2009-07-08 13:19:16 -07:00
|
|
|
|
/*
|
2017-05-31 16:06:12 -07:00
|
|
|
|
* Copyright (c) 2009-2017 Nicira, Inc.
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
2009-06-15 15:11:30 -07:00
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
|
* You may obtain a copy of the License at:
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
2009-06-15 15:11:30 -07:00
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
*
|
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
|
* limitations under the License.
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
#include "classifier.h"
|
2014-10-24 13:22:24 -07:00
|
|
|
|
#include "classifier-private.h"
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include <errno.h>
|
2017-11-06 14:42:32 -08:00
|
|
|
|
#include <sys/types.h>
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include <netinet/in.h>
|
2010-11-22 10:10:14 -08:00
|
|
|
|
#include "byte-order.h"
|
2016-03-03 10:20:46 -08:00
|
|
|
|
#include "openvswitch/dynamic-string.h"
|
2010-11-23 12:31:50 -08:00
|
|
|
|
#include "odp-util.h"
|
2013-12-11 11:07:01 -08:00
|
|
|
|
#include "packets.h"
|
2014-06-11 11:07:43 -07:00
|
|
|
|
#include "util.h"
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2014-04-30 14:09:08 -07:00
|
|
|
|
struct trie_ctx;
|
|
|
|
|
|
|
2015-01-11 13:25:24 -08:00
|
|
|
|
/* A collection of "struct cls_conjunction"s currently embedded into a
|
|
|
|
|
|
* cls_match. */
|
|
|
|
|
|
struct cls_conjunction_set {
|
|
|
|
|
|
/* Link back to the cls_match.
|
|
|
|
|
|
*
|
|
|
|
|
|
* cls_conjunction_set is mostly used during classifier lookup, and, in
|
|
|
|
|
|
* turn, during classifier lookup the most used member of
|
|
|
|
|
|
* cls_conjunction_set is the rule's priority, so we cache it here for fast
|
|
|
|
|
|
* access. */
|
|
|
|
|
|
struct cls_match *match;
|
|
|
|
|
|
int priority; /* Cached copy of match->priority. */
|
|
|
|
|
|
|
|
|
|
|
|
/* Conjunction information.
|
|
|
|
|
|
*
|
|
|
|
|
|
* 'min_n_clauses' allows some optimization during classifier lookup. */
|
|
|
|
|
|
unsigned int n; /* Number of elements in 'conj'. */
|
|
|
|
|
|
unsigned int min_n_clauses; /* Smallest 'n' among elements of 'conj'. */
|
|
|
|
|
|
struct cls_conjunction conj[];
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2014-04-30 14:09:08 -07:00
|
|
|
|
/* Ports trie depends on both ports sharing the same ovs_be32. */
|
|
|
|
|
|
#define TP_PORTS_OFS32 (offsetof(struct flow, tp_src) / 4)
|
|
|
|
|
|
BUILD_ASSERT_DECL(TP_PORTS_OFS32 == offsetof(struct flow, tp_dst) / 4);
|
2015-01-06 11:10:42 -08:00
|
|
|
|
BUILD_ASSERT_DECL(TP_PORTS_OFS32 % 2 == 0);
|
|
|
|
|
|
#define TP_PORTS_OFS64 (TP_PORTS_OFS32 / 2)
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
2015-01-11 13:25:24 -08:00
|
|
|
|
static size_t
|
|
|
|
|
|
cls_conjunction_set_size(size_t n)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (sizeof(struct cls_conjunction_set)
|
|
|
|
|
|
+ n * sizeof(struct cls_conjunction));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static struct cls_conjunction_set *
|
|
|
|
|
|
cls_conjunction_set_alloc(struct cls_match *match,
|
|
|
|
|
|
const struct cls_conjunction conj[], size_t n)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (n) {
|
|
|
|
|
|
size_t min_n_clauses = conj[0].n_clauses;
|
|
|
|
|
|
for (size_t i = 1; i < n; i++) {
|
|
|
|
|
|
min_n_clauses = MIN(min_n_clauses, conj[i].n_clauses);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct cls_conjunction_set *set = xmalloc(cls_conjunction_set_size(n));
|
|
|
|
|
|
set->match = match;
|
|
|
|
|
|
set->priority = match->priority;
|
|
|
|
|
|
set->n = n;
|
|
|
|
|
|
set->min_n_clauses = min_n_clauses;
|
|
|
|
|
|
memcpy(set->conj, conj, n * sizeof *conj);
|
|
|
|
|
|
return set;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-29 15:50:38 -07:00
|
|
|
|
static struct cls_match *
|
2016-07-29 16:52:01 -07:00
|
|
|
|
cls_match_alloc(const struct cls_rule *rule, ovs_version_t version,
|
2015-01-11 13:25:24 -08:00
|
|
|
|
const struct cls_conjunction conj[], size_t n)
|
2014-04-29 15:50:38 -07:00
|
|
|
|
{
|
2015-07-17 15:18:43 -07:00
|
|
|
|
size_t count = miniflow_n_values(rule->match.flow);
|
2014-04-29 15:50:39 -07:00
|
|
|
|
|
|
|
|
|
|
struct cls_match *cls_match
|
2015-07-15 13:17:01 -07:00
|
|
|
|
= xmalloc(sizeof *cls_match + MINIFLOW_VALUES_SIZE(count));
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
2015-06-11 15:53:42 -07:00
|
|
|
|
ovsrcu_init(&cls_match->next, NULL);
|
2014-10-27 10:57:28 -07:00
|
|
|
|
*CONST_CAST(const struct cls_rule **, &cls_match->cls_rule) = rule;
|
|
|
|
|
|
*CONST_CAST(int *, &cls_match->priority) = rule->priority;
|
2016-07-29 16:52:01 -07:00
|
|
|
|
/* Make rule initially invisible. */
|
|
|
|
|
|
cls_match->versions = VERSIONS_INITIALIZER(version, version);
|
2015-07-15 13:17:01 -07:00
|
|
|
|
miniflow_clone(CONST_CAST(struct miniflow *, &cls_match->flow),
|
|
|
|
|
|
rule->match.flow, count);
|
2015-01-11 13:25:24 -08:00
|
|
|
|
ovsrcu_set_hidden(&cls_match->conj_set,
|
|
|
|
|
|
cls_conjunction_set_alloc(cls_match, conj, n));
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
|
|
|
|
|
return cls_match;
|
|
|
|
|
|
}
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
2014-07-18 02:24:26 -07:00
|
|
|
|
static struct cls_subtable *find_subtable(const struct classifier *cls,
|
2014-11-06 14:55:29 -08:00
|
|
|
|
const struct minimask *);
|
2014-07-18 02:24:26 -07:00
|
|
|
|
static struct cls_subtable *insert_subtable(struct classifier *cls,
|
2014-11-14 15:58:09 -08:00
|
|
|
|
const struct minimask *);
|
|
|
|
|
|
static void destroy_subtable(struct classifier *cls, struct cls_subtable *);
|
2010-11-03 11:00:58 -07:00
|
|
|
|
|
2014-11-06 14:55:29 -08:00
|
|
|
|
static const struct cls_match *find_match_wc(const struct cls_subtable *,
|
2016-07-29 16:52:01 -07:00
|
|
|
|
ovs_version_t version,
|
2014-11-06 14:55:29 -08:00
|
|
|
|
const struct flow *,
|
|
|
|
|
|
struct trie_ctx *,
|
|
|
|
|
|
unsigned int n_tries,
|
|
|
|
|
|
struct flow_wildcards *);
|
|
|
|
|
|
static struct cls_match *find_equal(const struct cls_subtable *,
|
2014-04-29 15:50:38 -07:00
|
|
|
|
const struct miniflow *, uint32_t hash);
|
2010-11-03 11:00:58 -07:00
|
|
|
|
|
2015-06-11 15:53:42 -07:00
|
|
|
|
/* Return the next visible (lower-priority) rule in the list. Multiple
|
|
|
|
|
|
* identical rules with the same priority may exist transitionally, but when
|
|
|
|
|
|
* versioning is used at most one of them is ever visible for lookups on any
|
|
|
|
|
|
* given 'version'. */
|
2015-05-29 11:28:38 -07:00
|
|
|
|
static inline const struct cls_match *
|
2016-07-29 16:52:01 -07:00
|
|
|
|
next_visible_rule_in_list(const struct cls_match *rule, ovs_version_t version)
|
2015-05-29 11:28:38 -07:00
|
|
|
|
{
|
|
|
|
|
|
do {
|
2015-06-11 15:53:42 -07:00
|
|
|
|
rule = cls_match_next(rule);
|
2015-06-12 16:12:56 -07:00
|
|
|
|
} while (rule && !cls_match_visible_in_version(rule, version));
|
2015-05-29 11:28:38 -07:00
|
|
|
|
|
2015-06-11 15:53:42 -07:00
|
|
|
|
return rule;
|
2014-10-31 16:22:23 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-08-12 17:03:07 -07:00
|
|
|
|
/* Type with maximum supported prefix length. */
|
|
|
|
|
|
union trie_prefix {
|
|
|
|
|
|
struct in6_addr ipv6; /* For sizing. */
|
|
|
|
|
|
ovs_be32 be32; /* For access. */
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-12-11 11:07:01 -08:00
|
|
|
|
static unsigned int minimask_get_prefix_len(const struct minimask *,
|
|
|
|
|
|
const struct mf_field *);
|
2014-07-18 02:24:26 -07:00
|
|
|
|
static void trie_init(struct classifier *cls, int trie_idx,
|
2014-11-14 15:58:09 -08:00
|
|
|
|
const struct mf_field *);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
static unsigned int trie_lookup(const struct cls_trie *, const struct flow *,
|
2015-08-12 17:03:07 -07:00
|
|
|
|
union trie_prefix *plens);
|
2014-07-11 02:29:08 -07:00
|
|
|
|
static unsigned int trie_lookup_value(const rcu_trie_ptr *,
|
2014-07-18 02:24:26 -07:00
|
|
|
|
const ovs_be32 value[], ovs_be32 plens[],
|
|
|
|
|
|
unsigned int value_bits);
|
2014-07-11 02:29:08 -07:00
|
|
|
|
static void trie_destroy(rcu_trie_ptr *);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
static void trie_insert(struct cls_trie *, const struct cls_rule *, int mlen);
|
2014-07-11 02:29:08 -07:00
|
|
|
|
static void trie_insert_prefix(rcu_trie_ptr *, const ovs_be32 *prefix,
|
2014-04-30 14:09:08 -07:00
|
|
|
|
int mlen);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
static void trie_remove(struct cls_trie *, const struct cls_rule *, int mlen);
|
2014-07-11 02:29:08 -07:00
|
|
|
|
static void trie_remove_prefix(rcu_trie_ptr *, const ovs_be32 *prefix,
|
2014-04-30 14:09:08 -07:00
|
|
|
|
int mlen);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
static void mask_set_prefix_bits(struct flow_wildcards *, uint8_t be32ofs,
|
2014-07-11 02:29:08 -07:00
|
|
|
|
unsigned int n_bits);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
static bool mask_prefix_bits_set(const struct flow_wildcards *,
|
2014-07-11 02:29:08 -07:00
|
|
|
|
uint8_t be32ofs, unsigned int n_bits);
|
2012-08-07 15:28:18 -07:00
|
|
|
|
�
|
|
|
|
|
|
/* cls_rule. */
|
2010-11-03 11:00:58 -07:00
|
|
|
|
|
2014-11-13 11:54:31 -08:00
|
|
|
|
static inline void
|
2015-07-06 11:45:54 -07:00
|
|
|
|
cls_rule_init__(struct cls_rule *rule, unsigned int priority)
|
2014-11-13 11:54:31 -08:00
|
|
|
|
{
|
|
|
|
|
|
rculist_init(&rule->node);
|
2015-06-09 17:00:00 -07:00
|
|
|
|
*CONST_CAST(int *, &rule->priority) = priority;
|
2016-04-17 08:51:21 -07:00
|
|
|
|
ovsrcu_init(&rule->cls_match, NULL);
|
2014-11-13 11:54:31 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2012-08-07 15:28:18 -07:00
|
|
|
|
/* Initializes 'rule' to match packets specified by 'match' at the given
|
2012-09-04 12:43:53 -07:00
|
|
|
|
* 'priority'. 'match' must satisfy the invariant described in the comment at
|
|
|
|
|
|
* the definition of struct match.
|
2010-11-23 10:06:28 -08:00
|
|
|
|
*
|
2012-08-20 11:29:43 -07:00
|
|
|
|
* The caller must eventually destroy 'rule' with cls_rule_destroy().
|
|
|
|
|
|
*
|
2014-10-30 11:40:07 -07:00
|
|
|
|
* Clients should not use priority INT_MIN. (OpenFlow uses priorities between
|
|
|
|
|
|
* 0 and UINT16_MAX, inclusive.) */
|
2012-04-25 15:48:40 -07:00
|
|
|
|
void
|
2015-07-06 11:45:54 -07:00
|
|
|
|
cls_rule_init(struct cls_rule *rule, const struct match *match, int priority)
|
2012-04-25 15:48:40 -07:00
|
|
|
|
{
|
2015-07-06 11:45:54 -07:00
|
|
|
|
cls_rule_init__(rule, priority);
|
2015-06-09 17:00:00 -07:00
|
|
|
|
minimatch_init(CONST_CAST(struct minimatch *, &rule->match), match);
|
2012-09-04 12:43:53 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Same as cls_rule_init() for initialization from a "struct minimatch". */
|
|
|
|
|
|
void
|
|
|
|
|
|
cls_rule_init_from_minimatch(struct cls_rule *rule,
|
2015-07-06 11:45:54 -07:00
|
|
|
|
const struct minimatch *match, int priority)
|
2012-09-04 12:43:53 -07:00
|
|
|
|
{
|
2015-07-06 11:45:54 -07:00
|
|
|
|
cls_rule_init__(rule, priority);
|
2015-06-09 17:00:00 -07:00
|
|
|
|
minimatch_clone(CONST_CAST(struct minimatch *, &rule->match), match);
|
2011-02-01 22:54:11 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2012-08-20 11:29:43 -07:00
|
|
|
|
/* Initializes 'dst' as a copy of 'src'.
|
|
|
|
|
|
*
|
2013-08-27 12:25:48 -07:00
|
|
|
|
* The caller must eventually destroy 'dst' with cls_rule_destroy(). */
|
2012-08-20 11:29:43 -07:00
|
|
|
|
void
|
|
|
|
|
|
cls_rule_clone(struct cls_rule *dst, const struct cls_rule *src)
|
|
|
|
|
|
{
|
2015-07-06 11:45:54 -07:00
|
|
|
|
cls_rule_init__(dst, src->priority);
|
|
|
|
|
|
minimatch_clone(CONST_CAST(struct minimatch *, &dst->match), &src->match);
|
2012-08-20 11:29:43 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2013-08-27 12:25:48 -07:00
|
|
|
|
/* Initializes 'dst' with the data in 'src', destroying 'src'.
|
2015-06-09 17:00:00 -07:00
|
|
|
|
*
|
2014-11-13 11:54:31 -08:00
|
|
|
|
* 'src' must be a cls_rule NOT in a classifier.
|
2013-08-27 12:25:48 -07:00
|
|
|
|
*
|
|
|
|
|
|
* The caller must eventually destroy 'dst' with cls_rule_destroy(). */
|
|
|
|
|
|
void
|
|
|
|
|
|
cls_rule_move(struct cls_rule *dst, struct cls_rule *src)
|
|
|
|
|
|
{
|
2015-07-06 11:45:54 -07:00
|
|
|
|
cls_rule_init__(dst, src->priority);
|
2015-06-09 17:00:00 -07:00
|
|
|
|
minimatch_move(CONST_CAST(struct minimatch *, &dst->match),
|
|
|
|
|
|
CONST_CAST(struct minimatch *, &src->match));
|
2013-08-27 12:25:48 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2012-08-20 11:29:43 -07:00
|
|
|
|
/* Frees memory referenced by 'rule'. Doesn't free 'rule' itself (it's
|
|
|
|
|
|
* normally embedded into a larger structure).
|
|
|
|
|
|
*
|
|
|
|
|
|
* ('rule' must not currently be in a classifier.) */
|
|
|
|
|
|
void
|
2012-09-04 12:43:53 -07:00
|
|
|
|
cls_rule_destroy(struct cls_rule *rule)
|
2015-06-11 17:28:37 -07:00
|
|
|
|
OVS_NO_THREAD_SAFETY_ANALYSIS
|
2012-08-20 11:29:43 -07:00
|
|
|
|
{
|
2016-04-17 08:51:21 -07:00
|
|
|
|
/* Must not be in a classifier. */
|
|
|
|
|
|
ovs_assert(!get_cls_match_protected(rule));
|
2014-11-13 11:54:31 -08:00
|
|
|
|
|
2015-06-11 17:28:37 -07:00
|
|
|
|
/* Check that the rule has been properly removed from the classifier. */
|
|
|
|
|
|
ovs_assert(rule->node.prev == RCULIST_POISON
|
2014-11-13 11:54:31 -08:00
|
|
|
|
|| rculist_is_empty(&rule->node));
|
2015-06-11 17:28:37 -07:00
|
|
|
|
rculist_poison__(&rule->node); /* Poisons also the next pointer. */
|
2014-11-13 11:54:31 -08:00
|
|
|
|
|
2015-06-09 17:00:00 -07:00
|
|
|
|
minimatch_destroy(CONST_CAST(struct minimatch *, &rule->match));
|
2012-08-20 11:29:43 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-04-17 08:51:21 -07:00
|
|
|
|
/* This may only be called by the exclusive writer. */
|
2015-01-11 13:25:24 -08:00
|
|
|
|
void
|
|
|
|
|
|
cls_rule_set_conjunctions(struct cls_rule *cr,
|
|
|
|
|
|
const struct cls_conjunction *conj, size_t n)
|
|
|
|
|
|
{
|
2016-04-17 08:51:21 -07:00
|
|
|
|
struct cls_match *match = get_cls_match_protected(cr);
|
2015-01-11 13:25:24 -08:00
|
|
|
|
struct cls_conjunction_set *old
|
|
|
|
|
|
= ovsrcu_get_protected(struct cls_conjunction_set *, &match->conj_set);
|
|
|
|
|
|
struct cls_conjunction *old_conj = old ? old->conj : NULL;
|
|
|
|
|
|
unsigned int old_n = old ? old->n : 0;
|
|
|
|
|
|
|
|
|
|
|
|
if (old_n != n || (n && memcmp(old_conj, conj, n * sizeof *conj))) {
|
|
|
|
|
|
if (old) {
|
|
|
|
|
|
ovsrcu_postpone(free, old);
|
|
|
|
|
|
}
|
|
|
|
|
|
ovsrcu_set(&match->conj_set,
|
|
|
|
|
|
cls_conjunction_set_alloc(match, conj, n));
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2012-08-07 15:28:18 -07:00
|
|
|
|
/* Returns true if 'a' and 'b' match the same packets at the same priority,
|
|
|
|
|
|
* false if they differ in some way. */
|
2010-11-08 16:35:34 -08:00
|
|
|
|
bool
|
|
|
|
|
|
cls_rule_equal(const struct cls_rule *a, const struct cls_rule *b)
|
|
|
|
|
|
{
|
2012-09-04 12:43:53 -07:00
|
|
|
|
return a->priority == b->priority && minimatch_equal(&a->match, &b->match);
|
2010-11-08 16:35:34 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2012-08-07 15:28:18 -07:00
|
|
|
|
/* Appends a string describing 'rule' to 's'. */
|
2010-11-23 12:31:50 -08:00
|
|
|
|
void
|
2016-04-19 18:36:04 -07:00
|
|
|
|
cls_rule_format(const struct cls_rule *rule, const struct tun_table *tun_table,
|
2017-05-31 16:06:12 -07:00
|
|
|
|
const struct ofputil_port_map *port_map, struct ds *s)
|
2010-11-23 12:31:50 -08:00
|
|
|
|
{
|
2017-05-31 16:06:12 -07:00
|
|
|
|
minimatch_format(&rule->match, tun_table, port_map, s, rule->priority);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
2012-07-20 14:46:15 -07:00
|
|
|
|
|
|
|
|
|
|
/* Returns true if 'rule' matches every packet, false otherwise. */
|
|
|
|
|
|
bool
|
|
|
|
|
|
cls_rule_is_catchall(const struct cls_rule *rule)
|
|
|
|
|
|
{
|
2015-07-15 13:17:01 -07:00
|
|
|
|
return minimask_is_catchall(rule->match.mask);
|
2012-07-20 14:46:15 -07:00
|
|
|
|
}
|
2015-05-29 11:28:38 -07:00
|
|
|
|
|
2015-08-12 16:00:48 -07:00
|
|
|
|
/* Makes 'rule' invisible in 'remove_version'. Once that version is used in
|
|
|
|
|
|
* lookups, the caller should remove 'rule' via ovsrcu_postpone().
|
2015-06-09 17:00:00 -07:00
|
|
|
|
*
|
2016-04-17 08:51:21 -07:00
|
|
|
|
* 'rule' must be in a classifier.
|
|
|
|
|
|
* This may only be called by the exclusive writer. */
|
2015-06-09 17:00:00 -07:00
|
|
|
|
void
|
2015-06-12 16:12:56 -07:00
|
|
|
|
cls_rule_make_invisible_in_version(const struct cls_rule *rule,
|
2016-07-29 16:52:01 -07:00
|
|
|
|
ovs_version_t remove_version)
|
2015-06-09 17:00:00 -07:00
|
|
|
|
{
|
2016-04-17 08:51:21 -07:00
|
|
|
|
struct cls_match *cls_match = get_cls_match_protected(rule);
|
|
|
|
|
|
|
2016-07-29 16:52:01 -07:00
|
|
|
|
ovs_assert(remove_version >= cls_match->versions.add_version);
|
2015-06-12 16:12:56 -07:00
|
|
|
|
|
2016-04-17 08:51:21 -07:00
|
|
|
|
cls_match_set_remove_version(cls_match, remove_version);
|
2015-06-09 17:00:00 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-07-06 11:45:54 -07:00
|
|
|
|
/* This undoes the change made by cls_rule_make_invisible_in_version().
|
2015-05-29 11:28:38 -07:00
|
|
|
|
*
|
2016-04-17 08:51:21 -07:00
|
|
|
|
* 'rule' must be in a classifier.
|
|
|
|
|
|
* This may only be called by the exclusive writer. */
|
2015-06-09 17:00:00 -07:00
|
|
|
|
void
|
|
|
|
|
|
cls_rule_restore_visibility(const struct cls_rule *rule)
|
2015-05-29 11:28:38 -07:00
|
|
|
|
{
|
2016-04-17 08:51:21 -07:00
|
|
|
|
cls_match_set_remove_version(get_cls_match_protected(rule),
|
2016-07-29 16:52:01 -07:00
|
|
|
|
OVS_VERSION_NOT_REMOVED);
|
2015-05-29 11:28:38 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-06-09 17:00:00 -07:00
|
|
|
|
/* Return true if 'rule' is visible in 'version'.
|
|
|
|
|
|
*
|
|
|
|
|
|
* 'rule' must be in a classifier. */
|
|
|
|
|
|
bool
|
2016-07-29 16:52:01 -07:00
|
|
|
|
cls_rule_visible_in_version(const struct cls_rule *rule, ovs_version_t version)
|
2015-06-09 17:00:00 -07:00
|
|
|
|
{
|
2016-04-17 08:51:21 -07:00
|
|
|
|
struct cls_match *cls_match = get_cls_match(rule);
|
|
|
|
|
|
|
|
|
|
|
|
return cls_match && cls_match_visible_in_version(cls_match, version);
|
2015-06-09 17:00:00 -07:00
|
|
|
|
}
|
2009-07-08 13:19:16 -07:00
|
|
|
|
�
|
|
|
|
|
|
/* Initializes 'cls' as a classifier that initially contains no classification
|
|
|
|
|
|
* rules. */
|
|
|
|
|
|
void
|
2014-07-18 02:24:26 -07:00
|
|
|
|
classifier_init(struct classifier *cls, const uint8_t *flow_segments)
|
2009-07-08 13:19:16 -07:00
|
|
|
|
{
|
|
|
|
|
|
cls->n_rules = 0;
|
2014-07-11 02:29:07 -07:00
|
|
|
|
cmap_init(&cls->subtables_map);
|
2016-08-10 14:58:51 -07:00
|
|
|
|
pvector_init(&cls->subtables);
|
2013-11-19 17:31:29 -08:00
|
|
|
|
cls->n_flow_segments = 0;
|
|
|
|
|
|
if (flow_segments) {
|
|
|
|
|
|
while (cls->n_flow_segments < CLS_MAX_INDICES
|
2015-01-06 11:10:42 -08:00
|
|
|
|
&& *flow_segments < FLOW_U64S) {
|
2013-11-19 17:31:29 -08:00
|
|
|
|
cls->flow_segments[cls->n_flow_segments++] = *flow_segments++;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2013-12-11 11:07:01 -08:00
|
|
|
|
cls->n_tries = 0;
|
2014-07-11 02:29:08 -07:00
|
|
|
|
for (int i = 0; i < CLS_MAX_TRIES; i++) {
|
|
|
|
|
|
trie_init(cls, i, NULL);
|
|
|
|
|
|
}
|
2014-11-13 11:54:31 -08:00
|
|
|
|
cls->publish = true;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Destroys 'cls'. Rules within 'cls', if any, are not freed; this is the
|
lib/classifier: Lockless lookups.
Now that all the relevant classifier structures use RCU and internal
mutual exclusion for modifications, we can remove the fat-rwlock and
thus make the classifier lookups lockless.
As the readers are operating concurrently with the writers, a
concurrent reader may or may not see a new rule being added by a
writer, depending on how the concurrent events overlap with each
other. Overall, this is no different from the former locked behavior,
but there the visibility of the new rule only depended on the timing
of the locking functions.
A new rule is first added to the segment indices, so the readers may
find the rule in the indices before the rule is visible in the
subtables 'rules' map. This may result in us losing the opportunity
to quit lookups earlier, resulting in sub-optimal wildcarding. This
will be fixed by forthcoming revalidation always scheduled after flow
table changes.
Similar behavior may happen due to us removing the overlapping rule
(if any) from the indices only after the corresponding new rule has
been added.
The subtable's max priority is updated only after a rule is inserted
to the maps, so the concurrent readers may not see the rule, as the
updated priority ordered subtable list will only be visible after the
subtable's max priority is updated.
Similarly, the classifier's partitions are updated by the caller after
the rule is inserted to the maps, so the readers may keep skipping the
subtable until they see the updated partitions.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
2014-07-11 02:29:08 -07:00
|
|
|
|
* caller's responsibility.
|
|
|
|
|
|
* May only be called after all the readers have been terminated. */
|
2009-07-08 13:19:16 -07:00
|
|
|
|
void
|
2014-07-18 02:24:26 -07:00
|
|
|
|
classifier_destroy(struct classifier *cls)
|
2009-07-08 13:19:16 -07:00
|
|
|
|
{
|
2014-07-18 02:24:26 -07:00
|
|
|
|
if (cls) {
|
2014-07-21 21:00:04 -07:00
|
|
|
|
struct cls_subtable *subtable;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < cls->n_tries; i++) {
|
2014-07-11 02:29:08 -07:00
|
|
|
|
trie_destroy(&cls->tries[i].root);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2014-07-29 09:02:23 -07:00
|
|
|
|
CMAP_FOR_EACH (subtable, cmap_node, &cls->subtables_map) {
|
2013-10-29 16:39:52 -07:00
|
|
|
|
destroy_subtable(cls, subtable);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
2014-07-11 02:29:07 -07:00
|
|
|
|
cmap_destroy(&cls->subtables_map);
|
2013-09-25 15:07:21 -07:00
|
|
|
|
|
2016-08-10 14:58:51 -07:00
|
|
|
|
pvector_destroy(&cls->subtables);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Set the fields for which prefix lookup should be performed. */
|
2014-07-11 02:29:08 -07:00
|
|
|
|
bool
|
2014-07-18 02:24:26 -07:00
|
|
|
|
classifier_set_prefix_fields(struct classifier *cls,
|
2013-12-11 11:07:01 -08:00
|
|
|
|
const enum mf_field_id *trie_fields,
|
|
|
|
|
|
unsigned int n_fields)
|
|
|
|
|
|
{
|
2014-07-11 02:29:08 -07:00
|
|
|
|
const struct mf_field * new_fields[CLS_MAX_TRIES];
|
2014-07-26 12:15:26 -07:00
|
|
|
|
struct mf_bitmap fields = MF_BITMAP_INITIALIZER;
|
2014-07-11 02:29:08 -07:00
|
|
|
|
int i, n_tries = 0;
|
|
|
|
|
|
bool changed = false;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
for (i = 0; i < n_fields && n_tries < CLS_MAX_TRIES; i++) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
const struct mf_field *field = mf_from_id(trie_fields[i]);
|
|
|
|
|
|
if (field->flow_be32ofs < 0 || field->n_bits % 32) {
|
|
|
|
|
|
/* Incompatible field. This is the only place where we
|
|
|
|
|
|
* enforce these requirements, but the rest of the trie code
|
|
|
|
|
|
* depends on the flow_be32ofs to be non-negative and the
|
|
|
|
|
|
* field length to be a multiple of 32 bits. */
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-26 12:15:26 -07:00
|
|
|
|
if (bitmap_is_set(fields.bm, trie_fields[i])) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Duplicate field, there is no need to build more than
|
|
|
|
|
|
* one index for any one field. */
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
2014-07-26 12:15:26 -07:00
|
|
|
|
bitmap_set1(fields.bm, trie_fields[i]);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
new_fields[n_tries] = NULL;
|
|
|
|
|
|
if (n_tries >= cls->n_tries || field != cls->tries[n_tries].field) {
|
|
|
|
|
|
new_fields[n_tries] = field;
|
|
|
|
|
|
changed = true;
|
|
|
|
|
|
}
|
|
|
|
|
|
n_tries++;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (changed || n_tries < cls->n_tries) {
|
|
|
|
|
|
struct cls_subtable *subtable;
|
|
|
|
|
|
|
|
|
|
|
|
/* Trie configuration needs to change. Disable trie lookups
|
|
|
|
|
|
* for the tries that are changing and wait all the current readers
|
|
|
|
|
|
* with the old configuration to be done. */
|
|
|
|
|
|
changed = false;
|
|
|
|
|
|
CMAP_FOR_EACH (subtable, cmap_node, &cls->subtables_map) {
|
|
|
|
|
|
for (i = 0; i < cls->n_tries; i++) {
|
|
|
|
|
|
if ((i < n_tries && new_fields[i]) || i >= n_tries) {
|
|
|
|
|
|
if (subtable->trie_plen[i]) {
|
|
|
|
|
|
subtable->trie_plen[i] = 0;
|
|
|
|
|
|
changed = true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Synchronize if any readers were using tries. The readers may
|
|
|
|
|
|
* temporarily function without the trie lookup based optimizations. */
|
|
|
|
|
|
if (changed) {
|
|
|
|
|
|
/* ovsrcu_synchronize() functions as a memory barrier, so it does
|
|
|
|
|
|
* not matter that subtable->trie_plen is not atomic. */
|
|
|
|
|
|
ovsrcu_synchronize();
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
/* Now set up the tries. */
|
|
|
|
|
|
for (i = 0; i < n_tries; i++) {
|
|
|
|
|
|
if (new_fields[i]) {
|
|
|
|
|
|
trie_init(cls, i, new_fields[i]);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Destroy the rest, if any. */
|
|
|
|
|
|
for (; i < cls->n_tries; i++) {
|
|
|
|
|
|
trie_init(cls, i, NULL);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
cls->n_tries = n_tries;
|
|
|
|
|
|
return true;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
2014-07-11 02:29:08 -07:00
|
|
|
|
|
|
|
|
|
|
return false; /* No change. */
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
2014-07-18 02:24:26 -07:00
|
|
|
|
trie_init(struct classifier *cls, int trie_idx, const struct mf_field *field)
|
2013-12-11 11:07:01 -08:00
|
|
|
|
{
|
|
|
|
|
|
struct cls_trie *trie = &cls->tries[trie_idx];
|
|
|
|
|
|
struct cls_subtable *subtable;
|
|
|
|
|
|
|
|
|
|
|
|
if (trie_idx < cls->n_tries) {
|
2014-07-11 02:29:08 -07:00
|
|
|
|
trie_destroy(&trie->root);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
ovsrcu_set_hidden(&trie->root, NULL);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
trie->field = field;
|
|
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
/* Add existing rules to the new trie. */
|
2014-07-11 02:29:07 -07:00
|
|
|
|
CMAP_FOR_EACH (subtable, cmap_node, &cls->subtables_map) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
unsigned int plen;
|
|
|
|
|
|
|
|
|
|
|
|
plen = field ? minimask_get_prefix_len(&subtable->mask, field) : 0;
|
|
|
|
|
|
if (plen) {
|
2014-04-29 15:50:38 -07:00
|
|
|
|
struct cls_match *head;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
2014-07-11 02:29:07 -07:00
|
|
|
|
CMAP_FOR_EACH (head, cmap_node, &subtable->rules) {
|
2014-11-14 14:47:03 -08:00
|
|
|
|
trie_insert(trie, head->cls_rule, plen);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2014-07-11 02:29:08 -07:00
|
|
|
|
/* Initialize subtable's prefix length on this field. This will
|
|
|
|
|
|
* allow readers to use the trie. */
|
|
|
|
|
|
atomic_thread_fence(memory_order_release);
|
|
|
|
|
|
subtable->trie_plen[trie_idx] = plen;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-11 02:29:07 -07:00
|
|
|
|
/* Returns true if 'cls' contains no classification rules, false otherwise.
|
|
|
|
|
|
* Checking the cmap requires no locking. */
|
2009-07-08 13:19:16 -07:00
|
|
|
|
bool
|
|
|
|
|
|
classifier_is_empty(const struct classifier *cls)
|
|
|
|
|
|
{
|
2014-07-18 02:24:26 -07:00
|
|
|
|
return cmap_is_empty(&cls->subtables_map);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2012-07-20 14:54:30 -07:00
|
|
|
|
/* Returns the number of rules in 'cls'. */
|
2009-07-08 13:19:16 -07:00
|
|
|
|
int
|
|
|
|
|
|
classifier_count(const struct classifier *cls)
|
|
|
|
|
|
{
|
lib/classifier: Lockless lookups.
Now that all the relevant classifier structures use RCU and internal
mutual exclusion for modifications, we can remove the fat-rwlock and
thus make the classifier lookups lockless.
As the readers are operating concurrently with the writers, a
concurrent reader may or may not see a new rule being added by a
writer, depending on how the concurrent events overlap with each
other. Overall, this is no different from the former locked behavior,
but there the visibility of the new rule only depended on the timing
of the locking functions.
A new rule is first added to the segment indices, so the readers may
find the rule in the indices before the rule is visible in the
subtables 'rules' map. This may result in us losing the opportunity
to quit lookups earlier, resulting in sub-optimal wildcarding. This
will be fixed by forthcoming revalidation always scheduled after flow
table changes.
Similar behavior may happen due to us removing the overlapping rule
(if any) from the indices only after the corresponding new rule has
been added.
The subtable's max priority is updated only after a rule is inserted
to the maps, so the concurrent readers may not see the rule, as the
updated priority ordered subtable list will only be visible after the
subtable's max priority is updated.
Similarly, the classifier's partitions are updated by the caller after
the rule is inserted to the maps, so the readers may keep skipping the
subtable until they see the updated partitions.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
2014-07-11 02:29:08 -07:00
|
|
|
|
/* n_rules is an int, so in the presence of concurrent writers this will
|
|
|
|
|
|
* return either the old or a new value. */
|
2014-07-18 02:24:26 -07:00
|
|
|
|
return cls->n_rules;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-30 14:09:08 -07:00
|
|
|
|
static inline ovs_be32 minimatch_get_ports(const struct minimatch *match)
|
|
|
|
|
|
{
|
|
|
|
|
|
/* Could optimize to use the same map if needed for fast path. */
|
2018-03-19 21:34:26 -07:00
|
|
|
|
return (miniflow_get_ports(match->flow)
|
|
|
|
|
|
& miniflow_get_ports(&match->mask->masks));
|
2014-04-30 14:09:08 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-07-06 11:45:54 -07:00
|
|
|
|
/* Inserts 'rule' into 'cls' in 'version'. Until 'rule' is removed from 'cls',
|
|
|
|
|
|
* the caller must not modify or free it.
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
|
|
|
|
|
* If 'cls' already contains an identical rule (including wildcards, values of
|
2015-07-06 11:45:54 -07:00
|
|
|
|
* fixed fields, and priority) that is visible in 'version', replaces the old
|
|
|
|
|
|
* rule by 'rule' and returns the rule that was replaced. The caller takes
|
|
|
|
|
|
* ownership of the returned rule and is thus responsible for destroying it
|
|
|
|
|
|
* with cls_rule_destroy(), after RCU grace period has passed (see
|
|
|
|
|
|
* ovsrcu_postpone()).
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
|
|
|
|
|
* Returns NULL if 'cls' does not contain a rule with an identical key, after
|
|
|
|
|
|
* inserting the new rule. In this case, no rules are displaced by the new
|
|
|
|
|
|
* rule, even rules that cannot have any effect because the new rule matches a
|
2014-11-12 15:22:35 -08:00
|
|
|
|
* superset of their flows and has higher priority.
|
|
|
|
|
|
*/
|
2014-11-06 14:55:29 -08:00
|
|
|
|
const struct cls_rule *
|
2015-01-11 13:25:24 -08:00
|
|
|
|
classifier_replace(struct classifier *cls, const struct cls_rule *rule,
|
2016-07-29 16:52:01 -07:00
|
|
|
|
ovs_version_t version,
|
2015-01-11 13:25:24 -08:00
|
|
|
|
const struct cls_conjunction *conjs, size_t n_conjs)
|
2009-07-08 13:19:16 -07:00
|
|
|
|
{
|
2015-06-09 17:00:00 -07:00
|
|
|
|
struct cls_match *new;
|
2013-10-29 16:39:52 -07:00
|
|
|
|
struct cls_subtable *subtable;
|
2014-11-12 15:22:35 -08:00
|
|
|
|
uint32_t ihash[CLS_MAX_INDICES];
|
|
|
|
|
|
struct cls_match *head;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
unsigned int mask_offset;
|
2014-11-14 14:47:03 -08:00
|
|
|
|
size_t n_rules = 0;
|
2014-11-12 15:22:35 -08:00
|
|
|
|
uint32_t basis;
|
|
|
|
|
|
uint32_t hash;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
unsigned int i;
|
2010-11-03 11:00:58 -07:00
|
|
|
|
|
2015-06-09 17:00:00 -07:00
|
|
|
|
/* 'new' is initially invisible to lookups. */
|
2015-07-06 11:45:54 -07:00
|
|
|
|
new = cls_match_alloc(rule, version, conjs, n_conjs);
|
2016-04-17 08:51:21 -07:00
|
|
|
|
ovsrcu_set(&CONST_CAST(struct cls_rule *, rule)->cls_match, new);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
subtable = find_subtable(cls, rule->match.mask);
|
2013-10-29 16:39:52 -07:00
|
|
|
|
if (!subtable) {
|
2015-07-15 13:17:01 -07:00
|
|
|
|
subtable = insert_subtable(cls, rule->match.mask);
|
2010-11-03 11:00:58 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-11-14 14:47:03 -08:00
|
|
|
|
/* Compute hashes in segments. */
|
2014-11-12 15:22:35 -08:00
|
|
|
|
basis = 0;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
mask_offset = 0;
|
2014-11-12 15:22:35 -08:00
|
|
|
|
for (i = 0; i < subtable->n_indices; i++) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
ihash[i] = minimatch_hash_range(&rule->match, subtable->index_maps[i],
|
2015-08-25 13:55:03 -07:00
|
|
|
|
&mask_offset, &basis);
|
2014-11-12 15:22:35 -08:00
|
|
|
|
}
|
2015-08-25 13:55:03 -07:00
|
|
|
|
hash = minimatch_hash_range(&rule->match, subtable->index_maps[i],
|
2015-08-25 13:55:03 -07:00
|
|
|
|
&mask_offset, &basis);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
head = find_equal(subtable, rule->match.flow, hash);
|
2014-11-12 15:22:35 -08:00
|
|
|
|
if (!head) {
|
|
|
|
|
|
/* Add rule to tries.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Concurrent readers might miss seeing the rule until this update,
|
|
|
|
|
|
* which might require being fixed up by revalidation later. */
|
2014-11-14 14:47:03 -08:00
|
|
|
|
for (i = 0; i < cls->n_tries; i++) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
if (subtable->trie_plen[i]) {
|
|
|
|
|
|
trie_insert(&cls->tries[i], rule, subtable->trie_plen[i]);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2014-04-30 14:09:08 -07:00
|
|
|
|
|
2014-11-12 15:22:35 -08:00
|
|
|
|
/* Add rule to ports trie. */
|
2014-04-30 14:09:08 -07:00
|
|
|
|
if (subtable->ports_mask_len) {
|
|
|
|
|
|
/* We mask the value to be inserted to always have the wildcarded
|
|
|
|
|
|
* bits in known (zero) state, so we can include them in comparison
|
|
|
|
|
|
* and they will always match (== their original value does not
|
|
|
|
|
|
* matter). */
|
|
|
|
|
|
ovs_be32 masked_ports = minimatch_get_ports(&rule->match);
|
|
|
|
|
|
|
|
|
|
|
|
trie_insert_prefix(&subtable->ports_trie, &masked_ports,
|
|
|
|
|
|
subtable->ports_mask_len);
|
|
|
|
|
|
}
|
2014-11-12 15:22:35 -08:00
|
|
|
|
|
2016-04-22 19:40:09 -07:00
|
|
|
|
/* Add new node to segment indices. */
|
2014-11-12 15:22:35 -08:00
|
|
|
|
for (i = 0; i < subtable->n_indices; i++) {
|
2016-04-22 19:40:09 -07:00
|
|
|
|
ccmap_inc(&subtable->indices[i], ihash[i]);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
}
|
|
|
|
|
|
n_rules = cmap_insert(&subtable->rules, &new->cmap_node, hash);
|
|
|
|
|
|
} else { /* Equal rules exist in the classifier already. */
|
2015-06-11 15:53:42 -07:00
|
|
|
|
struct cls_match *prev, *iter;
|
2014-11-14 14:47:03 -08:00
|
|
|
|
|
|
|
|
|
|
/* Scan the list for the insertion point that will keep the list in
|
2015-06-09 17:00:00 -07:00
|
|
|
|
* order of decreasing priority. Insert after rules marked invisible
|
|
|
|
|
|
* in any version of the same priority. */
|
2015-06-11 15:53:42 -07:00
|
|
|
|
FOR_EACH_RULE_IN_LIST_PROTECTED (iter, prev, head) {
|
2015-05-29 11:28:38 -07:00
|
|
|
|
if (rule->priority > iter->priority
|
|
|
|
|
|
|| (rule->priority == iter->priority
|
2015-06-09 17:00:00 -07:00
|
|
|
|
&& !cls_match_is_eventually_invisible(iter))) {
|
2014-11-14 14:47:03 -08:00
|
|
|
|
break;
|
|
|
|
|
|
}
|
2014-11-12 15:22:35 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-06-11 15:53:42 -07:00
|
|
|
|
/* Replace 'iter' with 'new' or insert 'new' between 'prev' and
|
|
|
|
|
|
* 'iter'. */
|
2014-11-14 14:47:03 -08:00
|
|
|
|
if (iter) {
|
|
|
|
|
|
struct cls_rule *old;
|
|
|
|
|
|
|
|
|
|
|
|
if (rule->priority == iter->priority) {
|
2015-06-11 15:53:42 -07:00
|
|
|
|
cls_match_replace(prev, iter, new);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
old = CONST_CAST(struct cls_rule *, iter->cls_rule);
|
|
|
|
|
|
} else {
|
2015-06-11 15:53:42 -07:00
|
|
|
|
cls_match_insert(prev, iter, new);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
old = NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Replace the existing head in data structures, if rule is the new
|
|
|
|
|
|
* head. */
|
|
|
|
|
|
if (iter == head) {
|
2016-04-22 19:40:09 -07:00
|
|
|
|
cmap_replace(&subtable->rules, &head->cmap_node,
|
|
|
|
|
|
&new->cmap_node, hash);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (old) {
|
2015-01-11 13:25:24 -08:00
|
|
|
|
struct cls_conjunction_set *conj_set;
|
|
|
|
|
|
|
|
|
|
|
|
conj_set = ovsrcu_get_protected(struct cls_conjunction_set *,
|
|
|
|
|
|
&iter->conj_set);
|
|
|
|
|
|
if (conj_set) {
|
|
|
|
|
|
ovsrcu_postpone(free, conj_set);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-04-17 08:51:21 -07:00
|
|
|
|
ovsrcu_set(&old->cls_match, NULL); /* Marks old rule as removed
|
|
|
|
|
|
* from the classifier. */
|
2015-06-11 15:53:42 -07:00
|
|
|
|
ovsrcu_postpone(cls_match_free_cb, iter);
|
2014-07-11 02:29:07 -07:00
|
|
|
|
|
2014-11-14 14:47:03 -08:00
|
|
|
|
/* No change in subtable's max priority or max count. */
|
|
|
|
|
|
|
2015-06-09 17:00:00 -07:00
|
|
|
|
/* Make 'new' visible to lookups in the appropriate version. */
|
2016-07-29 16:52:01 -07:00
|
|
|
|
cls_match_set_remove_version(new, OVS_VERSION_NOT_REMOVED);
|
2015-05-29 11:28:38 -07:00
|
|
|
|
|
|
|
|
|
|
/* Make rule visible to iterators (immediately). */
|
2014-11-13 11:54:31 -08:00
|
|
|
|
rculist_replace(CONST_CAST(struct rculist *, &rule->node),
|
|
|
|
|
|
&old->node);
|
2014-11-13 11:54:31 -08:00
|
|
|
|
|
2014-11-14 14:47:03 -08:00
|
|
|
|
/* Return displaced rule. Caller is responsible for keeping it
|
|
|
|
|
|
* around until all threads quiesce. */
|
|
|
|
|
|
return old;
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
2015-06-11 15:53:42 -07:00
|
|
|
|
/* 'new' is new node after 'prev' */
|
|
|
|
|
|
cls_match_insert(prev, iter, new);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
}
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
2014-11-12 15:22:35 -08:00
|
|
|
|
|
2015-06-09 17:00:00 -07:00
|
|
|
|
/* Make 'new' visible to lookups in the appropriate version. */
|
2016-07-29 16:52:01 -07:00
|
|
|
|
cls_match_set_remove_version(new, OVS_VERSION_NOT_REMOVED);
|
2015-05-29 11:28:38 -07:00
|
|
|
|
|
|
|
|
|
|
/* Make rule visible to iterators (immediately). */
|
2014-11-13 11:54:31 -08:00
|
|
|
|
rculist_push_back(&subtable->rules_list,
|
|
|
|
|
|
CONST_CAST(struct rculist *, &rule->node));
|
2014-11-13 11:54:31 -08:00
|
|
|
|
|
2014-11-14 14:47:03 -08:00
|
|
|
|
/* Rule was added, not replaced. Update 'subtable's 'max_priority' and
|
|
|
|
|
|
* 'max_count', if necessary.
|
|
|
|
|
|
*
|
|
|
|
|
|
* The rule was already inserted, but concurrent readers may not see the
|
|
|
|
|
|
* rule yet as the subtables vector is not updated yet. This will have to
|
|
|
|
|
|
* be fixed by revalidation later. */
|
|
|
|
|
|
if (n_rules == 1) {
|
|
|
|
|
|
subtable->max_priority = rule->priority;
|
|
|
|
|
|
subtable->max_count = 1;
|
2016-08-10 14:58:51 -07:00
|
|
|
|
pvector_insert(&cls->subtables, subtable, rule->priority);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
} else if (rule->priority == subtable->max_priority) {
|
|
|
|
|
|
++subtable->max_count;
|
|
|
|
|
|
} else if (rule->priority > subtable->max_priority) {
|
|
|
|
|
|
subtable->max_priority = rule->priority;
|
|
|
|
|
|
subtable->max_count = 1;
|
2016-08-10 14:58:51 -07:00
|
|
|
|
pvector_change_priority(&cls->subtables, subtable, rule->priority);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Nothing was replaced. */
|
|
|
|
|
|
cls->n_rules++;
|
2014-11-13 11:54:31 -08:00
|
|
|
|
|
|
|
|
|
|
if (cls->publish) {
|
2016-08-10 14:58:51 -07:00
|
|
|
|
pvector_publish(&cls->subtables);
|
2014-11-13 11:54:31 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-11-14 14:47:03 -08:00
|
|
|
|
return NULL;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2011-05-11 14:06:48 -07:00
|
|
|
|
/* Inserts 'rule' into 'cls'. Until 'rule' is removed from 'cls', the caller
|
|
|
|
|
|
* must not modify or free it.
|
|
|
|
|
|
*
|
|
|
|
|
|
* 'cls' must not contain an identical rule (including wildcards, values of
|
|
|
|
|
|
* fixed fields, and priority). Use classifier_find_rule_exactly() to find
|
|
|
|
|
|
* such a rule. */
|
|
|
|
|
|
void
|
2015-01-11 13:25:24 -08:00
|
|
|
|
classifier_insert(struct classifier *cls, const struct cls_rule *rule,
|
2016-07-29 16:52:01 -07:00
|
|
|
|
ovs_version_t version, const struct cls_conjunction conj[],
|
2015-07-06 11:45:54 -07:00
|
|
|
|
size_t n_conj)
|
2011-05-11 14:06:48 -07:00
|
|
|
|
{
|
2015-01-11 13:25:24 -08:00
|
|
|
|
const struct cls_rule *displaced_rule
|
2015-07-06 11:45:54 -07:00
|
|
|
|
= classifier_replace(cls, rule, version, conj, n_conj);
|
2012-11-06 13:14:55 -08:00
|
|
|
|
ovs_assert(!displaced_rule);
|
2011-05-11 14:06:48 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-01-30 13:00:31 -08:00
|
|
|
|
/* If 'rule' is in 'cls', removes 'rule' from 'cls' and returns true. It is
|
|
|
|
|
|
* the caller's responsibility to destroy 'rule' with cls_rule_destroy(),
|
|
|
|
|
|
* freeing the memory block in which 'rule' resides, etc., as necessary.
|
2014-10-10 15:38:57 -07:00
|
|
|
|
*
|
2018-01-30 13:00:31 -08:00
|
|
|
|
* If 'rule' is not in any classifier, returns false without making any
|
|
|
|
|
|
* changes.
|
2014-10-10 15:38:57 -07:00
|
|
|
|
*
|
2018-01-30 13:00:31 -08:00
|
|
|
|
* 'rule' must not be in some classifier other than 'cls'.
|
2014-10-10 15:38:57 -07:00
|
|
|
|
*/
|
2018-01-30 13:00:31 -08:00
|
|
|
|
bool
|
2015-05-29 11:28:38 -07:00
|
|
|
|
classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule)
|
2009-07-08 13:19:16 -07:00
|
|
|
|
{
|
2015-06-11 15:53:42 -07:00
|
|
|
|
struct cls_match *rule, *prev, *next, *head;
|
2015-01-11 13:25:24 -08:00
|
|
|
|
struct cls_conjunction_set *conj_set;
|
2013-10-29 16:39:52 -07:00
|
|
|
|
struct cls_subtable *subtable;
|
2014-07-11 02:29:07 -07:00
|
|
|
|
uint32_t basis = 0, hash, ihash[CLS_MAX_INDICES];
|
2015-08-25 13:55:03 -07:00
|
|
|
|
unsigned int mask_offset;
|
2014-11-14 14:47:03 -08:00
|
|
|
|
size_t n_rules;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
unsigned int i;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2016-04-17 08:51:21 -07:00
|
|
|
|
rule = get_cls_match_protected(cls_rule);
|
2015-05-29 11:28:38 -07:00
|
|
|
|
if (!rule) {
|
2018-01-30 13:00:31 -08:00
|
|
|
|
return false;
|
2014-10-10 15:38:57 -07:00
|
|
|
|
}
|
2014-11-14 14:47:03 -08:00
|
|
|
|
/* Mark as removed. */
|
2016-04-17 08:51:21 -07:00
|
|
|
|
ovsrcu_set(&CONST_CAST(struct cls_rule *, cls_rule)->cls_match, NULL);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
|
2015-05-29 11:28:38 -07:00
|
|
|
|
/* Remove 'cls_rule' from the subtable's rules list. */
|
|
|
|
|
|
rculist_remove(CONST_CAST(struct rculist *, &cls_rule->node));
|
2014-11-13 11:54:31 -08:00
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
subtable = find_subtable(cls, cls_rule->match.mask);
|
2014-04-29 15:50:38 -07:00
|
|
|
|
ovs_assert(subtable);
|
|
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
mask_offset = 0;
|
2014-11-14 14:47:03 -08:00
|
|
|
|
for (i = 0; i < subtable->n_indices; i++) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
ihash[i] = minimatch_hash_range(&cls_rule->match,
|
2015-08-25 13:55:03 -07:00
|
|
|
|
subtable->index_maps[i],
|
2015-08-25 13:55:03 -07:00
|
|
|
|
&mask_offset, &basis);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
}
|
2015-08-25 13:55:03 -07:00
|
|
|
|
hash = minimatch_hash_range(&cls_rule->match, subtable->index_maps[i],
|
2015-08-25 13:55:03 -07:00
|
|
|
|
&mask_offset, &basis);
|
2015-05-29 11:28:38 -07:00
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
head = find_equal(subtable, cls_rule->match.flow, hash);
|
2015-06-11 15:53:42 -07:00
|
|
|
|
|
2015-05-29 11:28:38 -07:00
|
|
|
|
/* Check if the rule is not the head rule. */
|
2015-06-11 15:53:42 -07:00
|
|
|
|
if (rule != head) {
|
|
|
|
|
|
struct cls_match *iter;
|
|
|
|
|
|
|
2015-05-29 11:28:38 -07:00
|
|
|
|
/* Not the head rule, but potentially one with the same priority. */
|
2015-06-11 15:53:42 -07:00
|
|
|
|
/* Remove from the list of equal rules. */
|
|
|
|
|
|
FOR_EACH_RULE_IN_LIST_PROTECTED (iter, prev, head) {
|
|
|
|
|
|
if (rule == iter) {
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
ovs_assert(iter == rule);
|
|
|
|
|
|
|
|
|
|
|
|
cls_match_remove(prev, rule);
|
|
|
|
|
|
|
2015-05-29 11:28:38 -07:00
|
|
|
|
goto check_priority;
|
|
|
|
|
|
}
|
2014-11-14 14:47:03 -08:00
|
|
|
|
|
2015-05-29 11:28:38 -07:00
|
|
|
|
/* 'rule' is the head rule. Check if there is another rule to
|
|
|
|
|
|
* replace 'rule' in the data structures. */
|
2015-06-11 15:53:42 -07:00
|
|
|
|
next = cls_match_next_protected(rule);
|
|
|
|
|
|
if (next) {
|
2016-04-22 19:40:09 -07:00
|
|
|
|
cmap_replace(&subtable->rules, &rule->cmap_node, &next->cmap_node,
|
|
|
|
|
|
hash);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
goto check_priority;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* 'rule' is last of the kind in the classifier, must remove from all the
|
|
|
|
|
|
* data structures. */
|
|
|
|
|
|
|
2014-04-30 14:09:08 -07:00
|
|
|
|
if (subtable->ports_mask_len) {
|
2015-05-29 11:28:38 -07:00
|
|
|
|
ovs_be32 masked_ports = minimatch_get_ports(&cls_rule->match);
|
2014-04-30 14:09:08 -07:00
|
|
|
|
|
|
|
|
|
|
trie_remove_prefix(&subtable->ports_trie,
|
|
|
|
|
|
&masked_ports, subtable->ports_mask_len);
|
|
|
|
|
|
}
|
2013-12-11 11:07:01 -08:00
|
|
|
|
for (i = 0; i < cls->n_tries; i++) {
|
|
|
|
|
|
if (subtable->trie_plen[i]) {
|
2015-05-29 11:28:38 -07:00
|
|
|
|
trie_remove(&cls->tries[i], cls_rule, subtable->trie_plen[i]);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-11-19 17:31:29 -08:00
|
|
|
|
/* Remove rule node from indices. */
|
|
|
|
|
|
for (i = 0; i < subtable->n_indices; i++) {
|
2016-04-22 19:40:09 -07:00
|
|
|
|
ccmap_dec(&subtable->indices[i], ihash[i]);
|
2010-11-03 11:00:58 -07:00
|
|
|
|
}
|
2015-05-29 11:28:38 -07:00
|
|
|
|
n_rules = cmap_remove(&subtable->rules, &rule->cmap_node, hash);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2014-11-14 14:47:03 -08:00
|
|
|
|
if (n_rules == 0) {
|
2013-10-29 16:39:52 -07:00
|
|
|
|
destroy_subtable(cls, subtable);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
} else {
|
|
|
|
|
|
check_priority:
|
|
|
|
|
|
if (subtable->max_priority == rule->priority
|
|
|
|
|
|
&& --subtable->max_count == 0) {
|
|
|
|
|
|
/* Find the new 'max_priority' and 'max_count'. */
|
|
|
|
|
|
int max_priority = INT_MIN;
|
|
|
|
|
|
CMAP_FOR_EACH (head, cmap_node, &subtable->rules) {
|
|
|
|
|
|
if (head->priority > max_priority) {
|
|
|
|
|
|
max_priority = head->priority;
|
|
|
|
|
|
subtable->max_count = 1;
|
|
|
|
|
|
} else if (head->priority == max_priority) {
|
|
|
|
|
|
++subtable->max_count;
|
|
|
|
|
|
}
|
2014-06-26 07:41:25 -07:00
|
|
|
|
}
|
2014-11-14 14:47:03 -08:00
|
|
|
|
subtable->max_priority = max_priority;
|
2016-08-10 14:58:51 -07:00
|
|
|
|
pvector_change_priority(&cls->subtables, subtable, max_priority);
|
2014-06-26 07:41:25 -07:00
|
|
|
|
}
|
2013-02-08 00:06:22 +02:00
|
|
|
|
}
|
2014-11-13 11:54:31 -08:00
|
|
|
|
|
|
|
|
|
|
if (cls->publish) {
|
2016-08-10 14:58:51 -07:00
|
|
|
|
pvector_publish(&cls->subtables);
|
2014-11-13 11:54:31 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-06-11 15:53:42 -07:00
|
|
|
|
/* free the rule. */
|
2015-01-11 13:25:24 -08:00
|
|
|
|
conj_set = ovsrcu_get_protected(struct cls_conjunction_set *,
|
2015-05-29 11:28:38 -07:00
|
|
|
|
&rule->conj_set);
|
2015-01-11 13:25:24 -08:00
|
|
|
|
if (conj_set) {
|
|
|
|
|
|
ovsrcu_postpone(free, conj_set);
|
|
|
|
|
|
}
|
2015-06-11 15:53:42 -07:00
|
|
|
|
ovsrcu_postpone(cls_match_free_cb, rule);
|
2014-11-14 14:47:03 -08:00
|
|
|
|
cls->n_rules--;
|
2014-10-10 15:38:57 -07:00
|
|
|
|
|
2018-01-30 13:00:31 -08:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
|
classifier_remove_assert(struct classifier *cls,
|
|
|
|
|
|
const struct cls_rule *cls_rule)
|
|
|
|
|
|
{
|
|
|
|
|
|
ovs_assert(classifier_remove(cls, cls_rule));
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Prefix tree context. Valid when 'lookup_done' is true. Can skip all
|
2014-07-18 02:24:26 -07:00
|
|
|
|
* subtables which have a prefix match on the trie field, but whose prefix
|
|
|
|
|
|
* length is not indicated in 'match_plens'. For example, a subtable that
|
|
|
|
|
|
* has a 8-bit trie field prefix match can be skipped if
|
|
|
|
|
|
* !be_get_bit_at(&match_plens, 8 - 1). If skipped, 'maskbits' prefix bits
|
|
|
|
|
|
* must be unwildcarded to make datapath flow only match packets it should. */
|
2013-12-11 11:07:01 -08:00
|
|
|
|
struct trie_ctx {
|
|
|
|
|
|
const struct cls_trie *trie;
|
|
|
|
|
|
bool lookup_done; /* Status of the lookup. */
|
|
|
|
|
|
uint8_t be32ofs; /* U32 offset of the field in question. */
|
|
|
|
|
|
unsigned int maskbits; /* Prefix length needed to avoid false matches. */
|
2015-08-12 17:03:07 -07:00
|
|
|
|
union trie_prefix match_plens; /* Bitmask of prefix lengths with possible
|
|
|
|
|
|
* matches. */
|
2013-12-11 11:07:01 -08:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
|
trie_ctx_init(struct trie_ctx *ctx, const struct cls_trie *trie)
|
|
|
|
|
|
{
|
|
|
|
|
|
ctx->trie = trie;
|
|
|
|
|
|
ctx->be32ofs = trie->field->flow_be32ofs;
|
|
|
|
|
|
ctx->lookup_done = false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-01-11 13:25:24 -08:00
|
|
|
|
struct conjunctive_match {
|
|
|
|
|
|
struct hmap_node hmap_node;
|
|
|
|
|
|
uint32_t id;
|
|
|
|
|
|
uint64_t clauses;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
static struct conjunctive_match *
|
|
|
|
|
|
find_conjunctive_match__(struct hmap *matches, uint64_t id, uint32_t hash)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct conjunctive_match *m;
|
|
|
|
|
|
|
|
|
|
|
|
HMAP_FOR_EACH_IN_BUCKET (m, hmap_node, hash, matches) {
|
|
|
|
|
|
if (m->id == id) {
|
|
|
|
|
|
return m;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static bool
|
|
|
|
|
|
find_conjunctive_match(const struct cls_conjunction_set *set,
|
|
|
|
|
|
unsigned int max_n_clauses, struct hmap *matches,
|
|
|
|
|
|
struct conjunctive_match *cm_stubs, size_t n_cm_stubs,
|
|
|
|
|
|
uint32_t *idp)
|
|
|
|
|
|
{
|
|
|
|
|
|
const struct cls_conjunction *c;
|
|
|
|
|
|
|
|
|
|
|
|
if (max_n_clauses < set->min_n_clauses) {
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
for (c = set->conj; c < &set->conj[set->n]; c++) {
|
|
|
|
|
|
struct conjunctive_match *cm;
|
|
|
|
|
|
uint32_t hash;
|
|
|
|
|
|
|
|
|
|
|
|
if (c->n_clauses > max_n_clauses) {
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
hash = hash_int(c->id, 0);
|
|
|
|
|
|
cm = find_conjunctive_match__(matches, c->id, hash);
|
|
|
|
|
|
if (!cm) {
|
|
|
|
|
|
size_t n = hmap_count(matches);
|
|
|
|
|
|
|
|
|
|
|
|
cm = n < n_cm_stubs ? &cm_stubs[n] : xmalloc(sizeof *cm);
|
|
|
|
|
|
hmap_insert(matches, &cm->hmap_node, hash);
|
|
|
|
|
|
cm->id = c->id;
|
|
|
|
|
|
cm->clauses = UINT64_MAX << (c->n_clauses & 63);
|
|
|
|
|
|
}
|
|
|
|
|
|
cm->clauses |= UINT64_C(1) << c->clause;
|
|
|
|
|
|
if (cm->clauses == UINT64_MAX) {
|
|
|
|
|
|
*idp = cm->id;
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
|
free_conjunctive_matches(struct hmap *matches,
|
|
|
|
|
|
struct conjunctive_match *cm_stubs, size_t n_cm_stubs)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (hmap_count(matches) > n_cm_stubs) {
|
|
|
|
|
|
struct conjunctive_match *cm, *next;
|
|
|
|
|
|
|
|
|
|
|
|
HMAP_FOR_EACH_SAFE (cm, next, hmap_node, matches) {
|
|
|
|
|
|
if (!(cm >= cm_stubs && cm < &cm_stubs[n_cm_stubs])) {
|
|
|
|
|
|
free(cm);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
hmap_destroy(matches);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Like classifier_lookup(), except that support for conjunctive matches can be
|
|
|
|
|
|
* configured with 'allow_conjunctive_matches'. That feature is not exposed
|
|
|
|
|
|
* externally because turning off conjunctive matches is only useful to avoid
|
|
|
|
|
|
* recursion within this function itself.
|
2014-10-30 14:12:45 -07:00
|
|
|
|
*
|
|
|
|
|
|
* 'flow' is non-const to allow for temporary modifications during the lookup.
|
|
|
|
|
|
* Any changes are restored before returning. */
|
2015-01-11 13:25:24 -08:00
|
|
|
|
static const struct cls_rule *
|
2016-07-29 16:52:01 -07:00
|
|
|
|
classifier_lookup__(const struct classifier *cls, ovs_version_t version,
|
2015-06-09 17:00:00 -07:00
|
|
|
|
struct flow *flow, struct flow_wildcards *wc,
|
|
|
|
|
|
bool allow_conjunctive_matches)
|
2010-10-14 10:13:51 -07:00
|
|
|
|
{
|
2014-06-26 07:41:25 -07:00
|
|
|
|
struct trie_ctx trie_ctx[CLS_MAX_TRIES];
|
2015-01-11 13:25:24 -08:00
|
|
|
|
const struct cls_match *match;
|
|
|
|
|
|
/* Highest-priority flow in 'cls' that certainly matches 'flow'. */
|
|
|
|
|
|
const struct cls_match *hard = NULL;
|
|
|
|
|
|
int hard_pri = INT_MIN; /* hard ? hard->priority : INT_MIN. */
|
|
|
|
|
|
|
|
|
|
|
|
/* Highest-priority conjunctive flows in 'cls' matching 'flow'. Since
|
|
|
|
|
|
* these are (components of) conjunctive flows, we can only know whether
|
|
|
|
|
|
* the full conjunctive flow matches after seeing multiple of them. Thus,
|
|
|
|
|
|
* we refer to these as "soft matches". */
|
|
|
|
|
|
struct cls_conjunction_set *soft_stub[64];
|
|
|
|
|
|
struct cls_conjunction_set **soft = soft_stub;
|
|
|
|
|
|
size_t n_soft = 0, allocated_soft = ARRAY_SIZE(soft_stub);
|
|
|
|
|
|
int soft_pri = INT_MIN; /* n_soft ? MAX(soft[*]->priority) : INT_MIN. */
|
2013-09-25 15:07:21 -07:00
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
/* Synchronize for cls->n_tries and subtable->trie_plen. They can change
|
|
|
|
|
|
* when table configuration changes, which happens typically only on
|
|
|
|
|
|
* startup. */
|
|
|
|
|
|
atomic_thread_fence(memory_order_acquire);
|
|
|
|
|
|
|
2014-10-24 16:17:08 -07:00
|
|
|
|
/* Initialize trie contexts for find_match_wc(). */
|
2014-06-26 07:41:25 -07:00
|
|
|
|
for (int i = 0; i < cls->n_tries; i++) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
trie_ctx_init(&trie_ctx[i], &cls->tries[i]);
|
|
|
|
|
|
}
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
2015-01-11 13:25:24 -08:00
|
|
|
|
/* Main loop. */
|
|
|
|
|
|
struct cls_subtable *subtable;
|
2016-08-10 14:58:51 -07:00
|
|
|
|
PVECTOR_FOR_EACH_PRIORITY (subtable, hard_pri + 1, 2, sizeof *subtable,
|
|
|
|
|
|
&cls->subtables) {
|
2015-01-11 13:25:24 -08:00
|
|
|
|
struct cls_conjunction_set *conj_set;
|
2013-09-25 15:07:21 -07:00
|
|
|
|
|
2015-01-11 13:25:24 -08:00
|
|
|
|
/* Skip subtables with no match, or where the match is lower-priority
|
|
|
|
|
|
* than some certain match we've already found. */
|
2015-06-09 17:00:00 -07:00
|
|
|
|
match = find_match_wc(subtable, version, flow, trie_ctx, cls->n_tries,
|
|
|
|
|
|
wc);
|
2015-01-11 13:25:24 -08:00
|
|
|
|
if (!match || match->priority <= hard_pri) {
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
conj_set = ovsrcu_get(struct cls_conjunction_set *, &match->conj_set);
|
|
|
|
|
|
if (!conj_set) {
|
|
|
|
|
|
/* 'match' isn't part of a conjunctive match. It's the best
|
|
|
|
|
|
* certain match we've got so far, since we know that it's
|
|
|
|
|
|
* higher-priority than hard_pri.
|
|
|
|
|
|
*
|
|
|
|
|
|
* (There might be a higher-priority conjunctive match. We can't
|
|
|
|
|
|
* tell yet.) */
|
|
|
|
|
|
hard = match;
|
|
|
|
|
|
hard_pri = hard->priority;
|
|
|
|
|
|
} else if (allow_conjunctive_matches) {
|
|
|
|
|
|
/* 'match' is part of a conjunctive match. Add it to the list. */
|
|
|
|
|
|
if (OVS_UNLIKELY(n_soft >= allocated_soft)) {
|
|
|
|
|
|
struct cls_conjunction_set **old_soft = soft;
|
|
|
|
|
|
|
|
|
|
|
|
allocated_soft *= 2;
|
|
|
|
|
|
soft = xmalloc(allocated_soft * sizeof *soft);
|
|
|
|
|
|
memcpy(soft, old_soft, n_soft * sizeof *soft);
|
|
|
|
|
|
if (old_soft != soft_stub) {
|
|
|
|
|
|
free(old_soft);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
soft[n_soft++] = conj_set;
|
|
|
|
|
|
|
|
|
|
|
|
/* Keep track of the highest-priority soft match. */
|
|
|
|
|
|
if (soft_pri < match->priority) {
|
|
|
|
|
|
soft_pri = match->priority;
|
|
|
|
|
|
}
|
2010-11-03 11:00:58 -07:00
|
|
|
|
}
|
2010-10-14 10:13:51 -07:00
|
|
|
|
}
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
2015-01-11 13:25:24 -08:00
|
|
|
|
/* In the common case, at this point we have no soft matches and we can
|
|
|
|
|
|
* return immediately. (We do the same thing if we have potential soft
|
|
|
|
|
|
* matches but none of them are higher-priority than our hard match.) */
|
|
|
|
|
|
if (hard_pri >= soft_pri) {
|
|
|
|
|
|
if (soft != soft_stub) {
|
|
|
|
|
|
free(soft);
|
|
|
|
|
|
}
|
|
|
|
|
|
return hard ? hard->cls_rule : NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* At this point, we have some soft matches. We might also have a hard
|
|
|
|
|
|
* match; if so, its priority is lower than the highest-priority soft
|
|
|
|
|
|
* match. */
|
|
|
|
|
|
|
|
|
|
|
|
/* Soft match loop.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Check whether soft matches are real matches. */
|
|
|
|
|
|
for (;;) {
|
|
|
|
|
|
/* Delete soft matches that are null. This only happens in second and
|
|
|
|
|
|
* subsequent iterations of the soft match loop, when we drop back from
|
|
|
|
|
|
* a high-priority soft match to a lower-priority one.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Also, delete soft matches whose priority is less than or equal to
|
|
|
|
|
|
* the hard match's priority. In the first iteration of the soft
|
|
|
|
|
|
* match, these can be in 'soft' because the earlier main loop found
|
|
|
|
|
|
* the soft match before the hard match. In second and later iteration
|
|
|
|
|
|
* of the soft match loop, these can be in 'soft' because we dropped
|
|
|
|
|
|
* back from a high-priority soft match to a lower-priority soft match.
|
|
|
|
|
|
*
|
|
|
|
|
|
* It is tempting to delete soft matches that cannot be satisfied
|
|
|
|
|
|
* because there are fewer soft matches than required to satisfy any of
|
|
|
|
|
|
* their conjunctions, but we cannot do that because there might be
|
|
|
|
|
|
* lower priority soft or hard matches with otherwise identical
|
|
|
|
|
|
* matches. (We could special case those here, but there's no
|
|
|
|
|
|
* need--we'll do so at the bottom of the soft match loop anyway and
|
|
|
|
|
|
* this duplicates less code.)
|
|
|
|
|
|
*
|
|
|
|
|
|
* It's also tempting to break out of the soft match loop if 'n_soft ==
|
|
|
|
|
|
* 1' but that would also miss lower-priority hard matches. We could
|
|
|
|
|
|
* special case that also but again there's no need. */
|
|
|
|
|
|
for (int i = 0; i < n_soft; ) {
|
|
|
|
|
|
if (!soft[i] || soft[i]->priority <= hard_pri) {
|
|
|
|
|
|
soft[i] = soft[--n_soft];
|
|
|
|
|
|
} else {
|
|
|
|
|
|
i++;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if (!n_soft) {
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Find the highest priority among the soft matches. (We know this
|
|
|
|
|
|
* must be higher than the hard match's priority; otherwise we would
|
|
|
|
|
|
* have deleted all of the soft matches in the previous loop.) Count
|
|
|
|
|
|
* the number of soft matches that have that priority. */
|
|
|
|
|
|
soft_pri = INT_MIN;
|
|
|
|
|
|
int n_soft_pri = 0;
|
|
|
|
|
|
for (int i = 0; i < n_soft; i++) {
|
|
|
|
|
|
if (soft[i]->priority > soft_pri) {
|
|
|
|
|
|
soft_pri = soft[i]->priority;
|
|
|
|
|
|
n_soft_pri = 1;
|
|
|
|
|
|
} else if (soft[i]->priority == soft_pri) {
|
|
|
|
|
|
n_soft_pri++;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
ovs_assert(soft_pri > hard_pri);
|
|
|
|
|
|
|
|
|
|
|
|
/* Look for a real match among the highest-priority soft matches.
|
|
|
|
|
|
*
|
|
|
|
|
|
* It's unusual to have many conjunctive matches, so we use stubs to
|
|
|
|
|
|
* avoid calling malloc() in the common case. An hmap has a built-in
|
|
|
|
|
|
* stub for up to 2 hmap_nodes; possibly, we would benefit a variant
|
|
|
|
|
|
* with a bigger stub. */
|
|
|
|
|
|
struct conjunctive_match cm_stubs[16];
|
|
|
|
|
|
struct hmap matches;
|
|
|
|
|
|
|
|
|
|
|
|
hmap_init(&matches);
|
|
|
|
|
|
for (int i = 0; i < n_soft; i++) {
|
|
|
|
|
|
uint32_t id;
|
|
|
|
|
|
|
|
|
|
|
|
if (soft[i]->priority == soft_pri
|
|
|
|
|
|
&& find_conjunctive_match(soft[i], n_soft_pri, &matches,
|
|
|
|
|
|
cm_stubs, ARRAY_SIZE(cm_stubs),
|
|
|
|
|
|
&id)) {
|
|
|
|
|
|
uint32_t saved_conj_id = flow->conj_id;
|
|
|
|
|
|
const struct cls_rule *rule;
|
|
|
|
|
|
|
|
|
|
|
|
flow->conj_id = id;
|
2015-06-09 17:00:00 -07:00
|
|
|
|
rule = classifier_lookup__(cls, version, flow, wc, false);
|
2015-01-11 13:25:24 -08:00
|
|
|
|
flow->conj_id = saved_conj_id;
|
|
|
|
|
|
|
|
|
|
|
|
if (rule) {
|
|
|
|
|
|
free_conjunctive_matches(&matches,
|
|
|
|
|
|
cm_stubs, ARRAY_SIZE(cm_stubs));
|
|
|
|
|
|
if (soft != soft_stub) {
|
|
|
|
|
|
free(soft);
|
|
|
|
|
|
}
|
|
|
|
|
|
return rule;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
free_conjunctive_matches(&matches, cm_stubs, ARRAY_SIZE(cm_stubs));
|
|
|
|
|
|
|
|
|
|
|
|
/* There's no real match among the highest-priority soft matches.
|
|
|
|
|
|
* However, if any of those soft matches has a lower-priority but
|
|
|
|
|
|
* otherwise identical flow match, then we need to consider those for
|
|
|
|
|
|
* soft or hard matches.
|
|
|
|
|
|
*
|
|
|
|
|
|
* The next iteration of the soft match loop will delete any null
|
|
|
|
|
|
* pointers we put into 'soft' (and some others too). */
|
|
|
|
|
|
for (int i = 0; i < n_soft; i++) {
|
|
|
|
|
|
if (soft[i]->priority != soft_pri) {
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Find next-lower-priority flow with identical flow match. */
|
2015-06-09 17:00:00 -07:00
|
|
|
|
match = next_visible_rule_in_list(soft[i]->match, version);
|
2015-01-11 13:25:24 -08:00
|
|
|
|
if (match) {
|
|
|
|
|
|
soft[i] = ovsrcu_get(struct cls_conjunction_set *,
|
|
|
|
|
|
&match->conj_set);
|
|
|
|
|
|
if (!soft[i]) {
|
|
|
|
|
|
/* The flow is a hard match; don't treat as a soft
|
|
|
|
|
|
* match. */
|
|
|
|
|
|
if (match->priority > hard_pri) {
|
|
|
|
|
|
hard = match;
|
|
|
|
|
|
hard_pri = hard->priority;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
/* No such lower-priority flow (probably the common case). */
|
|
|
|
|
|
soft[i] = NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (soft != soft_stub) {
|
|
|
|
|
|
free(soft);
|
|
|
|
|
|
}
|
|
|
|
|
|
return hard ? hard->cls_rule : NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-06-09 17:00:00 -07:00
|
|
|
|
/* Finds and returns the highest-priority rule in 'cls' that matches 'flow' and
|
|
|
|
|
|
* that is visible in 'version'. Returns a null pointer if no rules in 'cls'
|
|
|
|
|
|
* match 'flow'. If multiple rules of equal priority match 'flow', returns one
|
|
|
|
|
|
* arbitrarily.
|
2015-01-11 13:25:24 -08:00
|
|
|
|
*
|
|
|
|
|
|
* If a rule is found and 'wc' is non-null, bitwise-OR's 'wc' with the
|
|
|
|
|
|
* set of bits that were significant in the lookup. At some point
|
|
|
|
|
|
* earlier, 'wc' should have been initialized (e.g., by
|
|
|
|
|
|
* flow_wildcards_init_catchall()).
|
|
|
|
|
|
*
|
|
|
|
|
|
* 'flow' is non-const to allow for temporary modifications during the lookup.
|
|
|
|
|
|
* Any changes are restored before returning. */
|
|
|
|
|
|
const struct cls_rule *
|
2016-07-29 16:52:01 -07:00
|
|
|
|
classifier_lookup(const struct classifier *cls, ovs_version_t version,
|
2015-06-09 17:00:00 -07:00
|
|
|
|
struct flow *flow, struct flow_wildcards *wc)
|
2015-01-11 13:25:24 -08:00
|
|
|
|
{
|
2015-06-09 17:00:00 -07:00
|
|
|
|
return classifier_lookup__(cls, version, flow, wc, true);
|
2010-10-14 10:13:51 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2010-11-03 11:00:58 -07:00
|
|
|
|
/* Finds and returns a rule in 'cls' with exactly the same priority and
|
2015-07-06 11:45:54 -07:00
|
|
|
|
* matching criteria as 'target', and that is visible in 'version'.
|
2015-06-09 17:00:00 -07:00
|
|
|
|
* Only one such rule may ever exist. Returns a null pointer if 'cls' doesn't
|
|
|
|
|
|
* contain an exact match. */
|
2014-11-06 14:55:29 -08:00
|
|
|
|
const struct cls_rule *
|
2014-07-18 02:24:26 -07:00
|
|
|
|
classifier_find_rule_exactly(const struct classifier *cls,
|
2015-07-06 11:45:54 -07:00
|
|
|
|
const struct cls_rule *target,
|
2016-07-29 16:52:01 -07:00
|
|
|
|
ovs_version_t version)
|
2009-07-08 13:19:16 -07:00
|
|
|
|
{
|
2014-11-06 14:55:29 -08:00
|
|
|
|
const struct cls_match *head, *rule;
|
|
|
|
|
|
const struct cls_subtable *subtable;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
subtable = find_subtable(cls, target->match.mask);
|
2014-10-15 10:56:32 -07:00
|
|
|
|
if (!subtable) {
|
2014-11-03 09:56:54 -08:00
|
|
|
|
return NULL;
|
2013-02-08 00:06:22 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
head = find_equal(subtable, target->match.flow,
|
|
|
|
|
|
miniflow_hash_in_minimask(target->match.flow,
|
|
|
|
|
|
target->match.mask, 0));
|
2014-11-03 09:56:54 -08:00
|
|
|
|
if (!head) {
|
|
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
2015-06-11 15:53:42 -07:00
|
|
|
|
CLS_MATCH_FOR_EACH (rule, head) {
|
2015-05-29 11:28:38 -07:00
|
|
|
|
if (rule->priority < target->priority) {
|
|
|
|
|
|
break; /* Not found. */
|
|
|
|
|
|
}
|
|
|
|
|
|
if (rule->priority == target->priority
|
2015-07-06 11:45:54 -07:00
|
|
|
|
&& cls_match_visible_in_version(rule, version)) {
|
2015-05-29 11:28:38 -07:00
|
|
|
|
return rule->cls_rule;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2012-08-07 15:28:18 -07:00
|
|
|
|
/* Finds and returns a rule in 'cls' with priority 'priority' and exactly the
|
2015-06-09 17:00:00 -07:00
|
|
|
|
* same matching criteria as 'target', and that is visible in 'version'.
|
|
|
|
|
|
* Returns a null pointer if 'cls' doesn't contain an exact match visible in
|
|
|
|
|
|
* 'version'. */
|
2014-11-06 14:55:29 -08:00
|
|
|
|
const struct cls_rule *
|
2012-08-07 15:28:18 -07:00
|
|
|
|
classifier_find_match_exactly(const struct classifier *cls,
|
2015-06-09 17:00:00 -07:00
|
|
|
|
const struct match *target, int priority,
|
2016-07-29 16:52:01 -07:00
|
|
|
|
ovs_version_t version)
|
2012-08-07 15:28:18 -07:00
|
|
|
|
{
|
2014-11-06 14:55:29 -08:00
|
|
|
|
const struct cls_rule *retval;
|
2012-08-07 15:28:18 -07:00
|
|
|
|
struct cls_rule cr;
|
|
|
|
|
|
|
2015-07-06 11:45:54 -07:00
|
|
|
|
cls_rule_init(&cr, target, priority);
|
|
|
|
|
|
retval = classifier_find_rule_exactly(cls, &cr, version);
|
2012-08-20 11:29:43 -07:00
|
|
|
|
cls_rule_destroy(&cr);
|
2012-08-07 15:28:18 -07:00
|
|
|
|
|
|
|
|
|
|
return retval;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-03-19 22:00:34 -07:00
|
|
|
|
/* Finds and returns a rule in 'cls' with priority 'priority' and exactly the
|
|
|
|
|
|
* same matching criteria as 'target', and that is visible in 'version'.
|
|
|
|
|
|
* Returns a null pointer if 'cls' doesn't contain an exact match visible in
|
|
|
|
|
|
* 'version'. */
|
|
|
|
|
|
const struct cls_rule *
|
|
|
|
|
|
classifier_find_minimatch_exactly(const struct classifier *cls,
|
|
|
|
|
|
const struct minimatch *target, int priority,
|
|
|
|
|
|
ovs_version_t version)
|
|
|
|
|
|
{
|
|
|
|
|
|
const struct cls_rule *retval;
|
|
|
|
|
|
struct cls_rule cr;
|
|
|
|
|
|
|
|
|
|
|
|
cls_rule_init_from_minimatch(&cr, target, priority);
|
|
|
|
|
|
retval = classifier_find_rule_exactly(cls, &cr, version);
|
|
|
|
|
|
cls_rule_destroy(&cr);
|
|
|
|
|
|
|
|
|
|
|
|
return retval;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-07-06 11:45:54 -07:00
|
|
|
|
/* Checks if 'target' would overlap any other rule in 'cls' in 'version'. Two
|
|
|
|
|
|
* rules are considered to overlap if both rules have the same priority and a
|
|
|
|
|
|
* packet could match both, and if both rules are visible in the same version.
|
2014-11-13 11:54:31 -08:00
|
|
|
|
*
|
|
|
|
|
|
* A trivial example of overlapping rules is two rules matching disjoint sets
|
|
|
|
|
|
* of fields. E.g., if one rule matches only on port number, while another only
|
|
|
|
|
|
* on dl_type, any packet from that specific port and with that specific
|
2015-06-09 17:00:00 -07:00
|
|
|
|
* dl_type could match both, if the rules also have the same priority. */
|
2009-11-12 15:40:33 -08:00
|
|
|
|
bool
|
2014-07-18 02:24:26 -07:00
|
|
|
|
classifier_rule_overlaps(const struct classifier *cls,
|
2016-07-29 16:52:01 -07:00
|
|
|
|
const struct cls_rule *target, ovs_version_t version)
|
2009-11-12 15:40:33 -08:00
|
|
|
|
{
|
2013-10-29 16:39:52 -07:00
|
|
|
|
struct cls_subtable *subtable;
|
2009-11-12 15:40:33 -08:00
|
|
|
|
|
2013-10-29 16:39:52 -07:00
|
|
|
|
/* Iterate subtables in the descending max priority order. */
|
2016-08-10 14:58:51 -07:00
|
|
|
|
PVECTOR_FOR_EACH_PRIORITY (subtable, target->priority, 2,
|
|
|
|
|
|
sizeof(struct cls_subtable), &cls->subtables) {
|
2015-07-15 13:17:01 -07:00
|
|
|
|
struct {
|
|
|
|
|
|
struct minimask mask;
|
|
|
|
|
|
uint64_t storage[FLOW_U64S];
|
|
|
|
|
|
} m;
|
2014-11-13 11:54:31 -08:00
|
|
|
|
const struct cls_rule *rule;
|
2009-11-12 15:40:33 -08:00
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
minimask_combine(&m.mask, target->match.mask, &subtable->mask,
|
|
|
|
|
|
m.storage);
|
2009-11-12 15:40:33 -08:00
|
|
|
|
|
2014-11-13 11:54:31 -08:00
|
|
|
|
RCULIST_FOR_EACH (rule, node, &subtable->rules_list) {
|
|
|
|
|
|
if (rule->priority == target->priority
|
2015-07-15 13:17:01 -07:00
|
|
|
|
&& miniflow_equal_in_minimask(target->match.flow,
|
|
|
|
|
|
rule->match.flow, &m.mask)
|
2016-04-17 08:51:21 -07:00
|
|
|
|
&& cls_rule_visible_in_version(rule, version)) {
|
2014-11-13 11:54:31 -08:00
|
|
|
|
return true;
|
2009-11-12 15:40:33 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2012-07-12 10:13:10 -07:00
|
|
|
|
|
|
|
|
|
|
/* Returns true if 'rule' exactly matches 'criteria' or if 'rule' is more
|
|
|
|
|
|
* specific than 'criteria'. That is, 'rule' matches 'criteria' and this
|
|
|
|
|
|
* function returns true if, for every field:
|
|
|
|
|
|
*
|
|
|
|
|
|
* - 'criteria' and 'rule' specify the same (non-wildcarded) value for the
|
|
|
|
|
|
* field, or
|
|
|
|
|
|
*
|
|
|
|
|
|
* - 'criteria' wildcards the field,
|
|
|
|
|
|
*
|
|
|
|
|
|
* Conversely, 'rule' does not match 'criteria' and this function returns false
|
|
|
|
|
|
* if, for at least one field:
|
|
|
|
|
|
*
|
|
|
|
|
|
* - 'criteria' and 'rule' specify different values for the field, or
|
|
|
|
|
|
*
|
|
|
|
|
|
* - 'criteria' specifies a value for the field but 'rule' wildcards it.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Equivalently, the truth table for whether a field matches is:
|
|
|
|
|
|
*
|
|
|
|
|
|
* rule
|
|
|
|
|
|
*
|
|
|
|
|
|
* c wildcard exact
|
|
|
|
|
|
* r +---------+---------+
|
|
|
|
|
|
* i wild | yes | yes |
|
|
|
|
|
|
* t card | | |
|
|
|
|
|
|
* e +---------+---------+
|
|
|
|
|
|
* r exact | no |if values|
|
|
|
|
|
|
* i | |are equal|
|
|
|
|
|
|
* a +---------+---------+
|
|
|
|
|
|
*
|
|
|
|
|
|
* This is the matching rule used by OpenFlow 1.0 non-strict OFPT_FLOW_MOD
|
|
|
|
|
|
* commands and by OpenFlow 1.0 aggregate and flow stats.
|
|
|
|
|
|
*
|
2012-08-07 15:28:18 -07:00
|
|
|
|
* Ignores rule->priority. */
|
2012-07-12 10:13:10 -07:00
|
|
|
|
bool
|
|
|
|
|
|
cls_rule_is_loose_match(const struct cls_rule *rule,
|
2012-09-04 12:43:53 -07:00
|
|
|
|
const struct minimatch *criteria)
|
2012-07-12 10:13:10 -07:00
|
|
|
|
{
|
2015-07-15 13:17:01 -07:00
|
|
|
|
return (!minimask_has_extra(rule->match.mask, criteria->mask)
|
|
|
|
|
|
&& miniflow_equal_in_minimask(rule->match.flow, criteria->flow,
|
|
|
|
|
|
criteria->mask));
|
2012-07-12 10:13:10 -07:00
|
|
|
|
}
|
2010-11-03 11:00:58 -07:00
|
|
|
|
�
|
2010-10-28 16:18:20 -07:00
|
|
|
|
/* Iteration. */
|
|
|
|
|
|
|
|
|
|
|
|
static bool
|
2015-07-06 11:45:54 -07:00
|
|
|
|
rule_matches(const struct cls_rule *rule, const struct cls_rule *target,
|
2016-07-29 16:52:01 -07:00
|
|
|
|
ovs_version_t version)
|
2010-10-28 16:18:20 -07:00
|
|
|
|
{
|
2015-07-06 11:45:54 -07:00
|
|
|
|
/* Rule may only match a target if it is visible in target's version. */
|
2016-04-17 08:51:21 -07:00
|
|
|
|
return cls_rule_visible_in_version(rule, version)
|
2015-07-15 13:17:01 -07:00
|
|
|
|
&& (!target || miniflow_equal_in_minimask(rule->match.flow,
|
|
|
|
|
|
target->match.flow,
|
|
|
|
|
|
target->match.mask));
|
2010-10-28 16:18:20 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-11-13 11:54:31 -08:00
|
|
|
|
static const struct cls_rule *
|
2013-10-29 16:39:52 -07:00
|
|
|
|
search_subtable(const struct cls_subtable *subtable,
|
2014-07-11 02:29:07 -07:00
|
|
|
|
struct cls_cursor *cursor)
|
2010-10-28 16:18:20 -07:00
|
|
|
|
{
|
2014-07-11 02:29:07 -07:00
|
|
|
|
if (!cursor->target
|
2015-07-15 13:17:01 -07:00
|
|
|
|
|| !minimask_has_extra(&subtable->mask, cursor->target->match.mask)) {
|
2014-11-13 11:54:31 -08:00
|
|
|
|
const struct cls_rule *rule;
|
2010-10-28 16:18:20 -07:00
|
|
|
|
|
2014-11-13 11:54:31 -08:00
|
|
|
|
RCULIST_FOR_EACH (rule, node, &subtable->rules_list) {
|
2015-07-06 11:45:54 -07:00
|
|
|
|
if (rule_matches(rule, cursor->target, cursor->version)) {
|
2010-10-28 16:18:20 -07:00
|
|
|
|
return rule;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-11 02:29:07 -07:00
|
|
|
|
/* Initializes 'cursor' for iterating through rules in 'cls', and returns the
|
2015-07-06 11:45:54 -07:00
|
|
|
|
* cursor.
|
2010-10-28 16:18:20 -07:00
|
|
|
|
*
|
2015-07-06 11:45:54 -07:00
|
|
|
|
* - If 'target' is null, or if the 'target' is a catchall target, the
|
|
|
|
|
|
* cursor will visit every rule in 'cls' that is visible in 'version'.
|
2010-10-28 16:18:20 -07:00
|
|
|
|
*
|
2012-07-12 10:13:10 -07:00
|
|
|
|
* - If 'target' is nonnull, the cursor will visit each 'rule' in 'cls'
|
2015-06-09 17:00:00 -07:00
|
|
|
|
* such that cls_rule_is_loose_match(rule, target) returns true and that
|
2015-07-06 11:45:54 -07:00
|
|
|
|
* the rule is visible in 'version'.
|
2010-10-28 16:18:20 -07:00
|
|
|
|
*
|
2012-07-12 10:13:10 -07:00
|
|
|
|
* Ignores target->priority. */
|
2015-05-29 11:28:38 -07:00
|
|
|
|
struct cls_cursor
|
2015-07-06 11:45:54 -07:00
|
|
|
|
cls_cursor_start(const struct classifier *cls, const struct cls_rule *target,
|
2016-07-29 16:52:01 -07:00
|
|
|
|
ovs_version_t version)
|
2010-10-28 16:18:20 -07:00
|
|
|
|
{
|
2014-07-11 02:29:07 -07:00
|
|
|
|
struct cls_cursor cursor;
|
2013-10-29 16:39:52 -07:00
|
|
|
|
struct cls_subtable *subtable;
|
2010-10-28 16:18:20 -07:00
|
|
|
|
|
2014-07-18 02:24:26 -07:00
|
|
|
|
cursor.cls = cls;
|
2015-07-06 11:45:54 -07:00
|
|
|
|
cursor.target = target && !cls_rule_is_catchall(target) ? target : NULL;
|
|
|
|
|
|
cursor.version = version;
|
2014-07-21 21:00:04 -07:00
|
|
|
|
cursor.rule = NULL;
|
2014-07-11 02:29:07 -07:00
|
|
|
|
|
|
|
|
|
|
/* Find first rule. */
|
2016-08-10 14:58:51 -07:00
|
|
|
|
PVECTOR_CURSOR_FOR_EACH (subtable, &cursor.subtables,
|
|
|
|
|
|
&cursor.cls->subtables) {
|
2014-11-13 11:54:31 -08:00
|
|
|
|
const struct cls_rule *rule = search_subtable(subtable, &cursor);
|
2014-07-11 02:29:07 -07:00
|
|
|
|
|
2010-10-28 16:18:20 -07:00
|
|
|
|
if (rule) {
|
2014-07-11 02:29:07 -07:00
|
|
|
|
cursor.subtable = subtable;
|
2014-11-13 11:54:31 -08:00
|
|
|
|
cursor.rule = rule;
|
2014-07-11 02:29:07 -07:00
|
|
|
|
break;
|
2010-10-28 16:18:20 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-11 02:29:07 -07:00
|
|
|
|
return cursor;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-11-06 14:55:29 -08:00
|
|
|
|
static const struct cls_rule *
|
2014-07-21 21:00:34 -07:00
|
|
|
|
cls_cursor_next(struct cls_cursor *cursor)
|
2010-10-28 16:18:20 -07:00
|
|
|
|
{
|
2014-11-13 11:54:31 -08:00
|
|
|
|
const struct cls_rule *rule;
|
2013-10-29 16:39:52 -07:00
|
|
|
|
const struct cls_subtable *subtable;
|
2010-10-28 16:18:20 -07:00
|
|
|
|
|
2014-11-13 11:54:31 -08:00
|
|
|
|
rule = cursor->rule;
|
|
|
|
|
|
subtable = cursor->subtable;
|
|
|
|
|
|
RCULIST_FOR_EACH_CONTINUE (rule, node, &subtable->rules_list) {
|
2015-07-06 11:45:54 -07:00
|
|
|
|
if (rule_matches(rule, cursor->target, cursor->version)) {
|
2014-11-13 11:54:31 -08:00
|
|
|
|
return rule;
|
2010-10-28 16:18:20 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-08-10 14:58:51 -07:00
|
|
|
|
PVECTOR_CURSOR_FOR_EACH_CONTINUE (subtable, &cursor->subtables) {
|
2014-07-11 02:29:07 -07:00
|
|
|
|
rule = search_subtable(subtable, cursor);
|
2010-10-28 16:18:20 -07:00
|
|
|
|
if (rule) {
|
2013-10-29 16:39:52 -07:00
|
|
|
|
cursor->subtable = subtable;
|
2014-11-13 11:54:31 -08:00
|
|
|
|
return rule;
|
2010-10-28 16:18:20 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-21 21:00:34 -07:00
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Sets 'cursor->rule' to the next matching cls_rule in 'cursor''s iteration,
|
|
|
|
|
|
* or to null if all matching rules have been visited. */
|
|
|
|
|
|
void
|
|
|
|
|
|
cls_cursor_advance(struct cls_cursor *cursor)
|
|
|
|
|
|
{
|
|
|
|
|
|
cursor->rule = cls_cursor_next(cursor);
|
2010-10-28 16:18:20 -07:00
|
|
|
|
}
|
|
|
|
|
|
�
|
2013-10-29 16:39:52 -07:00
|
|
|
|
static struct cls_subtable *
|
2014-07-18 02:24:26 -07:00
|
|
|
|
find_subtable(const struct classifier *cls, const struct minimask *mask)
|
2010-11-03 11:00:58 -07:00
|
|
|
|
{
|
2013-10-29 16:39:52 -07:00
|
|
|
|
struct cls_subtable *subtable;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2014-07-11 02:29:07 -07:00
|
|
|
|
CMAP_FOR_EACH_WITH_HASH (subtable, cmap_node, minimask_hash(mask, 0),
|
2014-05-19 10:41:03 -07:00
|
|
|
|
&cls->subtables_map) {
|
2013-10-29 16:39:52 -07:00
|
|
|
|
if (minimask_equal(mask, &subtable->mask)) {
|
|
|
|
|
|
return subtable;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2010-11-03 11:00:58 -07:00
|
|
|
|
return NULL;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Initializes 'map' with a subset of 'miniflow''s maps that includes only the
|
|
|
|
|
|
* portions with u64-offset 'i' such that 'start' <= i < 'end'. Does not copy
|
|
|
|
|
|
* any data from 'miniflow' to 'map'. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
static struct flowmap
|
|
|
|
|
|
miniflow_get_map_in_range(const struct miniflow *miniflow, uint8_t start,
|
|
|
|
|
|
uint8_t end)
|
2015-08-25 13:55:03 -07:00
|
|
|
|
{
|
2015-08-25 13:55:03 -07:00
|
|
|
|
struct flowmap map;
|
|
|
|
|
|
size_t ofs = 0;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
map = miniflow->map;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Clear the bits before 'start'. */
|
|
|
|
|
|
while (start >= MAP_T_BITS) {
|
|
|
|
|
|
start -= MAP_T_BITS;
|
|
|
|
|
|
ofs += MAP_T_BITS;
|
|
|
|
|
|
map.bits[start / MAP_T_BITS] = 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
if (start > 0) {
|
|
|
|
|
|
flowmap_clear(&map, ofs, start);
|
2015-08-25 13:55:03 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Clear the bits starting at 'end'. */
|
|
|
|
|
|
if (end < FLOW_U64S) {
|
|
|
|
|
|
/* flowmap_clear() can handle at most MAP_T_BITS at a time. */
|
|
|
|
|
|
ovs_assert(FLOW_U64S - end <= MAP_T_BITS);
|
|
|
|
|
|
flowmap_clear(&map, end, FLOW_U64S - end);
|
2015-08-25 13:55:03 -07:00
|
|
|
|
}
|
2015-08-25 13:55:03 -07:00
|
|
|
|
return map;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
/* The new subtable will be visible to the readers only after this. */
|
2013-10-29 16:39:52 -07:00
|
|
|
|
static struct cls_subtable *
|
2014-07-18 02:24:26 -07:00
|
|
|
|
insert_subtable(struct classifier *cls, const struct minimask *mask)
|
2010-11-03 11:00:58 -07:00
|
|
|
|
{
|
2013-09-25 15:07:21 -07:00
|
|
|
|
uint32_t hash = minimask_hash(mask, 0);
|
2013-10-29 16:39:52 -07:00
|
|
|
|
struct cls_subtable *subtable;
|
2013-11-19 17:31:29 -08:00
|
|
|
|
int i, index = 0;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
struct flowmap stage_map;
|
2013-11-19 17:31:29 -08:00
|
|
|
|
uint8_t prev;
|
2015-07-17 15:18:43 -07:00
|
|
|
|
size_t count = miniflow_n_values(&mask->masks);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
subtable = xzalloc(sizeof *subtable + MINIFLOW_VALUES_SIZE(count));
|
2014-07-11 02:29:07 -07:00
|
|
|
|
cmap_init(&subtable->rules);
|
2015-07-15 13:17:01 -07:00
|
|
|
|
miniflow_clone(CONST_CAST(struct miniflow *, &subtable->mask.masks),
|
|
|
|
|
|
&mask->masks, count);
|
2013-11-19 17:31:29 -08:00
|
|
|
|
|
|
|
|
|
|
/* Init indices for segmented lookup, if any. */
|
|
|
|
|
|
prev = 0;
|
|
|
|
|
|
for (i = 0; i < cls->n_flow_segments; i++) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
stage_map = miniflow_get_map_in_range(&mask->masks, prev,
|
|
|
|
|
|
cls->flow_segments[i]);
|
2013-11-19 17:31:29 -08:00
|
|
|
|
/* Add an index if it adds mask bits. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
if (!flowmap_is_empty(stage_map)) {
|
2016-04-22 19:40:09 -07:00
|
|
|
|
ccmap_init(&subtable->indices[index]);
|
2015-08-25 13:55:03 -07:00
|
|
|
|
*CONST_CAST(struct flowmap *, &subtable->index_maps[index])
|
|
|
|
|
|
= stage_map;
|
2013-11-19 17:31:29 -08:00
|
|
|
|
index++;
|
|
|
|
|
|
}
|
|
|
|
|
|
prev = cls->flow_segments[i];
|
|
|
|
|
|
}
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Map for the final stage. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
*CONST_CAST(struct flowmap *, &subtable->index_maps[index])
|
|
|
|
|
|
= miniflow_get_map_in_range(&mask->masks, prev, FLOW_U64S);
|
2016-05-04 13:00:05 -07:00
|
|
|
|
/* Check if the final stage adds any bits. */
|
2013-11-19 17:31:29 -08:00
|
|
|
|
if (index > 0) {
|
2016-05-04 13:00:05 -07:00
|
|
|
|
if (flowmap_is_empty(subtable->index_maps[index])) {
|
|
|
|
|
|
/* Remove the last index, as it has the same fields as the rules
|
|
|
|
|
|
* map. */
|
2013-11-19 17:31:29 -08:00
|
|
|
|
--index;
|
2016-04-22 19:40:09 -07:00
|
|
|
|
ccmap_destroy(&subtable->indices[index]);
|
2013-11-19 17:31:29 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2014-10-27 10:57:28 -07:00
|
|
|
|
*CONST_CAST(uint8_t *, &subtable->n_indices) = index;
|
2013-11-19 17:31:29 -08:00
|
|
|
|
|
2013-12-11 11:07:01 -08:00
|
|
|
|
for (i = 0; i < cls->n_tries; i++) {
|
|
|
|
|
|
subtable->trie_plen[i] = minimask_get_prefix_len(mask,
|
|
|
|
|
|
cls->tries[i].field);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-30 14:09:08 -07:00
|
|
|
|
/* Ports trie. */
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_set_hidden(&subtable->ports_trie, NULL);
|
2014-10-27 10:57:28 -07:00
|
|
|
|
*CONST_CAST(int *, &subtable->ports_mask_len)
|
2018-03-19 21:34:26 -07:00
|
|
|
|
= 32 - ctz32(ntohl(miniflow_get_ports(&mask->masks)));
|
2014-04-30 14:09:08 -07:00
|
|
|
|
|
2014-11-13 11:54:31 -08:00
|
|
|
|
/* List of rules. */
|
|
|
|
|
|
rculist_init(&subtable->rules_list);
|
|
|
|
|
|
|
2014-07-11 02:29:07 -07:00
|
|
|
|
cmap_insert(&cls->subtables_map, &subtable->cmap_node, hash);
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
2013-10-29 16:39:52 -07:00
|
|
|
|
return subtable;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-11-03 11:23:11 -08:00
|
|
|
|
/* RCU readers may still access the subtable before it is actually freed. */
|
2010-11-03 11:00:58 -07:00
|
|
|
|
static void
|
2014-07-18 02:24:26 -07:00
|
|
|
|
destroy_subtable(struct classifier *cls, struct cls_subtable *subtable)
|
2010-11-03 11:00:58 -07:00
|
|
|
|
{
|
2013-11-19 17:31:29 -08:00
|
|
|
|
int i;
|
|
|
|
|
|
|
2016-08-10 14:58:51 -07:00
|
|
|
|
pvector_remove(&cls->subtables, subtable);
|
2014-11-03 11:23:11 -08:00
|
|
|
|
cmap_remove(&cls->subtables_map, &subtable->cmap_node,
|
|
|
|
|
|
minimask_hash(&subtable->mask, 0));
|
|
|
|
|
|
|
|
|
|
|
|
ovs_assert(ovsrcu_get_protected(struct trie_node *, &subtable->ports_trie)
|
|
|
|
|
|
== NULL);
|
|
|
|
|
|
ovs_assert(cmap_is_empty(&subtable->rules));
|
2014-11-13 11:54:31 -08:00
|
|
|
|
ovs_assert(rculist_is_empty(&subtable->rules_list));
|
2014-04-30 14:09:08 -07:00
|
|
|
|
|
2013-11-19 17:31:29 -08:00
|
|
|
|
for (i = 0; i < subtable->n_indices; i++) {
|
2016-04-22 19:40:09 -07:00
|
|
|
|
ccmap_destroy(&subtable->indices[i]);
|
2013-11-19 17:31:29 -08:00
|
|
|
|
}
|
2014-07-11 02:29:07 -07:00
|
|
|
|
cmap_destroy(&subtable->rules);
|
2014-06-26 07:41:25 -07:00
|
|
|
|
ovsrcu_postpone(free, subtable);
|
2013-02-11 13:11:42 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-18 02:24:26 -07:00
|
|
|
|
static unsigned int be_get_bit_at(const ovs_be32 value[], unsigned int ofs);
|
|
|
|
|
|
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Return 'true' if can skip rest of the subtable based on the prefix trie
|
|
|
|
|
|
* lookup results. */
|
|
|
|
|
|
static inline bool
|
|
|
|
|
|
check_tries(struct trie_ctx trie_ctx[CLS_MAX_TRIES], unsigned int n_tries,
|
|
|
|
|
|
const unsigned int field_plen[CLS_MAX_TRIES],
|
2015-08-25 13:55:03 -07:00
|
|
|
|
const struct flowmap range_map, const struct flow *flow,
|
2013-12-11 11:07:01 -08:00
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
int j;
|
|
|
|
|
|
|
|
|
|
|
|
/* Check if we could avoid fully unwildcarding the next level of
|
|
|
|
|
|
* fields using the prefix tries. The trie checks are done only as
|
|
|
|
|
|
* needed to avoid folding in additional bits to the wildcards mask. */
|
|
|
|
|
|
for (j = 0; j < n_tries; j++) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Is the trie field relevant for this subtable, and
|
|
|
|
|
|
is the trie field within the current range of fields? */
|
|
|
|
|
|
if (field_plen[j] &&
|
|
|
|
|
|
flowmap_is_set(&range_map, trie_ctx[j].be32ofs / 2)) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
struct trie_ctx *ctx = &trie_ctx[j];
|
2015-08-25 13:55:03 -07:00
|
|
|
|
|
|
|
|
|
|
/* On-demand trie lookup. */
|
|
|
|
|
|
if (!ctx->lookup_done) {
|
|
|
|
|
|
memset(&ctx->match_plens, 0, sizeof ctx->match_plens);
|
|
|
|
|
|
ctx->maskbits = trie_lookup(ctx->trie, flow, &ctx->match_plens);
|
|
|
|
|
|
ctx->lookup_done = true;
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Possible to skip the rest of the subtable if subtable's
|
|
|
|
|
|
* prefix on the field is not included in the lookup result. */
|
|
|
|
|
|
if (!be_get_bit_at(&ctx->match_plens.be32, field_plen[j] - 1)) {
|
|
|
|
|
|
/* We want the trie lookup to never result in unwildcarding
|
|
|
|
|
|
* any bits that would not be unwildcarded otherwise.
|
|
|
|
|
|
* Since the trie is shared by the whole classifier, it is
|
|
|
|
|
|
* possible that the 'maskbits' contain bits that are
|
|
|
|
|
|
* irrelevant for the partition relevant for the current
|
|
|
|
|
|
* packet. Hence the checks below. */
|
|
|
|
|
|
|
|
|
|
|
|
/* Check that the trie result will not unwildcard more bits
|
|
|
|
|
|
* than this subtable would otherwise. */
|
|
|
|
|
|
if (ctx->maskbits <= field_plen[j]) {
|
|
|
|
|
|
/* Unwildcard the bits and skip the rest. */
|
|
|
|
|
|
mask_set_prefix_bits(wc, ctx->be32ofs, ctx->maskbits);
|
|
|
|
|
|
/* Note: Prerequisite already unwildcarded, as the only
|
|
|
|
|
|
* prerequisite of the supported trie lookup fields is
|
|
|
|
|
|
* the ethertype, which is always unwildcarded. */
|
|
|
|
|
|
return true;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Can skip if the field is already unwildcarded. */
|
|
|
|
|
|
if (mask_prefix_bits_set(wc, ctx->be32ofs, ctx->maskbits)) {
|
|
|
|
|
|
return true;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-29 15:50:39 -07:00
|
|
|
|
/* Returns true if 'target' satisifies 'flow'/'mask', that is, if each bit
|
|
|
|
|
|
* for which 'flow', for which 'mask' has a bit set, specifies a particular
|
|
|
|
|
|
* value has the correct value in 'target'.
|
|
|
|
|
|
*
|
|
|
|
|
|
* This function is equivalent to miniflow_equal_flow_in_minimask(flow,
|
2014-06-13 10:38:05 -07:00
|
|
|
|
* target, mask) but this is faster because of the invariant that
|
|
|
|
|
|
* flow->map and mask->masks.map are the same, and that this version
|
|
|
|
|
|
* takes the 'wc'. */
|
2014-04-29 15:50:39 -07:00
|
|
|
|
static inline bool
|
|
|
|
|
|
miniflow_and_mask_matches_flow(const struct miniflow *flow,
|
|
|
|
|
|
const struct minimask *mask,
|
2014-06-13 10:38:05 -07:00
|
|
|
|
const struct flow *target)
|
2014-04-29 15:50:39 -07:00
|
|
|
|
{
|
2015-07-16 17:42:24 -07:00
|
|
|
|
const uint64_t *flowp = miniflow_get_values(flow);
|
|
|
|
|
|
const uint64_t *maskp = miniflow_get_values(&mask->masks);
|
2015-07-17 15:18:43 -07:00
|
|
|
|
const uint64_t *target_u64 = (const uint64_t *)target;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
map_t map;
|
2014-04-29 15:50:39 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
FLOWMAP_FOR_EACH_MAP (map, mask->masks.map) {
|
|
|
|
|
|
size_t idx;
|
|
|
|
|
|
|
|
|
|
|
|
MAP_FOR_EACH_INDEX (idx, map) {
|
|
|
|
|
|
if ((*flowp++ ^ target_u64[idx]) & *maskp++) {
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2014-04-29 15:50:39 -07:00
|
|
|
|
}
|
2015-08-25 13:55:03 -07:00
|
|
|
|
target_u64 += MAP_T_BITS;
|
2014-04-29 15:50:39 -07:00
|
|
|
|
}
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-11-06 14:55:29 -08:00
|
|
|
|
static inline const struct cls_match *
|
2016-07-29 16:52:01 -07:00
|
|
|
|
find_match(const struct cls_subtable *subtable, ovs_version_t version,
|
2015-06-09 17:00:00 -07:00
|
|
|
|
const struct flow *flow, uint32_t hash)
|
2010-11-03 11:00:58 -07:00
|
|
|
|
{
|
2015-05-29 11:28:38 -07:00
|
|
|
|
const struct cls_match *head, *rule;
|
2010-11-03 11:00:58 -07:00
|
|
|
|
|
2015-05-29 11:28:38 -07:00
|
|
|
|
CMAP_FOR_EACH_WITH_HASH (head, cmap_node, hash, &subtable->rules) {
|
|
|
|
|
|
if (OVS_LIKELY(miniflow_and_mask_matches_flow(&head->flow,
|
|
|
|
|
|
&subtable->mask,
|
|
|
|
|
|
flow))) {
|
|
|
|
|
|
/* Return highest priority rule that is visible. */
|
2015-06-11 15:53:42 -07:00
|
|
|
|
CLS_MATCH_FOR_EACH (rule, head) {
|
2015-06-09 17:00:00 -07:00
|
|
|
|
if (OVS_LIKELY(cls_match_visible_in_version(rule, version))) {
|
2015-05-29 11:28:38 -07:00
|
|
|
|
return rule;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2012-04-09 15:49:22 -07:00
|
|
|
|
|
2009-07-08 13:19:16 -07:00
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-11-06 14:55:29 -08:00
|
|
|
|
static const struct cls_match *
|
2016-07-29 16:52:01 -07:00
|
|
|
|
find_match_wc(const struct cls_subtable *subtable, ovs_version_t version,
|
2015-06-09 17:00:00 -07:00
|
|
|
|
const struct flow *flow, struct trie_ctx trie_ctx[CLS_MAX_TRIES],
|
|
|
|
|
|
unsigned int n_tries, struct flow_wildcards *wc)
|
2013-11-19 17:31:29 -08:00
|
|
|
|
{
|
2014-04-29 15:50:38 -07:00
|
|
|
|
if (OVS_UNLIKELY(!wc)) {
|
2015-06-09 17:00:00 -07:00
|
|
|
|
return find_match(subtable, version, flow,
|
2013-11-19 17:31:29 -08:00
|
|
|
|
flow_hash_in_minimask(flow, &subtable->mask, 0));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
uint32_t basis = 0, hash;
|
|
|
|
|
|
const struct cls_match *rule = NULL;
|
|
|
|
|
|
struct flowmap stages_map = FLOWMAP_EMPTY_INITIALIZER;
|
|
|
|
|
|
unsigned int mask_offset = 0;
|
|
|
|
|
|
int i;
|
|
|
|
|
|
|
2013-11-19 17:31:29 -08:00
|
|
|
|
/* Try to finish early by checking fields in segments. */
|
|
|
|
|
|
for (i = 0; i < subtable->n_indices; i++) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
if (check_tries(trie_ctx, n_tries, subtable->trie_plen,
|
2015-08-25 13:55:03 -07:00
|
|
|
|
subtable->index_maps[i], flow, wc)) {
|
2014-06-13 10:38:05 -07:00
|
|
|
|
/* 'wc' bits for the trie field set, now unwildcard the preceding
|
|
|
|
|
|
* bits used so far. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
goto no_match;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
2015-08-25 13:55:03 -07:00
|
|
|
|
|
|
|
|
|
|
/* Accumulate the map used so far. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
stages_map = flowmap_or(stages_map, subtable->index_maps[i]);
|
2015-08-25 13:55:03 -07:00
|
|
|
|
|
|
|
|
|
|
hash = flow_hash_in_minimask_range(flow, &subtable->mask,
|
2015-08-25 13:55:03 -07:00
|
|
|
|
subtable->index_maps[i],
|
2015-08-25 13:55:03 -07:00
|
|
|
|
&mask_offset, &basis);
|
|
|
|
|
|
|
2016-04-22 19:40:09 -07:00
|
|
|
|
if (!ccmap_find(&subtable->indices[i], hash)) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
goto no_match;
|
2013-11-19 17:31:29 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Trie check for the final range. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
if (check_tries(trie_ctx, n_tries, subtable->trie_plen,
|
2015-08-25 13:55:03 -07:00
|
|
|
|
subtable->index_maps[i], flow, wc)) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
goto no_match;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
2015-08-25 13:55:03 -07:00
|
|
|
|
hash = flow_hash_in_minimask_range(flow, &subtable->mask,
|
2015-08-25 13:55:03 -07:00
|
|
|
|
subtable->index_maps[i],
|
2015-08-25 13:55:03 -07:00
|
|
|
|
&mask_offset, &basis);
|
2015-06-09 17:00:00 -07:00
|
|
|
|
rule = find_match(subtable, version, flow, hash);
|
2014-04-30 14:09:08 -07:00
|
|
|
|
if (!rule && subtable->ports_mask_len) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* The final stage had ports, but there was no match. Instead of
|
|
|
|
|
|
* unwildcarding all the ports bits, use the ports trie to figure out a
|
|
|
|
|
|
* smaller set of bits to unwildcard. */
|
2014-04-30 14:09:08 -07:00
|
|
|
|
unsigned int mbits;
|
2014-07-18 02:24:26 -07:00
|
|
|
|
ovs_be32 value, plens, mask;
|
2014-04-30 14:09:08 -07:00
|
|
|
|
|
2018-03-19 21:34:26 -07:00
|
|
|
|
mask = miniflow_get_ports(&subtable->mask.masks);
|
2014-04-30 14:09:08 -07:00
|
|
|
|
value = ((OVS_FORCE ovs_be32 *)flow)[TP_PORTS_OFS32] & mask;
|
2014-07-18 02:24:26 -07:00
|
|
|
|
mbits = trie_lookup_value(&subtable->ports_trie, &value, &plens, 32);
|
2014-04-30 14:09:08 -07:00
|
|
|
|
|
|
|
|
|
|
((OVS_FORCE ovs_be32 *)&wc->masks)[TP_PORTS_OFS32] |=
|
2014-11-11 15:50:51 -08:00
|
|
|
|
mask & be32_prefix_mask(mbits);
|
2014-04-30 14:09:08 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
goto no_match;
|
2014-04-30 14:09:08 -07:00
|
|
|
|
}
|
2014-06-13 10:38:05 -07:00
|
|
|
|
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Must unwildcard all the fields, as they were looked at. */
|
2013-11-19 17:31:29 -08:00
|
|
|
|
flow_wildcards_fold_minimask(wc, &subtable->mask);
|
|
|
|
|
|
return rule;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
|
|
|
|
|
|
no_match:
|
|
|
|
|
|
/* Unwildcard the bits in stages so far, as they were used in determining
|
|
|
|
|
|
* there is no match. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
flow_wildcards_fold_minimask_in_map(wc, &subtable->mask, stages_map);
|
2015-08-25 13:55:03 -07:00
|
|
|
|
return NULL;
|
2013-11-19 17:31:29 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-29 15:50:38 -07:00
|
|
|
|
static struct cls_match *
|
2014-11-06 14:55:29 -08:00
|
|
|
|
find_equal(const struct cls_subtable *subtable, const struct miniflow *flow,
|
2013-10-29 16:39:52 -07:00
|
|
|
|
uint32_t hash)
|
2009-07-08 13:19:16 -07:00
|
|
|
|
{
|
2014-04-29 15:50:38 -07:00
|
|
|
|
struct cls_match *head;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2014-07-11 02:29:07 -07:00
|
|
|
|
CMAP_FOR_EACH_WITH_HASH (head, cmap_node, hash, &subtable->rules) {
|
2014-04-29 15:50:39 -07:00
|
|
|
|
if (miniflow_equal(&head->flow, flow)) {
|
2010-11-03 11:00:58 -07:00
|
|
|
|
return head;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
2013-12-11 11:07:01 -08:00
|
|
|
|
�
|
|
|
|
|
|
/* A longest-prefix match tree. */
|
|
|
|
|
|
|
|
|
|
|
|
/* Return at least 'plen' bits of the 'prefix', starting at bit offset 'ofs'.
|
|
|
|
|
|
* Prefixes are in the network byte order, and the offset 0 corresponds to
|
|
|
|
|
|
* the most significant bit of the first byte. The offset can be read as
|
|
|
|
|
|
* "how many bits to skip from the start of the prefix starting at 'pr'". */
|
|
|
|
|
|
static uint32_t
|
|
|
|
|
|
raw_get_prefix(const ovs_be32 pr[], unsigned int ofs, unsigned int plen)
|
|
|
|
|
|
{
|
|
|
|
|
|
uint32_t prefix;
|
|
|
|
|
|
|
|
|
|
|
|
pr += ofs / 32; /* Where to start. */
|
|
|
|
|
|
ofs %= 32; /* How many bits to skip at 'pr'. */
|
|
|
|
|
|
|
|
|
|
|
|
prefix = ntohl(*pr) << ofs; /* Get the first 32 - ofs bits. */
|
|
|
|
|
|
if (plen > 32 - ofs) { /* Need more than we have already? */
|
|
|
|
|
|
prefix |= ntohl(*++pr) >> (32 - ofs);
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Return with possible unwanted bits at the end. */
|
|
|
|
|
|
return prefix;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Return min(TRIE_PREFIX_BITS, plen) bits of the 'prefix', starting at bit
|
|
|
|
|
|
* offset 'ofs'. Prefixes are in the network byte order, and the offset 0
|
|
|
|
|
|
* corresponds to the most significant bit of the first byte. The offset can
|
|
|
|
|
|
* be read as "how many bits to skip from the start of the prefix starting at
|
|
|
|
|
|
* 'pr'". */
|
|
|
|
|
|
static uint32_t
|
|
|
|
|
|
trie_get_prefix(const ovs_be32 pr[], unsigned int ofs, unsigned int plen)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!plen) {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
if (plen > TRIE_PREFIX_BITS) {
|
|
|
|
|
|
plen = TRIE_PREFIX_BITS; /* Get at most TRIE_PREFIX_BITS. */
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Return with unwanted bits cleared. */
|
|
|
|
|
|
return raw_get_prefix(pr, ofs, plen) & ~0u << (32 - plen);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
/* Return the number of equal bits in 'n_bits' of 'prefix's MSBs and a 'value'
|
2013-12-11 11:07:01 -08:00
|
|
|
|
* starting at "MSB 0"-based offset 'ofs'. */
|
|
|
|
|
|
static unsigned int
|
2014-07-11 02:29:08 -07:00
|
|
|
|
prefix_equal_bits(uint32_t prefix, unsigned int n_bits, const ovs_be32 value[],
|
2013-12-11 11:07:01 -08:00
|
|
|
|
unsigned int ofs)
|
|
|
|
|
|
{
|
2014-07-11 02:29:08 -07:00
|
|
|
|
uint64_t diff = prefix ^ raw_get_prefix(value, ofs, n_bits);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Set the bit after the relevant bits to limit the result. */
|
2014-07-11 02:29:08 -07:00
|
|
|
|
return raw_clz64(diff << 32 | UINT64_C(1) << (63 - n_bits));
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Return the number of equal bits in 'node' prefix and a 'prefix' of length
|
|
|
|
|
|
* 'plen', starting at "MSB 0"-based offset 'ofs'. */
|
|
|
|
|
|
static unsigned int
|
|
|
|
|
|
trie_prefix_equal_bits(const struct trie_node *node, const ovs_be32 prefix[],
|
|
|
|
|
|
unsigned int ofs, unsigned int plen)
|
|
|
|
|
|
{
|
2014-07-11 02:29:08 -07:00
|
|
|
|
return prefix_equal_bits(node->prefix, MIN(node->n_bits, plen - ofs),
|
2013-12-11 11:07:01 -08:00
|
|
|
|
prefix, ofs);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Return the bit at ("MSB 0"-based) offset 'ofs' as an int. 'ofs' can
|
|
|
|
|
|
* be greater than 31. */
|
|
|
|
|
|
static unsigned int
|
|
|
|
|
|
be_get_bit_at(const ovs_be32 value[], unsigned int ofs)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (((const uint8_t *)value)[ofs / 8] >> (7 - ofs % 8)) & 1u;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Return the bit at ("MSB 0"-based) offset 'ofs' as an int. 'ofs' must
|
|
|
|
|
|
* be between 0 and 31, inclusive. */
|
|
|
|
|
|
static unsigned int
|
|
|
|
|
|
get_bit_at(const uint32_t prefix, unsigned int ofs)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (prefix >> (31 - ofs)) & 1u;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Create new branch. */
|
|
|
|
|
|
static struct trie_node *
|
|
|
|
|
|
trie_branch_create(const ovs_be32 *prefix, unsigned int ofs, unsigned int plen,
|
|
|
|
|
|
unsigned int n_rules)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct trie_node *node = xmalloc(sizeof *node);
|
|
|
|
|
|
|
|
|
|
|
|
node->prefix = trie_get_prefix(prefix, ofs, plen);
|
|
|
|
|
|
|
|
|
|
|
|
if (plen <= TRIE_PREFIX_BITS) {
|
2014-07-11 02:29:08 -07:00
|
|
|
|
node->n_bits = plen;
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_set_hidden(&node->edges[0], NULL);
|
|
|
|
|
|
ovsrcu_set_hidden(&node->edges[1], NULL);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
node->n_rules = n_rules;
|
|
|
|
|
|
} else { /* Need intermediate nodes. */
|
|
|
|
|
|
struct trie_node *subnode = trie_branch_create(prefix,
|
|
|
|
|
|
ofs + TRIE_PREFIX_BITS,
|
|
|
|
|
|
plen - TRIE_PREFIX_BITS,
|
|
|
|
|
|
n_rules);
|
|
|
|
|
|
int bit = get_bit_at(subnode->prefix, 0);
|
2014-07-11 02:29:08 -07:00
|
|
|
|
node->n_bits = TRIE_PREFIX_BITS;
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_set_hidden(&node->edges[bit], subnode);
|
|
|
|
|
|
ovsrcu_set_hidden(&node->edges[!bit], NULL);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
node->n_rules = 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
return node;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
2014-07-11 02:29:08 -07:00
|
|
|
|
trie_node_destroy(const struct trie_node *node)
|
2013-12-11 11:07:01 -08:00
|
|
|
|
{
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_postpone(free, CONST_CAST(struct trie_node *, node));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Copy a trie node for modification and postpone delete the old one. */
|
|
|
|
|
|
static struct trie_node *
|
|
|
|
|
|
trie_node_rcu_realloc(const struct trie_node *node)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct trie_node *new_node = xmalloc(sizeof *node);
|
|
|
|
|
|
|
|
|
|
|
|
*new_node = *node;
|
|
|
|
|
|
trie_node_destroy(node);
|
|
|
|
|
|
|
|
|
|
|
|
return new_node;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
2014-07-11 02:29:08 -07:00
|
|
|
|
trie_destroy(rcu_trie_ptr *trie)
|
2013-12-11 11:07:01 -08:00
|
|
|
|
{
|
2014-07-11 02:29:08 -07:00
|
|
|
|
struct trie_node *node = ovsrcu_get_protected(struct trie_node *, trie);
|
|
|
|
|
|
|
2013-12-11 11:07:01 -08:00
|
|
|
|
if (node) {
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_set_hidden(trie, NULL);
|
|
|
|
|
|
trie_destroy(&node->edges[0]);
|
|
|
|
|
|
trie_destroy(&node->edges[1]);
|
|
|
|
|
|
trie_node_destroy(node);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static bool
|
|
|
|
|
|
trie_is_leaf(const struct trie_node *trie)
|
|
|
|
|
|
{
|
2014-07-11 02:29:08 -07:00
|
|
|
|
/* No children? */
|
|
|
|
|
|
return !ovsrcu_get(struct trie_node *, &trie->edges[0])
|
|
|
|
|
|
&& !ovsrcu_get(struct trie_node *, &trie->edges[1]);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
|
mask_set_prefix_bits(struct flow_wildcards *wc, uint8_t be32ofs,
|
2014-07-11 02:29:08 -07:00
|
|
|
|
unsigned int n_bits)
|
2013-12-11 11:07:01 -08:00
|
|
|
|
{
|
|
|
|
|
|
ovs_be32 *mask = &((ovs_be32 *)&wc->masks)[be32ofs];
|
|
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
for (i = 0; i < n_bits / 32; i++) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
mask[i] = OVS_BE32_MAX;
|
|
|
|
|
|
}
|
2014-07-11 02:29:08 -07:00
|
|
|
|
if (n_bits % 32) {
|
|
|
|
|
|
mask[i] |= htonl(~0u << (32 - n_bits % 32));
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static bool
|
|
|
|
|
|
mask_prefix_bits_set(const struct flow_wildcards *wc, uint8_t be32ofs,
|
2014-07-11 02:29:08 -07:00
|
|
|
|
unsigned int n_bits)
|
2013-12-11 11:07:01 -08:00
|
|
|
|
{
|
|
|
|
|
|
ovs_be32 *mask = &((ovs_be32 *)&wc->masks)[be32ofs];
|
|
|
|
|
|
unsigned int i;
|
|
|
|
|
|
ovs_be32 zeroes = 0;
|
|
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
for (i = 0; i < n_bits / 32; i++) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
zeroes |= ~mask[i];
|
|
|
|
|
|
}
|
2014-07-11 02:29:08 -07:00
|
|
|
|
if (n_bits % 32) {
|
|
|
|
|
|
zeroes |= ~mask[i] & htonl(~0u << (32 - n_bits % 32));
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
return !zeroes; /* All 'n_bits' bits set. */
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
static rcu_trie_ptr *
|
2013-12-11 11:07:01 -08:00
|
|
|
|
trie_next_edge(struct trie_node *node, const ovs_be32 value[],
|
|
|
|
|
|
unsigned int ofs)
|
|
|
|
|
|
{
|
|
|
|
|
|
return node->edges + be_get_bit_at(value, ofs);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const struct trie_node *
|
|
|
|
|
|
trie_next_node(const struct trie_node *node, const ovs_be32 value[],
|
|
|
|
|
|
unsigned int ofs)
|
|
|
|
|
|
{
|
2014-07-11 02:29:08 -07:00
|
|
|
|
return ovsrcu_get(struct trie_node *,
|
|
|
|
|
|
&node->edges[be_get_bit_at(value, ofs)]);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-18 02:24:26 -07:00
|
|
|
|
/* Set the bit at ("MSB 0"-based) offset 'ofs'. 'ofs' can be greater than 31.
|
|
|
|
|
|
*/
|
|
|
|
|
|
static void
|
|
|
|
|
|
be_set_bit_at(ovs_be32 value[], unsigned int ofs)
|
|
|
|
|
|
{
|
|
|
|
|
|
((uint8_t *)value)[ofs / 8] |= 1u << (7 - ofs % 8);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Returns the number of bits in the prefix mask necessary to determine a
|
|
|
|
|
|
* mismatch, in case there are longer prefixes in the tree below the one that
|
|
|
|
|
|
* matched.
|
|
|
|
|
|
* '*plens' will have a bit set for each prefix length that may have matching
|
|
|
|
|
|
* rules. The caller is responsible for clearing the '*plens' prior to
|
|
|
|
|
|
* calling this.
|
2013-12-11 11:07:01 -08:00
|
|
|
|
*/
|
|
|
|
|
|
static unsigned int
|
2014-07-11 02:29:08 -07:00
|
|
|
|
trie_lookup_value(const rcu_trie_ptr *trie, const ovs_be32 value[],
|
2014-07-18 02:24:26 -07:00
|
|
|
|
ovs_be32 plens[], unsigned int n_bits)
|
2013-12-11 11:07:01 -08:00
|
|
|
|
{
|
|
|
|
|
|
const struct trie_node *prev = NULL;
|
2014-07-18 02:24:26 -07:00
|
|
|
|
const struct trie_node *node = ovsrcu_get(struct trie_node *, trie);
|
|
|
|
|
|
unsigned int match_len = 0; /* Number of matching bits. */
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
2014-07-18 02:24:26 -07:00
|
|
|
|
for (; node; prev = node, node = trie_next_node(node, value, match_len)) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
unsigned int eqbits;
|
|
|
|
|
|
/* Check if this edge can be followed. */
|
2014-07-18 02:24:26 -07:00
|
|
|
|
eqbits = prefix_equal_bits(node->prefix, node->n_bits, value,
|
|
|
|
|
|
match_len);
|
|
|
|
|
|
match_len += eqbits;
|
2014-07-11 02:29:08 -07:00
|
|
|
|
if (eqbits < node->n_bits) { /* Mismatch, nothing more to be found. */
|
2014-07-18 02:24:26 -07:00
|
|
|
|
/* Bit at offset 'match_len' differed. */
|
2014-07-18 02:24:26 -07:00
|
|
|
|
return match_len + 1; /* Includes the first mismatching bit. */
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
/* Full match, check if rules exist at this prefix length. */
|
|
|
|
|
|
if (node->n_rules > 0) {
|
2014-07-18 02:24:26 -07:00
|
|
|
|
be_set_bit_at(plens, match_len - 1);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
2014-07-18 02:24:26 -07:00
|
|
|
|
if (match_len >= n_bits) {
|
2014-07-18 02:24:26 -07:00
|
|
|
|
return n_bits; /* Full prefix. */
|
2014-06-13 14:52:59 -07:00
|
|
|
|
}
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
2014-07-18 02:24:26 -07:00
|
|
|
|
/* node == NULL. Full match so far, but we tried to follow an
|
|
|
|
|
|
* non-existing branch. Need to exclude the other branch if it exists
|
|
|
|
|
|
* (it does not if we were called on an empty trie or 'prev' is a leaf
|
|
|
|
|
|
* node). */
|
|
|
|
|
|
return !prev || trie_is_leaf(prev) ? match_len : match_len + 1;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static unsigned int
|
|
|
|
|
|
trie_lookup(const struct cls_trie *trie, const struct flow *flow,
|
2015-08-12 17:03:07 -07:00
|
|
|
|
union trie_prefix *plens)
|
2013-12-11 11:07:01 -08:00
|
|
|
|
{
|
|
|
|
|
|
const struct mf_field *mf = trie->field;
|
|
|
|
|
|
|
|
|
|
|
|
/* Check that current flow matches the prerequisites for the trie
|
|
|
|
|
|
* field. Some match fields are used for multiple purposes, so we
|
|
|
|
|
|
* must check that the trie is relevant for this flow. */
|
2016-07-29 16:52:03 -07:00
|
|
|
|
if (mf_are_prereqs_ok(mf, flow, NULL)) {
|
2014-07-11 02:29:08 -07:00
|
|
|
|
return trie_lookup_value(&trie->root,
|
2013-12-11 11:07:01 -08:00
|
|
|
|
&((ovs_be32 *)flow)[mf->flow_be32ofs],
|
2014-07-18 02:24:26 -07:00
|
|
|
|
&plens->be32, mf->n_bits);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
2014-07-18 02:24:26 -07:00
|
|
|
|
memset(plens, 0xff, sizeof *plens); /* All prefixes, no skipping. */
|
|
|
|
|
|
return 0; /* Value not used in this case. */
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Returns the length of a prefix match mask for the field 'mf' in 'minimask'.
|
|
|
|
|
|
* Returns the u32 offset to the miniflow data in '*miniflow_index', if
|
|
|
|
|
|
* 'miniflow_index' is not NULL. */
|
|
|
|
|
|
static unsigned int
|
|
|
|
|
|
minimask_get_prefix_len(const struct minimask *minimask,
|
|
|
|
|
|
const struct mf_field *mf)
|
|
|
|
|
|
{
|
2014-07-11 02:29:08 -07:00
|
|
|
|
unsigned int n_bits = 0, mask_tz = 0; /* Non-zero when end of mask seen. */
|
2015-01-06 11:10:42 -08:00
|
|
|
|
uint8_t be32_ofs = mf->flow_be32ofs;
|
|
|
|
|
|
uint8_t be32_end = be32_ofs + mf->n_bytes / 4;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
2015-01-06 11:10:42 -08:00
|
|
|
|
for (; be32_ofs < be32_end; ++be32_ofs) {
|
|
|
|
|
|
uint32_t mask = ntohl(minimask_get_be32(minimask, be32_ofs));
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
|
|
|
|
|
/* Validate mask, count the mask length. */
|
|
|
|
|
|
if (mask_tz) {
|
|
|
|
|
|
if (mask) {
|
|
|
|
|
|
return 0; /* No bits allowed after mask ended. */
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
if (~mask & (~mask + 1)) {
|
|
|
|
|
|
return 0; /* Mask not contiguous. */
|
|
|
|
|
|
}
|
|
|
|
|
|
mask_tz = ctz32(mask);
|
2014-07-11 02:29:08 -07:00
|
|
|
|
n_bits += 32 - mask_tz;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
return n_bits;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
* This is called only when mask prefix is known to be CIDR and non-zero.
|
|
|
|
|
|
* Relies on the fact that the flow and mask have the same map, and since
|
|
|
|
|
|
* the mask is CIDR, the storage for the flow field exists even if it
|
|
|
|
|
|
* happened to be zeros.
|
|
|
|
|
|
*/
|
|
|
|
|
|
static const ovs_be32 *
|
|
|
|
|
|
minimatch_get_prefix(const struct minimatch *match, const struct mf_field *mf)
|
|
|
|
|
|
{
|
2015-07-17 15:18:43 -07:00
|
|
|
|
size_t u64_ofs = mf->flow_be32ofs / 2;
|
|
|
|
|
|
|
|
|
|
|
|
return (OVS_FORCE const ovs_be32 *)miniflow_get__(match->flow, u64_ofs)
|
2015-01-06 11:10:42 -08:00
|
|
|
|
+ (mf->flow_be32ofs & 1);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Insert rule in to the prefix tree.
|
|
|
|
|
|
* 'mlen' must be the (non-zero) CIDR prefix length of the 'trie->field' mask
|
|
|
|
|
|
* in 'rule'. */
|
|
|
|
|
|
static void
|
|
|
|
|
|
trie_insert(struct cls_trie *trie, const struct cls_rule *rule, int mlen)
|
|
|
|
|
|
{
|
2014-04-30 14:09:08 -07:00
|
|
|
|
trie_insert_prefix(&trie->root,
|
|
|
|
|
|
minimatch_get_prefix(&rule->match, trie->field), mlen);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
2014-07-11 02:29:08 -07:00
|
|
|
|
trie_insert_prefix(rcu_trie_ptr *edge, const ovs_be32 *prefix, int mlen)
|
2014-04-30 14:09:08 -07:00
|
|
|
|
{
|
2013-12-11 11:07:01 -08:00
|
|
|
|
struct trie_node *node;
|
|
|
|
|
|
int ofs = 0;
|
|
|
|
|
|
|
|
|
|
|
|
/* Walk the tree. */
|
2014-07-11 02:29:08 -07:00
|
|
|
|
for (; (node = ovsrcu_get_protected(struct trie_node *, edge));
|
2013-12-11 11:07:01 -08:00
|
|
|
|
edge = trie_next_edge(node, prefix, ofs)) {
|
|
|
|
|
|
unsigned int eqbits = trie_prefix_equal_bits(node, prefix, ofs, mlen);
|
|
|
|
|
|
ofs += eqbits;
|
2014-07-11 02:29:08 -07:00
|
|
|
|
if (eqbits < node->n_bits) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Mismatch, new node needs to be inserted above. */
|
|
|
|
|
|
int old_branch = get_bit_at(node->prefix, eqbits);
|
2014-07-11 02:29:08 -07:00
|
|
|
|
struct trie_node *new_parent;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
new_parent = trie_branch_create(prefix, ofs - eqbits, eqbits,
|
|
|
|
|
|
ofs == mlen ? 1 : 0);
|
|
|
|
|
|
/* Copy the node to modify it. */
|
|
|
|
|
|
node = trie_node_rcu_realloc(node);
|
|
|
|
|
|
/* Adjust the new node for its new position in the tree. */
|
2013-12-11 11:07:01 -08:00
|
|
|
|
node->prefix <<= eqbits;
|
2014-07-11 02:29:08 -07:00
|
|
|
|
node->n_bits -= eqbits;
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_set_hidden(&new_parent->edges[old_branch], node);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
|
|
|
|
|
/* Check if need a new branch for the new rule. */
|
|
|
|
|
|
if (ofs < mlen) {
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_set_hidden(&new_parent->edges[!old_branch],
|
|
|
|
|
|
trie_branch_create(prefix, ofs, mlen - ofs,
|
|
|
|
|
|
1));
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_set(edge, new_parent); /* Publish changes. */
|
2013-12-11 11:07:01 -08:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Full match so far. */
|
|
|
|
|
|
|
|
|
|
|
|
if (ofs == mlen) {
|
|
|
|
|
|
/* Full match at the current node, rule needs to be added here. */
|
|
|
|
|
|
node->n_rules++;
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Must insert a new tree branch for the new rule. */
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_set(edge, trie_branch_create(prefix, ofs, mlen - ofs, 1));
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* 'mlen' must be the (non-zero) CIDR prefix length of the 'trie->field' mask
|
|
|
|
|
|
* in 'rule'. */
|
|
|
|
|
|
static void
|
|
|
|
|
|
trie_remove(struct cls_trie *trie, const struct cls_rule *rule, int mlen)
|
|
|
|
|
|
{
|
2014-04-30 14:09:08 -07:00
|
|
|
|
trie_remove_prefix(&trie->root,
|
|
|
|
|
|
minimatch_get_prefix(&rule->match, trie->field), mlen);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* 'mlen' must be the (non-zero) CIDR prefix length of the 'trie->field' mask
|
|
|
|
|
|
* in 'rule'. */
|
|
|
|
|
|
static void
|
2014-07-11 02:29:08 -07:00
|
|
|
|
trie_remove_prefix(rcu_trie_ptr *root, const ovs_be32 *prefix, int mlen)
|
2014-04-30 14:09:08 -07:00
|
|
|
|
{
|
2013-12-11 11:07:01 -08:00
|
|
|
|
struct trie_node *node;
|
2015-08-12 17:03:07 -07:00
|
|
|
|
rcu_trie_ptr *edges[sizeof(union trie_prefix) * CHAR_BIT];
|
2013-12-11 11:07:01 -08:00
|
|
|
|
int depth = 0, ofs = 0;
|
|
|
|
|
|
|
|
|
|
|
|
/* Walk the tree. */
|
2014-04-30 14:09:08 -07:00
|
|
|
|
for (edges[0] = root;
|
2014-07-11 02:29:08 -07:00
|
|
|
|
(node = ovsrcu_get_protected(struct trie_node *, edges[depth]));
|
2013-12-11 11:07:01 -08:00
|
|
|
|
edges[++depth] = trie_next_edge(node, prefix, ofs)) {
|
|
|
|
|
|
unsigned int eqbits = trie_prefix_equal_bits(node, prefix, ofs, mlen);
|
2014-04-30 14:09:08 -07:00
|
|
|
|
|
2014-07-11 02:29:08 -07:00
|
|
|
|
if (eqbits < node->n_bits) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Mismatch, nothing to be removed. This should never happen, as
|
|
|
|
|
|
* only rules in the classifier are ever removed. */
|
|
|
|
|
|
break; /* Log a warning. */
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Full match so far. */
|
|
|
|
|
|
ofs += eqbits;
|
|
|
|
|
|
|
|
|
|
|
|
if (ofs == mlen) {
|
|
|
|
|
|
/* Full prefix match at the current node, remove rule here. */
|
|
|
|
|
|
if (!node->n_rules) {
|
|
|
|
|
|
break; /* Log a warning. */
|
|
|
|
|
|
}
|
|
|
|
|
|
node->n_rules--;
|
|
|
|
|
|
|
|
|
|
|
|
/* Check if can prune the tree. */
|
2014-07-11 02:29:08 -07:00
|
|
|
|
while (!node->n_rules) {
|
|
|
|
|
|
struct trie_node *next,
|
|
|
|
|
|
*edge0 = ovsrcu_get_protected(struct trie_node *,
|
|
|
|
|
|
&node->edges[0]),
|
|
|
|
|
|
*edge1 = ovsrcu_get_protected(struct trie_node *,
|
|
|
|
|
|
&node->edges[1]);
|
|
|
|
|
|
|
|
|
|
|
|
if (edge0 && edge1) {
|
|
|
|
|
|
break; /* A branching point, cannot prune. */
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Else have at most one child node, remove this node. */
|
|
|
|
|
|
next = edge0 ? edge0 : edge1;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
|
|
|
|
|
|
if (next) {
|
2014-07-11 02:29:08 -07:00
|
|
|
|
if (node->n_bits + next->n_bits > TRIE_PREFIX_BITS) {
|
2013-12-11 11:07:01 -08:00
|
|
|
|
break; /* Cannot combine. */
|
|
|
|
|
|
}
|
2014-07-11 02:29:08 -07:00
|
|
|
|
next = trie_node_rcu_realloc(next); /* Modify. */
|
|
|
|
|
|
|
2013-12-11 11:07:01 -08:00
|
|
|
|
/* Combine node with next. */
|
2014-07-11 02:29:08 -07:00
|
|
|
|
next->prefix = node->prefix | next->prefix >> node->n_bits;
|
|
|
|
|
|
next->n_bits += node->n_bits;
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
/* Update the parent's edge. */
|
2014-07-11 02:29:08 -07:00
|
|
|
|
ovsrcu_set(edges[depth], next); /* Publish changes. */
|
|
|
|
|
|
trie_node_destroy(node);
|
|
|
|
|
|
|
2013-12-11 11:07:01 -08:00
|
|
|
|
if (next || !depth) {
|
|
|
|
|
|
/* Branch not pruned or at root, nothing more to do. */
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
2014-07-11 02:29:08 -07:00
|
|
|
|
node = ovsrcu_get_protected(struct trie_node *,
|
|
|
|
|
|
edges[--depth]);
|
2013-12-11 11:07:01 -08:00
|
|
|
|
}
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Cannot go deeper. This should never happen, since only rules
|
|
|
|
|
|
* that actually exist in the classifier are ever removed. */
|
|
|
|
|
|
}
|
2015-06-11 15:53:42 -07:00
|
|
|
|
�
|
|
|
|
|
|
|
|
|
|
|
|
#define CLS_MATCH_POISON (struct cls_match *)(UINTPTR_MAX / 0xf * 0xb)
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
|
cls_match_free_cb(struct cls_match *rule)
|
|
|
|
|
|
{
|
|
|
|
|
|
ovsrcu_set_hidden(&rule->next, CLS_MATCH_POISON);
|
|
|
|
|
|
free(rule);
|
|
|
|
|
|
}
|
