Tx feature node, for accounting purposes
Switch to combined allow/drop counters
Show matching ip4 neighbor address if known
Add static-allow mactime entries for unknown mac addresses
Add the "clear mactime" command
Change-Id: Ib963981438dfb8a123df1b3c023bd5fcc27f888f
Signed-off-by: Dave Barach <dbarach@cisco.com>
diff --git a/src/plugins/mactime/mactime.c b/src/plugins/mactime/mactime.c
index 82bcfae..06dda53 100644
--- a/src/plugins/mactime/mactime.c
+++ b/src/plugins/mactime/mactime.c
@@ -103,6 +103,8 @@
vnet_feature_enable_disable ("device-input", "mactime",
sw_if_index, enable_disable, 0, 0);
+ vnet_feature_enable_disable ("interface-output", "mactime-tx",
+ sw_if_index, enable_disable, 0, 0);
return rv;
}
@@ -181,6 +183,32 @@
REPLY_MACRO (VL_API_MACTIME_ENABLE_DISABLE_REPLY);
}
+/** Create a lookup table entry for the indicated mac address
+ */
+void
+mactime_send_create_entry_message (u8 * mac_address)
+{
+ mactime_main_t *mm = &mactime_main;
+ api_main_t *am;
+ vl_shmem_hdr_t *shmem_hdr;
+ u8 *name;
+ vl_api_mactime_add_del_range_t *mp;
+
+ am = &api_main;
+ shmem_hdr = am->shmem_hdr;
+ mp = vl_msg_api_alloc_as_if_client (sizeof (*mp));
+ memset (mp, 0, sizeof (*mp));
+ mp->_vl_msg_id = ntohs (VL_API_MACTIME_ADD_DEL_RANGE + mm->msg_id_base);
+ name = format (0, "mac-%U", format_mac_address, mac_address);
+
+ memcpy (mp->device_name, name, vec_len (name));
+ memcpy (mp->mac_address, mac_address, sizeof (mp->mac_address));
+ /* $$$ config: create allow / drop / range */
+ mp->allow = 1;
+ mp->is_add = 1;
+ vl_msg_api_send_shmem (shmem_hdr->vl_input_queue, (u8 *) & mp);
+}
+
/** Add or delete static / dynamic accept/drop configuration for a src mac
*/
@@ -212,11 +240,12 @@
{
pool_get (mm->devices, dp);
memset (dp, 0, sizeof (*dp));
- vlib_validate_simple_counter (&mm->allow_counters,
- dp - mm->devices);
- vlib_zero_simple_counter (&mm->allow_counters, dp - mm->devices);
- vlib_validate_simple_counter (&mm->drop_counters, dp - mm->devices);
- vlib_zero_simple_counter (&mm->drop_counters, dp - mm->devices);
+ vlib_validate_combined_counter (&mm->allow_counters,
+ dp - mm->devices);
+ vlib_zero_combined_counter (&mm->allow_counters, dp - mm->devices);
+ vlib_validate_combined_counter (&mm->drop_counters,
+ dp - mm->devices);
+ vlib_zero_combined_counter (&mm->drop_counters, dp - mm->devices);
mp->device_name[ARRAY_LEN (mp->device_name) - 1] = 0;
dp->device_name = format (0, "%s%c", mp->device_name, 0);
memcpy (dp->mac_address, mp->mac_address, sizeof (mp->mac_address));
@@ -380,6 +409,15 @@
/* *INDENT-ON */
/* *INDENT-OFF* */
+VNET_FEATURE_INIT (mactime_tx, static) =
+{
+ .arc_name = "interface-output",
+ .node_name = "mactime-tx",
+ .runs_before = VNET_FEATURES ("interface-tx"),
+};
+/* *INDENT-ON */
+
+/* *INDENT-OFF* */
VLIB_PLUGIN_REGISTER () =
{
.version = VPP_BUILD_VER,
@@ -387,14 +425,6 @@
};
/* *INDENT-ON* */
-static u8 *
-format_mac_address (u8 * s, va_list * args)
-{
- u8 *a = va_arg (*args, u8 *);
- return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
- a[0], a[1], a[2], a[3], a[4], a[5]);
-}
-
static clib_error_t *
show_mactime_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
@@ -408,7 +438,18 @@
int current_status = 99;
int i, j;
f64 now;
- u64 allow, drop;
+ vlib_counter_t allow, drop;
+ ethernet_arp_ip4_entry_t *n, *pool;
+
+ vec_reset_length (mm->arp_cache_copy);
+ pool = ip4_neighbors_pool ();
+
+ /* *INDENT-OFF* */
+ pool_foreach (n, pool,
+ ({
+ vec_add1 (mm->arp_cache_copy, n[0]);
+ }));
+ /* *INDENT-ON* */
now = clib_timebase_now (&mm->timebase);
@@ -431,9 +472,9 @@
}));
/* *INDENT-ON* */
- vlib_cli_output (vm, "%-15s %20s %16s %10s %10s",
- "Device Name", "MAC address", "Current Status", "Allow",
- "Drop");
+ vlib_cli_output (vm, "%-15s %18s %14s %10s %10s %10s",
+ "Device Name", "Addresses", "Status",
+ "AllowPkt", "AllowByte", "DropPkt");
for (i = 0; i < vec_len (pool_indices); i++)
{
@@ -500,13 +541,24 @@
status_string = "code bug!";
break;
}
- allow = vlib_get_simple_counter (&mm->allow_counters, dp - mm->devices);
- drop = vlib_get_simple_counter (&mm->drop_counters, dp - mm->devices);
- vlib_cli_output (vm, "%-15s %20s %16s %10lld %10lld",
+ vlib_get_combined_counter (&mm->allow_counters, dp - mm->devices,
+ &allow);
+ vlib_get_combined_counter (&mm->drop_counters, dp - mm->devices, &drop);
+ vlib_cli_output (vm, "%-15s %18s %14s %10lld %10lld %10lld",
dp->device_name, macstring, status_string,
- allow, drop);
+ allow.packets, allow.bytes, drop.packets);
+ /* This is really only good for small N... */
+ for (j = 0; j < vec_len (mm->arp_cache_copy); j++)
+ {
+ n = mm->arp_cache_copy + j;
+ if (!memcmp (dp->mac_address, n->ethernet_address,
+ sizeof (n->ethernet_address)))
+ {
+ vlib_cli_output (vm, "%17s%U", " ", format_ip4_address,
+ &n->ip4_address);
+ }
+ }
}
-
vec_free (macstring);
vec_free (pool_indices);
@@ -522,6 +574,30 @@
};
/* *INDENT-ON* */
+static clib_error_t *
+clear_mactime_command_fn (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ mactime_main_t *mm = &mactime_main;
+
+ if (mm->feature_initialized == 0)
+ return clib_error_return (0, "feature not enabled");
+
+ vlib_clear_combined_counters (&mm->allow_counters);
+ vlib_clear_combined_counters (&mm->drop_counters);
+ vlib_cli_output (vm, "Mactime counters cleared...");
+ return 0;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (clear_mactime_command, static) =
+{
+ .path = "clear mactime",
+ .short_help = "clear mactime counters",
+ .function = clear_mactime_command_fn,
+};
+/* *INDENT-ON* */
+
/*
diff --git a/src/plugins/mactime/mactime.h b/src/plugins/mactime/mactime.h
index 6890ca2..2166d4a 100644
--- a/src/plugins/mactime/mactime.h
+++ b/src/plugins/mactime/mactime.h
@@ -21,6 +21,7 @@
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vnet/ethernet/ethernet.h>
+#include <vnet/ethernet/arp_packet.h>
#include <vlib/counter.h>
#include <vppinfra/hash.h>
@@ -72,8 +73,8 @@
mactime_device_t *devices;
/* Counters */
- vlib_simple_counter_main_t allow_counters;
- vlib_simple_counter_main_t drop_counters;
+ vlib_combined_counter_main_t allow_counters;
+ vlib_combined_counter_main_t drop_counters;
/* config parameters */
u32 lookup_table_num_buckets;
@@ -83,6 +84,9 @@
/* Once-only data structure create flag */
int feature_initialized;
+ /* arp cache copy, for "show mactime" */
+ ethernet_arp_ip4_entry_t *arp_cache_copy;
+
/* convenience */
vlib_main_t *vlib_main;
vnet_main_t *vnet_main;
@@ -96,6 +100,17 @@
extern mactime_main_t mactime_main;
extern vlib_node_registration_t mactime_node;
+extern vlib_node_registration_t mactime_tx_node;
+
+void mactime_send_create_entry_message (u8 * mac_address);
+
+static inline u8 *
+format_mac_address (u8 * s, va_list * args)
+{
+ u8 *a = va_arg (*args, u8 *);
+ return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
+ a[0], a[1], a[2], a[3], a[4], a[5]);
+}
/* Periodic function events */
#define MACTIME_EVENT1 1
diff --git a/src/plugins/mactime/node.c b/src/plugins/mactime/node.c
index b112a72..1d45a39 100644
--- a/src/plugins/mactime/node.c
+++ b/src/plugins/mactime/node.c
@@ -28,15 +28,8 @@
u8 device_name[64];
} mactime_trace_t;
-static u8 *
-format_mac_address (u8 * s, va_list * args)
-{
- u8 *a = va_arg (*args, u8 *);
- return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
- a[0], a[1], a[2], a[3], a[4], a[5]);
-}
-
vlib_node_registration_t mactime_node;
+vlib_node_registration_t mactime_tx_node;
#define foreach_mactime_error \
_(DROP, "Dropped packets") \
@@ -58,8 +51,8 @@
typedef enum
{
- MACTIME_NEXT_ETHERNET_INPUT,
MACTIME_NEXT_DROP,
+ MACTIME_NEXT_ETHERNET_INPUT,
MACTIME_N_NEXT,
} mactime_next_t;
@@ -74,13 +67,14 @@
s = format (s, "MACTIME: src mac %U device %s result %s\n",
format_mac_address, t->src_mac,
(t->device_index != ~0) ? t->device_name : (u8 *) "unknown",
- t->next_index == MACTIME_NEXT_ETHERNET_INPUT ? "pass" : "drop");
+ t->next_index == MACTIME_NEXT_DROP ? "drop" : "pass");
return s;
}
static uword
-mactime_node_fn (vlib_main_t * vm,
- vlib_node_runtime_t * node, vlib_frame_t * frame)
+mactime_node_inline (vlib_main_t * vm,
+ vlib_node_runtime_t * node, vlib_frame_t * frame,
+ int is_tx)
{
u32 n_left_from, *from, *to_next;
mactime_next_t next_index;
@@ -91,6 +85,13 @@
u32 packets_ok = 0, packets_dropped = 0;
f64 now;
u32 thread_index = vm->thread_index;
+ vnet_main_t *vnm = vnet_get_main ();
+ vnet_interface_main_t *im = &vnm->interface_main;
+ u8 arc = im->output_feature_arc_index;
+ vnet_feature_config_main_t *fcm;
+
+ if (is_tx)
+ fcm = vnet_feature_get_config_main (arc);
now = clib_timebase_now (&mm->timebase);
@@ -107,94 +108,13 @@
vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
-#if 0
- while (n_left_from >= 4 && n_left_to_next >= 2)
- {
- u32 next0 = MACTIME_NEXT_INTERFACE_OUTPUT;
- u32 next1 = MACTIME_NEXT_INTERFACE_OUTPUT;
- u32 sw_if_index0, sw_if_index1;
- u8 tmp0[6], tmp1[6];
- ethernet_header_t *en0, *en1;
- u32 bi0, bi1;
- vlib_buffer_t *b0, *b1;
-
- /* Prefetch next iteration. */
- {
- vlib_buffer_t *p2, *p3;
-
- p2 = vlib_get_buffer (vm, from[2]);
- p3 = vlib_get_buffer (vm, from[3]);
-
- vlib_prefetch_buffer_header (p2, LOAD);
- vlib_prefetch_buffer_header (p3, LOAD);
-
- CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, STORE);
- CLIB_PREFETCH (p3->data, CLIB_CACHE_LINE_BYTES, STORE);
- }
-
- /* speculatively enqueue b0 and b1 to the current next frame */
- to_next[0] = bi0 = from[0];
- to_next[1] = bi1 = from[1];
- from += 2;
- to_next += 2;
- n_left_from -= 2;
- n_left_to_next -= 2;
-
- b0 = vlib_get_buffer (vm, bi0);
- b1 = vlib_get_buffer (vm, bi1);
-
- ASSERT (b0->current_data == 0);
- ASSERT (b1->current_data == 0);
-
- en0 = vlib_buffer_get_current (b0);
- en1 = vlib_buffer_get_current (b1);
-
- sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
- sw_if_index1 = vnet_buffer (b1)->sw_if_index[VLIB_RX];
-
- /* Send pkt back out the RX interface */
- vnet_buffer (b0)->sw_if_index[VLIB_TX] = sw_if_index0;
- vnet_buffer (b1)->sw_if_index[VLIB_TX] = sw_if_index1;
-
- if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
- {
- if (b0->flags & VLIB_BUFFER_IS_TRACED)
- {
- mactime_trace_t *t =
- vlib_add_trace (vm, node, b0, sizeof (*t));
- t->sw_if_index = sw_if_index0;
- t->next_index = next0;
- clib_memcpy (t->new_src_mac, en0->src_address,
- sizeof (t->new_src_mac));
- clib_memcpy (t->new_dst_mac, en0->dst_address,
- sizeof (t->new_dst_mac));
- }
- if (b1->flags & VLIB_BUFFER_IS_TRACED)
- {
- mactime_trace_t *t =
- vlib_add_trace (vm, node, b1, sizeof (*t));
- t->sw_if_index = sw_if_index1;
- t->next_index = next1;
- clib_memcpy (t->new_src_mac, en1->src_address,
- sizeof (t->new_src_mac));
- clib_memcpy (t->new_dst_mac, en1->dst_address,
- sizeof (t->new_dst_mac));
- }
- }
-
- /* verify speculative enqueues, maybe switch current next frame */
- vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
- to_next, n_left_to_next,
- bi0, bi1, next0, next1);
- }
-#endif /* dual loop */
-
while (n_left_from > 0 && n_left_to_next > 0)
{
u32 bi0;
vlib_buffer_t *b0;
- u32 next0 = MACTIME_NEXT_ETHERNET_INPUT;
+ u32 next0;
u32 device_index0;
+ u32 len0;
ethernet_header_t *en0;
int i;
@@ -208,18 +128,35 @@
b0 = vlib_get_buffer (vm, bi0);
+ /* Set next0 to e.g. interface-tx */
+ if (is_tx)
+ vnet_get_config_data (&fcm->config_main,
+ &b0->current_config_index, &next0,
+ /* # bytes of config data */ 0);
+ else
+ next0 = MACTIME_NEXT_ETHERNET_INPUT;
+
vlib_buffer_advance (b0, -(word) vnet_buffer (b0)->l2_hdr_offset);
+ len0 = vlib_buffer_length_in_chain (vm, b0);
en0 = vlib_buffer_get_current (b0);
kv.key = 0;
- clib_memcpy (&kv.key, en0->src_address, 6);
+ if (is_tx)
+ clib_memcpy (&kv.key, en0->dst_address, 6);
+ else
+ clib_memcpy (&kv.key, en0->src_address, 6);
-
- /* Lookup the src mac address */
+ /* Lookup the src/dst mac address */
if (clib_bihash_search_8_8 (lut, &kv, &kv) < 0)
{
+ /* Create a table entry... */
+ mactime_send_create_entry_message
+ (is_tx ? en0->dst_address : en0->src_address);
+
+ /* and let this packet pass */
device_index0 = ~0;
dp = 0;
+ packets_ok++;
goto trace0;
}
else
@@ -236,14 +173,16 @@
if (dp->flags & MACTIME_DEVICE_FLAG_STATIC_DROP)
{
next0 = MACTIME_NEXT_DROP;
- vlib_increment_simple_counter
- (&mm->drop_counters, thread_index, dp - mm->devices, 1);
+ vlib_increment_combined_counter
+ (&mm->drop_counters, thread_index, dp - mm->devices, 1,
+ len0);
packets_dropped++;
}
else /* note next0 set to allow */
{
- vlib_increment_simple_counter
- (&mm->allow_counters, thread_index, dp - mm->devices, 1);
+ vlib_increment_combined_counter
+ (&mm->allow_counters, thread_index, dp - mm->devices, 1,
+ len0);
packets_ok++;
}
goto trace0;
@@ -263,17 +202,17 @@
/* And it's a drop range, drop it */
if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_DROP)
{
- vlib_increment_simple_counter
+ vlib_increment_combined_counter
(&mm->drop_counters, thread_index,
- dp - mm->devices, 1);
+ dp - mm->devices, 1, len0);
packets_dropped++;
next0 = MACTIME_NEXT_DROP;
}
else /* it's an allow range, allow it */
{
- vlib_increment_simple_counter
+ vlib_increment_combined_counter
(&mm->allow_counters, thread_index,
- dp - mm->devices, 1);
+ dp - mm->devices, 1, len0);
packets_ok++;
}
goto trace0;
@@ -286,14 +225,15 @@
if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW)
{
next0 = MACTIME_NEXT_DROP;
- vlib_increment_simple_counter
- (&mm->drop_counters, thread_index, dp - mm->devices, 1);
+ vlib_increment_combined_counter
+ (&mm->drop_counters, thread_index, dp - mm->devices, 1, len0);
packets_dropped++;
}
else
{
- vlib_increment_simple_counter
- (&mm->allow_counters, thread_index, dp - mm->devices, 1);
+ vlib_increment_combined_counter
+ (&mm->allow_counters, thread_index, dp - mm->devices, 1,
+ len0);
packets_ok++;
}
@@ -324,13 +264,20 @@
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- vlib_node_increment_counter (vm, mactime_node.index,
+ vlib_node_increment_counter (vm, node->node_index,
MACTIME_ERROR_DROP, packets_dropped);
- vlib_node_increment_counter (vm, mactime_node.index,
+ vlib_node_increment_counter (vm, node->node_index,
MACTIME_ERROR_OK, packets_ok);
return frame->n_vectors;
}
+static uword
+mactime_node_fn (vlib_main_t * vm,
+ vlib_node_runtime_t * node, vlib_frame_t * frame)
+{
+ return mactime_node_inline (vm, node, frame, 0 /* is_tx */ );
+}
+
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (mactime_node) =
{
@@ -354,6 +301,36 @@
};
/* *INDENT-ON* */
+static uword
+mactime_tx_node_fn (vlib_main_t * vm,
+ vlib_node_runtime_t * node, vlib_frame_t * frame)
+{
+ return mactime_node_inline (vm, node, frame, 1 /* is_tx */ );
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (mactime_tx_node) =
+{
+ .function = mactime_tx_node_fn,
+ .name = "mactime-tx",
+ .vector_size = sizeof (u32),
+ .format_trace = format_mactime_trace,
+ .type = VLIB_NODE_TYPE_INTERNAL,
+
+ .n_errors = ARRAY_LEN(mactime_error_strings),
+ .error_strings = mactime_error_strings,
+
+ .n_next_nodes = MACTIME_N_NEXT,
+
+ /* edit / add dispositions here */
+ .next_nodes =
+ {
+ [MACTIME_NEXT_DROP] = "error-drop",
+ [MACTIME_NEXT_ETHERNET_INPUT] = "ethernet-input", /* notused */
+ },
+};
+/* *INDENT-ON* */
+
/*
* fd.io coding-style-patch-verification: ON
*