeline/pipeline_acl_be.c b/VNFs/vACL/pipeline/pipeline_acl_be.c
index 039d6d59..c80d3067 100644
--- a/VNFs/vACL/pipeline/pipeline_acl_be.c
+++ b/VNFs/vACL/pipeline/pipeline_acl_be.c
@@ -144,6 +144,7 @@ static void *pipeline_acl_msg_req_dbg_handler(struct pipeline *p, void *msg);
static pipeline_msg_req_handler custom_handlers[] = {
[PIPELINE_ACL_MSG_REQ_DBG] = pipeline_acl_msg_req_dbg_handler,
};
+uint64_t arp_pkts_mask;
uint8_t ACL_DEBUG;
uint32_t local_get_nh_ipv4(uint32_t ip,
@@ -154,8 +155,8 @@ uint32_t local_get_nh_ipv4(uint32_t ip,
for (i = 0; i < p_acl->local_lib_arp_route_ent_cnt; i++) {
if (((p_acl->local_lib_arp_route_table[i].ip &
- p_acl->local_lib_arp_route_table[i].mask) ==
- (ip & p_acl->local_lib_arp_route_table[i].mask))) {
+ p_acl->local_lib_arp_route_table[i].mask) ==
+ (ip & p_acl->local_lib_arp_route_table[i].mask))) {
*port = p_acl->local_lib_arp_route_table[i].port;
*nhip = p_acl->local_lib_arp_route_table[i].nh;
@@ -165,30 +166,6 @@ uint32_t local_get_nh_ipv4(uint32_t ip,
return 0;
}
-static void do_local_nh_ipv4_cache(uint32_t dest_if, struct pipeline_acl *p_acl)
-{
-
- /* Search for the entry and do local copy */
- int i;
-
- for (i = 0; i < MAX_ARP_RT_ENTRY; i++) {
- if (lib_arp_route_table[i].port == dest_if) {
-
- struct lib_arp_route_table_entry *lentry =
- &p_acl->local_lib_arp_route_table
- [p_acl->local_lib_arp_route_ent_cnt];
-
- lentry->ip = lib_arp_route_table[i].ip;
- lentry->mask = lib_arp_route_table[i].mask;
- lentry->port = lib_arp_route_table[i].port;
- lentry->nh = lib_arp_route_table[i].nh;
-
- p_acl->local_lib_arp_route_ent_cnt++;
- break;
- }
- }
-}
-
static uint32_t local_get_nh_ipv6(uint8_t *ip,
uint32_t *port,
uint8_t nhip[], struct pipeline_acl *p_acl)
@@ -238,32 +215,6 @@ static uint32_t local_get_nh_ipv6(uint8_t *ip,
}
return 0;
}
-void do_local_nh_ipv6_cache(uint32_t dest_if, struct pipeline_acl *p_acl)
-{
- /* Search for the entry and do local copy */
- int i, l;
-
- for (i = 0; i < MAX_ND_RT_ENTRY; i++) {
-
- if (lib_nd_route_table[i].port == dest_if) {
-
- struct lib_nd_route_table_entry *lentry =
- &p_acl->local_lib_nd_route_table
- [p_acl->local_lib_nd_route_ent_cnt];
-
- for (l = 0; l < 16; l++) {
- lentry->ipv6[l] = lib_nd_route_table[i].ipv6[l];
- lentry->nhipv6[l] =
- lib_nd_route_table[i].nhipv6[l];
- }
- lentry->depth = lib_nd_route_table[i].depth;
- lentry->port = lib_nd_route_table[i].port;
-
- p_acl->local_lib_nd_route_ent_cnt++;
- break;
- } /* if */
- } /* for */
-}
static uint8_t check_arp_icmp(struct rte_mbuf *pkt,
uint64_t pkt_mask, struct pipeline_acl *p_acl)
@@ -463,6 +414,7 @@ pkt_work_acl_key(struct rte_pipeline *p,
uint64_t conntrack_mask = 0;
uint64_t connexist_mask = 0;
uint32_t dest_address = 0;
+ arp_pkts_mask = 0;
int dest_if = 0;
int status;
uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t);
@@ -918,103 +870,58 @@ pkt_work_acl_key(struct rte_pipeline *p,
nhip));
uint32_t packet_length = rte_pktmbuf_pkt_len(pkt);
*nhip = 0;
- if (is_phy_port_privte(phy_port)) {
- dest_address = rte_bswap32(*dst_addr);
- ret =
- local_get_nh_ipv4(dest_address, &dest_if,
- nhip, p_acl);
- if (!ret) {
- dest_if =
- get_prv_to_pub_port(&dest_address,
- IP_VERSION_4);
- do_local_nh_ipv4_cache(dest_if, p_acl);
+ struct arp_entry_data *ret_arp_data = NULL;
+ ret_arp_data = get_dest_mac_addr_port
+ (dest_address, &dest_if, (struct ether_addr *) eth_dest);
+ *port_out_id = p_acl->port_out_id[dest_if];
+ if (arp_cache_dest_mac_present(dest_if)) {
+ ether_addr_copy(get_link_hw_addr(dest_if),
+ (struct ether_addr *)eth_src);
+ update_nhip_access(dest_if);
+ if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) {
+ printf("sending buffered packets\n");
+ arp_send_buffered_pkts(ret_arp_data,
+ (struct ether_addr *)eth_dest, *port_out_id);
+
}
- *port_out_id = p_acl->port_out_id[dest_if];
} else {
- dest_address = rte_bswap32(*dst_addr);
-
- ret = local_get_nh_ipv4(dest_address, &dest_if,
- nhip, p_acl);
- if (!ret) {
- dest_if =
- get_pub_to_prv_port(&dest_address,
- IP_VERSION_4);
- do_local_nh_ipv4_cache(dest_if, p_acl);
- };
- *port_out_id = p_acl->port_out_id[dest_if];
- }
- /* port = ACL_PRV_PORT_ID; */
-
- int ret_mac = 0;
+ if (unlikely(ret_arp_data == NULL)) {
+ if (ACL_DEBUG)
+ printf("%s: NHIP Not Found, "
+ "outport_id: %d\n", __func__,
+ *port_out_id);
- ret_mac = get_dest_mac_addr_port
- (dest_address, &dest_if, &hw_addr);
- if (ret_mac == ARP_FOUND) {
- if (ACL_DEBUG) {
- printf("MAC found for ip 0x%x, "
- "port %d - %02x:%02x:%02x:%02x:%02x:%02x\n",
- dest_address, phy_port,
- hw_addr.addr_bytes[0],
- hw_addr.addr_bytes[1],
- hw_addr.addr_bytes[2],
- hw_addr.addr_bytes[3],
- hw_addr.addr_bytes[4],
- hw_addr.addr_bytes[5]);
- printf("Dest MAC before - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
+ /* Drop the pkt */
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n",
+ pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
}
- memcpy(eth_dest, &hw_addr,
- sizeof(struct ether_addr));
- if (ACL_DEBUG) {
- printf("PktP %p, dest_macP %p\n", pkt,
- eth_dest);
- printf("Dest MAC after - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
+ if (ret_arp_data->status == INCOMPLETE ||
+ ret_arp_data->status == PROBE) {
+ if (ret_arp_data->num_pkts >= NUM_DESC) {
+ /* Drop the pkt */
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n",
+ pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
+ } else {
+ arp_pkts_mask |= pkt_mask;
+ arp_queue_unresolved_packet(ret_arp_data,
+ pkt);
+ continue;
+ }
}
- if (is_phy_port_privte(phy_port))
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- else
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- p_acl->counters->tpkts_processed++;
- p_acl->counters->bytes_processed +=
- packet_length;
}
- else {
- if (*nhip != 0) {
- if (ACL_DEBUG)
- printf("ACL requesting ARP for "
- "ip %x, port %d\n",
- dest_address, phy_port);
- if (ret_mac == ARP_NOT_FOUND)
- request_arp(dest_if, *nhip);
-
- /* request_arp(p_acl->links_map[phy_port], *nhip); */
- }
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf("ACL before drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
- }
- }
+ } /* end of if (hdr_chk == IPv4_HDR_VERSION) */
if (hdr_chk == IPv6_HDR_VERSION) {
@@ -1053,7 +960,7 @@ pkt_work_acl_key(struct rte_pipeline *p,
uint8_t nhip[16];
nhip[0] =
- RTE_MBUF_METADATA_UINT8(pkt,
+ RTE_MBUF_METADATA_UINT8(pkt,
META_DATA_OFFSET +
offsetof(struct
mbuf_acl_meta_data,
@@ -1070,105 +977,60 @@ pkt_work_acl_key(struct rte_pipeline *p,
}
memcpy(dest_address, *dst_addr, sizeof(dest_address));
memset(nhip, 0, sizeof(nhip));
- ret = local_get_nh_ipv6(&dest_address[0], &dest_if,
- &nhip[0], p_acl);
-
- if (is_phy_port_privte(phy_port)) {
- if (!ret) {
- dest_if = get_prv_to_pub_port((
- uint32_t
- *)
- &dest_address[0], IP_VERSION_6);
- do_local_nh_ipv6_cache(dest_if, p_acl);
- *port_out_id =
- p_acl->port_out_id[dest_if];
- }
- // port = ACL_PUB_PORT_ID;
+ struct nd_entry_data *ret_nd_data = NULL;
+ ret_nd_data = get_dest_mac_address_ipv6_port
+ (dest_address, &dest_if, &hw_addr, &nhip[0]);
+ *port_out_id = p_acl->port_out_id[dest_if];
+ if (nd_cache_dest_mac_present(dest_if)) {
+ ether_addr_copy(get_link_hw_addr(dest_if),
+ (struct ether_addr *)eth_src);
+ update_nhip_access(dest_if);
+
+ if (unlikely(ret_nd_data && ret_nd_data->num_pkts)) {
+ printf("sending buffered packets\n");
+ p_acl->counters->tpkts_processed +=
+ ret_nd_data->num_pkts;
+ nd_send_buffered_pkts(ret_nd_data,
+ (struct ether_addr *)eth_dest, *port_out_id);
+ }
} else {
- if (!ret) {
- dest_if = get_pub_to_prv_port((
- uint32_t
- *)
- &dest_address[0], IP_VERSION_6);
- do_local_nh_ipv6_cache(dest_if, p_acl);
- *port_out_id =
- p_acl->port_out_id[dest_if];
+ if (unlikely(ret_nd_data == NULL)) {
+ if (ACL_DEBUG)
+ printf("ACL before drop pkt_mask "
+ "%lu, pkt_num %d\n", pkts_mask, pos);
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n", pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
}
-// port = ACL_PRV_PORT_ID;
-
- }
- if (get_dest_mac_address_ipv6_port
- (dest_address, &dest_if, &hw_addr, &nhip[0])) {
- if (ACL_DEBUG) {
- printf("MAC found for port %d - "
- " %02x:%02x:%02x:%02x:%02x:%02x\n",
- phy_port, hw_addr.addr_bytes[0],
- hw_addr.addr_bytes[1],
- hw_addr.addr_bytes[2],
- hw_addr.addr_bytes[3],
- hw_addr.addr_bytes[4],
- hw_addr.addr_bytes[5]);
- printf("Dest MAC before - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
- }
- memcpy(eth_dest, &hw_addr,
- sizeof(struct ether_addr));
- if (ACL_DEBUG) {
- printf("PktP %p, dest_macP %p\n", pkt,
- eth_dest);
- printf("Dest MAC after - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
+ if (ret_nd_data->status == INCOMPLETE ||
+ ret_nd_data->status == PROBE) {
+ if (ret_nd_data->num_pkts >= NUM_DESC) {
+ /* Drop the pkt */
+ if (ACL_DEBUG)
+ printf("ACL before drop pkt_mask "
+ "%lu, pkt_num %d\n", pkts_mask, pos);
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n", pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
+ } else {
+ arp_pkts_mask |= pkt_mask;
+ nd_queue_unresolved_packet(ret_nd_data,
+ pkt);
+ continue;
+ }
}
- if (is_phy_port_privte(phy_port))
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- else
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
-/* memcpy(eth_src, get_link_hw_addr(p_acl->links_map[phy_port]), */
-/* sizeof(struct ether_addr)); */
- p_acl->counters->tpkts_processed++;
- p_acl->counters->bytes_processed +=
- packet_length;
}
- else {
-
-#if 0
- /* Request next neighbor for Ipv6 is yet to be done. */
- if (*nhip != 0) {
- if (ACL_DEBUG)
- printf
- ("ACL requesting ARP for ip %x, port %d\n",
- dest_address, phy_port);
-
- /* request_arp(p_acl->links_map[phy_port], *nhip); */
- }
-#endif
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf("ACL before drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
- }
- }
+ } /* if (hdr_chk == IPv6_HDR_VERSION) */
}
@@ -1176,6 +1038,11 @@ pkt_work_acl_key(struct rte_pipeline *p,
rte_pipeline_ah_packet_drop(p, pkts_drop_mask);
keep_mask = pkts_mask;
+ if (arp_pkts_mask) {
+ keep_mask &= ~(arp_pkts_mask);
+ rte_pipeline_ah_packet_hijack(p, arp_pkts_mask);
+ }
+
/* don't bother measuring if traffic very low, might skew stats */
uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask);
@@ -1238,6 +1105,7 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p,
uint64_t conntrack_mask = 0;
uint64_t connexist_mask = 0;
uint32_t dest_address = 0;
+ arp_pkts_mask = 0;
int dest_if = 0;
int status;
uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t);
@@ -1683,104 +1551,57 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p,
nhip));
uint32_t packet_length = rte_pktmbuf_pkt_len(pkt);
*nhip = 0;
- if (is_phy_port_privte(phy_port)) {
- dest_address = rte_bswap32(*dst_addr);
- ret =
- local_get_nh_ipv4(dest_address, &dest_if,
- nhip, p_acl);
- if (!ret) {
- dest_if =
- get_prv_to_pub_port(&dest_address,
- IP_VERSION_4);
- do_local_nh_ipv4_cache(dest_if, p_acl);
- }
- *port_out_id = p_acl->port_out_id[dest_if];
- }
- /* port = ACL_PUB_PORT_ID; */
- else {
- dest_address = rte_bswap32(*dst_addr);
-
- ret = local_get_nh_ipv4(dest_address, &dest_if,
- nhip, p_acl);
- if (!ret) {
- dest_if =
- get_pub_to_prv_port(&dest_address,
- IP_VERSION_4);
- do_local_nh_ipv4_cache(dest_if, p_acl);
- };
- *port_out_id = p_acl->port_out_id[dest_if];
- }
- /* port = ACL_PRV_PORT_ID; */
- int ret_mac = 0;
-
- ret_mac = get_dest_mac_addr_port
- (dest_address, &dest_if, &hw_addr);
-
- if (ret_mac == ARP_FOUND) {
- if (ACL_DEBUG) {
- printf("MAC found for ip 0x%x, port "
- "%d - %02x:%02x:%02x:%02x:%02x:%02x\n",
- dest_address, phy_port,
- hw_addr.addr_bytes[0],
- hw_addr.addr_bytes[1],
- hw_addr.addr_bytes[2],
- hw_addr.addr_bytes[3],
- hw_addr.addr_bytes[4],
- hw_addr.addr_bytes[5]);
- printf("Dest MAC before - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
- }
+ dest_address = rte_bswap32(*dst_addr);
+ struct arp_entry_data *ret_arp_data = NULL;
+ ret_arp_data = get_dest_mac_addr_port
+ (dest_address, &dest_if, (struct ether_addr *)eth_dest);
+ *port_out_id = p_acl->port_out_id[dest_if];
+
+ if (arp_cache_dest_mac_present(dest_if)) {
+ ether_addr_copy(get_link_hw_addr(dest_if),
+ (struct ether_addr *)eth_src);
+ update_nhip_access(dest_if);
+ if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) {
+ printf("sending buffered packets\n");
+ arp_send_buffered_pkts(ret_arp_data,
+ (struct ether_addr *)eth_dest, *port_out_id);
- memcpy(eth_dest, &hw_addr,
- sizeof(struct ether_addr));
- if (ACL_DEBUG) {
- printf("PktP %p, dest_macP %p\n", pkt,
- eth_dest);
- printf("Dest MAC after - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
}
- if (is_phy_port_privte(phy_port))
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- else
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- p_acl->counters->tpkts_processed++;
- p_acl->counters->bytes_processed +=
- packet_length;
- }
+ } else {
+ if (unlikely(ret_arp_data == NULL)) {
- else {
- if (*nhip != 0) {
if (ACL_DEBUG)
- printf("ACL requesting ARP for "
- "ip %x, port %d\n",
- dest_address, phy_port);
- if (ret_mac == ARP_NOT_FOUND)
- request_arp(dest_if, *nhip);
+ printf("%s: NHIP Not Found, "
+ "outport_id: %d\n", __func__,
+ *port_out_id);
- /* request_arp(p_acl->links_map[phy_port], *nhip); */
+ /* Drop the pkt */
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n",
+ pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
}
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf
- ("ACL before drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
+
+ if (ret_arp_data->status == INCOMPLETE ||
+ ret_arp_data->status == PROBE) {
+ if (ret_arp_data->num_pkts >= NUM_DESC) {
+ /* Drop the pkt */
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
"%lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
+ pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
+ } else {
+ arp_pkts_mask |= pkt_mask;
+ arp_queue_unresolved_packet(ret_arp_data, pkt);
+ continue;
+ }
+ }
}
}
#if 0
@@ -1891,17 +1712,6 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p,
else {
-#if 0
- /* Request next neighbor for Ipv6 is yet to be done. */
- if (*nhip != 0) {
- if (ACL_DEBUG)
- printf
- ("ACL requesting ARP for ip %x, port %d\n",
- dest_address, phy_port);
-
- /* request_arp(p_acl->links_map[phy_port], *nhip); */
- }
-#endif
/* Drop packet by changing the mask */
if (ACL_DEBUG)
printf("ACL before drop pkt_mask "
@@ -1923,6 +1733,11 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p,
rte_pipeline_ah_packet_drop(p, pkts_drop_mask);
keep_mask = pkts_mask;
+ if (arp_pkts_mask) {
+ keep_mask &= ~(arp_pkts_mask);
+ rte_pipeline_ah_packet_hijack(p, arp_pkts_mask);
+ }
+
/* don't bother measuring if traffic very low, might skew stats */
uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask);
@@ -1934,7 +1749,7 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p,
}
if (ACL_DEBUG)
printf("Leaving pkt_work_acl_key pkts_mask = %p\n",
- (void *)pkts_mask);
+ (void *)pkts_mask);
return 0;
}
@@ -1983,6 +1798,7 @@ pkt_work_acl_ipv6_key(struct rte_pipeline *p,
uint64_t conntrack_mask = 0;
uint64_t connexist_mask = 0;
uint32_t dest_address = 0;
+ arp_pkts_mask = 0;
int dest_if = 0;
int status;
uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t);
@@ -2383,151 +2199,6 @@ pkt_work_acl_ipv6_key(struct rte_pipeline *p,
uint8_t hdr_chk =
RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE);
hdr_chk = hdr_chk >> IP_VERSION_CHECK;
-#if 0
- if (hdr_chk == IPv4_HDR_VERSION) {
-
- struct acl_table_entry *entry =
- (struct acl_table_entry *)
- p_acl->acl_entries_ipv4[pos];
- uint16_t phy_port = entry->head.port_id;
- uint32_t *port_out_id =
- RTE_MBUF_METADATA_UINT32_PTR(pkt,
- META_DATA_OFFSET +
- offsetof(struct
- mbuf_acl_meta_data,
- output_port));
- /* *port_out_id = p_acl->links_map[phy_port]; */
- if (is_phy_port_privte(phy_port))
- *port_out_id = ACL_PUB_PORT_ID;
- else
- *port_out_id = ACL_PRV_PORT_ID;
- if (ACL_DEBUG)
- printf
- ("phy_port = %i,links_map[phy_port] = %i\n",
- phy_port, p_acl->links_map[phy_port]);
-
- /* header room + eth hdr size + dst_adr offset in ip header */
- uint32_t dst_addr_offset =
- MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DST_ADR_OFST;
- uint32_t *dst_addr =
- RTE_MBUF_METADATA_UINT32_PTR(pkt, dst_addr_offset);
- uint8_t *eth_dest =
- RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM);
- uint8_t *eth_src =
- RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM + 6);
- struct ether_addr hw_addr;
- uint32_t dest_address = rte_bswap32(*dst_addr);
- uint32_t *nhip = RTE_MBUF_METADATA_UINT32_PTR(pkt,
- META_DATA_OFFSET
- +
- offsetof
- (struct
- mbuf_acl_meta_data,
- nhip));
- uint32_t packet_length = rte_pktmbuf_pkt_len(pkt);
- *nhip = 0;
- if (is_phy_port_privte(phy_port)) {
- dest_address = rte_bswap32(*dst_addr);
- ret =
- local_get_nh_ipv4(dest_address, &dest_if,
- nhip, p_acl);
- if (!ret) {
- dest_if =
- get_prv_to_pub_port(&dest_address,
- IP_VERSION_4);
- do_local_nh_ipv4_cache(dest_if, p_acl);
- }
- *port_out_id = p_acl->port_out_id[dest_if];
- }
- /* port = ACL_PUB_PORT_ID; */
- else {
- dest_address = rte_bswap32(*dst_addr);
-
- ret = local_get_nh_ipv4(dest_address, &dest_if,
- nhip, p_acl);
- if (!ret) {
- dest_if =
- get_pub_to_prv_port(&dest_address,
- IP_VERSION_4);
- do_local_nh_ipv4_cache(dest_if, p_acl);
- };
- *port_out_id = p_acl->port_out_id[dest_if];
- }
- /* port = ACL_PRV_PORT_ID; */
-
- if (get_dest_mac_addr_port
- (dest_address, &dest_if, &hw_addr)) {
- if (ACL_DEBUG) {
- printf("MAC found for ip 0x%x, port "
- " %d - %02x:%02x:%02x:%02x:%02x:%02x\n",
- dest_address, phy_port,
- hw_addr.addr_bytes[0],
- hw_addr.addr_bytes[1],
- hw_addr.addr_bytes[2],
- hw_addr.addr_bytes[3],
- hw_addr.addr_bytes[4],
- hw_addr.addr_bytes[5]);
- printf("Dest MAC before - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
- }
-
- memcpy(eth_dest, &hw_addr,
- sizeof(struct ether_addr));
- if (ACL_DEBUG) {
- printf("PktP %p, dest_macP %p\n", pkt,
- eth_dest);
- printf("Dest MAC after - "
- "%02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
- }
- if (is_phy_port_privte(phy_port))
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- else
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- p_acl->counters->tpkts_processed++;
- p_acl->counters->bytes_processed +=
- packet_length;
- }
-
- else {
- if (*nhip != 0) {
-
- if (ACL_DEBUG)
-
- printf("ACL requesting ARP for "
- " ip %x, port %d\n",
- dest_address, phy_port);
- if (is_phy_port_privte(phy_port))
- request_arp(dest_if, *nhip);
-
- else
- request_arp(dest_if, *nhip);
-
- /* request_arp(p_acl->links_map[phy_port], *nhip); */
- }
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf("ACL before drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
- }
- }
-#endif
if (hdr_chk == IPv6_HDR_VERSION) {
@@ -2583,114 +2254,72 @@ pkt_work_acl_ipv6_key(struct rte_pipeline *p,
}
memcpy(dest_address, *dst_addr, sizeof(dest_address));
memset(nhip, 0, sizeof(nhip));
- ret = local_get_nh_ipv6(&dest_address[0], &dest_if,
- &nhip[0], p_acl);
-
- if (is_phy_port_privte(phy_port)) {
- if (!ret) {
- dest_if = get_prv_to_pub_port((
- uint32_t
- *)
- &dest_address[0], IP_VERSION_6);
- do_local_nh_ipv6_cache(dest_if, p_acl);
+ struct nd_entry_data *ret_nd_data = NULL;
+ ret_nd_data = get_dest_mac_address_ipv6_port
+ (dest_address, &dest_if, &hw_addr, &nhip[0]);
+ *port_out_id = p_acl->port_out_id[dest_if];
+
+ if (nd_cache_dest_mac_present(dest_if)) {
+ ether_addr_copy(get_link_hw_addr(dest_if),
+ (struct ether_addr *)eth_src);
+ update_nhip_access(dest_if);
+
+ if (unlikely(ret_nd_data && ret_nd_data->num_pkts)) {
+ printf("sending buffered packets\n");
+ p_acl->counters->tpkts_processed +=
+ ret_nd_data->num_pkts;
+ nd_send_buffered_pkts(ret_nd_data,
+ (struct ether_addr *)eth_dest, *port_out_id);
}
- // port = ACL_PUB_PORT_ID;
- *port_out_id =
- p_acl->port_out_id[dest_if];
-
} else {
- if (!ret) {
- dest_if = get_pub_to_prv_port((
- uint32_t
- *)
- &dest_address[0], IP_VERSION_6);
- do_local_nh_ipv6_cache(dest_if, p_acl);
+ if (unlikely(ret_nd_data == NULL)) {
+ if (ACL_DEBUG)
+ printf("ACL before drop pkt_mask "
+ "%lu, pkt_num %d\n", pkts_mask, pos);
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n", pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
}
- // port = ACL_PRV_PORT_ID;
- *port_out_id =
- p_acl->port_out_id[dest_if];
- }
-
- if (get_dest_mac_address_ipv6_port
- (dest_address, &dest_if, &hw_addr, &nhip[0])) {
- if (ACL_DEBUG) {
- printf("MAC found for port %d "
- "- %02x:%02x:%02x:%02x:%02x:%02x\n",
- phy_port, hw_addr.addr_bytes[0],
- hw_addr.addr_bytes[1],
- hw_addr.addr_bytes[2],
- hw_addr.addr_bytes[3],
- hw_addr.addr_bytes[4],
- hw_addr.addr_bytes[5]);
- printf("Dest MAC before - "
- " %02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
+ if (ret_nd_data->status == INCOMPLETE ||
+ ret_nd_data->status == PROBE) {
+ if (ret_nd_data->num_pkts >= NUM_DESC) {
+ /* Drop the pkt */
+ if (ACL_DEBUG)
+ printf("ACL before drop pkt_mask "
+ "%lu, pkt_num %d\n", pkts_mask, pos);
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n", pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ continue;
+ } else {
+ arp_pkts_mask |= pkt_mask;
+ nd_queue_unresolved_packet(ret_nd_data,
+ pkt);
+ continue;
+ }
}
- memcpy(eth_dest, &hw_addr,
- sizeof(struct ether_addr));
- if (ACL_DEBUG) {
- printf("PktP %p, dest_macP %p\n", pkt,
- eth_dest);
- printf("Dest MAC after - "
- " %02x:%02x:%02x:%02x:%02x:%02x\n",
- eth_dest[0], eth_dest[1],
- eth_dest[2], eth_dest[3],
- eth_dest[4], eth_dest[5]);
- }
- if (is_phy_port_privte(phy_port))
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- else
- memcpy(eth_src,
- get_link_hw_addr(dest_if),
- sizeof(struct ether_addr));
- /*
- * memcpy(eth_src, get_link_hw_addr(p_acl->links_map[phy_port]),
- * sizeof(struct ether_addr));
- */
- p_acl->counters->tpkts_processed++;
- p_acl->counters->bytes_processed +=
- packet_length;
}
- else {
-
-#if 0
- /* Request next neighbor for Ipv6 is yet to be done. */
- if (*nhip != 0) {
- if (ACL_DEBUG)
- printf
- ("ACL requesting ARP for ip %x, port %d\n",
- dest_address, phy_port);
-
- /* request_arp(p_acl->links_map[phy_port], *nhip); */
- }
-#endif
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf("ACL before drop pkt_mask "
- " %lu, pkt_num %d\n",
- pkts_mask, pos);
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
- " %lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
- }
}
- }
+ } /* end of for loop */
pkts_drop_mask = keep_mask & ~pkts_mask;
rte_pipeline_ah_packet_drop(p, pkts_drop_mask);
keep_mask = pkts_mask;
+ if (arp_pkts_mask) {
+ keep_mask &= ~(arp_pkts_mask);
+ rte_pipeline_ah_packet_hijack(p, arp_pkts_mask);
+ }
+
/* don't bother measuring if traffic very low, might skew stats */
uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask);
@@ -3177,7 +2806,7 @@ static void *pipeline_acl_init(struct pipeline_params *params,
* p_acl->links_map[0] = 0xff;
* p_acl->links_map[1] = 0xff;]
*/
- p_acl->traffic_type = MIX;
+ p_acl->traffic_type = IPv4_HDR_VERSION;
for (i = 0; i < PIPELINE_MAX_PORT_IN; i++) {
p_acl->links_map[i] = 0xff;
p_acl->port_out_id[i] = 0xff;
diff --git a/VNFs/vACL/pipeline/pipeline_acl_be.h b/VNFs/vACL/pipeline/pipeline_acl_be.h
index 8c85d888..bbb20e82 100644
--- a/VNFs/vACL/pipeline/pipeline_acl_be.h
+++ b/VNFs/vACL/pipeline/pipeline_acl_be.h
@@ -44,7 +44,6 @@ enum pipeline_acl_key_type {
#define IP_HDR_DST_ADR_OFST 16
#define IP_VERSION_4 4
#define IP_VERSION_6 6
-#define MIX 10
/* IPv6 */
#define IP_HDR_SIZE_IPV6 40