4 * Copyright(c) 2010-2013 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #ifndef TEST_PMAC_ACL_H_
36 #define TEST_PMAC_ACL_H_
50 /* rules for invalid layout test */
51 struct rte_acl_ipv4vlan_rule invalid_layout_rules[] = {
52 /* test src and dst address */
54 .data = {.userdata = 1, .category_mask = 1},
55 .src_addr = IPv4(10,0,0,0),
59 .data = {.userdata = 2, .category_mask = 1},
60 .dst_addr = IPv4(10,0,0,0),
63 /* test src and dst ports */
65 .data = {.userdata = 3, .category_mask = 1},
70 .data = {.userdata = 4, .category_mask = 1},
76 .data = {.userdata = 5, .category_mask = 1},
81 .data = {.userdata = 6, .category_mask = 1},
87 /* these might look odd because they don't match up the rules. This is
88 * intentional, as the invalid layout test presumes returning the correct
89 * results using the wrong data layout.
91 struct ipv4_7tuple invalid_layout_data[] = {
92 {.ip_src = IPv4(10,0,1,0)}, /* should not match */
93 {.ip_src = IPv4(10,0,0,1), .allow = 2}, /* should match 2 */
94 {.port_src = 100, .allow = 4}, /* should match 4 */
95 {.port_dst = 0xf, .allow = 6}, /* should match 6 */
100 #define ACL_ALLOW_MASK 0x1
101 #define ACL_DENY_MASK 0x2
103 /* ruleset for ACL unit test */
104 struct rte_acl_ipv4vlan_rule acl_test_rules[] = {
105 /* destination IP addresses */
106 /* matches all packets traveling to 192.168.0.0/16 */
108 .data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK,
110 .dst_addr = IPv4(192,168,0,0),
113 .src_port_high = 0xffff,
115 .dst_port_high = 0xffff,
117 /* matches all packets traveling to 192.168.1.0/24 */
119 .data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK,
121 .dst_addr = IPv4(192,168,1,0),
124 .src_port_high = 0xffff,
126 .dst_port_high = 0xffff,
128 /* matches all packets traveling to 192.168.1.50 */
130 .data = {.userdata = 3, .category_mask = ACL_DENY_MASK,
132 .dst_addr = IPv4(192,168,1,50),
135 .src_port_high = 0xffff,
137 .dst_port_high = 0xffff,
140 /* source IP addresses */
141 /* matches all packets traveling from 10.0.0.0/8 */
143 .data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK,
145 .src_addr = IPv4(10,0,0,0),
148 .src_port_high = 0xffff,
150 .dst_port_high = 0xffff,
152 /* matches all packets traveling from 10.1.1.0/24 */
154 .data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK,
156 .src_addr = IPv4(10,1,1,0),
159 .src_port_high = 0xffff,
161 .dst_port_high = 0xffff,
163 /* matches all packets traveling from 10.1.1.1 */
165 .data = {.userdata = 6, .category_mask = ACL_DENY_MASK,
167 .src_addr = IPv4(10,1,1,1),
170 .src_port_high = 0xffff,
172 .dst_port_high = 0xffff,
176 /* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */
178 .data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK,
183 .src_port_high = 0xffff,
185 .dst_port_high = 0xffff,
187 /* matches all packets with VLAN tags that have 0x5 in them */
189 .data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK,
194 .src_port_high = 0xffff,
196 .dst_port_high = 0xffff,
198 /* matches all packets with VLAN tag 5 */
200 .data = {.userdata = 9, .category_mask = ACL_DENY_MASK,
205 .src_port_high = 0xffff,
207 .dst_port_high = 0xffff,
211 /* matches all packets with lower 7 bytes of domain equal to 0x64 */
213 .data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK,
218 .src_port_high = 0xffff,
220 .dst_port_high = 0xffff,
222 /* matches all packets with domains that have 0x5 in them */
224 .data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK,
229 .src_port_high = 0xffff,
231 .dst_port_high = 0xffff,
233 /* matches all packets with domain 5 */
235 .data = {.userdata = 12, .category_mask = ACL_DENY_MASK,
238 .domain_mask = 0xffff,
240 .src_port_high = 0xffff,
242 .dst_port_high = 0xffff,
245 /* destination port */
246 /* matches everything with dst port 80 */
248 .data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK,
253 .src_port_high = 0xffff,
255 /* matches everything with dst port 22-1023 */
257 .data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK,
260 .dst_port_high = 1023,
262 .src_port_high = 0xffff,
264 /* matches everything with dst port 1020 */
266 .data = {.userdata = 15, .category_mask = ACL_DENY_MASK,
268 .dst_port_low = 1020,
269 .dst_port_high = 1020,
271 .src_port_high = 0xffff,
273 /* matches everything with dst portrange 1000-2000 */
275 .data = {.userdata = 16, .category_mask = ACL_DENY_MASK,
277 .dst_port_low = 1000,
278 .dst_port_high = 2000,
280 .src_port_high = 0xffff,
284 /* matches everything with src port 80 */
286 .data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK,
291 .dst_port_high = 0xffff,
293 /* matches everything with src port 22-1023 */
295 .data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK,
298 .src_port_high = 1023,
300 .dst_port_high = 0xffff,
302 /* matches everything with src port 1020 */
304 .data = {.userdata = 19, .category_mask = ACL_DENY_MASK,
306 .src_port_low = 1020,
307 .src_port_high = 1020,
309 .dst_port_high = 0xffff,
311 /* matches everything with src portrange 1000-2000 */
313 .data = {.userdata = 20, .category_mask = ACL_DENY_MASK,
315 .src_port_low = 1000,
316 .src_port_high = 2000,
318 .dst_port_high = 0xffff,
321 /* protocol number */
322 /* matches all packets with protocol number either 0x64 or 0xE4 */
324 .data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK,
329 .src_port_high = 0xffff,
331 .dst_port_high = 0xffff,
333 /* matches all packets with protocol that have 0x5 in them */
335 .data = {.userdata = 22, .category_mask = ACL_ALLOW_MASK,
340 .src_port_high = 0xffff,
342 .dst_port_high = 0xffff,
344 /* matches all packets with protocol 5 */
346 .data = {.userdata = 23, .category_mask = ACL_DENY_MASK,
351 .src_port_high = 0xffff,
353 .dst_port_high = 0xffff,
356 /* rules combining various fields */
358 .data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK,
360 /** make sure that unmasked bytes don't fail! */
361 .dst_addr = IPv4(1,2,3,4),
363 .src_addr = IPv4(5,6,7,8),
368 .src_port_high = 0xffff,
370 .dst_port_high = 1024,
374 .domain_mask = 0xffff,
377 .data = {.userdata = 25, .category_mask = ACL_DENY_MASK,
379 .dst_addr = IPv4(5,6,7,8),
381 .src_addr = IPv4(1,2,3,4),
386 .src_port_high = 0xffff,
388 .dst_port_high = 1024,
392 .domain_mask = 0xffff,
395 .data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK,
397 .dst_addr = IPv4(1,2,3,4),
399 .src_addr = IPv4(5,6,7,8),
404 .src_port_high = 0xffff,
406 .dst_port_high = 1024,
411 .data = {.userdata = 27, .category_mask = ACL_DENY_MASK,
413 .dst_addr = IPv4(5,6,7,8),
415 .src_addr = IPv4(1,2,3,4),
420 .src_port_high = 0xffff,
422 .dst_port_high = 1024,
428 /* data for ACL unit test */
429 struct ipv4_7tuple acl_test_data[] = {
430 /* testing single rule aspects */
431 {.ip_src = IPv4(10,0,0,0), .allow = 4}, /* should match 4 */
432 {.ip_src = IPv4(10,1,1,2), .allow = 5}, /* should match 5 */
433 {.ip_src = IPv4(10,1,1,1), .allow = 5,
434 .deny = 6}, /* should match 5, 6 */
435 {.ip_dst = IPv4(10,0,0,0)}, /* should not match */
436 {.ip_dst = IPv4(10,1,1,2)}, /* should not match */
437 {.ip_dst = IPv4(10,1,1,1)}, /* should not match */
439 {.ip_src = IPv4(192,168,2,50)}, /* should not match */
440 {.ip_src = IPv4(192,168,1,2)}, /* should not match */
441 {.ip_src = IPv4(192,168,1,50)}, /* should not match */
442 {.ip_dst = IPv4(192,168,2,50), .allow = 1}, /* should match 1 */
443 {.ip_dst = IPv4(192,168,1,49), .allow = 2}, /* should match 2 */
444 {.ip_dst = IPv4(192,168,1,50), .allow = 2,
445 .deny = 3}, /* should match 2, 3 */
447 {.vlan = 0x64, .allow = 7}, /* should match 7 */
448 {.vlan = 0xfE4, .allow = 7}, /* should match 7 */
449 {.vlan = 0xE2}, /* should not match */
450 {.vlan = 0xD, .allow = 8}, /* should match 8 */
451 {.vlan = 0x6}, /* should not match */
452 {.vlan = 0x5, .allow = 8, .deny = 9}, /* should match 8, 9 */
454 {.domain = 0x64, .allow = 10}, /* should match 10 */
455 {.domain = 0xfE4, .allow = 10}, /* should match 10 */
456 {.domain = 0xE2}, /* should not match */
457 {.domain = 0xD, .allow = 11}, /* should match 11 */
458 {.domain = 0x6}, /* should not match */
459 {.domain = 0x5, .allow = 11, .deny = 12}, /* should match 11, 12 */
461 {.port_dst = 80, .allow = 13}, /* should match 13 */
462 {.port_dst = 79, .allow = 14}, /* should match 14 */
463 {.port_dst = 81, .allow = 14}, /* should match 14 */
464 {.port_dst = 21}, /* should not match */
465 {.port_dst = 1024, .deny = 16}, /* should match 16 */
466 {.port_dst = 1020, .allow = 14, .deny = 15}, /* should match 14, 15 */
468 {.port_src = 80, .allow = 17}, /* should match 17 */
469 {.port_src = 79, .allow = 18}, /* should match 18 */
470 {.port_src = 81, .allow = 18}, /* should match 18 */
471 {.port_src = 21}, /* should not match */
472 {.port_src = 1024, .deny = 20}, /* should match 20 */
473 {.port_src = 1020, .allow = 18, .deny = 19}, /* should match 18, 19 */
475 {.proto = 0x64, .allow = 21}, /* should match 21 */
476 {.proto = 0xE4, .allow = 21}, /* should match 21 */
477 {.proto = 0xE2}, /* should not match */
478 {.proto = 0xD, .allow = 22}, /* should match 22 */
479 {.proto = 0x6}, /* should not match */
480 {.proto = 0x5, .allow = 22, .deny = 23}, /* should match 22, 23 */
482 /* testing matching multiple rules at once */
483 {.vlan = 0x5, .ip_src = IPv4(10,1,1,1),
484 .allow = 5, .deny = 9}, /* should match 5, 9 */
485 {.vlan = 0x5, .ip_src = IPv4(192,168,2,50),
486 .allow = 8, .deny = 9}, /* should match 8, 9 */
487 {.vlan = 0x55, .ip_src = IPv4(192,168,1,49),
488 .allow = 8}, /* should match 8 */
489 {.port_dst = 80, .port_src = 1024,
490 .allow = 13, .deny = 20}, /* should match 13,20 */
491 {.port_dst = 79, .port_src = 1024,
492 .allow = 14, .deny = 20}, /* should match 14,20 */
493 {.proto = 0x5, .ip_dst = IPv4(192,168,2,50),
494 .allow = 1, .deny = 23}, /* should match 1, 23 */
496 {.proto = 0x5, .ip_dst = IPv4(192,168,1,50),
497 .allow = 2, .deny = 23}, /* should match 2, 23 */
498 {.vlan = 0x64, .domain = 0x5,
499 .allow = 11, .deny = 12}, /* should match 11, 12 */
500 {.proto = 0x5, .port_src = 80,
501 .allow = 17, .deny = 23}, /* should match 17, 23 */
502 {.proto = 0x5, .port_dst = 80,
503 .allow = 13, .deny = 23}, /* should match 13, 23 */
504 {.proto = 0x51, .port_src = 5000}, /* should not match */
505 {.ip_src = IPv4(192,168,1,50),
506 .ip_dst = IPv4(10,0,0,0),
509 .port_dst = 5000}, /* should not match */
511 /* test full packet rules */
513 .ip_dst = IPv4(1,2,100,200),
514 .ip_src = IPv4(5,6,7,254),
522 }, /* should match 23, 24 */
524 .ip_dst = IPv4(5,6,7,254),
525 .ip_src = IPv4(1,2,100,200),
533 }, /* should match 13, 25 */
535 .ip_dst = IPv4(1,10,20,30),
536 .ip_src = IPv4(5,6,7,8),
543 }, /* should match 23, 26 */
545 .ip_dst = IPv4(5,6,7,8),
546 .ip_src = IPv4(1,10,20,30),
553 }, /* should match 13, 27 */
555 .ip_dst = IPv4(2,2,3,4),
556 .ip_src = IPv4(4,6,7,8),
563 }, /* should match 13, 23 */
565 .ip_dst = IPv4(1,2,3,4),
566 .ip_src = IPv4(4,6,7,8),
573 }, /* should match 13, 23 */
576 /* visual separator! */
578 .ip_dst = IPv4(1,2,100,200),
579 .ip_src = IPv4(5,6,7,254),
586 }, /* should match 10 */
588 .ip_dst = IPv4(5,6,7,254),
589 .ip_src = IPv4(1,2,100,200),
596 }, /* should match 10 */
598 .ip_dst = IPv4(1,10,20,30),
599 .ip_src = IPv4(5,6,7,8),
605 }, /* should match 7 */
607 .ip_dst = IPv4(5,6,7,8),
608 .ip_src = IPv4(1,10,20,30),
614 }, /* should match 7 */
616 .ip_dst = IPv4(2,2,3,4),
617 .ip_src = IPv4(4,6,7,8),
623 }, /* should match 7 */
625 .ip_dst = IPv4(1,2,3,4),
626 .ip_src = IPv4(4,6,7,8),
631 }, /* should not match */
634 #endif /* TEST_PMAC_ACL_H_ */