1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2010-2014 Intel Corporation
6 #include <rte_string_fns.h>
7 #include <rte_hexdump.h>
8 #include "test_table.h"
9 #include "test_table_acl.h"
12 * Rule and trace formats definitions.
32 struct rte_acl_field_def ipv4_defs[NUM_FIELDS_IPV4] = {
34 .type = RTE_ACL_FIELD_TYPE_BITMASK,
35 .size = sizeof(uint8_t),
36 .field_index = PROTO_FIELD_IPV4,
37 .input_index = PROTO_FIELD_IPV4,
38 .offset = offsetof(struct ipv4_5tuple, proto),
41 .type = RTE_ACL_FIELD_TYPE_MASK,
42 .size = sizeof(uint32_t),
43 .field_index = SRC_FIELD_IPV4,
44 .input_index = SRC_FIELD_IPV4,
45 .offset = offsetof(struct ipv4_5tuple, ip_src),
48 .type = RTE_ACL_FIELD_TYPE_MASK,
49 .size = sizeof(uint32_t),
50 .field_index = DST_FIELD_IPV4,
51 .input_index = DST_FIELD_IPV4,
52 .offset = offsetof(struct ipv4_5tuple, ip_dst),
55 .type = RTE_ACL_FIELD_TYPE_RANGE,
56 .size = sizeof(uint16_t),
57 .field_index = SRCP_FIELD_IPV4,
58 .input_index = SRCP_FIELD_IPV4,
59 .offset = offsetof(struct ipv4_5tuple, port_src),
62 .type = RTE_ACL_FIELD_TYPE_RANGE,
63 .size = sizeof(uint16_t),
64 .field_index = DSTP_FIELD_IPV4,
65 .input_index = SRCP_FIELD_IPV4,
66 .offset = offsetof(struct ipv4_5tuple, port_dst),
70 struct rte_table_acl_rule_add_params table_acl_IPv4_rule;
72 typedef int (*parse_5tuple)(char *text,
73 struct rte_table_acl_rule_add_params *rule);
76 * The order of the fields in the rule string after the initial '@'
81 CB_FLD_SRC_PORT_RANGE,
82 CB_FLD_DST_PORT_RANGE,
88 #define GET_CB_FIELD(in, fd, base, lim, dlm) \
94 val = strtoul((in), &end, (base)); \
95 if (errno != 0 || end[0] != (dlm) || val > (lim)) \
97 (fd) = (typeof(fd)) val; \
105 parse_ipv4_net(const char *in, uint32_t *addr, uint32_t *mask_len)
107 uint8_t a, b, c, d, m;
109 GET_CB_FIELD(in, a, 0, UINT8_MAX, '.');
110 GET_CB_FIELD(in, b, 0, UINT8_MAX, '.');
111 GET_CB_FIELD(in, c, 0, UINT8_MAX, '.');
112 GET_CB_FIELD(in, d, 0, UINT8_MAX, '/');
113 GET_CB_FIELD(in, m, 0, sizeof(uint32_t) * CHAR_BIT, 0);
115 addr[0] = RTE_IPV4(a, b, c, d);
122 parse_port_range(const char *in, uint16_t *port_low, uint16_t *port_high)
126 GET_CB_FIELD(in, a, 0, UINT16_MAX, ':');
127 GET_CB_FIELD(in, b, 0, UINT16_MAX, 0);
136 parse_cb_ipv4_rule(char *str, struct rte_table_acl_rule_add_params *v)
139 char *s, *sp, *in[CB_FLD_NUM];
140 static const char *dlm = " \t\n";
145 if (strchr(str, '@') != str)
151 * Populate the 'in' array with the location of each
152 * field in the string we're parsing
154 for (i = 0; i != DIM(in); i++) {
155 in[i] = strtok_r(s, dlm, &sp);
161 /* Parse x.x.x.x/x */
162 rc = parse_ipv4_net(in[CB_FLD_SRC_ADDR],
163 &v->field_value[SRC_FIELD_IPV4].value.u32,
164 &v->field_value[SRC_FIELD_IPV4].mask_range.u32);
166 RTE_LOG(ERR, PIPELINE, "failed to read src address/mask: %s\n",
167 in[CB_FLD_SRC_ADDR]);
171 printf("V=%u, mask=%u\n", v->field_value[SRC_FIELD_IPV4].value.u32,
172 v->field_value[SRC_FIELD_IPV4].mask_range.u32);
174 /* Parse x.x.x.x/x */
175 rc = parse_ipv4_net(in[CB_FLD_DST_ADDR],
176 &v->field_value[DST_FIELD_IPV4].value.u32,
177 &v->field_value[DST_FIELD_IPV4].mask_range.u32);
179 RTE_LOG(ERR, PIPELINE, "failed to read dest address/mask: %s\n",
180 in[CB_FLD_DST_ADDR]);
184 printf("V=%u, mask=%u\n", v->field_value[DST_FIELD_IPV4].value.u32,
185 v->field_value[DST_FIELD_IPV4].mask_range.u32);
187 rc = parse_port_range(in[CB_FLD_SRC_PORT_RANGE],
188 &v->field_value[SRCP_FIELD_IPV4].value.u16,
189 &v->field_value[SRCP_FIELD_IPV4].mask_range.u16);
191 RTE_LOG(ERR, PIPELINE, "failed to read source port range: %s\n",
192 in[CB_FLD_SRC_PORT_RANGE]);
196 printf("V=%u, mask=%u\n", v->field_value[SRCP_FIELD_IPV4].value.u16,
197 v->field_value[SRCP_FIELD_IPV4].mask_range.u16);
199 rc = parse_port_range(in[CB_FLD_DST_PORT_RANGE],
200 &v->field_value[DSTP_FIELD_IPV4].value.u16,
201 &v->field_value[DSTP_FIELD_IPV4].mask_range.u16);
203 RTE_LOG(ERR, PIPELINE, "failed to read dest port range: %s\n",
204 in[CB_FLD_DST_PORT_RANGE]);
208 printf("V=%u, mask=%u\n", v->field_value[DSTP_FIELD_IPV4].value.u16,
209 v->field_value[DSTP_FIELD_IPV4].mask_range.u16);
211 GET_CB_FIELD(in[CB_FLD_PROTO],
212 v->field_value[PROTO_FIELD_IPV4].value.u8,
214 GET_CB_FIELD(in[CB_FLD_PROTO],
215 v->field_value[PROTO_FIELD_IPV4].mask_range.u8,
218 printf("V=%u, mask=%u\n",
219 (unsigned int)v->field_value[PROTO_FIELD_IPV4].value.u8,
220 v->field_value[PROTO_FIELD_IPV4].mask_range.u8);
225 parse_cb_ipv4_rule_del(char *str, struct rte_table_acl_rule_delete_params *v)
228 char *s, *sp, *in[CB_FLD_NUM];
229 static const char *dlm = " \t\n";
234 if (strchr(str, '@') != str)
240 * Populate the 'in' array with the location of each
241 * field in the string we're parsing
243 for (i = 0; i != DIM(in); i++) {
244 in[i] = strtok_r(s, dlm, &sp);
250 /* Parse x.x.x.x/x */
251 rc = parse_ipv4_net(in[CB_FLD_SRC_ADDR],
252 &v->field_value[SRC_FIELD_IPV4].value.u32,
253 &v->field_value[SRC_FIELD_IPV4].mask_range.u32);
255 RTE_LOG(ERR, PIPELINE, "failed to read src address/mask: %s\n",
256 in[CB_FLD_SRC_ADDR]);
260 printf("V=%u, mask=%u\n", v->field_value[SRC_FIELD_IPV4].value.u32,
261 v->field_value[SRC_FIELD_IPV4].mask_range.u32);
263 /* Parse x.x.x.x/x */
264 rc = parse_ipv4_net(in[CB_FLD_DST_ADDR],
265 &v->field_value[DST_FIELD_IPV4].value.u32,
266 &v->field_value[DST_FIELD_IPV4].mask_range.u32);
268 RTE_LOG(ERR, PIPELINE, "failed to read dest address/mask: %s\n",
269 in[CB_FLD_DST_ADDR]);
273 printf("V=%u, mask=%u\n", v->field_value[DST_FIELD_IPV4].value.u32,
274 v->field_value[DST_FIELD_IPV4].mask_range.u32);
276 rc = parse_port_range(in[CB_FLD_SRC_PORT_RANGE],
277 &v->field_value[SRCP_FIELD_IPV4].value.u16,
278 &v->field_value[SRCP_FIELD_IPV4].mask_range.u16);
280 RTE_LOG(ERR, PIPELINE, "failed to read source port range: %s\n",
281 in[CB_FLD_SRC_PORT_RANGE]);
285 printf("V=%u, mask=%u\n", v->field_value[SRCP_FIELD_IPV4].value.u16,
286 v->field_value[SRCP_FIELD_IPV4].mask_range.u16);
288 rc = parse_port_range(in[CB_FLD_DST_PORT_RANGE],
289 &v->field_value[DSTP_FIELD_IPV4].value.u16,
290 &v->field_value[DSTP_FIELD_IPV4].mask_range.u16);
292 RTE_LOG(ERR, PIPELINE, "failed to read dest port range: %s\n",
293 in[CB_FLD_DST_PORT_RANGE]);
297 printf("V=%u, mask=%u\n", v->field_value[DSTP_FIELD_IPV4].value.u16,
298 v->field_value[DSTP_FIELD_IPV4].mask_range.u16);
300 GET_CB_FIELD(in[CB_FLD_PROTO],
301 v->field_value[PROTO_FIELD_IPV4].value.u8,
303 GET_CB_FIELD(in[CB_FLD_PROTO],
304 v->field_value[PROTO_FIELD_IPV4].mask_range.u8,
307 printf("V=%u, mask=%u\n",
308 (unsigned int)v->field_value[PROTO_FIELD_IPV4].value.u8,
309 v->field_value[PROTO_FIELD_IPV4].mask_range.u8);
314 * The format for these rules DO NOT need the port ranges to be
315 * separated by ' : ', just ':'. It's a lot more readable and
318 char lines[][128] = {
319 "@0.0.0.0/0 0.0.0.0/0 0:65535 0:65535 2/0xff", /* Protocol check */
320 "@192.168.3.1/32 0.0.0.0/0 0:65535 0:65535 0/0", /* Src IP checl */
321 "@0.0.0.0/0 10.4.4.1/32 0:65535 0:65535 0/0", /* dst IP check */
322 "@0.0.0.0/0 0.0.0.0/0 105:105 0:65535 0/0", /* src port check */
323 "@0.0.0.0/0 0.0.0.0/0 0:65535 206:206 0/0", /* dst port check */
330 setup_acl_pipeline(void)
334 struct rte_pipeline_params pipeline_params = {
339 struct rte_table_acl_rule_add_params rule_params;
340 struct rte_pipeline_table_acl_rule_delete_params *delete_params;
344 /* Pipeline configuration */
345 p = rte_pipeline_create(&pipeline_params);
347 RTE_LOG(INFO, PIPELINE, "%s: Failed to configure pipeline\n",
352 /* Input port configuration */
353 for (i = 0; i < N_PORTS; i++) {
354 struct rte_port_ring_reader_params port_ring_params = {
358 struct rte_pipeline_port_in_params port_params = {
359 .ops = &rte_port_ring_reader_ops,
360 .arg_create = (void *) &port_ring_params,
362 .burst_size = BURST_SIZE,
365 /* Put in action for some ports */
367 port_params.f_action = port_in_action;
369 ret = rte_pipeline_port_in_create(p, &port_params,
372 rte_panic("Unable to configure input port %d, ret:%d\n",
378 /* output Port configuration */
379 for (i = 0; i < N_PORTS; i++) {
380 struct rte_port_ring_writer_params port_ring_params = {
382 .tx_burst_sz = BURST_SIZE,
385 struct rte_pipeline_port_out_params port_params = {
386 .ops = &rte_port_ring_writer_ops,
387 .arg_create = (void *) &port_ring_params,
393 if (rte_pipeline_port_out_create(p, &port_params,
395 rte_panic("Unable to configure output port %d\n", i);
400 /* Table configuration */
401 for (i = 0; i < N_PORTS; i++) {
402 struct rte_pipeline_table_params table_params;
404 /* Set up defaults for stub */
405 table_params.ops = &rte_table_stub_ops;
406 table_params.arg_create = NULL;
407 table_params.f_action_hit = action_handler_hit;
408 table_params.f_action_miss = NULL;
409 table_params.action_data_size = 0;
411 RTE_LOG(INFO, PIPELINE, "miss_action=%x\n",
412 table_entry_miss_action);
414 printf("RTE_ACL_RULE_SZ(%zu) = %zu\n", DIM(ipv4_defs),
415 RTE_ACL_RULE_SZ(DIM(ipv4_defs)));
417 struct rte_table_acl_params acl_params;
419 acl_params.n_rules = 1 << 5;
420 acl_params.n_rule_fields = DIM(ipv4_defs);
421 snprintf(acl_name, sizeof(acl_name), "ACL%d", i);
422 acl_params.name = acl_name;
423 memcpy(acl_params.field_format, ipv4_defs, sizeof(ipv4_defs));
425 table_params.ops = &rte_table_acl_ops;
426 table_params.arg_create = &acl_params;
428 if (rte_pipeline_table_create(p, &table_params, &table_id[i])) {
429 rte_panic("Unable to configure table %u\n", i);
433 if (connect_miss_action_to_table) {
434 if (rte_pipeline_table_create(p, &table_params,
436 rte_panic("Unable to configure table %u\n", i);
442 for (i = 0; i < N_PORTS; i++) {
443 if (rte_pipeline_port_in_connect_to_table(p, port_in_id[i],
445 rte_panic("Unable to connect input port %u to "
447 port_in_id[i], table_id[i]);
452 /* Add bulk entries to tables */
453 for (i = 0; i < N_PORTS; i++) {
454 struct rte_table_acl_rule_add_params keys[5];
455 struct rte_pipeline_table_entry entries[5];
456 struct rte_table_acl_rule_add_params *key_array[5];
457 struct rte_pipeline_table_entry *table_entries[5];
459 struct rte_pipeline_table_entry *table_entries_ptr[5];
460 struct rte_pipeline_table_entry entries_ptr[5];
462 parser = parse_cb_ipv4_rule;
463 for (n = 0; n < 5; n++) {
464 memset(&keys[n], 0, sizeof(struct rte_table_acl_rule_add_params));
465 key_array[n] = &keys[n];
467 strlcpy(line, lines[n], sizeof(line));
468 printf("PARSING [%s]\n", line);
470 ret = parser(line, &keys[n]);
472 RTE_LOG(ERR, PIPELINE,
473 "line %u: parse_cb_ipv4vlan_rule"
474 " failed, error code: %d (%s)\n",
475 n, ret, strerror(-ret));
479 keys[n].priority = RTE_ACL_MAX_PRIORITY - n - 1;
481 entries[n].action = RTE_PIPELINE_ACTION_PORT;
482 entries[n].port_id = port_out_id[i^1];
483 table_entries[n] = &entries[n];
484 table_entries_ptr[n] = &entries_ptr[n];
487 ret = rte_pipeline_table_entry_add_bulk(p, table_id[i],
488 (void **)key_array, table_entries, 5, key_found, table_entries_ptr);
490 rte_panic("Add entry bulk to table %u failed (%d)\n",
496 /* Delete bulk entries from tables */
497 for (i = 0; i < N_PORTS; i++) {
498 struct rte_table_acl_rule_delete_params keys[5];
499 struct rte_table_acl_rule_delete_params *key_array[5];
500 struct rte_pipeline_table_entry *table_entries[5];
503 memset(table_entries, 0, sizeof(table_entries));
505 for (n = 0; n < 5; n++) {
506 memset(&keys[n], 0, sizeof(struct rte_table_acl_rule_delete_params));
507 key_array[n] = &keys[n];
509 strlcpy(line, lines[n], sizeof(line));
510 printf("PARSING [%s]\n", line);
512 ret = parse_cb_ipv4_rule_del(line, &keys[n]);
514 RTE_LOG(ERR, PIPELINE,
515 "line %u: parse_cb_ipv4vlan_rule"
516 " failed, error code: %d (%s)\n",
517 n, ret, strerror(-ret));
522 ret = rte_pipeline_table_entry_delete_bulk(p, table_id[i],
523 (void **)key_array, 5, key_found, table_entries);
525 rte_panic("Delete bulk entries from table %u failed (%d)\n",
529 printf("Bulk deleted rules.\n");
532 /* Add entries to tables */
533 for (i = 0; i < N_PORTS; i++) {
534 struct rte_pipeline_table_entry table_entry = {
535 .action = RTE_PIPELINE_ACTION_PORT,
536 {.port_id = port_out_id[i^1]},
539 struct rte_pipeline_table_entry *entry_ptr;
541 memset(&rule_params, 0, sizeof(rule_params));
542 parser = parse_cb_ipv4_rule;
544 for (n = 1; n <= 5; n++) {
545 strlcpy(line, lines[n - 1], sizeof(line));
546 printf("PARSING [%s]\n", line);
548 ret = parser(line, &rule_params);
550 RTE_LOG(ERR, PIPELINE,
551 "line %u: parse_cb_ipv4vlan_rule"
552 " failed, error code: %d (%s)\n",
553 n, ret, strerror(-ret));
557 rule_params.priority = RTE_ACL_MAX_PRIORITY - n;
559 ret = rte_pipeline_table_entry_add(p, table_id[i],
561 &table_entry, &key_found, &entry_ptr);
563 rte_panic("Add entry to table %u failed (%d)\n",
569 /* delete a few rules */
570 for (n = 2; n <= 3; n++) {
571 strlcpy(line, lines[n - 1], sizeof(line));
572 printf("PARSING [%s]\n", line);
574 ret = parser(line, &rule_params);
576 RTE_LOG(ERR, PIPELINE, "line %u: parse rule "
577 " failed, error code: %d (%s)\n",
578 n, ret, strerror(-ret));
582 delete_params = (struct
583 rte_pipeline_table_acl_rule_delete_params *)
584 &(rule_params.field_value[0]);
585 ret = rte_pipeline_table_entry_delete(p, table_id[i],
586 delete_params, &key_found, NULL);
588 rte_panic("Add entry to table %u failed (%d)\n",
592 printf("Deleted Rule.\n");
596 /* Try to add duplicates */
597 for (n = 1; n <= 5; n++) {
598 strlcpy(line, lines[n - 1], sizeof(line));
599 printf("PARSING [%s]\n", line);
601 ret = parser(line, &rule_params);
603 RTE_LOG(ERR, PIPELINE, "line %u: parse rule"
604 " failed, error code: %d (%s)\n",
605 n, ret, strerror(-ret));
609 rule_params.priority = RTE_ACL_MAX_PRIORITY - n;
611 ret = rte_pipeline_table_entry_add(p, table_id[i],
613 &table_entry, &key_found, &entry_ptr);
615 rte_panic("Add entry to table %u failed (%d)\n",
622 /* Enable input ports */
623 for (i = 0; i < N_PORTS ; i++)
624 if (rte_pipeline_port_in_enable(p, port_in_id[i]))
625 rte_panic("Unable to enable input port %u\n",
628 /* Check pipeline consistency */
629 if (rte_pipeline_check(p) < 0) {
630 rte_panic("Pipeline consistency check failed\n");
641 test_pipeline_single_filter(int expected_count)
643 int i, j, ret, tx_count;
644 struct ipv4_5tuple five_tuple;
646 /* Allocate a few mbufs and manually insert into the rings. */
647 for (i = 0; i < N_PORTS; i++) {
648 for (j = 0; j < 8; j++) {
649 struct rte_mbuf *mbuf;
651 mbuf = rte_pktmbuf_alloc(pool);
653 /* this will cause test failure after cleanup
654 * of already enqueued mbufs, as the mbuf
655 * counts won't match */
657 memset(rte_pktmbuf_mtod(mbuf, char *), 0x00,
658 sizeof(struct ipv4_5tuple));
660 five_tuple.proto = j;
661 five_tuple.ip_src = rte_bswap32(RTE_IPV4(192, 168, j, 1));
662 five_tuple.ip_dst = rte_bswap32(RTE_IPV4(10, 4, j, 1));
663 five_tuple.port_src = rte_bswap16(100 + j);
664 five_tuple.port_dst = rte_bswap16(200 + j);
666 memcpy(rte_pktmbuf_mtod(mbuf, char *), &five_tuple,
667 sizeof(struct ipv4_5tuple));
668 RTE_LOG(INFO, PIPELINE, "%s: Enqueue onto ring %d\n",
670 rte_ring_enqueue(rings_rx[i], mbuf);
674 /* Run pipeline once */
675 for (i = 0; i< N_PORTS; i++)
678 rte_pipeline_flush(p);
682 for (i = 0; i < N_PORTS; i++) {
683 void *objs[RING_TX_SIZE];
684 struct rte_mbuf *mbuf;
686 ret = rte_ring_sc_dequeue_burst(rings_tx[i], objs, 10, NULL);
688 printf("Got no objects from ring %d - error code %d\n",
691 printf("Got %d object(s) from ring %d!\n", ret, i);
692 for (j = 0; j < ret; j++) {
694 rte_hexdump(stdout, "mbuf",
695 rte_pktmbuf_mtod(mbuf, char *), 64);
696 rte_pktmbuf_free(mbuf);
702 if (tx_count != expected_count) {
703 RTE_LOG(INFO, PIPELINE,
704 "%s: Unexpected packets for ACL test, "
705 "expected %d, got %d\n",
706 __func__, expected_count, tx_count);
710 rte_pipeline_free(p);
723 override_hit_mask = 0xFF; /* All packets are a hit */
725 setup_acl_pipeline();
726 if (test_pipeline_single_filter(10) < 0)
git.droids-corp.org / dpdk.git / blob