diff --git a/include/osmocom/upf/upf.h b/include/osmocom/upf/upf.h index db73c1f..145567b 100644 --- a/include/osmocom/upf/upf.h +++ b/include/osmocom/upf/upf.h @@ -44,6 +44,7 @@ struct nft_ctx; #define PORT_GTP1_U 2152 extern struct osmo_tdef_group g_upf_tdef_groups[]; +extern struct osmo_tdef g_upf_nft_tdefs[]; struct pfcp_vty_cfg { char *local_addr; diff --git a/src/osmo-upf/upf.c b/src/osmo-upf/upf.c index 3d00cc2..a4cb79b 100644 --- a/src/osmo-upf/upf.c +++ b/src/osmo-upf/upf.c @@ -36,8 +36,20 @@ struct g_upf *g_upf = NULL; +struct osmo_tdef g_upf_nft_tdefs[] = { + { .T = -32, .default_val = 1000, .unit = OSMO_TDEF_MS, + .desc = "How long to wait for more nft rulesets before flushing in batch", + }, + { .T = -33, .default_val = 1, .unit = OSMO_TDEF_CUSTOM, + .desc = "When reaching this nr of queued nft rulesets, flush the queue", + .max_val = 128, + }, + {} +}; + struct osmo_tdef_group g_upf_tdef_groups[] = { { "pfcp", "PFCP endpoint timers", osmo_pfcp_tdefs, }, + { "nft", "netfilter timers", g_upf_nft_tdefs, }, {} }; diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index c14dbf7..bc0ee36 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -26,6 +26,7 @@ #include #include +#include #include #include @@ -59,9 +60,10 @@ static char *upf_nft_ruleset_vmap_init(void *ctx, const char *table_name, int pr table_name); } -static int upf_nft_run(const char *ruleset) +static int upf_nft_run_now(const char *ruleset) { int rc; + const int logmax = 256; if (g_upf->tunmap.mockup) { LOGP(DNFT, LOGL_NOTICE, "tunmap/mockup active: not running nft ruleset: '%s'\n", ruleset); @@ -81,14 +83,135 @@ static int upf_nft_run(const char *ruleset) return -EIO; } - LOGP(DNFT, LOGL_DEBUG, "run nft ruleset: %s\n", osmo_quote_str_c(OTC_SELECT, ruleset, -1)); + if (log_check_level(DNFT, LOGL_DEBUG)) { + size_t l = strlen(ruleset); + LOGP(DNFT, LOGL_DEBUG, "ran nft ruleset, %zu chars: \"%s%s\"\n", + l, + osmo_escape_cstr_c(OTC_SELECT, ruleset, OSMO_MIN(logmax, l)), + l > logmax ? "..." : ""); + } + return 0; } +struct nft_queue { + struct osmo_tdef *flush_time_tdef; + struct osmo_tdef *ruleset_max_tdef; + struct osmo_strbuf sb; + /* 128 NFT rulesets amount to about 110 kb of char */ + char buf[1<<17]; + unsigned int ruleset_count; + struct osmo_timer_list timer; +}; + +static void nft_queue_clear_buf(struct nft_queue *q) +{ + q->sb = (struct osmo_strbuf){ .buf = q->buf, .len = sizeof(q->buf) }; + q->buf[0] = '\0'; +} + +static void nft_queue_init(void *ctx, struct nft_queue *q, + struct osmo_tdef *flush_time_tdef, + struct osmo_tdef *ruleset_max_tdef) +{ + *q = (struct nft_queue){ + .flush_time_tdef = flush_time_tdef, + .ruleset_max_tdef = ruleset_max_tdef, + }; + nft_queue_clear_buf(q); +} + +static void nft_queue_flush(struct nft_queue *q, const char *reason) +{ + static unsigned int flush_count = 0; + static unsigned int ruleset_count = 0; + + /* We will now flush the queue empty. A timer needs to run only when the next pending entry is added. */ + osmo_timer_del(&q->timer); + + /* Nothing to send? */ + if (!q->sb.chars_needed) + return; + + flush_count++; + ruleset_count += q->ruleset_count; + LOGP(DNFT, LOGL_INFO, "Flushing NFT ruleset queue: %s: n:%u strlen:%zu (flush count: %u avg rules per flush: %s)\n", + reason, + q->ruleset_count, q->sb.chars_needed, + flush_count, osmo_int_to_float_str_c(OTC_SELECT, 10 * ruleset_count / flush_count, 1)); + + q->ruleset_count = 0; + + upf_nft_run_now(q->sb.buf); + + nft_queue_clear_buf(q); +} + +static void nft_queue_flush_cb(void *q) +{ + nft_queue_flush(q, "timeout"); +} + +static int nft_enqueue(struct nft_queue *q, + int (*tunmap_to_str_buf)(char *buf, size_t len, struct upf_tunmap *tunmap), + struct upf_tunmap *tunmap) +{ + int ruleset_max; + struct osmo_strbuf q_sb_was = q->sb; + + OSMO_STRBUF_APPEND(q->sb, tunmap_to_str_buf, tunmap); + + /* is that being cut off? then revert the addition. This should never happen in practice. */ + if (q->sb.chars_needed >= q->sb.len) { + q->sb = q_sb_was; + if (q->sb.pos) + *q->sb.pos = '\0'; + nft_queue_flush(q, "reached max nr of chars"); + OSMO_STRBUF_APPEND(q->sb, tunmap_to_str_buf, tunmap); + } + + /* Append separator -- no problem if that gets cut off. */ + OSMO_STRBUF_PRINTF(q->sb, "\n"); + + q->ruleset_count++; + + LOGP(DNFT, LOGL_INFO, "Added NFT ruleset to queue: n:%u strlen:%zu\n", + q->ruleset_count, q->sb.chars_needed); + + /* Added a rule, see if it has reached ruleset_max. */ + ruleset_max = osmo_tdef_get(q->ruleset_max_tdef, q->ruleset_max_tdef->T, OSMO_TDEF_CUSTOM, 128); + if (q->ruleset_count >= ruleset_max) { + nft_queue_flush(q, "reached max nr of rules"); + return 0; + } + + /* Item added. If the timer is not running yet, schedule a flush in given timeout */ + if (!osmo_timer_pending(&q->timer)) { + struct osmo_tdef *t; + unsigned long us; + osmo_timer_setup(&q->timer, nft_queue_flush_cb, q); + t = q->flush_time_tdef; + us = osmo_tdef_get(t, t->T, OSMO_TDEF_US, 100000); + osmo_timer_schedule(&q->timer, us / 1000000, us % 1000000); + } + return 0; +} + +static void nft_queue_free(struct nft_queue *q) +{ + osmo_timer_del(&q->timer); +} + +static struct nft_queue g_nft_queue = {}; + int upf_nft_init() { int rc; + nft_queue_init(g_upf, &g_nft_queue, + osmo_tdef_get_entry(g_upf_nft_tdefs, -32), + osmo_tdef_get_entry(g_upf_nft_tdefs, -33)); + /* Always set up the default settings, also in mockup mode, so that the VTY reflects sane values */ if (!g_upf->tunmap.table_name) g_upf->tunmap.table_name = talloc_strdup(g_upf, "osmo-upf"); @@ -106,7 +229,7 @@ int upf_nft_init() return -EIO; } - rc = upf_nft_run(upf_nft_tunmap_get_table_init_str(OTC_SELECT)); + rc = upf_nft_run_now(upf_nft_tunmap_get_table_init_str(OTC_SELECT)); if (rc) { LOGP(DNFT, LOGL_ERROR, "Failed to create nft table %s\n", osmo_quote_str_c(OTC_SELECT, g_upf->tunmap.table_name, -1)); @@ -114,7 +237,7 @@ int upf_nft_init() } LOGP(DNFT, LOGL_NOTICE, "Created nft table %s\n", osmo_quote_str_c(OTC_SELECT, g_upf->tunmap.table_name, -1)); - rc = upf_nft_run(upf_nft_tunmap_get_vmap_init_str(OTC_SELECT)); + rc = upf_nft_run_now(upf_nft_tunmap_get_vmap_init_str(OTC_SELECT)); if (rc) { LOGP(DNFT, LOGL_ERROR, "Failed to initialize nft verdict map in table %s\n", g_upf->tunmap.table_name); return rc; @@ -124,6 +247,7 @@ int upf_nft_init() int upf_nft_free() { + nft_queue_free(&g_nft_queue); if (!g_upf->tunmap.nft_ctx) return 0; nft_ctx_free(g_upf->tunmap.nft_ctx); @@ -263,11 +387,6 @@ static int upf_nft_ruleset_tunmap_create_buf(char *buf, size_t buflen, const str return sb.chars_needed; } -static char *upf_nft_ruleset_tunmap_create_c(void *ctx, const struct upf_nft_args *args) -{ - OSMO_NAME_C_IMPL(ctx, 1024, "ERROR", upf_nft_ruleset_tunmap_create_buf, args) -} - static int upf_nft_ruleset_tunmap_delete_buf(char *buf, size_t buflen, const struct upf_nft_args *args) { struct osmo_strbuf sb = { .buf = buf, .len = buflen }; @@ -280,11 +399,6 @@ static int upf_nft_ruleset_tunmap_delete_buf(char *buf, size_t buflen, const str return sb.chars_needed; } -static char *upf_nft_ruleset_tunmap_delete_c(void *ctx, const struct upf_nft_args *args) -{ - OSMO_NAME_C_IMPL(ctx, 512, "ERROR", upf_nft_ruleset_tunmap_delete_buf, args) -} - int upf_nft_tunmap_to_str_buf(char *buf, size_t buflen, const struct upf_tunmap *tunmap) { struct osmo_strbuf sb = { .buf = buf, .len = buflen }; @@ -344,18 +458,28 @@ char *upf_nft_tunmap_get_vmap_init_str(void *ctx) g_upf->tunmap.priority_post); } -char *upf_nft_tunmap_get_ruleset_str(void *ctx, struct upf_tunmap *tunmap) +int upf_nft_tunmap_get_ruleset_str_buf(char *buf, size_t len, struct upf_tunmap *tunmap) { struct upf_nft_args args; upf_nft_args_from_tunmap(&args, tunmap); - return upf_nft_ruleset_tunmap_create_c(ctx, &args); + return upf_nft_ruleset_tunmap_create_buf(buf, len, &args); +} + +char *upf_nft_tunmap_get_ruleset_str(void *ctx, struct upf_tunmap *tunmap) +{ + OSMO_NAME_C_IMPL(ctx, 1024, "ERROR", upf_nft_tunmap_get_ruleset_str_buf, tunmap) +} + +int upf_nft_tunmap_get_ruleset_del_str_buf(char *buf, size_t len, struct upf_tunmap *tunmap) +{ + struct upf_nft_args args; + upf_nft_args_from_tunmap(&args, tunmap); + return upf_nft_ruleset_tunmap_delete_buf(buf, len, &args); } char *upf_nft_tunmap_get_ruleset_del_str(void *ctx, struct upf_tunmap *tunmap) { - struct upf_nft_args args; - upf_nft_args_from_tunmap(&args, tunmap); - return upf_nft_ruleset_tunmap_delete_c(ctx, &args); + OSMO_NAME_C_IMPL(ctx, 1024, "ERROR", upf_nft_tunmap_get_ruleset_del_str_buf, tunmap) } static int upf_nft_tunmap_ensure_chain_id(struct upf_nft_tun *tun) @@ -373,10 +497,10 @@ int upf_nft_tunmap_create(struct upf_tunmap *tunmap) if (upf_nft_tunmap_ensure_chain_id(&tunmap->access) || upf_nft_tunmap_ensure_chain_id(&tunmap->core)) return -ENOSPC; - return upf_nft_run(upf_nft_tunmap_get_ruleset_str(OTC_SELECT, tunmap)); + return nft_enqueue(&g_nft_queue, upf_nft_tunmap_get_ruleset_str_buf, tunmap); } int upf_nft_tunmap_delete(struct upf_tunmap *tunmap) { - return upf_nft_run(upf_nft_tunmap_get_ruleset_del_str(OTC_SELECT, tunmap)); + return nft_enqueue(&g_nft_queue, upf_nft_tunmap_get_ruleset_del_str_buf, tunmap); } diff --git a/tests/unique_ids/unique_ids_test.err b/tests/unique_ids/unique_ids_test.err index 246ea5a..8274f26 100644 --- a/tests/unique_ids/unique_ids_test.err +++ b/tests/unique_ids/unique_ids_test.err @@ -8,7 +8,7 @@ DLPFCP NOTICE PFCP endpoint: recovery timestamp = 0x83aa7e80 (0 seconds since UN [test override] nft_run_cmd_from_buffer(): add table inet osmo-upf { flags owner; }; -DNFT DEBUG run nft ruleset: "add table inet osmo-upf { flags owner; };\n" +DNFT DEBUG ran nft ruleset, 42 chars: "add table inet osmo-upf { flags owner; };\n" DNFT NOTICE Created nft table "osmo-upf" [test override] nft_run_cmd_from_buffer(): @@ -19,7 +19,7 @@ add map inet osmo-upf tunmap-post { typeof meta mark : verdict; }; add rule inet osmo-upf pre udp dport 2152 ip daddr . @ih,32,32 vmap @tunmap-pre; add rule inet osmo-upf post meta mark vmap @tunmap-post; -DNFT DEBUG run nft ruleset: "add chain inet osmo-upf pre { type filter hook prerouting priority -300; policy accept; };\nadd chain inet osmo-upf post { type filter hook postrouting priority 400; policy accept; };\nadd map inet osmo-upf tunmap-pre { typeof ip daddr . @ih,32,32 : verdict; };\nadd map inet osmo-upf tunmap-post { typeof meta mark : verdict; };\nadd rule inet osmo-upf pre udp dport 2152 ip daddr . @ih,32,32 vmap @tunmap-pre;\nadd rule inet osmo-upf post meta mark vmap @tunmap-post;\n" +DNFT DEBUG ran nft ruleset, 465 chars: "add chain inet osmo-upf pre { type filter hook prerouting priority -300; policy accept; };\nadd chain inet osmo-upf post { type filter hook postrouting priority 400; policy accept; };\nadd map inet osmo-upf tunmap-pre { typeof ip daddr . @ih,32,32 : verdict;..." PFCP Associate peer DPEER DEBUG up_peer{NOT_ASSOCIATED}: Allocated @@ -58,6 +58,8 @@ DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: Active PDR set: + PDR-1{src:Core T DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: GTP actions: 0 previously active; want active: 1 DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: want: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x100 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x101 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1 DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: enabling: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x100 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x101 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1 +DNFT INFO Added NFT ruleset to queue: n:1 strlen:847 +DNFT INFO Flushing NFT ruleset queue: reached max nr of rules: n:1 strlen:847 (flush count: 1 avg rules per flush: 1) [test override] nft_run_cmd_from_buffer(): add chain inet osmo-upf tunmap-pre-1; @@ -73,7 +75,8 @@ add rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 udp sport set 2152 @ih add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 }; add element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 }; -DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-1;\nadd rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;\nadd chain inet osmo-upf tunmap-post-1;\nadd rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x101 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 : jump tunmap-pre-1 };\nadd element inet osmo-upf tunmap-post { 1 : jump tunmap-post-1 };\nadd chain inet osmo-upf tunmap-pre-2;\nadd rule inet osmo-upf tunmap-pre-2 ip daddr set 5.6.7.8 meta mark set 2 counter accept;\nadd chain inet osmo-upf tunmap-post-2;\nadd rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x100 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 };\nadd element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 };\n" + +DNFT DEBUG ran nft ruleset, 847 chars: "add chain inet osmo-upf tunmap-pre-1;\nadd rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;\nadd chain inet osmo-upf tunmap-post-1;\nadd rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32..." DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x100 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x101 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1: Enabled tunmap, nft chain IDs: access--1-> <-2--core [test override] PFCP tx: @@ -123,6 +126,8 @@ DSESSION DEBUG up_session(1-2-3-4-0x2){INIT}: Active PDR set: + PDR-1{src:Core T DSESSION DEBUG up_session(1-2-3-4-0x2){INIT}: GTP actions: 0 previously active; want active: 1 DSESSION DEBUG up_session(1-2-3-4-0x2){INIT}: want: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x102 GTP-access-l:1.1.1.1 TEID-access-l:0x4 GTP-core-r:13.14.15.16 TEID-core-r:0x103 GTP-core-l:1.1.1.1 TEID-core-l:0x3 PFCP-peer:1.2.3.4 SEID-l:0x2 PDR-access:2 PDR-core:1 DSESSION DEBUG up_session(1-2-3-4-0x2){INIT}: enabling: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x102 GTP-access-l:1.1.1.1 TEID-access-l:0x4 GTP-core-r:13.14.15.16 TEID-core-r:0x103 GTP-core-l:1.1.1.1 TEID-core-l:0x3 PFCP-peer:1.2.3.4 SEID-l:0x2 PDR-access:2 PDR-core:1 +DNFT INFO Added NFT ruleset to queue: n:1 strlen:847 +DNFT INFO Flushing NFT ruleset queue: reached max nr of rules: n:1 strlen:847 (flush count: 2 avg rules per flush: 1) [test override] nft_run_cmd_from_buffer(): add chain inet osmo-upf tunmap-pre-3; @@ -138,7 +143,8 @@ add rule inet osmo-upf tunmap-post-4 ip saddr set 1.1.1.1 udp sport set 2152 @ih add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x3 : jump tunmap-pre-4 }; add element inet osmo-upf tunmap-post { 4 : jump tunmap-post-4 }; -DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-3;\nadd rule inet osmo-upf tunmap-pre-3 ip daddr set 13.14.15.16 meta mark set 3 counter accept;\nadd chain inet osmo-upf tunmap-post-3;\nadd rule inet osmo-upf tunmap-post-3 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x103 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x4 : jump tunmap-pre-3 };\nadd element inet osmo-upf tunmap-post { 3 : jump tunmap-post-3 };\nadd chain inet osmo-upf tunmap-pre-4;\nadd rule inet osmo-upf tunmap-pre-4 ip daddr set 5.6.7.8 meta mark set 4 counter accept;\nadd chain inet osmo-upf tunmap-post-4;\nadd rule inet osmo-upf tunmap-post-4 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x102 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x3 : jump tunmap-pre-4 };\nadd element inet osmo-upf tunmap-post { 4 : jump tunmap-post-4 };\n" + +DNFT DEBUG ran nft ruleset, 847 chars: "add chain inet osmo-upf tunmap-pre-3;\nadd rule inet osmo-upf tunmap-pre-3 ip daddr set 13.14.15.16 meta mark set 3 counter accept;\nadd chain inet osmo-upf tunmap-post-3;\nadd rule inet osmo-upf tunmap-post-3 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32..." DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x102 GTP-access-l:1.1.1.1 TEID-access-l:0x4 GTP-core-r:13.14.15.16 TEID-core-r:0x103 GTP-core-l:1.1.1.1 TEID-core-l:0x3 PFCP-peer:1.2.3.4 SEID-l:0x2 PDR-access:2 PDR-core:1: Enabled tunmap, nft chain IDs: access--3-> <-4--core [test override] PFCP tx: @@ -182,6 +188,8 @@ DSESSION DEBUG up_session(1-2-3-4-0x1){ESTABLISHED}: Received Event UP_SESSION_E DREF INFO up_peer(1-2-3-4){ASSOCIATED}: - msg-tx: now used by 0 (-) DPEER DEBUG up_peer(1-2-3-4){ASSOCIATED}: Received Event UP_PEER_EV_USE_COUNT_ZERO DSESSION NOTICE up_session(1-2-3-4-0x1){ESTABLISHED}: Session releasing: peer:1.2.3.4 SEID-r:0x100 SEID-l:0x1 state:ESTABLISHED PDR-active:2/2 FAR-active:2/2 GTP-active:1 +DNFT INFO Added NFT ruleset to queue: n:1 strlen:381 +DNFT INFO Flushing NFT ruleset queue: reached max nr of rules: n:1 strlen:381 (flush count: 3 avg rules per flush: 1) [test override] nft_run_cmd_from_buffer(): delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 }; @@ -193,7 +201,8 @@ delete element inet osmo-upf tunmap-post { 2 }; delete chain inet osmo-upf tunmap-pre-2; delete chain inet osmo-upf tunmap-post-2; -DNFT DEBUG run nft ruleset: "delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 };\ndelete element inet osmo-upf tunmap-post { 1 };\ndelete chain inet osmo-upf tunmap-pre-1;\ndelete chain inet osmo-upf tunmap-post-1;\ndelete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 };\ndelete element inet osmo-upf tunmap-post { 2 };\ndelete chain inet osmo-upf tunmap-pre-2;\ndelete chain inet osmo-upf tunmap-post-2;\n" + +DNFT DEBUG ran nft ruleset, 381 chars: "delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 };\ndelete element inet osmo-upf tunmap-post { 1 };\ndelete chain inet osmo-upf tunmap-pre-1;\ndelete chain inet osmo-upf tunmap-post-1;\ndelete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 };\ndelete ..." DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x100 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x101 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1: Disabled tunmap, nft chain IDs: access--1-> <-2--core DSESSION DEBUG up_session(1-2-3-4-0x1){ESTABLISHED}: State change to WAIT_USE_COUNT (no timeout) DSESSION DEBUG up_session(1-2-3-4-0x1){WAIT_USE_COUNT}: GTP actions: 0 previously active; want active: 0 @@ -231,6 +240,8 @@ DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: Active PDR set: + PDR-1{src:Core T DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: GTP actions: 0 previously active; want active: 1 DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: want: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x104 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x105 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1 DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: enabling: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x104 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x105 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1 +DNFT INFO Added NFT ruleset to queue: n:1 strlen:847 +DNFT INFO Flushing NFT ruleset queue: reached max nr of rules: n:1 strlen:847 (flush count: 4 avg rules per flush: 1) [test override] nft_run_cmd_from_buffer(): add chain inet osmo-upf tunmap-pre-1; @@ -246,7 +257,8 @@ add rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 udp sport set 2152 @ih add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 }; add element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 }; -DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-1;\nadd rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;\nadd chain inet osmo-upf tunmap-post-1;\nadd rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x105 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 : jump tunmap-pre-1 };\nadd element inet osmo-upf tunmap-post { 1 : jump tunmap-post-1 };\nadd chain inet osmo-upf tunmap-pre-2;\nadd rule inet osmo-upf tunmap-pre-2 ip daddr set 5.6.7.8 meta mark set 2 counter accept;\nadd chain inet osmo-upf tunmap-post-2;\nadd rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x104 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 };\nadd element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 };\n" + +DNFT DEBUG ran nft ruleset, 847 chars: "add chain inet osmo-upf tunmap-pre-1;\nadd rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;\nadd chain inet osmo-upf tunmap-post-1;\nadd rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32..." DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x104 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x105 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1: Enabled tunmap, nft chain IDs: access--1-> <-2--core [test override] PFCP tx: @@ -296,6 +308,8 @@ DSESSION DEBUG up_session(1-2-3-4-0x3){INIT}: Active PDR set: + PDR-1{src:Core T DSESSION DEBUG up_session(1-2-3-4-0x3){INIT}: GTP actions: 0 previously active; want active: 1 DSESSION DEBUG up_session(1-2-3-4-0x3){INIT}: want: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x106 GTP-access-l:1.1.1.1 TEID-access-l:0x6 GTP-core-r:13.14.15.16 TEID-core-r:0x107 GTP-core-l:1.1.1.1 TEID-core-l:0x5 PFCP-peer:1.2.3.4 SEID-l:0x3 PDR-access:2 PDR-core:1 DSESSION DEBUG up_session(1-2-3-4-0x3){INIT}: enabling: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x106 GTP-access-l:1.1.1.1 TEID-access-l:0x6 GTP-core-r:13.14.15.16 TEID-core-r:0x107 GTP-core-l:1.1.1.1 TEID-core-l:0x5 PFCP-peer:1.2.3.4 SEID-l:0x3 PDR-access:2 PDR-core:1 +DNFT INFO Added NFT ruleset to queue: n:1 strlen:847 +DNFT INFO Flushing NFT ruleset queue: reached max nr of rules: n:1 strlen:847 (flush count: 5 avg rules per flush: 1) [test override] nft_run_cmd_from_buffer(): add chain inet osmo-upf tunmap-pre-5; @@ -311,7 +325,8 @@ add rule inet osmo-upf tunmap-post-6 ip saddr set 1.1.1.1 udp sport set 2152 @ih add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x5 : jump tunmap-pre-6 }; add element inet osmo-upf tunmap-post { 6 : jump tunmap-post-6 }; -DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-5;\nadd rule inet osmo-upf tunmap-pre-5 ip daddr set 13.14.15.16 meta mark set 5 counter accept;\nadd chain inet osmo-upf tunmap-post-5;\nadd rule inet osmo-upf tunmap-post-5 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x107 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x6 : jump tunmap-pre-5 };\nadd element inet osmo-upf tunmap-post { 5 : jump tunmap-post-5 };\nadd chain inet osmo-upf tunmap-pre-6;\nadd rule inet osmo-upf tunmap-pre-6 ip daddr set 5.6.7.8 meta mark set 6 counter accept;\nadd chain inet osmo-upf tunmap-post-6;\nadd rule inet osmo-upf tunmap-post-6 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x106 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x5 : jump tunmap-pre-6 };\nadd element inet osmo-upf tunmap-post { 6 : jump tunmap-post-6 };\n" + +DNFT DEBUG ran nft ruleset, 847 chars: "add chain inet osmo-upf tunmap-pre-5;\nadd rule inet osmo-upf tunmap-pre-5 ip daddr set 13.14.15.16 meta mark set 5 counter accept;\nadd chain inet osmo-upf tunmap-post-5;\nadd rule inet osmo-upf tunmap-post-5 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32..." DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x106 GTP-access-l:1.1.1.1 TEID-access-l:0x6 GTP-core-r:13.14.15.16 TEID-core-r:0x107 GTP-core-l:1.1.1.1 TEID-core-l:0x5 PFCP-peer:1.2.3.4 SEID-l:0x3 PDR-access:2 PDR-core:1: Enabled tunmap, nft chain IDs: access--5-> <-6--core [test override] PFCP tx: @@ -348,6 +363,8 @@ DSESSION DEBUG up_session(1-2-3-4-0x3){ESTABLISHED}: Removing from parent up_pee DSESSION DEBUG up_session(1-2-3-4-0x3){ESTABLISHED}: GTP actions: 1 previously active; want active: 0 DSESSION DEBUG up_session(1-2-3-4-0x3){ESTABLISHED}: active: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x106 GTP-access-l:1.1.1.1 TEID-access-l:0x6 GTP-core-r:13.14.15.16 TEID-core-r:0x107 GTP-core-l:1.1.1.1 TEID-core-l:0x5 PFCP-peer:1.2.3.4 SEID-l:0x3 PDR-access:2 PDR-core:1 DSESSION DEBUG up_session(1-2-3-4-0x3){ESTABLISHED}: disabling: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x106 GTP-access-l:1.1.1.1 TEID-access-l:0x6 GTP-core-r:13.14.15.16 TEID-core-r:0x107 GTP-core-l:1.1.1.1 TEID-core-l:0x5 PFCP-peer:1.2.3.4 SEID-l:0x3 PDR-access:2 PDR-core:1 +DNFT INFO Added NFT ruleset to queue: n:1 strlen:381 +DNFT INFO Flushing NFT ruleset queue: reached max nr of rules: n:1 strlen:381 (flush count: 6 avg rules per flush: 1) [test override] nft_run_cmd_from_buffer(): delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x6 }; @@ -359,7 +376,8 @@ delete element inet osmo-upf tunmap-post { 6 }; delete chain inet osmo-upf tunmap-pre-6; delete chain inet osmo-upf tunmap-post-6; -DNFT DEBUG run nft ruleset: "delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x6 };\ndelete element inet osmo-upf tunmap-post { 5 };\ndelete chain inet osmo-upf tunmap-pre-5;\ndelete chain inet osmo-upf tunmap-post-5;\ndelete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x5 };\ndelete element inet osmo-upf tunmap-post { 6 };\ndelete chain inet osmo-upf tunmap-pre-6;\ndelete chain inet osmo-upf tunmap-post-6;\n" + +DNFT DEBUG ran nft ruleset, 381 chars: "delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x6 };\ndelete element inet osmo-upf tunmap-post { 5 };\ndelete chain inet osmo-upf tunmap-pre-5;\ndelete chain inet osmo-upf tunmap-post-5;\ndelete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x5 };\ndelete ..." DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x106 GTP-access-l:1.1.1.1 TEID-access-l:0x6 GTP-core-r:13.14.15.16 TEID-core-r:0x107 GTP-core-l:1.1.1.1 TEID-core-l:0x5 PFCP-peer:1.2.3.4 SEID-l:0x3 PDR-access:2 PDR-core:1: Disabled tunmap, nft chain IDs: access--5-> <-6--core DSESSION DEBUG up_session(1-2-3-4-0x3){ESTABLISHED}: Freeing instance DSESSION DEBUG up_session(1-2-3-4-0x3){ESTABLISHED}: Deallocated @@ -368,6 +386,8 @@ DSESSION DEBUG up_session(1-2-3-4-0x1){ESTABLISHED}: Removing from parent up_pee DSESSION DEBUG up_session(1-2-3-4-0x1){ESTABLISHED}: GTP actions: 1 previously active; want active: 0 DSESSION DEBUG up_session(1-2-3-4-0x1){ESTABLISHED}: active: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x104 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x105 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1 DSESSION DEBUG up_session(1-2-3-4-0x1){ESTABLISHED}: disabling: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x104 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x105 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1 +DNFT INFO Added NFT ruleset to queue: n:1 strlen:381 +DNFT INFO Flushing NFT ruleset queue: reached max nr of rules: n:1 strlen:381 (flush count: 7 avg rules per flush: 1) [test override] nft_run_cmd_from_buffer(): delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 }; @@ -379,7 +399,8 @@ delete element inet osmo-upf tunmap-post { 2 }; delete chain inet osmo-upf tunmap-pre-2; delete chain inet osmo-upf tunmap-post-2; -DNFT DEBUG run nft ruleset: "delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 };\ndelete element inet osmo-upf tunmap-post { 1 };\ndelete chain inet osmo-upf tunmap-pre-1;\ndelete chain inet osmo-upf tunmap-post-1;\ndelete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 };\ndelete element inet osmo-upf tunmap-post { 2 };\ndelete chain inet osmo-upf tunmap-pre-2;\ndelete chain inet osmo-upf tunmap-post-2;\n" + +DNFT DEBUG ran nft ruleset, 381 chars: "delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 };\ndelete element inet osmo-upf tunmap-post { 1 };\ndelete chain inet osmo-upf tunmap-pre-1;\ndelete chain inet osmo-upf tunmap-post-1;\ndelete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 };\ndelete ..." DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x104 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x105 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1: Disabled tunmap, nft chain IDs: access--1-> <-2--core DSESSION DEBUG up_session(1-2-3-4-0x1){ESTABLISHED}: Freeing instance DSESSION DEBUG up_session(1-2-3-4-0x1){ESTABLISHED}: Deallocated @@ -388,6 +409,8 @@ DSESSION DEBUG up_session(1-2-3-4-0x2){ESTABLISHED}: Removing from parent up_pee DSESSION DEBUG up_session(1-2-3-4-0x2){ESTABLISHED}: GTP actions: 1 previously active; want active: 0 DSESSION DEBUG up_session(1-2-3-4-0x2){ESTABLISHED}: active: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x102 GTP-access-l:1.1.1.1 TEID-access-l:0x4 GTP-core-r:13.14.15.16 TEID-core-r:0x103 GTP-core-l:1.1.1.1 TEID-core-l:0x3 PFCP-peer:1.2.3.4 SEID-l:0x2 PDR-access:2 PDR-core:1 DSESSION DEBUG up_session(1-2-3-4-0x2){ESTABLISHED}: disabling: GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x102 GTP-access-l:1.1.1.1 TEID-access-l:0x4 GTP-core-r:13.14.15.16 TEID-core-r:0x103 GTP-core-l:1.1.1.1 TEID-core-l:0x3 PFCP-peer:1.2.3.4 SEID-l:0x2 PDR-access:2 PDR-core:1 +DNFT INFO Added NFT ruleset to queue: n:1 strlen:381 +DNFT INFO Flushing NFT ruleset queue: reached max nr of rules: n:1 strlen:381 (flush count: 8 avg rules per flush: 1) [test override] nft_run_cmd_from_buffer(): delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x4 }; @@ -399,7 +422,8 @@ delete element inet osmo-upf tunmap-post { 4 }; delete chain inet osmo-upf tunmap-pre-4; delete chain inet osmo-upf tunmap-post-4; -DNFT DEBUG run nft ruleset: "delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x4 };\ndelete element inet osmo-upf tunmap-post { 3 };\ndelete chain inet osmo-upf tunmap-pre-3;\ndelete chain inet osmo-upf tunmap-post-3;\ndelete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x3 };\ndelete element inet osmo-upf tunmap-post { 4 };\ndelete chain inet osmo-upf tunmap-pre-4;\ndelete chain inet osmo-upf tunmap-post-4;\n" + +DNFT DEBUG ran nft ruleset, 381 chars: "delete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x4 };\ndelete element inet osmo-upf tunmap-post { 3 };\ndelete chain inet osmo-upf tunmap-pre-3;\ndelete chain inet osmo-upf tunmap-post-3;\ndelete element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x3 };\ndelete ..." DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x102 GTP-access-l:1.1.1.1 TEID-access-l:0x4 GTP-core-r:13.14.15.16 TEID-core-r:0x103 GTP-core-l:1.1.1.1 TEID-core-l:0x3 PFCP-peer:1.2.3.4 SEID-l:0x2 PDR-access:2 PDR-core:1: Disabled tunmap, nft chain IDs: access--3-> <-4--core DSESSION DEBUG up_session(1-2-3-4-0x2){ESTABLISHED}: Freeing instance DSESSION DEBUG up_session(1-2-3-4-0x2){ESTABLISHED}: Deallocated