X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=lib%2Fclassifier.c;h=cfcdc02927b6029c93e755effb6582b3037f2336;hb=HEAD;hp=a8f9e4f5f416fea65399f1c4f1b9b83dfa2c683c;hpb=27bbe15dec4e1862396b5c4d265f0ced71b49930;p=cascardo%2Fovs.git diff --git a/lib/classifier.c b/lib/classifier.c index a8f9e4f5f..cfcdc0292 100644 --- a/lib/classifier.c +++ b/lib/classifier.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2010, 2011, 2012, 2013 Nicira, Inc. + * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,447 +16,187 @@ #include #include "classifier.h" +#include "classifier-private.h" #include #include #include "byte-order.h" #include "dynamic-string.h" -#include "flow.h" -#include "hash.h" #include "odp-util.h" #include "ofp-util.h" -#include "ovs-thread.h" #include "packets.h" -#include "vlog.h" +#include "util.h" +#include "openvswitch/vlog.h" VLOG_DEFINE_THIS_MODULE(classifier); -struct trie_node; - -/* Prefix trie for a 'field' */ -struct cls_trie { - const struct mf_field *field; /* Trie field, or NULL. */ - struct trie_node *root; /* NULL if none. */ -}; - -struct cls_subtable_entry { - struct cls_subtable *subtable; - const uint32_t *mask_values; - tag_type tag; - unsigned int max_priority; -}; - -struct cls_subtable_cache { - struct cls_subtable_entry *subtables; - size_t alloc_size; /* Number of allocated elements. */ - size_t size; /* One past last valid array element. */ -}; +struct trie_ctx; -enum { - CLS_MAX_INDICES = 3 /* Maximum number of lookup indices per subtable. */ +/* A collection of "struct cls_conjunction"s currently embedded into a + * cls_match. */ +struct cls_conjunction_set { + /* Link back to the cls_match. + * + * cls_conjunction_set is mostly used during classifier lookup, and, in + * turn, during classifier lookup the most used member of + * cls_conjunction_set is the rule's priority, so we cache it here for fast + * access. */ + struct cls_match *match; + int priority; /* Cached copy of match->priority. */ + + /* Conjunction information. + * + * 'min_n_clauses' allows some optimization during classifier lookup. */ + unsigned int n; /* Number of elements in 'conj'. */ + unsigned int min_n_clauses; /* Smallest 'n' among elements of 'conj'. */ + struct cls_conjunction conj[]; }; -struct cls_classifier { - int n_rules; /* Total number of rules. */ - uint8_t n_flow_segments; - uint8_t flow_segments[CLS_MAX_INDICES]; /* Flow segment boundaries to use - * for staged lookup. */ - struct hmap subtables; /* Contains "struct cls_subtable"s. */ - struct cls_subtable_cache subtables_priority; - struct hmap partitions; /* Contains "struct cls_partition"s. */ - struct cls_trie tries[CLS_MAX_TRIES]; /* Prefix tries. */ - unsigned int n_tries; -}; +/* Ports trie depends on both ports sharing the same ovs_be32. */ +#define TP_PORTS_OFS32 (offsetof(struct flow, tp_src) / 4) +BUILD_ASSERT_DECL(TP_PORTS_OFS32 == offsetof(struct flow, tp_dst) / 4); +BUILD_ASSERT_DECL(TP_PORTS_OFS32 % 2 == 0); +#define TP_PORTS_OFS64 (TP_PORTS_OFS32 / 2) -/* A set of rules that all have the same fields wildcarded. */ -struct cls_subtable { - struct hmap_node hmap_node; /* Within struct cls_classifier 'subtables' - * hmap. */ - struct hmap rules; /* Contains "struct cls_rule"s. */ - struct minimask mask; /* Wildcards for fields. */ - int n_rules; /* Number of rules, including duplicates. */ - unsigned int max_priority; /* Max priority of any rule in the subtable. */ - unsigned int max_count; /* Count of max_priority rules. */ - tag_type tag; /* Tag generated from mask for partitioning. */ - uint8_t n_indices; /* How many indices to use. */ - uint8_t index_ofs[CLS_MAX_INDICES]; /* u32 flow segment boundaries. */ - struct hindex indices[CLS_MAX_INDICES]; /* Staged lookup indices. */ - unsigned int trie_plen[CLS_MAX_TRIES]; /* Trie prefix length in 'mask'. */ -}; +static size_t +cls_conjunction_set_size(size_t n) +{ + return (sizeof(struct cls_conjunction_set) + + n * sizeof(struct cls_conjunction)); +} -/* Associates a metadata value (that is, a value of the OpenFlow 1.1+ metadata - * field) with tags for the "cls_subtable"s that contain rules that match that - * metadata value. */ -struct cls_partition { - struct hmap_node hmap_node; /* In struct cls_classifier's 'partitions' - * hmap. */ - ovs_be64 metadata; /* metadata value for this partition. */ - tag_type tags; /* OR of each flow's cls_subtable tag. */ - struct tag_tracker tracker; /* Tracks the bits in 'tags'. */ -}; +static struct cls_conjunction_set * +cls_conjunction_set_alloc(struct cls_match *match, + const struct cls_conjunction conj[], size_t n) +{ + if (n) { + size_t min_n_clauses = conj[0].n_clauses; + for (size_t i = 1; i < n; i++) { + min_n_clauses = MIN(min_n_clauses, conj[i].n_clauses); + } -/* Internal representation of a rule in a "struct cls_subtable". */ -struct cls_match { - struct cls_rule *cls_rule; - struct hindex_node index_nodes[CLS_MAX_INDICES]; /* Within subtable's - * 'indices'. */ - struct hmap_node hmap_node; /* Within struct cls_subtable 'rules'. */ - unsigned int priority; /* Larger numbers are higher priorities. */ - struct cls_partition *partition; - struct list list; /* List of identical, lower-priority rules. */ - struct minimatch match; /* Matching rule. */ -}; + struct cls_conjunction_set *set = xmalloc(cls_conjunction_set_size(n)); + set->match = match; + set->priority = match->priority; + set->n = n; + set->min_n_clauses = min_n_clauses; + memcpy(set->conj, conj, n * sizeof *conj); + return set; + } else { + return NULL; + } +} static struct cls_match * -cls_match_alloc(struct cls_rule *rule) +cls_match_alloc(const struct cls_rule *rule, cls_version_t version, + const struct cls_conjunction conj[], size_t n) { - struct cls_match *cls_match = xmalloc(sizeof *cls_match); + size_t count = miniflow_n_values(rule->match.flow); + + struct cls_match *cls_match + = xmalloc(sizeof *cls_match + MINIFLOW_VALUES_SIZE(count)); - cls_match->cls_rule = rule; - minimatch_clone(&cls_match->match, &rule->match); - cls_match->priority = rule->priority; - rule->cls_match = cls_match; + ovsrcu_init(&cls_match->next, NULL); + *CONST_CAST(const struct cls_rule **, &cls_match->cls_rule) = rule; + *CONST_CAST(int *, &cls_match->priority) = rule->priority; + *CONST_CAST(cls_version_t *, &cls_match->add_version) = version; + atomic_init(&cls_match->remove_version, version); /* Initially + * invisible. */ + miniflow_clone(CONST_CAST(struct miniflow *, &cls_match->flow), + rule->match.flow, count); + ovsrcu_set_hidden(&cls_match->conj_set, + cls_conjunction_set_alloc(cls_match, conj, n)); return cls_match; } -struct trie_ctx; -static struct cls_subtable *find_subtable(const struct cls_classifier *, +static struct cls_subtable *find_subtable(const struct classifier *cls, const struct minimask *); -static struct cls_subtable *insert_subtable(struct cls_classifier *, +static struct cls_subtable *insert_subtable(struct classifier *cls, const struct minimask *); - -static void destroy_subtable(struct cls_classifier *, struct cls_subtable *); - -static void update_subtables_after_insertion(struct cls_classifier *, - struct cls_subtable *, - unsigned int new_priority); -static void update_subtables_after_removal(struct cls_classifier *, - struct cls_subtable *, - unsigned int del_priority); - -static struct cls_match *find_match_wc(const struct cls_subtable *, - const struct flow *, struct trie_ctx *, - unsigned int n_tries, - struct flow_wildcards *); -static struct cls_match *find_equal(struct cls_subtable *, +static void destroy_subtable(struct classifier *cls, struct cls_subtable *); + +static const struct cls_match *find_match_wc(const struct cls_subtable *, + cls_version_t version, + const struct flow *, + struct trie_ctx *, + unsigned int n_tries, + struct flow_wildcards *); +static struct cls_match *find_equal(const struct cls_subtable *, const struct miniflow *, uint32_t hash); -static struct cls_match *insert_rule(struct cls_classifier *, - struct cls_subtable *, struct cls_rule *); -/* Iterates RULE over HEAD and all of the cls_rules on HEAD->list. */ -#define FOR_EACH_RULE_IN_LIST(RULE, HEAD) \ - for ((RULE) = (HEAD); (RULE) != NULL; (RULE) = next_rule_in_list(RULE)) -#define FOR_EACH_RULE_IN_LIST_SAFE(RULE, NEXT, HEAD) \ - for ((RULE) = (HEAD); \ - (RULE) != NULL && ((NEXT) = next_rule_in_list(RULE), true); \ - (RULE) = (NEXT)) +/* Return the next visible (lower-priority) rule in the list. Multiple + * identical rules with the same priority may exist transitionally, but when + * versioning is used at most one of them is ever visible for lookups on any + * given 'version'. */ +static inline const struct cls_match * +next_visible_rule_in_list(const struct cls_match *rule, cls_version_t version) +{ + do { + rule = cls_match_next(rule); + } while (rule && !cls_match_visible_in_version(rule, version)); -static struct cls_match *next_rule_in_list__(struct cls_match *); -static struct cls_match *next_rule_in_list(struct cls_match *); + return rule; +} + +/* Type with maximum supported prefix length. */ +union trie_prefix { + struct in6_addr ipv6; /* For sizing. */ + ovs_be32 be32; /* For access. */ +}; static unsigned int minimask_get_prefix_len(const struct minimask *, const struct mf_field *); -static void trie_init(struct cls_classifier *, int trie_idx, +static void trie_init(struct classifier *cls, int trie_idx, const struct mf_field *); static unsigned int trie_lookup(const struct cls_trie *, const struct flow *, - unsigned int *checkbits); - -static void trie_destroy(struct trie_node *); + union trie_prefix *plens); +static unsigned int trie_lookup_value(const rcu_trie_ptr *, + const ovs_be32 value[], ovs_be32 plens[], + unsigned int value_bits); +static void trie_destroy(rcu_trie_ptr *); static void trie_insert(struct cls_trie *, const struct cls_rule *, int mlen); +static void trie_insert_prefix(rcu_trie_ptr *, const ovs_be32 *prefix, + int mlen); static void trie_remove(struct cls_trie *, const struct cls_rule *, int mlen); +static void trie_remove_prefix(rcu_trie_ptr *, const ovs_be32 *prefix, + int mlen); static void mask_set_prefix_bits(struct flow_wildcards *, uint8_t be32ofs, - unsigned int nbits); + unsigned int n_bits); static bool mask_prefix_bits_set(const struct flow_wildcards *, - uint8_t be32ofs, unsigned int nbits); - -static void -cls_subtable_cache_init(struct cls_subtable_cache *array) -{ - memset(array, 0, sizeof *array); -} - -static void -cls_subtable_cache_destroy(struct cls_subtable_cache *array) -{ - free(array->subtables); - memset(array, 0, sizeof *array); -} - -/* Array insertion. */ -static void -cls_subtable_cache_push_back(struct cls_subtable_cache *array, - struct cls_subtable_entry a) -{ - if (array->size == array->alloc_size) { - array->subtables = x2nrealloc(array->subtables, &array->alloc_size, - sizeof a); - } - - array->subtables[array->size++] = a; -} - -/* Only for rearranging entries in the same cache. */ -static inline void -cls_subtable_cache_splice(struct cls_subtable_entry *to, - struct cls_subtable_entry *start, - struct cls_subtable_entry *end) -{ - if (to > end) { - /* Same as splicing entries to (start) from [end, to). */ - struct cls_subtable_entry *temp = to; - to = start; start = end; end = temp; - } - if (to < start) { - while (start != end) { - struct cls_subtable_entry temp = *start; - - memmove(to + 1, to, (start - to) * sizeof *to); - *to = temp; - start++; - } - } /* Else nothing to be done. */ -} - -/* Array removal. */ -static inline void -cls_subtable_cache_remove(struct cls_subtable_cache *array, - struct cls_subtable_entry *elem) -{ - ssize_t size = (&array->subtables[array->size] - - (elem + 1)) * sizeof *elem; - if (size > 0) { - memmove(elem, elem + 1, size); - } - array->size--; -} - -#define CLS_SUBTABLE_CACHE_FOR_EACH(SUBTABLE, ITER, ARRAY) \ - for (ITER = (ARRAY)->subtables; \ - ITER < &(ARRAY)->subtables[(ARRAY)->size] \ - && OVS_LIKELY(SUBTABLE = ITER->subtable); \ - ++ITER) -#define CLS_SUBTABLE_CACHE_FOR_EACH_CONTINUE(SUBTABLE, ITER, ARRAY) \ - for (++ITER; \ - ITER < &(ARRAY)->subtables[(ARRAY)->size] \ - && OVS_LIKELY(SUBTABLE = ITER->subtable); \ - ++ITER) -#define CLS_SUBTABLE_CACHE_FOR_EACH_REVERSE(SUBTABLE, ITER, ARRAY) \ - for (ITER = &(ARRAY)->subtables[(ARRAY)->size]; \ - ITER > (ARRAY)->subtables \ - && OVS_LIKELY(SUBTABLE = (--ITER)->subtable);) - + uint8_t be32ofs, unsigned int n_bits); -/* flow/miniflow/minimask/minimatch utilities. - * These are only used by the classifier, so place them here to allow - * for better optimization. */ - -static inline uint64_t -miniflow_get_map_in_range(const struct miniflow *miniflow, - uint8_t start, uint8_t end, unsigned int *offset) -{ - uint64_t map = miniflow->map; - *offset = 0; - - if (start > 0) { - uint64_t msk = (UINT64_C(1) << start) - 1; /* 'start' LSBs set */ - *offset = count_1bits(map & msk); - map &= ~msk; - } - if (end < FLOW_U32S) { - uint64_t msk = (UINT64_C(1) << end) - 1; /* 'end' LSBs set */ - map &= msk; - } - return map; -} - -/* Returns a hash value for the bits of 'flow' where there are 1-bits in - * 'mask', given 'basis'. - * - * The hash values returned by this function are the same as those returned by - * miniflow_hash_in_minimask(), only the form of the arguments differ. */ -static inline uint32_t -flow_hash_in_minimask(const struct flow *flow, const struct minimask *mask, - uint32_t basis) -{ - const uint32_t *mask_values = miniflow_get_u32_values(&mask->masks); - const uint32_t *flow_u32 = (const uint32_t *)flow; - const uint32_t *p = mask_values; - uint32_t hash; - uint64_t map; - - hash = basis; - for (map = mask->masks.map; map; map = zero_rightmost_1bit(map)) { - hash = mhash_add(hash, flow_u32[raw_ctz(map)] & *p++); - } - - return mhash_finish(hash, (p - mask_values) * 4); -} - -/* Returns a hash value for the bits of 'flow' where there are 1-bits in - * 'mask', given 'basis'. - * - * The hash values returned by this function are the same as those returned by - * flow_hash_in_minimask(), only the form of the arguments differ. */ -static inline uint32_t -miniflow_hash_in_minimask(const struct miniflow *flow, - const struct minimask *mask, uint32_t basis) -{ - const uint32_t *mask_values = miniflow_get_u32_values(&mask->masks); - const uint32_t *p = mask_values; - uint32_t hash = basis; - uint32_t flow_u32; - - MINIFLOW_FOR_EACH_IN_MAP(flow_u32, flow, mask->masks.map) { - hash = mhash_add(hash, flow_u32 & *p++); - } - - return mhash_finish(hash, (p - mask_values) * 4); -} - -/* Returns a hash value for the bits of range [start, end) in 'flow', - * where there are 1-bits in 'mask', given 'hash'. - * - * The hash values returned by this function are the same as those returned by - * minimatch_hash_range(), only the form of the arguments differ. */ -static inline uint32_t -flow_hash_in_minimask_range(const struct flow *flow, - const struct minimask *mask, - uint8_t start, uint8_t end, uint32_t *basis) -{ - const uint32_t *mask_values = miniflow_get_u32_values(&mask->masks); - const uint32_t *flow_u32 = (const uint32_t *)flow; - unsigned int offset; - uint64_t map = miniflow_get_map_in_range(&mask->masks, start, end, - &offset); - const uint32_t *p = mask_values + offset; - uint32_t hash = *basis; - - for (; map; map = zero_rightmost_1bit(map)) { - hash = mhash_add(hash, flow_u32[raw_ctz(map)] & *p++); - } - - *basis = hash; /* Allow continuation from the unfinished value. */ - return mhash_finish(hash, (p - mask_values) * 4); -} - -/* Fold minimask 'mask''s wildcard mask into 'wc's wildcard mask. */ -static inline void -flow_wildcards_fold_minimask(struct flow_wildcards *wc, - const struct minimask *mask) -{ - flow_union_with_miniflow(&wc->masks, &mask->masks); -} +/* cls_rule. */ -/* Fold minimask 'mask''s wildcard mask into 'wc's wildcard mask - * in range [start, end). */ static inline void -flow_wildcards_fold_minimask_range(struct flow_wildcards *wc, - const struct minimask *mask, - uint8_t start, uint8_t end) -{ - uint32_t *dst_u32 = (uint32_t *)&wc->masks; - unsigned int offset; - uint64_t map = miniflow_get_map_in_range(&mask->masks, start, end, - &offset); - const uint32_t *p = miniflow_get_u32_values(&mask->masks) + offset; - - for (; map; map = zero_rightmost_1bit(map)) { - dst_u32[raw_ctz(map)] |= *p++; - } -} - -/* Returns a hash value for 'flow', given 'basis'. */ -static inline uint32_t -miniflow_hash(const struct miniflow *flow, uint32_t basis) -{ - const uint32_t *values = miniflow_get_u32_values(flow); - const uint32_t *p = values; - uint32_t hash = basis; - uint64_t hash_map = 0; - uint64_t map; - - for (map = flow->map; map; map = zero_rightmost_1bit(map)) { - if (*p) { - hash = mhash_add(hash, *p); - hash_map |= rightmost_1bit(map); - } - p++; - } - hash = mhash_add(hash, hash_map); - hash = mhash_add(hash, hash_map >> 32); - - return mhash_finish(hash, p - values); -} - -/* Returns a hash value for 'mask', given 'basis'. */ -static inline uint32_t -minimask_hash(const struct minimask *mask, uint32_t basis) -{ - return miniflow_hash(&mask->masks, basis); -} - -/* Returns a hash value for 'match', given 'basis'. */ -static inline uint32_t -minimatch_hash(const struct minimatch *match, uint32_t basis) -{ - return miniflow_hash(&match->flow, minimask_hash(&match->mask, basis)); -} - -/* Returns a hash value for the bits of range [start, end) in 'minimatch', - * given 'basis'. - * - * The hash values returned by this function are the same as those returned by - * flow_hash_in_minimask_range(), only the form of the arguments differ. */ -static inline uint32_t -minimatch_hash_range(const struct minimatch *match, uint8_t start, uint8_t end, - uint32_t *basis) +cls_rule_init__(struct cls_rule *rule, unsigned int priority) { - unsigned int offset; - const uint32_t *p, *q; - uint32_t hash = *basis; - int n, i; - - n = count_1bits(miniflow_get_map_in_range(&match->mask.masks, start, end, - &offset)); - q = miniflow_get_u32_values(&match->mask.masks) + offset; - p = miniflow_get_u32_values(&match->flow) + offset; - - for (i = 0; i < n; i++) { - hash = mhash_add(hash, p[i] & q[i]); - } - *basis = hash; /* Allow continuation from the unfinished value. */ - return mhash_finish(hash, (offset + n) * 4); + rculist_init(&rule->node); + *CONST_CAST(int *, &rule->priority) = priority; + rule->cls_match = NULL; } - -/* cls_rule. */ - /* Initializes 'rule' to match packets specified by 'match' at the given * 'priority'. 'match' must satisfy the invariant described in the comment at * the definition of struct match. * * The caller must eventually destroy 'rule' with cls_rule_destroy(). * - * (OpenFlow uses priorities between 0 and UINT16_MAX, inclusive, but - * internally Open vSwitch supports a wider range.) */ + * Clients should not use priority INT_MIN. (OpenFlow uses priorities between + * 0 and UINT16_MAX, inclusive.) */ void -cls_rule_init(struct cls_rule *rule, - const struct match *match, unsigned int priority) +cls_rule_init(struct cls_rule *rule, const struct match *match, int priority) { - minimatch_init(&rule->match, match); - rule->priority = priority; - rule->cls_match = NULL; + cls_rule_init__(rule, priority); + minimatch_init(CONST_CAST(struct minimatch *, &rule->match), match); } /* Same as cls_rule_init() for initialization from a "struct minimatch". */ void cls_rule_init_from_minimatch(struct cls_rule *rule, - const struct minimatch *match, - unsigned int priority) + const struct minimatch *match, int priority) { - minimatch_clone(&rule->match, match); - rule->priority = priority; - rule->cls_match = NULL; + cls_rule_init__(rule, priority); + minimatch_clone(CONST_CAST(struct minimatch *, &rule->match), match); } /* Initializes 'dst' as a copy of 'src'. @@ -465,20 +205,21 @@ cls_rule_init_from_minimatch(struct cls_rule *rule, void cls_rule_clone(struct cls_rule *dst, const struct cls_rule *src) { - minimatch_clone(&dst->match, &src->match); - dst->priority = src->priority; - dst->cls_match = NULL; + cls_rule_init__(dst, src->priority); + minimatch_clone(CONST_CAST(struct minimatch *, &dst->match), &src->match); } /* Initializes 'dst' with the data in 'src', destroying 'src'. + * + * 'src' must be a cls_rule NOT in a classifier. * * The caller must eventually destroy 'dst' with cls_rule_destroy(). */ void cls_rule_move(struct cls_rule *dst, struct cls_rule *src) { - minimatch_move(&dst->match, &src->match); - dst->priority = src->priority; - dst->cls_match = NULL; + cls_rule_init__(dst, src->priority); + minimatch_move(CONST_CAST(struct minimatch *, &dst->match), + CONST_CAST(struct minimatch *, &src->match)); } /* Frees memory referenced by 'rule'. Doesn't free 'rule' itself (it's @@ -487,11 +228,38 @@ cls_rule_move(struct cls_rule *dst, struct cls_rule *src) * ('rule' must not currently be in a classifier.) */ void cls_rule_destroy(struct cls_rule *rule) + OVS_NO_THREAD_SAFETY_ANALYSIS { - ovs_assert(!rule->cls_match); - minimatch_destroy(&rule->match); + ovs_assert(!rule->cls_match); /* Must not be in a classifier. */ + + /* Check that the rule has been properly removed from the classifier. */ + ovs_assert(rule->node.prev == RCULIST_POISON + || rculist_is_empty(&rule->node)); + rculist_poison__(&rule->node); /* Poisons also the next pointer. */ + + minimatch_destroy(CONST_CAST(struct minimatch *, &rule->match)); +} + +void +cls_rule_set_conjunctions(struct cls_rule *cr, + const struct cls_conjunction *conj, size_t n) +{ + struct cls_match *match = cr->cls_match; + struct cls_conjunction_set *old + = ovsrcu_get_protected(struct cls_conjunction_set *, &match->conj_set); + struct cls_conjunction *old_conj = old ? old->conj : NULL; + unsigned int old_n = old ? old->n : 0; + + if (old_n != n || (n && memcmp(old_conj, conj, n * sizeof *conj))) { + if (old) { + ovsrcu_postpone(free, old); + } + ovsrcu_set(&match->conj_set, + cls_conjunction_set_alloc(match, conj, n)); + } } + /* Returns true if 'a' and 'b' match the same packets at the same priority, * false if they differ in some way. */ bool @@ -500,13 +268,6 @@ cls_rule_equal(const struct cls_rule *a, const struct cls_rule *b) return a->priority == b->priority && minimatch_equal(&a->match, &b->match); } -/* Returns a hash value for 'rule', folding in 'basis'. */ -uint32_t -cls_rule_hash(const struct cls_rule *rule, uint32_t basis) -{ - return minimatch_hash(&rule->match, hash_int(rule->priority, basis)); -} - /* Appends a string describing 'rule' to 's'. */ void cls_rule_format(const struct cls_rule *rule, struct ds *s) @@ -518,86 +279,97 @@ cls_rule_format(const struct cls_rule *rule, struct ds *s) bool cls_rule_is_catchall(const struct cls_rule *rule) { - return minimask_is_catchall(&rule->match.mask); + return minimask_is_catchall(rule->match.mask); } - -/* Initializes 'cls' as a classifier that initially contains no classification - * rules. */ + +/* Makes 'rule' invisible in 'remove_version'. Once that version is used in + * lookups, the caller should remove 'rule' via ovsrcu_postpone(). + * + * 'rule' must be in a classifier. */ void -classifier_init(struct classifier *cls_, const uint8_t *flow_segments) +cls_rule_make_invisible_in_version(const struct cls_rule *rule, + cls_version_t remove_version) { - struct cls_classifier *cls = xmalloc(sizeof *cls); + ovs_assert(remove_version >= rule->cls_match->add_version); - fat_rwlock_init(&cls_->rwlock); + cls_match_set_remove_version(rule->cls_match, remove_version); +} - cls_->cls = cls; +/* This undoes the change made by cls_rule_make_invisible_in_version(). + * + * 'rule' must be in a classifier. */ +void +cls_rule_restore_visibility(const struct cls_rule *rule) +{ + cls_match_set_remove_version(rule->cls_match, CLS_NOT_REMOVED_VERSION); +} +/* Return true if 'rule' is visible in 'version'. + * + * 'rule' must be in a classifier. */ +bool +cls_rule_visible_in_version(const struct cls_rule *rule, cls_version_t version) +{ + return cls_match_visible_in_version(rule->cls_match, version); +} + +/* Initializes 'cls' as a classifier that initially contains no classification + * rules. */ +void +classifier_init(struct classifier *cls, const uint8_t *flow_segments) +{ cls->n_rules = 0; - hmap_init(&cls->subtables); - cls_subtable_cache_init(&cls->subtables_priority); - hmap_init(&cls->partitions); + cmap_init(&cls->subtables_map); + pvector_init(&cls->subtables); cls->n_flow_segments = 0; if (flow_segments) { while (cls->n_flow_segments < CLS_MAX_INDICES - && *flow_segments < FLOW_U32S) { + && *flow_segments < FLOW_U64S) { cls->flow_segments[cls->n_flow_segments++] = *flow_segments++; } } cls->n_tries = 0; + for (int i = 0; i < CLS_MAX_TRIES; i++) { + trie_init(cls, i, NULL); + } + cls->publish = true; } /* Destroys 'cls'. Rules within 'cls', if any, are not freed; this is the - * caller's responsibility. */ + * caller's responsibility. + * May only be called after all the readers have been terminated. */ void -classifier_destroy(struct classifier *cls_) +classifier_destroy(struct classifier *cls) { - if (cls_) { - struct cls_classifier *cls = cls_->cls; - struct cls_subtable *partition, *next_partition; - struct cls_subtable *subtable, *next_subtable; + if (cls) { + struct cls_subtable *subtable; int i; - fat_rwlock_destroy(&cls_->rwlock); - if (!cls) { - return; - } - for (i = 0; i < cls->n_tries; i++) { - trie_destroy(cls->tries[i].root); + trie_destroy(&cls->tries[i].root); } - HMAP_FOR_EACH_SAFE (subtable, next_subtable, hmap_node, - &cls->subtables) { + CMAP_FOR_EACH (subtable, cmap_node, &cls->subtables_map) { destroy_subtable(cls, subtable); } - hmap_destroy(&cls->subtables); + cmap_destroy(&cls->subtables_map); - HMAP_FOR_EACH_SAFE (partition, next_partition, hmap_node, - &cls->partitions) { - hmap_remove(&cls->partitions, &partition->hmap_node); - free(partition); - } - hmap_destroy(&cls->partitions); - - cls_subtable_cache_destroy(&cls->subtables_priority); - free(cls); + pvector_destroy(&cls->subtables); } } -/* We use uint64_t as a set for the fields below. */ -BUILD_ASSERT_DECL(MFF_N_IDS <= 64); - /* Set the fields for which prefix lookup should be performed. */ -void -classifier_set_prefix_fields(struct classifier *cls_, +bool +classifier_set_prefix_fields(struct classifier *cls, const enum mf_field_id *trie_fields, unsigned int n_fields) { - struct cls_classifier *cls = cls_->cls; - uint64_t fields = 0; - int i, trie; + const struct mf_field * new_fields[CLS_MAX_TRIES]; + struct mf_bitmap fields = MF_BITMAP_INITIALIZER; + int i, n_tries = 0; + bool changed = false; - for (i = 0, trie = 0; i < n_fields && trie < CLS_MAX_TRIES; i++) { + for (i = 0; i < n_fields && n_tries < CLS_MAX_TRIES; i++) { const struct mf_field *field = mf_from_id(trie_fields[i]); if (field->flow_be32ofs < 0 || field->n_bits % 32) { /* Incompatible field. This is the only place where we @@ -607,168 +379,318 @@ classifier_set_prefix_fields(struct classifier *cls_, continue; } - if (fields & (UINT64_C(1) << trie_fields[i])) { + if (bitmap_is_set(fields.bm, trie_fields[i])) { /* Duplicate field, there is no need to build more than * one index for any one field. */ continue; } - fields |= UINT64_C(1) << trie_fields[i]; + bitmap_set1(fields.bm, trie_fields[i]); - if (trie >= cls->n_tries || field != cls->tries[trie].field) { - trie_init(cls, trie, field); + new_fields[n_tries] = NULL; + if (n_tries >= cls->n_tries || field != cls->tries[n_tries].field) { + new_fields[n_tries] = field; + changed = true; + } + n_tries++; + } + + if (changed || n_tries < cls->n_tries) { + struct cls_subtable *subtable; + + /* Trie configuration needs to change. Disable trie lookups + * for the tries that are changing and wait all the current readers + * with the old configuration to be done. */ + changed = false; + CMAP_FOR_EACH (subtable, cmap_node, &cls->subtables_map) { + for (i = 0; i < cls->n_tries; i++) { + if ((i < n_tries && new_fields[i]) || i >= n_tries) { + if (subtable->trie_plen[i]) { + subtable->trie_plen[i] = 0; + changed = true; + } + } + } + } + /* Synchronize if any readers were using tries. The readers may + * temporarily function without the trie lookup based optimizations. */ + if (changed) { + /* ovsrcu_synchronize() functions as a memory barrier, so it does + * not matter that subtable->trie_plen is not atomic. */ + ovsrcu_synchronize(); } - trie++; - } - /* Destroy the rest. */ - for (i = trie; i < cls->n_tries; i++) { - trie_init(cls, i, NULL); + /* Now set up the tries. */ + for (i = 0; i < n_tries; i++) { + if (new_fields[i]) { + trie_init(cls, i, new_fields[i]); + } + } + /* Destroy the rest, if any. */ + for (; i < cls->n_tries; i++) { + trie_init(cls, i, NULL); + } + + cls->n_tries = n_tries; + return true; } - cls->n_tries = trie; + + return false; /* No change. */ } static void -trie_init(struct cls_classifier *cls, int trie_idx, - const struct mf_field *field) +trie_init(struct classifier *cls, int trie_idx, const struct mf_field *field) { struct cls_trie *trie = &cls->tries[trie_idx]; struct cls_subtable *subtable; - struct cls_subtable_entry *iter; if (trie_idx < cls->n_tries) { - trie_destroy(trie->root); + trie_destroy(&trie->root); + } else { + ovsrcu_set_hidden(&trie->root, NULL); } - trie->root = NULL; trie->field = field; - /* Add existing rules to the trie. */ - CLS_SUBTABLE_CACHE_FOR_EACH (subtable, iter, &cls->subtables_priority) { + /* Add existing rules to the new trie. */ + CMAP_FOR_EACH (subtable, cmap_node, &cls->subtables_map) { unsigned int plen; plen = field ? minimask_get_prefix_len(&subtable->mask, field) : 0; - /* Initialize subtable's prefix length on this field. */ - subtable->trie_plen[trie_idx] = plen; - if (plen) { struct cls_match *head; - HMAP_FOR_EACH (head, hmap_node, &subtable->rules) { - struct cls_match *match; - - FOR_EACH_RULE_IN_LIST (match, head) { - trie_insert(trie, match->cls_rule, plen); - } + CMAP_FOR_EACH (head, cmap_node, &subtable->rules) { + trie_insert(trie, head->cls_rule, plen); } } + /* Initialize subtable's prefix length on this field. This will + * allow readers to use the trie. */ + atomic_thread_fence(memory_order_release); + subtable->trie_plen[trie_idx] = plen; } } -/* Returns true if 'cls' contains no classification rules, false otherwise. */ +/* Returns true if 'cls' contains no classification rules, false otherwise. + * Checking the cmap requires no locking. */ bool classifier_is_empty(const struct classifier *cls) { - return cls->cls->n_rules == 0; + return cmap_is_empty(&cls->subtables_map); } /* Returns the number of rules in 'cls'. */ int classifier_count(const struct classifier *cls) { - return cls->cls->n_rules; + /* n_rules is an int, so in the presence of concurrent writers this will + * return either the old or a new value. */ + return cls->n_rules; } -static uint32_t -hash_metadata(ovs_be64 metadata_) +static inline ovs_be32 minimatch_get_ports(const struct minimatch *match) { - uint64_t metadata = (OVS_FORCE uint64_t) metadata_; - return hash_uint64(metadata); + /* Could optimize to use the same map if needed for fast path. */ + return MINIFLOW_GET_BE32(match->flow, tp_src) + & MINIFLOW_GET_BE32(&match->mask->masks, tp_src); } -static struct cls_partition * -find_partition(const struct cls_classifier *cls, ovs_be64 metadata, - uint32_t hash) +static void +subtable_replace_head_rule(struct classifier *cls OVS_UNUSED, + struct cls_subtable *subtable, + struct cls_match *head, struct cls_match *new, + uint32_t hash, uint32_t ihash[CLS_MAX_INDICES]) { - struct cls_partition *partition; + /* Rule's data is already in the tries. */ - HMAP_FOR_EACH_IN_BUCKET (partition, hmap_node, hash, &cls->partitions) { - if (partition->metadata == metadata) { - return partition; - } + for (int i = 0; i < subtable->n_indices; i++) { + cmap_replace(&subtable->indices[i], &head->index_nodes[i], + &new->index_nodes[i], ihash[i]); } - - return NULL; -} - -static struct cls_partition * -create_partition(struct cls_classifier *cls, struct cls_subtable *subtable, - ovs_be64 metadata) -{ - uint32_t hash = hash_metadata(metadata); - struct cls_partition *partition = find_partition(cls, metadata, hash); - if (!partition) { - partition = xmalloc(sizeof *partition); - partition->metadata = metadata; - partition->tags = 0; - tag_tracker_init(&partition->tracker); - hmap_insert(&cls->partitions, &partition->hmap_node, hash); - } - tag_tracker_add(&partition->tracker, &partition->tags, subtable->tag); - return partition; + cmap_replace(&subtable->rules, &head->cmap_node, &new->cmap_node, hash); } -/* Inserts 'rule' into 'cls'. Until 'rule' is removed from 'cls', the caller - * must not modify or free it. +/* Inserts 'rule' into 'cls' in 'version'. Until 'rule' is removed from 'cls', + * the caller must not modify or free it. * * If 'cls' already contains an identical rule (including wildcards, values of - * fixed fields, and priority), replaces the old rule by 'rule' and returns the - * rule that was replaced. The caller takes ownership of the returned rule and - * is thus responsible for destroying it with cls_rule_destroy(), freeing the - * memory block in which it resides, etc., as necessary. + * fixed fields, and priority) that is visible in 'version', replaces the old + * rule by 'rule' and returns the rule that was replaced. The caller takes + * ownership of the returned rule and is thus responsible for destroying it + * with cls_rule_destroy(), after RCU grace period has passed (see + * ovsrcu_postpone()). * * Returns NULL if 'cls' does not contain a rule with an identical key, after * inserting the new rule. In this case, no rules are displaced by the new * rule, even rules that cannot have any effect because the new rule matches a - * superset of their flows and has higher priority. */ -struct cls_rule * -classifier_replace(struct classifier *cls_, struct cls_rule *rule) + * superset of their flows and has higher priority. + */ +const struct cls_rule * +classifier_replace(struct classifier *cls, const struct cls_rule *rule, + cls_version_t version, + const struct cls_conjunction *conjs, size_t n_conjs) { - struct cls_classifier *cls = cls_->cls; - struct cls_match *old_rule; + struct cls_match *new; struct cls_subtable *subtable; + uint32_t ihash[CLS_MAX_INDICES]; + struct cls_match *head; + unsigned int mask_offset; + size_t n_rules = 0; + uint32_t basis; + uint32_t hash; + unsigned int i; - subtable = find_subtable(cls, &rule->match.mask); - if (!subtable) { - subtable = insert_subtable(cls, &rule->match.mask); - } + /* 'new' is initially invisible to lookups. */ + new = cls_match_alloc(rule, version, conjs, n_conjs); - old_rule = insert_rule(cls, subtable, rule); - if (!old_rule) { - int i; + CONST_CAST(struct cls_rule *, rule)->cls_match = new; - rule->cls_match->partition = NULL; - if (minimask_get_metadata_mask(&rule->match.mask) == OVS_BE64_MAX) { - ovs_be64 metadata = miniflow_get_metadata(&rule->match.flow); - rule->cls_match->partition = create_partition(cls, subtable, - metadata); - } + subtable = find_subtable(cls, rule->match.mask); + if (!subtable) { + subtable = insert_subtable(cls, rule->match.mask); + } - subtable->n_rules++; - cls->n_rules++; + /* Compute hashes in segments. */ + basis = 0; + mask_offset = 0; + for (i = 0; i < subtable->n_indices; i++) { + ihash[i] = minimatch_hash_range(&rule->match, subtable->index_maps[i], + &mask_offset, &basis); + } + hash = minimatch_hash_range(&rule->match, subtable->index_maps[i], + &mask_offset, &basis); + head = find_equal(subtable, rule->match.flow, hash); + if (!head) { + /* Add rule to tries. + * + * Concurrent readers might miss seeing the rule until this update, + * which might require being fixed up by revalidation later. */ for (i = 0; i < cls->n_tries; i++) { if (subtable->trie_plen[i]) { trie_insert(&cls->tries[i], rule, subtable->trie_plen[i]); } } - return NULL; - } else { - struct cls_rule *old_cls_rule = old_rule->cls_rule; - rule->cls_match->partition = old_rule->partition; - old_cls_rule->cls_match = NULL; - free(old_rule); - return old_cls_rule; + /* Add rule to ports trie. */ + if (subtable->ports_mask_len) { + /* We mask the value to be inserted to always have the wildcarded + * bits in known (zero) state, so we can include them in comparison + * and they will always match (== their original value does not + * matter). */ + ovs_be32 masked_ports = minimatch_get_ports(&rule->match); + + trie_insert_prefix(&subtable->ports_trie, &masked_ports, + subtable->ports_mask_len); + } + + /* Add new node to segment indices. + * + * Readers may find the rule in the indices before the rule is visible + * in the subtables 'rules' map. This may result in us losing the + * opportunity to quit lookups earlier, resulting in sub-optimal + * wildcarding. This will be fixed later by revalidation (always + * scheduled after flow table changes). */ + for (i = 0; i < subtable->n_indices; i++) { + cmap_insert(&subtable->indices[i], &new->index_nodes[i], ihash[i]); + } + n_rules = cmap_insert(&subtable->rules, &new->cmap_node, hash); + } else { /* Equal rules exist in the classifier already. */ + struct cls_match *prev, *iter; + + /* Scan the list for the insertion point that will keep the list in + * order of decreasing priority. Insert after rules marked invisible + * in any version of the same priority. */ + FOR_EACH_RULE_IN_LIST_PROTECTED (iter, prev, head) { + if (rule->priority > iter->priority + || (rule->priority == iter->priority + && !cls_match_is_eventually_invisible(iter))) { + break; + } + } + + /* Replace 'iter' with 'new' or insert 'new' between 'prev' and + * 'iter'. */ + if (iter) { + struct cls_rule *old; + + if (rule->priority == iter->priority) { + cls_match_replace(prev, iter, new); + old = CONST_CAST(struct cls_rule *, iter->cls_rule); + } else { + cls_match_insert(prev, iter, new); + old = NULL; + } + + /* Replace the existing head in data structures, if rule is the new + * head. */ + if (iter == head) { + subtable_replace_head_rule(cls, subtable, head, new, hash, + ihash); + } + + if (old) { + struct cls_conjunction_set *conj_set; + + conj_set = ovsrcu_get_protected(struct cls_conjunction_set *, + &iter->conj_set); + if (conj_set) { + ovsrcu_postpone(free, conj_set); + } + + ovsrcu_postpone(cls_match_free_cb, iter); + old->cls_match = NULL; + + /* No change in subtable's max priority or max count. */ + + /* Make 'new' visible to lookups in the appropriate version. */ + cls_match_set_remove_version(new, CLS_NOT_REMOVED_VERSION); + + /* Make rule visible to iterators (immediately). */ + rculist_replace(CONST_CAST(struct rculist *, &rule->node), + &old->node); + + /* Return displaced rule. Caller is responsible for keeping it + * around until all threads quiesce. */ + return old; + } + } else { + /* 'new' is new node after 'prev' */ + cls_match_insert(prev, iter, new); + } + } + + /* Make 'new' visible to lookups in the appropriate version. */ + cls_match_set_remove_version(new, CLS_NOT_REMOVED_VERSION); + + /* Make rule visible to iterators (immediately). */ + rculist_push_back(&subtable->rules_list, + CONST_CAST(struct rculist *, &rule->node)); + + /* Rule was added, not replaced. Update 'subtable's 'max_priority' and + * 'max_count', if necessary. + * + * The rule was already inserted, but concurrent readers may not see the + * rule yet as the subtables vector is not updated yet. This will have to + * be fixed by revalidation later. */ + if (n_rules == 1) { + subtable->max_priority = rule->priority; + subtable->max_count = 1; + pvector_insert(&cls->subtables, subtable, rule->priority); + } else if (rule->priority == subtable->max_priority) { + ++subtable->max_count; + } else if (rule->priority > subtable->max_priority) { + subtable->max_priority = rule->priority; + subtable->max_count = 1; + pvector_change_priority(&cls->subtables, subtable, rule->priority); } + + /* Nothing was replaced. */ + cls->n_rules++; + + if (cls->publish) { + pvector_publish(&cls->subtables); + } + + return NULL; } /* Inserts 'rule' into 'cls'. Until 'rule' is removed from 'cls', the caller @@ -778,88 +700,157 @@ classifier_replace(struct classifier *cls_, struct cls_rule *rule) * fixed fields, and priority). Use classifier_find_rule_exactly() to find * such a rule. */ void -classifier_insert(struct classifier *cls, struct cls_rule *rule) +classifier_insert(struct classifier *cls, const struct cls_rule *rule, + cls_version_t version, const struct cls_conjunction conj[], + size_t n_conj) { - struct cls_rule *displaced_rule = classifier_replace(cls, rule); + const struct cls_rule *displaced_rule + = classifier_replace(cls, rule, version, conj, n_conj); ovs_assert(!displaced_rule); } /* Removes 'rule' from 'cls'. It is the caller's responsibility to destroy * 'rule' with cls_rule_destroy(), freeing the memory block in which 'rule' - * resides, etc., as necessary. */ -void -classifier_remove(struct classifier *cls_, struct cls_rule *rule) + * resides, etc., as necessary. + * + * Does nothing if 'rule' has been already removed, or was never inserted. + * + * Returns the removed rule, or NULL, if it was already removed. + */ +const struct cls_rule * +classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule) { - struct cls_classifier *cls = cls_->cls; - struct cls_partition *partition; - struct cls_match *cls_match = rule->cls_match; - struct cls_match *head; + struct cls_match *rule, *prev, *next, *head; + struct cls_conjunction_set *conj_set; struct cls_subtable *subtable; - int i; + uint32_t basis = 0, hash, ihash[CLS_MAX_INDICES]; + unsigned int mask_offset; + size_t n_rules; + unsigned int i; - ovs_assert(cls_match); + rule = cls_rule->cls_match; + if (!rule) { + return NULL; + } + /* Mark as removed. */ + CONST_CAST(struct cls_rule *, cls_rule)->cls_match = NULL; - subtable = find_subtable(cls, &rule->match.mask); + /* Remove 'cls_rule' from the subtable's rules list. */ + rculist_remove(CONST_CAST(struct rculist *, &cls_rule->node)); + subtable = find_subtable(cls, cls_rule->match.mask); ovs_assert(subtable); + mask_offset = 0; + for (i = 0; i < subtable->n_indices; i++) { + ihash[i] = minimatch_hash_range(&cls_rule->match, + subtable->index_maps[i], + &mask_offset, &basis); + } + hash = minimatch_hash_range(&cls_rule->match, subtable->index_maps[i], + &mask_offset, &basis); + + head = find_equal(subtable, cls_rule->match.flow, hash); + + /* Check if the rule is not the head rule. */ + if (rule != head) { + struct cls_match *iter; + + /* Not the head rule, but potentially one with the same priority. */ + /* Remove from the list of equal rules. */ + FOR_EACH_RULE_IN_LIST_PROTECTED (iter, prev, head) { + if (rule == iter) { + break; + } + } + ovs_assert(iter == rule); + + cls_match_remove(prev, rule); + + goto check_priority; + } + + /* 'rule' is the head rule. Check if there is another rule to + * replace 'rule' in the data structures. */ + next = cls_match_next_protected(rule); + if (next) { + subtable_replace_head_rule(cls, subtable, rule, next, hash, ihash); + goto check_priority; + } + + /* 'rule' is last of the kind in the classifier, must remove from all the + * data structures. */ + + if (subtable->ports_mask_len) { + ovs_be32 masked_ports = minimatch_get_ports(&cls_rule->match); + + trie_remove_prefix(&subtable->ports_trie, + &masked_ports, subtable->ports_mask_len); + } for (i = 0; i < cls->n_tries; i++) { if (subtable->trie_plen[i]) { - trie_remove(&cls->tries[i], rule, subtable->trie_plen[i]); + trie_remove(&cls->tries[i], cls_rule, subtable->trie_plen[i]); } } /* Remove rule node from indices. */ for (i = 0; i < subtable->n_indices; i++) { - hindex_remove(&subtable->indices[i], &cls_match->index_nodes[i]); + cmap_remove(&subtable->indices[i], &rule->index_nodes[i], ihash[i]); } + n_rules = cmap_remove(&subtable->rules, &rule->cmap_node, hash); - head = find_equal(subtable, &rule->match.flow, cls_match->hmap_node.hash); - if (head != cls_match) { - list_remove(&cls_match->list); - } else if (list_is_empty(&cls_match->list)) { - hmap_remove(&subtable->rules, &cls_match->hmap_node); + if (n_rules == 0) { + destroy_subtable(cls, subtable); } else { - struct cls_match *next = CONTAINER_OF(cls_match->list.next, - struct cls_match, list); - - list_remove(&cls_match->list); - hmap_replace(&subtable->rules, &cls_match->hmap_node, - &next->hmap_node); - } +check_priority: + if (subtable->max_priority == rule->priority + && --subtable->max_count == 0) { + /* Find the new 'max_priority' and 'max_count'. */ + int max_priority = INT_MIN; + struct cls_match *head; - partition = cls_match->partition; - if (partition) { - tag_tracker_subtract(&partition->tracker, &partition->tags, - subtable->tag); - if (!partition->tags) { - hmap_remove(&cls->partitions, &partition->hmap_node); - free(partition); + CMAP_FOR_EACH (head, cmap_node, &subtable->rules) { + if (head->priority > max_priority) { + max_priority = head->priority; + subtable->max_count = 1; + } else if (head->priority == max_priority) { + ++subtable->max_count; + } + } + subtable->max_priority = max_priority; + pvector_change_priority(&cls->subtables, subtable, max_priority); } } - if (--subtable->n_rules == 0) { - destroy_subtable(cls, subtable); - } else { - update_subtables_after_removal(cls, subtable, cls_match->priority); + if (cls->publish) { + pvector_publish(&cls->subtables); } + /* free the rule. */ + conj_set = ovsrcu_get_protected(struct cls_conjunction_set *, + &rule->conj_set); + if (conj_set) { + ovsrcu_postpone(free, conj_set); + } + ovsrcu_postpone(cls_match_free_cb, rule); cls->n_rules--; - rule->cls_match = NULL; - free(cls_match); + return cls_rule; } /* Prefix tree context. Valid when 'lookup_done' is true. Can skip all - * subtables which have more than 'match_plen' bits in their corresponding - * field at offset 'be32ofs'. If skipped, 'maskbits' prefix bits should be - * unwildcarded to quarantee datapath flow matches only packets it should. */ + * subtables which have a prefix match on the trie field, but whose prefix + * length is not indicated in 'match_plens'. For example, a subtable that + * has a 8-bit trie field prefix match can be skipped if + * !be_get_bit_at(&match_plens, 8 - 1). If skipped, 'maskbits' prefix bits + * must be unwildcarded to make datapath flow only match packets it should. */ struct trie_ctx { const struct cls_trie *trie; bool lookup_done; /* Status of the lookup. */ uint8_t be32ofs; /* U32 offset of the field in question. */ - unsigned int match_plen; /* Longest prefix than could possibly match. */ unsigned int maskbits; /* Prefix length needed to avoid false matches. */ + union trie_prefix match_plens; /* Bitmask of prefix lengths with possible + * matches. */ }; static void @@ -870,255 +861,411 @@ trie_ctx_init(struct trie_ctx *ctx, const struct cls_trie *trie) ctx->lookup_done = false; } -static inline void -lookahead_subtable(const struct cls_subtable_entry *subtables) +struct conjunctive_match { + struct hmap_node hmap_node; + uint32_t id; + uint64_t clauses; +}; + +static struct conjunctive_match * +find_conjunctive_match__(struct hmap *matches, uint64_t id, uint32_t hash) { - ovs_prefetch_range(subtables->subtable, sizeof *subtables->subtable); - ovs_prefetch_range(subtables->mask_values, 1); -} + struct conjunctive_match *m; -/* Finds and returns the highest-priority rule in 'cls' that matches 'flow'. - * Returns a null pointer if no rules in 'cls' match 'flow'. If multiple rules - * of equal priority match 'flow', returns one arbitrarily. - * - * If a rule is found and 'wc' is non-null, bitwise-OR's 'wc' with the - * set of bits that were significant in the lookup. At some point - * earlier, 'wc' should have been initialized (e.g., by - * flow_wildcards_init_catchall()). */ -struct cls_rule * -classifier_lookup(const struct classifier *cls_, const struct flow *flow, - struct flow_wildcards *wc) -{ - struct cls_classifier *cls = cls_->cls; - const struct cls_partition *partition; - tag_type tags; - struct cls_match *best; - struct trie_ctx trie_ctx[CLS_MAX_TRIES]; - int i; - struct cls_subtable_entry *subtables = cls->subtables_priority.subtables; - int n_subtables = cls->subtables_priority.size; - int64_t best_priority = -1; + HMAP_FOR_EACH_IN_BUCKET (m, hmap_node, hash, matches) { + if (m->id == id) { + return m; + } + } + return NULL; +} - /* Prefetch the subtables array. */ - ovs_prefetch_range(subtables, n_subtables * sizeof *subtables); +static bool +find_conjunctive_match(const struct cls_conjunction_set *set, + unsigned int max_n_clauses, struct hmap *matches, + struct conjunctive_match *cm_stubs, size_t n_cm_stubs, + uint32_t *idp) +{ + const struct cls_conjunction *c; - /* Determine 'tags' such that, if 'subtable->tag' doesn't intersect them, - * then 'flow' cannot possibly match in 'subtable': - * - * - If flow->metadata maps to a given 'partition', then we can use - * 'tags' for 'partition->tags'. - * - * - If flow->metadata has no partition, then no rule in 'cls' has an - * exact-match for flow->metadata. That means that we don't need to - * search any subtable that includes flow->metadata in its mask. - * - * In either case, we always need to search any cls_subtables that do not - * include flow->metadata in its mask. One way to do that would be to - * check the "cls_subtable"s explicitly for that, but that would require an - * extra branch per subtable. Instead, we mark such a cls_subtable's - * 'tags' as TAG_ALL and make sure that 'tags' is never empty. This means - * that 'tags' always intersects such a cls_subtable's 'tags', so we don't - * need a special case. - */ - partition = (hmap_is_empty(&cls->partitions) - ? NULL - : find_partition(cls, flow->metadata, - hash_metadata(flow->metadata))); - tags = partition ? partition->tags : TAG_ARBITRARY; - - /* Initialize trie contexts for match_find_wc(). */ - for (i = 0; i < cls->n_tries; i++) { - trie_ctx_init(&trie_ctx[i], &cls->tries[i]); + if (max_n_clauses < set->min_n_clauses) { + return false; } - /* Prefetch the first subtables. */ - if (n_subtables > 1) { - lookahead_subtable(subtables); - lookahead_subtable(subtables + 1); - } + for (c = set->conj; c < &set->conj[set->n]; c++) { + struct conjunctive_match *cm; + uint32_t hash; - best = NULL; - for (i = 0; OVS_LIKELY(i < n_subtables); i++) { - struct cls_match *rule; + if (c->n_clauses > max_n_clauses) { + continue; + } - if ((int64_t)subtables[i].max_priority <= best_priority) { - /* Subtables are in descending priority order, - * can not find anything better. */ - break; + hash = hash_int(c->id, 0); + cm = find_conjunctive_match__(matches, c->id, hash); + if (!cm) { + size_t n = hmap_count(matches); + + cm = n < n_cm_stubs ? &cm_stubs[n] : xmalloc(sizeof *cm); + hmap_insert(matches, &cm->hmap_node, hash); + cm->id = c->id; + cm->clauses = UINT64_MAX << (c->n_clauses & 63); + } + cm->clauses |= UINT64_C(1) << c->clause; + if (cm->clauses == UINT64_MAX) { + *idp = cm->id; + return true; } + } + return false; +} + +static void +free_conjunctive_matches(struct hmap *matches, + struct conjunctive_match *cm_stubs, size_t n_cm_stubs) +{ + if (hmap_count(matches) > n_cm_stubs) { + struct conjunctive_match *cm, *next; - /* Prefetch a forthcoming subtable. */ - if (i + 2 < n_subtables) { - lookahead_subtable(&subtables[i + 2]); + HMAP_FOR_EACH_SAFE (cm, next, hmap_node, matches) { + if (!(cm >= cm_stubs && cm < &cm_stubs[n_cm_stubs])) { + free(cm); + } } + } + hmap_destroy(matches); +} - if (!tag_intersects(tags, subtables[i].tag)) { +/* Like classifier_lookup(), except that support for conjunctive matches can be + * configured with 'allow_conjunctive_matches'. That feature is not exposed + * externally because turning off conjunctive matches is only useful to avoid + * recursion within this function itself. + * + * 'flow' is non-const to allow for temporary modifications during the lookup. + * Any changes are restored before returning. */ +static const struct cls_rule * +classifier_lookup__(const struct classifier *cls, cls_version_t version, + struct flow *flow, struct flow_wildcards *wc, + bool allow_conjunctive_matches) +{ + struct trie_ctx trie_ctx[CLS_MAX_TRIES]; + const struct cls_match *match; + /* Highest-priority flow in 'cls' that certainly matches 'flow'. */ + const struct cls_match *hard = NULL; + int hard_pri = INT_MIN; /* hard ? hard->priority : INT_MIN. */ + + /* Highest-priority conjunctive flows in 'cls' matching 'flow'. Since + * these are (components of) conjunctive flows, we can only know whether + * the full conjunctive flow matches after seeing multiple of them. Thus, + * we refer to these as "soft matches". */ + struct cls_conjunction_set *soft_stub[64]; + struct cls_conjunction_set **soft = soft_stub; + size_t n_soft = 0, allocated_soft = ARRAY_SIZE(soft_stub); + int soft_pri = INT_MIN; /* n_soft ? MAX(soft[*]->priority) : INT_MIN. */ + + /* Synchronize for cls->n_tries and subtable->trie_plen. They can change + * when table configuration changes, which happens typically only on + * startup. */ + atomic_thread_fence(memory_order_acquire); + + /* Initialize trie contexts for find_match_wc(). */ + for (int i = 0; i < cls->n_tries; i++) { + trie_ctx_init(&trie_ctx[i], &cls->tries[i]); + } + + /* Main loop. */ + struct cls_subtable *subtable; + PVECTOR_FOR_EACH_PRIORITY (subtable, hard_pri, 2, sizeof *subtable, + &cls->subtables) { + struct cls_conjunction_set *conj_set; + + /* Skip subtables with no match, or where the match is lower-priority + * than some certain match we've already found. */ + match = find_match_wc(subtable, version, flow, trie_ctx, cls->n_tries, + wc); + if (!match || match->priority <= hard_pri) { continue; } - rule = find_match_wc(subtables[i].subtable, flow, trie_ctx, - cls->n_tries, wc); - if (rule && (int64_t)rule->priority > best_priority) { - best_priority = (int64_t)rule->priority; - best = rule; + conj_set = ovsrcu_get(struct cls_conjunction_set *, &match->conj_set); + if (!conj_set) { + /* 'match' isn't part of a conjunctive match. It's the best + * certain match we've got so far, since we know that it's + * higher-priority than hard_pri. + * + * (There might be a higher-priority conjunctive match. We can't + * tell yet.) */ + hard = match; + hard_pri = hard->priority; + } else if (allow_conjunctive_matches) { + /* 'match' is part of a conjunctive match. Add it to the list. */ + if (OVS_UNLIKELY(n_soft >= allocated_soft)) { + struct cls_conjunction_set **old_soft = soft; + + allocated_soft *= 2; + soft = xmalloc(allocated_soft * sizeof *soft); + memcpy(soft, old_soft, n_soft * sizeof *soft); + if (old_soft != soft_stub) { + free(old_soft); + } + } + soft[n_soft++] = conj_set; + + /* Keep track of the highest-priority soft match. */ + if (soft_pri < match->priority) { + soft_pri = match->priority; + } + } + } + + /* In the common case, at this point we have no soft matches and we can + * return immediately. (We do the same thing if we have potential soft + * matches but none of them are higher-priority than our hard match.) */ + if (hard_pri >= soft_pri) { + if (soft != soft_stub) { + free(soft); } + return hard ? hard->cls_rule : NULL; } - return best ? best->cls_rule : NULL; -} + /* At this point, we have some soft matches. We might also have a hard + * match; if so, its priority is lower than the highest-priority soft + * match. */ -/* Returns true if 'target' satisifies 'match', that is, if each bit for which - * 'match' specifies a particular value has the correct value in 'target'. */ -static bool -minimatch_matches_miniflow(const struct minimatch *match, - const struct miniflow *target) -{ - const uint32_t *flowp = miniflow_get_u32_values(&match->flow); - const uint32_t *maskp = miniflow_get_u32_values(&match->mask.masks); - uint32_t target_u32; + /* Soft match loop. + * + * Check whether soft matches are real matches. */ + for (;;) { + /* Delete soft matches that are null. This only happens in second and + * subsequent iterations of the soft match loop, when we drop back from + * a high-priority soft match to a lower-priority one. + * + * Also, delete soft matches whose priority is less than or equal to + * the hard match's priority. In the first iteration of the soft + * match, these can be in 'soft' because the earlier main loop found + * the soft match before the hard match. In second and later iteration + * of the soft match loop, these can be in 'soft' because we dropped + * back from a high-priority soft match to a lower-priority soft match. + * + * It is tempting to delete soft matches that cannot be satisfied + * because there are fewer soft matches than required to satisfy any of + * their conjunctions, but we cannot do that because there might be + * lower priority soft or hard matches with otherwise identical + * matches. (We could special case those here, but there's no + * need--we'll do so at the bottom of the soft match loop anyway and + * this duplicates less code.) + * + * It's also tempting to break out of the soft match loop if 'n_soft == + * 1' but that would also miss lower-priority hard matches. We could + * special case that also but again there's no need. */ + for (int i = 0; i < n_soft; ) { + if (!soft[i] || soft[i]->priority <= hard_pri) { + soft[i] = soft[--n_soft]; + } else { + i++; + } + } + if (!n_soft) { + break; + } - MINIFLOW_FOR_EACH_IN_MAP(target_u32, target, match->mask.masks.map) { - if ((*flowp++ ^ target_u32) & *maskp++) { - return false; + /* Find the highest priority among the soft matches. (We know this + * must be higher than the hard match's priority; otherwise we would + * have deleted all of the soft matches in the previous loop.) Count + * the number of soft matches that have that priority. */ + soft_pri = INT_MIN; + int n_soft_pri = 0; + for (int i = 0; i < n_soft; i++) { + if (soft[i]->priority > soft_pri) { + soft_pri = soft[i]->priority; + n_soft_pri = 1; + } else if (soft[i]->priority == soft_pri) { + n_soft_pri++; + } } - } + ovs_assert(soft_pri > hard_pri); - return true; -} + /* Look for a real match among the highest-priority soft matches. + * + * It's unusual to have many conjunctive matches, so we use stubs to + * avoid calling malloc() in the common case. An hmap has a built-in + * stub for up to 2 hmap_nodes; possibly, we would benefit a variant + * with a bigger stub. */ + struct conjunctive_match cm_stubs[16]; + struct hmap matches; + + hmap_init(&matches); + for (int i = 0; i < n_soft; i++) { + uint32_t id; + + if (soft[i]->priority == soft_pri + && find_conjunctive_match(soft[i], n_soft_pri, &matches, + cm_stubs, ARRAY_SIZE(cm_stubs), + &id)) { + uint32_t saved_conj_id = flow->conj_id; + const struct cls_rule *rule; + + flow->conj_id = id; + rule = classifier_lookup__(cls, version, flow, wc, false); + flow->conj_id = saved_conj_id; + + if (rule) { + free_conjunctive_matches(&matches, + cm_stubs, ARRAY_SIZE(cm_stubs)); + if (soft != soft_stub) { + free(soft); + } + return rule; + } + } + } + free_conjunctive_matches(&matches, cm_stubs, ARRAY_SIZE(cm_stubs)); -static inline struct cls_match * -find_match_miniflow(const struct cls_subtable *subtable, - const struct miniflow *flow, - uint32_t hash) -{ - struct cls_match *rule; + /* There's no real match among the highest-priority soft matches. + * However, if any of those soft matches has a lower-priority but + * otherwise identical flow match, then we need to consider those for + * soft or hard matches. + * + * The next iteration of the soft match loop will delete any null + * pointers we put into 'soft' (and some others too). */ + for (int i = 0; i < n_soft; i++) { + if (soft[i]->priority != soft_pri) { + continue; + } - HMAP_FOR_EACH_WITH_HASH (rule, hmap_node, hash, &subtable->rules) { - if (minimatch_matches_miniflow(&rule->match, flow)) { - return rule; + /* Find next-lower-priority flow with identical flow match. */ + match = next_visible_rule_in_list(soft[i]->match, version); + if (match) { + soft[i] = ovsrcu_get(struct cls_conjunction_set *, + &match->conj_set); + if (!soft[i]) { + /* The flow is a hard match; don't treat as a soft + * match. */ + if (match->priority > hard_pri) { + hard = match; + hard_pri = hard->priority; + } + } + } else { + /* No such lower-priority flow (probably the common case). */ + soft[i] = NULL; + } } } - return NULL; + if (soft != soft_stub) { + free(soft); + } + return hard ? hard->cls_rule : NULL; } -/* Finds and returns the highest-priority rule in 'cls' that matches - * 'miniflow'. Returns a null pointer if no rules in 'cls' match 'flow'. - * If multiple rules of equal priority match 'flow', returns one arbitrarily. +/* Finds and returns the highest-priority rule in 'cls' that matches 'flow' and + * that is visible in 'version'. Returns a null pointer if no rules in 'cls' + * match 'flow'. If multiple rules of equal priority match 'flow', returns one + * arbitrarily. * - * This function is optimized for the userspace datapath, which only ever has - * one priority value for it's flows! - */ -struct cls_rule *classifier_lookup_miniflow_first(const struct classifier *cls_, - const struct miniflow *flow) + * If a rule is found and 'wc' is non-null, bitwise-OR's 'wc' with the + * set of bits that were significant in the lookup. At some point + * earlier, 'wc' should have been initialized (e.g., by + * flow_wildcards_init_catchall()). + * + * 'flow' is non-const to allow for temporary modifications during the lookup. + * Any changes are restored before returning. */ +const struct cls_rule * +classifier_lookup(const struct classifier *cls, cls_version_t version, + struct flow *flow, struct flow_wildcards *wc) { - struct cls_classifier *cls = cls_->cls; - struct cls_subtable *subtable; - struct cls_subtable_entry *iter; - - CLS_SUBTABLE_CACHE_FOR_EACH (subtable, iter, &cls->subtables_priority) { - struct cls_match *rule; - - rule = find_match_miniflow(subtable, flow, - miniflow_hash_in_minimask(flow, - &subtable->mask, - 0)); - if (rule) { - return rule->cls_rule; - } - } - - return NULL; + return classifier_lookup__(cls, version, flow, wc, true); } /* Finds and returns a rule in 'cls' with exactly the same priority and - * matching criteria as 'target'. Returns a null pointer if 'cls' doesn't + * matching criteria as 'target', and that is visible in 'version'. + * Only one such rule may ever exist. Returns a null pointer if 'cls' doesn't * contain an exact match. */ -struct cls_rule * -classifier_find_rule_exactly(const struct classifier *cls_, - const struct cls_rule *target) +const struct cls_rule * +classifier_find_rule_exactly(const struct classifier *cls, + const struct cls_rule *target, + cls_version_t version) { - struct cls_classifier *cls = cls_->cls; - struct cls_match *head, *rule; - struct cls_subtable *subtable; + const struct cls_match *head, *rule; + const struct cls_subtable *subtable; - subtable = find_subtable(cls, &target->match.mask); + subtable = find_subtable(cls, target->match.mask); if (!subtable) { return NULL; } - /* Skip if there is no hope. */ - if (target->priority > subtable->max_priority) { + head = find_equal(subtable, target->match.flow, + miniflow_hash_in_minimask(target->match.flow, + target->match.mask, 0)); + if (!head) { return NULL; } - - head = find_equal(subtable, &target->match.flow, - miniflow_hash_in_minimask(&target->match.flow, - &target->match.mask, 0)); - FOR_EACH_RULE_IN_LIST (rule, head) { - if (target->priority >= rule->priority) { - return target->priority == rule->priority ? rule->cls_rule : NULL; + CLS_MATCH_FOR_EACH (rule, head) { + if (rule->priority < target->priority) { + break; /* Not found. */ + } + if (rule->priority == target->priority + && cls_match_visible_in_version(rule, version)) { + return rule->cls_rule; } } return NULL; } /* Finds and returns a rule in 'cls' with priority 'priority' and exactly the - * same matching criteria as 'target'. Returns a null pointer if 'cls' doesn't - * contain an exact match. */ -struct cls_rule * + * same matching criteria as 'target', and that is visible in 'version'. + * Returns a null pointer if 'cls' doesn't contain an exact match visible in + * 'version'. */ +const struct cls_rule * classifier_find_match_exactly(const struct classifier *cls, - const struct match *target, - unsigned int priority) + const struct match *target, int priority, + cls_version_t version) { - struct cls_rule *retval; + const struct cls_rule *retval; struct cls_rule cr; cls_rule_init(&cr, target, priority); - retval = classifier_find_rule_exactly(cls, &cr); + retval = classifier_find_rule_exactly(cls, &cr, version); cls_rule_destroy(&cr); return retval; } -/* Checks if 'target' would overlap any other rule in 'cls'. Two rules are - * considered to overlap if both rules have the same priority and a packet - * could match both. */ +/* Checks if 'target' would overlap any other rule in 'cls' in 'version'. Two + * rules are considered to overlap if both rules have the same priority and a + * packet could match both, and if both rules are visible in the same version. + * + * A trivial example of overlapping rules is two rules matching disjoint sets + * of fields. E.g., if one rule matches only on port number, while another only + * on dl_type, any packet from that specific port and with that specific + * dl_type could match both, if the rules also have the same priority. */ bool -classifier_rule_overlaps(const struct classifier *cls_, - const struct cls_rule *target) +classifier_rule_overlaps(const struct classifier *cls, + const struct cls_rule *target, cls_version_t version) { - struct cls_classifier *cls = cls_->cls; struct cls_subtable *subtable; - struct cls_subtable_entry *iter; /* Iterate subtables in the descending max priority order. */ - CLS_SUBTABLE_CACHE_FOR_EACH (subtable, iter, &cls->subtables_priority) { - uint32_t storage[FLOW_U32S]; - struct minimask mask; - struct cls_match *head; - - if (target->priority > iter->max_priority) { - break; /* Can skip this and the rest of the subtables. */ - } - - minimask_combine(&mask, &target->match.mask, &subtable->mask, storage); - HMAP_FOR_EACH (head, hmap_node, &subtable->rules) { - struct cls_match *rule; - - FOR_EACH_RULE_IN_LIST (rule, head) { - if (rule->priority < target->priority) { - break; /* Rules in descending priority order. */ - } - if (rule->priority == target->priority - && miniflow_equal_in_minimask(&target->match.flow, - &rule->match.flow, &mask)) { - return true; - } + PVECTOR_FOR_EACH_PRIORITY (subtable, target->priority - 1, 2, + sizeof(struct cls_subtable), &cls->subtables) { + struct { + struct minimask mask; + uint64_t storage[FLOW_U64S]; + } m; + const struct cls_rule *rule; + + minimask_combine(&m.mask, target->match.mask, &subtable->mask, + m.storage); + + RCULIST_FOR_EACH (rule, node, &subtable->rules_list) { + if (rule->priority == target->priority + && miniflow_equal_in_minimask(target->match.flow, + rule->match.flow, &m.mask) + && cls_match_visible_in_version(rule->cls_match, version)) { + return true; } } } - return false; } @@ -1159,31 +1306,34 @@ bool cls_rule_is_loose_match(const struct cls_rule *rule, const struct minimatch *criteria) { - return (!minimask_has_extra(&rule->match.mask, &criteria->mask) - && miniflow_equal_in_minimask(&rule->match.flow, &criteria->flow, - &criteria->mask)); + return (!minimask_has_extra(rule->match.mask, criteria->mask) + && miniflow_equal_in_minimask(rule->match.flow, criteria->flow, + criteria->mask)); } /* Iteration. */ static bool -rule_matches(const struct cls_match *rule, const struct cls_rule *target) +rule_matches(const struct cls_rule *rule, const struct cls_rule *target, + cls_version_t version) { - return (!target - || miniflow_equal_in_minimask(&rule->match.flow, - &target->match.flow, - &target->match.mask)); + /* Rule may only match a target if it is visible in target's version. */ + return cls_match_visible_in_version(rule->cls_match, version) + && (!target || miniflow_equal_in_minimask(rule->match.flow, + target->match.flow, + target->match.mask)); } -static struct cls_match * +static const struct cls_rule * search_subtable(const struct cls_subtable *subtable, - const struct cls_rule *target) + struct cls_cursor *cursor) { - if (!target || !minimask_has_extra(&subtable->mask, &target->match.mask)) { - struct cls_match *rule; + if (!cursor->target + || !minimask_has_extra(&subtable->mask, cursor->target->match.mask)) { + const struct cls_rule *rule; - HMAP_FOR_EACH (rule, hmap_node, &subtable->rules) { - if (rule_matches(rule, target)) { + RCULIST_FOR_EACH (rule, node, &subtable->rules_list) { + if (rule_matches(rule, cursor->target, cursor->version)) { return rule; } } @@ -1191,83 +1341,84 @@ search_subtable(const struct cls_subtable *subtable, return NULL; } -/* Initializes 'cursor' for iterating through rules in 'cls': +/* Initializes 'cursor' for iterating through rules in 'cls', and returns the + * cursor. * - * - If 'target' is null, the cursor will visit every rule in 'cls'. + * - If 'target' is null, or if the 'target' is a catchall target, the + * cursor will visit every rule in 'cls' that is visible in 'version'. * * - If 'target' is nonnull, the cursor will visit each 'rule' in 'cls' - * such that cls_rule_is_loose_match(rule, target) returns true. + * such that cls_rule_is_loose_match(rule, target) returns true and that + * the rule is visible in 'version'. * * Ignores target->priority. */ -void -cls_cursor_init(struct cls_cursor *cursor, const struct classifier *cls, - const struct cls_rule *target) -{ - cursor->cls = cls->cls; - cursor->target = target && !cls_rule_is_catchall(target) ? target : NULL; -} - -/* Returns the first matching cls_rule in 'cursor''s iteration, or a null - * pointer if there are no matches. */ -struct cls_rule * -cls_cursor_first(struct cls_cursor *cursor) +struct cls_cursor +cls_cursor_start(const struct classifier *cls, const struct cls_rule *target, + cls_version_t version) { + struct cls_cursor cursor; struct cls_subtable *subtable; - HMAP_FOR_EACH (subtable, hmap_node, &cursor->cls->subtables) { - struct cls_match *rule = search_subtable(subtable, cursor->target); + cursor.cls = cls; + cursor.target = target && !cls_rule_is_catchall(target) ? target : NULL; + cursor.version = version; + cursor.rule = NULL; + + /* Find first rule. */ + PVECTOR_CURSOR_FOR_EACH (subtable, &cursor.subtables, + &cursor.cls->subtables) { + const struct cls_rule *rule = search_subtable(subtable, &cursor); + if (rule) { - cursor->subtable = subtable; - return rule->cls_rule; + cursor.subtable = subtable; + cursor.rule = rule; + break; } } - return NULL; + return cursor; } -/* Returns the next matching cls_rule in 'cursor''s iteration, or a null - * pointer if there are no more matches. */ -struct cls_rule * -cls_cursor_next(struct cls_cursor *cursor, const struct cls_rule *rule_) +static const struct cls_rule * +cls_cursor_next(struct cls_cursor *cursor) { - struct cls_match *rule = CONST_CAST(struct cls_match *, rule_->cls_match); + const struct cls_rule *rule; const struct cls_subtable *subtable; - struct cls_match *next; - - next = next_rule_in_list__(rule); - if (next->priority < rule->priority) { - return next->cls_rule; - } - /* 'next' is the head of the list, that is, the rule that is included in - * the subtable's hmap. (This is important when the classifier contains - * rules that differ only in priority.) */ - rule = next; - HMAP_FOR_EACH_CONTINUE (rule, hmap_node, &cursor->subtable->rules) { - if (rule_matches(rule, cursor->target)) { - return rule->cls_rule; + rule = cursor->rule; + subtable = cursor->subtable; + RCULIST_FOR_EACH_CONTINUE (rule, node, &subtable->rules_list) { + if (rule_matches(rule, cursor->target, cursor->version)) { + return rule; } } - subtable = cursor->subtable; - HMAP_FOR_EACH_CONTINUE (subtable, hmap_node, &cursor->cls->subtables) { - rule = search_subtable(subtable, cursor->target); + PVECTOR_CURSOR_FOR_EACH_CONTINUE (subtable, &cursor->subtables) { + rule = search_subtable(subtable, cursor); if (rule) { cursor->subtable = subtable; - return rule->cls_rule; + return rule; } } return NULL; } + +/* Sets 'cursor->rule' to the next matching cls_rule in 'cursor''s iteration, + * or to null if all matching rules have been visited. */ +void +cls_cursor_advance(struct cls_cursor *cursor) +{ + cursor->rule = cls_cursor_next(cursor); +} static struct cls_subtable * -find_subtable(const struct cls_classifier *cls, const struct minimask *mask) +find_subtable(const struct classifier *cls, const struct minimask *mask) { struct cls_subtable *subtable; - HMAP_FOR_EACH_IN_BUCKET (subtable, hmap_node, minimask_hash(mask, 0), - &cls->subtables) { + CMAP_FOR_EACH_WITH_HASH (subtable, cmap_node, minimask_hash(mask, 0), + &cls->subtables_map) { if (minimask_equal(mask, &subtable->mask)) { return subtable; } @@ -1275,200 +1426,129 @@ find_subtable(const struct cls_classifier *cls, const struct minimask *mask) return NULL; } +/* Initializes 'map' with a subset of 'miniflow''s maps that includes only the + * portions with u64-offset 'i' such that 'start' <= i < 'end'. Does not copy + * any data from 'miniflow' to 'map'. */ +static struct flowmap +miniflow_get_map_in_range(const struct miniflow *miniflow, uint8_t start, + uint8_t end) +{ + struct flowmap map; + size_t ofs = 0; + + map = miniflow->map; + + /* Clear the bits before 'start'. */ + while (start >= MAP_T_BITS) { + start -= MAP_T_BITS; + ofs += MAP_T_BITS; + map.bits[start / MAP_T_BITS] = 0; + } + if (start > 0) { + flowmap_clear(&map, ofs, start); + } + + /* Clear the bits starting at 'end'. */ + if (end < FLOW_U64S) { + /* flowmap_clear() can handle at most MAP_T_BITS at a time. */ + ovs_assert(FLOW_U64S - end <= MAP_T_BITS); + flowmap_clear(&map, end, FLOW_U64S - end); + } + return map; +} + +/* The new subtable will be visible to the readers only after this. */ static struct cls_subtable * -insert_subtable(struct cls_classifier *cls, const struct minimask *mask) +insert_subtable(struct classifier *cls, const struct minimask *mask) { uint32_t hash = minimask_hash(mask, 0); struct cls_subtable *subtable; int i, index = 0; - struct flow_wildcards old, new; + struct flowmap stage_map; uint8_t prev; - struct cls_subtable_entry elem; + size_t count = miniflow_n_values(&mask->masks); - subtable = xzalloc(sizeof *subtable); - hmap_init(&subtable->rules); - minimask_clone(&subtable->mask, mask); + subtable = xzalloc(sizeof *subtable + MINIFLOW_VALUES_SIZE(count)); + cmap_init(&subtable->rules); + miniflow_clone(CONST_CAST(struct miniflow *, &subtable->mask.masks), + &mask->masks, count); /* Init indices for segmented lookup, if any. */ - flow_wildcards_init_catchall(&new); - old = new; prev = 0; for (i = 0; i < cls->n_flow_segments; i++) { - flow_wildcards_fold_minimask_range(&new, mask, prev, - cls->flow_segments[i]); + stage_map = miniflow_get_map_in_range(&mask->masks, prev, + cls->flow_segments[i]); /* Add an index if it adds mask bits. */ - if (!flow_wildcards_equal(&new, &old)) { - hindex_init(&subtable->indices[index]); - subtable->index_ofs[index] = cls->flow_segments[i]; + if (!flowmap_is_empty(stage_map)) { + cmap_init(&subtable->indices[index]); + *CONST_CAST(struct flowmap *, &subtable->index_maps[index]) + = stage_map; index++; - old = new; } prev = cls->flow_segments[i]; } - /* Check if the rest of the subtable's mask adds any bits, + /* Map for the final stage. */ + *CONST_CAST(struct flowmap *, &subtable->index_maps[index]) + = miniflow_get_map_in_range(&mask->masks, prev, FLOW_U64S); + /* Check if the final stage adds any bits, * and remove the last index if it doesn't. */ if (index > 0) { - flow_wildcards_fold_minimask_range(&new, mask, prev, FLOW_U32S); - if (flow_wildcards_equal(&new, &old)) { + if (flowmap_equal(subtable->index_maps[index], + subtable->index_maps[index - 1])) { --index; - subtable->index_ofs[index] = 0; - hindex_destroy(&subtable->indices[index]); + cmap_destroy(&subtable->indices[index]); } } - subtable->n_indices = index; - - subtable->tag = (minimask_get_metadata_mask(mask) == OVS_BE64_MAX - ? tag_create_deterministic(hash) - : TAG_ALL); + *CONST_CAST(uint8_t *, &subtable->n_indices) = index; for (i = 0; i < cls->n_tries; i++) { subtable->trie_plen[i] = minimask_get_prefix_len(mask, cls->tries[i].field); } - hmap_insert(&cls->subtables, &subtable->hmap_node, hash); - elem.subtable = subtable; - elem.mask_values = miniflow_get_values(&subtable->mask.masks); - elem.tag = subtable->tag; - elem.max_priority = subtable->max_priority; - cls_subtable_cache_push_back(&cls->subtables_priority, elem); - - return subtable; -} + /* Ports trie. */ + ovsrcu_set_hidden(&subtable->ports_trie, NULL); + *CONST_CAST(int *, &subtable->ports_mask_len) + = 32 - ctz32(ntohl(MINIFLOW_GET_BE32(&mask->masks, tp_src))); -static void -destroy_subtable(struct cls_classifier *cls, struct cls_subtable *subtable) -{ - int i; - struct cls_subtable *table = NULL; - struct cls_subtable_entry *iter; + /* List of rules. */ + rculist_init(&subtable->rules_list); - CLS_SUBTABLE_CACHE_FOR_EACH (table, iter, &cls->subtables_priority) { - if (table == subtable) { - cls_subtable_cache_remove(&cls->subtables_priority, iter); - break; - } - } + cmap_insert(&cls->subtables_map, &subtable->cmap_node, hash); - for (i = 0; i < subtable->n_indices; i++) { - hindex_destroy(&subtable->indices[i]); - } - minimask_destroy(&subtable->mask); - hmap_remove(&cls->subtables, &subtable->hmap_node); - hmap_destroy(&subtable->rules); - free(subtable); + return subtable; } -/* This function performs the following updates for 'subtable' in 'cls' - * following the addition of a new rule with priority 'new_priority' to - * 'subtable': - * - * - Update 'subtable->max_priority' and 'subtable->max_count' if necessary. - * - * - Update 'subtable''s position in 'cls->subtables_priority' if necessary. - * - * This function should only be called after adding a new rule, not after - * replacing a rule by an identical one or modifying a rule in-place. */ +/* RCU readers may still access the subtable before it is actually freed. */ static void -update_subtables_after_insertion(struct cls_classifier *cls, - struct cls_subtable *subtable, - unsigned int new_priority) +destroy_subtable(struct classifier *cls, struct cls_subtable *subtable) { - if (new_priority == subtable->max_priority) { - ++subtable->max_count; - } else if (new_priority > subtable->max_priority) { - struct cls_subtable *table; - struct cls_subtable_entry *iter, *subtable_iter = NULL; - - subtable->max_priority = new_priority; - subtable->max_count = 1; - - /* Possibly move 'subtable' earlier in the priority list. If we break - * out of the loop, then 'subtable_iter' should be moved just before - * 'iter'. If the loop terminates normally, then 'iter' will be the - * first list element and we'll move subtable just before that - * (e.g. to the front of the list). */ - CLS_SUBTABLE_CACHE_FOR_EACH_REVERSE (table, iter, &cls->subtables_priority) { - if (table == subtable) { - subtable_iter = iter; /* Locate the subtable as we go. */ - iter->max_priority = new_priority; - } else if (table->max_priority >= new_priority) { - ovs_assert(subtable_iter != NULL); - iter++; - break; - } - } - - /* Move 'subtable' just before 'iter' (unless it's already there). */ - if (iter != subtable_iter) { - cls_subtable_cache_splice(iter, subtable_iter, subtable_iter + 1); - } - } -} + int i; -/* This function performs the following updates for 'subtable' in 'cls' - * following the deletion of a rule with priority 'del_priority' from - * 'subtable': - * - * - Update 'subtable->max_priority' and 'subtable->max_count' if necessary. - * - * - Update 'subtable''s position in 'cls->subtables_priority' if necessary. - * - * This function should only be called after removing a rule, not after - * replacing a rule by an identical one or modifying a rule in-place. */ -static void -update_subtables_after_removal(struct cls_classifier *cls, - struct cls_subtable *subtable, - unsigned int del_priority) -{ - if (del_priority == subtable->max_priority && --subtable->max_count == 0) { - struct cls_match *head; - struct cls_subtable *table; - struct cls_subtable_entry *iter, *subtable_iter = NULL; - - subtable->max_priority = 0; - HMAP_FOR_EACH (head, hmap_node, &subtable->rules) { - if (head->priority > subtable->max_priority) { - subtable->max_priority = head->priority; - subtable->max_count = 1; - } else if (head->priority == subtable->max_priority) { - ++subtable->max_count; - } - } + pvector_remove(&cls->subtables, subtable); + cmap_remove(&cls->subtables_map, &subtable->cmap_node, + minimask_hash(&subtable->mask, 0)); - /* Possibly move 'subtable' later in the priority list. If we break - * out of the loop, then 'subtable' should be moved just before that - * 'iter'. If the loop terminates normally, then 'iter' will be the - * list head and we'll move subtable just before that (e.g. to the back - * of the list). */ - CLS_SUBTABLE_CACHE_FOR_EACH (table, iter, &cls->subtables_priority) { - if (table == subtable) { - subtable_iter = iter; /* Locate the subtable as we go. */ - iter->max_priority = subtable->max_priority; - } else if (table->max_priority <= subtable->max_priority) { - ovs_assert(subtable_iter != NULL); - break; - } - } + ovs_assert(ovsrcu_get_protected(struct trie_node *, &subtable->ports_trie) + == NULL); + ovs_assert(cmap_is_empty(&subtable->rules)); + ovs_assert(rculist_is_empty(&subtable->rules_list)); - /* Move 'subtable' just before 'iter' (unless it's already there). */ - if (iter != subtable_iter) { - cls_subtable_cache_splice(iter, subtable_iter, subtable_iter + 1); - } + for (i = 0; i < subtable->n_indices; i++) { + cmap_destroy(&subtable->indices[i]); } + cmap_destroy(&subtable->rules); + ovsrcu_postpone(free, subtable); } -struct range { - uint8_t start; - uint8_t end; -}; +static unsigned int be_get_bit_at(const ovs_be32 value[], unsigned int ofs); /* Return 'true' if can skip rest of the subtable based on the prefix trie * lookup results. */ static inline bool check_tries(struct trie_ctx trie_ctx[CLS_MAX_TRIES], unsigned int n_tries, const unsigned int field_plen[CLS_MAX_TRIES], - const struct range ofs, const struct flow *flow, + const struct flowmap range_map, const struct flow *flow, struct flow_wildcards *wc) { int j; @@ -1477,46 +1557,41 @@ check_tries(struct trie_ctx trie_ctx[CLS_MAX_TRIES], unsigned int n_tries, * fields using the prefix tries. The trie checks are done only as * needed to avoid folding in additional bits to the wildcards mask. */ for (j = 0; j < n_tries; j++) { - /* Is the trie field relevant for this subtable? */ - if (field_plen[j]) { + /* Is the trie field relevant for this subtable, and + is the trie field within the current range of fields? */ + if (field_plen[j] && + flowmap_is_set(&range_map, trie_ctx[j].be32ofs / 2)) { struct trie_ctx *ctx = &trie_ctx[j]; - uint8_t be32ofs = ctx->be32ofs; - - /* Is the trie field within the current range of fields? */ - if (be32ofs >= ofs.start && be32ofs < ofs.end) { - /* On-demand trie lookup. */ - if (!ctx->lookup_done) { - ctx->match_plen = trie_lookup(ctx->trie, flow, - &ctx->maskbits); - ctx->lookup_done = true; + + /* On-demand trie lookup. */ + if (!ctx->lookup_done) { + memset(&ctx->match_plens, 0, sizeof ctx->match_plens); + ctx->maskbits = trie_lookup(ctx->trie, flow, &ctx->match_plens); + ctx->lookup_done = true; + } + /* Possible to skip the rest of the subtable if subtable's + * prefix on the field is not included in the lookup result. */ + if (!be_get_bit_at(&ctx->match_plens.be32, field_plen[j] - 1)) { + /* We want the trie lookup to never result in unwildcarding + * any bits that would not be unwildcarded otherwise. + * Since the trie is shared by the whole classifier, it is + * possible that the 'maskbits' contain bits that are + * irrelevant for the partition relevant for the current + * packet. Hence the checks below. */ + + /* Check that the trie result will not unwildcard more bits + * than this subtable would otherwise. */ + if (ctx->maskbits <= field_plen[j]) { + /* Unwildcard the bits and skip the rest. */ + mask_set_prefix_bits(wc, ctx->be32ofs, ctx->maskbits); + /* Note: Prerequisite already unwildcarded, as the only + * prerequisite of the supported trie lookup fields is + * the ethertype, which is always unwildcarded. */ + return true; } - /* Possible to skip the rest of the subtable if subtable's - * prefix on the field is longer than what is known to match - * based on the trie lookup. */ - if (field_plen[j] > ctx->match_plen) { - /* RFC: We want the trie lookup to never result in - * unwildcarding any bits that would not be unwildcarded - * otherwise. Since the trie is shared by the whole - * classifier, it is possible that the 'maskbits' contain - * bits that are irrelevant for the partition of the - * classifier relevant for the current flow. */ - - /* Can skip if the field is already unwildcarded. */ - if (mask_prefix_bits_set(wc, be32ofs, ctx->maskbits)) { - return true; - } - /* Check that the trie result will not unwildcard more bits - * than this stage will. */ - if (ctx->maskbits <= field_plen[j]) { - /* Unwildcard the bits and skip the rest. */ - mask_set_prefix_bits(wc, be32ofs, ctx->maskbits); - /* Note: Prerequisite already unwildcarded, as the only - * prerequisite of the supported trie lookup fields is - * the ethertype, which is currently always - * unwildcarded. - */ - return true; - } + /* Can skip if the field is already unwildcarded. */ + if (mask_prefix_bits_set(wc, ctx->be32ofs, ctx->maskbits)) { + return true; } } } @@ -1524,208 +1599,220 @@ check_tries(struct trie_ctx trie_ctx[CLS_MAX_TRIES], unsigned int n_tries, return false; } -static inline struct cls_match * -find_match(const struct cls_subtable *subtable, const struct flow *flow, - uint32_t hash) +/* Returns true if 'target' satisifies 'flow'/'mask', that is, if each bit + * for which 'flow', for which 'mask' has a bit set, specifies a particular + * value has the correct value in 'target'. + * + * This function is equivalent to miniflow_equal_flow_in_minimask(flow, + * target, mask) but this is faster because of the invariant that + * flow->map and mask->masks.map are the same, and that this version + * takes the 'wc'. */ +static inline bool +miniflow_and_mask_matches_flow(const struct miniflow *flow, + const struct minimask *mask, + const struct flow *target) { - struct cls_match *rule; + const uint64_t *flowp = miniflow_get_values(flow); + const uint64_t *maskp = miniflow_get_values(&mask->masks); + const uint64_t *target_u64 = (const uint64_t *)target; + map_t map; - HMAP_FOR_EACH_WITH_HASH (rule, hmap_node, hash, &subtable->rules) { - if (minimatch_matches_flow(&rule->match, flow)) { - return rule; + FLOWMAP_FOR_EACH_MAP (map, mask->masks.map) { + size_t idx; + + MAP_FOR_EACH_INDEX (idx, map) { + if ((*flowp++ ^ target_u64[idx]) & *maskp++) { + return false; + } + } + target_u64 += MAP_T_BITS; + } + return true; +} + +static inline const struct cls_match * +find_match(const struct cls_subtable *subtable, cls_version_t version, + const struct flow *flow, uint32_t hash) +{ + const struct cls_match *head, *rule; + + CMAP_FOR_EACH_WITH_HASH (head, cmap_node, hash, &subtable->rules) { + if (OVS_LIKELY(miniflow_and_mask_matches_flow(&head->flow, + &subtable->mask, + flow))) { + /* Return highest priority rule that is visible. */ + CLS_MATCH_FOR_EACH (rule, head) { + if (OVS_LIKELY(cls_match_visible_in_version(rule, version))) { + return rule; + } + } } } return NULL; } -static struct cls_match * -find_match_wc(const struct cls_subtable *subtable, const struct flow *flow, - struct trie_ctx trie_ctx[CLS_MAX_TRIES], unsigned int n_tries, - struct flow_wildcards *wc) -{ - uint32_t basis = 0, hash; - struct cls_match *rule = NULL; - int i; - struct range ofs; +/* Returns true if 'target' satisifies 'flow'/'mask', that is, if each bit + * for which 'flow', for which 'mask' has a bit set, specifies a particular + * value has the correct value in 'target'. + * + * This function is equivalent to miniflow_and_mask_matches_flow() but this + * version fills in the mask bits in 'wc'. */ +static inline bool +miniflow_and_mask_matches_flow_wc(const struct miniflow *flow, + const struct minimask *mask, + const struct flow *target, + struct flow_wildcards *wc) +{ + const uint64_t *flowp = miniflow_get_values(flow); + const uint64_t *maskp = miniflow_get_values(&mask->masks); + const uint64_t *target_u64 = (const uint64_t *)target; + uint64_t *wc_u64 = (uint64_t *)&wc->masks; + uint64_t diff; + size_t idx; + map_t map; + + FLOWMAP_FOR_EACH_MAP (map, mask->masks.map) { + MAP_FOR_EACH_INDEX(idx, map) { + uint64_t msk = *maskp++; + + diff = (*flowp++ ^ target_u64[idx]) & msk; + if (diff) { + goto out; + } + + /* Fill in the bits that were looked at. */ + wc_u64[idx] |= msk; + } + target_u64 += MAP_T_BITS; + wc_u64 += MAP_T_BITS; + } + return true; + +out: + /* Only unwildcard if none of the differing bits is already + * exact-matched. */ + if (!(wc_u64[idx] & diff)) { + /* Keep one bit of the difference. The selected bit may be + * different in big-endian v.s. little-endian systems. */ + wc_u64[idx] |= rightmost_1bit(diff); + } + return false; +} +static const struct cls_match * +find_match_wc(const struct cls_subtable *subtable, cls_version_t version, + const struct flow *flow, struct trie_ctx trie_ctx[CLS_MAX_TRIES], + unsigned int n_tries, struct flow_wildcards *wc) +{ if (OVS_UNLIKELY(!wc)) { - return find_match(subtable, flow, + return find_match(subtable, version, flow, flow_hash_in_minimask(flow, &subtable->mask, 0)); } - ofs.start = 0; + uint32_t basis = 0, hash; + const struct cls_match *rule = NULL; + struct flowmap stages_map = FLOWMAP_EMPTY_INITIALIZER; + unsigned int mask_offset = 0; + int i; + /* Try to finish early by checking fields in segments. */ for (i = 0; i < subtable->n_indices; i++) { - struct hindex_node *inode; - ofs.end = subtable->index_ofs[i]; + const struct cmap_node *inode; - if (check_tries(trie_ctx, n_tries, subtable->trie_plen, ofs, flow, - wc)) { - goto range_out; + if (check_tries(trie_ctx, n_tries, subtable->trie_plen, + subtable->index_maps[i], flow, wc)) { + /* 'wc' bits for the trie field set, now unwildcard the preceding + * bits used so far. */ + goto no_match; } - hash = flow_hash_in_minimask_range(flow, &subtable->mask, ofs.start, - ofs.end, &basis); - ofs.start = ofs.end; - inode = hindex_node_with_hash(&subtable->indices[i], hash); + + /* Accumulate the map used so far. */ + stages_map = flowmap_or(stages_map, subtable->index_maps[i]); + + hash = flow_hash_in_minimask_range(flow, &subtable->mask, + subtable->index_maps[i], + &mask_offset, &basis); + + inode = cmap_find(&subtable->indices[i], hash); if (!inode) { - /* No match, can stop immediately, but must fold in the mask - * covered so far. */ - goto range_out; + goto no_match; } /* If we have narrowed down to a single rule already, check whether - * that rule matches. If it does match, then we're done. If it does - * not match, then we know that we will never get a match, but we do - * not yet know how many wildcards we need to fold into 'wc' so we - * continue iterating through indices to find that out. (We won't - * waste time calling minimatch_matches_flow() again because we've set - * 'rule' nonnull.) - * - * This check shows a measurable benefit with non-trivial flow tables. + * that rule matches. Either way, we're done. * * (Rare) hash collisions may cause us to miss the opportunity for this * optimization. */ - if (!inode->s && !rule) { - ASSIGN_CONTAINER(rule, inode - i, index_nodes); - if (minimatch_matches_flow(&rule->match, flow)) { - goto out; + if (!cmap_node_next(inode)) { + const struct cls_match *head; + + ASSIGN_CONTAINER(head, inode - i, index_nodes); + if (miniflow_and_mask_matches_flow_wc(&head->flow, &subtable->mask, + flow, wc)) { + /* Return highest priority rule that is visible. */ + CLS_MATCH_FOR_EACH (rule, head) { + if (OVS_LIKELY(cls_match_visible_in_version(rule, + version))) { + return rule; + } + } } + return NULL; } } - ofs.end = FLOW_U32S; /* Trie check for the final range. */ - if (check_tries(trie_ctx, n_tries, subtable->trie_plen, ofs, flow, wc)) { - goto range_out; + if (check_tries(trie_ctx, n_tries, subtable->trie_plen, + subtable->index_maps[i], flow, wc)) { + goto no_match; } - if (!rule) { - /* Multiple potential matches exist, look for one. */ - hash = flow_hash_in_minimask_range(flow, &subtable->mask, ofs.start, - ofs.end, &basis); - rule = find_match(subtable, flow, hash); - } else { - /* We already narrowed the matching candidates down to just 'rule', - * but it didn't match. */ - rule = NULL; + hash = flow_hash_in_minimask_range(flow, &subtable->mask, + subtable->index_maps[i], + &mask_offset, &basis); + rule = find_match(subtable, version, flow, hash); + if (!rule && subtable->ports_mask_len) { + /* The final stage had ports, but there was no match. Instead of + * unwildcarding all the ports bits, use the ports trie to figure out a + * smaller set of bits to unwildcard. */ + unsigned int mbits; + ovs_be32 value, plens, mask; + + mask = MINIFLOW_GET_BE32(&subtable->mask.masks, tp_src); + value = ((OVS_FORCE ovs_be32 *)flow)[TP_PORTS_OFS32] & mask; + mbits = trie_lookup_value(&subtable->ports_trie, &value, &plens, 32); + + ((OVS_FORCE ovs_be32 *)&wc->masks)[TP_PORTS_OFS32] |= + mask & be32_prefix_mask(mbits); + + goto no_match; } - out: + /* Must unwildcard all the fields, as they were looked at. */ flow_wildcards_fold_minimask(wc, &subtable->mask); return rule; - range_out: - /* Must unwildcard the fields looked up so far, if any. */ - if (ofs.start) { - flow_wildcards_fold_minimask_range(wc, &subtable->mask, 0, ofs.start); - } +no_match: + /* Unwildcard the bits in stages so far, as they were used in determining + * there is no match. */ + flow_wildcards_fold_minimask_in_map(wc, &subtable->mask, stages_map); return NULL; } static struct cls_match * -find_equal(struct cls_subtable *subtable, const struct miniflow *flow, +find_equal(const struct cls_subtable *subtable, const struct miniflow *flow, uint32_t hash) { struct cls_match *head; - HMAP_FOR_EACH_WITH_HASH (head, hmap_node, hash, &subtable->rules) { - if (miniflow_equal(&head->match.flow, flow)) { + CMAP_FOR_EACH_WITH_HASH (head, cmap_node, hash, &subtable->rules) { + if (miniflow_equal(&head->flow, flow)) { return head; } } return NULL; } - -static struct cls_match * -insert_rule(struct cls_classifier *cls, struct cls_subtable *subtable, - struct cls_rule *new) -{ - struct cls_match *cls_match = cls_match_alloc(new); - struct cls_match *head; - struct cls_match *old = NULL; - int i; - uint32_t basis = 0, hash; - uint8_t prev_be32ofs = 0; - - /* Add new node to segment indices. */ - for (i = 0; i < subtable->n_indices; i++) { - hash = minimatch_hash_range(&new->match, prev_be32ofs, - subtable->index_ofs[i], &basis); - hindex_insert(&subtable->indices[i], &cls_match->index_nodes[i], hash); - prev_be32ofs = subtable->index_ofs[i]; - } - hash = minimatch_hash_range(&new->match, prev_be32ofs, FLOW_U32S, &basis); - head = find_equal(subtable, &new->match.flow, hash); - if (!head) { - hmap_insert(&subtable->rules, &cls_match->hmap_node, hash); - list_init(&cls_match->list); - goto out; - } else { - /* Scan the list for the insertion point that will keep the list in - * order of decreasing priority. */ - struct cls_match *rule; - - cls_match->hmap_node.hash = hash; /* Otherwise done by hmap_insert. */ - - FOR_EACH_RULE_IN_LIST (rule, head) { - if (cls_match->priority >= rule->priority) { - if (rule == head) { - /* 'new' is the new highest-priority flow in the list. */ - hmap_replace(&subtable->rules, - &rule->hmap_node, &cls_match->hmap_node); - } - - if (cls_match->priority == rule->priority) { - list_replace(&cls_match->list, &rule->list); - old = rule; - goto out; - } else { - list_insert(&rule->list, &cls_match->list); - goto out; - } - } - } - - /* Insert 'new' at the end of the list. */ - list_push_back(&head->list, &cls_match->list); - } - - out: - if (!old) { - update_subtables_after_insertion(cls, subtable, cls_match->priority); - } else { - /* Remove old node from indices. */ - for (i = 0; i < subtable->n_indices; i++) { - hindex_remove(&subtable->indices[i], &old->index_nodes[i]); - } - } - return old; -} - -static struct cls_match * -next_rule_in_list__(struct cls_match *rule) -{ - struct cls_match *next = OBJECT_CONTAINING(rule->list.next, next, list); - return next; -} - -static struct cls_match * -next_rule_in_list(struct cls_match *rule) -{ - struct cls_match *next = next_rule_in_list__(rule); - return next->priority < rule->priority ? next : NULL; -} /* A longest-prefix match tree. */ -struct trie_node { - uint32_t prefix; /* Prefix bits for this node, MSB first. */ - uint8_t nbits; /* Never zero, except for the root node. */ - unsigned int n_rules; /* Number of rules that have this prefix. */ - struct trie_node *edges[2]; /* Both NULL if leaf. */ -}; - -/* Max bits per node. Must fit in struct trie_node's 'prefix'. - * Also tested with 16, 8, and 5 to stress the implementation. */ -#define TRIE_PREFIX_BITS 32 /* Return at least 'plen' bits of the 'prefix', starting at bit offset 'ofs'. * Prefixes are in the network byte order, and the offset 0 corresponds to @@ -1765,15 +1852,15 @@ trie_get_prefix(const ovs_be32 pr[], unsigned int ofs, unsigned int plen) return raw_get_prefix(pr, ofs, plen) & ~0u << (32 - plen); } -/* Return the number of equal bits in 'nbits' of 'prefix's MSBs and a 'value' +/* Return the number of equal bits in 'n_bits' of 'prefix's MSBs and a 'value' * starting at "MSB 0"-based offset 'ofs'. */ static unsigned int -prefix_equal_bits(uint32_t prefix, unsigned int nbits, const ovs_be32 value[], +prefix_equal_bits(uint32_t prefix, unsigned int n_bits, const ovs_be32 value[], unsigned int ofs) { - uint64_t diff = prefix ^ raw_get_prefix(value, ofs, nbits); + uint64_t diff = prefix ^ raw_get_prefix(value, ofs, n_bits); /* Set the bit after the relevant bits to limit the result. */ - return raw_clz64(diff << 32 | UINT64_C(1) << (63 - nbits)); + return raw_clz64(diff << 32 | UINT64_C(1) << (63 - n_bits)); } /* Return the number of equal bits in 'node' prefix and a 'prefix' of length @@ -1782,7 +1869,7 @@ static unsigned int trie_prefix_equal_bits(const struct trie_node *node, const ovs_be32 prefix[], unsigned int ofs, unsigned int plen) { - return prefix_equal_bits(node->prefix, MIN(node->nbits, plen - ofs), + return prefix_equal_bits(node->prefix, MIN(node->n_bits, plen - ofs), prefix, ofs); } @@ -1812,9 +1899,9 @@ trie_branch_create(const ovs_be32 *prefix, unsigned int ofs, unsigned int plen, node->prefix = trie_get_prefix(prefix, ofs, plen); if (plen <= TRIE_PREFIX_BITS) { - node->nbits = plen; - node->edges[0] = NULL; - node->edges[1] = NULL; + node->n_bits = plen; + ovsrcu_set_hidden(&node->edges[0], NULL); + ovsrcu_set_hidden(&node->edges[1], NULL); node->n_rules = n_rules; } else { /* Need intermediate nodes. */ struct trie_node *subnode = trie_branch_create(prefix, @@ -1822,70 +1909,87 @@ trie_branch_create(const ovs_be32 *prefix, unsigned int ofs, unsigned int plen, plen - TRIE_PREFIX_BITS, n_rules); int bit = get_bit_at(subnode->prefix, 0); - node->nbits = TRIE_PREFIX_BITS; - node->edges[bit] = subnode; - node->edges[!bit] = NULL; + node->n_bits = TRIE_PREFIX_BITS; + ovsrcu_set_hidden(&node->edges[bit], subnode); + ovsrcu_set_hidden(&node->edges[!bit], NULL); node->n_rules = 0; } return node; } static void -trie_node_destroy(struct trie_node *node) +trie_node_destroy(const struct trie_node *node) +{ + ovsrcu_postpone(free, CONST_CAST(struct trie_node *, node)); +} + +/* Copy a trie node for modification and postpone delete the old one. */ +static struct trie_node * +trie_node_rcu_realloc(const struct trie_node *node) { - free(node); + struct trie_node *new_node = xmalloc(sizeof *node); + + *new_node = *node; + trie_node_destroy(node); + + return new_node; } static void -trie_destroy(struct trie_node *node) +trie_destroy(rcu_trie_ptr *trie) { + struct trie_node *node = ovsrcu_get_protected(struct trie_node *, trie); + if (node) { - trie_destroy(node->edges[0]); - trie_destroy(node->edges[1]); - free(node); + ovsrcu_set_hidden(trie, NULL); + trie_destroy(&node->edges[0]); + trie_destroy(&node->edges[1]); + trie_node_destroy(node); } } static bool trie_is_leaf(const struct trie_node *trie) { - return !trie->edges[0] && !trie->edges[1]; /* No children. */ + /* No children? */ + return !ovsrcu_get(struct trie_node *, &trie->edges[0]) + && !ovsrcu_get(struct trie_node *, &trie->edges[1]); } static void mask_set_prefix_bits(struct flow_wildcards *wc, uint8_t be32ofs, - unsigned int nbits) + unsigned int n_bits) { ovs_be32 *mask = &((ovs_be32 *)&wc->masks)[be32ofs]; unsigned int i; - for (i = 0; i < nbits / 32; i++) { + for (i = 0; i < n_bits / 32; i++) { mask[i] = OVS_BE32_MAX; } - if (nbits % 32) { - mask[i] |= htonl(~0u << (32 - nbits % 32)); + if (n_bits % 32) { + mask[i] |= htonl(~0u << (32 - n_bits % 32)); } } static bool mask_prefix_bits_set(const struct flow_wildcards *wc, uint8_t be32ofs, - unsigned int nbits) + unsigned int n_bits) { ovs_be32 *mask = &((ovs_be32 *)&wc->masks)[be32ofs]; unsigned int i; ovs_be32 zeroes = 0; - for (i = 0; i < nbits / 32; i++) { + for (i = 0; i < n_bits / 32; i++) { zeroes |= ~mask[i]; } - if (nbits % 32) { - zeroes |= ~mask[i] & htonl(~0u << (32 - nbits % 32)); + if (n_bits % 32) { + zeroes |= ~mask[i] & htonl(~0u << (32 - n_bits % 32)); } - return !zeroes; /* All 'nbits' bits set. */ + return !zeroes; /* All 'n_bits' bits set. */ } -static struct trie_node ** +static rcu_trie_ptr * trie_next_edge(struct trie_node *node, const ovs_be32 value[], unsigned int ofs) { @@ -1896,45 +2000,61 @@ static const struct trie_node * trie_next_node(const struct trie_node *node, const ovs_be32 value[], unsigned int ofs) { - return node->edges[be_get_bit_at(value, ofs)]; + return ovsrcu_get(struct trie_node *, + &node->edges[be_get_bit_at(value, ofs)]); +} + +/* Set the bit at ("MSB 0"-based) offset 'ofs'. 'ofs' can be greater than 31. + */ +static void +be_set_bit_at(ovs_be32 value[], unsigned int ofs) +{ + ((uint8_t *)value)[ofs / 8] |= 1u << (7 - ofs % 8); } -/* Return the prefix mask length necessary to find the longest-prefix match for - * the '*value' in the prefix tree 'node'. - * '*checkbits' is set to the number of bits in the prefix mask necessary to - * determine a mismatch, in case there are longer prefixes in the tree below - * the one that matched. +/* Returns the number of bits in the prefix mask necessary to determine a + * mismatch, in case there are longer prefixes in the tree below the one that + * matched. + * '*plens' will have a bit set for each prefix length that may have matching + * rules. The caller is responsible for clearing the '*plens' prior to + * calling this. */ static unsigned int -trie_lookup_value(const struct trie_node *node, const ovs_be32 value[], - unsigned int *checkbits) +trie_lookup_value(const rcu_trie_ptr *trie, const ovs_be32 value[], + ovs_be32 plens[], unsigned int n_bits) { - unsigned int plen = 0, match_len = 0; const struct trie_node *prev = NULL; + const struct trie_node *node = ovsrcu_get(struct trie_node *, trie); + unsigned int match_len = 0; /* Number of matching bits. */ - for (; node; prev = node, node = trie_next_node(node, value, plen)) { + for (; node; prev = node, node = trie_next_node(node, value, match_len)) { unsigned int eqbits; /* Check if this edge can be followed. */ - eqbits = prefix_equal_bits(node->prefix, node->nbits, value, plen); - plen += eqbits; - if (eqbits < node->nbits) { /* Mismatch, nothing more to be found. */ - /* Bit at offset 'plen' differed. */ - *checkbits = plen + 1; /* Includes the first mismatching bit. */ - return match_len; + eqbits = prefix_equal_bits(node->prefix, node->n_bits, value, + match_len); + match_len += eqbits; + if (eqbits < node->n_bits) { /* Mismatch, nothing more to be found. */ + /* Bit at offset 'match_len' differed. */ + return match_len + 1; /* Includes the first mismatching bit. */ } /* Full match, check if rules exist at this prefix length. */ if (node->n_rules > 0) { - match_len = plen; + be_set_bit_at(plens, match_len - 1); + } + if (match_len >= n_bits) { + return n_bits; /* Full prefix. */ } } - /* Dead end, exclude the other branch if it exists. */ - *checkbits = !prev || trie_is_leaf(prev) ? plen : plen + 1; - return match_len; + /* node == NULL. Full match so far, but we tried to follow an + * non-existing branch. Need to exclude the other branch if it exists + * (it does not if we were called on an empty trie or 'prev' is a leaf + * node). */ + return !prev || trie_is_leaf(prev) ? match_len : match_len + 1; } static unsigned int trie_lookup(const struct cls_trie *trie, const struct flow *flow, - unsigned int *checkbits) + union trie_prefix *plens) { const struct mf_field *mf = trie->field; @@ -1942,12 +2062,12 @@ trie_lookup(const struct cls_trie *trie, const struct flow *flow, * field. Some match fields are used for multiple purposes, so we * must check that the trie is relevant for this flow. */ if (mf_are_prereqs_ok(mf, flow)) { - return trie_lookup_value(trie->root, + return trie_lookup_value(&trie->root, &((ovs_be32 *)flow)[mf->flow_be32ofs], - checkbits); + &plens->be32, mf->n_bits); } - *checkbits = 0; /* Value not used in this case. */ - return UINT_MAX; + memset(plens, 0xff, sizeof *plens); /* All prefixes, no skipping. */ + return 0; /* Value not used in this case. */ } /* Returns the length of a prefix match mask for the field 'mf' in 'minimask'. @@ -1957,13 +2077,12 @@ static unsigned int minimask_get_prefix_len(const struct minimask *minimask, const struct mf_field *mf) { - unsigned int nbits = 0, mask_tz = 0; /* Non-zero when end of mask seen. */ - uint8_t u32_ofs = mf->flow_be32ofs; - uint8_t u32_end = u32_ofs + mf->n_bytes / 4; + unsigned int n_bits = 0, mask_tz = 0; /* Non-zero when end of mask seen. */ + uint8_t be32_ofs = mf->flow_be32ofs; + uint8_t be32_end = be32_ofs + mf->n_bytes / 4; - for (; u32_ofs < u32_end; ++u32_ofs) { - uint32_t mask; - mask = ntohl((OVS_FORCE ovs_be32)minimask_get(minimask, u32_ofs)); + for (; be32_ofs < be32_end; ++be32_ofs) { + uint32_t mask = ntohl(minimask_get_be32(minimask, be32_ofs)); /* Validate mask, count the mask length. */ if (mask_tz) { @@ -1975,11 +2094,11 @@ minimask_get_prefix_len(const struct minimask *minimask, return 0; /* Mask not contiguous. */ } mask_tz = ctz32(mask); - nbits += 32 - mask_tz; + n_bits += 32 - mask_tz; } } - return nbits; + return n_bits; } /* @@ -1991,8 +2110,10 @@ minimask_get_prefix_len(const struct minimask *minimask, static const ovs_be32 * minimatch_get_prefix(const struct minimatch *match, const struct mf_field *mf) { - return miniflow_get_be32_values(&match->flow) + - count_1bits(match->flow.map & ((UINT64_C(1) << mf->flow_be32ofs) - 1)); + size_t u64_ofs = mf->flow_be32ofs / 2; + + return (OVS_FORCE const ovs_be32 *)miniflow_get__(match->flow, u64_ofs) + + (mf->flow_be32ofs & 1); } /* Insert rule in to the prefix tree. @@ -2001,35 +2122,42 @@ minimatch_get_prefix(const struct minimatch *match, const struct mf_field *mf) static void trie_insert(struct cls_trie *trie, const struct cls_rule *rule, int mlen) { - const ovs_be32 *prefix = minimatch_get_prefix(&rule->match, trie->field); + trie_insert_prefix(&trie->root, + minimatch_get_prefix(&rule->match, trie->field), mlen); +} + +static void +trie_insert_prefix(rcu_trie_ptr *edge, const ovs_be32 *prefix, int mlen) +{ struct trie_node *node; - struct trie_node **edge; int ofs = 0; /* Walk the tree. */ - for (edge = &trie->root; - (node = *edge) != NULL; + for (; (node = ovsrcu_get_protected(struct trie_node *, edge)); edge = trie_next_edge(node, prefix, ofs)) { unsigned int eqbits = trie_prefix_equal_bits(node, prefix, ofs, mlen); ofs += eqbits; - if (eqbits < node->nbits) { + if (eqbits < node->n_bits) { /* Mismatch, new node needs to be inserted above. */ int old_branch = get_bit_at(node->prefix, eqbits); + struct trie_node *new_parent; - /* New parent node. */ - *edge = trie_branch_create(prefix, ofs - eqbits, eqbits, - ofs == mlen ? 1 : 0); - - /* Adjust old node for its new position in the tree. */ + new_parent = trie_branch_create(prefix, ofs - eqbits, eqbits, + ofs == mlen ? 1 : 0); + /* Copy the node to modify it. */ + node = trie_node_rcu_realloc(node); + /* Adjust the new node for its new position in the tree. */ node->prefix <<= eqbits; - node->nbits -= eqbits; - (*edge)->edges[old_branch] = node; + node->n_bits -= eqbits; + ovsrcu_set_hidden(&new_parent->edges[old_branch], node); /* Check if need a new branch for the new rule. */ if (ofs < mlen) { - (*edge)->edges[!old_branch] - = trie_branch_create(prefix, ofs, mlen - ofs, 1); + ovsrcu_set_hidden(&new_parent->edges[!old_branch], + trie_branch_create(prefix, ofs, mlen - ofs, + 1)); } + ovsrcu_set(edge, new_parent); /* Publish changes. */ return; } /* Full match so far. */ @@ -2041,7 +2169,7 @@ trie_insert(struct cls_trie *trie, const struct cls_rule *rule, int mlen) } } /* Must insert a new tree branch for the new rule. */ - *edge = trie_branch_create(prefix, ofs, mlen - ofs, 1); + ovsrcu_set(edge, trie_branch_create(prefix, ofs, mlen - ofs, 1)); } /* 'mlen' must be the (non-zero) CIDR prefix length of the 'trie->field' mask @@ -2049,17 +2177,26 @@ trie_insert(struct cls_trie *trie, const struct cls_rule *rule, int mlen) static void trie_remove(struct cls_trie *trie, const struct cls_rule *rule, int mlen) { - const ovs_be32 *prefix = minimatch_get_prefix(&rule->match, trie->field); + trie_remove_prefix(&trie->root, + minimatch_get_prefix(&rule->match, trie->field), mlen); +} + +/* 'mlen' must be the (non-zero) CIDR prefix length of the 'trie->field' mask + * in 'rule'. */ +static void +trie_remove_prefix(rcu_trie_ptr *root, const ovs_be32 *prefix, int mlen) +{ struct trie_node *node; - struct trie_node **edges[sizeof(union mf_value) * 8]; + rcu_trie_ptr *edges[sizeof(union trie_prefix) * CHAR_BIT]; int depth = 0, ofs = 0; /* Walk the tree. */ - for (edges[depth] = &trie->root; - (node = *edges[depth]) != NULL; + for (edges[0] = root; + (node = ovsrcu_get_protected(struct trie_node *, edges[depth])); edges[++depth] = trie_next_edge(node, prefix, ofs)) { unsigned int eqbits = trie_prefix_equal_bits(node, prefix, ofs, mlen); - if (eqbits < node->nbits) { + + if (eqbits < node->n_bits) { /* Mismatch, nothing to be removed. This should never happen, as * only rules in the classifier are ever removed. */ break; /* Log a warning. */ @@ -2075,27 +2212,40 @@ trie_remove(struct cls_trie *trie, const struct cls_rule *rule, int mlen) node->n_rules--; /* Check if can prune the tree. */ - while (!node->n_rules && !(node->edges[0] && node->edges[1])) { - /* No rules and at most one child node, remove this node. */ - struct trie_node *next; - next = node->edges[0] ? node->edges[0] : node->edges[1]; + while (!node->n_rules) { + struct trie_node *next, + *edge0 = ovsrcu_get_protected(struct trie_node *, + &node->edges[0]), + *edge1 = ovsrcu_get_protected(struct trie_node *, + &node->edges[1]); + + if (edge0 && edge1) { + break; /* A branching point, cannot prune. */ + } + + /* Else have at most one child node, remove this node. */ + next = edge0 ? edge0 : edge1; if (next) { - if (node->nbits + next->nbits > TRIE_PREFIX_BITS) { + if (node->n_bits + next->n_bits > TRIE_PREFIX_BITS) { break; /* Cannot combine. */ } + next = trie_node_rcu_realloc(next); /* Modify. */ + /* Combine node with next. */ - next->prefix = node->prefix | next->prefix >> node->nbits; - next->nbits += node->nbits; + next->prefix = node->prefix | next->prefix >> node->n_bits; + next->n_bits += node->n_bits; } - trie_node_destroy(node); /* Update the parent's edge. */ - *edges[depth] = next; + ovsrcu_set(edges[depth], next); /* Publish changes. */ + trie_node_destroy(node); + if (next || !depth) { /* Branch not pruned or at root, nothing more to do. */ break; } - node = *edges[--depth]; + node = ovsrcu_get_protected(struct trie_node *, + edges[--depth]); } return; } @@ -2104,3 +2254,13 @@ trie_remove(struct cls_trie *trie, const struct cls_rule *rule, int mlen) * that actually exist in the classifier are ever removed. */ VLOG_WARN("Trying to remove non-existing rule from a prefix trie."); } + + +#define CLS_MATCH_POISON (struct cls_match *)(UINTPTR_MAX / 0xf * 0xb) + +void +cls_match_free_cb(struct cls_match *rule) +{ + ovsrcu_set_hidden(&rule->next, CLS_MATCH_POISON); + free(rule); +}