X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=lib%2Fclassifier.c;h=cfcdc02927b6029c93e755effb6582b3037f2336;hb=HEAD;hp=334d0dab55033a16e651d7e7c73f80feb43f54d0;hpb=abadfcb05d7bc723029d40c04dba0fc0993413c4;p=cascardo%2Fovs.git diff --git a/lib/classifier.c b/lib/classifier.c index 334d0dab5..cfcdc0292 100644 --- a/lib/classifier.c +++ b/lib/classifier.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc. + * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,142 +16,140 @@ #include #include "classifier.h" +#include "classifier-private.h" #include #include #include "byte-order.h" #include "dynamic-string.h" -#include "flow.h" -#include "hash.h" -#include "cmap.h" -#include "list.h" #include "odp-util.h" #include "ofp-util.h" #include "packets.h" -#include "tag.h" #include "util.h" -#include "vlog.h" +#include "openvswitch/vlog.h" VLOG_DEFINE_THIS_MODULE(classifier); struct trie_ctx; +/* A collection of "struct cls_conjunction"s currently embedded into a + * cls_match. */ +struct cls_conjunction_set { + /* Link back to the cls_match. + * + * cls_conjunction_set is mostly used during classifier lookup, and, in + * turn, during classifier lookup the most used member of + * cls_conjunction_set is the rule's priority, so we cache it here for fast + * access. */ + struct cls_match *match; + int priority; /* Cached copy of match->priority. */ + + /* Conjunction information. + * + * 'min_n_clauses' allows some optimization during classifier lookup. */ + unsigned int n; /* Number of elements in 'conj'. */ + unsigned int min_n_clauses; /* Smallest 'n' among elements of 'conj'. */ + struct cls_conjunction conj[]; +}; + /* Ports trie depends on both ports sharing the same ovs_be32. */ #define TP_PORTS_OFS32 (offsetof(struct flow, tp_src) / 4) BUILD_ASSERT_DECL(TP_PORTS_OFS32 == offsetof(struct flow, tp_dst) / 4); +BUILD_ASSERT_DECL(TP_PORTS_OFS32 % 2 == 0); +#define TP_PORTS_OFS64 (TP_PORTS_OFS32 / 2) -/* A set of rules that all have the same fields wildcarded. */ -struct cls_subtable { - /* The fields are only used by writers and iterators. */ - struct cmap_node cmap_node; /* Within struct classifier 'subtables_map'. */ - - /* The fields are only used by writers. */ - int n_rules OVS_GUARDED; /* Number of rules, including - * duplicates. */ - unsigned int max_priority OVS_GUARDED; /* Max priority of any rule in - * the subtable. */ - unsigned int max_count OVS_GUARDED; /* Count of max_priority rules. */ - - /* These fields are accessed by readers who care about wildcarding. */ - tag_type tag; /* Tag generated from mask for partitioning (const). */ - uint8_t n_indices; /* How many indices to use (const). */ - uint8_t index_ofs[CLS_MAX_INDICES]; /* u32 segment boundaries (const). */ - unsigned int trie_plen[CLS_MAX_TRIES]; /* Trie prefix length in 'mask' - * (runtime configurable). */ - int ports_mask_len; /* (const) */ - struct cmap indices[CLS_MAX_INDICES]; /* Staged lookup indices. */ - rcu_trie_ptr ports_trie; /* NULL if none. */ - - /* These fields are accessed by all readers. */ - struct cmap rules; /* Contains "struct cls_rule"s. */ - struct minimask mask; /* Wildcards for fields (const). */ - /* 'mask' must be the last field. */ -}; +static size_t +cls_conjunction_set_size(size_t n) +{ + return (sizeof(struct cls_conjunction_set) + + n * sizeof(struct cls_conjunction)); +} -/* Associates a metadata value (that is, a value of the OpenFlow 1.1+ metadata - * field) with tags for the "cls_subtable"s that contain rules that match that - * metadata value. */ -struct cls_partition { - struct cmap_node cmap_node; /* In struct classifier's 'partitions' map. */ - ovs_be64 metadata; /* metadata value for this partition. */ - tag_type tags; /* OR of each flow's cls_subtable tag. */ - struct tag_tracker tracker OVS_GUARDED; /* Tracks the bits in 'tags'. */ -}; +static struct cls_conjunction_set * +cls_conjunction_set_alloc(struct cls_match *match, + const struct cls_conjunction conj[], size_t n) +{ + if (n) { + size_t min_n_clauses = conj[0].n_clauses; + for (size_t i = 1; i < n; i++) { + min_n_clauses = MIN(min_n_clauses, conj[i].n_clauses); + } -/* Internal representation of a rule in a "struct cls_subtable". */ -struct cls_match { - /* Accessed only by writers and iterators. */ - struct list list OVS_GUARDED; /* List of identical, lower-priority rules. */ - - /* Accessed only by writers. */ - struct cls_partition *partition OVS_GUARDED; - - /* Accessed by readers interested in wildcarding. */ - unsigned int priority; /* Larger numbers are higher priorities. */ - struct cmap_node index_nodes[CLS_MAX_INDICES]; /* Within subtable's - * 'indices'. */ - /* Accessed by all readers. */ - struct cmap_node cmap_node; /* Within struct cls_subtable 'rules'. */ - struct cls_rule *cls_rule; - struct miniflow flow; /* Matching rule. Mask is in the subtable. */ - /* 'flow' must be the last field. */ -}; + struct cls_conjunction_set *set = xmalloc(cls_conjunction_set_size(n)); + set->match = match; + set->priority = match->priority; + set->n = n; + set->min_n_clauses = min_n_clauses; + memcpy(set->conj, conj, n * sizeof *conj); + return set; + } else { + return NULL; + } +} static struct cls_match * -cls_match_alloc(struct cls_rule *rule) +cls_match_alloc(const struct cls_rule *rule, cls_version_t version, + const struct cls_conjunction conj[], size_t n) { - int count = count_1bits(rule->match.flow.map); + size_t count = miniflow_n_values(rule->match.flow); struct cls_match *cls_match - = xmalloc(sizeof *cls_match - sizeof cls_match->flow.inline_values - + MINIFLOW_VALUES_SIZE(count)); - - cls_match->cls_rule = rule; - miniflow_clone_inline(&cls_match->flow, &rule->match.flow, count); - cls_match->priority = rule->priority; - rule->cls_match = cls_match; + = xmalloc(sizeof *cls_match + MINIFLOW_VALUES_SIZE(count)); + + ovsrcu_init(&cls_match->next, NULL); + *CONST_CAST(const struct cls_rule **, &cls_match->cls_rule) = rule; + *CONST_CAST(int *, &cls_match->priority) = rule->priority; + *CONST_CAST(cls_version_t *, &cls_match->add_version) = version; + atomic_init(&cls_match->remove_version, version); /* Initially + * invisible. */ + miniflow_clone(CONST_CAST(struct miniflow *, &cls_match->flow), + rule->match.flow, count); + ovsrcu_set_hidden(&cls_match->conj_set, + cls_conjunction_set_alloc(cls_match, conj, n)); return cls_match; } static struct cls_subtable *find_subtable(const struct classifier *cls, - const struct minimask *) - OVS_REQUIRES(cls->mutex); + const struct minimask *); static struct cls_subtable *insert_subtable(struct classifier *cls, - const struct minimask *) - OVS_REQUIRES(cls->mutex); -static void destroy_subtable(struct classifier *cls, struct cls_subtable *) - OVS_REQUIRES(cls->mutex); -static struct cls_match *insert_rule(struct classifier *cls, - struct cls_subtable *, struct cls_rule *) - OVS_REQUIRES(cls->mutex); - -static struct cls_match *find_match_wc(const struct cls_subtable *, - const struct flow *, struct trie_ctx *, - unsigned int n_tries, - struct flow_wildcards *); -static struct cls_match *find_equal(struct cls_subtable *, + const struct minimask *); +static void destroy_subtable(struct classifier *cls, struct cls_subtable *); + +static const struct cls_match *find_match_wc(const struct cls_subtable *, + cls_version_t version, + const struct flow *, + struct trie_ctx *, + unsigned int n_tries, + struct flow_wildcards *); +static struct cls_match *find_equal(const struct cls_subtable *, const struct miniflow *, uint32_t hash); -/* Iterates RULE over HEAD and all of the cls_rules on HEAD->list. - * Classifier's mutex must be held while iterating, as the list is - * protoceted by it. */ -#define FOR_EACH_RULE_IN_LIST(RULE, HEAD) \ - for ((RULE) = (HEAD); (RULE) != NULL; (RULE) = next_rule_in_list(RULE)) -#define FOR_EACH_RULE_IN_LIST_SAFE(RULE, NEXT, HEAD) \ - for ((RULE) = (HEAD); \ - (RULE) != NULL && ((NEXT) = next_rule_in_list(RULE), true); \ - (RULE) = (NEXT)) +/* Return the next visible (lower-priority) rule in the list. Multiple + * identical rules with the same priority may exist transitionally, but when + * versioning is used at most one of them is ever visible for lookups on any + * given 'version'. */ +static inline const struct cls_match * +next_visible_rule_in_list(const struct cls_match *rule, cls_version_t version) +{ + do { + rule = cls_match_next(rule); + } while (rule && !cls_match_visible_in_version(rule, version)); -static struct cls_match *next_rule_in_list__(struct cls_match *); -static struct cls_match *next_rule_in_list(struct cls_match *); + return rule; +} + +/* Type with maximum supported prefix length. */ +union trie_prefix { + struct in6_addr ipv6; /* For sizing. */ + ovs_be32 be32; /* For access. */ +}; static unsigned int minimask_get_prefix_len(const struct minimask *, const struct mf_field *); static void trie_init(struct classifier *cls, int trie_idx, - const struct mf_field *) - OVS_REQUIRES(cls->mutex); + const struct mf_field *); static unsigned int trie_lookup(const struct cls_trie *, const struct flow *, - union mf_value *plens); + union trie_prefix *plens); static unsigned int trie_lookup_value(const rcu_trie_ptr *, const ovs_be32 value[], ovs_be32 plens[], unsigned int value_bits); @@ -167,217 +165,38 @@ static void mask_set_prefix_bits(struct flow_wildcards *, uint8_t be32ofs, static bool mask_prefix_bits_set(const struct flow_wildcards *, uint8_t be32ofs, unsigned int n_bits); -/* flow/miniflow/minimask/minimatch utilities. - * These are only used by the classifier, so place them here to allow - * for better optimization. */ - -static inline uint64_t -miniflow_get_map_in_range(const struct miniflow *miniflow, - uint8_t start, uint8_t end, unsigned int *offset) -{ - uint64_t map = miniflow->map; - *offset = 0; - - if (start > 0) { - uint64_t msk = (UINT64_C(1) << start) - 1; /* 'start' LSBs set */ - *offset = count_1bits(map & msk); - map &= ~msk; - } - if (end < FLOW_U32S) { - uint64_t msk = (UINT64_C(1) << end) - 1; /* 'end' LSBs set */ - map &= msk; - } - return map; -} - -/* Returns a hash value for the bits of 'flow' where there are 1-bits in - * 'mask', given 'basis'. - * - * The hash values returned by this function are the same as those returned by - * miniflow_hash_in_minimask(), only the form of the arguments differ. */ -static inline uint32_t -flow_hash_in_minimask(const struct flow *flow, const struct minimask *mask, - uint32_t basis) -{ - const uint32_t *mask_values = miniflow_get_u32_values(&mask->masks); - const uint32_t *flow_u32 = (const uint32_t *)flow; - const uint32_t *p = mask_values; - uint32_t hash; - uint64_t map; - - hash = basis; - for (map = mask->masks.map; map; map = zero_rightmost_1bit(map)) { - hash = hash_add(hash, flow_u32[raw_ctz(map)] & *p++); - } - - return hash_finish(hash, (p - mask_values) * 4); -} - -/* Returns a hash value for the bits of 'flow' where there are 1-bits in - * 'mask', given 'basis'. - * - * The hash values returned by this function are the same as those returned by - * flow_hash_in_minimask(), only the form of the arguments differ. */ -static inline uint32_t -miniflow_hash_in_minimask(const struct miniflow *flow, - const struct minimask *mask, uint32_t basis) -{ - const uint32_t *mask_values = miniflow_get_u32_values(&mask->masks); - const uint32_t *p = mask_values; - uint32_t hash = basis; - uint32_t flow_u32; - - MINIFLOW_FOR_EACH_IN_MAP(flow_u32, flow, mask->masks.map) { - hash = hash_add(hash, flow_u32 & *p++); - } - - return hash_finish(hash, (p - mask_values) * 4); -} - -/* Returns a hash value for the bits of range [start, end) in 'flow', - * where there are 1-bits in 'mask', given 'hash'. - * - * The hash values returned by this function are the same as those returned by - * minimatch_hash_range(), only the form of the arguments differ. */ -static inline uint32_t -flow_hash_in_minimask_range(const struct flow *flow, - const struct minimask *mask, - uint8_t start, uint8_t end, uint32_t *basis) -{ - const uint32_t *mask_values = miniflow_get_u32_values(&mask->masks); - const uint32_t *flow_u32 = (const uint32_t *)flow; - unsigned int offset; - uint64_t map = miniflow_get_map_in_range(&mask->masks, start, end, - &offset); - const uint32_t *p = mask_values + offset; - uint32_t hash = *basis; - - for (; map; map = zero_rightmost_1bit(map)) { - hash = hash_add(hash, flow_u32[raw_ctz(map)] & *p++); - } - - *basis = hash; /* Allow continuation from the unfinished value. */ - return hash_finish(hash, (p - mask_values) * 4); -} - -/* Fold minimask 'mask''s wildcard mask into 'wc's wildcard mask. */ -static inline void -flow_wildcards_fold_minimask(struct flow_wildcards *wc, - const struct minimask *mask) -{ - flow_union_with_miniflow(&wc->masks, &mask->masks); -} +/* cls_rule. */ -/* Fold minimask 'mask''s wildcard mask into 'wc's wildcard mask - * in range [start, end). */ static inline void -flow_wildcards_fold_minimask_range(struct flow_wildcards *wc, - const struct minimask *mask, - uint8_t start, uint8_t end) -{ - uint32_t *dst_u32 = (uint32_t *)&wc->masks; - unsigned int offset; - uint64_t map = miniflow_get_map_in_range(&mask->masks, start, end, - &offset); - const uint32_t *p = miniflow_get_u32_values(&mask->masks) + offset; - - for (; map; map = zero_rightmost_1bit(map)) { - dst_u32[raw_ctz(map)] |= *p++; - } -} - -/* Returns a hash value for 'flow', given 'basis'. */ -static inline uint32_t -miniflow_hash(const struct miniflow *flow, uint32_t basis) +cls_rule_init__(struct cls_rule *rule, unsigned int priority) { - const uint32_t *values = miniflow_get_u32_values(flow); - const uint32_t *p = values; - uint32_t hash = basis; - uint64_t hash_map = 0; - uint64_t map; - - for (map = flow->map; map; map = zero_rightmost_1bit(map)) { - if (*p) { - hash = hash_add(hash, *p); - hash_map |= rightmost_1bit(map); - } - p++; - } - hash = hash_add(hash, hash_map); - hash = hash_add(hash, hash_map >> 32); - - return hash_finish(hash, p - values); -} - -/* Returns a hash value for 'mask', given 'basis'. */ -static inline uint32_t -minimask_hash(const struct minimask *mask, uint32_t basis) -{ - return miniflow_hash(&mask->masks, basis); -} - -/* Returns a hash value for 'match', given 'basis'. */ -static inline uint32_t -minimatch_hash(const struct minimatch *match, uint32_t basis) -{ - return miniflow_hash(&match->flow, minimask_hash(&match->mask, basis)); -} - -/* Returns a hash value for the bits of range [start, end) in 'minimatch', - * given 'basis'. - * - * The hash values returned by this function are the same as those returned by - * flow_hash_in_minimask_range(), only the form of the arguments differ. */ -static inline uint32_t -minimatch_hash_range(const struct minimatch *match, uint8_t start, uint8_t end, - uint32_t *basis) -{ - unsigned int offset; - const uint32_t *p, *q; - uint32_t hash = *basis; - int n, i; - - n = count_1bits(miniflow_get_map_in_range(&match->mask.masks, start, end, - &offset)); - q = miniflow_get_u32_values(&match->mask.masks) + offset; - p = miniflow_get_u32_values(&match->flow) + offset; - - for (i = 0; i < n; i++) { - hash = hash_add(hash, p[i] & q[i]); - } - *basis = hash; /* Allow continuation from the unfinished value. */ - return hash_finish(hash, (offset + n) * 4); + rculist_init(&rule->node); + *CONST_CAST(int *, &rule->priority) = priority; + rule->cls_match = NULL; } - -/* cls_rule. */ - /* Initializes 'rule' to match packets specified by 'match' at the given * 'priority'. 'match' must satisfy the invariant described in the comment at * the definition of struct match. * * The caller must eventually destroy 'rule' with cls_rule_destroy(). * - * (OpenFlow uses priorities between 0 and UINT16_MAX, inclusive, but - * internally Open vSwitch supports a wider range.) */ + * Clients should not use priority INT_MIN. (OpenFlow uses priorities between + * 0 and UINT16_MAX, inclusive.) */ void -cls_rule_init(struct cls_rule *rule, - const struct match *match, unsigned int priority) +cls_rule_init(struct cls_rule *rule, const struct match *match, int priority) { - minimatch_init(&rule->match, match); - rule->priority = priority; - rule->cls_match = NULL; + cls_rule_init__(rule, priority); + minimatch_init(CONST_CAST(struct minimatch *, &rule->match), match); } /* Same as cls_rule_init() for initialization from a "struct minimatch". */ void cls_rule_init_from_minimatch(struct cls_rule *rule, - const struct minimatch *match, - unsigned int priority) + const struct minimatch *match, int priority) { - minimatch_clone(&rule->match, match); - rule->priority = priority; - rule->cls_match = NULL; + cls_rule_init__(rule, priority); + minimatch_clone(CONST_CAST(struct minimatch *, &rule->match), match); } /* Initializes 'dst' as a copy of 'src'. @@ -386,20 +205,21 @@ cls_rule_init_from_minimatch(struct cls_rule *rule, void cls_rule_clone(struct cls_rule *dst, const struct cls_rule *src) { - minimatch_clone(&dst->match, &src->match); - dst->priority = src->priority; - dst->cls_match = NULL; + cls_rule_init__(dst, src->priority); + minimatch_clone(CONST_CAST(struct minimatch *, &dst->match), &src->match); } /* Initializes 'dst' with the data in 'src', destroying 'src'. + * + * 'src' must be a cls_rule NOT in a classifier. * * The caller must eventually destroy 'dst' with cls_rule_destroy(). */ void cls_rule_move(struct cls_rule *dst, struct cls_rule *src) { - minimatch_move(&dst->match, &src->match); - dst->priority = src->priority; - dst->cls_match = NULL; + cls_rule_init__(dst, src->priority); + minimatch_move(CONST_CAST(struct minimatch *, &dst->match), + CONST_CAST(struct minimatch *, &src->match)); } /* Frees memory referenced by 'rule'. Doesn't free 'rule' itself (it's @@ -408,11 +228,38 @@ cls_rule_move(struct cls_rule *dst, struct cls_rule *src) * ('rule' must not currently be in a classifier.) */ void cls_rule_destroy(struct cls_rule *rule) + OVS_NO_THREAD_SAFETY_ANALYSIS { - ovs_assert(!rule->cls_match); - minimatch_destroy(&rule->match); + ovs_assert(!rule->cls_match); /* Must not be in a classifier. */ + + /* Check that the rule has been properly removed from the classifier. */ + ovs_assert(rule->node.prev == RCULIST_POISON + || rculist_is_empty(&rule->node)); + rculist_poison__(&rule->node); /* Poisons also the next pointer. */ + + minimatch_destroy(CONST_CAST(struct minimatch *, &rule->match)); } +void +cls_rule_set_conjunctions(struct cls_rule *cr, + const struct cls_conjunction *conj, size_t n) +{ + struct cls_match *match = cr->cls_match; + struct cls_conjunction_set *old + = ovsrcu_get_protected(struct cls_conjunction_set *, &match->conj_set); + struct cls_conjunction *old_conj = old ? old->conj : NULL; + unsigned int old_n = old ? old->n : 0; + + if (old_n != n || (n && memcmp(old_conj, conj, n * sizeof *conj))) { + if (old) { + ovsrcu_postpone(free, old); + } + ovsrcu_set(&match->conj_set, + cls_conjunction_set_alloc(match, conj, n)); + } +} + + /* Returns true if 'a' and 'b' match the same packets at the same priority, * false if they differ in some way. */ bool @@ -421,13 +268,6 @@ cls_rule_equal(const struct cls_rule *a, const struct cls_rule *b) return a->priority == b->priority && minimatch_equal(&a->match, &b->match); } -/* Returns a hash value for 'rule', folding in 'basis'. */ -uint32_t -cls_rule_hash(const struct cls_rule *rule, uint32_t basis) -{ - return minimatch_hash(&rule->match, hash_int(rule->priority, basis)); -} - /* Appends a string describing 'rule' to 's'. */ void cls_rule_format(const struct cls_rule *rule, struct ds *s) @@ -439,25 +279,52 @@ cls_rule_format(const struct cls_rule *rule, struct ds *s) bool cls_rule_is_catchall(const struct cls_rule *rule) { - return minimask_is_catchall(&rule->match.mask); + return minimask_is_catchall(rule->match.mask); +} + +/* Makes 'rule' invisible in 'remove_version'. Once that version is used in + * lookups, the caller should remove 'rule' via ovsrcu_postpone(). + * + * 'rule' must be in a classifier. */ +void +cls_rule_make_invisible_in_version(const struct cls_rule *rule, + cls_version_t remove_version) +{ + ovs_assert(remove_version >= rule->cls_match->add_version); + + cls_match_set_remove_version(rule->cls_match, remove_version); +} + +/* This undoes the change made by cls_rule_make_invisible_in_version(). + * + * 'rule' must be in a classifier. */ +void +cls_rule_restore_visibility(const struct cls_rule *rule) +{ + cls_match_set_remove_version(rule->cls_match, CLS_NOT_REMOVED_VERSION); +} + +/* Return true if 'rule' is visible in 'version'. + * + * 'rule' must be in a classifier. */ +bool +cls_rule_visible_in_version(const struct cls_rule *rule, cls_version_t version) +{ + return cls_match_visible_in_version(rule->cls_match, version); } /* Initializes 'cls' as a classifier that initially contains no classification * rules. */ void classifier_init(struct classifier *cls, const uint8_t *flow_segments) - OVS_EXCLUDED(cls->mutex) { - ovs_mutex_init(&cls->mutex); - ovs_mutex_lock(&cls->mutex); cls->n_rules = 0; cmap_init(&cls->subtables_map); pvector_init(&cls->subtables); - cmap_init(&cls->partitions); cls->n_flow_segments = 0; if (flow_segments) { while (cls->n_flow_segments < CLS_MAX_INDICES - && *flow_segments < FLOW_U32S) { + && *flow_segments < FLOW_U64S) { cls->flow_segments[cls->n_flow_segments++] = *flow_segments++; } } @@ -465,7 +332,7 @@ classifier_init(struct classifier *cls, const uint8_t *flow_segments) for (int i = 0; i < CLS_MAX_TRIES; i++) { trie_init(cls, i, NULL); } - ovs_mutex_unlock(&cls->mutex); + cls->publish = true; } /* Destroys 'cls'. Rules within 'cls', if any, are not freed; this is the @@ -473,31 +340,21 @@ classifier_init(struct classifier *cls, const uint8_t *flow_segments) * May only be called after all the readers have been terminated. */ void classifier_destroy(struct classifier *cls) - OVS_EXCLUDED(cls->mutex) { if (cls) { - struct cls_partition *partition; struct cls_subtable *subtable; int i; - ovs_mutex_lock(&cls->mutex); for (i = 0; i < cls->n_tries; i++) { trie_destroy(&cls->tries[i].root); } - CMAP_FOR_EACH_SAFE (subtable, cmap_node, &cls->subtables_map) { + CMAP_FOR_EACH (subtable, cmap_node, &cls->subtables_map) { destroy_subtable(cls, subtable); } cmap_destroy(&cls->subtables_map); - CMAP_FOR_EACH_SAFE (partition, cmap_node, &cls->partitions) { - ovsrcu_postpone(free, partition); - } - cmap_destroy(&cls->partitions); - pvector_destroy(&cls->subtables); - ovs_mutex_unlock(&cls->mutex); - ovs_mutex_destroy(&cls->mutex); } } @@ -506,14 +363,12 @@ bool classifier_set_prefix_fields(struct classifier *cls, const enum mf_field_id *trie_fields, unsigned int n_fields) - OVS_EXCLUDED(cls->mutex) { const struct mf_field * new_fields[CLS_MAX_TRIES]; struct mf_bitmap fields = MF_BITMAP_INITIALIZER; int i, n_tries = 0; bool changed = false; - ovs_mutex_lock(&cls->mutex); for (i = 0; i < n_fields && n_tries < CLS_MAX_TRIES; i++) { const struct mf_field *field = mf_from_id(trie_fields[i]); if (field->flow_be32ofs < 0 || field->n_bits % 32) { @@ -576,17 +431,14 @@ classifier_set_prefix_fields(struct classifier *cls, } cls->n_tries = n_tries; - ovs_mutex_unlock(&cls->mutex); return true; } - ovs_mutex_unlock(&cls->mutex); return false; /* No change. */ } static void trie_init(struct classifier *cls, int trie_idx, const struct mf_field *field) - OVS_REQUIRES(cls->mutex) { struct cls_trie *trie = &cls->tries[trie_idx]; struct cls_subtable *subtable; @@ -607,11 +459,7 @@ trie_init(struct classifier *cls, int trie_idx, const struct mf_field *field) struct cls_match *head; CMAP_FOR_EACH (head, cmap_node, &subtable->rules) { - struct cls_match *match; - - FOR_EACH_RULE_IN_LIST (match, head) { - trie_insert(trie, match->cls_rule, plen); - } + trie_insert(trie, head->cls_rule, plen); } } /* Initialize subtable's prefix length on this field. This will @@ -632,106 +480,97 @@ classifier_is_empty(const struct classifier *cls) /* Returns the number of rules in 'cls'. */ int classifier_count(const struct classifier *cls) - OVS_NO_THREAD_SAFETY_ANALYSIS { /* n_rules is an int, so in the presence of concurrent writers this will * return either the old or a new value. */ return cls->n_rules; } -static uint32_t -hash_metadata(ovs_be64 metadata_) +static inline ovs_be32 minimatch_get_ports(const struct minimatch *match) { - uint64_t metadata = (OVS_FORCE uint64_t) metadata_; - return hash_uint64(metadata); + /* Could optimize to use the same map if needed for fast path. */ + return MINIFLOW_GET_BE32(match->flow, tp_src) + & MINIFLOW_GET_BE32(&match->mask->masks, tp_src); } -static struct cls_partition * -find_partition(const struct classifier *cls, ovs_be64 metadata, uint32_t hash) +static void +subtable_replace_head_rule(struct classifier *cls OVS_UNUSED, + struct cls_subtable *subtable, + struct cls_match *head, struct cls_match *new, + uint32_t hash, uint32_t ihash[CLS_MAX_INDICES]) { - struct cls_partition *partition; + /* Rule's data is already in the tries. */ - CMAP_FOR_EACH_WITH_HASH (partition, cmap_node, hash, &cls->partitions) { - if (partition->metadata == metadata) { - return partition; - } - } - - return NULL; -} - -static struct cls_partition * -create_partition(struct classifier *cls, struct cls_subtable *subtable, - ovs_be64 metadata) - OVS_REQUIRES(cls->mutex) -{ - uint32_t hash = hash_metadata(metadata); - struct cls_partition *partition = find_partition(cls, metadata, hash); - if (!partition) { - partition = xmalloc(sizeof *partition); - partition->metadata = metadata; - partition->tags = 0; - tag_tracker_init(&partition->tracker); - cmap_insert(&cls->partitions, &partition->cmap_node, hash); + for (int i = 0; i < subtable->n_indices; i++) { + cmap_replace(&subtable->indices[i], &head->index_nodes[i], + &new->index_nodes[i], ihash[i]); } - tag_tracker_add(&partition->tracker, &partition->tags, subtable->tag); - return partition; + cmap_replace(&subtable->rules, &head->cmap_node, &new->cmap_node, hash); } -static inline ovs_be32 minimatch_get_ports(const struct minimatch *match) -{ - /* Could optimize to use the same map if needed for fast path. */ - return MINIFLOW_GET_BE32(&match->flow, tp_src) - & MINIFLOW_GET_BE32(&match->mask.masks, tp_src); -} - -/* Inserts 'rule' into 'cls'. Until 'rule' is removed from 'cls', the caller - * must not modify or free it. +/* Inserts 'rule' into 'cls' in 'version'. Until 'rule' is removed from 'cls', + * the caller must not modify or free it. * * If 'cls' already contains an identical rule (including wildcards, values of - * fixed fields, and priority), replaces the old rule by 'rule' and returns the - * rule that was replaced. The caller takes ownership of the returned rule and - * is thus responsible for destroying it with cls_rule_destroy(), freeing the - * memory block in which it resides, etc., as necessary. + * fixed fields, and priority) that is visible in 'version', replaces the old + * rule by 'rule' and returns the rule that was replaced. The caller takes + * ownership of the returned rule and is thus responsible for destroying it + * with cls_rule_destroy(), after RCU grace period has passed (see + * ovsrcu_postpone()). * * Returns NULL if 'cls' does not contain a rule with an identical key, after * inserting the new rule. In this case, no rules are displaced by the new * rule, even rules that cannot have any effect because the new rule matches a - * superset of their flows and has higher priority. */ -struct cls_rule * -classifier_replace(struct classifier *cls, struct cls_rule *rule) - OVS_EXCLUDED(cls->mutex) + * superset of their flows and has higher priority. + */ +const struct cls_rule * +classifier_replace(struct classifier *cls, const struct cls_rule *rule, + cls_version_t version, + const struct cls_conjunction *conjs, size_t n_conjs) { - struct cls_match *old_rule; + struct cls_match *new; struct cls_subtable *subtable; - struct cls_rule *old_cls_rule = NULL; + uint32_t ihash[CLS_MAX_INDICES]; + struct cls_match *head; + unsigned int mask_offset; + size_t n_rules = 0; + uint32_t basis; + uint32_t hash; + unsigned int i; - ovs_mutex_lock(&cls->mutex); - subtable = find_subtable(cls, &rule->match.mask); - if (!subtable) { - subtable = insert_subtable(cls, &rule->match.mask); - } + /* 'new' is initially invisible to lookups. */ + new = cls_match_alloc(rule, version, conjs, n_conjs); - old_rule = insert_rule(cls, subtable, rule); - if (!old_rule) { - old_cls_rule = NULL; + CONST_CAST(struct cls_rule *, rule)->cls_match = new; - rule->cls_match->partition = NULL; - if (minimask_get_metadata_mask(&rule->match.mask) == OVS_BE64_MAX) { - ovs_be64 metadata = miniflow_get_metadata(&rule->match.flow); - rule->cls_match->partition = create_partition(cls, subtable, - metadata); - } + subtable = find_subtable(cls, rule->match.mask); + if (!subtable) { + subtable = insert_subtable(cls, rule->match.mask); + } - cls->n_rules++; + /* Compute hashes in segments. */ + basis = 0; + mask_offset = 0; + for (i = 0; i < subtable->n_indices; i++) { + ihash[i] = minimatch_hash_range(&rule->match, subtable->index_maps[i], + &mask_offset, &basis); + } + hash = minimatch_hash_range(&rule->match, subtable->index_maps[i], + &mask_offset, &basis); - for (int i = 0; i < cls->n_tries; i++) { + head = find_equal(subtable, rule->match.flow, hash); + if (!head) { + /* Add rule to tries. + * + * Concurrent readers might miss seeing the rule until this update, + * which might require being fixed up by revalidation later. */ + for (i = 0; i < cls->n_tries; i++) { if (subtable->trie_plen[i]) { trie_insert(&cls->tries[i], rule, subtable->trie_plen[i]); } } - /* Ports trie. */ + /* Add rule to ports trie. */ if (subtable->ports_mask_len) { /* We mask the value to be inserted to always have the wildcarded * bits in known (zero) state, so we can include them in comparison @@ -742,17 +581,116 @@ classifier_replace(struct classifier *cls, struct cls_rule *rule) trie_insert_prefix(&subtable->ports_trie, &masked_ports, subtable->ports_mask_len); } - } else { - old_cls_rule = old_rule->cls_rule; - rule->cls_match->partition = old_rule->partition; - old_cls_rule->cls_match = NULL; - /* 'old_rule' contains a cmap_node, which may not be freed - * immediately. */ - ovsrcu_postpone(free, old_rule); + /* Add new node to segment indices. + * + * Readers may find the rule in the indices before the rule is visible + * in the subtables 'rules' map. This may result in us losing the + * opportunity to quit lookups earlier, resulting in sub-optimal + * wildcarding. This will be fixed later by revalidation (always + * scheduled after flow table changes). */ + for (i = 0; i < subtable->n_indices; i++) { + cmap_insert(&subtable->indices[i], &new->index_nodes[i], ihash[i]); + } + n_rules = cmap_insert(&subtable->rules, &new->cmap_node, hash); + } else { /* Equal rules exist in the classifier already. */ + struct cls_match *prev, *iter; + + /* Scan the list for the insertion point that will keep the list in + * order of decreasing priority. Insert after rules marked invisible + * in any version of the same priority. */ + FOR_EACH_RULE_IN_LIST_PROTECTED (iter, prev, head) { + if (rule->priority > iter->priority + || (rule->priority == iter->priority + && !cls_match_is_eventually_invisible(iter))) { + break; + } + } + + /* Replace 'iter' with 'new' or insert 'new' between 'prev' and + * 'iter'. */ + if (iter) { + struct cls_rule *old; + + if (rule->priority == iter->priority) { + cls_match_replace(prev, iter, new); + old = CONST_CAST(struct cls_rule *, iter->cls_rule); + } else { + cls_match_insert(prev, iter, new); + old = NULL; + } + + /* Replace the existing head in data structures, if rule is the new + * head. */ + if (iter == head) { + subtable_replace_head_rule(cls, subtable, head, new, hash, + ihash); + } + + if (old) { + struct cls_conjunction_set *conj_set; + + conj_set = ovsrcu_get_protected(struct cls_conjunction_set *, + &iter->conj_set); + if (conj_set) { + ovsrcu_postpone(free, conj_set); + } + + ovsrcu_postpone(cls_match_free_cb, iter); + old->cls_match = NULL; + + /* No change in subtable's max priority or max count. */ + + /* Make 'new' visible to lookups in the appropriate version. */ + cls_match_set_remove_version(new, CLS_NOT_REMOVED_VERSION); + + /* Make rule visible to iterators (immediately). */ + rculist_replace(CONST_CAST(struct rculist *, &rule->node), + &old->node); + + /* Return displaced rule. Caller is responsible for keeping it + * around until all threads quiesce. */ + return old; + } + } else { + /* 'new' is new node after 'prev' */ + cls_match_insert(prev, iter, new); + } + } + + /* Make 'new' visible to lookups in the appropriate version. */ + cls_match_set_remove_version(new, CLS_NOT_REMOVED_VERSION); + + /* Make rule visible to iterators (immediately). */ + rculist_push_back(&subtable->rules_list, + CONST_CAST(struct rculist *, &rule->node)); + + /* Rule was added, not replaced. Update 'subtable's 'max_priority' and + * 'max_count', if necessary. + * + * The rule was already inserted, but concurrent readers may not see the + * rule yet as the subtables vector is not updated yet. This will have to + * be fixed by revalidation later. */ + if (n_rules == 1) { + subtable->max_priority = rule->priority; + subtable->max_count = 1; + pvector_insert(&cls->subtables, subtable, rule->priority); + } else if (rule->priority == subtable->max_priority) { + ++subtable->max_count; + } else if (rule->priority > subtable->max_priority) { + subtable->max_priority = rule->priority; + subtable->max_count = 1; + pvector_change_priority(&cls->subtables, subtable, rule->priority); } - ovs_mutex_unlock(&cls->mutex); - return old_cls_rule; + + /* Nothing was replaced. */ + cls->n_rules++; + + if (cls->publish) { + pvector_publish(&cls->subtables); + } + + return NULL; } /* Inserts 'rule' into 'cls'. Until 'rule' is removed from 'cls', the caller @@ -762,105 +700,142 @@ classifier_replace(struct classifier *cls, struct cls_rule *rule) * fixed fields, and priority). Use classifier_find_rule_exactly() to find * such a rule. */ void -classifier_insert(struct classifier *cls, struct cls_rule *rule) +classifier_insert(struct classifier *cls, const struct cls_rule *rule, + cls_version_t version, const struct cls_conjunction conj[], + size_t n_conj) { - struct cls_rule *displaced_rule = classifier_replace(cls, rule); + const struct cls_rule *displaced_rule + = classifier_replace(cls, rule, version, conj, n_conj); ovs_assert(!displaced_rule); } /* Removes 'rule' from 'cls'. It is the caller's responsibility to destroy * 'rule' with cls_rule_destroy(), freeing the memory block in which 'rule' - * resides, etc., as necessary. */ -void -classifier_remove(struct classifier *cls, struct cls_rule *rule) - OVS_EXCLUDED(cls->mutex) + * resides, etc., as necessary. + * + * Does nothing if 'rule' has been already removed, or was never inserted. + * + * Returns the removed rule, or NULL, if it was already removed. + */ +const struct cls_rule * +classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule) { - struct cls_partition *partition; - struct cls_match *cls_match = rule->cls_match; - struct cls_match *head; + struct cls_match *rule, *prev, *next, *head; + struct cls_conjunction_set *conj_set; struct cls_subtable *subtable; - int i; uint32_t basis = 0, hash, ihash[CLS_MAX_INDICES]; - uint8_t prev_be32ofs = 0; + unsigned int mask_offset; + size_t n_rules; + unsigned int i; + + rule = cls_rule->cls_match; + if (!rule) { + return NULL; + } + /* Mark as removed. */ + CONST_CAST(struct cls_rule *, cls_rule)->cls_match = NULL; - ovs_assert(cls_match); + /* Remove 'cls_rule' from the subtable's rules list. */ + rculist_remove(CONST_CAST(struct rculist *, &cls_rule->node)); - ovs_mutex_lock(&cls->mutex); - subtable = find_subtable(cls, &rule->match.mask); + subtable = find_subtable(cls, cls_rule->match.mask); ovs_assert(subtable); + mask_offset = 0; + for (i = 0; i < subtable->n_indices; i++) { + ihash[i] = minimatch_hash_range(&cls_rule->match, + subtable->index_maps[i], + &mask_offset, &basis); + } + hash = minimatch_hash_range(&cls_rule->match, subtable->index_maps[i], + &mask_offset, &basis); + + head = find_equal(subtable, cls_rule->match.flow, hash); + + /* Check if the rule is not the head rule. */ + if (rule != head) { + struct cls_match *iter; + + /* Not the head rule, but potentially one with the same priority. */ + /* Remove from the list of equal rules. */ + FOR_EACH_RULE_IN_LIST_PROTECTED (iter, prev, head) { + if (rule == iter) { + break; + } + } + ovs_assert(iter == rule); + + cls_match_remove(prev, rule); + + goto check_priority; + } + + /* 'rule' is the head rule. Check if there is another rule to + * replace 'rule' in the data structures. */ + next = cls_match_next_protected(rule); + if (next) { + subtable_replace_head_rule(cls, subtable, rule, next, hash, ihash); + goto check_priority; + } + + /* 'rule' is last of the kind in the classifier, must remove from all the + * data structures. */ + if (subtable->ports_mask_len) { - ovs_be32 masked_ports = minimatch_get_ports(&rule->match); + ovs_be32 masked_ports = minimatch_get_ports(&cls_rule->match); trie_remove_prefix(&subtable->ports_trie, &masked_ports, subtable->ports_mask_len); } for (i = 0; i < cls->n_tries; i++) { if (subtable->trie_plen[i]) { - trie_remove(&cls->tries[i], rule, subtable->trie_plen[i]); + trie_remove(&cls->tries[i], cls_rule, subtable->trie_plen[i]); } } /* Remove rule node from indices. */ for (i = 0; i < subtable->n_indices; i++) { - ihash[i] = minimatch_hash_range(&rule->match, prev_be32ofs, - subtable->index_ofs[i], &basis); - cmap_remove(&subtable->indices[i], &cls_match->index_nodes[i], - ihash[i]); - prev_be32ofs = subtable->index_ofs[i]; - } - hash = minimatch_hash_range(&rule->match, prev_be32ofs, FLOW_U32S, &basis); - - head = find_equal(subtable, &rule->match.flow, hash); - if (head != cls_match) { - list_remove(&cls_match->list); - } else if (list_is_empty(&cls_match->list)) { - cmap_remove(&subtable->rules, &cls_match->cmap_node, hash); - } else { - struct cls_match *next = CONTAINER_OF(cls_match->list.next, - struct cls_match, list); - - list_remove(&cls_match->list); - cmap_replace(&subtable->rules, &cls_match->cmap_node, - &next->cmap_node, hash); - } - - partition = cls_match->partition; - if (partition) { - tag_tracker_subtract(&partition->tracker, &partition->tags, - subtable->tag); - if (!partition->tags) { - cmap_remove(&cls->partitions, &partition->cmap_node, - hash_metadata(partition->metadata)); - ovsrcu_postpone(free, partition); - } + cmap_remove(&subtable->indices[i], &rule->index_nodes[i], ihash[i]); } + n_rules = cmap_remove(&subtable->rules, &rule->cmap_node, hash); - if (--subtable->n_rules == 0) { + if (n_rules == 0) { destroy_subtable(cls, subtable); - } else if (subtable->max_priority == cls_match->priority - && --subtable->max_count == 0) { - /* Find the new 'max_priority' and 'max_count'. */ - struct cls_match *head; - unsigned int max_priority = 0; - - CMAP_FOR_EACH (head, cmap_node, &subtable->rules) { - if (head->priority > max_priority) { - max_priority = head->priority; - subtable->max_count = 1; - } else if (head->priority == max_priority) { - ++subtable->max_count; + } else { +check_priority: + if (subtable->max_priority == rule->priority + && --subtable->max_count == 0) { + /* Find the new 'max_priority' and 'max_count'. */ + int max_priority = INT_MIN; + struct cls_match *head; + + CMAP_FOR_EACH (head, cmap_node, &subtable->rules) { + if (head->priority > max_priority) { + max_priority = head->priority; + subtable->max_count = 1; + } else if (head->priority == max_priority) { + ++subtable->max_count; + } } + subtable->max_priority = max_priority; + pvector_change_priority(&cls->subtables, subtable, max_priority); } - subtable->max_priority = max_priority; - pvector_change_priority(&cls->subtables, subtable, max_priority); } + if (cls->publish) { + pvector_publish(&cls->subtables); + } + + /* free the rule. */ + conj_set = ovsrcu_get_protected(struct cls_conjunction_set *, + &rule->conj_set); + if (conj_set) { + ovsrcu_postpone(free, conj_set); + } + ovsrcu_postpone(cls_match_free_cb, rule); cls->n_rules--; - rule->cls_match = NULL; - ovsrcu_postpone(free, cls_match); - ovs_mutex_unlock(&cls->mutex); + return cls_rule; } /* Prefix tree context. Valid when 'lookup_done' is true. Can skip all @@ -874,8 +849,8 @@ struct trie_ctx { bool lookup_done; /* Status of the lookup. */ uint8_t be32ofs; /* U32 offset of the field in question. */ unsigned int maskbits; /* Prefix length needed to avoid false matches. */ - union mf_value match_plens; /* Bitmask of prefix lengths with possible - * matches. */ + union trie_prefix match_plens; /* Bitmask of prefix lengths with possible + * matches. */ }; static void @@ -886,251 +861,411 @@ trie_ctx_init(struct trie_ctx *ctx, const struct cls_trie *trie) ctx->lookup_done = false; } -/* Finds and returns the highest-priority rule in 'cls' that matches 'flow'. - * Returns a null pointer if no rules in 'cls' match 'flow'. If multiple rules - * of equal priority match 'flow', returns one arbitrarily. - * - * If a rule is found and 'wc' is non-null, bitwise-OR's 'wc' with the - * set of bits that were significant in the lookup. At some point - * earlier, 'wc' should have been initialized (e.g., by - * flow_wildcards_init_catchall()). */ -struct cls_rule * -classifier_lookup(const struct classifier *cls, const struct flow *flow, - struct flow_wildcards *wc) -{ - const struct cls_partition *partition; - tag_type tags; - int64_t best_priority = -1; - const struct cls_match *best; - struct trie_ctx trie_ctx[CLS_MAX_TRIES]; - struct cls_subtable *subtable; +struct conjunctive_match { + struct hmap_node hmap_node; + uint32_t id; + uint64_t clauses; +}; - /* Synchronize for cls->n_tries and subtable->trie_plen. They can change - * when table configuration changes, which happens typically only on - * startup. */ - atomic_thread_fence(memory_order_acquire); +static struct conjunctive_match * +find_conjunctive_match__(struct hmap *matches, uint64_t id, uint32_t hash) +{ + struct conjunctive_match *m; - /* Determine 'tags' such that, if 'subtable->tag' doesn't intersect them, - * then 'flow' cannot possibly match in 'subtable': - * - * - If flow->metadata maps to a given 'partition', then we can use - * 'tags' for 'partition->tags'. - * - * - If flow->metadata has no partition, then no rule in 'cls' has an - * exact-match for flow->metadata. That means that we don't need to - * search any subtable that includes flow->metadata in its mask. - * - * In either case, we always need to search any cls_subtables that do not - * include flow->metadata in its mask. One way to do that would be to - * check the "cls_subtable"s explicitly for that, but that would require an - * extra branch per subtable. Instead, we mark such a cls_subtable's - * 'tags' as TAG_ALL and make sure that 'tags' is never empty. This means - * that 'tags' always intersects such a cls_subtable's 'tags', so we don't - * need a special case. - */ - partition = (cmap_is_empty(&cls->partitions) - ? NULL - : find_partition(cls, flow->metadata, - hash_metadata(flow->metadata))); - tags = partition ? partition->tags : TAG_ARBITRARY; - - /* Initialize trie contexts for match_find_wc(). */ - for (int i = 0; i < cls->n_tries; i++) { - trie_ctx_init(&trie_ctx[i], &cls->tries[i]); + HMAP_FOR_EACH_IN_BUCKET (m, hmap_node, hash, matches) { + if (m->id == id) { + return m; + } + } + return NULL; +} + +static bool +find_conjunctive_match(const struct cls_conjunction_set *set, + unsigned int max_n_clauses, struct hmap *matches, + struct conjunctive_match *cm_stubs, size_t n_cm_stubs, + uint32_t *idp) +{ + const struct cls_conjunction *c; + + if (max_n_clauses < set->min_n_clauses) { + return false; } - best = NULL; - PVECTOR_FOR_EACH_PRIORITY(subtable, best_priority, 2, - sizeof(struct cls_subtable), &cls->subtables) { - struct cls_match *rule; + for (c = set->conj; c < &set->conj[set->n]; c++) { + struct conjunctive_match *cm; + uint32_t hash; - if (!tag_intersects(tags, subtable->tag)) { + if (c->n_clauses > max_n_clauses) { continue; } - rule = find_match_wc(subtable, flow, trie_ctx, cls->n_tries, wc); - if (rule && (int64_t)rule->priority > best_priority) { - best_priority = (int64_t)rule->priority; - best = rule; + hash = hash_int(c->id, 0); + cm = find_conjunctive_match__(matches, c->id, hash); + if (!cm) { + size_t n = hmap_count(matches); + + cm = n < n_cm_stubs ? &cm_stubs[n] : xmalloc(sizeof *cm); + hmap_insert(matches, &cm->hmap_node, hash); + cm->id = c->id; + cm->clauses = UINT64_MAX << (c->n_clauses & 63); + } + cm->clauses |= UINT64_C(1) << c->clause; + if (cm->clauses == UINT64_MAX) { + *idp = cm->id; + return true; } } - - return best ? best->cls_rule : NULL; + return false; } -/* Returns true if 'target' satisifies 'match', that is, if each bit for which - * 'match' specifies a particular value has the correct value in 'target'. - * - * 'flow' and 'mask' have the same mask! */ -static bool -miniflow_and_mask_matches_miniflow(const struct miniflow *flow, - const struct minimask *mask, - const struct miniflow *target) +static void +free_conjunctive_matches(struct hmap *matches, + struct conjunctive_match *cm_stubs, size_t n_cm_stubs) { - const uint32_t *flowp = miniflow_get_u32_values(flow); - const uint32_t *maskp = miniflow_get_u32_values(&mask->masks); - uint32_t target_u32; + if (hmap_count(matches) > n_cm_stubs) { + struct conjunctive_match *cm, *next; - MINIFLOW_FOR_EACH_IN_MAP(target_u32, target, mask->masks.map) { - if ((*flowp++ ^ target_u32) & *maskp++) { - return false; + HMAP_FOR_EACH_SAFE (cm, next, hmap_node, matches) { + if (!(cm >= cm_stubs && cm < &cm_stubs[n_cm_stubs])) { + free(cm); + } } } - - return true; + hmap_destroy(matches); } -static inline struct cls_match * -find_match_miniflow(const struct cls_subtable *subtable, - const struct miniflow *flow, - uint32_t hash) +/* Like classifier_lookup(), except that support for conjunctive matches can be + * configured with 'allow_conjunctive_matches'. That feature is not exposed + * externally because turning off conjunctive matches is only useful to avoid + * recursion within this function itself. + * + * 'flow' is non-const to allow for temporary modifications during the lookup. + * Any changes are restored before returning. */ +static const struct cls_rule * +classifier_lookup__(const struct classifier *cls, cls_version_t version, + struct flow *flow, struct flow_wildcards *wc, + bool allow_conjunctive_matches) { - struct cls_match *rule; + struct trie_ctx trie_ctx[CLS_MAX_TRIES]; + const struct cls_match *match; + /* Highest-priority flow in 'cls' that certainly matches 'flow'. */ + const struct cls_match *hard = NULL; + int hard_pri = INT_MIN; /* hard ? hard->priority : INT_MIN. */ + + /* Highest-priority conjunctive flows in 'cls' matching 'flow'. Since + * these are (components of) conjunctive flows, we can only know whether + * the full conjunctive flow matches after seeing multiple of them. Thus, + * we refer to these as "soft matches". */ + struct cls_conjunction_set *soft_stub[64]; + struct cls_conjunction_set **soft = soft_stub; + size_t n_soft = 0, allocated_soft = ARRAY_SIZE(soft_stub); + int soft_pri = INT_MIN; /* n_soft ? MAX(soft[*]->priority) : INT_MIN. */ - CMAP_FOR_EACH_WITH_HASH (rule, cmap_node, hash, &subtable->rules) { - if (miniflow_and_mask_matches_miniflow(&rule->flow, &subtable->mask, - flow)) { - return rule; - } - } + /* Synchronize for cls->n_tries and subtable->trie_plen. They can change + * when table configuration changes, which happens typically only on + * startup. */ + atomic_thread_fence(memory_order_acquire); - return NULL; -} + /* Initialize trie contexts for find_match_wc(). */ + for (int i = 0; i < cls->n_tries; i++) { + trie_ctx_init(&trie_ctx[i], &cls->tries[i]); + } -/* For each miniflow in 'flows' performs a classifier lookup writing the result - * into the corresponding slot in 'rules'. If a particular entry in 'flows' is - * NULL it is skipped. - * - * This function is optimized for use in the userspace datapath and therefore - * does not implement a lot of features available in the standard - * classifier_lookup() function. Specifically, it does not implement - * priorities, instead returning any rule which matches the flow. */ -void -classifier_lookup_miniflow_batch(const struct classifier *cls, - const struct miniflow **flows, - struct cls_rule **rules, size_t len) -{ + /* Main loop. */ struct cls_subtable *subtable; - size_t i, begin = 0; - - memset(rules, 0, len * sizeof *rules); - PVECTOR_FOR_EACH (subtable, &cls->subtables) { - for (i = begin; i < len; i++) { - struct cls_match *match; - uint32_t hash; + PVECTOR_FOR_EACH_PRIORITY (subtable, hard_pri, 2, sizeof *subtable, + &cls->subtables) { + struct cls_conjunction_set *conj_set; + + /* Skip subtables with no match, or where the match is lower-priority + * than some certain match we've already found. */ + match = find_match_wc(subtable, version, flow, trie_ctx, cls->n_tries, + wc); + if (!match || match->priority <= hard_pri) { + continue; + } - if (OVS_UNLIKELY(rules[i] || !flows[i])) { - continue; + conj_set = ovsrcu_get(struct cls_conjunction_set *, &match->conj_set); + if (!conj_set) { + /* 'match' isn't part of a conjunctive match. It's the best + * certain match we've got so far, since we know that it's + * higher-priority than hard_pri. + * + * (There might be a higher-priority conjunctive match. We can't + * tell yet.) */ + hard = match; + hard_pri = hard->priority; + } else if (allow_conjunctive_matches) { + /* 'match' is part of a conjunctive match. Add it to the list. */ + if (OVS_UNLIKELY(n_soft >= allocated_soft)) { + struct cls_conjunction_set **old_soft = soft; + + allocated_soft *= 2; + soft = xmalloc(allocated_soft * sizeof *soft); + memcpy(soft, old_soft, n_soft * sizeof *soft); + if (old_soft != soft_stub) { + free(old_soft); + } } + soft[n_soft++] = conj_set; - hash = miniflow_hash_in_minimask(flows[i], &subtable->mask, 0); - match = find_match_miniflow(subtable, flows[i], hash); - if (OVS_UNLIKELY(match)) { - rules[i] = match->cls_rule; + /* Keep track of the highest-priority soft match. */ + if (soft_pri < match->priority) { + soft_pri = match->priority; } } + } + + /* In the common case, at this point we have no soft matches and we can + * return immediately. (We do the same thing if we have potential soft + * matches but none of them are higher-priority than our hard match.) */ + if (hard_pri >= soft_pri) { + if (soft != soft_stub) { + free(soft); + } + return hard ? hard->cls_rule : NULL; + } + + /* At this point, we have some soft matches. We might also have a hard + * match; if so, its priority is lower than the highest-priority soft + * match. */ - while (begin < len && (rules[begin] || !flows[begin])) { - begin++; + /* Soft match loop. + * + * Check whether soft matches are real matches. */ + for (;;) { + /* Delete soft matches that are null. This only happens in second and + * subsequent iterations of the soft match loop, when we drop back from + * a high-priority soft match to a lower-priority one. + * + * Also, delete soft matches whose priority is less than or equal to + * the hard match's priority. In the first iteration of the soft + * match, these can be in 'soft' because the earlier main loop found + * the soft match before the hard match. In second and later iteration + * of the soft match loop, these can be in 'soft' because we dropped + * back from a high-priority soft match to a lower-priority soft match. + * + * It is tempting to delete soft matches that cannot be satisfied + * because there are fewer soft matches than required to satisfy any of + * their conjunctions, but we cannot do that because there might be + * lower priority soft or hard matches with otherwise identical + * matches. (We could special case those here, but there's no + * need--we'll do so at the bottom of the soft match loop anyway and + * this duplicates less code.) + * + * It's also tempting to break out of the soft match loop if 'n_soft == + * 1' but that would also miss lower-priority hard matches. We could + * special case that also but again there's no need. */ + for (int i = 0; i < n_soft; ) { + if (!soft[i] || soft[i]->priority <= hard_pri) { + soft[i] = soft[--n_soft]; + } else { + i++; + } } - if (begin >= len) { + if (!n_soft) { break; } + + /* Find the highest priority among the soft matches. (We know this + * must be higher than the hard match's priority; otherwise we would + * have deleted all of the soft matches in the previous loop.) Count + * the number of soft matches that have that priority. */ + soft_pri = INT_MIN; + int n_soft_pri = 0; + for (int i = 0; i < n_soft; i++) { + if (soft[i]->priority > soft_pri) { + soft_pri = soft[i]->priority; + n_soft_pri = 1; + } else if (soft[i]->priority == soft_pri) { + n_soft_pri++; + } + } + ovs_assert(soft_pri > hard_pri); + + /* Look for a real match among the highest-priority soft matches. + * + * It's unusual to have many conjunctive matches, so we use stubs to + * avoid calling malloc() in the common case. An hmap has a built-in + * stub for up to 2 hmap_nodes; possibly, we would benefit a variant + * with a bigger stub. */ + struct conjunctive_match cm_stubs[16]; + struct hmap matches; + + hmap_init(&matches); + for (int i = 0; i < n_soft; i++) { + uint32_t id; + + if (soft[i]->priority == soft_pri + && find_conjunctive_match(soft[i], n_soft_pri, &matches, + cm_stubs, ARRAY_SIZE(cm_stubs), + &id)) { + uint32_t saved_conj_id = flow->conj_id; + const struct cls_rule *rule; + + flow->conj_id = id; + rule = classifier_lookup__(cls, version, flow, wc, false); + flow->conj_id = saved_conj_id; + + if (rule) { + free_conjunctive_matches(&matches, + cm_stubs, ARRAY_SIZE(cm_stubs)); + if (soft != soft_stub) { + free(soft); + } + return rule; + } + } + } + free_conjunctive_matches(&matches, cm_stubs, ARRAY_SIZE(cm_stubs)); + + /* There's no real match among the highest-priority soft matches. + * However, if any of those soft matches has a lower-priority but + * otherwise identical flow match, then we need to consider those for + * soft or hard matches. + * + * The next iteration of the soft match loop will delete any null + * pointers we put into 'soft' (and some others too). */ + for (int i = 0; i < n_soft; i++) { + if (soft[i]->priority != soft_pri) { + continue; + } + + /* Find next-lower-priority flow with identical flow match. */ + match = next_visible_rule_in_list(soft[i]->match, version); + if (match) { + soft[i] = ovsrcu_get(struct cls_conjunction_set *, + &match->conj_set); + if (!soft[i]) { + /* The flow is a hard match; don't treat as a soft + * match. */ + if (match->priority > hard_pri) { + hard = match; + hard_pri = hard->priority; + } + } + } else { + /* No such lower-priority flow (probably the common case). */ + soft[i] = NULL; + } + } } + + if (soft != soft_stub) { + free(soft); + } + return hard ? hard->cls_rule : NULL; +} + +/* Finds and returns the highest-priority rule in 'cls' that matches 'flow' and + * that is visible in 'version'. Returns a null pointer if no rules in 'cls' + * match 'flow'. If multiple rules of equal priority match 'flow', returns one + * arbitrarily. + * + * If a rule is found and 'wc' is non-null, bitwise-OR's 'wc' with the + * set of bits that were significant in the lookup. At some point + * earlier, 'wc' should have been initialized (e.g., by + * flow_wildcards_init_catchall()). + * + * 'flow' is non-const to allow for temporary modifications during the lookup. + * Any changes are restored before returning. */ +const struct cls_rule * +classifier_lookup(const struct classifier *cls, cls_version_t version, + struct flow *flow, struct flow_wildcards *wc) +{ + return classifier_lookup__(cls, version, flow, wc, true); } /* Finds and returns a rule in 'cls' with exactly the same priority and - * matching criteria as 'target'. Returns a null pointer if 'cls' doesn't + * matching criteria as 'target', and that is visible in 'version'. + * Only one such rule may ever exist. Returns a null pointer if 'cls' doesn't * contain an exact match. */ -struct cls_rule * +const struct cls_rule * classifier_find_rule_exactly(const struct classifier *cls, - const struct cls_rule *target) - OVS_EXCLUDED(cls->mutex) + const struct cls_rule *target, + cls_version_t version) { - struct cls_match *head, *rule; - struct cls_subtable *subtable; + const struct cls_match *head, *rule; + const struct cls_subtable *subtable; - ovs_mutex_lock(&cls->mutex); - subtable = find_subtable(cls, &target->match.mask); + subtable = find_subtable(cls, target->match.mask); if (!subtable) { - goto out; + return NULL; } - /* Skip if there is no hope. */ - if (target->priority > subtable->max_priority) { - goto out; + head = find_equal(subtable, target->match.flow, + miniflow_hash_in_minimask(target->match.flow, + target->match.mask, 0)); + if (!head) { + return NULL; } - - head = find_equal(subtable, &target->match.flow, - miniflow_hash_in_minimask(&target->match.flow, - &target->match.mask, 0)); - FOR_EACH_RULE_IN_LIST (rule, head) { - if (target->priority >= rule->priority) { - ovs_mutex_unlock(&cls->mutex); - return target->priority == rule->priority ? rule->cls_rule : NULL; + CLS_MATCH_FOR_EACH (rule, head) { + if (rule->priority < target->priority) { + break; /* Not found. */ + } + if (rule->priority == target->priority + && cls_match_visible_in_version(rule, version)) { + return rule->cls_rule; } } -out: - ovs_mutex_unlock(&cls->mutex); return NULL; } /* Finds and returns a rule in 'cls' with priority 'priority' and exactly the - * same matching criteria as 'target'. Returns a null pointer if 'cls' doesn't - * contain an exact match. */ -struct cls_rule * + * same matching criteria as 'target', and that is visible in 'version'. + * Returns a null pointer if 'cls' doesn't contain an exact match visible in + * 'version'. */ +const struct cls_rule * classifier_find_match_exactly(const struct classifier *cls, - const struct match *target, - unsigned int priority) + const struct match *target, int priority, + cls_version_t version) { - struct cls_rule *retval; + const struct cls_rule *retval; struct cls_rule cr; cls_rule_init(&cr, target, priority); - retval = classifier_find_rule_exactly(cls, &cr); + retval = classifier_find_rule_exactly(cls, &cr, version); cls_rule_destroy(&cr); return retval; } -/* Checks if 'target' would overlap any other rule in 'cls'. Two rules are - * considered to overlap if both rules have the same priority and a packet - * could match both. */ +/* Checks if 'target' would overlap any other rule in 'cls' in 'version'. Two + * rules are considered to overlap if both rules have the same priority and a + * packet could match both, and if both rules are visible in the same version. + * + * A trivial example of overlapping rules is two rules matching disjoint sets + * of fields. E.g., if one rule matches only on port number, while another only + * on dl_type, any packet from that specific port and with that specific + * dl_type could match both, if the rules also have the same priority. */ bool classifier_rule_overlaps(const struct classifier *cls, - const struct cls_rule *target) - OVS_EXCLUDED(cls->mutex) + const struct cls_rule *target, cls_version_t version) { struct cls_subtable *subtable; - int64_t stop_at_priority = (int64_t)target->priority - 1; - ovs_mutex_lock(&cls->mutex); /* Iterate subtables in the descending max priority order. */ - PVECTOR_FOR_EACH_PRIORITY (subtable, stop_at_priority, 2, + PVECTOR_FOR_EACH_PRIORITY (subtable, target->priority - 1, 2, sizeof(struct cls_subtable), &cls->subtables) { - uint32_t storage[FLOW_U32S]; - struct minimask mask; - struct cls_match *head; - - minimask_combine(&mask, &target->match.mask, &subtable->mask, storage); - CMAP_FOR_EACH (head, cmap_node, &subtable->rules) { - struct cls_match *rule; - - FOR_EACH_RULE_IN_LIST (rule, head) { - if (rule->priority < target->priority) { - break; /* Rules in descending priority order. */ - } - if (rule->priority == target->priority - && miniflow_equal_in_minimask(&target->match.flow, - &rule->flow, &mask)) { - ovs_mutex_unlock(&cls->mutex); - return true; - } + struct { + struct minimask mask; + uint64_t storage[FLOW_U64S]; + } m; + const struct cls_rule *rule; + + minimask_combine(&m.mask, target->match.mask, &subtable->mask, + m.storage); + + RCULIST_FOR_EACH (rule, node, &subtable->rules_list) { + if (rule->priority == target->priority + && miniflow_equal_in_minimask(target->match.flow, + rule->match.flow, &m.mask) + && cls_match_visible_in_version(rule->cls_match, version)) { + return true; } } } - - ovs_mutex_unlock(&cls->mutex); return false; } @@ -1171,33 +1306,34 @@ bool cls_rule_is_loose_match(const struct cls_rule *rule, const struct minimatch *criteria) { - return (!minimask_has_extra(&rule->match.mask, &criteria->mask) - && miniflow_equal_in_minimask(&rule->match.flow, &criteria->flow, - &criteria->mask)); + return (!minimask_has_extra(rule->match.mask, criteria->mask) + && miniflow_equal_in_minimask(rule->match.flow, criteria->flow, + criteria->mask)); } /* Iteration. */ static bool -rule_matches(const struct cls_match *rule, const struct cls_rule *target) +rule_matches(const struct cls_rule *rule, const struct cls_rule *target, + cls_version_t version) { - return (!target - || miniflow_equal_in_minimask(&rule->flow, - &target->match.flow, - &target->match.mask)); + /* Rule may only match a target if it is visible in target's version. */ + return cls_match_visible_in_version(rule->cls_match, version) + && (!target || miniflow_equal_in_minimask(rule->match.flow, + target->match.flow, + target->match.mask)); } -static struct cls_match * +static const struct cls_rule * search_subtable(const struct cls_subtable *subtable, struct cls_cursor *cursor) { if (!cursor->target - || !minimask_has_extra(&subtable->mask, &cursor->target->match.mask)) { - struct cls_match *rule; + || !minimask_has_extra(&subtable->mask, cursor->target->match.mask)) { + const struct cls_rule *rule; - CMAP_CURSOR_FOR_EACH (rule, cmap_node, &cursor->rules, - &subtable->rules) { - if (rule_matches(rule, cursor->target)) { + RCULIST_FOR_EACH (rule, node, &subtable->rules_list) { + if (rule_matches(rule, cursor->target, cursor->version)) { return rule; } } @@ -1206,76 +1342,62 @@ search_subtable(const struct cls_subtable *subtable, } /* Initializes 'cursor' for iterating through rules in 'cls', and returns the - * first matching cls_rule via '*pnode', or NULL if there are no matches. + * cursor. * - * - If 'target' is null, the cursor will visit every rule in 'cls'. + * - If 'target' is null, or if the 'target' is a catchall target, the + * cursor will visit every rule in 'cls' that is visible in 'version'. * * - If 'target' is nonnull, the cursor will visit each 'rule' in 'cls' - * such that cls_rule_is_loose_match(rule, target) returns true. + * such that cls_rule_is_loose_match(rule, target) returns true and that + * the rule is visible in 'version'. * * Ignores target->priority. */ -struct cls_cursor cls_cursor_start(const struct classifier *cls, - const struct cls_rule *target, - bool safe) - OVS_NO_THREAD_SAFETY_ANALYSIS +struct cls_cursor +cls_cursor_start(const struct classifier *cls, const struct cls_rule *target, + cls_version_t version) { struct cls_cursor cursor; struct cls_subtable *subtable; - cursor.safe = safe; cursor.cls = cls; cursor.target = target && !cls_rule_is_catchall(target) ? target : NULL; + cursor.version = version; cursor.rule = NULL; /* Find first rule. */ - ovs_mutex_lock(&cursor.cls->mutex); - CMAP_CURSOR_FOR_EACH (subtable, cmap_node, &cursor.subtables, - &cursor.cls->subtables_map) { - struct cls_match *rule = search_subtable(subtable, &cursor); + PVECTOR_CURSOR_FOR_EACH (subtable, &cursor.subtables, + &cursor.cls->subtables) { + const struct cls_rule *rule = search_subtable(subtable, &cursor); if (rule) { cursor.subtable = subtable; - cursor.rule = rule->cls_rule; + cursor.rule = rule; break; } } - /* Leave locked if requested and have a rule. */ - if (safe || !cursor.rule) { - ovs_mutex_unlock(&cursor.cls->mutex); - } return cursor; } -static struct cls_rule * +static const struct cls_rule * cls_cursor_next(struct cls_cursor *cursor) - OVS_NO_THREAD_SAFETY_ANALYSIS { - struct cls_match *rule = cursor->rule->cls_match; + const struct cls_rule *rule; const struct cls_subtable *subtable; - struct cls_match *next; - - next = next_rule_in_list__(rule); - if (next->priority < rule->priority) { - return next->cls_rule; - } - /* 'next' is the head of the list, that is, the rule that is included in - * the subtable's map. (This is important when the classifier contains - * rules that differ only in priority.) */ - rule = next; - CMAP_CURSOR_FOR_EACH_CONTINUE (rule, cmap_node, &cursor->rules) { - if (rule_matches(rule, cursor->target)) { - return rule->cls_rule; + rule = cursor->rule; + subtable = cursor->subtable; + RCULIST_FOR_EACH_CONTINUE (rule, node, &subtable->rules_list) { + if (rule_matches(rule, cursor->target, cursor->version)) { + return rule; } } - subtable = cursor->subtable; - CMAP_CURSOR_FOR_EACH_CONTINUE (subtable, cmap_node, &cursor->subtables) { + PVECTOR_CURSOR_FOR_EACH_CONTINUE (subtable, &cursor->subtables) { rule = search_subtable(subtable, cursor); if (rule) { cursor->subtable = subtable; - return rule->cls_rule; + return rule; } } @@ -1286,20 +1408,12 @@ cls_cursor_next(struct cls_cursor *cursor) * or to null if all matching rules have been visited. */ void cls_cursor_advance(struct cls_cursor *cursor) - OVS_NO_THREAD_SAFETY_ANALYSIS { - if (cursor->safe) { - ovs_mutex_lock(&cursor->cls->mutex); - } cursor->rule = cls_cursor_next(cursor); - if (cursor->safe || !cursor->rule) { - ovs_mutex_unlock(&cursor->cls->mutex); - } } static struct cls_subtable * find_subtable(const struct classifier *cls, const struct minimask *mask) - OVS_REQUIRES(cls->mutex) { struct cls_subtable *subtable; @@ -1312,54 +1426,80 @@ find_subtable(const struct classifier *cls, const struct minimask *mask) return NULL; } +/* Initializes 'map' with a subset of 'miniflow''s maps that includes only the + * portions with u64-offset 'i' such that 'start' <= i < 'end'. Does not copy + * any data from 'miniflow' to 'map'. */ +static struct flowmap +miniflow_get_map_in_range(const struct miniflow *miniflow, uint8_t start, + uint8_t end) +{ + struct flowmap map; + size_t ofs = 0; + + map = miniflow->map; + + /* Clear the bits before 'start'. */ + while (start >= MAP_T_BITS) { + start -= MAP_T_BITS; + ofs += MAP_T_BITS; + map.bits[start / MAP_T_BITS] = 0; + } + if (start > 0) { + flowmap_clear(&map, ofs, start); + } + + /* Clear the bits starting at 'end'. */ + if (end < FLOW_U64S) { + /* flowmap_clear() can handle at most MAP_T_BITS at a time. */ + ovs_assert(FLOW_U64S - end <= MAP_T_BITS); + flowmap_clear(&map, end, FLOW_U64S - end); + } + return map; +} + /* The new subtable will be visible to the readers only after this. */ static struct cls_subtable * insert_subtable(struct classifier *cls, const struct minimask *mask) - OVS_REQUIRES(cls->mutex) { uint32_t hash = minimask_hash(mask, 0); struct cls_subtable *subtable; int i, index = 0; - struct flow_wildcards old, new; + struct flowmap stage_map; uint8_t prev; - int count = count_1bits(mask->masks.map); + size_t count = miniflow_n_values(&mask->masks); - subtable = xzalloc(sizeof *subtable - sizeof mask->masks.inline_values - + MINIFLOW_VALUES_SIZE(count)); + subtable = xzalloc(sizeof *subtable + MINIFLOW_VALUES_SIZE(count)); cmap_init(&subtable->rules); - miniflow_clone_inline(&subtable->mask.masks, &mask->masks, count); + miniflow_clone(CONST_CAST(struct miniflow *, &subtable->mask.masks), + &mask->masks, count); /* Init indices for segmented lookup, if any. */ - flow_wildcards_init_catchall(&new); - old = new; prev = 0; for (i = 0; i < cls->n_flow_segments; i++) { - flow_wildcards_fold_minimask_range(&new, mask, prev, - cls->flow_segments[i]); + stage_map = miniflow_get_map_in_range(&mask->masks, prev, + cls->flow_segments[i]); /* Add an index if it adds mask bits. */ - if (!flow_wildcards_equal(&new, &old)) { + if (!flowmap_is_empty(stage_map)) { cmap_init(&subtable->indices[index]); - subtable->index_ofs[index] = cls->flow_segments[i]; + *CONST_CAST(struct flowmap *, &subtable->index_maps[index]) + = stage_map; index++; - old = new; } prev = cls->flow_segments[i]; } - /* Check if the rest of the subtable's mask adds any bits, + /* Map for the final stage. */ + *CONST_CAST(struct flowmap *, &subtable->index_maps[index]) + = miniflow_get_map_in_range(&mask->masks, prev, FLOW_U64S); + /* Check if the final stage adds any bits, * and remove the last index if it doesn't. */ if (index > 0) { - flow_wildcards_fold_minimask_range(&new, mask, prev, FLOW_U32S); - if (flow_wildcards_equal(&new, &old)) { + if (flowmap_equal(subtable->index_maps[index], + subtable->index_maps[index - 1])) { --index; - subtable->index_ofs[index] = 0; cmap_destroy(&subtable->indices[index]); } } - subtable->n_indices = index; - - subtable->tag = (minimask_get_metadata_mask(mask) == OVS_BE64_MAX - ? tag_create_deterministic(hash) - : TAG_ALL); + *CONST_CAST(uint8_t *, &subtable->n_indices) = index; for (i = 0; i < cls->n_tries; i++) { subtable->trie_plen[i] = minimask_get_prefix_len(mask, @@ -1368,38 +1508,39 @@ insert_subtable(struct classifier *cls, const struct minimask *mask) /* Ports trie. */ ovsrcu_set_hidden(&subtable->ports_trie, NULL); - subtable->ports_mask_len + *CONST_CAST(int *, &subtable->ports_mask_len) = 32 - ctz32(ntohl(MINIFLOW_GET_BE32(&mask->masks, tp_src))); + /* List of rules. */ + rculist_init(&subtable->rules_list); + cmap_insert(&cls->subtables_map, &subtable->cmap_node, hash); return subtable; } +/* RCU readers may still access the subtable before it is actually freed. */ static void destroy_subtable(struct classifier *cls, struct cls_subtable *subtable) - OVS_REQUIRES(cls->mutex) { int i; pvector_remove(&cls->subtables, subtable); - trie_destroy(&subtable->ports_trie); + cmap_remove(&cls->subtables_map, &subtable->cmap_node, + minimask_hash(&subtable->mask, 0)); + + ovs_assert(ovsrcu_get_protected(struct trie_node *, &subtable->ports_trie) + == NULL); + ovs_assert(cmap_is_empty(&subtable->rules)); + ovs_assert(rculist_is_empty(&subtable->rules_list)); for (i = 0; i < subtable->n_indices; i++) { cmap_destroy(&subtable->indices[i]); } - cmap_remove(&cls->subtables_map, &subtable->cmap_node, - minimask_hash(&subtable->mask, 0)); - minimask_destroy(&subtable->mask); cmap_destroy(&subtable->rules); ovsrcu_postpone(free, subtable); } -struct range { - uint8_t start; - uint8_t end; -}; - static unsigned int be_get_bit_at(const ovs_be32 value[], unsigned int ofs); /* Return 'true' if can skip rest of the subtable based on the prefix trie @@ -1407,7 +1548,7 @@ static unsigned int be_get_bit_at(const ovs_be32 value[], unsigned int ofs); static inline bool check_tries(struct trie_ctx trie_ctx[CLS_MAX_TRIES], unsigned int n_tries, const unsigned int field_plen[CLS_MAX_TRIES], - const struct range ofs, const struct flow *flow, + const struct flowmap range_map, const struct flow *flow, struct flow_wildcards *wc) { int j; @@ -1416,44 +1557,41 @@ check_tries(struct trie_ctx trie_ctx[CLS_MAX_TRIES], unsigned int n_tries, * fields using the prefix tries. The trie checks are done only as * needed to avoid folding in additional bits to the wildcards mask. */ for (j = 0; j < n_tries; j++) { - /* Is the trie field relevant for this subtable? */ - if (field_plen[j]) { + /* Is the trie field relevant for this subtable, and + is the trie field within the current range of fields? */ + if (field_plen[j] && + flowmap_is_set(&range_map, trie_ctx[j].be32ofs / 2)) { struct trie_ctx *ctx = &trie_ctx[j]; - uint8_t be32ofs = ctx->be32ofs; - - /* Is the trie field within the current range of fields? */ - if (be32ofs >= ofs.start && be32ofs < ofs.end) { - /* On-demand trie lookup. */ - if (!ctx->lookup_done) { - memset(&ctx->match_plens, 0, sizeof ctx->match_plens); - ctx->maskbits = trie_lookup(ctx->trie, flow, - &ctx->match_plens); - ctx->lookup_done = true; + + /* On-demand trie lookup. */ + if (!ctx->lookup_done) { + memset(&ctx->match_plens, 0, sizeof ctx->match_plens); + ctx->maskbits = trie_lookup(ctx->trie, flow, &ctx->match_plens); + ctx->lookup_done = true; + } + /* Possible to skip the rest of the subtable if subtable's + * prefix on the field is not included in the lookup result. */ + if (!be_get_bit_at(&ctx->match_plens.be32, field_plen[j] - 1)) { + /* We want the trie lookup to never result in unwildcarding + * any bits that would not be unwildcarded otherwise. + * Since the trie is shared by the whole classifier, it is + * possible that the 'maskbits' contain bits that are + * irrelevant for the partition relevant for the current + * packet. Hence the checks below. */ + + /* Check that the trie result will not unwildcard more bits + * than this subtable would otherwise. */ + if (ctx->maskbits <= field_plen[j]) { + /* Unwildcard the bits and skip the rest. */ + mask_set_prefix_bits(wc, ctx->be32ofs, ctx->maskbits); + /* Note: Prerequisite already unwildcarded, as the only + * prerequisite of the supported trie lookup fields is + * the ethertype, which is always unwildcarded. */ + return true; } - /* Possible to skip the rest of the subtable if subtable's - * prefix on the field is not included in the lookup result. */ - if (!be_get_bit_at(&ctx->match_plens.be32, field_plen[j] - 1)) { - /* We want the trie lookup to never result in unwildcarding - * any bits that would not be unwildcarded otherwise. - * Since the trie is shared by the whole classifier, it is - * possible that the 'maskbits' contain bits that are - * irrelevant for the partition relevant for the current - * packet. Hence the checks below. */ - - /* Check that the trie result will not unwildcard more bits - * than this subtable would otherwise. */ - if (ctx->maskbits <= field_plen[j]) { - /* Unwildcard the bits and skip the rest. */ - mask_set_prefix_bits(wc, be32ofs, ctx->maskbits); - /* Note: Prerequisite already unwildcarded, as the only - * prerequisite of the supported trie lookup fields is - * the ethertype, which is always unwildcarded. */ - return true; - } - /* Can skip if the field is already unwildcarded. */ - if (mask_prefix_bits_set(wc, be32ofs, ctx->maskbits)) { - return true; - } + /* Can skip if the field is already unwildcarded. */ + if (mask_prefix_bits_set(wc, ctx->be32ofs, ctx->maskbits)) { + return true; } } } @@ -1474,31 +1612,40 @@ miniflow_and_mask_matches_flow(const struct miniflow *flow, const struct minimask *mask, const struct flow *target) { - const uint32_t *flowp = miniflow_get_u32_values(flow); - const uint32_t *maskp = miniflow_get_u32_values(&mask->masks); - uint32_t idx; + const uint64_t *flowp = miniflow_get_values(flow); + const uint64_t *maskp = miniflow_get_values(&mask->masks); + const uint64_t *target_u64 = (const uint64_t *)target; + map_t map; - MAP_FOR_EACH_INDEX(idx, mask->masks.map) { - uint32_t diff = (*flowp++ ^ flow_u32_value(target, idx)) & *maskp++; + FLOWMAP_FOR_EACH_MAP (map, mask->masks.map) { + size_t idx; - if (diff) { - return false; + MAP_FOR_EACH_INDEX (idx, map) { + if ((*flowp++ ^ target_u64[idx]) & *maskp++) { + return false; + } } + target_u64 += MAP_T_BITS; } - return true; } -static inline struct cls_match * -find_match(const struct cls_subtable *subtable, const struct flow *flow, - uint32_t hash) +static inline const struct cls_match * +find_match(const struct cls_subtable *subtable, cls_version_t version, + const struct flow *flow, uint32_t hash) { - struct cls_match *rule; + const struct cls_match *head, *rule; - CMAP_FOR_EACH_WITH_HASH (rule, cmap_node, hash, &subtable->rules) { - if (miniflow_and_mask_matches_flow(&rule->flow, &subtable->mask, - flow)) { - return rule; + CMAP_FOR_EACH_WITH_HASH (head, cmap_node, hash, &subtable->rules) { + if (OVS_LIKELY(miniflow_and_mask_matches_flow(&head->flow, + &subtable->mask, + flow))) { + /* Return highest priority rule that is visible. */ + CLS_MATCH_FOR_EACH (rule, head) { + if (OVS_LIKELY(cls_match_visible_in_version(rule, version))) { + return rule; + } + } } } @@ -1517,77 +1664,79 @@ miniflow_and_mask_matches_flow_wc(const struct miniflow *flow, const struct flow *target, struct flow_wildcards *wc) { - const uint32_t *flowp = miniflow_get_u32_values(flow); - const uint32_t *maskp = miniflow_get_u32_values(&mask->masks); - uint32_t idx; + const uint64_t *flowp = miniflow_get_values(flow); + const uint64_t *maskp = miniflow_get_values(&mask->masks); + const uint64_t *target_u64 = (const uint64_t *)target; + uint64_t *wc_u64 = (uint64_t *)&wc->masks; + uint64_t diff; + size_t idx; + map_t map; - MAP_FOR_EACH_INDEX(idx, mask->masks.map) { - uint32_t mask = *maskp++; - uint32_t diff = (*flowp++ ^ flow_u32_value(target, idx)) & mask; + FLOWMAP_FOR_EACH_MAP (map, mask->masks.map) { + MAP_FOR_EACH_INDEX(idx, map) { + uint64_t msk = *maskp++; - if (diff) { - /* Only unwildcard if none of the differing bits is already - * exact-matched. */ - if (!(flow_u32_value(&wc->masks, idx) & diff)) { - /* Keep one bit of the difference. */ - *flow_u32_lvalue(&wc->masks, idx) |= rightmost_1bit(diff); + diff = (*flowp++ ^ target_u64[idx]) & msk; + if (diff) { + goto out; } - return false; + + /* Fill in the bits that were looked at. */ + wc_u64[idx] |= msk; } - /* Fill in the bits that were looked at. */ - *flow_u32_lvalue(&wc->masks, idx) |= mask; + target_u64 += MAP_T_BITS; + wc_u64 += MAP_T_BITS; } - return true; -} -/* Unwildcard the fields looked up so far, if any. */ -static void -fill_range_wc(const struct cls_subtable *subtable, struct flow_wildcards *wc, - uint8_t to) -{ - if (to) { - flow_wildcards_fold_minimask_range(wc, &subtable->mask, 0, to); +out: + /* Only unwildcard if none of the differing bits is already + * exact-matched. */ + if (!(wc_u64[idx] & diff)) { + /* Keep one bit of the difference. The selected bit may be + * different in big-endian v.s. little-endian systems. */ + wc_u64[idx] |= rightmost_1bit(diff); } + return false; } -static struct cls_match * -find_match_wc(const struct cls_subtable *subtable, const struct flow *flow, - struct trie_ctx trie_ctx[CLS_MAX_TRIES], unsigned int n_tries, - struct flow_wildcards *wc) +static const struct cls_match * +find_match_wc(const struct cls_subtable *subtable, cls_version_t version, + const struct flow *flow, struct trie_ctx trie_ctx[CLS_MAX_TRIES], + unsigned int n_tries, struct flow_wildcards *wc) { - uint32_t basis = 0, hash; - struct cls_match *rule; - int i; - struct range ofs; - if (OVS_UNLIKELY(!wc)) { - return find_match(subtable, flow, + return find_match(subtable, version, flow, flow_hash_in_minimask(flow, &subtable->mask, 0)); } - ofs.start = 0; + uint32_t basis = 0, hash; + const struct cls_match *rule = NULL; + struct flowmap stages_map = FLOWMAP_EMPTY_INITIALIZER; + unsigned int mask_offset = 0; + int i; + /* Try to finish early by checking fields in segments. */ for (i = 0; i < subtable->n_indices; i++) { - struct cmap_node *inode; - - ofs.end = subtable->index_ofs[i]; + const struct cmap_node *inode; - if (check_tries(trie_ctx, n_tries, subtable->trie_plen, ofs, flow, - wc)) { + if (check_tries(trie_ctx, n_tries, subtable->trie_plen, + subtable->index_maps[i], flow, wc)) { /* 'wc' bits for the trie field set, now unwildcard the preceding * bits used so far. */ - fill_range_wc(subtable, wc, ofs.start); - return NULL; + goto no_match; } - hash = flow_hash_in_minimask_range(flow, &subtable->mask, ofs.start, - ofs.end, &basis); + + /* Accumulate the map used so far. */ + stages_map = flowmap_or(stages_map, subtable->index_maps[i]); + + hash = flow_hash_in_minimask_range(flow, &subtable->mask, + subtable->index_maps[i], + &mask_offset, &basis); + inode = cmap_find(&subtable->indices[i], hash); if (!inode) { - /* No match, can stop immediately, but must fold in the bits - * used in lookup so far. */ - fill_range_wc(subtable, wc, ofs.end); - return NULL; + goto no_match; } /* If we have narrowed down to a single rule already, check whether @@ -1596,28 +1745,35 @@ find_match_wc(const struct cls_subtable *subtable, const struct flow *flow, * (Rare) hash collisions may cause us to miss the opportunity for this * optimization. */ if (!cmap_node_next(inode)) { - ASSIGN_CONTAINER(rule, inode - i, index_nodes); - if (miniflow_and_mask_matches_flow_wc(&rule->flow, &subtable->mask, + const struct cls_match *head; + + ASSIGN_CONTAINER(head, inode - i, index_nodes); + if (miniflow_and_mask_matches_flow_wc(&head->flow, &subtable->mask, flow, wc)) { - return rule; + /* Return highest priority rule that is visible. */ + CLS_MATCH_FOR_EACH (rule, head) { + if (OVS_LIKELY(cls_match_visible_in_version(rule, + version))) { + return rule; + } + } } return NULL; } - ofs.start = ofs.end; } - ofs.end = FLOW_U32S; /* Trie check for the final range. */ - if (check_tries(trie_ctx, n_tries, subtable->trie_plen, ofs, flow, wc)) { - fill_range_wc(subtable, wc, ofs.start); - return NULL; - } - hash = flow_hash_in_minimask_range(flow, &subtable->mask, ofs.start, - ofs.end, &basis); - rule = find_match(subtable, flow, hash); + if (check_tries(trie_ctx, n_tries, subtable->trie_plen, + subtable->index_maps[i], flow, wc)) { + goto no_match; + } + hash = flow_hash_in_minimask_range(flow, &subtable->mask, + subtable->index_maps[i], + &mask_offset, &basis); + rule = find_match(subtable, version, flow, hash); if (!rule && subtable->ports_mask_len) { - /* Ports are always part of the final range, if any. - * No match was found for the ports. Use the ports trie to figure out - * which ports bits to unwildcard. */ + /* The final stage had ports, but there was no match. Instead of + * unwildcarding all the ports bits, use the ports trie to figure out a + * smaller set of bits to unwildcard. */ unsigned int mbits; ovs_be32 value, plens, mask; @@ -1626,21 +1782,24 @@ find_match_wc(const struct cls_subtable *subtable, const struct flow *flow, mbits = trie_lookup_value(&subtable->ports_trie, &value, &plens, 32); ((OVS_FORCE ovs_be32 *)&wc->masks)[TP_PORTS_OFS32] |= - mask & htonl(~0 << (32 - mbits)); + mask & be32_prefix_mask(mbits); - /* Unwildcard all bits in the mask upto the ports, as they were used - * to determine there is no match. */ - fill_range_wc(subtable, wc, TP_PORTS_OFS32); - return NULL; + goto no_match; } /* Must unwildcard all the fields, as they were looked at. */ flow_wildcards_fold_minimask(wc, &subtable->mask); return rule; + +no_match: + /* Unwildcard the bits in stages so far, as they were used in determining + * there is no match. */ + flow_wildcards_fold_minimask_in_map(wc, &subtable->mask, stages_map); + return NULL; } static struct cls_match * -find_equal(struct cls_subtable *subtable, const struct miniflow *flow, +find_equal(const struct cls_subtable *subtable, const struct miniflow *flow, uint32_t hash) { struct cls_match *head; @@ -1652,139 +1811,8 @@ find_equal(struct cls_subtable *subtable, const struct miniflow *flow, } return NULL; } - -/* - * As the readers are operating concurrently with the modifications, a - * concurrent reader may or may not see the new rule, depending on how - * the concurrent events overlap with each other. This is no - * different from the former locked behavior, but there the visibility - * of the new rule only depended on the timing of the locking - * functions. - * - * The new rule is first added to the segment indices, so the readers - * may find the rule in the indices before the rule is visible in the - * subtables 'rules' map. This may result in us losing the - * opportunity to quit lookups earlier, resulting in sub-optimal - * wildcarding. This will be fixed by forthcoming revalidation always - * scheduled after flow table changes. - * - * Similar behavior may happen due to us removing the overlapping rule - * (if any) from the indices only after the new rule has been added. - * - * The subtable's max priority is updated only after the rule is - * inserted, so the concurrent readers may not see the rule, as the - * updated priority ordered subtable list will only be visible after - * the subtable's max priority is updated. - * - * Similarly, the classifier's partitions for new rules are updated by - * the caller after this function, so the readers may keep skipping - * the subtable until they see the updated partitions. - */ -static struct cls_match * -insert_rule(struct classifier *cls, struct cls_subtable *subtable, - struct cls_rule *new_rule) - OVS_REQUIRES(cls->mutex) -{ - struct cls_match *old = NULL; - struct cls_match *new = cls_match_alloc(new_rule); - struct cls_match *head; - int i; - uint32_t basis = 0, hash, ihash[CLS_MAX_INDICES]; - uint8_t prev_be32ofs = 0; - - /* Add new node to segment indices. */ - for (i = 0; i < subtable->n_indices; i++) { - ihash[i] = minimatch_hash_range(&new_rule->match, prev_be32ofs, - subtable->index_ofs[i], &basis); - cmap_insert(&subtable->indices[i], &new->index_nodes[i], ihash[i]); - prev_be32ofs = subtable->index_ofs[i]; - } - hash = minimatch_hash_range(&new_rule->match, prev_be32ofs, FLOW_U32S, - &basis); - head = find_equal(subtable, &new_rule->match.flow, hash); - if (!head) { - cmap_insert(&subtable->rules, &new->cmap_node, hash); - list_init(&new->list); - goto out; - } else { - /* Scan the list for the insertion point that will keep the list in - * order of decreasing priority. */ - struct cls_match *rule; - - FOR_EACH_RULE_IN_LIST (rule, head) { - if (new->priority >= rule->priority) { - if (rule == head) { - /* 'new' is the new highest-priority flow in the list. */ - cmap_replace(&subtable->rules, &rule->cmap_node, - &new->cmap_node, hash); - } - - if (new->priority == rule->priority) { - list_replace(&new->list, &rule->list); - old = rule; - } else { - list_insert(&rule->list, &new->list); - } - goto out; - } - } - - /* Insert 'new' at the end of the list. */ - list_push_back(&head->list, &new->list); - } - - out: - if (!old) { - subtable->n_rules++; - - /* Rule was added, not replaced. Update 'subtable's 'max_priority' - * and 'max_count', if necessary. */ - if (subtable->n_rules == 1) { - subtable->max_priority = new->priority; - subtable->max_count = 1; - pvector_insert(&cls->subtables, subtable, new->priority); - } else if (subtable->max_priority == new->priority) { - ++subtable->max_count; - } else if (new->priority > subtable->max_priority) { - subtable->max_priority = new->priority; - subtable->max_count = 1; - pvector_change_priority(&cls->subtables, subtable, new->priority); - } - } else { - /* Remove old node from indices. */ - for (i = 0; i < subtable->n_indices; i++) { - cmap_remove(&subtable->indices[i], &old->index_nodes[i], ihash[i]); - } - } - return old; -} - -static struct cls_match * -next_rule_in_list__(struct cls_match *rule) - OVS_NO_THREAD_SAFETY_ANALYSIS -{ - struct cls_match *next = OBJECT_CONTAINING(rule->list.next, next, list); - return next; -} - -static struct cls_match * -next_rule_in_list(struct cls_match *rule) -{ - struct cls_match *next = next_rule_in_list__(rule); - return next->priority < rule->priority ? next : NULL; -} /* A longest-prefix match tree. */ -struct trie_node { - uint32_t prefix; /* Prefix bits for this node, MSB first. */ - uint8_t n_bits; /* Never zero, except for the root node. */ - unsigned int n_rules; /* Number of rules that have this prefix. */ - rcu_trie_ptr edges[2]; /* Both NULL if leaf. */ -}; - -/* Max bits per node. Must fit in struct trie_node's 'prefix'. - * Also tested with 16, 8, and 5 to stress the implementation. */ -#define TRIE_PREFIX_BITS 32 /* Return at least 'plen' bits of the 'prefix', starting at bit offset 'ofs'. * Prefixes are in the network byte order, and the offset 0 corresponds to @@ -1907,7 +1935,6 @@ trie_node_rcu_realloc(const struct trie_node *node) return new_node; } -/* May only be called while holding the classifier mutex. */ static void trie_destroy(rcu_trie_ptr *trie) { @@ -2027,7 +2054,7 @@ trie_lookup_value(const rcu_trie_ptr *trie, const ovs_be32 value[], static unsigned int trie_lookup(const struct cls_trie *trie, const struct flow *flow, - union mf_value *plens) + union trie_prefix *plens) { const struct mf_field *mf = trie->field; @@ -2051,12 +2078,11 @@ minimask_get_prefix_len(const struct minimask *minimask, const struct mf_field *mf) { unsigned int n_bits = 0, mask_tz = 0; /* Non-zero when end of mask seen. */ - uint8_t u32_ofs = mf->flow_be32ofs; - uint8_t u32_end = u32_ofs + mf->n_bytes / 4; + uint8_t be32_ofs = mf->flow_be32ofs; + uint8_t be32_end = be32_ofs + mf->n_bytes / 4; - for (; u32_ofs < u32_end; ++u32_ofs) { - uint32_t mask; - mask = ntohl((OVS_FORCE ovs_be32)minimask_get(minimask, u32_ofs)); + for (; be32_ofs < be32_end; ++be32_ofs) { + uint32_t mask = ntohl(minimask_get_be32(minimask, be32_ofs)); /* Validate mask, count the mask length. */ if (mask_tz) { @@ -2084,8 +2110,10 @@ minimask_get_prefix_len(const struct minimask *minimask, static const ovs_be32 * minimatch_get_prefix(const struct minimatch *match, const struct mf_field *mf) { - return miniflow_get_be32_values(&match->flow) + - count_1bits(match->flow.map & ((UINT64_C(1) << mf->flow_be32ofs) - 1)); + size_t u64_ofs = mf->flow_be32ofs / 2; + + return (OVS_FORCE const ovs_be32 *)miniflow_get__(match->flow, u64_ofs) + + (mf->flow_be32ofs & 1); } /* Insert rule in to the prefix tree. @@ -2159,7 +2187,7 @@ static void trie_remove_prefix(rcu_trie_ptr *root, const ovs_be32 *prefix, int mlen) { struct trie_node *node; - rcu_trie_ptr *edges[sizeof(union mf_value) * 8]; + rcu_trie_ptr *edges[sizeof(union trie_prefix) * CHAR_BIT]; int depth = 0, ofs = 0; /* Walk the tree. */ @@ -2226,3 +2254,13 @@ trie_remove_prefix(rcu_trie_ptr *root, const ovs_be32 *prefix, int mlen) * that actually exist in the classifier are ever removed. */ VLOG_WARN("Trying to remove non-existing rule from a prefix trie."); } + + +#define CLS_MATCH_POISON (struct cls_match *)(UINTPTR_MAX / 0xf * 0xb) + +void +cls_match_free_cb(struct cls_match *rule) +{ + ovsrcu_set_hidden(&rule->next, CLS_MATCH_POISON); + free(rule); +}