OpenSDN source code
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
flow_entry.cc
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Juniper Networks, Inc. All rights reserved.
3  */
4 
5 #include <vector>
6 #include <bitset>
7 #include <arpa/inet.h>
8 #include <netinet/in.h>
9 #include <base/os.h>
10 #include <string>
11 
12 #include <boost/date_time/posix_time/posix_time.hpp>
13 #include <boost/assign/list_of.hpp>
14 #include <boost/unordered_map.hpp>
15 #include <sandesh/sandesh_trace.h>
16 #include <base/address_util.h>
17 #include <pkt/flow_table.h>
18 #include <vrouter/flow_stats/flow_stats_collector.h>
19 #include <vrouter/ksync/ksync_init.h>
20 #include <vrouter/ksync/ksync_flow_index_manager.h>
21 
22 #include <route/route.h>
23 #include <cmn/agent_cmn.h>
24 #include <oper/interface_common.h>
25 #include <oper/nexthop.h>
26 #include <oper/tunnel_nh.h>
27 
28 #include <init/agent_param.h>
29 #include <cmn/agent_cmn.h>
30 #include <cmn/agent_stats.h>
31 #include <oper/route_common.h>
32 #include <oper/vrf.h>
33 #include <oper/vm.h>
34 #include <oper/sg.h>
35 #include <oper/qos_config.h>
36 #include <oper/global_vrouter.h>
37 
38 #include <filter/packet_header.h>
39 #include <filter/acl.h>
40 
41 #include <pkt/proto.h>
42 #include <pkt/proto_handler.h>
43 #include <pkt/pkt_handler.h>
44 #include <pkt/flow_proto.h>
45 #include <pkt/pkt_types.h>
46 #include <pkt/pkt_sandesh_flow.h>
47 #include <pkt/flow_mgmt/flow_entry_info.h>
48 #include <pkt/flow_mgmt.h>
49 #include <pkt/flow_event.h>
50 #include <pkt/flow_entry.h>
51 #include <uve/flow_uve_stats_request.h>
52 
53 using namespace boost::asio::ip;
54 using boost::uuids::nil_uuid;
55 const std::map<FlowEntry::FlowPolicyState, const char*>
56  FlowEntry::FlowPolicyStateStr = boost::assign::map_list_of
57  (NOT_EVALUATED, "00000000-0000-0000-0000-000000000000")
58  (IMPLICIT_ALLOW, "00000000-0000-0000-0000-000000000001")
59  (IMPLICIT_DENY, "00000000-0000-0000-0000-000000000002")
60  (DEFAULT_GW_ICMP_OR_DNS, "00000000-0000-0000-0000-000000000003")
61  (LINKLOCAL_FLOW, "00000000-0000-0000-0000-000000000004")
62  (MULTICAST_FLOW, "00000000-0000-0000-0000-000000000005")
63  (NON_IP_FLOW, "00000000-0000-0000-0000-000000000006")
64  (BGPROUTERSERVICE_FLOW, "00000000-0000-0000-0000-000000000007");
65 
66 const std::map<uint16_t, const char*>
67  FlowEntry::FlowDropReasonStr = boost::assign::map_list_of
68  ((uint16_t)DROP_UNKNOWN, "UNKNOWN")
69  ((uint16_t)SHORT_UNAVIALABLE_INTERFACE,
70  "Short flow Interface unavialable")
71  ((uint16_t)SHORT_IPV4_FWD_DIS, "Short flow Ipv4 forwarding disabled")
72  ((uint16_t)SHORT_UNAVIALABLE_VRF,
73  "Short flow VRF unavailable")
74  ((uint16_t)SHORT_NO_SRC_ROUTE, "Short flow No Source route")
75  ((uint16_t)SHORT_NO_DST_ROUTE, "Short flow No Destination route")
76  ((uint16_t)SHORT_AUDIT_ENTRY, "Short flow Audit Entry")
77  ((uint16_t)SHORT_VRF_CHANGE, "Short flow VRF CHANGE")
78  ((uint16_t)SHORT_NO_REVERSE_FLOW, "Short flow No Reverse flow")
79  ((uint16_t)SHORT_REVERSE_FLOW_CHANGE,
80  "Short flow Reverse flow change")
81  ((uint16_t)SHORT_NAT_CHANGE, "Short flow NAT Changed")
82  ((uint16_t)SHORT_FLOW_LIMIT, "Short flow Flow Limit Reached")
83  ((uint16_t)SHORT_LINKLOCAL_SRC_NAT,
84  "Short flow Linklocal source NAT failed")
85  ((uint16_t)SHORT_FAILED_VROUTER_INSTALL,
86  "Short flow vrouter install failed")
87  ((uint16_t)SHORT_INVALID_L2_FLOW, "Short flow invalid L2 flow")
88  ((uint16_t)SHORT_FLOW_ON_TSN, "Short flow TSN flow")
89  ((uint16_t)SHORT_NO_MIRROR_ENTRY, "Short flow No mirror entry ")
90  ((uint16_t)SHORT_SAME_FLOW_RFLOW_KEY,"Short flow same flow and rflow")
91  ((uint16_t)DROP_POLICY, "Flow drop Policy")
92  ((uint16_t)DROP_OUT_POLICY, "Flow drop Out Policy")
93  ((uint16_t)DROP_SG, "Flow drop SG")
94  ((uint16_t)DROP_OUT_SG, "Flow drop OUT SG")
95  ((uint16_t)DROP_REVERSE_SG, "Flow drop REVERSE SG")
96  ((uint16_t)DROP_REVERSE_OUT_SG, "Flow drop REVERSE OUT SG")
97  ((uint16_t)DROP_FIREWALL_POLICY, "Flow drop Firewall Policy")
98  ((uint16_t)DROP_OUT_FIREWALL_POLICY, "Flow drop OUT Firewall Policy")
99  ((uint16_t)DROP_REVERSE_FIREWALL_POLICY, "Flow drop REVERSE Firewall Policy")
100  ((uint16_t)DROP_REVERSE_OUT_FIREWALL_POLICY, "Flow drop REVERSE OUT Firewall Policy")
101  ((uint16_t)SHORT_NO_SRC_ROUTE_L2RPF, "Short flow No Source route for RPF NH")
102  ((uint16_t)SHORT_FAT_FLOW_NAT_CONFLICT, "Short flow Conflicting config for NAT and FAT flow")
103  ((uint16_t)DROP_FWAAS_POLICY, "Flow drop FWAAS Policy")
104  ((uint16_t)DROP_FWAAS_OUT_POLICY, "Flow drop OUT FWAAS Policy")
105  ((uint16_t)DROP_FWAAS_REVERSE_POLICY, "Flow drop REVERSE FWAAS Policy")
106  ((uint16_t)DROP_FWAAS_REVERSE_OUT_POLICY, "Flow drop REVERSE OUT FWAAS Policy")
107  ((uint16_t)SHORT_L3MH_PHY_INTF_DOWN, "Short flow l3mh compute physical interface flap");
108 
109 tbb::atomic<int> FlowEntry::alloc_count_;
110 SecurityGroupList FlowEntry::default_sg_list_;
111 
113 // VmFlowRef
115 const int VmFlowRef::kInvalidFd;
116 VmFlowRef::VmFlowRef() :
117  vm_(NULL), fd_(kInvalidFd), port_(0), flow_(NULL) {
118 }
119 
120 VmFlowRef::VmFlowRef(const VmFlowRef &rhs) {
121 
122  fd_ = VmFlowRef::kInvalidFd;
123  port_ = 0;
124  flow_ = NULL;
125 
126  // UPDATE on linklocal flows is not supported. So, fd_ should be invalid
127  assert(fd_ == VmFlowRef::kInvalidFd);
128  assert(rhs.fd_ == VmFlowRef::kInvalidFd);
129  SetVm(rhs.vm_.get());
130 }
131 
132 VmFlowRef:: ~VmFlowRef() {
133  Reset(true);
134 }
135 
136 void VmFlowRef::Init(FlowEntry *flow) {
137  flow_ = flow;
138 }
139 
140 void VmFlowRef::operator=(const VmFlowRef &rhs) {
141  assert(rhs.fd_ == VmFlowRef::kInvalidFd);
142  assert(rhs.port_ == 0);
143  // For linklocal flows, we should have called Move already. It would
144  // reset vm_. Validate it
145  if (fd_ != VmFlowRef::kInvalidFd)
146  assert(rhs.vm_.get() == NULL);
147 }
148 
149 // Move is called from Copy() routine when flow is evicted by vrouter and a
150 // new flow-add is received by agent. Use the fd_ and port_ from new flow
151 // since reverse flow will be setup based on these
152 void VmFlowRef::Move(VmFlowRef *rhs) {
153  // Release the old values
154  Reset(false);
155 
156  fd_ = rhs->fd_;
157  port_ = rhs->port_;
158  SetVm(rhs->vm_.get());
159 
160  // Ownership for fd_ is transferred. Reset RHS fields
161  // Reset VM first before resetting fd_
162  rhs->SetVm(NULL);
163  rhs->fd_ = VmFlowRef::kInvalidFd;
164  rhs->port_ = 0;
165 }
166 
167 void VmFlowRef::Reset(bool reset_flow) {
168  FreeRef();
169  FreeFd();
170  vm_.reset(NULL);
171  if (reset_flow)
172  flow_ = NULL;
173 }
174 
175 void VmFlowRef::FreeRef() {
176  if (vm_.get() == NULL)
177  return;
178 
179  vm_->update_flow_count(-1);
180  if (fd_ != kInvalidFd) {
181  vm_->update_linklocal_flow_count(-1);
182  }
183 }
184 
185 void VmFlowRef::FreeFd() {
186  if (fd_ == kInvalidFd) {
187  assert(port_ == 0);
188  return;
189  }
190 
191  FlowProto *proto = flow_->flow_table()->agent()->pkt()->get_flow_proto();
192  proto->update_linklocal_flow_count(-1);
193  flow_->flow_table()->DelLinkLocalFlowInfo(fd_);
194  close(fd_);
195 
196  fd_ = kInvalidFd;
197  port_ = 0;
198 }
199 
200 void VmFlowRef::SetVm(const VmEntry *vm) {
201  if (vm == vm_.get())
202  return;
203  FreeRef();
204 
205  vm_.reset(vm);
206  if (vm == NULL)
207  return;
208 
209  // update per-vm flow accounting
210  vm->update_flow_count(1);
211  if (fd_ != kInvalidFd) {
212  vm_->update_linklocal_flow_count(1);
213  }
214 
215  return;
216 }
217 
218 bool VmFlowRef::AllocateFd(Agent *agent, uint8_t l3_proto) {
219  if (fd_ != kInvalidFd)
220  return true;
221 
222  port_ = 0;
223  // Short flows are always dropped. Dont allocate FD for short flow
224  if (flow_->IsShortFlow())
225  return false;
226 
227  if (l3_proto == IPPROTO_TCP) {
228  fd_ = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
229  } else if (l3_proto == IPPROTO_UDP) {
230  fd_ = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
231  }
232 
233  if (fd_ == kInvalidFd) {
234  return false;
235  }
236 
237  // Update agent accounting info
238  agent->pkt()->get_flow_proto()->update_linklocal_flow_count(1);
239  flow_->flow_table()->AddLinkLocalFlowInfo(fd_, flow_->flow_handle(),
240  flow_->key(), UTCTimestampUsec());
241 
242  // allow the socket to be reused upon close
243  if (l3_proto == IPPROTO_TCP) {
244  int optval = 1;
245  setsockopt(fd_, SOL_SOCKET, SO_REUSEADDR,
246  (const char*)&optval, sizeof(optval));
247  }
248 
249  struct sockaddr_in address;
250  memset(&address, 0, sizeof(address));
251  address.sin_family = AF_INET;
252  if (::bind(fd_, (struct sockaddr*) &address, sizeof(address)) < 0) {
253  FreeFd();
254  return false;
255  }
256 
257  struct sockaddr_in bound_to;
258  socklen_t len = sizeof(bound_to);
259  if (getsockname(fd_, (struct sockaddr*) &bound_to, &len) < 0) {
260  FreeFd();
261  return false;
262  }
263 
264  port_ = ntohs(bound_to.sin_port);
265  return true;
266 }
267 
269 // FlowData constructor/destructor
271 FlowData::FlowData() {
272  Reset();
273 }
274 
275 FlowData::~FlowData() {
276 }
277 
278 void FlowData::Reset() {
279  smac = MacAddress();
280  dmac = MacAddress();
281  source_vn_list.clear();
282  source_vn_match = "";
283  dest_vn_match = "";
284  dest_vn_list.clear();
285  origin_vn_dst_list.clear();
286  origin_vn_src_list.clear();
287  origin_vn_src = "";
288  origin_vn_dst = "";
289  source_sg_id_l.clear();
290  dest_sg_id_l.clear();
291  flow_source_vrf = VrfEntry::kInvalidIndex;
292  flow_dest_vrf = VrfEntry::kInvalidIndex;
293  match_p.Reset();
294  vn_entry.reset(NULL);
295  intf_entry.reset(NULL);
296  in_vm_entry.Reset(true);
297  out_vm_entry.Reset(true);
298  src_ip_nh.reset(NULL);
299  vrf = VrfEntry::kInvalidIndex;
300  mirror_vrf = VrfEntry::kInvalidIndex;
301  dest_vrf = 0;
302  component_nh_idx = (uint32_t)CompositeNH::kInvalidComponentNHIdx;
303  source_plen = 0;
304  dest_plen = 0;
305  drop_reason = 0;
306  vrf_assign_evaluated = false;
307  if_index_info = 0;
308  tunnel_info.Reset();
309  flow_source_plen_map.clear();
310  flow_dest_plen_map.clear();
311  enable_rpf = true;
312  rpf_nh.reset(NULL);
313  rpf_plen = Address::kMaxV4PrefixLen;
314  rpf_vrf = VrfEntry::kInvalidIndex;
315  disable_validation = false;
316  vm_cfg_name = "";
317  bgp_as_a_service_sport = 0;
318  bgp_as_a_service_dport = 0;
319  acl_assigned_vrf_index_ = VrfEntry::kInvalidIndex;
320  qos_config_idx = AgentQosConfigTable::kInvalidIndex;
321  ttl = 0;
322  src_policy_vrf = VrfEntry::kInvalidIndex;
323  src_policy_plen = 0;
324  dst_policy_vrf = VrfEntry::kInvalidIndex;
325  dst_policy_plen = 0;
326  allocated_port_ = 0;
327  underlay_gw_index_ = -1;
328 }
329 
330 static std::vector<std::string> MakeList(const VnListType &ilist) {
331  std::vector<std::string> olist;
332  for (VnListType::const_iterator it = ilist.begin();
333  it != ilist.end(); ++it) {
334  olist.push_back(*it);
335  }
336  return olist;
337 }
338 
339 std::vector<std::string> FlowData::SourceVnList() const {
340  return MakeList(source_vn_list);
341 }
342 
343 std::vector<std::string> FlowData::DestinationVnList() const {
344  return MakeList(dest_vn_list);
345 }
346 
347 std::vector<std::string> FlowData::OriginVnSrcList() const {
348  return MakeList(origin_vn_src_list);
349 }
350 
351 std::vector<std::string> FlowData::OriginVnDstList() const {
352  return MakeList(origin_vn_dst_list);
353 }
354 
356 // MatchPolicy constructor/destructor
358 MatchPolicy::MatchPolicy() {
359  Reset();
360 }
361 
362 MatchPolicy::~MatchPolicy() {
363 }
364 
365 void MatchPolicy::Reset() {
366  m_acl_l.clear();
367  policy_action = 0;
368  m_out_acl_l.clear();
369  out_policy_action = 0;
370  sg_policy.Reset();
371  m_mirror_acl_l.clear();
372  mirror_action = 0;
373  m_out_mirror_acl_l.clear();
374  out_mirror_action = 0;
375  m_vrf_assign_acl_l.clear();
376  vrf_assign_acl_action = 0;
377  aps_policy.Reset();
378  fwaas_policy.Reset();
379  action_info.Clear();
380 }
381 
382 void SessionPolicy::Reset() {
383  m_out_acl_l.clear();
384  out_rule_present = false;
385  out_action = 0;
386 
387  m_acl_l.clear();
388  rule_present = false;
389  action = 0;
390 
391  m_reverse_acl_l.clear();
392  reverse_rule_present = false;
393  reverse_action = 0;
394 
395  m_reverse_out_acl_l.clear();
396  reverse_out_rule_present = false;
397  reverse_out_action = 0;
398 
399  action_summary = 0;
400  rule_uuid_ = FlowEntry::FlowPolicyStateStr.at(FlowEntry::NOT_EVALUATED);
401  acl_name_ = "";
402 }
403 
404 void SessionPolicy::ResetRuleMatchInfo() {
405  rule_uuid_ = FlowEntry::FlowPolicyStateStr.at(FlowEntry::NOT_EVALUATED);
406  acl_name_ = "";
407 }
408 
409 void SessionPolicy::ResetAction() {
410  out_action = 0;
411  action = 0;
412  reverse_action = 0;
413  reverse_out_action = 0;
414  action_summary = 0;
415 }
416 
417 void SessionPolicy::ResetPolicy() {
418  rule_present = false;
419  m_acl_l.clear();
420 
421  out_rule_present = false;
422  m_out_acl_l.clear();
423 
424  reverse_rule_present = false;
425  m_reverse_acl_l.clear();
426 
427  reverse_out_rule_present = false;
428  m_reverse_out_acl_l.clear();
429  ResetRuleMatchInfo();
430 }
431 
433 // FlowEventLog constructor/destructor
435 FlowEventLog::FlowEventLog() : time_(0), event_(EVENT_MAXIMUM),
436  flow_handle_(FlowEntry::kInvalidFlowHandle), flow_gen_id_(0),
437  ksync_entry_(NULL), hash_id_(FlowEntry::kInvalidFlowHandle), gen_id_(0),
438  vrouter_flow_handle_(FlowEntry::kInvalidFlowHandle), vrouter_gen_id_(0) {
439 }
440 
441 FlowEventLog::~FlowEventLog() {
442 }
443 
445 // FlowEntry constructor/destructor
447 FlowEntry::FlowEntry(FlowTable *flow_table) :
448  flow_table_(flow_table), flags_(0),
449  tunnel_type_(TunnelType::INVALID),
450  fip_vmi_(AgentKey::ADD_DEL_CHANGE, nil_uuid(), ""),
451  flow_mgmt_request_(NULL), flow_mgmt_info_() {
452  // ksync entry is set to NULL only on constructor and on flow delete
453  // it should not have any other explicit set to NULL
454  ksync_entry_ = NULL;
455  Reset();
456  alloc_count_.fetch_and_increment();
457 }
458 
459 FlowEntry::~FlowEntry() {
460  assert(refcount_ == 0);
461  Reset();
462  alloc_count_.fetch_and_decrement();
463 }
464 
465 void FlowEntry::Reset() {
466  assert(ksync_entry_ == NULL);
467  uuid_ = flow_table_->rand_gen();
468  egress_uuid_ = flow_table_->rand_gen();
469  if (is_flags_set(FlowEntry::IngressDir)) {
470  const VmInterface *vm_intf =
471  dynamic_cast<const VmInterface *>(intf_entry());
472  if (vm_intf) {
473  vm_intf->update_flow_count(-2);
474  }
475  }
476  data_.Reset();
477  l3_flow_ = true;
478  gen_id_ = 0;
479  flow_handle_ = kInvalidFlowHandle;
480  reverse_flow_entry_ = NULL;
481  deleted_ = false;
482  flags_ = 0;
483  hbs_intf_ = FlowEntry::HBS_INTERFACE_INVALID;
484  short_flow_reason_ = SHORT_UNKNOWN;
485  peer_vrouter_ = "";
486  tunnel_type_ = TunnelType::INVALID;
487  on_tree_ = false;
488  fip_ = 0;
489  fip_vmi_ = VmInterfaceKey(AgentKey::ADD_DEL_CHANGE, nil_uuid(), "");
490  refcount_ = 0;
491  nw_ace_uuid_ = FlowPolicyStateStr.at(NOT_EVALUATED);
492  fsc_ = NULL;
493  trace_ = false;
494  event_logs_.reset();
495  event_log_index_ = 0;
496  last_event_ = FlowEvent::INVALID;
497  flow_retry_attempts_ = 0;
498  is_flow_on_unresolved_list = false;
499  pending_actions_.Reset();
500  assert(flow_mgmt_request_ == NULL);
501  assert(flow_mgmt_info_.get() == NULL);
502  transaction_id_ = 0;
503 }
504 
505 void FlowEntry::Reset(const FlowKey &k) {
506  Reset();
507  key_ = k;
508 }
509 
510 void FlowEntry::Init() {
511  alloc_count_ = 0;
512 }
513 
514 FlowEntry *FlowEntry::Allocate(const FlowKey &key, FlowTable *flow_table) {
515  // flow_table will be NULL for some UT cases
516  FlowEntry *flow;
517  if (flow_table == NULL) {
518  flow = new FlowEntry(flow_table);
519  flow->Reset(key);
520  } else {
521  flow = flow_table->free_list()->Allocate(key);
522  }
523 
524  flow->data_.in_vm_entry.Init(flow);
525  flow->data_.out_vm_entry.Init(flow);
526  return flow;
527 }
528 
529 // selectively copy fields from RHS
530 // When flow is being updated, rhs will be new flow allocated in PktFlowInfo
531 void FlowEntry::Copy(FlowEntry *rhs, bool update) {
532  if (update) {
533  rhs->data_.in_vm_entry.Reset(false);
534  rhs->data_.out_vm_entry.Reset(false);
535  } else {
536  // The operator= below will call VmFlowRef operator=. In case of flow
537  // eviction, we want to move ownership from rhs to lhs. However rhs is
538  // const ref in operator so, invode Move API to transfer ownership
539  data_.in_vm_entry.Move(&rhs->data_.in_vm_entry);
540  data_.out_vm_entry.Move(&rhs->data_.out_vm_entry);
541  }
542  data_ = rhs->data_;
543  flags_ = rhs->flags_;
544  hbs_intf_ = rhs->hbs_intf_;
545  short_flow_reason_ = rhs->short_flow_reason_;
546  nw_ace_uuid_ = rhs->nw_ace_uuid_;
547  peer_vrouter_ = rhs->peer_vrouter_;
548  tunnel_type_ = rhs->tunnel_type_;
549  fip_ = rhs->fip_;
550  fip_vmi_ = rhs->fip_vmi_;
551  last_event_ = rhs->last_event_;
552  flow_retry_attempts_ = rhs->flow_retry_attempts_;
553  trace_ = rhs->trace_;
554  if (update == false) {
555  gen_id_ = rhs->gen_id_;
556  flow_handle_ = rhs->flow_handle_;
557  /* Flow Entry is being re-used. Generate a new UUID for it. */
558  uuid_ = flow_table_->rand_gen();
559  egress_uuid_ = flow_table_->rand_gen();
560  }
561 }
562 
564 // Routines to initialize FlowEntry from PktControlInfo
566 void intrusive_ptr_add_ref(FlowEntry *fe) {
567  fe->refcount_.fetch_and_increment();
568 }
569 
570 void intrusive_ptr_release(FlowEntry *fe) {
571  FlowTable *flow_table = fe->flow_table();
572  int prev = fe->refcount_.fetch_and_decrement();
573  if (prev == 1) {
574  if (fe->on_tree()) {
575  if (flow_table->ConcurrencyCheck(flow_table->flow_task_id())
576  == false) {
577  FlowEntryPtr ref(fe);
578  FlowProto *proto=flow_table->agent()->pkt()->get_flow_proto();
579  proto->ForceEnqueueFreeFlowReference(ref);
580  return;
581  }
582  FlowTable::FlowEntryMap::iterator it =
583  flow_table->flow_entry_map_.find(fe->key());
584  assert(it != flow_table->flow_entry_map_.end());
585  flow_table->flow_entry_map_.erase(it);
586  flow_table->agent()->stats()->decr_flow_count();
587  }
588  flow_table->free_list()->Free(fe);
589  }
590 }
591 
592 // Helper Functions
593 static std::size_t HashCombine(std::size_t hash, uint64_t val) {
594  boost::hash_combine(hash, val);
595  return hash;
596 }
597 
598 static std::size_t HashIp(std::size_t hash, const IpAddress &ip) {
599  if (ip.is_v6()) {
600  uint64_t val[2];
601  Ip6AddressToU64Array(ip.to_v6(), val, 2);
602  hash = HashCombine(hash, val[0]);
603  hash = HashCombine(hash, val[1]);
604  } else if (ip.is_v4()) {
605  hash = HashCombine(hash, ip.to_v4().to_ulong());
606  } else {
607  assert(0);
608  }
609  return hash;
610 }
611 bool FlowEntry::InitFlowCmn(const PktFlowInfo *info, const PktControlInfo *ctrl,
612  const PktControlInfo *rev_ctrl,
613  FlowEntry *rflow) {
614  reverse_flow_entry_ = rflow;
615  reset_flags(FlowEntry::ReverseFlow);
616  peer_vrouter_ = info->peer_vrouter;
617  tunnel_type_ = info->tunnel_type;
618 
619  if (info->linklocal_flow) {
620  set_flags(FlowEntry::LinkLocalFlow);
621  } else {
622  reset_flags(FlowEntry::LinkLocalFlow);
623  }
624  if (info->nat_done) {
625  set_flags(FlowEntry::NatFlow);
626  } else {
627  reset_flags(FlowEntry::NatFlow);
628  }
629  if (info->short_flow) {
630  set_flags(FlowEntry::ShortFlow);
631  short_flow_reason_ = info->short_flow_reason;
632  } else {
633  reset_flags(FlowEntry::ShortFlow);
634  short_flow_reason_ = SHORT_UNKNOWN;
635  }
636  if (info->local_flow) {
637  set_flags(FlowEntry::LocalFlow);
638  } else {
639  reset_flags(FlowEntry::LocalFlow);
640  }
641 
642  if (info->tcp_ack) {
643  set_flags(FlowEntry::TcpAckFlow);
644  } else {
645  reset_flags(FlowEntry::TcpAckFlow);
646  }
647  if (info->bgp_router_service_flow) {
648  set_flags(FlowEntry::BgpRouterService);
649  data_.bgp_as_a_service_sport = info->nat_sport;
650  data_.bgp_as_a_service_dport = info->nat_dport;
651  } else {
652  reset_flags(FlowEntry::BgpRouterService);
653  data_.bgp_as_a_service_sport = 0;
654  data_.bgp_as_a_service_dport = 0;
655  }
656 
657  if (info->alias_ip_flow) {
658  set_flags(FlowEntry::AliasIpFlow);
659  } else {
660  reset_flags(FlowEntry::AliasIpFlow);
661  }
662 
663  if (info->underlay_flow) {
664  set_flags(FlowEntry::FabricFlow);
665  } else {
666  reset_flags(FlowEntry::FabricFlow);
667  }
668 
669  if (IsFabricControlFlow()) {
670  set_flags(FlowEntry::FabricControlFlow);
671  } else {
672  reset_flags(FlowEntry::FabricControlFlow);
673  }
674 
675  data_.intf_entry = ctrl->intf_ ? ctrl->intf_ : rev_ctrl->intf_;
676  data_.vn_entry = ctrl->vn_ ? ctrl->vn_ : rev_ctrl->vn_;
677  data_.in_vm_entry.SetVm(ctrl->vm_);
678  data_.out_vm_entry.SetVm(rev_ctrl->vm_);
679  l3_flow_ = info->l3_flow;
680  data_.acl_assigned_vrf_index_ = VrfEntry::kInvalidIndex;
681 
682  return true;
683 }
684 
685 void FlowEntry::InitFwdFlow(const PktFlowInfo *info, const PktInfo *pkt,
686  const PktControlInfo *ctrl,
687  const PktControlInfo *rev_ctrl,
688  FlowEntry *rflow, Agent *agent) {
689  gen_id_ = pkt->GetAgentHdr().cmd_param_5;
690  flow_handle_ = pkt->GetAgentHdr().cmd_param;
691  if (InitFlowCmn(info, ctrl, rev_ctrl, rflow) == false) {
692  return;
693  }
694  if (info->linklocal_bind_local_port) {
695  set_flags(FlowEntry::LinkLocalBindLocalSrcPort);
696  } else {
697  reset_flags(FlowEntry::LinkLocalBindLocalSrcPort);
698  }
699  uint32_t intf_in = pkt->GetAgentHdr().ifindex;
700  data_.vm_cfg_name = InterfaceIdToVmCfgName(agent, intf_in);
701 
702  if (info->port_allocated) {
703  data_.allocated_port_ = info->nat_sport;
704  }
705 
706  if (info->ingress) {
707  set_flags(FlowEntry::IngressDir);
708  } else {
709  reset_flags(FlowEntry::IngressDir);
710  }
711  data_.disable_validation = info->disable_validation;
712  if (ctrl->rt_ != NULL) {
713  RpfInit(ctrl->rt_, pkt->ip_saddr);
714  }
715  data_.ttl = info->ttl;
716  if (info->bgp_router_service_flow) {
717  if (info->ttl == 1) {
718  data_.ttl = BGP_SERVICE_TTL_FWD_FLOW;
719  }
720  }
721 
722  data_.flow_source_vrf = info->flow_source_vrf;
723  data_.flow_dest_vrf = info->flow_dest_vrf;
724  data_.flow_source_plen_map = info->flow_source_plen_map;
725  data_.flow_dest_plen_map = info->flow_dest_plen_map;
726  data_.dest_vrf = info->dest_vrf;
727  data_.vrf = pkt->vrf;
728  data_.if_index_info = pkt->agent_hdr.ifindex;
729  data_.tunnel_info = pkt->tunnel;
730 
731  if (info->ecmp) {
732  set_flags(FlowEntry::EcmpFlow);
733  } else {
734  reset_flags(FlowEntry::EcmpFlow);
735  }
736 
737  data_.component_nh_idx = info->out_component_nh_idx;
738  reset_flags(FlowEntry::Trap);
739  if (ctrl->rt_ && ctrl->rt_->is_multicast()) {
740  set_flags(FlowEntry::Multicast);
741  }
742  if (rev_ctrl->rt_ && rev_ctrl->rt_->is_multicast()) {
743  set_flags(FlowEntry::Multicast);
744  }
745 
746  data_.src_policy_vrf = info->src_policy_vrf;
747  data_.dst_policy_vrf = info->dst_policy_vrf;
748 
749  reset_flags(FlowEntry::UnknownUnicastFlood);
750  if (info->flood_unknown_unicast) {
751  set_flags(FlowEntry::UnknownUnicastFlood);
752  if (info->ingress) {
753  GetSourceRouteInfo(ctrl->rt_);
754  } else {
755  GetSourceRouteInfo(rev_ctrl->rt_);
756  }
757  data_.dest_vn_list = data_.source_vn_list;
758  } else {
759  GetSourceRouteInfo(ctrl->rt_);
760  GetDestRouteInfo(rev_ctrl->rt_);
761  }
762 
763  data_.smac = pkt->smac;
764  data_.dmac = pkt->dmac;
765 
766  if (is_flags_set(FlowEntry::IngressDir)) {
767  const VmInterface *vm_intf =
768  dynamic_cast<const VmInterface *>(intf_entry());
769  if (vm_intf) {
770  vm_intf->update_flow_count(2);
771  }
772  }
773 
774  data_.underlay_gw_index_ = GetUnderlayGwIndex(intf_in,
775  info->pkt->ip_saddr, info->pkt->ip_daddr,
776  info->pkt->ip_proto, info->pkt->sport, info->pkt->dport);
777 }
778 
779 void FlowEntry::InitRevFlow(const PktFlowInfo *info, const PktInfo *pkt,
780  const PktControlInfo *ctrl,
781  const PktControlInfo *rev_ctrl,
782  FlowEntry *rflow, Agent *agent) {
783  uint32_t intf_in;
784  if (InitFlowCmn(info, ctrl, rev_ctrl, rflow) == false) {
785  return;
786  }
787  set_flags(FlowEntry::ReverseFlow);
788  if (ctrl->intf_) {
789  intf_in = ctrl->intf_->id();
790  } else {
791  intf_in = Interface::kInvalidIndex;
792  }
793  data_.vm_cfg_name = InterfaceIdToVmCfgName(agent, intf_in);
794 
795  // Compute reverse flow fields
796  reset_flags(FlowEntry::IngressDir);
797  if (ctrl->intf_) {
798  if (info->ComputeDirection(ctrl->intf_)) {
799  set_flags(FlowEntry::IngressDir);
800  } else {
801  reset_flags(FlowEntry::IngressDir);
802  }
803  }
804  data_.disable_validation = info->disable_validation;
805  if (ctrl->rt_ != NULL) {
806  RpfInit(ctrl->rt_, pkt->ip_daddr);
807  }
808 
809  if (info->bgp_router_service_flow) {
810  if ((info->ttl == 1)|| (info->ttl == BGP_SERVICE_TTL_FWD_FLOW)) {
811  data_.ttl = BGP_SERVICE_TTL_REV_FLOW;
812  }
813  }
814 
815  data_.flow_source_vrf = info->flow_dest_vrf;
816  data_.flow_dest_vrf = info->flow_source_vrf;
817  data_.flow_source_plen_map = info->flow_dest_plen_map;
818  data_.flow_dest_plen_map = info->flow_source_plen_map;
819  data_.vrf = info->dest_vrf;
820 
821  if (!info->nat_done) {
822  data_.dest_vrf = info->flow_source_vrf;
823  } else {
824  data_.dest_vrf = info->nat_dest_vrf;
825  }
826  if (info->ecmp) {
827  set_flags(FlowEntry::EcmpFlow);
828  } else {
829  reset_flags(FlowEntry::EcmpFlow);
830  }
831  data_.component_nh_idx = CompositeNH::kInvalidComponentNHIdx;
832 
833  data_.src_policy_vrf = info->dst_policy_vrf;
834  data_.dst_policy_vrf = info->src_policy_vrf;
835 
836  reset_flags(FlowEntry::UnknownUnicastFlood);
837  if (info->flood_unknown_unicast) {
838  set_flags(FlowEntry::UnknownUnicastFlood);
839  if (info->ingress) {
840  GetSourceRouteInfo(rev_ctrl->rt_);
841  } else {
842  GetSourceRouteInfo(ctrl->rt_);
843  }
844  //Set source VN and dest VN to be same
845  //since flooding happens only for layer2 routes
846  //SG id would be left empty, user who wants
847  //unknown unicast to happen should modify the
848  //SG to allow such traffic
849  data_.dest_vn_list = data_.source_vn_list;
850  } else {
851  GetSourceRouteInfo(ctrl->rt_);
852  GetDestRouteInfo(rev_ctrl->rt_);
853  }
854 
855  data_.smac = pkt->dmac;
856  data_.dmac = pkt->smac;
857 
858  if (is_flags_set(FlowEntry::IngressDir)) {
859  const VmInterface *vm_intf =
860  dynamic_cast<const VmInterface *>(intf_entry());
861  if (vm_intf) {
862  vm_intf->update_flow_count(2);
863  }
864  }
865 
866  data_.underlay_gw_index_ = GetUnderlayGwIndex(intf_in,
867  info->pkt->ip_saddr, info->pkt->ip_daddr,
868  info->pkt->ip_proto, info->pkt->sport, info->pkt->dport);
869 }
870 
871 void FlowEntry::InitAuditFlow(uint32_t flow_idx, uint8_t gen_id) {
872  gen_id_ = gen_id;
873  flow_handle_ = flow_idx;
874  set_flags(FlowEntry::ShortFlow);
875  short_flow_reason_ = SHORT_AUDIT_ENTRY;
876  data_.source_vn_list = FlowHandler::UnknownVnList();
877  data_.dest_vn_list = FlowHandler::UnknownVnList();
878  data_.origin_vn_src_list = FlowHandler::UnknownVnList();
879  data_.origin_vn_dst_list = FlowHandler::UnknownVnList();
880  data_.source_sg_id_l = default_sg_list();
881  data_.dest_sg_id_l = default_sg_list();
882 }
883 
884 
885 // Fabric control flows are following,
886 // - XMPP connection to control node
887 // - SSH connection to vhost
888 // - Ping to vhost
889 // - Introspect to vhost
890 // - Port-IPC connection to vhost
891 // - Contrail-Status UVE
892 // TODO : Review this
893 bool FlowEntry::IsFabricControlFlow() const {
894  Agent *agent = flow_table()->agent();
895  if (agent->get_vhost_disable_policy()) {
896  return false;
897  }
898 
899  if (key_.dst_addr.is_v4() == false) {
900  return false;
901  }
902 
903  if (IsNatFlow()) {
904  return false;
905  }
906 
907  if (key_.protocol == IPPROTO_TCP) {
908  if (key_.src_addr == agent->router_id()) {
909  for (int i = 0; i < MAX_XMPP_SERVERS; i++) {
910  if (key_.dst_addr.to_string() !=
911  agent->controller_ifmap_xmpp_server(i))
912  continue;
913  if (key_.dst_port == agent->controller_ifmap_xmpp_port(i)) {
914  return true;
915  }
916  }
917 
918  for (int i = 0; i < MAX_XMPP_SERVERS; i++) {
919  if (key_.dst_addr.to_string() !=
920  agent->dns_server(i))
921  continue;
922  if (key_.dst_port == ContrailPorts::DnsXmpp()) {
923  return true;
924  }
925 
926  if (key_.dst_port == agent->dns_server_port(i)) {
927  return true;
928  }
929  }
930 
931  std::ostringstream collector;
932  collector << key_.dst_addr.to_string() << ":" <<
933  ContrailPorts::CollectorPort();
934  std::vector<string>::const_iterator it =
935  agent->GetCollectorlist().begin();
936  for(; it != agent->GetCollectorlist().end(); it++) {
937  if (collector.str() == *it) {
938  return true;
939  }
940  }
941 
942  Ip4Address metadata_fabric_ip;
943  uint16_t metadata_fabric_port = 0;
944  IpAddress local_ip;
945  uint16_t local_port = 0;
946  std::string nova_hostname;
947  agent->oper_db()->global_vrouter()->
948  FindLinkLocalService(GlobalVrouter::kMetadataService,
949  &local_ip, &local_port,
950  &nova_hostname,
951  &metadata_fabric_ip,
952  &metadata_fabric_port);
953  if (key_.dst_addr.to_v4() == metadata_fabric_ip &&
954  key_.dst_port == metadata_fabric_port) {
955  return true;
956  }
957  }
958 
959 
960  if (key_.dst_addr == agent->router_id()) {
961  return (key_.dst_port == 22);
962  }
963 
964  if (key_.src_addr == agent->router_id()) {
965  return (key_.src_port == 22);
966  }
967  return false;
968  }
969 
970  if (key_.protocol == IPPROTO_ICMP) {
971  return (key_.src_addr == agent->router_id() ||
972  key_.dst_addr == agent->router_id());
973  }
974 
975  return false;
976 }
977 
979 // Utility routines
981 // Find L2 Route for the MAC address.
982 AgentRoute *FlowEntry::GetL2Route(const VrfEntry *vrf,
983  const MacAddress &mac) {
984  BridgeAgentRouteTable *table = static_cast<BridgeAgentRouteTable *>
985  (vrf->GetBridgeRouteTable());
986  return table->FindRouteNoLock(mac);
987 }
988 
989 AgentRoute *FlowEntry::GetUcRoute(const VrfEntry *entry,
990  const IpAddress &addr) {
991  AgentRoute *rt = NULL;
992  if (addr.is_v4()) {
993  InetUnicastRouteEntry key(NULL, addr, 32, false);
994  rt = entry->GetUcRoute(key);
995  } else {
996  InetUnicastRouteEntry key(NULL, addr, 128, false);
997  rt = entry->GetUcRoute(key);
998  }
999  if (rt != NULL && rt->IsRPFInvalid()) {
1000  return NULL;
1001  }
1002  return rt;
1003 }
1004 
1005 AgentRoute *FlowEntry::GetEvpnRoute(const VrfEntry *vrf,
1006  const MacAddress &mac,
1007  const IpAddress &ip,
1008  uint32_t ethernet_tag) {
1009  EvpnAgentRouteTable *table = static_cast<EvpnAgentRouteTable *>(
1010  vrf->GetEvpnRouteTable());
1011  return table->FindRouteNoLock(mac, ip,
1012  EvpnAgentRouteTable::ComputeHostIpPlen(ip),
1013  ethernet_tag);
1014 }
1015 
1016 uint32_t FlowEntry::reverse_flow_fip() const {
1017  FlowEntry *rflow = reverse_flow_entry_.get();
1018  if (rflow) {
1019  return rflow->fip();
1020  }
1021  return 0;
1022 }
1023 
1024 VmInterfaceKey FlowEntry::reverse_flow_vmi() const {
1025  FlowEntry *rflow = reverse_flow_entry_.get();
1026  if (rflow) {
1027  return rflow->fip_vmi();
1028  }
1029  return VmInterfaceKey(AgentKey::ADD_DEL_CHANGE, nil_uuid(), "");
1030 }
1031 
1032 void FlowEntry::UpdateFipStatsInfo(uint32_t fip, uint32_t id, Agent *agent) {
1033  fip_ = fip;
1034  fip_vmi_ = InterfaceIdToKey(agent, id);
1035 }
1036 
1037 void FlowEntry::set_flow_handle(uint32_t flow_handle, uint8_t gen_id) {
1038  if (flow_handle_ != flow_handle) {
1039  assert(flow_handle_ == kInvalidFlowHandle);
1040  flow_handle_ = flow_handle;
1041  }
1042  gen_id_ = gen_id;
1043 }
1044 
1045 const std::string& FlowEntry::acl_assigned_vrf() const {
1046  return data_.match_p.action_info.vrf_translate_action_.vrf_name();
1047 }
1048 
1049 void FlowEntry::set_acl_assigned_vrf_index() {
1050  VrfKey vrf_key(data_.match_p.action_info.vrf_translate_action_.vrf_name());
1051  const VrfEntry *vrf = static_cast<const VrfEntry *>(
1052  flow_table()->agent()->vrf_table()->FindActiveEntry(&vrf_key));
1053  if (vrf) {
1054  data_.acl_assigned_vrf_index_ = vrf->vrf_id();
1055  bool set_dest_vrf = true;
1056  if (is_flags_set(FlowEntry::NatFlow) &&
1057  reverse_flow_entry() &&
1058  key().dst_addr != reverse_flow_entry()->key().src_addr) {
1059  //Packet is getting DNATed, VRF assign ACL action
1060  //is applied on floating-ip VN and the destination VRF should
1061  //be retained as interface VRF
1062  set_dest_vrf = false;
1063  }
1064 
1065  if (set_dest_vrf) {
1066  data_.dest_vrf = vrf->vrf_id();
1067  }
1068  return;
1069  }
1070  data_.acl_assigned_vrf_index_ = VrfEntry::kInvalidIndex;
1071 }
1072 
1073 uint32_t FlowEntry::acl_assigned_vrf_index() const {
1074  return data_.acl_assigned_vrf_index_;
1075 }
1076 
1077 void FlowEntry::RevFlowDepInfo(RevFlowDepParams *params) {
1078  params->sip_ = key().src_addr;
1079  FlowEntry *rev_flow = reverse_flow_entry();
1080  if (rev_flow) {
1081  params->rev_uuid_ = rev_flow->uuid();
1082  params->vm_cfg_name_ = rev_flow->data().vm_cfg_name;
1083  params->sg_uuid_ = rev_flow->sg_rule_uuid();
1084  params->rev_egress_uuid_ = rev_flow->egress_uuid();
1085  params->nw_ace_uuid_ = rev_flow->nw_ace_uuid();
1086  params->drop_reason_ = rev_flow->data().drop_reason;
1087  params->action_info_ = rev_flow->data().match_p.action_info;
1088  if (rev_flow->intf_entry()) {
1089  const VmInterface *vmi =
1090  dynamic_cast<const VmInterface *>(rev_flow->intf_entry());
1091  if (vmi) {
1092  params->vmi_uuid_ = UuidToString(vmi->vmi_cfg_uuid());
1093  } else {
1094  params->vmi_uuid_ = UuidToString(rev_flow->intf_entry()->
1095  GetUuid());
1096  }
1097  }
1098 
1099  if (key().family != Address::INET) {
1100  return;
1101  }
1102  if (is_flags_set(FlowEntry::NatFlow) &&
1103  is_flags_set(FlowEntry::IngressDir)) {
1104  const FlowKey *nat_key = &rev_flow->key();
1105  if (key().src_addr != nat_key->dst_addr) {
1106  params->sip_ = nat_key->dst_addr;
1107  }
1108  }
1109  }
1110 }
1111 
1112 bool FlowEntry::ShouldDrop(uint32_t action) {
1113  if (action & TrafficAction::DROP_FLAGS)
1114  return true;
1115 
1116  if (action & TrafficAction::IMPLICIT_DENY_FLAGS)
1117  return true;
1118 
1119  return false;
1120 }
1121 
1123 // Flow RPF
1124 //
1125 // VRouter enforces RPF check based on RPF-NH programmed in the flow. The RPF
1126 // NH can be of two types,
1127 // - Unicast NH :
1128 // In this case, VRouter matches with incoming interface/tunnel-src with
1129 // RPF NH the flow
1130 //
1131 // - ECMP NH :
1132 // In this case, VRouter picks an ECMP component-nh and matches with incoming
1133 // interface/tunnel-src. The index for component-nh is got from reverse flow.
1134 //
1135 // RPF-NH cases
1136 // ------------
1137 // 1. Baremetals
1138 // Agent is not aware of IP address assigned for baremetals. So, RPF check
1139 // for baremetals is based on the L2-Route
1140 //
1141 // 2. Layer-2 Flows
1142 // If agent know the Inet route for source-ip in packet, RPF is based on
1143 // the Inet route for source-ip. There are some exceptions for this rule,
1144 // - If Inet route for source-ip is ECMP, then RPF is based on layer-2 route
1145 // - If Inet route for source-ip is not-host route, then RPF is based on
1146 // layer-2 routes
1147 //
1148 // If packet is from BMS (egress flow), its possible that agent does not
1149 // know IP address for BMS. In such case, RPF is based on L2-Route
1150 //
1151 // 3. Layer-3 Flows from VMI
1152 // RPF check will be based on the InterfaceNH for VMI
1153 //
1154 // 4. Layer-3 Flows from Fabric with unicast-NH
1155 // The unicast-nh is used as RPF-NH
1156 //
1157 // 5. Layer-3 Flows from Fabric with composite-NH
1158 // VRouter picks NH from flow and the ecmp-index from reverse flow.
1159 //
1160 // The ecmp-index in reverse is computed based on route for dest-ip in
1161 // VRF got post VRF translation if any
1162 //
1163 // Note, the RPF must be picked post VRF translation since order of members
1164 // in Composite-NH may vary across VRF
1165 //
1166 // Route Tracking
1167 // --------------
1168 // Flow Management should track the route for ip1 in vrf4 to update RPF-NH
1169 //
1170 // RPF Computation
1171 // ---------------
1172 // RPF computation happens in two stages
1173 // 1. FlowEntry creation (RpfInit):
1174 // Called during FlowEntry init. Computes src_ip_nh for flow.
1175 //
1176 // For layer-2 flows, RPF-NH Is same as src_ip_nh
1177 // For Non-ECMP layer-3 flows, RPF-NH is same as src_ip_nh
1178 // For ECMP layer-3 flows, RPF-NH must be computed only after VRF
1179 // translation is computed for reverse flow.
1180 //
1181 // 2. Post ACL processing (RpfUpdate):
1182 // Post ACL processing, all VRF translation rules are identified.
1183 // The RPF-NH is computed in this method.
1185 // Utility method to set rpf_vrf and rpf_plen fields
1186 static void SetRpfFieldsInternal(FlowEntry *flow, const AgentRoute *rt) {
1187  // If there is no route, we should track default route
1188  if (rt == NULL) {
1189  flow->data().rpf_vrf = flow->data().vrf;
1190  flow->data().rpf_plen = 0;
1191  return;
1192  }
1193 
1194  const InetUnicastRouteEntry *inet_rt =
1195  dynamic_cast<const InetUnicastRouteEntry *>(rt);
1196  if (inet_rt) {
1197  flow->data().rpf_vrf = inet_rt->vrf()->vrf_id();
1198  flow->data().rpf_plen = inet_rt->prefix_length();
1199  return;
1200  }
1201 
1202  if (!flow->l3_flow()) {
1203  flow->data().rpf_vrf = rt->vrf()->vrf_id();
1204  /*
1205  * For L2 flows also plen is found using GetUCRoute
1206  * plen is stored in L2 route entry
1207  * this changed to address CEM-27722
1208  */
1209  const BridgeRouteEntry *bridge_rt =
1210  dynamic_cast<const BridgeRouteEntry *>(rt);
1211  if (bridge_rt != NULL) {
1212  BridgeRouteEntry *temp = const_cast<BridgeRouteEntry *>(bridge_rt);
1213  flow->data().rpf_plen = temp->prefix_length();
1214  }
1215  return;
1216  }
1217  // Route is not INET. Dont track any route
1218  flow->data().rpf_vrf = VrfEntry::kInvalidIndex;
1219  flow->data().rpf_plen = 0;
1220  return;
1221 }
1222 
1223 // Utility method to set src_ip_nh fields
1224 void FlowEntry::RpfSetSrcIpNhFields(const AgentRoute *rt,
1225  const NextHop *src_ip_nh) {
1226  data_.src_ip_nh.reset(src_ip_nh);
1227  SetRpfFieldsInternal(this, rt);
1228  return;
1229 }
1230 
1231 void FlowEntry::RpfSetRpfNhFields(const NextHop *rpf_nh) {
1232  data_.rpf_nh.reset(rpf_nh);
1233 }
1234 
1235 // Utility method to set rpf_nh fields
1236 void FlowEntry::RpfSetRpfNhFields(const AgentRoute *rt, const NextHop *rpf_nh) {
1237  data_.rpf_nh.reset(rpf_nh);
1238  SetRpfFieldsInternal(this, rt);
1239  return;
1240 }
1241 
1242 // This method is called when flow is initialized. The RPF-NH cannot be
1243 // computed at this stage since we dont know if reverse flow has VRF
1244 // translation or not.
1245 // This method only sets src_ip_nh field
1246 //
1247 // In case of layer-3 flow "rt" is inet route for source-ip in source-vrf
1248 // In case of layer-2 flow "rt" is l2 route for smac in source-vrf
1249 void FlowEntry::RpfInit(const AgentRoute *rt, const IpAddress &sip) {
1250  // Set src_ip_nh based on rt first
1251  RpfSetSrcIpNhFields(rt, rt->GetActiveNextHop());
1252 
1253  // RPF enabled?
1254  bool rpf_enable = true;
1255  if (data_.vn_entry && data_.vn_entry->enable_rpf() == false)
1256  rpf_enable = false;
1257  if (data_.disable_validation)
1258  rpf_enable = false;
1259 
1260  // The src_ip_nh can change below only for l2 flows
1261  // For l3-flow, rt will already be a INET route
1262  if (l3_flow())
1263  return;
1264 
1265  // For layer-2 flows, we use l2-route for RPF in following cases
1266  // 1. Interface is of type BAREMETAL (ToR/TSN only)
1267  //
1268  // 2. ECMP is not supported for l2-flows. If src-ip lookup resulted in
1269  // ECMP-NH fallback to the original l2-route
1270  //
1271  // 3. In case of OVS, ToR will export layer-2 route and MX will export a
1272  // layer-3 subnet route covering all the ToRs. In this case, when ToR
1273  // send layer-2 packet the layer-3 route will point to MX and RPF fails.
1274  // Assuming MX only gives subnet-route, use inet-route only if its
1275  // host-route
1276  // 4. Its an egress flow and there is no route for IP address
1277  const VmInterface *vmi =
1278  dynamic_cast<const VmInterface *>(intf_entry());
1279  if (vmi && vmi->vmi_type() == VmInterface::BAREMETAL) {
1280  return;
1281  }
1282 
1283  VrfEntry *vrf = rt->vrf();
1284  const InetUnicastRouteEntry *src_ip_rt =
1285  static_cast<InetUnicastRouteEntry *>
1286  (FlowEntry::GetUcRoute(vrf, sip));
1287 
1288  if (src_ip_rt == NULL) {
1289  // For egress flow, with no l3-route then do rpf based on l2-route
1290  // For ingress flow, with no l3-route, make it short flow
1291  if (rpf_enable && IsIngressFlow()) {
1292  set_flags(FlowEntry::ShortFlow);
1293  short_flow_reason_ = SHORT_NO_SRC_ROUTE_L2RPF;
1294  }
1295  return;
1296  }
1297 
1298  if (src_ip_rt->IsHostRoute() == false)
1299  return;
1300 
1301  const NextHop *src_ip_nh = src_ip_rt->GetActiveNextHop();
1302  if ((src_ip_nh != NULL) && src_ip_nh->GetType() == NextHop::COMPOSITE)
1303  return;
1304 
1305  RpfSetSrcIpNhFields(src_ip_rt, src_ip_nh);
1306  return;
1307 }
1308 
1309 // Should src_ip_nh be treated as RPF-NH
1310 bool FlowEntry::RpfFromSrcIpNh() const {
1311  // For l2-flows, src_ip_nh is same as RPF-NH
1312  if (l3_flow() == false)
1313  return true;
1314 
1315  // Dont bother about RPF for short-flows
1316  if (is_flags_set(FlowEntry::ShortFlow))
1317  return true;
1318 
1319  // rpf-nh can change only in case of composite
1320  if (data_.src_ip_nh->GetType() != NextHop::COMPOSITE)
1321  return true;
1322 
1323  const FlowEntry *rflow = reverse_flow_entry();
1324  if (rflow == NULL) {
1325  FlowInfo flow_info;
1326  FillFlowInfo(flow_info);
1327  FLOW_TRACE(Trace, "Invalid reverse flow for setting ECMP index",
1328  flow_info);
1329  return true;
1330  }
1331 
1332  return false;
1333 }
1334 
1335 void FlowEntry::RpfComputeIngress() {
1336  const NextHop *nh = NULL;
1337  // If we are here, its guaranteed that src_ip_nh is composite
1338  const CompositeNH *cnh =
1339  dynamic_cast<const CompositeNH *>(data_.src_ip_nh.get());
1340  assert(cnh != NULL);
1341 
1342  // Use flow_key_nh if VMI is part of composite. Else its guaranteed
1343  // that RPF will fail for flow. So, use discard-nh for RPF
1344  const VmInterface *vmi =
1345  dynamic_cast<const VmInterface *>(intf_entry());
1346  if (cnh->HasVmInterface(vmi)) {
1347  nh = vmi->flow_key_nh();
1348  } else {
1349  nh = data_.src_ip_nh.get();
1350  }
1351 
1352  // Change only the RPF-NH. The vrf and plen dont change here
1353  RpfSetRpfNhFields(nh);
1354  return;
1355 }
1356 
1357 void FlowEntry::RpfComputeEgress() {
1358  const FlowEntry *rflow = reverse_flow_entry();
1359 
1360  // RPF-NH can change only if VRF in forward flow and translated VRF in
1361  // reverse flow are different
1362  if (rflow->data().flow_dest_vrf == data_.vrf) {
1363  RpfSetRpfNhFields(data_.src_ip_nh.get());
1364  return;
1365  }
1366 
1367  // Find destination VRF from reverse flow
1368  const VrfEntry *vrf = rflow->GetDestinationVrf();
1369  if (vrf == NULL) {
1370  FlowInfo flow_info;
1371  FillFlowInfo(flow_info);
1372  FLOW_TRACE(Trace, "Error setting RPF NH. Destination VRF not found "
1373  "in reverse flow", flow_info);
1374  return;
1375  }
1376 
1377  InetUnicastRouteEntry *rt = static_cast<InetUnicastRouteEntry *>
1378  (FlowEntry::GetUcRoute(vrf, key().src_addr));
1379  if (!rt) {
1380  FlowInfo flow_info;
1381  FillFlowInfo(flow_info);
1382  FLOW_TRACE(Trace, "Error setting RPF NH. Route not found in "
1383  "destination vrf", flow_info);
1384  return;
1385  }
1386 
1387  RpfSetRpfNhFields(rt, rt->GetActiveNextHop());
1388  return;
1389 }
1390 
1391 // Computes RPF-NH for flow based on ip_src_nh
1392 // Must be called after policy lookup is done
1393 void FlowEntry::RpfUpdate() {
1394  // Is RPF check enabled?
1395  data_.enable_rpf = true;
1396  if (data_.vn_entry) {
1397  data_.enable_rpf = data_.vn_entry->enable_rpf();
1398  }
1399 
1400  if (data_.disable_validation) {
1401  data_.enable_rpf = false;
1402  }
1403 
1404  if (data_.enable_rpf == false) {
1405  data_.rpf_nh = NULL;
1406  return;
1407  }
1408 
1409  if (RpfFromSrcIpNh()) {
1410  data_.rpf_nh = data_.src_ip_nh;
1411  return;
1412  }
1413 
1414  if (is_flags_set(FlowEntry::IngressDir)) {
1415  RpfComputeIngress();
1416  } else {
1417  RpfComputeEgress();
1418  }
1419 }
1420 
1421 bool FlowEntry::IsClientFlow() {
1422  /*
1423  * If the flow is Local + Ingress + Forward
1424  * then it will be considered as client session
1425  */
1426  if ((is_flags_set(FlowEntry::LocalFlow)) &&
1427  (is_flags_set(FlowEntry::IngressDir)) &&
1428  (!(is_flags_set(FlowEntry::ReverseFlow)))) {
1429  return true;
1430  }
1431  /*
1432  * If the flow is (Ingress + Forward) OR
1433  * (Egress + Reverse)
1434  * then it will be consideres as client session
1435  */
1436  if (is_flags_set(FlowEntry::IngressDir)) {
1437  if (!(is_flags_set(FlowEntry::ReverseFlow))) {
1438  return true;
1439  }
1440  } else {
1441  if (is_flags_set(FlowEntry::ReverseFlow)) {
1442  return true;
1443  }
1444  }
1445  return false;
1446 }
1447 
1448 bool FlowEntry::IsServerFlow() {
1449  /*
1450  * If the flow is Local + Ingress + Reverse
1451  * then it will be considered as server session
1452  */
1453  if ((is_flags_set(FlowEntry::LocalFlow)) &&
1454  (is_flags_set(FlowEntry::IngressDir)) &&
1455  (is_flags_set(FlowEntry::ReverseFlow))) {
1456  return true;
1457  }
1458  /*
1459  * If the flow is (Egress + Forward) OR
1460  * (Ingress + Reverse)
1461  * then it will be consideres as server session
1462  */
1463  if (!(is_flags_set(FlowEntry::IngressDir))) {
1464  if (!(is_flags_set(FlowEntry::ReverseFlow))) {
1465  return true;
1466  }
1467  } else {
1468  if (is_flags_set(FlowEntry::ReverseFlow)) {
1469  return true;
1470  }
1471  }
1472  return false;
1473 }
1475 // Flow entry fileds updation routines
1477 std::string FlowEntry::DropReasonStr(uint16_t reason) {
1478  std::map<uint16_t, const char*>::const_iterator it =
1479  FlowDropReasonStr.find(reason);
1480  if (it != FlowDropReasonStr.end()) {
1481  return string(it->second);
1482  }
1483  return "UNKNOWN";
1484 }
1485 
1486 // Get src-vn/sg-id/plen from route
1487 // src-vn and sg-id are used for policy lookup
1488 // plen is used to track the routes to use by flow_mgmt module
1489 void FlowEntry::GetSourceRouteInfo(const AgentRoute *rt) {
1490  Agent *agent = flow_table()->agent();
1491  const InetUnicastRouteEntry *inet_rt =
1492  dynamic_cast<const InetUnicastRouteEntry *>(rt);
1493 
1494  if (inet_rt && is_flags_set(FlowEntry::FabricFlow)) {
1495  const VrfEntry *policy_vrf =
1496  static_cast<const VrfEntry *>(agent->
1497  vrf_table()->FindVrfFromId(data_.src_policy_vrf));
1498 
1499  //Policy lookup needs to happen in Policy VRF
1500  AgentRoute *new_rt = GetUcRoute(policy_vrf,
1501  inet_rt->prefix_address());
1502  data_.src_policy_plen = 0;
1503  if (new_rt) {
1504  rt = new_rt;
1505  inet_rt = dynamic_cast<const InetUnicastRouteEntry *>(new_rt);
1506  data_.src_policy_plen = inet_rt->prefix_length();
1507  data_.src_policy_vrf = inet_rt->vrf()->vrf_id();
1508  }
1509  }
1510 
1511  const AgentPath *path = NULL;
1512  if (rt) {
1513  path = rt->GetActivePath();
1514  }
1515  if (path == NULL) {
1516  data_.source_vn_list = FlowHandler::UnknownVnList();
1517  data_.source_vn_match = FlowHandler::UnknownVn();
1518  data_.source_sg_id_l = default_sg_list();
1519  data_.source_plen = 0;
1520  data_.origin_vn_src_list = FlowHandler::UnknownVnList();
1521  data_.origin_vn_src = FlowHandler::UnknownVn();
1522  } else {
1523  data_.source_vn_list = path->dest_vn_list();
1524  if (path->dest_vn_list().size())
1525  data_.source_vn_match = *path->dest_vn_list().begin();
1526  data_.origin_vn_src = path->origin_vn();
1527  if (!path->origin_vn().empty()) {
1528  data_.origin_vn_src_list.insert(path->origin_vn());
1529  }
1530  data_.source_sg_id_l = path->sg_list();
1531  data_.source_plen = rt->prefix_length();
1532  data_.source_tag_id_l = path->tag_list();
1533  }
1534  /* Handle case when default route NextHop points to vrf */
1535  if (rt) {
1536  const NextHop *anh = rt->GetActiveNextHop();
1537  if (anh && anh->GetType() == NextHop::VRF) {
1538  const VrfNH *nh =
1539  static_cast<const VrfNH *>(anh);
1540  AgentRoute *new_rt = GetUcRoute(nh->GetVrf(), key_.src_addr);
1541  if (new_rt) {
1542  path = new_rt->GetActivePath();
1543  if (path) {
1544  data_.origin_vn_src = path->origin_vn();
1545  if (!path->origin_vn().empty()) {
1546  data_.origin_vn_src_list.insert(path->origin_vn());
1547  }
1548  }
1549  }
1550  }
1551  }
1552 
1553 }
1554 
1555 // Get dst-vn/sg-id/plen from route
1556 // dst-vn and sg-id are used for policy lookup
1557 // plen is used to track the routes to use by flow_mgmt module
1558 void FlowEntry::GetDestRouteInfo(const AgentRoute *rt) {
1559  Agent *agent = flow_table()->agent();
1560  const AgentPath *path = NULL;
1561  if (rt) {
1562  path = rt->GetActivePath();
1563  }
1564 
1565  const InetUnicastRouteEntry *inet_rt =
1566  dynamic_cast<const InetUnicastRouteEntry *>(rt);
1567  if (inet_rt && is_flags_set(FlowEntry::FabricFlow)) {
1568  data_.dst_policy_plen = 0;
1569  const VrfEntry *policy_vrf =
1570  static_cast<const VrfEntry *>(agent->
1571  vrf_table()->FindVrfFromId(data_.dst_policy_vrf));
1572 
1573  AgentRoute *new_rt =
1574  GetUcRoute(policy_vrf, inet_rt->prefix_address());
1575  if (new_rt) {
1576  rt = new_rt;
1577  inet_rt = dynamic_cast<const InetUnicastRouteEntry *>(rt);
1578  data_.dst_policy_plen = inet_rt->prefix_length();
1579  data_.dst_policy_vrf = inet_rt->vrf()->vrf_id();
1580  }
1581  }
1582 
1583  if (rt) {
1584  path = rt->GetActivePath();
1585  }
1586 
1587  if (path == NULL) {
1588  data_.dest_vn_list = FlowHandler::UnknownVnList();
1589  data_.dest_vn_match = FlowHandler::UnknownVn();
1590  data_.dest_sg_id_l = default_sg_list();
1591  data_.dest_plen = 0;
1592  data_.origin_vn_dst_list = FlowHandler::UnknownVnList();
1593  data_.origin_vn_dst = FlowHandler::UnknownVn();
1594  } else {
1595  data_.dest_vn_list = path->dest_vn_list();
1596  if (path->dest_vn_list().size())
1597  data_.dest_vn_match = *path->dest_vn_list().begin();
1598  data_.origin_vn_dst = path->origin_vn();
1599  if (!path->origin_vn().empty()) {
1600  data_.origin_vn_dst_list.insert(path->origin_vn());
1601  }
1602  data_.dest_sg_id_l = path->sg_list();
1603  data_.dest_plen = rt->prefix_length();
1604  data_.dest_tag_id_l = path->tag_list();
1605  }
1606 
1607  /* Handle case when default route NextHop points to vrf */
1608  if (rt) {
1609  const NextHop *anh = rt->GetActiveNextHop();
1610  if (anh && anh->GetType() == NextHop::VRF) {
1611  const VrfNH *nh =
1612  static_cast<const VrfNH *>(anh);
1613  AgentRoute *new_rt = GetUcRoute(nh->GetVrf(), key_.dst_addr);
1614  if (new_rt) {
1615  path = new_rt->GetActivePath();
1616  if (path) {
1617  data_.origin_vn_dst = path->origin_vn();
1618  if (!path->origin_vn().empty()) {
1619  data_.origin_vn_dst_list.insert(path->origin_vn());
1620  }
1621  }
1622  }
1623  }
1624  }
1625 }
1626 
1627 VmInterfaceKey FlowEntry::InterfaceIdToKey(Agent *agent, uint32_t id) {
1628  if (id != Interface::kInvalidIndex) {
1629  Interface *itf = agent->interface_table()->FindInterface(id);
1630  if (itf && (itf->type() == Interface::VM_INTERFACE)) {
1631  return VmInterfaceKey(AgentKey::ADD_DEL_CHANGE, itf->GetUuid(),
1632  itf->name());
1633  }
1634  }
1635  return VmInterfaceKey(AgentKey::ADD_DEL_CHANGE, nil_uuid(), "");
1636 }
1637 
1638 uint32_t FlowEntry::InterfaceKeyToId(Agent *agent, const VmInterfaceKey &key) {
1639  const Interface *intf = dynamic_cast<const Interface*>
1640  (agent->interface_table()->FindActiveEntry(&key));
1641  if (intf) {
1642  return intf->id();
1643  }
1644  return Interface::kInvalidIndex;
1645 }
1646 
1647 const std::string FlowEntry::InterfaceIdToVmCfgName(Agent *agent, uint32_t id) {
1648  if (id != Interface::kInvalidIndex) {
1649  const VmInterface *itf = dynamic_cast <const VmInterface *>
1650  (agent->interface_table()->FindInterface(id));
1651  if (itf) {
1652  const VmEntry *vm = itf->vm();
1653  if (vm) {
1654  return vm->GetCfgName();
1655  }
1656  }
1657  }
1658  return "";
1659 }
1661 // Routines to compute ACL to be applied (including network-policy, SG and
1662 // VRF-Assign Rules
1664 void FlowEntry::ResetPolicy() {
1665  /* Reset acl list*/
1666  data_.match_p.m_acl_l.clear();
1667  data_.match_p.m_out_acl_l.clear();
1668  data_.match_p.m_mirror_acl_l.clear();
1669  data_.match_p.m_out_mirror_acl_l.clear();
1670  /* Reset sg acl list*/
1671  data_.match_p.sg_policy.ResetPolicy();
1672  data_.match_p.aps_policy.ResetPolicy();
1673  data_.match_p.fwaas_policy.ResetPolicy();
1674  data_.match_p.m_vrf_assign_acl_l.clear();
1675 }
1676 
1677 // Rebuild all the policy rules to be applied
1678 void FlowEntry::GetPolicyInfo(const VnEntry *vn, const FlowEntry *rflow) {
1679  if (vn == NULL) {
1680  return;
1681  }
1682 
1683  // Reset old values first
1684  ResetPolicy();
1685 
1686  // Short flows means there is some information missing for the flow. Skip
1687  // getting policy information for short flow. When the information is
1688  // complete, GetPolicyInfo is called again
1689  if (is_flags_set(FlowEntry::ShortFlow)) {
1690  return;
1691  }
1692 
1693  // ACL supported on VMPORT interfaces only
1694  if (data_.intf_entry == NULL)
1695  return;
1696 
1697  bool vgw_pass = true;
1698  if (data_.intf_entry->type() == Interface::INET) {
1699  vgw_pass = false;
1700  InetInterface* inet_intf = (InetInterface*)(data_.intf_entry).get();
1701  if ((inet_intf != NULL) && (inet_intf->sub_type() == InetInterface::SIMPLE_GATEWAY))
1702  vgw_pass = true;
1703  }
1704  if ((data_.intf_entry->type() != Interface::VM_INTERFACE) && !vgw_pass)
1705  return;
1706 
1707  // Get Network policy/mirror cfg policy/mirror policies
1708  GetPolicy(vn, rflow);
1709 
1710  // Get Sg list
1711  GetSgList(data_.intf_entry.get());
1712 
1713  //Get VRF translate ACL
1714  GetVrfAssignAcl();
1715 
1716  //Get Application policy set ACL
1717  GetApplicationPolicySet(data_.intf_entry.get(), rflow);
1718 
1719 }
1720 
1721 void FlowEntry::GetPolicyInfo() {
1722  GetPolicyInfo(data_.vn_entry.get(), reverse_flow_entry());
1723 }
1724 
1725 void FlowEntry::GetPolicyInfo(const VnEntry *vn) {
1726  GetPolicyInfo(vn, reverse_flow_entry());
1727 }
1728 
1729 void FlowEntry::GetPolicyInfo(const FlowEntry *rflow) {
1730  GetPolicyInfo(data_.vn_entry.get(), rflow);
1731 }
1732 
1733 void FlowEntry::GetPolicy(const VnEntry *vn, const FlowEntry *rflow) {
1734  if (vn == NULL)
1735  return;
1736 
1737  MatchAclParams acl;
1738 
1739  // Get Mirror configuration first
1740  if (vn->GetMirrorAcl()) {
1741  acl.acl = vn->GetMirrorAcl();
1742  data_.match_p.m_mirror_acl_l.push_back(acl);
1743  }
1744 
1745  if (vn->GetMirrorCfgAcl()) {
1746  acl.acl = vn->GetMirrorCfgAcl();
1747  data_.match_p.m_mirror_acl_l.push_back(acl);
1748  }
1749 
1750  // Dont apply network-policy for linklocal, bgp router service
1751  // and subnet broadcast flow
1752  if (is_flags_set(FlowEntry::LinkLocalFlow) ||
1753  is_flags_set(FlowEntry::Multicast) ||
1754  is_flags_set(FlowEntry::BgpRouterService) ||
1755  is_flags_set(FlowEntry::FabricControlFlow)) {
1756  return;
1757  }
1758 
1759  if (vn->GetAcl()) {
1760  acl.acl = vn->GetAcl();
1761  data_.match_p.m_acl_l.push_back(acl);
1762  }
1763 
1764  const VnEntry *rvn = NULL;
1765  // For local flows, we have to apply NW Policy from out-vn also
1766  if (!is_flags_set(FlowEntry::LocalFlow) || rflow == NULL) {
1767  // Not local flow
1768  return;
1769  }
1770 
1771  rvn = rflow->vn_entry();
1772  if (rvn == NULL) {
1773  return;
1774  }
1775 
1776  if (rvn->GetAcl()) {
1777  acl.acl = rvn->GetAcl();
1778  data_.match_p.m_out_acl_l.push_back(acl);
1779  }
1780 
1781  if (rvn->GetMirrorAcl()) {
1782  acl.acl = rvn->GetMirrorAcl();
1783  data_.match_p.m_out_mirror_acl_l.push_back(acl);
1784  }
1785 
1786  if (rvn->GetMirrorCfgAcl()) {
1787  acl.acl = rvn->GetMirrorCfgAcl();
1788  data_.match_p.m_out_mirror_acl_l.push_back(acl);
1789  }
1790 }
1791 
1792 void FlowEntry::GetVrfAssignAcl() {
1793  // VRF-Assign rules valid only for routed packets
1794  if (l3_flow() == false)
1795  return;
1796 
1797  if (data_.intf_entry == NULL) {
1798  return;
1799  }
1800 
1801  if (data_.intf_entry->type() != Interface::VM_INTERFACE) {
1802  return;
1803  }
1804 
1805  if (is_flags_set(FlowEntry::LinkLocalFlow) ||
1806  is_flags_set(FlowEntry::Multicast) ||
1807  is_flags_set(FlowEntry::BgpRouterService) ||
1808  is_flags_set(FlowEntry::FabricControlFlow)) {
1809  return;
1810  }
1811 
1812  const VmInterface *intf =
1813  static_cast<const VmInterface *>(data_.intf_entry.get());
1814  //If interface has a VRF assign rule, choose the acl and match the
1815  //packet, else get the acl attached to VN and try matching the packet to
1816  //network acl
1817  const AclDBEntry* acl = NULL;
1818  if (is_flags_set(FlowEntry::NatFlow) == false) {
1819  acl = intf->vrf_assign_acl();
1820  }
1821 
1822  if (acl == NULL) {
1823  acl = data_.vn_entry.get()->GetAcl();
1824  }
1825  if (!acl) {
1826  return;
1827  }
1828 
1829  MatchAclParams m_acl;
1830  m_acl.acl = acl;
1831  data_.match_p.m_vrf_assign_acl_l.push_back(m_acl);
1832 }
1833 
1834 void FlowEntry::GetSgList(const Interface *intf) {
1835  // Dont apply network-policy for linklocal and multicast flows
1836  if (is_flags_set(FlowEntry::LinkLocalFlow) ||
1837  is_flags_set(FlowEntry::Multicast) ||
1838  is_flags_set(FlowEntry::BgpRouterService) ||
1839  is_flags_set(FlowEntry::FabricControlFlow)) {
1840  return;
1841  }
1842 
1843  // SG ACL's are reflexive. Skip SG for reverse flow
1844  if (is_flags_set(FlowEntry::ReverseFlow)) {
1845  return;
1846  }
1847 
1848  // Get virtual-machine port for forward flow
1849  const VmInterface *vm_port = NULL;
1850  bool vgw_pass = false;
1851  if (intf != NULL) {
1852  if (intf->type() == Interface::INET) {
1853  const InetInterface* inet_intf = static_cast<const InetInterface *>(intf);
1854  if ((inet_intf != NULL) && (inet_intf->sub_type() == InetInterface::SIMPLE_GATEWAY)) {
1855  vgw_pass = true;
1856  }
1857  }
1858  if (intf->type() == Interface::VM_INTERFACE) {
1859  vm_port = static_cast<const VmInterface *>(intf);
1860  vgw_pass = true;
1861  }
1862  }
1863 
1864  if (!vgw_pass) {
1865  return;
1866  }
1867 
1868  // Get virtual-machine port for reverse flow
1869  FlowEntry *rflow = reverse_flow_entry();
1870  const VmInterface *reverse_vm_port = NULL;
1871  if (rflow != NULL) {
1872  if (rflow->data().intf_entry.get() != NULL) {
1873  if (rflow->data().intf_entry->type() == Interface::VM_INTERFACE) {
1874  reverse_vm_port = static_cast<const VmInterface *>
1875  (rflow->data().intf_entry.get());
1876  }
1877  }
1878  }
1879 
1880  // Get SG-Rules
1881  if (is_flags_set(FlowEntry::LocalFlow)) {
1882  GetLocalFlowSgList(vm_port, reverse_vm_port);
1883  } else {
1884  GetNonLocalFlowSgList(vm_port);
1885  }
1886 }
1887 
1888 void FlowEntry::GetApplicationPolicySet(const Interface *intf,
1889  const FlowEntry *rflow) {
1890  if (is_flags_set(FlowEntry::LinkLocalFlow) ||
1891  is_flags_set(FlowEntry::Multicast) ||
1892  is_flags_set(FlowEntry::BgpRouterService) ||
1893  is_flags_set(FlowEntry::FabricControlFlow)) {
1894  return;
1895  }
1896 
1897  if (is_flags_set(FlowEntry::ReverseFlow)) {
1898  return;
1899  }
1900 
1901  MatchAclParams acl;
1902  const VmInterface *vm_port = NULL;
1903  if (intf != NULL) {
1904  if (intf->type() == Interface::VM_INTERFACE) {
1905  vm_port = static_cast<const VmInterface *>(intf);
1906  }
1907  }
1908 
1909  if (vm_port != NULL) {
1910  MatchAclParams acl;
1911  FirewallPolicyList::const_iterator it =
1912  vm_port->fw_policy_list().begin();
1913  for(; it != vm_port->fw_policy_list().end(); it++) {
1914  acl.acl = *it;
1915  data_.match_p.aps_policy.m_acl_l.push_back(acl);
1916  data_.match_p.aps_policy.rule_present = true;
1917  data_.match_p.aps_policy.m_reverse_out_acl_l.push_back(acl);
1918  data_.match_p.aps_policy.reverse_out_rule_present= true;
1919  }
1920 
1921  // Get the ACL for FWAAS
1922  it = vm_port->fwaas_fw_policy_list().begin();
1923  for(; it != vm_port->fwaas_fw_policy_list().end(); it++) {
1924  acl.acl = *it;
1925  data_.match_p.fwaas_policy.m_acl_l.push_back(acl);
1926  data_.match_p.fwaas_policy.rule_present = true;
1927  data_.match_p.fwaas_policy.m_reverse_out_acl_l.push_back(acl);
1928  data_.match_p.fwaas_policy.reverse_out_rule_present= true;
1929  }
1930  }
1931 
1932  // For local flows, we have to apply NW Policy from out-vn also
1933  if (!is_flags_set(FlowEntry::LocalFlow) || rflow == NULL) {
1934  // Not local flow
1935  return;
1936  }
1937 
1938  const Interface *r_intf = rflow->data_.intf_entry.get();
1939  if (r_intf == NULL) {
1940  return;
1941  }
1942 
1943  vm_port = dynamic_cast<const VmInterface *>(r_intf);
1944  if (vm_port != NULL) {
1945  MatchAclParams acl;
1946  FirewallPolicyList::const_iterator it =
1947  vm_port->fw_policy_list().begin();
1948  for(; it != vm_port->fw_policy_list().end(); it++) {
1949  acl.acl = *it;
1950  data_.match_p.aps_policy.m_out_acl_l.push_back(acl);
1951  data_.match_p.aps_policy.out_rule_present = true;
1952  data_.match_p.aps_policy.m_reverse_acl_l.push_back(acl);
1953  data_.match_p.aps_policy.reverse_rule_present = true;
1954  }
1955 
1956  // Get the ACL for FWAAS
1957  it = vm_port->fwaas_fw_policy_list().begin();
1958  for(; it != vm_port->fwaas_fw_policy_list().end(); it++) {
1959  acl.acl = *it;
1960  data_.match_p.fwaas_policy.m_out_acl_l.push_back(acl);
1961  data_.match_p.fwaas_policy.out_rule_present = true;
1962  data_.match_p.fwaas_policy.m_reverse_acl_l.push_back(acl);
1963  data_.match_p.fwaas_policy.reverse_rule_present = true;
1964  }
1965  }
1966 }
1967 
1968 // Ingress-ACL/Egress-ACL in interface with VM as reference point.
1969 // Ingress : Packet to VM
1970 // Egress : Packet from VM
1971 // The direction stored in flow is defined with vrouter as reference point
1972 // Ingress : Packet to Vrouter from VM
1973 // Egress : Packet from Vrouter to VM
1974 //
1975 // Function takes care of copying right rules
1976 static bool CopySgEntries(const VmInterface *vm_port, bool ingress_acl,
1977  std::list<MatchAclParams> &list) {
1978  /* If policy is NOT enabled on VMI, do not copy SG rules */
1979  if (!vm_port->policy_enabled()) {
1980  return false;
1981  }
1982  bool ret = false;
1983  for (VmInterface::SecurityGroupEntrySet::const_iterator it =
1984  vm_port->sg_list().list_.begin();
1985  it != vm_port->sg_list().list_.end(); ++it) {
1986  if (it->sg_ == NULL)
1987  continue;
1988 
1989  if (it->sg_->IsAclSet()) {
1990  ret = true;
1991  }
1992  MatchAclParams acl;
1993  // As per definition above,
1994  // get EgressACL if flow direction is Ingress
1995  // get IngressACL if flow direction is Egress
1996  if (ingress_acl) {
1997  acl.acl = it->sg_->GetEgressAcl();
1998  } else {
1999  acl.acl = it->sg_->GetIngressAcl();
2000  }
2001  if (acl.acl)
2002  list.push_back(acl);
2003  }
2004 
2005  return ret;
2006 }
2007 
2008 void FlowEntry::GetLocalFlowSgList(const VmInterface *vm_port,
2009  const VmInterface *reverse_vm_port) {
2010  // Get SG-Rule for the forward flow
2011  if (vm_port) {
2012  data_.match_p.sg_policy.rule_present =
2013  CopySgEntries(vm_port, true, data_.match_p.sg_policy.m_acl_l);
2014  }
2015  // For local flow, we need to simulate SG lookup at both ends.
2016  // Assume packet is from VM-A to VM-B.
2017  // If we apply Ingress-ACL from VM-A, then apply Egress-ACL from VM-B
2018  // If we apply Egress-ACL from VM-A, then apply Ingress-ACL from VM-B
2019  if (reverse_vm_port) {
2020  data_.match_p.sg_policy.out_rule_present =
2021  CopySgEntries(reverse_vm_port, false, data_.match_p.sg_policy.m_out_acl_l);
2022  }
2023  if (!is_flags_set(FlowEntry::TcpAckFlow)) {
2024  return;
2025  }
2026  // TCP ACK workaround:
2027  // Ideally TCP State machine should be run to age TCP flows
2028  // Temporary workaound in place of state machine. For TCP ACK packets allow
2029  // the flow if either forward or reverse flow is allowed
2030 
2031  // Copy the SG rules to be applied for reverse flow
2032  if (vm_port) {
2033  data_.match_p.sg_policy.reverse_out_rule_present =
2034  CopySgEntries(vm_port, false,
2035  data_.match_p.sg_policy.m_reverse_out_acl_l);
2036  }
2037 
2038  if (reverse_vm_port) {
2039  data_.match_p.sg_policy.reverse_rule_present =
2040  CopySgEntries(reverse_vm_port, true,
2041  data_.match_p.sg_policy.m_reverse_acl_l);
2042  }
2043 }
2044 
2045 void FlowEntry::GetNonLocalFlowSgList(const VmInterface *vm_port) {
2046  // Get SG-Rule for the forward flow
2047  bool ingress = is_flags_set(FlowEntry::IngressDir);
2048  if (vm_port) {
2049  data_.match_p.sg_policy.rule_present =
2050  CopySgEntries(vm_port, ingress,
2051  data_.match_p.sg_policy.m_acl_l);
2052  }
2053 
2054  data_.match_p.sg_policy.out_rule_present = false;
2055 
2056  if (!is_flags_set(FlowEntry::TcpAckFlow)) {
2057  return;
2058  }
2059 
2060  // TCP ACK workaround:
2061  // Ideally TCP State machine should be run to age TCP flows
2062  // Temporary workaound in place of state machine. For TCP ACK packets allow
2063  // the flow if either forward or reverse flow is allowed
2064 
2065  // Copy the SG rules to be applied for reverse flow
2066  if (vm_port) {
2067  data_.match_p.sg_policy.reverse_out_rule_present =
2068  CopySgEntries(vm_port, !ingress,
2069  data_.match_p.sg_policy.m_reverse_out_acl_l);
2070  }
2071  data_.match_p.sg_policy.reverse_rule_present = false;
2072 }
2073 
2074 // For an L2-Flow, refresh the vn-list and sg-list from the route used for
2075 // flow
2076 void FlowEntry::UpdateL2RouteInfo() {
2077  // Skip L3-Flows
2078  if (l3_flow())
2079  return;
2080 
2081  Agent *agent = flow_table()->agent();
2082  // Get VRF for the flow. L2 flow have same in and out-vrf. So, use same
2083  // vrf for both smac and dmac lookup
2084  uint32_t vrf_id = data().flow_source_vrf;
2085  const VrfEntry *vrf = agent->vrf_table()->FindVrfFromId(vrf_id);
2086  if (vrf == NULL || vrf->IsDeleted()) {
2087  return;
2088  }
2089  BridgeAgentRouteTable *table =
2090  static_cast<BridgeAgentRouteTable *>(vrf->GetBridgeRouteTable());
2091 
2092  // Get route-info for smac
2093  GetSourceRouteInfo(table->FindRoute(data().smac));
2094  // Get route-info for dmac
2095  GetDestRouteInfo(table->FindRoute(data().dmac));
2096 }
2097 
2099 // Flow policy processing routines
2101 
2102 // Set HBS information
2103 // |-------------------------------------------------------------------------|
2104 // | Source | Destination: VMI | Destination: Fabric|
2105 // |--------------------------------------------------------------------------
2106 // | VMI | L (src vif index < dst vif index) | L |
2107 // | | else R | |
2108 // |--------------------------------------------------------------------------
2109 // | Fabric | R | - |
2110 // |-------------------------------------------------------------------------|
2111 //
2112 void FlowEntry::SetHbsInfofromAction() {
2113 
2114  if (!(data_.match_p.aps_policy.action_summary & (1 << TrafficAction::HBS))) {
2115  reset_flags(HbfFlow);
2116  SetHbsInterface(HBS_INTERFACE_INVALID);
2117  return;
2118  }
2119 
2120  const VmInterface *src_intf =
2121  dynamic_cast<const VmInterface *>(intf_entry());
2122  FlowEntry *rev_flow = reverse_flow_entry();
2123  const VmInterface *dst_intf =
2124  dynamic_cast<const VmInterface *>(rev_flow->intf_entry());
2125 
2126  if ( src_intf == NULL || dst_intf == NULL ) {
2127  reset_flags(HbfFlow);
2128  SetHbsInterface(HBS_INTERFACE_INVALID);
2129  return;
2130  }
2131 
2132  //Enable HBF flow flag
2133  set_flags(HbfFlow);
2134  if (is_flags_set(LocalFlow)) {
2135  /* Handle Service Chain Traffic for local flow VM <--> SI*/
2136  /* Case 1: Reset the HBS Action if flow source is service interface */
2137  if (!src_intf->service_intf_type().empty()) {
2138  reset_flags(HbfFlow);
2139  SetHbsInterface(HBS_INTERFACE_INVALID);
2140  return;
2141  }
2142  /* Case 2: Set appropriate interface left/right based on service interface type */
2143  if (!dst_intf->service_intf_type().empty()) {
2144  if (dst_intf->service_intf_type() == "left") {
2145  SetHbsInterface(HBS_INTERFACE_LEFT);
2146  } else if (dst_intf->service_intf_type() == "right") {
2147  SetHbsInterface(HBS_INTERFACE_RIGHT);
2148  }
2149  return;
2150  }
2151  // VM <--> VM on same compute
2152  (src_intf->id() < dst_intf->id()) ?
2153  SetHbsInterface(HBS_INTERFACE_LEFT):
2154  SetHbsInterface(HBS_INTERFACE_RIGHT);
2155  } else {
2156  /* Handle Service chain traffic entering the compute */
2157  if ((!src_intf->service_intf_type().empty() ||
2158  !dst_intf->service_intf_type().empty())) {
2159  if (is_flags_set(IngressDir) == 0) {
2160  if (dst_intf->service_intf_type() == "left") {
2161  SetHbsInterface(HBS_INTERFACE_LEFT);
2162  } else if (dst_intf->service_intf_type() == "right") {
2163  SetHbsInterface(HBS_INTERFACE_RIGHT);
2164  }
2165  } else {
2166  reset_flags(HbfFlow);
2167  SetHbsInterface(HBS_INTERFACE_INVALID);
2168  }
2169  } else {
2170  // VM <--> VM on different compute
2171  (is_flags_set(IngressDir)) ?
2172  SetHbsInterface(HBS_INTERFACE_LEFT):
2173  SetHbsInterface(HBS_INTERFACE_RIGHT);
2174  }
2175  }
2176 }
2177 
2178 void FlowEntry::SetVrfAssignEntry() {
2179  if (!(data_.match_p.vrf_assign_acl_action &
2180  (1 << TrafficAction::VRF_TRANSLATE))) {
2181  //If VRF assign was evaluated and the vrf translate
2182  //action is not present in latest evaluation mark the
2183  //flow as short flow
2184  if (data_.vrf_assign_evaluated &&
2185  data_.match_p.action_info.vrf_translate_action_.vrf_name()
2186  != Agent::NullString()) {
2187  MakeShortFlow(SHORT_VRF_CHANGE);
2188  }
2189  data_.vrf_assign_evaluated = true;
2190  data_.acl_assigned_vrf_index_ = VrfEntry::kInvalidIndex;
2191  return;
2192  }
2193 
2194  std::string vrf_assigned_name =
2195  data_.match_p.action_info.vrf_translate_action_.vrf_name();
2196  std::list<MatchAclParams>::const_iterator acl_it;
2197  for (acl_it = match_p().m_vrf_assign_acl_l.begin();
2198  acl_it != match_p().m_vrf_assign_acl_l.end();
2199  ++acl_it) {
2200  std::string vrf = acl_it->action_info.vrf_translate_action_.vrf_name();
2201  data_.match_p.action_info.vrf_translate_action_.set_vrf_name(vrf);
2202  //Check if VRF assign acl says, network ACL and SG action
2203  //to be ignored
2204  bool ignore_acl =
2205  acl_it->action_info.vrf_translate_action_.ignore_acl();
2206  data_.match_p.action_info.vrf_translate_action_.set_ignore_acl
2207  (ignore_acl);
2208  }
2209  if (data_.vrf_assign_evaluated && vrf_assigned_name !=
2210  data_.match_p.action_info.vrf_translate_action_.vrf_name()) {
2211  MakeShortFlow(SHORT_VRF_CHANGE);
2212  }
2213 
2214  set_acl_assigned_vrf_index();
2215  if (acl_assigned_vrf_index() == VrfEntry::kInvalidIndex) {
2216  MakeShortFlow(SHORT_VRF_CHANGE);
2217  }
2218  data_.vrf_assign_evaluated = true;
2219 }
2220 
2221 uint32_t FlowEntry::MatchAcl(const PacketHeader &hdr,
2222  std::list<MatchAclParams> &acl,
2223  bool add_implicit_deny, bool add_implicit_allow,
2224  FlowPolicyInfo *info) {
2225  PktHandler *pkt_handler = Agent::GetInstance()->pkt()->pkt_handler();
2226 
2227  // If there are no ACL to match, make it pass
2228  if (acl.size() == 0 && add_implicit_allow) {
2229  if (info) {
2230  /* We are setting UUIDs for linklocal and multicast flows here,
2231  * because even if we move this to the place where acl association
2232  * is being skipped, we still need checks for linklocal and
2233  * multicast flows here to avoid its value being overwritten with
2234  * IMPLICIT_ALLOW
2235  */
2236  if (is_flags_set(FlowEntry::LinkLocalFlow)) {
2237  info->uuid = FlowPolicyStateStr.at(LINKLOCAL_FLOW);
2238  } else if (is_flags_set(FlowEntry::Multicast)) {
2239  info->uuid = FlowPolicyStateStr.at(MULTICAST_FLOW);
2240  } else if (is_flags_set(FlowEntry::BgpRouterService)) {
2241  info->uuid = FlowPolicyStateStr.at(BGPROUTERSERVICE_FLOW);
2242  } else {
2243  /* We need to make sure that info is not already populated
2244  * before setting it to IMPLICIT_ALLOW. This is required
2245  * because info could earlier be set by previous call to
2246  * MatchAcl. We should note here that same 'info' var is passed
2247  * for MatchAcl calls with in_acl and out_acl
2248  */
2249  if (!info->terminal && !info->other) {
2250  info->uuid = FlowPolicyStateStr.at(IMPLICIT_ALLOW);
2251  }
2252  }
2253  }
2254  return (1 << TrafficAction::PASS);
2255  }
2256 
2257  // PASS default GW traffic, if it is ICMP or DNS
2258  if ((hdr.protocol == IPPROTO_ICMP ||
2259  (hdr.protocol == IPPROTO_UDP &&
2260  (hdr.src_port == DNS_SERVER_PORT ||
2261  hdr.dst_port == DNS_SERVER_PORT))) &&
2262  (pkt_handler->IsGwPacket(data_.intf_entry.get(), hdr.dst_ip) ||
2263  pkt_handler->IsGwPacket(data_.intf_entry.get(), hdr.src_ip))) {
2264  if (info) {
2265  info->uuid = FlowPolicyStateStr.at(DEFAULT_GW_ICMP_OR_DNS);
2266  }
2267  return (1 << TrafficAction::PASS);
2268  }
2269 
2270  uint32_t action = 0;
2271  for (std::list<MatchAclParams>::iterator it = acl.begin();
2272  it != acl.end(); ++it) {
2273  if (it->acl.get() == NULL) {
2274  continue;
2275  }
2276 
2277  if (it->acl->PacketMatch(hdr, *it, info)) {
2278  action |= it->action_info.action;
2279  if (it->action_info.action & (1 << TrafficAction::MIRROR)) {
2280  data_.match_p.action_info.mirror_l.insert
2281  (data_.match_p.action_info.mirror_l.end(),
2282  it->action_info.mirror_l.begin(),
2283  it->action_info.mirror_l.end());
2284  }
2285 
2286  if (it->terminal_rule) {
2287  break;
2288  }
2289  }
2290  }
2291 
2292  // If no acl matched, make it imlicit deny
2293  if (action == 0 && add_implicit_deny) {
2294  action = (1 << TrafficAction::DENY) |
2295  (1 << TrafficAction::IMPLICIT_DENY);
2296  if (info) {
2297  info->uuid = FlowPolicyStateStr.at(IMPLICIT_DENY);
2298  info->drop = true;
2299  }
2300  }
2301 
2302  return action;
2303 }
2304 
2305 void FlowEntry::SetPacketHeader(PacketHeader *hdr) {
2306  hdr->vrf = data_.vrf;
2307  hdr->src_ip = key_.src_addr;
2308  hdr->dst_ip = key_.dst_addr;
2309  hdr->protocol = key_.protocol;
2310  if (hdr->protocol == IPPROTO_UDP || hdr->protocol == IPPROTO_TCP) {
2311  hdr->src_port = key_.src_port;
2312  hdr->dst_port = key_.dst_port;
2313  } else {
2314  hdr->src_port = 0;
2315  hdr->dst_port = 0;
2316  }
2317  hdr->src_policy_id = &(data_.source_vn_list);
2318  hdr->dst_policy_id = &(data_.dest_vn_list);
2319  hdr->src_sg_id_l = &(data_.source_sg_id_l);
2320  hdr->dst_sg_id_l = &(data_.dest_sg_id_l);
2321  hdr->src_tags_ = data_.source_tag_id_l;
2322  hdr->dst_tags_ = data_.dest_tag_id_l;
2323  hdr->family = key_.family;
2324 }
2325 
2326 // In case of NAT flows, the key fields can change.
2327 void FlowEntry::SetOutPacketHeader(PacketHeader *hdr) {
2328  FlowEntry *rflow = reverse_flow_entry();
2329  if (rflow == NULL)
2330  return;
2331 
2332  hdr->vrf = rflow->data().vrf;
2333  hdr->src_ip = rflow->key().dst_addr;
2334  hdr->dst_ip = rflow->key().src_addr;
2335  hdr->protocol = rflow->key().protocol;
2336  if (hdr->protocol == IPPROTO_UDP || hdr->protocol == IPPROTO_TCP) {
2337  hdr->src_port = rflow->key().dst_port;
2338  hdr->dst_port = rflow->key().src_port;
2339  } else {
2340  hdr->src_port = 0;
2341  hdr->dst_port = 0;
2342  }
2343  hdr->src_policy_id = &(rflow->data().dest_vn_list);
2344  hdr->dst_policy_id = &(rflow->data().source_vn_list);
2345  hdr->src_sg_id_l = &(rflow->data().dest_sg_id_l);
2346  hdr->dst_sg_id_l = &(rflow->data().source_sg_id_l);
2347  hdr->src_tags_ = rflow->data_.dest_tag_id_l;
2348  hdr->dst_tags_ = rflow->data_.source_tag_id_l;
2349  hdr->family = key_.family;
2350 }
2351 
2352 void FlowEntry::SetAclInfo(SessionPolicy *sp, SessionPolicy *rsp,
2353  const FlowPolicyInfo &fwd_flow_info,
2354  const FlowPolicyInfo &rev_flow_info,
2355  bool tcp_rev, bool is_sg) {
2356 
2357  FlowEntry *rflow = reverse_flow_entry();
2358  if (rflow == NULL) {
2359  return;
2360  }
2361 
2362  sp->rule_uuid_ = fwd_flow_info.uuid;
2363  sp->acl_name_ = fwd_flow_info.acl_name;
2364 
2365  rsp->rule_uuid_ = rev_flow_info.uuid;
2366  rsp->acl_name_ = rev_flow_info.acl_name;
2367 
2368  //If Forward flow SG rule says drop, copy corresponding
2369  //ACE id to both forward and reverse flow
2370  if (fwd_flow_info.drop) {
2371  rsp->rule_uuid_ = fwd_flow_info.uuid;
2372  rsp->acl_name_ = fwd_flow_info.acl_name;
2373  return;
2374  }
2375 
2376  //If reverse flow SG rule says drop, copy corresponding
2377  //ACE id to both forward and reverse flow
2378  if (rev_flow_info.drop) {
2379  sp->rule_uuid_ = rev_flow_info.uuid;
2380  sp->acl_name_ = rev_flow_info.acl_name;
2381  return;
2382  }
2383 
2384  if (tcp_rev == false) {
2385  if (is_sg) {
2386  if (data_.match_p.sg_policy.rule_present == false) {
2387  sp->rule_uuid_ = rev_flow_info.uuid;
2388  sp->acl_name_ = rev_flow_info.acl_name;
2389  }
2390 
2391  if (data_.match_p.sg_policy.out_rule_present == false) {
2392  rsp->rule_uuid_ = fwd_flow_info.uuid;
2393  rsp->acl_name_ = fwd_flow_info.acl_name;
2394  }
2395  } else {
2396  if (data_.match_p.aps_policy.rule_present == false) {
2397  sp->rule_uuid_ = rev_flow_info.uuid;
2398  sp->acl_name_ = rev_flow_info.acl_name;
2399  }
2400 
2401  if (data_.match_p.aps_policy.out_rule_present == false) {
2402  rsp->rule_uuid_ = fwd_flow_info.uuid;
2403  rsp->acl_name_ = fwd_flow_info.acl_name;
2404  }
2405  }
2406  }
2407 
2408  if (tcp_rev == true) {
2409  if (sp->reverse_rule_present == false) {
2410  rsp->rule_uuid_ = fwd_flow_info.uuid;
2411  rsp->acl_name_ = fwd_flow_info.acl_name;
2412  }
2413 
2414  if (sp->reverse_out_rule_present == false) {
2415  sp->rule_uuid_ = rev_flow_info.uuid;
2416  sp->acl_name_ = rev_flow_info.acl_name;
2417  }
2418  }
2419 }
2420 
2421 void FlowEntry::SessionMatch(SessionPolicy *sp, SessionPolicy *rsp,
2422  bool is_sg) {
2423 
2424  FlowEntry *rflow = reverse_flow_entry();
2425  const string value = FlowPolicyStateStr.at(NOT_EVALUATED);
2426  FlowPolicyInfo acl_info(value);
2427  FlowPolicyInfo out_acl_info(value);
2428  FlowPolicyInfo rev_acl_info(value);
2429  FlowPolicyInfo rev_out_acl_info(value);
2430 
2431  sp->rule_uuid_ = FlowEntry::FlowPolicyStateStr.at(FlowEntry::NOT_EVALUATED);
2432  sp->acl_name_ = "";
2433 
2434  if (rsp) {
2435  rsp->rule_uuid_ =
2436  FlowEntry::FlowPolicyStateStr.at(FlowEntry::NOT_EVALUATED);
2437  rsp->acl_name_ = "";
2438  }
2439 
2440  PacketHeader hdr;
2441  SetPacketHeader(&hdr);
2442 
2443  //Apply ACL configured on ingress interface
2444  sp->action = MatchAcl(hdr, sp->m_acl_l, true, !sp->rule_present, &acl_info);
2445 
2446  //Apply ACL configured on egress interface
2447  PacketHeader out_hdr;
2448  if (ShouldDrop(sp->action) == false && rflow) {
2449  // Key fields for lookup in out-acl can potentially change in case
2450  // of NAT. Form ACL lookup based on post-NAT fields
2451  SetOutPacketHeader(&out_hdr);
2452  sp->out_action = MatchAcl(out_hdr, sp->m_out_acl_l, true,
2453  !sp->out_rule_present, &out_acl_info);
2454  }
2455 
2456  // For TCP-ACK packet, we allow packet if either forward or reverse
2457  // flow says allow. So, continue matching reverse flow even if forward
2458  // flow says drop
2459  if (is_flags_set(FlowEntry::TcpAckFlow) && rflow) {
2460  rflow->SetPacketHeader(&hdr);
2461  sp->reverse_action = MatchAcl(hdr, sp->m_reverse_acl_l, true,
2462  !sp->reverse_rule_present, &rev_acl_info);
2463 
2464  if (ShouldDrop(sp->reverse_action) == false) {
2465  // Key fields for lookup in out-acl can potentially change in
2466  // case of NAT. Form ACL lookup based on post-NAT fields
2467  rflow->SetOutPacketHeader(&out_hdr);
2468  sp->reverse_out_action = MatchAcl(out_hdr, sp->m_reverse_out_acl_l,
2469  true, !sp->reverse_out_rule_present,
2470  &rev_out_acl_info);
2471  }
2472  }
2473 
2474  // Compute summary SG action.
2475  // For Non-TCP-ACK Flows
2476  // DROP if any of policy.action, out_action, policy.reverse_action or
2477  // policy.reverse_out_action says DROP
2478  // Only acl_info which is derived from sp->m_acl_l
2479  // and sp->m_out_acl_l will be populated. Pick the
2480  // UUID specified by acl_info for flow's SG rule UUID
2481  // For TCP-ACK flows
2482  // ALLOW if either ((policy.action && out_action) ||
2483  // (policy.reverse_action & policy.reverse_out_action))
2484  // ALLOW
2485  // For flow's SG rule UUID use the following rules
2486  // --If both acl_info and rev_acl_info has drop set, pick the
2487  // UUID from acl_info.
2488  // --If either of acl_info or rev_acl_info does not have drop
2489  // set, pick the UUID from the one which does not have drop set.
2490  // --If both of them does not have drop set, pick it up from
2491  // acl_info
2492  //
2493  if (!is_flags_set(FlowEntry::TcpAckFlow)) {
2494  sp->action_summary =
2495  sp->action | sp->out_action | sp->reverse_action | sp->reverse_out_action;
2496  SetAclInfo(sp, rsp, acl_info, out_acl_info, false, is_sg);
2497  } else if (ShouldDrop(sp->action | sp->out_action) &&
2498  ShouldDrop(sp->reverse_action | sp->reverse_out_action)) {
2499  //If both ingress ACL and egress ACL of VMI denies the
2500  //packet, then pick ingress ACE uuid to send to UVE
2501  sp->action_summary = (1 << TrafficAction::DENY);
2502  SetAclInfo(sp, rsp, acl_info, out_acl_info, false, is_sg);
2503  } else {
2504  sp->action_summary = (1 << TrafficAction::PASS);
2505  if (sp->action & (1 << TrafficAction::HBS) ||
2506  sp->out_action & (1 << TrafficAction::HBS) ||
2507  sp->reverse_action & (1 << TrafficAction::HBS) ||
2508  sp->reverse_out_action & (1 << TrafficAction::HBS)) {
2509  sp->action_summary|=(1 << TrafficAction::HBS);
2510  }
2511  if (!ShouldDrop(sp->action | sp->out_action)) {
2512  SetAclInfo(sp, rsp, acl_info, out_acl_info, false, is_sg);
2513  } else if (!ShouldDrop(sp->reverse_action | sp->reverse_out_action)) {
2514  SetAclInfo(sp, rsp, rev_out_acl_info, rev_acl_info, true, is_sg);
2515  }
2516  }
2517 }
2518 
2519 // Apply Policy and SG rules for a flow.
2520 //
2521 // Special case of local flows:
2522 // For local-flows, both VM are on same compute and we need to apply SG from
2523 // both the ports. sg_policy.m_acl_l will contain ACL for port in forward flow and
2524 // sg_policy.m_out_acl_l will have ACL from other port
2525 //
2526 // If forward flow goes thru NAT, the key for matching ACL in
2527 // sg_policy.m_out_acl_l can potentially change. The routine SetOutPacketHeader
2528 // takes care of forming header after NAT
2529 //
2530 // Rules applied are based on flow type
2531 // Non-Local Forward Flow
2532 // Network Policy.
2533 // Out-Network Policy will be empty
2534 // SG
2535 // Out-SG will be empty
2536 // Non-Local Reverse Flow
2537 // Network Policy.
2538 // Out-Network Policy will be empty
2539 // SG and out-SG from forward flow
2540 // Local Forward Flow
2541 // Network Policy.
2542 // Out-Network Policy
2543 // SG
2544 // Out-SG
2545 // Local Reverse Flow
2546 // Network Policy.
2547 // Out-Network Policy
2548 // SG and out-SG from forward flow
2549 bool FlowEntry::DoPolicy() {
2550  if (is_flags_set(FlowEntry::ShortFlow)) {
2551  return true;
2552  }
2553  data_.match_p.action_info.Clear();
2554  data_.match_p.policy_action = 0;
2555  data_.match_p.out_policy_action = 0;
2556  data_.match_p.mirror_action = 0;
2557  data_.match_p.out_mirror_action = 0;
2558 
2559  data_.match_p.sg_policy.ResetAction();
2560  data_.match_p.aps_policy.ResetAction();
2561  data_.match_p.fwaas_policy.ResetAction();
2562 
2563  const string value = FlowPolicyStateStr.at(NOT_EVALUATED);
2564  FlowPolicyInfo nw_acl_info(value);
2565 
2566  FlowEntry *rflow = reverse_flow_entry();
2567  PacketHeader hdr;
2568  SetPacketHeader(&hdr);
2569 
2570  //Calculate VRF assign entry, and ignore acl is set
2571  //skip network and SG acl action is set
2572  data_.match_p.vrf_assign_acl_action =
2573  MatchAcl(hdr, data_.match_p.m_vrf_assign_acl_l, false, true, NULL);
2574 
2575  // Mirror is valid even if packet is to be dropped. So, apply it first
2576  data_.match_p.mirror_action = MatchAcl(hdr, data_.match_p.m_mirror_acl_l,
2577  false, true, NULL);
2578 
2579  // Apply out-policy. Valid only for local-flow
2580  data_.match_p.out_mirror_action = MatchAcl(hdr,
2581  data_.match_p.m_out_mirror_acl_l, false, true, NULL);
2582 
2583  // Apply network policy
2584  data_.match_p.policy_action = MatchAcl(hdr, data_.match_p.m_acl_l, true,
2585  true, &nw_acl_info);
2586  if (ShouldDrop(data_.match_p.policy_action)) {
2587  goto done;
2588  }
2589  data_.match_p.out_policy_action = MatchAcl(hdr, data_.match_p.m_out_acl_l,
2590  true, true, &nw_acl_info);
2591  if (ShouldDrop(data_.match_p.out_policy_action)) {
2592  goto done;
2593  }
2594 
2595  if (!is_flags_set(FlowEntry::ReverseFlow)) {
2596  SessionPolicy *r_sg_policy = NULL;
2597  SessionPolicy *r_aps_policy = NULL;
2598  SessionPolicy *r_fwaas_policy = NULL;
2599 
2600  if (rflow) {
2601  r_sg_policy = &(rflow->data_.match_p.sg_policy);
2602  r_aps_policy = &(rflow->data_.match_p.aps_policy);
2603  r_fwaas_policy = &(rflow->data_.match_p.fwaas_policy);
2604  }
2605 
2606  SessionMatch(&data_.match_p.sg_policy, r_sg_policy, true);
2607  if (ShouldDrop(data_.match_p.sg_policy.action_summary)) {
2608  goto done;
2609  }
2610 
2611  SessionMatch(&data_.match_p.fwaas_policy, r_fwaas_policy, false);
2612  if (ShouldDrop(data_.match_p.fwaas_policy.action_summary)) {
2613  goto done;
2614  }
2615 
2616  SessionMatch(&data_.match_p.aps_policy, r_aps_policy, false);
2617  } else {
2618  // SG is reflexive ACL. For reverse-flow, copy SG action from
2619  // forward flow
2620  UpdateReflexiveAction();
2621  }
2622 
2623 done:
2624  nw_ace_uuid_ = nw_acl_info.uuid;
2625  if (!nw_acl_info.src_match_vn.empty())
2626  data_.source_vn_match = nw_acl_info.src_match_vn;
2627  if (!nw_acl_info.dst_match_vn.empty())
2628  data_.dest_vn_match = nw_acl_info.dst_match_vn;
2629  // Set mirror vrf after evaluation of actions
2630  SetMirrorVrfFromAction();
2631  //Set VRF assign action
2632  SetVrfAssignEntry();
2633  //Set HBS information
2634  SetHbsInfofromAction();
2635  // Summarize the actions based on lookups above
2636  ActionRecompute();
2637  return true;
2638 }
2639 
2641 // Flow policy action compute routines
2643 void FlowEntry::ResyncFlow() {
2644  DoPolicy();
2645 
2646  // If this is forward flow, update the SG action for reflexive entry
2647  FlowEntry *rflow = (is_flags_set(FlowEntry::ReverseFlow) == false) ?
2648  reverse_flow_entry() : NULL;
2649  // Dont update reflexive entry for TcpAck Flows. Since it can flip
2650  // Deny state for the reflexive entry.
2651  if (!(is_flags_set(FlowEntry::TcpAckFlow)) && rflow) {
2652  // Update action for reverse flow
2653  rflow->UpdateReflexiveAction();
2654  //Set HBS information
2655  rflow->SetHbsInfofromAction();
2656  rflow->ActionRecompute();
2657  }
2658 }
2659 
2660 const VrfEntry*
2661 FlowEntry::GetDestinationVrf() const {
2662  const VrfEntry *vrf = NULL;
2663  VrfTable *vrf_table = flow_table()->agent()->vrf_table();
2664 
2665  if (is_flags_set(FlowEntry::NatFlow) ||
2666  match_p().action_info.action & (1 << TrafficAction::VRF_TRANSLATE)) {
2667  vrf = vrf_table->FindVrfFromId(data().dest_vrf);
2668  } else {
2669  vrf = vrf_table->FindVrfFromId(data().vrf);
2670  }
2671  return vrf;
2672 }
2673 
2674 bool FlowEntry::SetQosConfigIndex() {
2675  uint32_t i = AgentQosConfigTable::kInvalidIndex;
2676  MatchAclParamsList::const_iterator it;
2677 
2678  //Priority of QOS config
2679  // 1> SG
2680  // 2> Interface
2681  // 3> ACL
2682  // 4> VN
2683  if (is_flags_set(FlowEntry::ReverseFlow) &&
2684  data_.match_p.sg_policy.action_summary & 1 << TrafficAction::APPLY_QOS) {
2685  i = reverse_flow_entry()->data().qos_config_idx;
2686  } else if (data_.match_p.sg_policy.action & 1 << TrafficAction::APPLY_QOS) {
2687  for(it = data_.match_p.sg_policy.m_acl_l.begin();
2688  it != data_.match_p.sg_policy.m_acl_l.end(); it++) {
2689  if (it->action_info.action & 1 << TrafficAction::APPLY_QOS &&
2690  it->action_info.qos_config_action_.id()
2691  != AgentQosConfigTable::kInvalidIndex) {
2692  i = it->action_info.qos_config_action_.id();
2693  break;
2694  }
2695  }
2696  } else if (data_.match_p.sg_policy.out_action & 1 << TrafficAction::APPLY_QOS) {
2697  for(it = data_.match_p.sg_policy.m_out_acl_l.begin();
2698  it != data_.match_p.sg_policy.m_out_acl_l.end(); it++) {
2699  if (it->action_info.action & 1 << TrafficAction::APPLY_QOS &&
2700  it->action_info.qos_config_action_.id() !=
2701  AgentQosConfigTable::kInvalidIndex) {
2702  i = it->action_info.qos_config_action_.id();
2703  break;
2704  }
2705  }
2706  } else if (data_.match_p.policy_action & 1 << TrafficAction::APPLY_QOS) {
2707  for(it = data_.match_p.m_acl_l.begin();
2708  it != data_.match_p.m_acl_l.end(); it++) {
2709  if (it->action_info.action & 1 << TrafficAction::APPLY_QOS &&
2710  it->action_info.qos_config_action_.id() !=
2711  AgentQosConfigTable::kInvalidIndex) {
2712  i = it->action_info.qos_config_action_.id();
2713  break;
2714  }
2715  }
2716  } else if (data_.match_p.out_policy_action & 1 << TrafficAction::APPLY_QOS) {
2717  for(it = data_.match_p.m_out_acl_l.begin();
2718  it != data_.match_p.m_out_acl_l.end(); it++) {
2719  if (it->action_info.action & 1 << TrafficAction::APPLY_QOS &&
2720  it->action_info.qos_config_action_.id() !=
2721  AgentQosConfigTable::kInvalidIndex) {
2722  i = it->action_info.qos_config_action_.id();
2723  break;
2724  }
2725  }
2726  }
2727 
2728  const VmInterface *intf =
2729  dynamic_cast<const VmInterface*>(data_.intf_entry.get());
2730  if (intf && intf->qos_config()) {
2731  if (intf->is_vn_qos_config() == false ||
2732  i == AgentQosConfigTable::kInvalidIndex) {
2733  i = intf->qos_config()->id();
2734  }
2735  }
2736 
2737  if (i != data_.qos_config_idx) {
2738  data_.qos_config_idx = i;
2739  return true;
2740  }
2741 
2742  return false;
2743 }
2744 
2745 // Recompute FlowEntry action based on ACLs already set in the flow
2746 bool FlowEntry::ActionRecompute() {
2747  uint32_t action = 0;
2748  uint16_t drop_reason = DROP_UNKNOWN;
2749  bool ret = false;
2750 
2751  action = data_.match_p.policy_action | data_.match_p.out_policy_action |
2752  data_.match_p.sg_policy.action_summary |
2753  data_.match_p.mirror_action | data_.match_p.out_mirror_action |
2754  data_.match_p.aps_policy.action_summary |
2755  data_.match_p.fwaas_policy.action_summary;
2756 
2757  //Only VRF assign acl, can specify action to
2758  //translate VRF. VRF translate action specified
2759  //by egress VN ACL or ingress VN ACL should be ignored
2760  action &= ~(1 << TrafficAction::VRF_TRANSLATE);
2761  action |= data_.match_p.vrf_assign_acl_action;
2762 
2763  if (action & (1 << TrafficAction::VRF_TRANSLATE) &&
2764  data_.match_p.action_info.vrf_translate_action_.ignore_acl() == true) {
2765  //In case of multi inline service chain, match condition generated on
2766  //each of service instance interface takes higher priority than
2767  //network ACL. Match condition on the interface would have ignore acl
2768  //flag set to avoid applying two ACL for vrf translation
2769  action = data_.match_p.vrf_assign_acl_action |
2770  data_.match_p.sg_policy.action_summary | data_.match_p.mirror_action |
2771  data_.match_p.out_mirror_action;
2772 
2773  //Pick mirror action from network ACL
2774  if (data_.match_p.policy_action & (1 << TrafficAction::MIRROR) ||
2775  data_.match_p.out_policy_action & (1 << TrafficAction::MIRROR)) {
2776  action |= (1 << TrafficAction::MIRROR);
2777  }
2778  }
2779 
2780  action &= ~(1 << TrafficAction::HBS);
2781  if (data_.match_p.aps_policy.action_summary & (1 << TrafficAction::HBS)) {
2782  action |= (1 << TrafficAction::HBS);
2783  }
2784 
2785  if (SetQosConfigIndex()) {
2786  ret = true;
2787  }
2788 
2789  // check for conflicting actions and remove allowed action
2790  if (ShouldDrop(action)) {
2791  action = (action & ~TrafficAction::DROP_FLAGS &
2792  ~TrafficAction::PASS_FLAGS);
2793  action |= (1 << TrafficAction::DENY);
2794  if (is_flags_set(FlowEntry::ShortFlow)) {
2795  drop_reason = short_flow_reason_;
2796  } else if (ShouldDrop(data_.match_p.policy_action)) {
2797  drop_reason = DROP_POLICY;
2798  } else if (ShouldDrop(data_.match_p.out_policy_action)) {
2799  drop_reason = DROP_OUT_POLICY;
2800  } else if (ShouldDrop(data_.match_p.sg_policy.action)) {
2801  drop_reason = DROP_SG;
2802  } else if (ShouldDrop(data_.match_p.sg_policy.out_action)) {
2803  drop_reason = DROP_OUT_SG;
2804  } else if (ShouldDrop(data_.match_p.sg_policy.reverse_action)) {
2805  drop_reason = DROP_REVERSE_SG;
2806  } else if (ShouldDrop(data_.match_p.sg_policy.reverse_out_action)) {
2807  drop_reason = DROP_REVERSE_OUT_SG;
2808  } else if (ShouldDrop(data_.match_p.aps_policy.action)) {
2809  drop_reason = DROP_FIREWALL_POLICY;
2810  } else if (ShouldDrop(data_.match_p.aps_policy.out_action)) {
2811  drop_reason = DROP_OUT_FIREWALL_POLICY;
2812  } else if (ShouldDrop(data_.match_p.aps_policy.reverse_action)) {
2813  drop_reason = DROP_REVERSE_FIREWALL_POLICY;
2814  } else if (ShouldDrop(data_.match_p.aps_policy.reverse_out_action)) {
2815  drop_reason = DROP_REVERSE_OUT_FIREWALL_POLICY;
2816  } else if (ShouldDrop(data_.match_p.fwaas_policy.action)) {
2817  drop_reason = DROP_FWAAS_POLICY;
2818  } else if (ShouldDrop(data_.match_p.fwaas_policy.out_action)) {
2819  drop_reason = DROP_FWAAS_OUT_POLICY;
2820  } else if (ShouldDrop(data_.match_p.fwaas_policy.reverse_action)) {
2821  drop_reason = DROP_FWAAS_REVERSE_POLICY;
2822  } else if (ShouldDrop(data_.match_p.fwaas_policy.reverse_out_action)) {
2823  drop_reason = DROP_FWAAS_REVERSE_OUT_POLICY;
2824  } else {
2825  drop_reason = DROP_UNKNOWN;
2826  }
2827  }
2828 
2829  if (action & (1 << TrafficAction::TRAP)) {
2830  action = (1 << TrafficAction::TRAP);
2831  }
2832 
2833  if (action != data_.match_p.action_info.action) {
2834  data_.match_p.action_info.action = action;
2835  ret = true;
2836  }
2837  if (drop_reason != data_.drop_reason) {
2838  data_.drop_reason = drop_reason;
2839  ret = true;
2840  }
2841  return ret;
2842 }
2843 
2844 // SetMirrorVrfFromAction
2845 // For this flow check for mirror action from dynamic ACLs or policy mirroring
2846 // assign the vrf from its Virtual Nework that ACL is used
2847 // If it is a local flow and out mirror action or policy is set
2848 // assign the vrf of the reverse flow, since ACL came from the reverse flow
2849 void FlowEntry::SetMirrorVrfFromAction() {
2850  if (data_.match_p.mirror_action & (1 << TrafficAction::MIRROR) ||
2851  data_.match_p.policy_action & (1 << TrafficAction::MIRROR)) {
2852  const VnEntry *vn = vn_entry();
2853  if (vn && vn->GetVrf()) {
2854  SetMirrorVrf(vn->GetVrf()->vrf_id());
2855  }
2856  }
2857  if (data_.match_p.out_mirror_action & (1 << TrafficAction::MIRROR) ||
2858  data_.match_p.out_policy_action & (1 << TrafficAction::MIRROR)) {
2859  FlowEntry *rflow = reverse_flow_entry_.get();
2860  if (rflow) {
2861  const VnEntry *rvn = rflow->vn_entry();
2862  if (rvn && rvn->GetVrf()) {
2863  SetMirrorVrf(rvn->GetVrf()->vrf_id());
2864  }
2865  }
2866  }
2867 }
2868 
2869 void FlowEntry::MakeShortFlow(FlowShortReason reason) {
2870  if (!is_flags_set(FlowEntry::ShortFlow)) {
2871  set_flags(FlowEntry::ShortFlow);
2872  short_flow_reason_ = reason;
2873  }
2874  if (reverse_flow_entry_ &&
2875  !reverse_flow_entry_->is_flags_set(FlowEntry::ShortFlow)) {
2876  reverse_flow_entry_->set_flags(FlowEntry::ShortFlow);
2877  reverse_flow_entry_->short_flow_reason_ = reason;
2878  }
2879 }
2880 
2881 void FlowEntry::UpdateReflexiveAction() {
2882  FlowEntry *rflow = reverse_flow_entry_.get();
2883  SessionPolicy *r_sg_policy = NULL;
2884  SessionPolicy *r_aps_policy = NULL;
2885  SessionPolicy *r_fwaas_policy = NULL;
2886 
2887  if (rflow) {
2888  r_sg_policy = &(rflow->data_.match_p.sg_policy);
2889  r_aps_policy = &(rflow->data_.match_p.aps_policy);
2890  r_fwaas_policy = &(rflow->data_.match_p.fwaas_policy);
2891  }
2892 
2893  UpdateReflexiveAction(&data_.match_p.sg_policy, r_sg_policy);
2894  UpdateReflexiveAction(&data_.match_p.aps_policy, r_aps_policy);
2895  UpdateReflexiveAction(&data_.match_p.fwaas_policy, r_fwaas_policy);
2896 }
2897 
2898 void FlowEntry::UpdateReflexiveAction(SessionPolicy *sp, SessionPolicy *rsp) {
2899  sp->action = (1 << TrafficAction::PASS);
2900  sp->out_action = (1 << TrafficAction::PASS);
2901  sp->reverse_action = (1 << TrafficAction::PASS);;
2902  sp->reverse_out_action = (1 << TrafficAction::PASS);
2903  sp->action_summary = rsp->action_summary;
2904 
2905  if (ShouldDrop(sp->action_summary) == false) {
2906  return;
2907  }
2908 
2909  sp->action &= ~(TrafficAction::DROP_FLAGS);
2910  sp->action |= (1 << TrafficAction::TRAP);
2911 }
2912 
2914 // Routines to manage pending actions on a flow. The pending actions are used
2915 // to state-compress actions trigged due to update of,
2916 // - DBEntries like interface, ACL etc..
2917 // - Routes
2919 FlowPendingAction::FlowPendingAction() {
2920  Reset();
2921 }
2922 
2923 FlowPendingAction::~FlowPendingAction() {
2924 }
2925 
2926 void FlowPendingAction::Reset() {
2927  delete_ = false;
2928  recompute_ = false;
2929  recompute_dbentry_ = false;
2930  revaluate_ = false;
2931 }
2932 
2933 bool FlowPendingAction::SetDelete() {
2934  if (delete_)
2935  return false;
2936 
2937  delete_ = true;
2938  return true;
2939 }
2940 
2941 void FlowPendingAction::ResetDelete() {
2942  delete_ = false;
2943  recompute_ = false;
2944  recompute_dbentry_ = false;
2945  revaluate_ = false;
2946 }
2947 
2948 bool FlowPendingAction::CanDelete() {
2949  return delete_;
2950 }
2951 
2952 bool FlowPendingAction::SetRecompute() {
2953  if (delete_ || recompute_)
2954  return false;
2955 
2956  recompute_ = true;
2957  return true;
2958 }
2959 
2960 void FlowPendingAction::ResetRecompute() {
2961  recompute_ = false;
2962  recompute_dbentry_ = false;
2963  revaluate_ = false;
2964 }
2965 
2966 bool FlowPendingAction::CanRecompute() {
2967  if (delete_)
2968  return false;
2969 
2970  return recompute_;
2971 }
2972 
2973 bool FlowPendingAction::SetRecomputeDBEntry() {
2974  if (delete_ || recompute_ || recompute_dbentry_)
2975  return false;
2976 
2977  recompute_dbentry_ = true;
2978  return true;
2979 }
2980 
2981 void FlowPendingAction::ResetRecomputeDBEntry() {
2982  recompute_dbentry_ = false;
2983  revaluate_ = false;
2984 }
2985 
2986 bool FlowPendingAction::CanRecomputeDBEntry() {
2987  if (delete_ || recompute_)
2988  return false;
2989 
2990  return recompute_dbentry_;
2991 }
2992 
2993 bool FlowPendingAction::SetRevaluate() {
2994  if (delete_ || recompute_ || recompute_dbentry_ || revaluate_)
2995  return false;
2996 
2997  revaluate_ = true;
2998  return true;
2999 }
3000 
3001 void FlowPendingAction::ResetRevaluate() {
3002  revaluate_ = false;
3003 }
3004 
3005 bool FlowPendingAction::CanRevaluate() {
3006  if (delete_ || recompute_ || recompute_dbentry_)
3007  return false;
3008 
3009  return revaluate_;
3010 }
3011 
3013 // Introspect routines
3015 void SetActionStr(const FlowAction &action_info,
3016  std::vector<ActionStr> &action_str_l) {
3017  std::bitset<32> bs(action_info.action);
3018  for (unsigned int i = 0; i < bs.size(); i++) {
3019  if (bs[i]) {
3020  ActionStr astr;
3021  astr.action =
3022  TrafficAction::ActionToString((TrafficAction::Action)i);
3023  action_str_l.push_back(astr);
3024  if ((TrafficAction::Action)i == TrafficAction::MIRROR) {
3025  std::vector<MirrorActionSpec>::const_iterator m_it;
3026  for (m_it = action_info.mirror_l.begin();
3027  m_it != action_info.mirror_l.end();
3028  ++m_it) {
3029  ActionStr mstr;
3030  mstr.action += (*m_it).ip.to_string();
3031  mstr.action += " ";
3032  mstr.action += integerToString((*m_it).port);
3033  mstr.action += " ";
3034  mstr.action += (*m_it).vrf_name;
3035  mstr.action += " ";
3036  mstr.action += (*m_it).encap;
3037  action_str_l.push_back(mstr);
3038  }
3039  }
3040  if ((TrafficAction::Action)i == TrafficAction::VRF_TRANSLATE) {
3041  ActionStr vrf_action_str;
3042  vrf_action_str.action +=
3043  action_info.vrf_translate_action_.vrf_name();
3044  action_str_l.push_back(vrf_action_str);
3045  }
3046  if ((TrafficAction::Action)i == TrafficAction::HBS) {
3047  ActionStr hbf_action_str;
3048  hbf_action_str.action += "hbs";
3049  action_str_l.push_back(hbf_action_str);
3050  }
3051  }
3052  }
3053 }
3054 
3055 static void SetAclListAclAction(const std::list<MatchAclParams> &acl_l,
3056  std::vector<AclAction> &acl_action_l,
3057  std::string &acl_type) {
3058  std::list<MatchAclParams>::const_iterator it;
3059  for(it = acl_l.begin(); it != acl_l.end(); ++it) {
3060  AclAction acl_action;
3061  acl_action.set_acl_id(UuidToString((*it).acl->GetUuid()));
3062  acl_action.set_acl_type(acl_type);
3063  std::vector<ActionStr> action_str_l;
3064  SetActionStr((*it).action_info, action_str_l);
3065  acl_action.set_action_l(action_str_l);
3066  acl_action_l.push_back(acl_action);
3067  }
3068 }
3069 
3070 void FlowEntry::SetAclAction(std::vector<AclAction> &acl_action_l) const {
3071  const std::list<MatchAclParams> &acl_l = data_.match_p.m_acl_l;
3072  std::string acl_type("nw policy");
3073  SetAclListAclAction(acl_l, acl_action_l, acl_type);
3074 
3075  const std::list<MatchAclParams> &sg_acl_l = data_.match_p.sg_policy.m_acl_l;
3076  acl_type = "sg";
3077  SetAclListAclAction(sg_acl_l, acl_action_l, acl_type);
3078 
3079  const std::list<MatchAclParams> &m_acl_l = data_.match_p.m_mirror_acl_l;
3080  acl_type = "dynamic";
3081  SetAclListAclAction(m_acl_l, acl_action_l, acl_type);
3082 
3083  const std::list<MatchAclParams> &out_acl_l = data_.match_p.m_out_acl_l;
3084  acl_type = "o nw policy";
3085  SetAclListAclAction(out_acl_l, acl_action_l, acl_type);
3086 
3087  const std::list<MatchAclParams> &out_sg_acl_l =
3088  data_.match_p.sg_policy.m_out_acl_l;
3089  acl_type = "o sg";
3090  SetAclListAclAction(out_sg_acl_l, acl_action_l, acl_type);
3091 
3092  const std::list<MatchAclParams> &out_m_acl_l =
3093  data_.match_p.m_out_mirror_acl_l;
3094  acl_type = "o dynamic";
3095  SetAclListAclAction(out_m_acl_l, acl_action_l, acl_type);
3096 
3097  const std::list<MatchAclParams> &r_sg_l = data_.match_p.sg_policy.m_reverse_acl_l;
3098  acl_type = "r sg";
3099  SetAclListAclAction(r_sg_l, acl_action_l, acl_type);
3100 
3101  const std::list<MatchAclParams> &r_out_sg_l =
3102  data_.match_p.sg_policy.m_reverse_out_acl_l;
3103  acl_type = "r o sg";
3104  SetAclListAclAction(r_out_sg_l, acl_action_l, acl_type);
3105 
3106  const std::list<MatchAclParams> &vrf_assign_acl_l =
3107  data_.match_p.m_vrf_assign_acl_l;
3108  acl_type = "vrf assign";
3109  SetAclListAclAction(vrf_assign_acl_l, acl_action_l, acl_type);
3110 
3111  const std::list<MatchAclParams> &aps_l =
3112  data_.match_p.aps_policy.m_acl_l;
3113  acl_type = "fw acl";
3114  SetAclListAclAction(aps_l, acl_action_l, acl_type);
3115 
3116  const std::list<MatchAclParams> &out_aps_l =
3117  data_.match_p.aps_policy.m_out_acl_l;
3118  acl_type = "reverse fw acl";
3119  SetAclListAclAction(out_aps_l,
3120  acl_action_l, acl_type);
3121 
3122  const std::list<MatchAclParams> &fwaas_l =
3123  data_.match_p.fwaas_policy.m_acl_l;
3124  acl_type = "fwaas acl";
3125  SetAclListAclAction(fwaas_l, acl_action_l, acl_type);
3126 
3127  const std::list<MatchAclParams> &out_fwaas_l =
3128  data_.match_p.fwaas_policy.m_out_acl_l;
3129  acl_type = "reverse fwaas acl";
3130  SetAclListAclAction(out_fwaas_l,
3131  acl_action_l, acl_type);
3132 }
3133 
3134 void FlowEntry::FillFlowInfo(FlowInfo &info) const {
3135  info.set_gen_id(gen_id_);
3136  info.set_flow_index(flow_handle_);
3137  if (key_.family == Address::INET) {
3138  info.set_source_ip(key_.src_addr.to_v4().to_ulong());
3139  info.set_destination_ip(key_.dst_addr.to_v4().to_ulong());
3140  } else {
3141  uint64_t sip[2], dip[2];
3142  Ip6AddressToU64Array(key_.src_addr.to_v6(), sip, 2);
3143  Ip6AddressToU64Array(key_.dst_addr.to_v6(), dip, 2);
3144  info.set_sip_upper(sip[0]);
3145  info.set_sip_lower(sip[1]);
3146  info.set_dip_upper(dip[0]);
3147  info.set_dip_lower(dip[1]);
3148  info.set_source_ip(0);
3149  info.set_destination_ip(0);
3150  }
3151  info.set_source_port(key_.src_port);
3152  info.set_destination_port(key_.dst_port);
3153  info.set_protocol(key_.protocol);
3154  info.set_hbs_intf_dir(hbs_intf_);
3155  info.set_nh_id(key_.nh);
3156  info.set_vrf(data_.vrf);
3157  info.set_source_vn_list(data_.SourceVnList());
3158  info.set_dest_vn_list(data_.DestinationVnList());
3159  info.set_source_vn_match(data_.source_vn_match);
3160  info.set_dest_vn_match(data_.dest_vn_match);
3161  std::vector<uint32_t> v;
3162  SecurityGroupList::const_iterator it;
3163  for (it = data_.source_sg_id_l.begin();
3164  it != data_.source_sg_id_l.end(); it++) {
3165  v.push_back(*it);
3166  }
3167  info.set_source_sg_id_l(v);
3168  v.clear();
3169  for (it = data_.dest_sg_id_l.begin(); it != data_.dest_sg_id_l.end();
3170  it++) {
3171  v.push_back(*it);
3172  }
3173  info.set_dest_sg_id_l(v);
3174 
3175  uint32_t fe_action = data_.match_p.action_info.action;
3176  if (fe_action & (1 << TrafficAction::DENY)) {
3177  info.set_deny(true);
3178  } else if (fe_action & (1 << TrafficAction::PASS)) {
3179  info.set_allow(true);
3180  }
3181 
3182  if (reverse_flow_entry_.get()) {
3183  info.set_reverse_index(reverse_flow_entry_->flow_handle());
3184  }
3185 
3186  if (is_flags_set(FlowEntry::NatFlow)) {
3187  info.set_nat(true);
3188  FlowEntry *nat_flow = reverse_flow_entry_.get();
3189  // TODO : IPv6
3190  if (nat_flow) {
3191  if (key_.src_addr != nat_flow->key().dst_addr) {
3192  if (key_.family == Address::INET) {
3193  info.set_nat_source_ip
3194  (nat_flow->key().dst_addr.to_v4().to_ulong());
3195  } else {
3196  info.set_nat_source_ip(0);
3197  }
3198  }
3199 
3200  if (key_.dst_addr != nat_flow->key().src_addr) {
3201  if (key_.family == Address::INET) {
3202  info.set_nat_destination_ip
3203  (nat_flow->key().src_addr.to_v4().to_ulong());
3204  } else {
3205  info.set_nat_destination_ip(0);
3206  }
3207  }
3208 
3209  if (key_.src_port != nat_flow->key().dst_port) {
3210  info.set_nat_source_port(nat_flow->key().dst_port);
3211  }
3212 
3213  if (key_.dst_port != nat_flow->key().src_port) {
3214  info.set_nat_destination_port(nat_flow->key().src_port);
3215  }
3216  info.set_nat_protocol(nat_flow->key().protocol);
3217  info.set_nat_vrf(data_.dest_vrf);
3218  info.set_nat_mirror_vrf(nat_flow->data().mirror_vrf);
3219  }
3220  }
3221 
3222  if (data_.match_p.action_info.action & (1 << TrafficAction::MIRROR)) {
3223  info.set_mirror(true);
3224  std::vector<MirrorActionSpec>::const_iterator it;
3225  std::vector<MirrorInfo> mirror_l;
3226  for (it = data_.match_p.action_info.mirror_l.begin();
3227  it != data_.match_p.action_info.mirror_l.end();
3228  ++it) {
3229  MirrorInfo mirror_info;
3230  mirror_info.set_mirror_destination((*it).ip.to_string());
3231  mirror_info.set_mirror_port((*it).port);
3232  mirror_info.set_mirror_vrf((*it).vrf_name);
3233  mirror_info.set_analyzer((*it).analyzer_name);
3234  mirror_l.push_back(mirror_info);
3235  }
3236  info.set_mirror_l(mirror_l);
3237  }
3238  info.set_mirror_vrf(data_.mirror_vrf);
3239  info.set_implicit_deny(ImplicitDenyFlow());
3240  info.set_short_flow(is_flags_set(FlowEntry::ShortFlow));
3241  if (is_flags_set(FlowEntry::EcmpFlow) &&
3242  data_.component_nh_idx != CompositeNH::kInvalidComponentNHIdx) {
3243  info.set_ecmp_index(data_.component_nh_idx);
3244  }
3245  if (is_flags_set(FlowEntry::Trap)) {
3246  info.set_trap(true);
3247  }
3248  info.set_vrf_assign(acl_assigned_vrf());
3249  info.set_l3_flow(l3_flow_);
3250  info.set_smac(data_.smac.ToString());
3251  info.set_dmac(data_.dmac.ToString());
3252  info.set_short_flow_reason(FlowEntry::DropReasonStr(short_flow_reason_));
3253  info.set_drop_reason(FlowEntry::DropReasonStr(data_.drop_reason));
3254  if (flow_table_) {
3255  info.set_table_id(flow_table_->table_index());
3256  }
3257 
3258  if (rpf_nh()) {
3259  info.set_rpf_nh(rpf_nh()->id());
3260  } else {
3261  info.set_rpf_nh(0xFFFFFFFF);
3262  }
3263  if (src_ip_nh()) {
3264  info.set_src_ip_nh(src_ip_nh()->id());
3265  } else {
3266  info.set_src_ip_nh(0xFFFFFFFF);
3267  }
3268 }
3269 
3270 static void SetAclListAceId(const AclDBEntry *acl,
3271  const MatchAclParamsList &acl_l,
3272  std::vector<AceId> &ace_l) {
3273  std::list<MatchAclParams>::const_iterator ma_it;
3274  for (ma_it = acl_l.begin();
3275  ma_it != acl_l.end();
3276  ++ma_it) {
3277  if ((*ma_it).acl != acl) {
3278  continue;
3279  }
3280  AclEntryIDList::const_iterator ait;
3281  for (ait = (*ma_it).ace_id_list.begin();
3282  ait != (*ma_it).ace_id_list.end(); ++ ait) {
3283  AceId ace_id;
3284  ace_id.id = ait->id_;
3285  ace_l.push_back(ace_id);
3286  }
3287  }
3288 }
3289 
3290 void FlowEntry::SetAclFlowSandeshData(const AclDBEntry *acl,
3291  FlowSandeshData &fe_sandesh_data, Agent *agent) const {
3292  fe_sandesh_data.set_vrf(integerToString(data_.vrf));
3293  fe_sandesh_data.set_src(key_.src_addr.to_string());
3294  fe_sandesh_data.set_dst(key_.dst_addr.to_string());
3295  fe_sandesh_data.set_src_port(key_.src_port);
3296  fe_sandesh_data.set_dst_port(key_.dst_port);
3297  fe_sandesh_data.set_protocol(key_.protocol);
3298  fe_sandesh_data.set_ingress(is_flags_set(FlowEntry::IngressDir));
3299  std::vector<ActionStr> action_str_l;
3300  SetActionStr(data_.match_p.action_info, action_str_l);
3301  fe_sandesh_data.set_action_l(action_str_l);
3302 
3303  std::vector<AclAction> acl_action_l;
3304  SetAclAction(acl_action_l);
3305  fe_sandesh_data.set_acl_action_l(acl_action_l);
3306 
3307  fe_sandesh_data.set_flow_handle(integerToString(flow_handle_));
3308  if (!data_.origin_vn_src.empty()) {
3309  fe_sandesh_data.set_source_vn(data_.origin_vn_src);
3310  } else {
3311  fe_sandesh_data.set_source_vn(data_.source_vn_match);
3312  }
3313  if (!data_.origin_vn_dst.empty()) {
3314  fe_sandesh_data.set_dest_vn(data_.origin_vn_dst);
3315  } else {
3316  fe_sandesh_data.set_dest_vn(data_.dest_vn_match);
3317  }
3318  if (!data_.OriginVnSrcList().empty()) {
3319  fe_sandesh_data.set_source_vn_list(data_.OriginVnSrcList());
3320  } else {
3321  fe_sandesh_data.set_source_vn_list(data_.SourceVnList());
3322  }
3323  if (!data_.OriginVnDstList().empty()) {
3324  fe_sandesh_data.set_dest_vn_list(data_.OriginVnDstList());
3325  } else {
3326  fe_sandesh_data.set_dest_vn_list(data_.DestinationVnList());
3327  }
3328  std::vector<uint32_t> v;
3329  SecurityGroupList::const_iterator it;
3330  for (it = data_.source_sg_id_l.begin();
3331  it != data_.source_sg_id_l.end(); it++) {
3332  v.push_back(*it);
3333  }
3334  fe_sandesh_data.set_source_sg_id_l(v);
3335  v.clear();
3336  for (it = data_.dest_sg_id_l.begin(); it != data_.dest_sg_id_l.end();
3337  it++) {
3338  v.push_back(*it);
3339  }
3340  fe_sandesh_data.set_dest_sg_id_l(v);
3341  fe_sandesh_data.set_flow_uuid(UuidToString(uuid()));
3342  if (fsc_) {
3343  const FlowExportInfo *info = fsc_->FindFlowExportInfo(this);
3344  if (info) {
3345  fe_sandesh_data.set_bytes(integerToString(info->bytes()));
3346  fe_sandesh_data.set_packets(integerToString(info->packets()));
3347  if (info->teardown_time()) {
3348  fe_sandesh_data.set_teardown_time(
3349  integerToString(UTCUsecToPTime(info->teardown_time())));
3350  } else {
3351  fe_sandesh_data.set_teardown_time("");
3352  }
3353  }
3354  }
3355  fe_sandesh_data.set_current_time(integerToString(
3356  UTCUsecToPTime(UTCTimestampUsec())));
3357 
3358  SetAclListAceId(acl, data_.match_p.m_acl_l, fe_sandesh_data.ace_l);
3359  SetAclListAceId(acl, data_.match_p.sg_policy.m_acl_l, fe_sandesh_data.ace_l);
3360  SetAclListAceId(acl, data_.match_p.m_mirror_acl_l, fe_sandesh_data.ace_l);
3361  SetAclListAceId(acl, data_.match_p.m_out_acl_l, fe_sandesh_data.ace_l);
3362  SetAclListAceId(acl, data_.match_p.sg_policy.m_reverse_acl_l,
3363  fe_sandesh_data.ace_l);
3364  SetAclListAceId(acl, data_.match_p.sg_policy.m_reverse_out_acl_l,
3365  fe_sandesh_data.ace_l);
3366  SetAclListAceId(acl, data_.match_p.sg_policy.m_out_acl_l, fe_sandesh_data.ace_l);
3367  SetAclListAceId(acl, data_.match_p.m_out_mirror_acl_l,
3368  fe_sandesh_data.ace_l);
3369  SetAclListAceId(acl, data_.match_p.m_vrf_assign_acl_l,
3370  fe_sandesh_data.ace_l);
3371  SetAclListAceId(acl, data_.match_p.aps_policy.m_acl_l,
3372  fe_sandesh_data.ace_l);
3373  SetAclListAceId(acl, data_.match_p.aps_policy.m_out_acl_l,
3374  fe_sandesh_data.ace_l);
3375  SetAclListAceId(acl, data_.match_p.fwaas_policy.m_acl_l,
3376  fe_sandesh_data.ace_l);
3377  SetAclListAceId(acl, data_.match_p.fwaas_policy.m_out_acl_l,
3378  fe_sandesh_data.ace_l);
3379 
3380  fe_sandesh_data.set_reverse_flow(is_flags_set(FlowEntry::ReverseFlow) ?
3381  "yes" : "no");
3382  fe_sandesh_data.set_nat(is_flags_set(FlowEntry::NatFlow) ? "yes" : "no");
3383  fe_sandesh_data.set_implicit_deny(ImplicitDenyFlow() ? "yes" : "no");
3384  fe_sandesh_data.set_short_flow(is_flags_set(FlowEntry::ShortFlow) ?
3385  "yes" : "no");
3386  fe_sandesh_data.set_l3_flow(l3_flow_);
3387  fe_sandesh_data.set_smac(data_.smac.ToString());
3388  fe_sandesh_data.set_dmac(data_.dmac.ToString());
3389 }
3390 
3391 string FlowEntry::KeyString() const {
3392  std::ostringstream str;
3393  int idx = flow_handle_ == FlowEntry::kInvalidFlowHandle ? -1 : flow_handle_;
3394  str << " Idx : " << idx
3395  << " Key : "
3396  << key_.nh << " "
3397  << key_.src_addr.to_string() << ":"
3398  << key_.src_port << " "
3399  << key_.dst_addr.to_string() << ":"
3400  << key_.dst_port << " "
3401  << (uint16_t)key_.protocol;
3402  return str.str();
3403 }
3404 
3405 static std::string EventToString(FlowEventLog::Event event,
3406  std::string &event_str) {
3407  switch (event) {
3408  case FlowEventLog::FLOW_ADD:
3409  event_str = "FlowAdd";
3410  break;
3411  case FlowEventLog::FLOW_UPDATE:
3412  event_str = "FlowUpdate";
3413  break;
3414  case FlowEventLog::FLOW_DELETE:
3415  event_str = "FlowDelete";
3416  break;
3417  case FlowEventLog::FLOW_EVICT:
3418  event_str = "FlowEvict";
3419  break;
3420  case FlowEventLog::FLOW_HANDLE_ASSIGN:
3421  event_str = "FlowHandleAssign";
3422  break;
3423  case FlowEventLog::FLOW_MSG_SKIP_EVICTED:
3424  event_str = "FlowMessageSkippedEvictedFlow";
3425  break;
3426  default:
3427  event_str = "Unknown";
3428  break;
3429  }
3430  return event_str;
3431 }
3432 
3433 void FlowEntry::SetEventSandeshData(SandeshFlowIndexInfo *info) {
3434  KSyncFlowIndexManager *mgr =
3435  flow_table_->agent()->ksync()->ksync_flow_index_manager();
3436  info->set_trace_index(event_log_index_);
3437  if (mgr->sm_log_count() == 0) {
3438  return;
3439  }
3440  int start = 0;
3441  int count = event_log_index_;
3442  if (event_log_index_ >= mgr->sm_log_count()) {
3443  start = event_log_index_ % mgr->sm_log_count();
3444  count = mgr->sm_log_count();
3445  }
3446  std::vector<SandeshFlowIndexTrace> trace_list;
3447  for (int i = 0; i < count; i++) {
3448  SandeshFlowIndexTrace trace;
3449  FlowEventLog *log = &event_logs_[((start + i) % mgr->sm_log_count())];
3450  trace.set_timestamp(log->time_);
3451  trace.set_flow_handle(log->flow_handle_);
3452  trace.set_flow_gen_id(log->flow_gen_id_);
3453  string event_str;
3454  trace.set_event(EventToString(log->event_, event_str));
3455  trace.set_ksync_hash_id(log->hash_id_);
3456  trace.set_ksync_gen_id(log->gen_id_);
3457  trace.set_vrouter_flow_handle(log->vrouter_flow_handle_);
3458  trace.set_vrouter_gen_id(log->vrouter_gen_id_);
3459  trace_list.push_back(trace);
3460  }
3461  info->set_flow_index_trace(trace_list);
3462 }
3463 
3464 void FlowEntry::LogFlow(FlowEventLog::Event event, FlowTableKSyncEntry* ksync,
3465  uint32_t flow_handle, uint8_t gen_id) {
3466  KSyncFlowIndexManager *mgr =
3467  flow_table_->agent()->ksync()->ksync_flow_index_manager();
3468  string event_str;
3469  LOG(DEBUG, "Flow event = " << EventToString(event, event_str)
3470  << " flow = " << (void *)this
3471  << " flow->flow_handle = " << flow_handle_
3472  << " flow->gen_id = " << (int)gen_id_
3473  << " ksync = " << (void *)ksync
3474  << " Ksync->hash_id = " << ((ksync != NULL) ? ksync->hash_id() : -1)
3475  << " Ksync->gen_id = " << ((ksync != NULL) ? (int)ksync->gen_id() : 0)
3476  << " new_flow_handle = " << flow_handle
3477  << " new_gen_id = " << (int)gen_id);
3478 
3479  if (mgr->sm_log_count() == 0) {
3480  return;
3481  }
3482 
3483  if (event_logs_ == NULL) {
3484  event_log_index_ = 0;
3485  event_logs_.reset(new FlowEventLog[mgr->sm_log_count()]);
3486  }
3487 
3488  FlowEventLog *log = &event_logs_[event_log_index_ % mgr->sm_log_count()];
3489  event_log_index_++;
3490 
3491  log->time_ = ClockMonotonicUsec();
3492  log->event_ = event;
3493  log->flow_handle_ = flow_handle_;
3494  log->flow_gen_id_ = gen_id_;
3495  log->ksync_entry_ = ksync;
3496  log->hash_id_ = (ksync != NULL) ? ksync->hash_id() : -1;
3497  log->gen_id_ = (ksync != NULL) ? ksync->gen_id() : 0;
3498  log->vrouter_flow_handle_ = flow_handle;
3499  log->vrouter_gen_id_ = gen_id;
3500 }
3501 
3502 const TagList &FlowEntry::local_tagset() const {
3503  if (is_flags_set(FlowEntry::IngressDir)) {
3504  return data_.source_tag_id_l;
3505  }
3506  return data_.dest_tag_id_l;
3507 }
3508 
3509 const TagList &FlowEntry::remote_tagset() const {
3510  if (is_flags_set(FlowEntry::IngressDir)) {
3511  return data_.dest_tag_id_l;
3512  }
3513  return data_.source_tag_id_l;
3514 }
3515 
3516 const std::string FlowEntry::BuildRemotePrefix(const FlowRouteRefMap &rt_list,
3517  uint32_t vrf,
3518  const IpAddress &ip) const {
3519  int plen = -1;
3520  FlowRouteRefMap::const_iterator it;
3521  for (it = rt_list.begin(); it != rt_list.end(); it++) {
3522  if (it->first == static_cast<int>(vrf)) {
3523  plen = it->second;
3524  break;
3525  }
3526  }
3527  if (plen != -1) {
3528  return ip.to_string() + "/" + integerToString(plen);
3529  }
3530  return "";
3531 }
3532 
3533 /* Remote prefix is required only wnen remote_tagset is absent. Returns empty
3534  * string as remote-prefix when remote-tagset is present */
3535 const std::string FlowEntry::RemotePrefix() const {
3536  if (remote_tagset().size() > 0) {
3537  return "";
3538  }
3539  if (is_flags_set(FlowEntry::IngressDir)) {
3540  return BuildRemotePrefix(data_.flow_dest_plen_map,
3541  data_.flow_dest_vrf, key_.dst_addr);
3542  }
3543  return BuildRemotePrefix(data_.flow_source_plen_map, data_.flow_source_vrf,
3544  key_.src_addr);
3545 }
3546 
3547 void FlowEntry::FillUveVnAceInfo(FlowUveVnAcePolicyInfo *info) const {
3548  const VnEntry *vn = vn_entry();
3549  info->vn_ = vn? vn->GetName() : "";
3550  info->nw_ace_uuid_ = nw_ace_uuid();
3551  if (!info->vn_.empty() && !info->nw_ace_uuid_.empty()) {
3552  info->is_valid_ = true;
3553  }
3554 }
3555 
3556 void FlowEntry::FillUveLocalRevFlowStatsInfo(FlowUveFwPolicyInfo *info,
3557  bool added) const {
3558  info->initiator_ = false;
3559  info->local_vn_ = data_.source_vn_match;
3560  info->remote_vn_ = data_.dest_vn_match;
3561  info->local_tagset_ = local_tagset();
3562  info->remote_tagset_ = remote_tagset();
3563  info->fw_policy_ = fw_policy_name_uuid();
3564  info->remote_prefix_ = RemotePrefix();
3565  info->added_ = added;
3566  if (is_flags_set(FlowEntry::ShortFlow)) {
3567  info->short_flow_ = true;
3568  } else {
3569  info->short_flow_ = false;
3570  }
3571  FlowTable::GetFlowSandeshActionParams(data().match_p.action_info,
3572  info->action_);
3573  info->is_valid_ = true;
3574 }
3575 
3576 void FlowEntry::FillUveFwdFlowStatsInfo(FlowUveFwPolicyInfo *info,
3577  bool added) const {
3578  if (is_flags_set(FlowEntry::IngressDir)) {
3579  info->initiator_ = true;
3580  info->local_vn_ = data_.source_vn_match;
3581  info->remote_vn_ = data_.dest_vn_match;
3582  } else {
3583  info->initiator_ = false;
3584  info->local_vn_ = data_.dest_vn_match;
3585  info->remote_vn_ = data_.source_vn_match;
3586  }
3587  info->local_tagset_ = local_tagset();
3588  info->remote_tagset_ = remote_tagset();
3589  info->fw_policy_ = fw_policy_name_uuid();
3590  info->remote_prefix_ = RemotePrefix();
3591  info->added_ = added;
3592  if (is_flags_set(FlowEntry::ShortFlow)) {
3593  info->short_flow_ = true;
3594  } else {
3595  info->short_flow_ = false;
3596  }
3597  FlowTable::GetFlowSandeshActionParams(data().match_p.action_info,
3598  info->action_);
3599  info->is_valid_ = true;
3600 }
3601 
3602 void FlowEntry::FillUveFwStatsInfo(FlowUveFwPolicyInfo *info,
3603  bool added) const {
3604  /* Endpoint statistics update is not required in the following
3605  * cases
3606  * 1. When flow has empty policy_set_acl_name. One example of this
3607  * case is when matching rule for flow is IMPLICIT_ALLOW
3608  * 2. Link local flows
3609  * 3. Reverse flows. We need session_count and not flow_count. So we
3610  * consider only forward flows.
3611  *
3612  * Also count is updated only for forward-flow as the count
3613  * indicates session_count and NOT flow-count
3614  */
3615  if (is_flags_set(FlowEntry::ReverseFlow) &&
3616  !is_flags_set(FlowEntry::LocalFlow)) {
3617  return;
3618  }
3619  if (is_flags_set(FlowEntry::LocalFlow)) {
3620  if (is_flags_set(FlowEntry::ReverseFlow)) {
3621  FillUveLocalRevFlowStatsInfo(info, added);
3622  } else {
3623  FillUveFwdFlowStatsInfo(info, added);
3624  }
3625  } else {
3626  FillUveFwdFlowStatsInfo(info, added);
3627  }
3628 }
3629 
3630 const std::string FlowEntry::fw_policy_uuid() const {
3631  return data_.match_p.aps_policy.rule_uuid_;
3632 }
3633 
3634 const std::string FlowEntry::fw_policy_name_uuid() const {
3635  /* If policy-name is empty return only policy UUID. Policy-name will be
3636  * empty when one of the implicit rules match */
3637  if (data_.match_p.aps_policy.acl_name_.empty()) {
3638  return fw_policy_uuid();
3639  }
3640  return data_.match_p.aps_policy.acl_name_ + ":" +
3641  fw_policy_uuid();
3642 }
3643 
3644 void FlowEntry::set_flow_mgmt_info(FlowEntryInfo *info) {
3645  flow_mgmt_info_.reset(info);
3646 }
3647 
3648 uint8_t FlowEntry::GetUnderlayGwIndex(uint32_t intf_in, const IpAddress &sip,
3649  const IpAddress &dip, uint8_t proto, uint16_t sport,
3650  uint16_t dport) const {
3651  if ((!flow_table()->agent()->is_l3mh()) || (is_flags_set(FlowEntry::LocalFlow))) {
3652  return -1;
3653  }
3654 
3655  uint8_t underlay_gw_index = -1;
3656  if (is_flags_set(FlowEntry::ReverseFlow)) {
3657  FlowEntry *rflow = reverse_flow_entry_.get();
3658  if (rflow != NULL) {
3659  underlay_gw_index = rflow->data().underlay_gw_index_;
3660  }
3661  return underlay_gw_index;
3662  }
3663 
3664  InetUnicastRouteEntry *rt = static_cast<InetUnicastRouteEntry *>
3665  (FlowEntry::GetUcRoute(GetDestinationVrf(), dip));
3666  const TunnelNH *tunnel_nh = rt != nullptr ?
3667  dynamic_cast<const TunnelNH *>(rt->GetActiveNextHop()) : nullptr;
3668 
3669  if (!tunnel_nh && is_flags_set(FlowEntry::EcmpFlow) &&
3670  data_.component_nh_idx != CompositeNH::kInvalidComponentNHIdx) {
3671  // For composite nh set underlay gw index to component_nh_idx (same hash is used)
3672  return (data_.component_nh_idx % (flow_table()->agent()->fabric_interface_name_list().size()));
3673  }
3674 
3675  Interface *intf = flow_table()->agent()->interface_table()->
3676  FindInterface(intf_in);
3677  if (intf && intf->type() == Interface::PHYSICAL) {
3678  underlay_gw_index = intf->id();
3679  return underlay_gw_index;
3680  } else {
3681  std::size_t hash = 0;
3682  hash = HashIp(hash, sip);
3683  hash = HashIp(hash, dip);
3684 
3685  hash = HashCombine(hash, sport);
3686  hash = HashCombine(hash, dport);
3687  hash = HashCombine(hash, proto);
3688  underlay_gw_index = hash % (flow_table()->agent()->fabric_interface_name_list().size());
3689  }
3690 
3691  if (rt == nullptr) {
3692  return -1;
3693  }
3694  if ( !(tunnel_nh && (tunnel_nh->IsValid()))) {
3695  return -1;
3696  }
3697  uint8_t index = 0;
3698  TunnelNH::EncapDataList encap_list = tunnel_nh->GetEncapDataList();
3699  while (index < encap_list.size()) {
3700  if (encap_list[index].get()->interface_.get() &&
3701  underlay_gw_index == (encap_list[index].get()->interface_).get()->id()) {
3702  underlay_gw_index = index;
3703  break;
3704  }
3705  index++;
3706  }
3707 
3708  if (tunnel_nh->IsEncapValid(underlay_gw_index)) {
3709  return underlay_gw_index;
3710  } else if ( ((underlay_gw_index +1) < (uint8_t)tunnel_nh->GetEncapDataList().size()) &&
3711  tunnel_nh->IsEncapValid(underlay_gw_index +1)) {
3712  return underlay_gw_index +1;
3713  } else if (((underlay_gw_index +1) >= (uint8_t)tunnel_nh->GetEncapDataList().size()) &&
3714  tunnel_nh->IsEncapValid(underlay_gw_index + 1 - tunnel_nh->GetEncapDataList().size())) {
3715  return (underlay_gw_index + 1 - tunnel_nh->GetEncapDataList().size());
3716  }
3717  return -1;
3718 }
3719 
3720 TcpPort::~TcpPort() {
3721  socket_.close();
3722 }
3723 
3724 uint16_t TcpPort::Bind() {
3725  boost::system::error_code ec;
3726  socket_.open(tcp::v4());
3727  socket_.bind(tcp::endpoint(tcp::v4(), port_), ec);
3728  if (ec.failed()) {
3729  return 0;
3730  }
3731  port_ = socket_.local_endpoint(ec).port();
3732  return port_;
3733 }
3734 
3735 UdpPort::~UdpPort() {
3736  socket_.close();
3737 }
3738 
3739 uint16_t UdpPort::Bind() {
3740  boost::system::error_code ec;
3741  socket_.open(udp::v4());
3742  socket_.bind(udp::endpoint(udp::v4(), port_), ec);
3743  if (ec.failed()) {
3744  return 0;
3745  }
3746  port_ = socket_.local_endpoint(ec).port();
3747  return port_;
3748 }
3749 
3750 bool PortCacheEntry::operator<(const PortCacheEntry &rhs) const {
3751  return key_.IsLess(rhs.key_);
3752 }
3753 
3754 void PortCacheEntry::MarkDelete() const {
3755  stale_ = true;
3756  delete_time_ = UTCTimestampUsec();
3757 }
3758 
3759 bool PortCacheEntry::CanBeAged(uint64_t current_time, uint64_t timeout) const {
3760  if (stale_ &&
3761  current_time - delete_time_ >= timeout) {
3762  return true;
3763  }
3764 
3765  return false;
3766 }
3767 
3768 PortCacheTable::PortCacheTable(PortTable *table) :
3769  port_table_(table),
3770  timer_(TimerManager::CreateTimer(
3771  *(table->agent()->event_manager())->io_service(),
3772  "FlowPortBindTimer",
3773  TaskScheduler::GetInstance()->GetTaskId(kTaskFlowMgmt), -1)),
3774  hash_(0), timeout_(PortCacheTable::kAgingTimeout) {
3775  timer_->Start(kCacheAging,
3776  boost::bind(&PortCacheTable::Age, this));
3777 }
3778 
3779 PortCacheTable::~PortCacheTable() {
3780  timer_->Cancel();
3781  TimerManager::DeleteTimer(timer_);
3782 }
3783 
3784 bool PortCacheTable::Age() {
3785  if (tree_.size() == 0) {
3786  return false;
3787  }
3788 
3789  tbb::recursive_mutex::scoped_lock lock(port_table_->mutex());
3790  uint16_t no_of_entries = tree_.size() / kCacheAging;
3791  uint16_t entries_processed = 0;
3792  uint64_t current_time = UTCTimestampUsec();
3793 
3794  PortCacheTree::iterator it = tree_.lower_bound(hash_);
3795  while (it != tree_.end() && entries_processed <= no_of_entries) {
3796  //Go thru each entry in particular hash bucket and identify
3797  //if any of them can be released
3798  PortCacheEntryList::iterator pcit = it->second.begin();
3799  while (pcit != it->second.end() && entries_processed <= no_of_entries) {
3800  PortCacheEntryList::iterator saved_pcit = pcit;
3801  pcit++;
3802  if (saved_pcit->CanBeAged(current_time, timeout_)) {
3803  //Release reference to port
3804  //check if port is empty, delete the port
3805  port_table_->Free(saved_pcit->key(), saved_pcit->port(), true);
3806  }
3807  entries_processed++;
3808  }
3809  it++;
3810  }
3811 
3812  if (it == tree_.end()) {
3813  hash_ = 0;
3814  } else {
3815  hash_ = it->first;
3816  hash_++;
3817  }
3818 
3819  return true;
3820 }
3821 
3822 void PortCacheTable::StartTimer() {
3823  timer_->Start(kCacheAging,
3824  boost::bind(&PortCacheTable::Age, this));
3825 }
3826 
3827 void PortCacheTable::StopTimer() {
3828  timer_->Cancel();
3829 }
3830 
3831 void PortCacheTable::Add(const PortCacheEntry &cache_entry) {
3832  uint16_t hash = port_table_->HashFlowKey(cache_entry.key());
3833  tree_[hash].insert(cache_entry);
3834 
3835  if (tree_.size() == 1) {
3836  StartTimer();
3837  }
3838 }
3839 
3840 void PortCacheTable::Delete(const PortCacheEntry &cache_entry) {
3841  uint16_t hash = port_table_->HashFlowKey(cache_entry.key());
3842  tree_[hash].erase(cache_entry);
3843  if (tree_[hash].size() == 0) {
3844  tree_.erase(hash);
3845  }
3846 
3847  if (tree_.size() == 0) {
3848  StopTimer();
3849  }
3850 }
3851 
3852 void PortCacheTable::MarkDelete(const PortCacheEntry &cache_entry) {
3853  uint16_t hash = port_table_->HashFlowKey(cache_entry.key());
3854 
3855  PortCacheEntryList::iterator it = tree_[hash].find(cache_entry);
3856  if (it != tree_[hash].end()) {
3857  it->MarkDelete();
3858  }
3859 }
3860 
3861 const PortCacheEntry*
3862 PortCacheTable::Find(const FlowKey &key) const {
3863  PortCacheEntry cache_entry(key, 0);
3864  uint16_t hash = port_table_->HashFlowKey(cache_entry.key());
3865 
3866  PortCacheTree::const_iterator pct_it = tree_.find(hash);
3867  if (pct_it == tree_.end()) {
3868  return NULL;
3869  }
3870 
3871  PortCacheEntryList::const_iterator it = pct_it->second.find(cache_entry);
3872  if (it != pct_it->second.end()) {
3873  return &(*it);
3874  }
3875 
3876  return NULL;
3877 }
3878 
3879 uint16_t PortTable::HashFlowKey(const FlowKey &key) {
3880  std::size_t hash = 0;
3881  boost::hash_combine(hash, key.dst_addr.to_v4().to_ulong());
3882  boost::hash_combine(hash, key.dst_port);
3883 
3884  return (hash % hash_table_size_);
3885 }
3886 
3887 PortTable::PortTable(Agent *agent, uint32_t hash_table_size, uint8_t protocol):
3888  agent_(agent), protocol_(protocol), cache_(this),
3889  hash_table_size_(hash_table_size) {
3890  for (uint32_t i = 0; i < hash_table_size; i++) {
3891  hash_table_.push_back(PortBitMapPtr(new PortBitMap()));
3892  }
3893 }
3894 
3895 PortTable::~PortTable() {
3896  if (task_trigger_.get()) {
3897  task_trigger_->Reset();
3898  }
3899 }
3900 
3901 uint16_t PortTable::Allocate(const FlowKey &key) {
3902  if (key.protocol != IPPROTO_TCP && key.protocol != IPPROTO_UDP) {
3903  return key.src_port;
3904  }
3905 
3906  tbb::recursive_mutex::scoped_lock lock(mutex_);
3907  //Check if the entry is present in flow cache tree
3908  const PortCacheEntry *entry = cache_.Find(key);
3909  if (entry) {
3910  entry->set_stale(false);
3911  return entry->port();
3912  }
3913 
3914  uint16_t port_hash = HashFlowKey(key);
3915  uint16_t port = kInvalidPort;
3916 
3917  PortBitMapPtr bit_map = hash_table_[port_hash];
3918 
3919  //Mark the port as used in bit map of hash
3920  uint16_t index = bit_map->Insert(key);
3921  if (index >= port_to_bit_index_.size()) {
3922  bit_map->Remove(index);
3923  return port;
3924  }
3925  //Using the index above get the actual port to be used
3926  port = port_list_.At(index)->port();
3927  PortCacheEntry cache_entry(key, port);
3928  //Add to cache tree
3929  cache_.Add(cache_entry);
3930 
3931  return port;
3932 }
3933 
3934 PortTable::PortPtr
3935 PortTable::CreatePortEntry(uint16_t port_no) {
3936  switch(protocol_) {
3937  case IPPROTO_TCP:
3938  return PortPtr(new TcpPort(*(agent_->event_manager()->io_service()),
3939  port_no));
3940 
3941  case IPPROTO_UDP:
3942  return PortPtr(new UdpPort(*(agent_->event_manager()->io_service()),
3943  port_no));
3944  }
3945 
3946  return PortPtr();
3947 }
3948 
3949 void PortTable::Free(const FlowKey &key, uint16_t port, bool release) {
3950  tbb::recursive_mutex::scoped_lock lock(mutex_);
3951  PortCacheEntry cache_entry(key, kInvalidPort);
3952  if (release) {
3953  //Delete from cache entry
3954  PortCacheEntry cache_entry(key, kInvalidPort);
3955  cache_.Delete(cache_entry);
3956 
3957  uint16_t port_hash = HashFlowKey(key);
3958  PortBitMapPtr bit_map = hash_table_[port_hash];
3959  if (port_to_bit_index_.find(port) != port_to_bit_index_.end()) {
3960  //Upon config change all the entries in bit map
3961  //are implicitly deleted, hence a duplicate
3962  //delete from flow table needs to be handled
3963  //after cross check if key matches
3964  FlowKey existing_key = bit_map->At(port_to_bit_index_[port]);
3965  if (existing_key.IsEqual(key)) {
3966  bit_map->Remove(port_to_bit_index_[port]);
3967  }
3968  }
3969  } else {
3970  //Mark cache entry for deletion
3971  //after aging timeout
3972  cache_.MarkDelete(cache_entry);
3973  }
3974 }
3975 
3976 void PortTable::Relocate(uint16_t port_no) {
3977  PortToBitIndexMap::iterator it = port_to_bit_index_.find(port_no);
3978  assert(it != port_to_bit_index_.end());
3979 
3980  PortPtr port_ptr = port_list_.At(it->second);
3981  DeleteAllFlow(port_no, it->second);
3982  port_list_.Remove(it->second);
3983  it->second = port_list_.Insert(port_ptr);
3984 }
3985 
3986 void PortTable::AddPort(uint16_t port_no) {
3987  PortToBitIndexMap::iterator it = port_to_bit_index_.find(port_no);
3988  //Port number already present
3989  if (port_no != kInvalidPort && it != port_to_bit_index_.end()) {
3990  if (it->second >= port_config_.port_count) {
3991  Relocate(port_no);
3992  }
3993  return;
3994  }
3995 
3996  PortPtr port_ptr = CreatePortEntry(port_no);
3997  if (port_ptr->Bind() || agent_->test_mode()) {
3998  size_t index = port_list_.Insert(port_ptr);
3999  port_to_bit_index_.insert((PortToBitIndexPair(port_ptr->port(),
4000  (uint16_t)index)));
4001  }
4002 }
4003 
4004 void PortTable::DeleteAllFlow(uint16_t port_no, uint16_t index) {
4005  for (uint16_t i = 0; i < hash_table_size_; i++) {
4006  FlowKey key = hash_table_[i]->At((size_t)index);
4007  if (key.family == Address::UNSPEC) {
4008  continue;
4009  }
4010  hash_table_[i]->Remove(index);
4011  Free(key, port_no, true);
4012  //Enqueue delete of flow
4013  agent_->pkt()->get_flow_proto()->DeleteFlowRequest(key);
4014  }
4015 }
4016 
4017 void PortTable::DeletePort(uint16_t port_no) {
4018  assert(port_no != kInvalidPort);
4019 
4020  PortToBitIndexMap::const_iterator it = port_to_bit_index_.find(port_no);
4021  assert(it != port_to_bit_index_.end());
4022  uint16_t index = it->second;
4023 
4024  //Delete all the flow using this port
4025  DeleteAllFlow(port_no, index);
4026 
4027  port_list_.Remove(index);
4028  port_to_bit_index_.erase(port_no);
4029 }
4030 
4031 bool PortTable::IsValidPort(uint16_t port, uint16_t count) {
4032  if (port_config_.port_range.size() != 0) {
4033  std::vector<PortConfig::PortRange>::const_iterator it =
4034  port_config_.port_range.begin();
4035  //Go thru each range
4036  for(; it != port_config_.port_range.end(); it++) {
4037  if (port >= it->port_start && port <= it->port_end) {
4038  return true;
4039  }
4040  }
4041  } else {
4042  return (count < port_config_.port_count);
4043  }
4044 
4045  return false;
4046 }
4047 
4048 void PortTable::UpdatePortConfig(const PortConfig *pc) {
4049  if (task_trigger_.get()) {
4050  task_trigger_->Reset();
4051  }
4052 
4053  PortConfig new_pc = *pc;
4054 
4055  int task_id = TaskScheduler::GetInstance()->GetTaskId(kTaskFlowEvent);
4056  task_trigger_.reset
4057  (new TaskTrigger(boost::bind(&PortTable::HandlePortConfig, this,
4058  new_pc), task_id, 0));
4059  task_trigger_->Set();
4060 }
4061 
4062 bool PortTable::HandlePortConfig(const PortConfig &pc) {
4063  tbb::recursive_mutex::scoped_lock lock(mutex_);
4064  uint16_t old_port_count = port_to_bit_index_.size();
4065  port_config_ = pc;
4066 
4067  uint16_t count = 0;
4068 
4069  for (uint16_t index = 0; index < old_port_count; index++) {
4070  PortPtr port = port_list_.At(index);
4071  if (port.get() && IsValidPort(port->port(), count) == false) {
4072  DeletePort(port->port());
4073  } else {
4074  count++;
4075  //For relocating the port of index is higher than
4076  //port count
4077  AddPort(port->port());
4078  }
4079  }
4080 
4081  if (port_config_.port_range.size()) {
4082  std::vector<PortConfig::PortRange>::const_iterator it =
4083  port_config_.port_range.begin();
4084  //Go thru each range
4085  for(; it != port_config_.port_range.end(); it++) {
4086  //Handle range of port
4087  for (uint16_t port = it->port_start;
4088  it->port_end && port <= it->port_end;
4089  port++) {
4090  AddPort(port);
4091  }
4092  }
4093  } else {
4094  //Handle port count, port_count_ would be set only if range is
4095  //not valid
4096  for (uint16_t port = count; port < port_config_.port_count; port++) {
4097  AddPort(0);
4098  }
4099  }
4100  return true;
4101 }
4102 
4103 uint16_t PortTable::GetPortIndex(uint16_t port) const {
4104  PortToBitIndexMap::const_iterator it = port_to_bit_index_.find(port);
4105  assert(it != port_to_bit_index_.end());
4106  return it->second;
4107 }
4108 
4109 void PortTable::GetFlowKeyList(uint16_t port,
4110  std::vector<FlowKey> &list) const {
4111  tbb::recursive_mutex::scoped_lock lock(mutex_);
4112  if (port_to_bit_index_.find(port) == port_to_bit_index_.end()) {
4113  return;
4114  }
4115 
4116  for (uint16_t hash = 0; hash < hash_table_size_; hash++) {
4117  const PortBitMapPtr bit_map = hash_table_[hash];
4118  FlowKey existing_key = bit_map->At(GetPortIndex(port));
4119  if (existing_key.family != Address::UNSPEC) {
4120  list.push_back(existing_key);
4121  }
4122  }
4123 }
4124 
4125 PortTableManager::PortTableManager(Agent *agent, uint16_t hash_table_size):
4126  agent_(agent) {
4127  port_table_list_[IPPROTO_TCP] =
4128  PortTablePtr(new PortTable(agent, hash_table_size, IPPROTO_TCP));
4129  port_table_list_[IPPROTO_UDP] =
4130  PortTablePtr(new PortTable(agent, hash_table_size, IPPROTO_UDP));
4131  agent_->set_port_config_handler(&(PortTableManager::PortConfigHandler));
4132 }
4133 
4134 PortTableManager::~PortTableManager() {
4135  for (uint16_t proto = 0; proto < IPPROTO_MAX; proto++) {
4136  port_table_list_[proto].reset();
4137  }
4138 }
4139 uint16_t PortTableManager::Allocate(const FlowKey &key) {
4140  if (key.protocol != IPPROTO_TCP && key.protocol != IPPROTO_UDP) {
4141  return key.src_port;
4142  }
4143 
4144  return port_table_list_[key.protocol]->Allocate(key);
4145 }
4146 
4147 void PortTableManager::Free(const FlowKey &key, uint16_t port, bool evict) {
4148  if (key.protocol != IPPROTO_TCP && key.protocol != IPPROTO_UDP) {
4149  return;
4150  }
4151 
4152  return port_table_list_[key.protocol]->Free(key, port, evict);
4153 }
4154 
4155 void PortTableManager::UpdatePortConfig(uint8_t protocol, const PortConfig *pc) {
4156  if (port_table_list_[protocol].get() == NULL) {
4157  return;
4158  }
4159 
4160  port_table_list_[protocol]->UpdatePortConfig(pc);
4161 }
4162 
4163 void PortTableManager::PortConfigHandler(Agent *agent, uint8_t protocol,
4164  const PortConfig *pc) {
4165  agent->pkt()->get_flow_proto()->port_table_manager()->
4166  UpdatePortConfig(protocol, pc);
4167 }
IndexVector::At
EntryType At(size_t index) const
Definition: index_vector.h:32
flow_uve_stats_request.h
InetUnicastRouteEntry::prefix_length
uint8_t prefix_length() const
!
Definition: inet_unicast_route.h:88
FlowEntry::InitFlowCmn
bool InitFlowCmn(const PktFlowInfo *info, const PktControlInfo *ctrl, const PktControlInfo *rev_ctrl, FlowEntry *rflow)
Definition: flow_entry.cc:611
PktFlowInfo::peer_vrouter
std::string peer_vrouter
Definition: pkt_flow_info.h:198
VmFlowRef::AllocateFd
bool AllocateFd(Agent *agent, uint8_t l3_proto)
Definition: flow_entry.cc:218
flow_entry_info.h
PktFlowInfo::linklocal_bind_local_port
bool linklocal_bind_local_port
Definition: pkt_flow_info.h:184
FlowEntry::data_
FlowData data_
Definition: flow_entry.h:815
FlowEntry::alloc_count_
static tbb::atomic< int > alloc_count_
Definition: flow_entry.h:820
PktInfo::ip_saddr
IpAddress ip_saddr
Definition: pkt_handler.h:394
PortCacheTable::Delete
void Delete(const PortCacheEntry &cache_entry)
Definition: flow_entry.cc:3840
FlowEntry::is_flow_on_unresolved_list
bool is_flow_on_unresolved_list
Definition: flow_entry.h:852
proto_handler.h
RevFlowDepParams::drop_reason_
uint16_t drop_reason_
Definition: flow_entry.h:64
VmFlowRef::Move
void Move(VmFlowRef *rhs)
Definition: flow_entry.cc:152
VrfTranslateActionSpec::ignore_acl
bool ignore_acl() const
Definition: acl_entry_spec.h:55
FlowEntry::reverse_flow_vmi
VmInterfaceKey reverse_flow_vmi() const
Definition: flow_entry.cc:1024
FlowData::source_vn_list
VnListType source_vn_list
Definition: flow_entry.h:298
intrusive_ptr_add_ref
int intrusive_ptr_add_ref(const AsPath *cpath)
Definition: bgp_aspath.h:147
packet_header.h
PacketHeader::dst_sg_id_l
const SecurityGroupList * dst_sg_id_l
Definition: packet_header.h:26
FlowTable::rand_gen
boost::uuids::uuid rand_gen()
Definition: flow_table.cc:514
SessionPolicy::acl_name_
std::string acl_name_
Definition: flow_entry.h:245
FlowEntry::fsc_
FlowStatsCollector * fsc_
Definition: flow_entry.h:844
PktFlowInfo::bgp_router_service_flow
bool bgp_router_service_flow
Definition: pkt_flow_info.h:206
FlowData::origin_vn_dst_list
VnListType origin_vn_dst_list
Definition: flow_entry.h:301
VmFlowRef::SetVm
void SetVm(const VmEntry *vm)
Definition: flow_entry.cc:200
FlowEntry::GetSourceRouteInfo
void GetSourceRouteInfo(const AgentRoute *rt)
Definition: flow_entry.cc:1489
AgentPath::dest_vn_list
const VnListType & dest_vn_list() const
Definition: agent_path.h:258
FlowTable::ConcurrencyCheck
bool ConcurrencyCheck(int task_id, bool check_task_instance)
Definition: flow_table.cc:95
PortCacheEntry::operator<
bool operator<(const PortCacheEntry &rhs) const
Definition: flow_entry.cc:3750
FlowEntry::short_flow_reason_
uint16_t short_flow_reason_
Definition: flow_entry.h:823
FlowEntry::LogFlow
void LogFlow(FlowEventLog::Event event, FlowTableKSyncEntry *ksync, uint32_t flow_handle, uint8_t gen_id)
Definition: flow_entry.cc:3464
FlowKey::src_addr
IpAddress src_addr
Definition: flow_entry.h:213
VmEntry::update_flow_count
void update_flow_count(int val) const
Definition: vm.cc:69
FlowEntry::local_tagset
const TagList & local_tagset() const
Definition: flow_entry.cc:3502
FlowTable::DelLinkLocalFlowInfo
void DelLinkLocalFlowInfo(int fd)
Definition: flow_table.cc:766
FlowEntry::FillUveLocalRevFlowStatsInfo
void FillUveLocalRevFlowStatsInfo(FlowUveFwPolicyInfo *info, bool added) const
Definition: flow_entry.cc:3556
UdpPort::socket_
boost::asio::ip::udp::socket socket_
Definition: flow_entry.h:939
FlowData::dst_policy_plen
uint32_t dst_policy_plen
Definition: flow_entry.h:330
Interface::type
Type type() const
Definition: interface.h:112
FlowTable::flow_entry_map_
FlowEntryMap flow_entry_map_
Definition: flow_table.h:297
SessionPolicy::m_reverse_acl_l
MatchAclParamsList m_reverse_acl_l
Definition: flow_entry.h:236
PktFlowInfo::flood_unknown_unicast
bool flood_unknown_unicast
Definition: pkt_flow_info.h:203
PortTable::HashFlowKey
uint16_t HashFlowKey(const FlowKey &key)
Definition: flow_entry.cc:3879
AgentRoute::prefix_length
virtual uint8_t prefix_length() const
Returns the length of a stored prefix address.
Definition: agent_route.h:323
FlowPolicyInfo::drop
bool drop
Definition: acl.h:26
AgentHdr::ifindex
uint32_t ifindex
Definition: pkt_handler.h:180
Interface::qos_config
const AgentQosConfig * qos_config() const
Definition: interface.h:140
PortTable::port_list_
PortList port_list_
Definition: flow_entry.h:1091
FlowProto::update_linklocal_flow_count
void update_linklocal_flow_count(int val)
Definition: flow_proto.h:112
Agent::GetInstance
static Agent * GetInstance()
Definition: agent.h:436
VmEntry::GetCfgName
const string & GetCfgName() const
Definition: vm.h:43
TaskScheduler
The TaskScheduler keeps track of what tasks are currently schedulable. When a task is enqueued it is ...
Definition: task.h:178
FlowEntry::BuildRemotePrefix
const std::string BuildRemotePrefix(const FlowRouteRefMap &rt_list, uint32_t vr, const IpAddress &ip) const
Definition: flow_entry.cc:3516
SessionPolicy::rule_uuid_
std::string rule_uuid_
Definition: flow_entry.h:244
VrfEntry
Definition: vrf.h:86
AgentPath::tag_list
const TagList & tag_list() const
Definition: agent_path.h:249
FlowData::mirror_vrf
uint32_t mirror_vrf
Definition: flow_entry.h:316
ksync_flow_index_manager.h
FlowData::src_policy_vrf
uint32_t src_policy_vrf
Definition: flow_entry.h:327
CompositeNH::kInvalidComponentNHIdx
static const uint32_t kInvalidComponentNHIdx
Definition: nexthop.h:1777
FlowEntry::InterfaceIdToKey
VmInterfaceKey InterfaceIdToKey(Agent *agent, uint32_t id)
Definition: flow_entry.cc:1627
FlowPendingAction::ResetRecomputeDBEntry
void ResetRecomputeDBEntry()
Definition: flow_entry.cc:2981
Agent::get_vhost_disable_policy
bool get_vhost_disable_policy()
Definition: agent.h:928
Agent::test_mode
bool test_mode() const
Definition: agent.h:1191
RevFlowDepParams::sg_uuid_
std::string sg_uuid_
Definition: flow_entry.h:62
Agent::controller_ifmap_xmpp_port
const uint16_t controller_ifmap_xmpp_port(uint8_t idx) const
Definition: agent.h:757
VrfEntry::GetEvpnRouteTable
AgentRouteTable * GetEvpnRouteTable() const
Definition: vrf.cc:330
FlowKey::IsLess
bool IsLess(const FlowKey &key) const
Definition: flow_entry.h:154
FlowData::allocated_port_
uint16_t allocated_port_
Definition: flow_entry.h:360
VrfTable
Definition: vrf.h:268
FlowTable::flow_task_id
int flow_task_id() const
Definition: flow_table.h:252
FlowEventLog::vrouter_gen_id_
uint8_t vrouter_gen_id_
Definition: flow_entry.h:388
kTaskFlowEvent
#define kTaskFlowEvent
Definition: agent.h:321
FlowEntry::SetAclAction
void SetAclAction(std::vector< AclAction > &acl_action_l) const
Definition: flow_entry.cc:3070
VnEntry::GetAcl
const AclDBEntry * GetAcl() const
Definition: vn.h:167
FlowEntry::fw_policy_name_uuid
const std::string fw_policy_name_uuid() const
Definition: flow_entry.cc:3634
Interface::GetUuid
const boost::uuids::uuid & GetUuid() const
Definition: interface.h:113
FlowData::dest_vn_match
std::string dest_vn_match
Definition: flow_entry.h:295
FlowEntry::SetAclInfo
void SetAclInfo(SessionPolicy *sp, SessionPolicy *rsp, const FlowPolicyInfo &fwd_flow_info, const FlowPolicyInfo &rev_flow_info, bool tcp_rev, bool is_sg)
Definition: flow_entry.cc:2352
PortTable::agent_
Agent * agent_
Definition: flow_entry.h:1066
VrfNH::GetVrf
const VrfEntry * GetVrf() const
Definition: nexthop.h:1444
FlowEntry::flow_table
FlowTable * flow_table() const
Definition: flow_entry.h:597
Interface::id
const uint32_t id() const
Definition: interface.h:123
FlowData::bgp_as_a_service_dport
uint32_t bgp_as_a_service_dport
Definition: flow_entry.h:320
PortTable::PortBitMapPtr
boost::shared_ptr< PortBitMap > PortBitMapPtr
Definition: flow_entry.h:1021
MatchPolicy::m_vrf_assign_acl_l
MatchAclParamsList m_vrf_assign_acl_l
Definition: flow_entry.h:274
FlowEntry::refcount_
tbb::atomic< int > refcount_
Definition: flow_entry.h:841
FlowData::component_nh_idx
uint32_t component_nh_idx
Definition: flow_entry.h:318
PortCacheTable::Add
void Add(const PortCacheEntry &cache_entry)
Definition: flow_entry.cc:3831
FlowKey::dst_addr
IpAddress dst_addr
Definition: flow_entry.h:214
FlowData::source_vn_match
std::string source_vn_match
Definition: flow_entry.h:294
MatchPolicy::Reset
void Reset()
Definition: flow_entry.cc:365
PortTable::DeleteAllFlow
void DeleteAllFlow(uint16_t port, uint16_t index)
Definition: flow_entry.cc:4004
FlowEntry::dmac
const MacAddress & dmac() const
Definition: flow_entry.h:647
flow_table.h
RevFlowDepParams::vm_cfg_name_
std::string vm_cfg_name_
Definition: flow_entry.h:63
FlowData::dst_policy_vrf
uint32_t dst_policy_vrf
Definition: flow_entry.h:329
MatchPolicy::vrf_assign_acl_action
uint32_t vrf_assign_acl_action
Definition: flow_entry.h:275
MatchPolicy::m_acl_l
MatchAclParamsList m_acl_l
Definition: flow_entry.h:258
FlowEntry::GetPolicyInfo
void GetPolicyInfo()
Definition: flow_entry.cc:1721
FlowData::dmac
MacAddress dmac
Definition: flow_entry.h:293
DBEntryBase::IsDeleted
bool IsDeleted() const
Definition: db_entry.h:49
MakeList
static std::vector< std::string > MakeList(const VnListType &ilist)
Definition: flow_entry.cc:330
PktFlowInfo::nat_sport
uint32_t nat_sport
Definition: pkt_flow_info.h:163
FlowTableKSyncEntry::hash_id
uint32_t hash_id() const
Definition: flowtable_ksync.h:60
FlowEntry::reverse_flow_fip
uint32_t reverse_flow_fip() const
Definition: flow_entry.cc:1016
Agent::dns_server
const std::string & dns_server(uint8_t idx) const
Definition: agent.h:857
FlowData::acl_assigned_vrf_index_
uint32_t acl_assigned_vrf_index_
Definition: flow_entry.h:358
IpAddress
boost::asio::ip::address IpAddress
Definition: address.h:13
FlowData::rpf_plen
uint8_t rpf_plen
Definition: flow_entry.h:353
FlowEntry::l3_flow_
bool l3_flow_
Definition: flow_entry.h:816
FlowData::flow_dest_vrf
uint32_t flow_dest_vrf
Definition: flow_entry.h:307
VmEntry
Definition: vm.h:32
PortCacheEntry::delete_time_
uint64_t delete_time_
Definition: flow_entry.h:970
PktFlowInfo::port_allocated
bool port_allocated
Definition: pkt_flow_info.h:218
FlowTable::agent
Agent * agent() const
Definition: flow_table.h:197
FlowEntry::reset_flags
void reset_flags(const FlowEntryFlags &flags)
Definition: flow_entry.h:614
FlowData::underlay_gw_index_
uint8_t underlay_gw_index_
Definition: flow_entry.h:361
SecurityGroupList
std::vector< int > SecurityGroupList
Definition: agent.h:201
PortConfig::port_count
uint16_t port_count
Definition: global_vrouter.h:51
FlowEntry::egress_uuid_
boost::uuids::uuid egress_uuid_
Definition: flow_entry.h:825
FlowEntry::InterfaceKeyToId
uint32_t InterfaceKeyToId(Agent *agent, const VmInterfaceKey &key)
Definition: flow_entry.cc:1638
Agent::stats
AgentStats * stats() const
Definition: agent.cc:881
FlowEntry::flow_retry_attempts_
uint8_t flow_retry_attempts_
Definition: flow_entry.h:851
PktFlowInfo::out_component_nh_idx
uint32_t out_component_nh_idx
Definition: pkt_flow_info.h:188
AgentRoute::is_multicast
bool is_multicast() const
Definition: agent_route.h:274
FlowEntry::ShouldDrop
static bool ShouldDrop(uint32_t action)
Definition: flow_entry.cc:1112
EventManager::io_service
boost::asio::io_context * io_service()
Definition: event_manager.h:42
FlowData::match_p
MatchPolicy match_p
Definition: flow_entry.h:309
FlowData::SourceVnList
std::vector< std::string > SourceVnList() const
Definition: flow_entry.cc:339
PktInfo::dmac
MacAddress dmac
Definition: pkt_handler.h:393
TrafficAction::DROP_FLAGS
static const uint32_t DROP_FLAGS
Definition: traffic_action.h:51
AgentQosConfigTable::kInvalidIndex
static const uint32_t kInvalidIndex
Definition: qos_config.h:144
FlowEntry::FillUveFwdFlowStatsInfo
void FillUveFwdFlowStatsInfo(FlowUveFwPolicyInfo *info, bool added) const
Definition: flow_entry.cc:3576
AgentDBTable::FindActiveEntry
AgentDBEntry * FindActiveEntry(const DBEntry *key)
Definition: agent_db.cc:110
Agent::interface_table
InterfaceTable * interface_table() const
Definition: agent.h:465
PortCacheTable::timeout_
uint64_t timeout_
Definition: flow_entry.h:1006
AgentQosConfig::id
uint32_t id() const
Definition: qos_config.h:73
FlowEntry::SetMirrorVrfFromAction
void SetMirrorVrfFromAction()
Definition: flow_entry.cc:2849
Port::port_
uint16_t port_
Definition: flow_entry.h:917
PortTable::PortToBitIndexPair
std::pair< uint16_t, uint16_t > PortToBitIndexPair
Definition: flow_entry.h:1018
MatchPolicy::aps_policy
SessionPolicy aps_policy
Definition: flow_entry.h:265
VmFlowRef::Init
void Init(FlowEntry *flow)
Definition: flow_entry.cc:136
PktFlowInfo::flow_source_plen_map
FlowRouteRefMap flow_source_plen_map
Definition: pkt_flow_info.h:156
PortCacheTable::PortCacheTable
PortCacheTable(PortTable *table)
Definition: flow_entry.cc:3768
FlowEntry::event_log_index_
uint16_t event_log_index_
Definition: flow_entry.h:848
FlowEntry::trace_
bool trace_
Definition: flow_entry.h:846
Address::kMaxV4PrefixLen
static const uint8_t kMaxV4PrefixLen
Definition: address.h:20
PktFlowInfo::nat_dest_vrf
uint32_t nat_dest_vrf
Definition: pkt_flow_info.h:169
FlowAction::action
uint32_t action
Definition: acl.h:44
FlowTable::table_index
uint16_t table_index() const
Definition: flow_table.h:198
FlowEntry::SetHbsInfofromAction
void SetHbsInfofromAction()
Definition: flow_entry.cc:2112
PortTableManager::PortTablePtr
boost::shared_ptr< PortTable > PortTablePtr
Definition: flow_entry.h:1105
RevFlowDepParams::vmi_uuid_
std::string vmi_uuid_
Definition: flow_entry.h:61
tunnel_nh.h
PacketHeader::dst_tags_
TagList dst_tags_
Definition: packet_header.h:27
FlowEntry::key_
FlowKey key_
Definition: flow_entry.h:813
PortCacheTable::kCacheAging
static const uint64_t kCacheAging
Definition: flow_entry.h:979
UuidToString
static std::string UuidToString(const boost::uuids::uuid &id)
Definition: string_util.h:138
kTaskFlowMgmt
#define kTaskFlowMgmt
Definition: agent.h:325
pkt_handler.h
FlowEntry::GetEvpnRoute
static AgentRoute * GetEvpnRoute(const VrfEntry *entry, const MacAddress &mac, const IpAddress &addr, uint32_t ethernet_tag)
Definition: flow_entry.cc:1005
FlowEntry::GetL2Route
static AgentRoute * GetL2Route(const VrfEntry *entry, const MacAddress &mac)
Definition: flow_entry.cc:982
FlowData::OriginVnDstList
std::vector< std::string > OriginVnDstList() const
Definition: flow_entry.cc:351
UdpPort::~UdpPort
virtual ~UdpPort()
Definition: flow_entry.cc:3735
FlowEntry::FillUveFwStatsInfo
void FillUveFwStatsInfo(FlowUveFwPolicyInfo *info, bool added) const
Definition: flow_entry.cc:3602
SessionPolicy::out_action
uint32_t out_action
Definition: flow_entry.h:234
FlowProto::port_table_manager
PortTableManager * port_table_manager()
Definition: flow_proto.h:126
address_util.h
PacketHeader::src_policy_id
const VnListType * src_policy_id
Definition: packet_header.h:20
SetActionStr
void SetActionStr(const FlowAction &action_info, std::vector< ActionStr > &action_str_l)
Definition: flow_entry.cc:3015
FlowKey::protocol
uint8_t protocol
Definition: flow_entry.h:215
FlowData::bgp_as_a_service_sport
uint32_t bgp_as_a_service_sport
Definition: flow_entry.h:319
PacketHeader::src_sg_id_l
const SecurityGroupList * src_sg_id_l
Definition: packet_header.h:21
PktFlowInfo::linklocal_flow
bool linklocal_flow
Definition: pkt_flow_info.h:182
FlowPendingAction::CanRecomputeDBEntry
bool CanRecomputeDBEntry()
Definition: flow_entry.cc:2986
VrfTranslateActionSpec::vrf_name
const std::string & vrf_name() const
Definition: acl_entry_spec.h:54
TunnelNH::IsEncapValid
const bool & IsEncapValid(const uint32_t &i) const
Definition: tunnel_nh.h:40
FlowEntry::IsFabricControlFlow
bool IsFabricControlFlow() const
Definition: flow_entry.cc:893
FlowEntry::RpfFromSrcIpNh
bool RpfFromSrcIpNh() const
Definition: flow_entry.cc:1310
PortTable::hash_table_size_
uint16_t hash_table_size_
Definition: flow_entry.h:1084
FlowPolicyInfo::terminal
bool terminal
Definition: acl.h:27
FlowEntry::RpfInit
void RpfInit(const AgentRoute *rt, const IpAddress &sip)
Definition: flow_entry.cc:1249
PortTableManager::PortConfigHandler
static void PortConfigHandler(Agent *agent, uint8_t protocol, const PortConfig *pc)
Definition: flow_entry.cc:4163
VmFlowRef::port_
uint16_t port_
Definition: flow_entry.h:121
PortTable::mutex
tbb::recursive_mutex & mutex()
Definition: flow_entry.h:1043
FlowEntry::pending_actions_
FlowPendingAction pending_actions_
Definition: flow_entry.h:849
FlowData::flow_source_plen_map
FlowRouteRefMap flow_source_plen_map
Definition: flow_entry.h:342
PortTable::PortPtr
boost::shared_ptr< Port > PortPtr
Definition: flow_entry.h:1014
NextHop::GetType
Type GetType() const
Definition: nexthop.h:405
FlowEntry::Allocate
static FlowEntry * Allocate(const FlowKey &key, FlowTable *flow_table)
Definition: flow_entry.cc:514
AgentRoute
Base class for all Route entries in agent.
Definition: agent_route.h:224
BGP_SERVICE_TTL_FWD_FLOW
#define BGP_SERVICE_TTL_FWD_FLOW
Definition: pkt_handler.h:47
FlowPolicyInfo::src_match_vn
std::string src_match_vn
Definition: acl.h:29
PacketHeader::src_port
uint16_t src_port
Definition: packet_header.h:29
BridgeAgentRouteTable::FindRouteNoLock
BridgeRouteEntry * FindRouteNoLock(const MacAddress &mac)
Definition: bridge_route.cc:77
AgentHdr::cmd_param_5
uint8_t cmd_param_5
Definition: pkt_handler.h:188
FlowEntry::reverse_flow_entry_
FlowEntryPtr reverse_flow_entry_
Definition: flow_entry.h:819
MatchPolicy::out_mirror_action
uint32_t out_mirror_action
Definition: flow_entry.h:272
VmFlowRef::kInvalidFd
static const int kInvalidFd
Definition: flow_entry.h:99
FlowHandler::UnknownVnList
static const VnListType UnknownVnList()
Definition: flow_handler.h:27
FlowEntry::InitRevFlow
void InitRevFlow(const PktFlowInfo *info, const PktInfo *pkt, const PktControlInfo *ctrl, const PktControlInfo *rev_ctrl, FlowEntry *rflow, Agent *agent)
Definition: flow_entry.cc:779
Interface::flow_key_nh
const NextHop * flow_key_nh() const
Definition: interface.h:137
FlowEntry::sg_rule_uuid
const std::string & sg_rule_uuid() const
Definition: flow_entry.h:633
PortTableManager::Allocate
uint16_t Allocate(const FlowKey &key)
Definition: flow_entry.cc:4139
FlowData::rpf_vrf
uint32_t rpf_vrf
Definition: flow_entry.h:352
TcpPort::socket_
boost::asio::ip::tcp::socket socket_
Definition: flow_entry.h:928
PktFlowInfo::pkt
boost::shared_ptr< PktInfo > pkt
Definition: pkt_flow_info.h:147
VmInterface::service_intf_type
const std::string & service_intf_type() const
Definition: vm_interface.h:1568
Agent::oper_db
OperDB * oper_db() const
Definition: agent.cc:1013
TaskScheduler::GetTaskId
int GetTaskId(const std::string &name)
Definition: task.cc:856
PortTable::UpdatePortConfig
void UpdatePortConfig(const PortConfig *port_config)
Definition: flow_entry.cc:4048
MacAddress::ToString
std::string ToString() const
Definition: mac_address.cc:53
global_vrouter.h
FlowEntry::RpfUpdate
void RpfUpdate()
Definition: flow_entry.cc:1393
FlowEntry::InitFwdFlow
void InitFwdFlow(const PktFlowInfo *info, const PktInfo *pkt, const PktControlInfo *ctrl, const PktControlInfo *rev_ctrl, FlowEntry *rflow, Agent *agent)
Definition: flow_entry.cc:685
SessionPolicy::action
uint32_t action
Definition: flow_entry.h:230
FlowEntry::default_sg_list
static const SecurityGroupList & default_sg_list()
Definition: flow_entry.h:586
AgentStats::decr_flow_count
void decr_flow_count()
Definition: agent_stats.h:92
SetAclListAclAction
static void SetAclListAclAction(const std::list< MatchAclParams > &acl_l, std::vector< AclAction > &acl_action_l, std::string &acl_type)
Definition: flow_entry.cc:3055
RevFlowDepParams::nw_ace_uuid_
std::string nw_ace_uuid_
Definition: flow_entry.h:65
FlowEntry::on_tree_
bool on_tree_
Definition: flow_entry.h:834
MatchPolicy::m_out_mirror_acl_l
MatchAclParamsList m_out_mirror_acl_l
Definition: flow_entry.h:271
FlowAction::mirror_l
std::vector< MirrorActionSpec > mirror_l
Definition: acl.h:47
FlowEntry::key
const FlowKey & key() const
Definition: flow_entry.h:594
FlowEntry::SetVrfAssignEntry
void SetVrfAssignEntry()
Definition: flow_entry.cc:2178
IndexVector::Remove
void Remove(size_t index)
Definition: index_vector.h:78
PacketHeader::vrf
uint32_t vrf
Definition: packet_header.h:17
FlowPolicyInfo::dst_match_vn
std::string dst_match_vn
Definition: acl.h:30
PktInfo::tunnel
TunnelInfo tunnel
Definition: pkt_handler.h:407
PortTable::kInvalidPort
static const uint8_t kInvalidPort
Definition: flow_entry.h:1012
AgentRoute::GetActivePath
const AgentPath * GetActivePath() const
Definition: agent_route.cc:876
FlowEntry::SetOutPacketHeader
void SetOutPacketHeader(PacketHeader *hdr)
Definition: flow_entry.cc:2327
VmFlowRef::operator=
void operator=(const VmFlowRef &rhs)
Definition: flow_entry.cc:140
IndexVector::Insert
size_t Insert(EntryType entry)
Definition: index_vector.h:40
FlowData::flow_dest_plen_map
FlowRouteRefMap flow_dest_plen_map
Definition: flow_entry.h:343
PortCacheTable::MarkDelete
void MarkDelete(const PortCacheEntry &cache_entry)
Definition: flow_entry.cc:3852
SessionPolicy::reverse_rule_present
bool reverse_rule_present
Definition: flow_entry.h:237
PortTable::cache_
PortCacheTable cache_
Definition: flow_entry.h:1079
FlowEntry::ActionRecompute
bool ActionRecompute()
Definition: flow_entry.cc:2746
PortTable::PortBitMap
IndexVector< FlowKey > PortBitMap
Definition: flow_entry.h:1020
FlowData::rpf_nh
NextHopConstRef rpf_nh
Definition: flow_entry.h:348
EvpnAgentRouteTable::FindRouteNoLock
EvpnRouteEntry * FindRouteNoLock(const MacAddress &mac, const IpAddress &ip_addr, uint32_t plen, uint32_t ethernet_tag)
Definition: vnsw/agent/oper/evpn_route.cc:91
pkt_sandesh_flow.h
FlowEntry::transaction_id_
uint32_t transaction_id_
Definition: flow_entry.h:870
flow_entry.h
FlowData::OriginVnSrcList
std::vector< std::string > OriginVnSrcList() const
Definition: flow_entry.cc:347
FlowEntry::default_sg_list_
static SecurityGroupList default_sg_list_
Definition: flow_entry.h:850
FlowData::dest_vn_list
VnListType dest_vn_list
Definition: flow_entry.h:299
BridgeAgentRouteTable::FindRoute
BridgeRouteEntry * FindRoute(const MacAddress &mac)
Definition: bridge_route.cc:72
NextHop::IsValid
bool IsValid() const
Definition: nexthop.h:406
FlowHandler::UnknownVn
static const std::string UnknownVn()
Definition: flow_handler.h:26
OperDB::global_vrouter
GlobalVrouter * global_vrouter() const
Definition: operdb_init.h:54
FlowEntry::SetHbsInterface
void SetHbsInterface(HbsInterface intf)
Definition: flow_entry.h:771
FlowEventLog::flow_handle_
uint32_t flow_handle_
Definition: flow_entry.h:382
VrfTable::FindVrfFromId
VrfEntry * FindVrfFromId(size_t index)
Definition: vrf.cc:884
FlowTable::AddLinkLocalFlowInfo
void AddLinkLocalFlowInfo(int fd, uint32_t index, const FlowKey &key, const uint64_t timestamp)
Definition: flow_table.cc:753
VmInterface::sg_list
const SecurityGroupEntryList & sg_list() const
Definition: vm_interface.h:1402
MatchPolicy::policy_action
uint32_t policy_action
Definition: flow_entry.h:259
FlowData::out_vm_entry
VmFlowRef out_vm_entry
Definition: flow_entry.h:313
PortTable::PortTable
PortTable(Agent *agent, uint32_t bucket_size, uint8_t protocol)
Definition: flow_entry.cc:3887
FlowEntry::is_flags_set
bool is_flags_set(const FlowEntryFlags &flags) const
Definition: flow_entry.h:610
ContrailPorts::CollectorPort
static const uint16_t CollectorPort()
Definition: contrail_ports.cc:143
integerToString
static const std::string integerToString(const NumberType &num)
Definition: string_util.h:19
Agent::GetCollectorlist
std::vector< string > & GetCollectorlist()
Definition: agent.h:708
FlowEntry::hbs_intf_
HbsInterface hbs_intf_
Definition: flow_entry.h:892
FlowKey::IsEqual
bool IsEqual(const FlowKey &key) const
Definition: flow_entry.h:176
VmFlowRef::FreeFd
void FreeFd()
Definition: flow_entry.cc:185
Agent
Definition: agent.h:358
FlowEntry::SetMirrorVrf
void SetMirrorVrf(const uint32_t id)
Definition: flow_entry.h:708
FlowAction::vrf_translate_action_
VrfTranslateActionSpec vrf_translate_action_
Definition: acl.h:48
FlowEntry::ResyncFlow
void ResyncFlow()
Definition: flow_entry.cc:2643
PortTable::port_to_bit_index_
PortToBitIndexMap port_to_bit_index_
Definition: flow_entry.h:1095
PortCacheEntry::key
const FlowKey & key() const
Definition: flow_entry.h:951
FlowEntry::RevFlowDepInfo
void RevFlowDepInfo(RevFlowDepParams *params)
Definition: flow_entry.cc:1077
PacketHeader::src_ip
IpAddress src_ip
Definition: packet_header.h:19
SessionPolicy::reverse_out_rule_present
bool reverse_out_rule_present
Definition: flow_entry.h:241
PktFlowInfo::disable_validation
bool disable_validation
Definition: pkt_flow_info.h:191
FlowEntry::fw_policy_uuid
const std::string fw_policy_uuid() const
Definition: flow_entry.cc:3630
FlowData::vrf
uint32_t vrf
Definition: flow_entry.h:315
FlowEntry::peer_vrouter_
std::string peer_vrouter_
Definition: flow_entry.h:830
TaskScheduler::GetInstance
static TaskScheduler * GetInstance()
Definition: task.cc:547
VrfKey
Definition: vrf.h:22
FlowEntry::UpdateReflexiveAction
void UpdateReflexiveAction()
Definition: flow_entry.cc:2881
FlowEntry::Copy
void Copy(FlowEntry *rhs, bool update)
Definition: flow_entry.cc:531
FlowEntry::uuid
const boost::uuids::uuid & uuid() const
Definition: flow_entry.h:631
VmInterface::fwaas_fw_policy_list
const FirewallPolicyList & fwaas_fw_policy_list() const
Definition: vm_interface.h:1548
MatchPolicy::fwaas_policy
SessionPolicy fwaas_policy
Definition: flow_entry.h:266
PortCacheEntry::CanBeAged
bool CanBeAged(uint64_t current_time, uint64_t timeout) const
Definition: flow_entry.cc:3759
AgentRoute::GetActiveNextHop
const NextHop * GetActiveNextHop() const
Definition: agent_route.cc:881
FlowEntry::uuid_
boost::uuids::uuid uuid_
Definition: flow_entry.h:824
Agent::ksync
KSync * ksync() const
Definition: agent.cc:901
FlowEntry::InitAuditFlow
void InitAuditFlow(uint32_t flow_idx, uint8_t gen_id)
Definition: flow_entry.cc:871
Agent::router_id
Ip4Address router_id() const
Definition: agent.h:666
FlowEntry::IsClientFlow
bool IsClientFlow()
Definition: flow_entry.cc:1421
FlowRouteRefMap
map< int, int > FlowRouteRefMap
Definition: pkt_flow_info.h:16
FlowEntry::flow_handle_
uint32_t flow_handle_
Definition: flow_entry.h:818
SessionPolicy::m_acl_l
MatchAclParamsList m_acl_l
Definition: flow_entry.h:228
SessionPolicy::m_reverse_out_acl_l
MatchAclParamsList m_reverse_out_acl_l
Definition: flow_entry.h:240
PortTable::port_config_
PortConfig port_config_
Definition: flow_entry.h:1098
FlowEntry::fip_vmi
VmInterfaceKey fip_vmi() const
Definition: flow_entry.h:627
FlowEntry::egress_uuid
const boost::uuids::uuid & egress_uuid() const
Definition: flow_entry.h:632
FlowEntry::fip_vmi_
VmInterfaceKey fip_vmi_
Definition: flow_entry.h:837
Agent::event_manager
EventManager * event_manager() const
Definition: agent.h:1103
FlowEventLog::ksync_entry_
FlowTableKSyncEntry * ksync_entry_
Definition: flow_entry.h:384
Agent::fabric_interface_name_list
const std::vector< std::string > & fabric_interface_name_list() const
Definition: agent.h:1133
VnEntry::GetMirrorAcl
const AclDBEntry * GetMirrorAcl() const
Definition: vn.h:168
Trace
Definition: trace.h:220
FlowData::vn_entry
VnEntryConstRef vn_entry
Definition: flow_entry.h:310
SetRpfFieldsInternal
static void SetRpfFieldsInternal(FlowEntry *flow, const AgentRoute *rt)
Definition: flow_entry.cc:1186
route_common.h
VmFlowRef::flow_
FlowEntry * flow_
Definition: flow_entry.h:122
UTCUsecToPTime
static boost::posix_time::ptime UTCUsecToPTime(uint64_t tusec)
Definition: time_util.h:38
MatchPolicy::out_policy_action
uint32_t out_policy_action
Definition: flow_entry.h:262
EventToString
static std::string EventToString(FlowEventLog::Event event, std::string &event_str)
Definition: flow_entry.cc:3405
PortCacheTable::tree_
PortCacheTree tree_
Definition: flow_entry.h:1002
FlowEntryFreeList::Allocate
FlowEntry * Allocate(const FlowKey &key)
Definition: flow_table.cc:1001
Agent::NullString
static const std::string & NullString()
Definition: agent.h:437
FlowData::vrf_assign_evaluated
bool vrf_assign_evaluated
Definition: flow_entry.h:336
FlowEventLog::time_
uint64_t time_
Definition: flow_entry.h:380
FlowData::smac
MacAddress smac
Definition: flow_entry.h:292
PktHandler::IsGwPacket
bool IsGwPacket(const Interface *intf, const IpAddress &dst_ip)
Definition: pkt_handler.cc:1262
PktFlowInfo::ComputeDirection
static bool ComputeDirection(const Interface *intf)
Definition: pkt_flow_info.cc:123
PortTable::IsValidPort
bool IsValidPort(uint16_t port, uint16_t count)
Definition: flow_entry.cc:4031
FlowEntry::DropReasonStr
static std::string DropReasonStr(uint16_t reason)
Definition: flow_entry.cc:1477
VmFlowRef::Reset
void Reset(bool reset_flow)
Definition: flow_entry.cc:167
VrfEntry::GetBridgeRouteTable
AgentRouteTable * GetBridgeRouteTable() const
Definition: vrf.cc:334
PortCacheTable::hash_
uint16_t hash_
Definition: flow_entry.h:1005
TunnelInfo::Reset
void Reset()
Definition: pkt_handler.h:200
FlowEntry::set_flags
void set_flags(const FlowEntryFlags &flags)
Definition: flow_entry.h:613
FlowData::if_index_info
uint32_t if_index_info
Definition: flow_entry.h:337
FlowEntry::flags_
uint32_t flags_
Definition: flow_entry.h:822
PortTable::Free
void Free(const FlowKey &key, uint16_t port, bool release)
Definition: flow_entry.cc:3949
AgentPath::origin_vn
const std::string & origin_vn() const
Definition: agent_path.h:259
PortCacheEntry::port
uint16_t port() const
Definition: flow_entry.h:955
PktModule::pkt_handler
PktHandler * pkt_handler() const
Definition: pkt_init.h:31
FlowEntry::ksync_entry_
FlowTableKSyncEntry * ksync_entry_
Definition: flow_entry.h:839
FlowEntry::GetDestRouteInfo
void GetDestRouteInfo(const AgentRoute *rt)
Definition: flow_entry.cc:1558
FLOW_TRACE
#define FLOW_TRACE(obj,...)
Definition: flow_mgmt.h:377
FlowEntry::tunnel_type_
TunnelType tunnel_type_
Definition: flow_entry.h:832
FlowEntry::RpfComputeIngress
void RpfComputeIngress()
Definition: flow_entry.cc:1335
VmInterface::policy_enabled
bool policy_enabled() const
Definition: vm_interface.h:1267
FlowEntry::MakeShortFlow
void MakeShortFlow(FlowShortReason reason)
Definition: flow_entry.cc:2869
FlowEntry::GetUcRoute
static AgentRoute * GetUcRoute(const VrfEntry *entry, const IpAddress &addr)
Definition: flow_entry.cc:989
FlowEntry::ImplicitDenyFlow
bool ImplicitDenyFlow() const
Definition: flow_entry.h:676
VmInterface::update_flow_count
void update_flow_count(int val) const
Definition: vm_interface.cc:3454
PktFlowInfo::nat_dport
uint32_t nat_dport
Definition: pkt_flow_info.h:164
Ip6AddressToU64Array
void Ip6AddressToU64Array(const Ip6Address &addr, uint64_t *arr, int size)
Definition: address_util.cc:359
FlowData::origin_vn_src
std::string origin_vn_src
Definition: flow_entry.h:296
PktFlowInfo::src_policy_vrf
uint32_t src_policy_vrf
Definition: pkt_flow_info.h:214
FlowEntry::Reset
void Reset(const FlowKey &k)
Definition: flow_entry.cc:505
FlowEntry::trace
bool trace() const
Definition: flow_entry.h:752
FlowTable::GetFlowSandeshActionParams
static void GetFlowSandeshActionParams(const FlowAction &action_info, std::string &action_str)
Definition: flow_table.cc:944
PortCacheEntry::set_stale
void set_stale(bool stale) const
Definition: flow_entry.h:959
flow_proto.h
Agent::controller_ifmap_xmpp_server
const std::string & controller_ifmap_xmpp_server(uint8_t idx) const
Definition: agent.h:730
CompositeNH::HasVmInterface
bool HasVmInterface(const VmInterface *vmi) const
Definition: nexthop.cc:1813
FlowEntry::fip
uint32_t fip() const
Definition: flow_entry.h:626
FlowEntry::set_acl_assigned_vrf_index
void set_acl_assigned_vrf_index()
Definition: flow_entry.cc:1049
VrfEntry::vrf_id
const uint32_t vrf_id() const
Definition: vrf.h:99
VnListType
std::set< std::string > VnListType
Definition: agent.h:212
agent_param.h
PktInfo::vrf
uint32_t vrf
Definition: pkt_handler.h:391
TrafficAction::ActionToString
static std::string ActionToString(enum Action at)
Definition: traffic_action.cc:33
FlowData::drop_reason
uint16_t drop_reason
Definition: flow_entry.h:335
FlowEntry::last_event_
uint32_t last_event_
Definition: flow_entry.h:845
MatchPolicy::action_info
FlowAction action_info
Definition: flow_entry.h:277
Agent::set_port_config_handler
void set_port_config_handler(PortConfigHandler handler)
Definition: agent.h:1344
PortTable::HandlePortConfig
bool HandlePortConfig(const PortConfig &pc)
Definition: flow_entry.cc:4062
PktFlowInfo::alias_ip_flow
bool alias_ip_flow
Definition: pkt_flow_info.h:209
FlowEntry::RpfSetSrcIpNhFields
void RpfSetSrcIpNhFields(const AgentRoute *rt, const NextHop *src_ip_nh)
Definition: flow_entry.cc:1224
VmInterface::vrf_assign_acl
const AclDBEntry * vrf_assign_acl() const
Definition: vm_interface.h:1282
PortTableManager::port_table_list_
PortTablePtr port_table_list_[IPPROTO_MAX]
Definition: flow_entry.h:1120
FlowEntry::RpfSetRpfNhFields
void RpfSetRpfNhFields(const NextHop *rpf_nh)
Definition: flow_entry.cc:1231
AgentRoutePrefix::prefix_address
virtual const PrefixType & prefix_address() const
Returns the value of a stored prefix address (IPv4, IPv6 or MAC address)
Definition: agent_route.h:375
Ip4Address
boost::asio::ip::address_v4 Ip4Address
Definition: address.h:14
Agent::dns_server_port
const uint16_t dns_server_port(uint8_t idx) const
Definition: agent.h:868
FlowEntry::GetPolicy
void GetPolicy(const VnEntry *vn, const FlowEntry *rflow)
Definition: flow_entry.cc:1733
PktModule::get_flow_proto
FlowProto * get_flow_proto() const
Definition: pkt_init.h:43
qos_config.h
FlowData::flow_source_vrf
uint32_t flow_source_vrf
Definition: flow_entry.h:306
Timer::Cancel
bool Cancel()
Definition: timer.cc:150
agent_stats.h
VnEntry
Definition: vn.h:151
MatchAclParams::acl
AclDBEntryConstRef acl
Definition: acl.h:54
FlowEntry::SessionMatch
void SessionMatch(SessionPolicy *sp, SessionPolicy *rsp, bool is_sg)
Definition: flow_entry.cc:2421
MAX_XMPP_SERVERS
#define MAX_XMPP_SERVERS
Definition: agent.h:291
FlowEntry::SetPacketHeader
void SetPacketHeader(PacketHeader *hdr)
Definition: flow_entry.cc:2305
DNS_SERVER_PORT
#define DNS_SERVER_PORT
Definition: bind_util.h:28
FlowEntry::smac
const MacAddress & smac() const
Definition: flow_entry.h:646
FlowPolicyInfo::uuid
std::string uuid
Definition: acl.h:25
Agent::vrf_table
VrfTable * vrf_table() const
Definition: agent.h:485
FlowEntry::intf_entry
const Interface * intf_entry() const
Definition: flow_entry.h:652
FlowData::origin_vn_dst
std::string origin_vn_dst
Definition: flow_entry.h:297
FlowKey::src_port
uint16_t src_port
Definition: flow_entry.h:216
FlowEntry::l3_flow
bool l3_flow() const
Definition: flow_entry.h:598
FlowEntry::flow_mgmt_request_
FlowMgmtRequest * flow_mgmt_request_
Definition: flow_entry.h:857
FlowEntry::remote_tagset
const TagList & remote_tagset() const
Definition: flow_entry.cc:3509
CopySgEntries
static bool CopySgEntries(const VmInterface *vm_port, bool ingress_acl, std::list< MatchAclParams > &list)
Definition: flow_entry.cc:1976
PortTable::Allocate
uint16_t Allocate(const FlowKey &key)
Definition: flow_entry.cc:3901
VrfTranslateActionSpec::set_ignore_acl
void set_ignore_acl(bool ignore_acl)
Definition: acl_entry_spec.h:59
PortTable::GetPortIndex
uint16_t GetPortIndex(uint16_t port) const
Definition: flow_entry.cc:4103
FlowEntry::gen_id_
uint8_t gen_id_
Definition: flow_entry.h:817
FlowData::dest_sg_id_l
SecurityGroupList dest_sg_id_l
Definition: flow_entry.h:303
PortCacheTable::port_table_
PortTable * port_table_
Definition: flow_entry.h:1003
FlowEntry::~FlowEntry
virtual ~FlowEntry()
Definition: flow_entry.cc:459
FlowData::source_plen
uint8_t source_plen
Definition: flow_entry.h:333
FlowData::vm_cfg_name
std::string vm_cfg_name
Definition: flow_entry.h:357
MatchPolicy::m_mirror_acl_l
MatchAclParamsList m_mirror_acl_l
Definition: flow_entry.h:268
SessionPolicy::rule_present
bool rule_present
Definition: flow_entry.h:229
FlowEntry::ResetPolicy
void ResetPolicy()
Definition: flow_entry.cc:1664
FlowEntry::event_logs_
boost::scoped_array< FlowEventLog > event_logs_
Definition: flow_entry.h:847
flow_event.h
PktInfo::GetAgentHdr
const AgentHdr & GetAgentHdr() const
Definition: pkt_handler.cc:1402
PortCacheTable::timer_
Timer * timer_
Definition: flow_entry.h:1004
FlowEntry::GetVrfAssignAcl
void GetVrfAssignAcl()
Definition: flow_entry.cc:1792
PktControlInfo::intf_
const Interface * intf_
Definition: pkt_flow_info.h:27
UdpPort::Bind
virtual uint16_t Bind()
Definition: flow_entry.cc:3739
FlowKey::family
Address::Family family
Definition: flow_entry.h:211
VnEntry::GetVrf
VrfEntry * GetVrf() const
Definition: vn.h:170
FlowEntry::DoPolicy
bool DoPolicy()
Definition: flow_entry.cc:2549
TunnelNH::GetEncapDataList
const EncapDataList GetEncapDataList() const
Definition: tunnel_nh.h:70
PortTable::Relocate
void Relocate(uint16_t port_no)
Definition: flow_entry.cc:3976
PortTable::protocol_
uint8_t protocol_
Definition: flow_entry.h:1076
FlowEntry::IsNatFlow
bool IsNatFlow() const
Definition: flow_entry.h:684
FlowEntry::flow_handle
uint32_t flow_handle() const
Definition: flow_entry.h:600
FlowEntry::Reset
void Reset()
Definition: flow_entry.cc:465
MatchPolicy::m_out_acl_l
MatchAclParamsList m_out_acl_l
Definition: flow_entry.h:261
FlowData::tunnel_info
TunnelInfo tunnel_info
Definition: flow_entry.h:338
GlobalVrouter::kMetadataService
static const std::string kMetadataService
Definition: global_vrouter.h:63
UTCTimestampUsec
static uint64_t UTCTimestampUsec()
Definition: time_util.h:13
SessionPolicy::out_rule_present
bool out_rule_present
Definition: flow_entry.h:233
FlowEntry::vn_entry
const VnEntry * vn_entry() const
Definition: flow_entry.h:653
SessionPolicy::m_out_acl_l
MatchAclParamsList m_out_acl_l
Definition: flow_entry.h:232
FlowEntry::FlowDropReasonStr
static const std::map< uint16_t, const char * > FlowDropReasonStr
Definition: flow_entry.h:524
PortCacheEntry::MarkDelete
void MarkDelete() const
Definition: flow_entry.cc:3754
VmInterface::vmi_type
VmInterface::VmiType vmi_type() const
Definition: vm_interface.h:1279
interface_common.h
FlowEntry::GetUnderlayGwIndex
uint8_t GetUnderlayGwIndex(uint32_t intf_in, const IpAddress &sip, const IpAddress &dip, uint8_t proto, uint16_t sport, uint16_t dport) const
Definition: flow_entry.cc:3648
PortCacheTable::Find
const PortCacheEntry * Find(const FlowKey &key) const
Definition: flow_entry.cc:3862
AgentRoute::IsRPFInvalid
bool IsRPFInvalid() const
Definition: agent_route.cc:1044
FlowEntry::SetQosConfigIndex
bool SetQosConfigIndex()
Definition: flow_entry.cc:2674
FlowProto::DeleteFlowRequest
void DeleteFlowRequest(FlowEntry *flow)
Definition: flow_proto.cc:598
FlowEntry::GetApplicationPolicySet
void GetApplicationPolicySet(const Interface *intf, const FlowEntry *rflow)
Definition: flow_entry.cc:1888
PktFlowInfo::underlay_flow
bool underlay_flow
Definition: pkt_flow_info.h:213
PktFlowInfo::short_flow_reason
uint16_t short_flow_reason
Definition: pkt_flow_info.h:197
FlowKey::dst_port
uint16_t dst_port
Definition: flow_entry.h:217
RevFlowDepParams::rev_uuid_
boost::uuids::uuid rev_uuid_
Definition: flow_entry.h:58
FlowEventLog::hash_id_
uint32_t hash_id_
Definition: flow_entry.h:385
BridgeRouteEntry::prefix_length
uint8_t prefix_length() const
The length of L3 IP prefix (if present) associated with this L2 address.
Definition: bridge_route.h:130
VmInterface::is_vn_qos_config
bool is_vn_qos_config() const
Definition: vm_interface.h:1290
Interface::kInvalidIndex
static const uint32_t kInvalidIndex
Definition: interface.h:70
FlowEntry::deleted_
bool deleted_
Definition: flow_entry.h:821
SessionPolicy::ResetPolicy
void ResetPolicy()
Definition: flow_entry.cc:417
VmInterface::vmi_cfg_uuid
const boost::uuids::uuid & vmi_cfg_uuid() const
Definition: vm_interface.h:1551
FlowPolicyInfo::other
bool other
Definition: acl.h:28
Timer::Start
bool Start(int time, Handler handler, ErrorHandler error_handler=NULL)
Definition: timer.cc:108
FlowEntry::SetAclFlowSandeshData
void SetAclFlowSandeshData(const AclDBEntry *acl, FlowSandeshData &fe_sandesh_data, Agent *agent) const
Definition: flow_entry.cc:3290
FlowExportInfo::packets
uint64_t packets() const
Definition: flow_export_info.h:26
FlowEntry::fip_
uint32_t fip_
Definition: flow_entry.h:836
FlowEntry::kInvalidFlowHandle
static const uint32_t kInvalidFlowHandle
Definition: flow_entry.h:521
FlowPolicyInfo::acl_name
std::string acl_name
Definition: acl.h:31
FlowEntry::reverse_flow_entry
FlowEntry * reverse_flow_entry()
Definition: flow_entry.h:602
TunnelNH::EncapDataList
std::vector< EncapDataPtr > EncapDataList
Definition: tunnel_nh.h:69
FlowEntry::FlowPolicyStateStr
static const std::map< FlowPolicyState, const char * > FlowPolicyStateStr
Definition: flow_entry.h:523
FlowEntry::set_flow_handle
void set_flow_handle(uint32_t flow_handle, uint8_t gen_id)
Definition: flow_entry.cc:1037
PortTable::DeletePort
void DeletePort(uint16_t port_no)
Definition: flow_entry.cc:4017
PortTable::AddPort
void AddPort(uint16_t port_no)
Definition: flow_entry.cc:3986
FlowEntry::RpfComputeEgress
void RpfComputeEgress()
Definition: flow_entry.cc:1357
EvpnAgentRouteTable::ComputeHostIpPlen
static uint32_t ComputeHostIpPlen(const IpAddress &addr)
Definition: vnsw/agent/oper/evpn_route.cc:476
FlowEntry::FillUveVnAceInfo
void FillUveVnAceInfo(FlowUveVnAcePolicyInfo *info) const
Definition: flow_entry.cc:3547
InterfaceTable::FindInterface
const Interface * FindInterface(size_t index) const
Definition: interface.cc:323
PktInfo::smac
MacAddress smac
Definition: pkt_handler.h:392
FlowEntryFreeList::Free
void Free(FlowEntry *flow)
Definition: flow_table.cc:1023
VrfEntry::kInvalidIndex
static const uint32_t kInvalidIndex
Definition: vrf.h:88
MatchAclParamsList
std::list< MatchAclParams > MatchAclParamsList
Definition: flow_entry.h:220
LOG
#define LOG(_Level, _Msg)
Definition: logging.h:33
PortTableManager::Free
void Free(const FlowKey &key, uint16_t port, bool release)
Definition: flow_entry.cc:4147
FlowEntry::GetNonLocalFlowSgList
void GetNonLocalFlowSgList(const VmInterface *vm_port)
Definition: flow_entry.cc:2045
AgentRoute::vrf
VrfEntry * vrf() const
Definition: agent_route.h:275
PktControlInfo::rt_
const AgentRoute * rt_
Definition: pkt_flow_info.h:28
FlowEntry::IsShortFlow
bool IsShortFlow() const
Definition: flow_entry.h:682
FlowProto::ForceEnqueueFreeFlowReference
void ForceEnqueueFreeFlowReference(FlowEntryPtr &flow)
Definition: flow_proto.cc:662
intrusive_ptr_release
void intrusive_ptr_release(const AsPath *cpath)
Definition: bgp_aspath.h:155
TcpPort::Bind
virtual uint16_t Bind()
Definition: flow_entry.cc:3724
FlowExportInfo::bytes
uint64_t bytes() const
Definition: flow_export_info.h:24
FlowEntry::set_flow_mgmt_info
void set_flow_mgmt_info(FlowEntryInfo *info)
Definition: flow_entry.cc:3644
VmInterface::fw_policy_list
const FirewallPolicyList & fw_policy_list() const
Definition: vm_interface.h:1545
ksync_init.h
FlowEntry::RemotePrefix
const std::string RemotePrefix() const
Definition: flow_entry.cc:3535
FlowEntry::GetDestinationVrf
const VrfEntry * GetDestinationVrf() const
Definition: flow_entry.cc:2661
Interface::name
const std::string & name() const
Definition: interface.h:114
FlowPendingAction::SetRecomputeDBEntry
bool SetRecomputeDBEntry()
Definition: flow_entry.cc:2973
SessionPolicy::reverse_action
uint32_t reverse_action
Definition: flow_entry.h:238
FlowExportInfo::teardown_time
uint64_t teardown_time() const
Definition: flow_export_info.h:19
PktFlowInfo::flow_source_vrf
uint32_t flow_source_vrf
Definition: pkt_flow_info.h:151
PktFlowInfo::dst_policy_vrf
uint32_t dst_policy_vrf
Definition: pkt_flow_info.h:215
PktControlInfo::vn_
const VnEntry * vn_
Definition: pkt_flow_info.h:29
SessionPolicy::ResetAction
void ResetAction()
Definition: flow_entry.cc:409
PktControlInfo::vm_
const VmEntry * vm_
Definition: pkt_flow_info.h:30
ClockMonotonicUsec
static uint64_t ClockMonotonicUsec()
Definition: time_util.h:29
PacketHeader::dst_policy_id
const VnListType * dst_policy_id
Definition: packet_header.h:25
FlowEntry::data
FlowData & data()
Definition: flow_entry.h:595
FlowData::dest_plen
uint8_t dest_plen
Definition: flow_entry.h:334
PortTable::CreatePortEntry
PortPtr CreatePortEntry(uint16_t port_no)
Definition: flow_entry.cc:3935
TcpPort::~TcpPort
virtual ~TcpPort()
Definition: flow_entry.cc:3720
VmFlowRef::FreeRef
void FreeRef()
Definition: flow_entry.cc:175
PktInfo::ip_daddr
IpAddress ip_daddr
Definition: pkt_handler.h:395
agent_cmn.h
FlowData::enable_rpf
bool enable_rpf
Definition: flow_entry.h:346
AgentHdr::cmd_param
uint32_t cmd_param
Definition: pkt_handler.h:183
FlowEventLog::gen_id_
uint8_t gen_id_
Definition: flow_entry.h:386
FlowEntry::KeyString
std::string KeyString() const
Definition: flow_entry.cc:3391
PortTableManager::UpdatePortConfig
void UpdatePortConfig(uint8_t protocol, const PortConfig *config)
Definition: flow_entry.cc:4155
SessionPolicy::action_summary
uint32_t action_summary
Definition: flow_entry.h:246
VnEntry::GetName
const string & GetName() const
Definition: vn.h:162
HashCombine
static std::size_t HashCombine(std::size_t hash, uint64_t val)
Definition: flow_entry.cc:593
FlowEntry::nw_ace_uuid
const std::string & nw_ace_uuid() const
Definition: flow_entry.h:636
flow_mgmt.h
PktFlowInfo::dest_vrf
uint32_t dest_vrf
Definition: pkt_flow_info.h:173
RevFlowDepParams::rev_egress_uuid_
boost::uuids::uuid rev_egress_uuid_
Definition: flow_entry.h:59
FlowData::Reset
void Reset()
Definition: flow_entry.cc:278
FlowData::qos_config_idx
uint32_t qos_config_idx
Definition: flow_entry.h:359
PktInfo::agent_hdr
AgentHdr agent_hdr
Definition: pkt_handler.h:388
FlowData::disable_validation
bool disable_validation
Definition: flow_entry.h:355
FlowEntry::UpdateL2RouteInfo
void UpdateL2RouteInfo()
Definition: flow_entry.cc:2076
FlowEventLog::vrouter_flow_handle_
uint32_t vrouter_flow_handle_
Definition: flow_entry.h:387
TrafficAction::IMPLICIT_DENY_FLAGS
static const uint32_t IMPLICIT_DENY_FLAGS
Definition: traffic_action.h:53
RevFlowDepParams::action_info_
FlowAction action_info_
Definition: flow_entry.h:66
FlowEntry::nw_ace_uuid_
std::string nw_ace_uuid_
Definition: flow_entry.h:827
FlowAction
Definition: acl.h:35
FlowEntry::GetLocalFlowSgList
void GetLocalFlowSgList(const VmInterface *vm_port, const VmInterface *reverse_vm_port)
Definition: flow_entry.cc:2008
FlowEntry::UpdateFipStatsInfo
void UpdateFipStatsInfo(uint32_t fip, uint32_t id, Agent *agent)
Definition: flow_entry.cc:1032
FlowEntry::src_ip_nh
const NextHop * src_ip_nh() const
Definition: flow_entry.h:657
KSync::ksync_flow_index_manager
KSyncFlowIndexManager * ksync_flow_index_manager() const
Definition: ksync_init.h:61
PacketHeader::dst_port
uint16_t dst_port
Definition: packet_header.h:30
FlowEntry::IsServerFlow
bool IsServerFlow()
Definition: flow_entry.cc:1448
FlowEntry::GetSgList
void GetSgList(const Interface *intf)
Definition: flow_entry.cc:1834
FlowAction::Clear
void Clear()
Definition: acl.h:40
FlowEntry::gen_id
uint8_t gen_id() const
Definition: flow_entry.h:599
SessionPolicy::ResetRuleMatchInfo
void ResetRuleMatchInfo()
Definition: flow_entry.cc:404
Agent::pkt
PktModule * pkt() const
Definition: agent.cc:965
PortTableManager::PortTableManager
PortTableManager(Agent *agent, uint16_t hash_table_size)
Definition: flow_entry.cc:4125
VmFlowRef::vm_
VmEntryConstRef vm_
Definition: flow_entry.h:119
FlowData::in_vm_entry
VmFlowRef in_vm_entry
Definition: flow_entry.h:312
VrfEntry::GetUcRoute
InetUnicastRouteEntry * GetUcRoute(const IpAddress &addr) const
Definition: vrf.cc:237
FlowKey::nh
uint32_t nh
Definition: flow_entry.h:212
InetInterface::sub_type
SubType sub_type() const
Definition: inet_interface.h:39
PktFlowInfo::flow_dest_plen_map
FlowRouteRefMap flow_dest_plen_map
Definition: pkt_flow_info.h:157
SessionPolicy::reverse_out_action
uint32_t reverse_out_action
Definition: flow_entry.h:242
FlowEntry::rpf_nh
const NextHop * rpf_nh() const
Definition: flow_entry.h:658
FlowData::dest_vrf
uint32_t dest_vrf
Definition: flow_entry.h:317
FlowEntry::flow_table_
FlowTable * flow_table_
Definition: flow_entry.h:814
FlowEntry::MatchAcl
uint32_t MatchAcl(const PacketHeader &hdr, MatchAclParamsList &acl, bool add_implicit_deny, bool add_implicit_allow, FlowPolicyInfo *info)
Definition: flow_entry.cc:2221
FlowEntry::acl_assigned_vrf
const std::string & acl_assigned_vrf() const
Definition: flow_entry.cc:1045
FlowData::source_sg_id_l
SecurityGroupList source_sg_id_l
Definition: flow_entry.h:302
MatchPolicy::sg_policy
SessionPolicy sg_policy
Definition: flow_entry.h:264
FlowEventLog::flow_gen_id_
uint8_t flow_gen_id_
Definition: flow_entry.h:383
PortTable::hash_table_
PortHashTable hash_table_
Definition: flow_entry.h:1088
FlowData::src_policy_plen
uint32_t src_policy_plen
Definition: flow_entry.h:328
FlowData::DestinationVnList
std::vector< std::string > DestinationVnList() const
Definition: flow_entry.cc:343
FlowData::ttl
uint32_t ttl
Definition: flow_entry.h:322
RevFlowDepParams::sip_
IpAddress sip_
Definition: flow_entry.h:60
FlowEntry::FillFlowInfo
void FillFlowInfo(FlowInfo &info) const
Definition: flow_entry.cc:3134
PortTable::mutex_
tbb::recursive_mutex mutex_
Definition: flow_entry.h:1099
ContrailPorts::DnsXmpp
static const uint16_t DnsXmpp()
Definition: contrail_ports.cc:155
VrfTranslateActionSpec::set_vrf_name
void set_vrf_name(const std::string &vrf_name)
Definition: acl_entry_spec.h:56
FlowEntry::flow_mgmt_info_
FlowMgmtEntryInfoPtr flow_mgmt_info_
Definition: flow_entry.h:861
PacketHeader::dst_ip
IpAddress dst_ip
Definition: packet_header.h:24
PktFlowInfo::flow_dest_vrf
uint32_t flow_dest_vrf
Definition: pkt_flow_info.h:152
FlowEntry::match_p
const MatchPolicy & match_p() const
Definition: flow_entry.h:670
FlowEntry::InterfaceIdToVmCfgName
const std::string InterfaceIdToVmCfgName(Agent *agent, uint32_t id)
Definition: flow_entry.cc:1647
FlowData::intf_entry
InterfaceConstRef intf_entry
Definition: flow_entry.h:311
FlowEntry::on_tree
bool on_tree() const
Definition: flow_entry.h:648
PortConfig::port_range
std::vector< PortRange > port_range
Definition: global_vrouter.h:52
FlowEventLog::event_
Event event_
Definition: flow_entry.h:381
SetAclListAceId
static void SetAclListAceId(const AclDBEntry *acl, const MatchAclParamsList &acl_l, std::vector< AceId > &ace_l)
Definition: flow_entry.cc:3270
FlowTable::free_list
FlowEntryFreeList * free_list()
Definition: flow_table.h:239
PacketHeader::protocol
uint8_t protocol
Definition: packet_header.h:28
FlowStatsCollector::FindFlowExportInfo
bool FindFlowExportInfo(const FlowEntry *fe, FlowEntryTree::iterator &it)
Definition: flow_stats_collector.cc:925
AgentPath::sg_list
const SecurityGroupList & sg_list() const
Definition: agent_path.h:248
AclDBEntry
Definition: acl.h:92
FlowEntry::IsIngressFlow
bool IsIngressFlow() const
Definition: flow_entry.h:685
FlowData::origin_vn_src_list
VnListType origin_vn_src_list
Definition: flow_entry.h:300
VmInterface::vm
const VmEntry * vm() const
Definition: vm_interface.h:1261
VnEntry::GetMirrorCfgAcl
const AclDBEntry * GetMirrorCfgAcl() const
Definition: vn.h:169
PacketHeader::family
Address::Family family
Definition: packet_header.h:31
flow_stats_collector.h
HashIp
static std::size_t HashIp(std::size_t hash, const IpAddress &ip)
Definition: flow_entry.cc:598
PortTable::GetFlowKeyList
void GetFlowKeyList(uint16_t port, std::vector< FlowKey > &key) const
Definition: flow_entry.cc:4109
FlowEntry::acl_assigned_vrf_index
uint32_t acl_assigned_vrf_index() const
Definition: flow_entry.cc:1073
FlowEntry::FlowEntry
FlowEntry(FlowTable *flow_table)
Definition: flow_entry.cc:447
PktFlowInfo::tunnel_type
TunnelType tunnel_type
Definition: pkt_flow_info.h:199
BGP_SERVICE_TTL_REV_FLOW
#define BGP_SERVICE_TTL_REV_FLOW
Definition: pkt_handler.h:46
FlowEntry::Init
static void Init()
Definition: flow_entry.cc:510
TimerManager::DeleteTimer
static bool DeleteTimer(Timer *Timer)
Definition: timer.cc:222
FlowData::source_tag_id_l
TagList source_tag_id_l
Definition: flow_entry.h:304
FlowEntryPtr
boost::intrusive_ptr< FlowEntry > FlowEntryPtr
Definition: flow_entry.h:125
PacketHeader::src_tags_
TagList src_tags_
Definition: packet_header.h:22
FlowEntry::SetEventSandeshData
void SetEventSandeshData(SandeshFlowIndexInfo *info)
Definition: flow_entry.cc:3433
FlowData::src_ip_nh
NextHopConstRef src_ip_nh
Definition: flow_entry.h:314
PortCacheEntry::key_
FlowKey key_
Definition: flow_entry.h:967
TagList
std::vector< int > TagList
Definition: agent.h:202
PortTable::task_trigger_
std::unique_ptr< TaskTrigger > task_trigger_
Definition: flow_entry.h:1100
MatchPolicy::mirror_action
uint32_t mirror_action
Definition: flow_entry.h:269
FlowData::dest_tag_id_l
TagList dest_tag_id_l
Definition: flow_entry.h:305