4 * Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 #include <sys/types.h>
40 #include <sys/queue.h>
45 #include <rte_common.h>
46 #include <rte_byteorder.h>
48 #include <rte_memory.h>
49 #include <rte_memcpy.h>
50 #include <rte_memzone.h>
51 #include <rte_tailq.h>
53 #include <rte_per_lcore.h>
54 #include <rte_launch.h>
55 #include <rte_atomic.h>
56 #include <rte_cycles.h>
57 #include <rte_prefetch.h>
58 #include <rte_lcore.h>
59 #include <rte_per_lcore.h>
60 #include <rte_branch_prediction.h>
61 #include <rte_interrupts.h>
63 #include <rte_random.h>
64 #include <rte_debug.h>
65 #include <rte_ether.h>
66 #include <rte_ethdev.h>
68 #include <rte_mempool.h>
73 #include <rte_string_fns.h>
78 #define DO_RFC_1812_CHECKS
80 #define RTE_LOGTYPE_L3FWD RTE_LOGTYPE_USER1
82 #define MAX_JUMBO_PKT_LEN 9600
84 #define MEMPOOL_CACHE_SIZE 256
86 #define MBUF_SIZE (2048 + sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM)
89 * This expression is used to calculate the number of mbufs needed
90 * depending on user input, taking into account memory for rx and tx hardware
91 * rings, cache per lcore and mtable per port per lcore.
92 * RTE_MAX is used to ensure that NB_MBUF never goes below a
93 * minimum value of 8192
96 #define NB_MBUF RTE_MAX(\
97 (nb_ports * nb_rx_queue*RTE_TEST_RX_DESC_DEFAULT + \
98 nb_ports * nb_lcores * MAX_PKT_BURST + \
99 nb_ports * n_tx_queue * RTE_TEST_TX_DESC_DEFAULT + \
100 nb_lcores * MEMPOOL_CACHE_SIZE), \
104 * RX and TX Prefetch, Host, and Write-back threshold values should be
105 * carefully set for optimal performance. Consult the network
106 * controller's datasheet and supporting DPDK documentation for guidance
107 * on how these parameters should be set.
109 #define RX_PTHRESH 8 /**< Default values of RX prefetch threshold reg. */
110 #define RX_HTHRESH 8 /**< Default values of RX host threshold reg. */
111 #define RX_WTHRESH 4 /**< Default values of RX write-back threshold reg. */
114 * These default values are optimized for use with the Intel(R) 82599 10 GbE
115 * Controller and the DPDK ixgbe PMD. Consider using other values for other
116 * network controllers and/or network drivers.
118 #define TX_PTHRESH 36 /**< Default values of TX prefetch threshold reg. */
119 #define TX_HTHRESH 0 /**< Default values of TX host threshold reg. */
120 #define TX_WTHRESH 0 /**< Default values of TX write-back threshold reg. */
122 #define MAX_PKT_BURST 32
123 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
127 /* Configure how many packets ahead to prefetch, when reading packets */
128 #define PREFETCH_OFFSET 3
131 * Configurable number of RX/TX ring descriptors
133 #define RTE_TEST_RX_DESC_DEFAULT 128
134 #define RTE_TEST_TX_DESC_DEFAULT 512
135 static uint16_t nb_rxd = RTE_TEST_RX_DESC_DEFAULT;
136 static uint16_t nb_txd = RTE_TEST_TX_DESC_DEFAULT;
138 /* ethernet addresses of ports */
139 static struct ether_addr ports_eth_addr[RTE_MAX_ETHPORTS];
141 /* mask of enabled ports */
142 static uint32_t enabled_port_mask;
143 static int promiscuous_on; /**< Ports set in promiscuous mode off by default. */
144 static int numa_on = 1; /**< NUMA is enabled by default. */
148 struct rte_mbuf *m_table[MAX_PKT_BURST];
151 struct lcore_rx_queue {
154 } __rte_cache_aligned;
156 #define MAX_RX_QUEUE_PER_LCORE 16
157 #define MAX_TX_QUEUE_PER_PORT RTE_MAX_ETHPORTS
158 #define MAX_RX_QUEUE_PER_PORT 128
160 #define MAX_LCORE_PARAMS 1024
161 struct lcore_params {
165 } __rte_cache_aligned;
167 static struct lcore_params lcore_params_array[MAX_LCORE_PARAMS];
168 static struct lcore_params lcore_params_array_default[] = {
180 static struct lcore_params *lcore_params = lcore_params_array_default;
181 static uint16_t nb_lcore_params = sizeof(lcore_params_array_default) /
182 sizeof(lcore_params_array_default[0]);
184 static struct rte_eth_conf port_conf = {
186 .mq_mode = ETH_MQ_RX_RSS,
187 .max_rx_pkt_len = ETHER_MAX_LEN,
189 .header_split = 0, /**< Header Split disabled */
190 .hw_ip_checksum = 1, /**< IP checksum offload enabled */
191 .hw_vlan_filter = 0, /**< VLAN filtering disabled */
192 .jumbo_frame = 0, /**< Jumbo Frame Support disabled */
193 .hw_strip_crc = 0, /**< CRC stripped by hardware */
198 .rss_hf = ETH_RSS_IPV4 | ETH_RSS_IPV4_TCP
200 | ETH_RSS_IPV6 | ETH_RSS_IPV6_EX
201 | ETH_RSS_IPV6_TCP | ETH_RSS_IPV6_TCP_EX
202 | ETH_RSS_IPV6_UDP | ETH_RSS_IPV6_UDP_EX,
206 .mq_mode = ETH_MQ_TX_NONE,
210 static const struct rte_eth_rxconf rx_conf = {
212 .pthresh = RX_PTHRESH,
213 .hthresh = RX_HTHRESH,
214 .wthresh = RX_WTHRESH,
216 .rx_free_thresh = 32,
219 static const struct rte_eth_txconf tx_conf = {
221 .pthresh = TX_PTHRESH,
222 .hthresh = TX_HTHRESH,
223 .wthresh = TX_WTHRESH,
225 .tx_free_thresh = 0, /* Use PMD default values */
226 .tx_rs_thresh = 0, /* Use PMD default values */
230 static struct rte_mempool *pktmbuf_pool[NB_SOCKETS];
232 /***********************start of ACL part******************************/
233 #ifdef DO_RFC_1812_CHECKS
235 is_valid_ipv4_pkt(struct ipv4_hdr *pkt, uint32_t link_len);
238 send_single_packet(struct rte_mbuf *m, uint8_t port);
240 #define MAX_ACL_RULE_NUM 100000
241 #define DEFAULT_MAX_CATEGORIES 1
242 #define L3FWD_ACL_IPV4_NAME "l3fwd-acl-ipv4"
243 #define L3FWD_ACL_IPV6_NAME "l3fwd-acl-ipv6"
244 #define ACL_LEAD_CHAR ('@')
245 #define ROUTE_LEAD_CHAR ('R')
246 #define COMMENT_LEAD_CHAR ('#')
247 #define OPTION_CONFIG "config"
248 #define OPTION_NONUMA "no-numa"
249 #define OPTION_ENBJMO "enable-jumbo"
250 #define OPTION_RULE_IPV4 "rule_ipv4"
251 #define OPTION_RULE_IPV6 "rule_ipv6"
252 #define OPTION_SCALAR "scalar"
253 #define ACL_DENY_SIGNATURE 0xf0000000
254 #define RTE_LOGTYPE_L3FWDACL RTE_LOGTYPE_USER3
255 #define acl_log(format, ...) RTE_LOG(ERR, L3FWDACL, format, ##__VA_ARGS__)
256 #define uint32_t_to_char(ip, a, b, c, d) do {\
257 *a = (unsigned char)(ip >> 24 & 0xff);\
258 *b = (unsigned char)(ip >> 16 & 0xff);\
259 *c = (unsigned char)(ip >> 8 & 0xff);\
260 *d = (unsigned char)(ip & 0xff);\
262 #define OFF_ETHHEAD (sizeof(struct ether_hdr))
263 #define OFF_IPV42PROTO (offsetof(struct ipv4_hdr, next_proto_id))
264 #define OFF_IPV62PROTO (offsetof(struct ipv6_hdr, proto))
265 #define MBUF_IPV4_2PROTO(m) \
266 (rte_pktmbuf_mtod((m), uint8_t *) + OFF_ETHHEAD + OFF_IPV42PROTO)
267 #define MBUF_IPV6_2PROTO(m) \
268 (rte_pktmbuf_mtod((m), uint8_t *) + OFF_ETHHEAD + OFF_IPV62PROTO)
270 #define GET_CB_FIELD(in, fd, base, lim, dlm) do { \
274 val = strtoul((in), &end, (base)); \
275 if (errno != 0 || end[0] != (dlm) || val > (lim)) \
277 (fd) = (typeof(fd))val; \
281 #define CLASSIFY(context, data, res, num, cat) do { \
283 rte_acl_classify_scalar((context), (data), \
284 (res), (num), (cat)); \
286 rte_acl_classify((context), (data), \
287 (res), (num), (cat)); \
291 * ACL rules should have higher priorities than route ones to ensure ACL rule
292 * always be found when input packets have multi-matches in the database.
293 * A exception case is performance measure, which can define route rules with
294 * higher priority and route rules will always be returned in each lookup.
295 * Reserve range from ACL_RULE_PRIORITY_MAX + 1 to
296 * RTE_ACL_MAX_PRIORITY for route entries in performance measure
298 #define ACL_RULE_PRIORITY_MAX 0x10000000
301 * Forward port info save in ACL lib starts from 1
302 * since ACL assume 0 is invalid.
303 * So, need add 1 when saving and minus 1 when forwarding packets.
305 #define FWD_PORT_SHIFT 1
308 * Rule and trace formats definitions.
320 struct rte_acl_field_def ipv4_defs[NUM_FIELDS_IPV4] = {
322 .type = RTE_ACL_FIELD_TYPE_BITMASK,
323 .size = sizeof(uint8_t),
324 .field_index = PROTO_FIELD_IPV4,
325 .input_index = RTE_ACL_IPV4VLAN_PROTO,
329 .type = RTE_ACL_FIELD_TYPE_MASK,
330 .size = sizeof(uint32_t),
331 .field_index = SRC_FIELD_IPV4,
332 .input_index = RTE_ACL_IPV4VLAN_SRC,
333 .offset = offsetof(struct ipv4_hdr, src_addr) -
334 offsetof(struct ipv4_hdr, next_proto_id),
337 .type = RTE_ACL_FIELD_TYPE_MASK,
338 .size = sizeof(uint32_t),
339 .field_index = DST_FIELD_IPV4,
340 .input_index = RTE_ACL_IPV4VLAN_DST,
341 .offset = offsetof(struct ipv4_hdr, dst_addr) -
342 offsetof(struct ipv4_hdr, next_proto_id),
345 .type = RTE_ACL_FIELD_TYPE_RANGE,
346 .size = sizeof(uint16_t),
347 .field_index = SRCP_FIELD_IPV4,
348 .input_index = RTE_ACL_IPV4VLAN_PORTS,
349 .offset = sizeof(struct ipv4_hdr) -
350 offsetof(struct ipv4_hdr, next_proto_id),
353 .type = RTE_ACL_FIELD_TYPE_RANGE,
354 .size = sizeof(uint16_t),
355 .field_index = DSTP_FIELD_IPV4,
356 .input_index = RTE_ACL_IPV4VLAN_PORTS,
357 .offset = sizeof(struct ipv4_hdr) -
358 offsetof(struct ipv4_hdr, next_proto_id) +
363 #define IPV6_ADDR_LEN 16
364 #define IPV6_ADDR_U16 (IPV6_ADDR_LEN / sizeof(uint16_t))
365 #define IPV6_ADDR_U32 (IPV6_ADDR_LEN / sizeof(uint32_t))
382 struct rte_acl_field_def ipv6_defs[NUM_FIELDS_IPV6] = {
384 .type = RTE_ACL_FIELD_TYPE_BITMASK,
385 .size = sizeof(uint8_t),
386 .field_index = PROTO_FIELD_IPV6,
387 .input_index = PROTO_FIELD_IPV6,
391 .type = RTE_ACL_FIELD_TYPE_MASK,
392 .size = sizeof(uint32_t),
393 .field_index = SRC1_FIELD_IPV6,
394 .input_index = SRC1_FIELD_IPV6,
395 .offset = offsetof(struct ipv6_hdr, src_addr) -
396 offsetof(struct ipv6_hdr, proto),
399 .type = RTE_ACL_FIELD_TYPE_MASK,
400 .size = sizeof(uint32_t),
401 .field_index = SRC2_FIELD_IPV6,
402 .input_index = SRC2_FIELD_IPV6,
403 .offset = offsetof(struct ipv6_hdr, src_addr) -
404 offsetof(struct ipv6_hdr, proto) + sizeof(uint32_t),
407 .type = RTE_ACL_FIELD_TYPE_MASK,
408 .size = sizeof(uint32_t),
409 .field_index = SRC3_FIELD_IPV6,
410 .input_index = SRC3_FIELD_IPV6,
411 .offset = offsetof(struct ipv6_hdr, src_addr) -
412 offsetof(struct ipv6_hdr, proto) + 2 * sizeof(uint32_t),
415 .type = RTE_ACL_FIELD_TYPE_MASK,
416 .size = sizeof(uint32_t),
417 .field_index = SRC4_FIELD_IPV6,
418 .input_index = SRC4_FIELD_IPV6,
419 .offset = offsetof(struct ipv6_hdr, src_addr) -
420 offsetof(struct ipv6_hdr, proto) + 3 * sizeof(uint32_t),
423 .type = RTE_ACL_FIELD_TYPE_MASK,
424 .size = sizeof(uint32_t),
425 .field_index = DST1_FIELD_IPV6,
426 .input_index = DST1_FIELD_IPV6,
427 .offset = offsetof(struct ipv6_hdr, dst_addr)
428 - offsetof(struct ipv6_hdr, proto),
431 .type = RTE_ACL_FIELD_TYPE_MASK,
432 .size = sizeof(uint32_t),
433 .field_index = DST2_FIELD_IPV6,
434 .input_index = DST2_FIELD_IPV6,
435 .offset = offsetof(struct ipv6_hdr, dst_addr) -
436 offsetof(struct ipv6_hdr, proto) + sizeof(uint32_t),
439 .type = RTE_ACL_FIELD_TYPE_MASK,
440 .size = sizeof(uint32_t),
441 .field_index = DST3_FIELD_IPV6,
442 .input_index = DST3_FIELD_IPV6,
443 .offset = offsetof(struct ipv6_hdr, dst_addr) -
444 offsetof(struct ipv6_hdr, proto) + 2 * sizeof(uint32_t),
447 .type = RTE_ACL_FIELD_TYPE_MASK,
448 .size = sizeof(uint32_t),
449 .field_index = DST4_FIELD_IPV6,
450 .input_index = DST4_FIELD_IPV6,
451 .offset = offsetof(struct ipv6_hdr, dst_addr) -
452 offsetof(struct ipv6_hdr, proto) + 3 * sizeof(uint32_t),
455 .type = RTE_ACL_FIELD_TYPE_RANGE,
456 .size = sizeof(uint16_t),
457 .field_index = SRCP_FIELD_IPV6,
458 .input_index = SRCP_FIELD_IPV6,
459 .offset = sizeof(struct ipv6_hdr) -
460 offsetof(struct ipv6_hdr, proto),
463 .type = RTE_ACL_FIELD_TYPE_RANGE,
464 .size = sizeof(uint16_t),
465 .field_index = DSTP_FIELD_IPV6,
466 .input_index = SRCP_FIELD_IPV6,
467 .offset = sizeof(struct ipv6_hdr) -
468 offsetof(struct ipv6_hdr, proto) + sizeof(uint16_t),
477 CB_FLD_SRC_PORT_HIGH,
480 CB_FLD_DST_PORT_HIGH,
486 RTE_ACL_RULE_DEF(acl4_rule, RTE_DIM(ipv4_defs));
487 RTE_ACL_RULE_DEF(acl6_rule, RTE_DIM(ipv6_defs));
489 struct acl_search_t {
490 const uint8_t *data_ipv4[MAX_PKT_BURST];
491 struct rte_mbuf *m_ipv4[MAX_PKT_BURST];
492 uint32_t res_ipv4[MAX_PKT_BURST];
495 const uint8_t *data_ipv6[MAX_PKT_BURST];
496 struct rte_mbuf *m_ipv6[MAX_PKT_BURST];
497 uint32_t res_ipv6[MAX_PKT_BURST];
502 char mapped[NB_SOCKETS];
503 struct rte_acl_ctx *acx_ipv4[NB_SOCKETS];
504 struct rte_acl_ctx *acx_ipv6[NB_SOCKETS];
505 #ifdef L3FWDACL_DEBUG
506 struct acl4_rule *rule_ipv4;
507 struct acl6_rule *rule_ipv6;
512 const char *rule_ipv4_name;
513 const char *rule_ipv6_name;
517 const char cb_port_delim[] = ":";
520 print_one_ipv4_rule(struct acl4_rule *rule, int extra)
522 unsigned char a, b, c, d;
524 uint32_t_to_char(rule->field[SRC_FIELD_IPV4].value.u32,
526 printf("%hhu.%hhu.%hhu.%hhu/%u ", a, b, c, d,
527 rule->field[SRC_FIELD_IPV4].mask_range.u32);
528 uint32_t_to_char(rule->field[DST_FIELD_IPV4].value.u32,
530 printf("%hhu.%hhu.%hhu.%hhu/%u ", a, b, c, d,
531 rule->field[DST_FIELD_IPV4].mask_range.u32);
532 printf("%hu : %hu %hu : %hu 0x%hhx/0x%hhx ",
533 rule->field[SRCP_FIELD_IPV4].value.u16,
534 rule->field[SRCP_FIELD_IPV4].mask_range.u16,
535 rule->field[DSTP_FIELD_IPV4].value.u16,
536 rule->field[DSTP_FIELD_IPV4].mask_range.u16,
537 rule->field[PROTO_FIELD_IPV4].value.u8,
538 rule->field[PROTO_FIELD_IPV4].mask_range.u8);
540 printf("0x%x-0x%x-0x%x ",
541 rule->data.category_mask,
543 rule->data.userdata);
547 print_one_ipv6_rule(struct acl6_rule *rule, int extra)
549 unsigned char a, b, c, d;
551 uint32_t_to_char(rule->field[SRC1_FIELD_IPV6].value.u32,
553 printf("%.2x%.2x:%.2x%.2x", a, b, c, d);
554 uint32_t_to_char(rule->field[SRC2_FIELD_IPV6].value.u32,
556 printf(":%.2x%.2x:%.2x%.2x", a, b, c, d);
557 uint32_t_to_char(rule->field[SRC3_FIELD_IPV6].value.u32,
559 printf(":%.2x%.2x:%.2x%.2x", a, b, c, d);
560 uint32_t_to_char(rule->field[SRC4_FIELD_IPV6].value.u32,
562 printf(":%.2x%.2x:%.2x%.2x/%u ", a, b, c, d,
563 rule->field[SRC1_FIELD_IPV6].mask_range.u32
564 + rule->field[SRC2_FIELD_IPV6].mask_range.u32
565 + rule->field[SRC3_FIELD_IPV6].mask_range.u32
566 + rule->field[SRC4_FIELD_IPV6].mask_range.u32);
568 uint32_t_to_char(rule->field[DST1_FIELD_IPV6].value.u32,
570 printf("%.2x%.2x:%.2x%.2x", a, b, c, d);
571 uint32_t_to_char(rule->field[DST2_FIELD_IPV6].value.u32,
573 printf(":%.2x%.2x:%.2x%.2x", a, b, c, d);
574 uint32_t_to_char(rule->field[DST3_FIELD_IPV6].value.u32,
576 printf(":%.2x%.2x:%.2x%.2x", a, b, c, d);
577 uint32_t_to_char(rule->field[DST4_FIELD_IPV6].value.u32,
579 printf(":%.2x%.2x:%.2x%.2x/%u ", a, b, c, d,
580 rule->field[DST1_FIELD_IPV6].mask_range.u32
581 + rule->field[DST2_FIELD_IPV6].mask_range.u32
582 + rule->field[DST3_FIELD_IPV6].mask_range.u32
583 + rule->field[DST4_FIELD_IPV6].mask_range.u32);
585 printf("%hu : %hu %hu : %hu 0x%hhx/0x%hhx ",
586 rule->field[SRCP_FIELD_IPV6].value.u16,
587 rule->field[SRCP_FIELD_IPV6].mask_range.u16,
588 rule->field[DSTP_FIELD_IPV6].value.u16,
589 rule->field[DSTP_FIELD_IPV6].mask_range.u16,
590 rule->field[PROTO_FIELD_IPV6].value.u8,
591 rule->field[PROTO_FIELD_IPV6].mask_range.u8);
593 printf("0x%x-0x%x-0x%x ",
594 rule->data.category_mask,
596 rule->data.userdata);
599 /* Bypass comment and empty lines */
601 is_bypass_line(char *buff)
606 if (buff[0] == COMMENT_LEAD_CHAR)
609 while (buff[i] != '\0') {
610 if (!isspace(buff[i]))
617 #ifdef L3FWDACL_DEBUG
619 dump_acl4_rule(struct rte_mbuf *m, uint32_t sig)
621 uint32_t offset = sig & ~ACL_DENY_SIGNATURE;
622 unsigned char a, b, c, d;
623 struct ipv4_hdr *ipv4_hdr = (struct ipv4_hdr *)
624 (rte_pktmbuf_mtod(m, unsigned char *) +
625 sizeof(struct ether_hdr));
627 uint32_t_to_char(rte_bswap32(ipv4_hdr->src_addr), &a, &b, &c, &d);
628 printf("Packet Src:%hhu.%hhu.%hhu.%hhu ", a, b, c, d);
629 uint32_t_to_char(rte_bswap32(ipv4_hdr->dst_addr), &a, &b, &c, &d);
630 printf("Dst:%hhu.%hhu.%hhu.%hhu ", a, b, c, d);
632 printf("Src port:%hu,Dst port:%hu ",
633 rte_bswap16(*(uint16_t *)(ipv4_hdr + 1)),
634 rte_bswap16(*((uint16_t *)(ipv4_hdr + 1) + 1)));
635 printf("hit ACL %d - ", offset);
637 print_one_ipv4_rule(acl_config.rule_ipv4 + offset, 1);
643 dump_acl6_rule(struct rte_mbuf *m, uint32_t sig)
646 uint32_t offset = sig & ~ACL_DENY_SIGNATURE;
647 struct ipv6_hdr *ipv6_hdr = (struct ipv6_hdr *)
648 (rte_pktmbuf_mtod(m, unsigned char *) +
649 sizeof(struct ether_hdr));
651 printf("Packet Src");
652 for (i = 0; i < RTE_DIM(ipv6_hdr->src_addr); i += sizeof(uint16_t))
654 ipv6_hdr->src_addr[i], ipv6_hdr->src_addr[i + 1]);
657 for (i = 0; i < RTE_DIM(ipv6_hdr->dst_addr); i += sizeof(uint16_t))
659 ipv6_hdr->dst_addr[i], ipv6_hdr->dst_addr[i + 1]);
661 printf("\nSrc port:%hu,Dst port:%hu ",
662 rte_bswap16(*(uint16_t *)(ipv6_hdr + 1)),
663 rte_bswap16(*((uint16_t *)(ipv6_hdr + 1) + 1)));
664 printf("hit ACL %d - ", offset);
666 print_one_ipv6_rule(acl_config.rule_ipv6 + offset, 1);
670 #endif /* L3FWDACL_DEBUG */
673 dump_ipv4_rules(struct acl4_rule *rule, int num, int extra)
677 for (i = 0; i < num; i++, rule++) {
678 printf("\t%d:", i + 1);
679 print_one_ipv4_rule(rule, extra);
685 dump_ipv6_rules(struct acl6_rule *rule, int num, int extra)
689 for (i = 0; i < num; i++, rule++) {
690 printf("\t%d:", i + 1);
691 print_one_ipv6_rule(rule, extra);
696 #ifdef DO_RFC_1812_CHECKS
698 prepare_one_packet(struct rte_mbuf **pkts_in, struct acl_search_t *acl,
701 struct ipv4_hdr *ipv4_hdr;
702 struct rte_mbuf *pkt = pkts_in[index];
704 int type = pkt->ol_flags & (PKT_RX_IPV4_HDR | PKT_RX_IPV6_HDR);
706 if (type == PKT_RX_IPV4_HDR) {
708 ipv4_hdr = (struct ipv4_hdr *)(rte_pktmbuf_mtod(pkt,
709 unsigned char *) + sizeof(struct ether_hdr));
711 /* Check to make sure the packet is valid (RFC1812) */
712 if (is_valid_ipv4_pkt(ipv4_hdr, pkt->pkt.pkt_len) >= 0) {
714 /* Update time to live and header checksum */
715 --(ipv4_hdr->time_to_live);
716 ++(ipv4_hdr->hdr_checksum);
718 /* Fill acl structure */
719 acl->data_ipv4[acl->num_ipv4] = MBUF_IPV4_2PROTO(pkt);
720 acl->m_ipv4[(acl->num_ipv4)++] = pkt;
723 /* Not a valid IPv4 packet */
724 rte_pktmbuf_free(pkt);
727 } else if (type == PKT_RX_IPV6_HDR) {
729 /* Fill acl structure */
730 acl->data_ipv6[acl->num_ipv6] = MBUF_IPV6_2PROTO(pkt);
731 acl->m_ipv6[(acl->num_ipv6)++] = pkt;
734 /* Unknown type, drop the packet */
735 rte_pktmbuf_free(pkt);
741 prepare_one_packet(struct rte_mbuf **pkts_in, struct acl_search_t *acl,
744 struct rte_mbuf *pkt = pkts_in[index];
746 int type = pkt->ol_flags & (PKT_RX_IPV4_HDR | PKT_RX_IPV6_HDR);
748 if (type == PKT_RX_IPV4_HDR) {
750 /* Fill acl structure */
751 acl->data_ipv4[acl->num_ipv4] = MBUF_IPV4_2PROTO(pkt);
752 acl->m_ipv4[(acl->num_ipv4)++] = pkt;
755 } else if (type == PKT_RX_IPV6_HDR) {
757 /* Fill acl structure */
758 acl->data_ipv6[acl->num_ipv6] = MBUF_IPV6_2PROTO(pkt);
759 acl->m_ipv6[(acl->num_ipv6)++] = pkt;
761 /* Unknown type, drop the packet */
762 rte_pktmbuf_free(pkt);
765 #endif /* DO_RFC_1812_CHECKS */
768 prepare_acl_parameter(struct rte_mbuf **pkts_in, struct acl_search_t *acl,
776 /* Prefetch first packets */
777 for (i = 0; i < PREFETCH_OFFSET && i < nb_rx; i++) {
778 rte_prefetch0(rte_pktmbuf_mtod(
779 pkts_in[i], void *));
782 for (i = 0; i < (nb_rx - PREFETCH_OFFSET); i++) {
783 rte_prefetch0(rte_pktmbuf_mtod(pkts_in[
784 i + PREFETCH_OFFSET], void *));
785 prepare_one_packet(pkts_in, acl, i);
788 /* Process left packets */
789 for (; i < nb_rx; i++)
790 prepare_one_packet(pkts_in, acl, i);
794 send_one_packet(struct rte_mbuf *m, uint32_t res)
796 if (likely((res & ACL_DENY_SIGNATURE) == 0 && res != 0)) {
797 /* forward packets */
798 send_single_packet(m,
799 (uint8_t)(res - FWD_PORT_SHIFT));
801 /* in the ACL list, drop it */
802 #ifdef L3FWDACL_DEBUG
803 if ((res & ACL_DENY_SIGNATURE) != 0) {
804 if (m->ol_flags & PKT_RX_IPV4_HDR)
805 dump_acl4_rule(m, res);
807 dump_acl6_rule(m, res);
817 send_packets(struct rte_mbuf **m, uint32_t *res, int num)
821 /* Prefetch first packets */
822 for (i = 0; i < PREFETCH_OFFSET && i < num; i++) {
823 rte_prefetch0(rte_pktmbuf_mtod(
827 for (i = 0; i < (num - PREFETCH_OFFSET); i++) {
828 rte_prefetch0(rte_pktmbuf_mtod(m[
829 i + PREFETCH_OFFSET], void *));
830 send_one_packet(m[i], res[i]);
833 /* Process left packets */
835 send_one_packet(m[i], res[i]);
839 * Parses IPV6 address, exepcts the following format:
840 * XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX (where X - is a hexedecimal digit).
843 parse_ipv6_addr(const char *in, const char **end, uint32_t v[IPV6_ADDR_U32],
846 uint32_t addr[IPV6_ADDR_U16];
848 GET_CB_FIELD(in, addr[0], 16, UINT16_MAX, ':');
849 GET_CB_FIELD(in, addr[1], 16, UINT16_MAX, ':');
850 GET_CB_FIELD(in, addr[2], 16, UINT16_MAX, ':');
851 GET_CB_FIELD(in, addr[3], 16, UINT16_MAX, ':');
852 GET_CB_FIELD(in, addr[4], 16, UINT16_MAX, ':');
853 GET_CB_FIELD(in, addr[5], 16, UINT16_MAX, ':');
854 GET_CB_FIELD(in, addr[6], 16, UINT16_MAX, ':');
855 GET_CB_FIELD(in, addr[7], 16, UINT16_MAX, dlm);
859 v[0] = (addr[0] << 16) + addr[1];
860 v[1] = (addr[2] << 16) + addr[3];
861 v[2] = (addr[4] << 16) + addr[5];
862 v[3] = (addr[6] << 16) + addr[7];
868 parse_ipv6_net(const char *in, struct rte_acl_field field[4])
873 const uint32_t nbu32 = sizeof(uint32_t) * CHAR_BIT;
876 rc = parse_ipv6_addr(in, &mp, v, '/');
881 GET_CB_FIELD(mp, m, 0, CHAR_BIT * sizeof(v), 0);
883 /* put all together. */
884 for (i = 0; i != RTE_DIM(v); i++) {
885 if (m >= (i + 1) * nbu32)
886 field[i].mask_range.u32 = nbu32;
888 field[i].mask_range.u32 = m > (i * nbu32) ?
891 field[i].value.u32 = v[i];
898 parse_cb_ipv6_rule(char *str, struct rte_acl_rule *v, int has_userdata)
901 char *s, *sp, *in[CB_FLD_NUM];
902 static const char *dlm = " \t\n";
903 int dim = has_userdata ? CB_FLD_NUM : CB_FLD_USERDATA;
906 for (i = 0; i != dim; i++, s = NULL) {
907 in[i] = strtok_r(s, dlm, &sp);
912 rc = parse_ipv6_net(in[CB_FLD_SRC_ADDR], v->field + SRC1_FIELD_IPV6);
914 acl_log("failed to read source address/mask: %s\n",
915 in[CB_FLD_SRC_ADDR]);
919 rc = parse_ipv6_net(in[CB_FLD_DST_ADDR], v->field + DST1_FIELD_IPV6);
921 acl_log("failed to read destination address/mask: %s\n",
922 in[CB_FLD_DST_ADDR]);
927 GET_CB_FIELD(in[CB_FLD_SRC_PORT_LOW],
928 v->field[SRCP_FIELD_IPV6].value.u16,
930 GET_CB_FIELD(in[CB_FLD_SRC_PORT_HIGH],
931 v->field[SRCP_FIELD_IPV6].mask_range.u16,
934 if (strncmp(in[CB_FLD_SRC_PORT_DLM], cb_port_delim,
935 sizeof(cb_port_delim)) != 0)
938 /* destination port. */
939 GET_CB_FIELD(in[CB_FLD_DST_PORT_LOW],
940 v->field[DSTP_FIELD_IPV6].value.u16,
942 GET_CB_FIELD(in[CB_FLD_DST_PORT_HIGH],
943 v->field[DSTP_FIELD_IPV6].mask_range.u16,
946 if (strncmp(in[CB_FLD_DST_PORT_DLM], cb_port_delim,
947 sizeof(cb_port_delim)) != 0)
950 if (v->field[SRCP_FIELD_IPV6].mask_range.u16
951 < v->field[SRCP_FIELD_IPV6].value.u16
952 || v->field[DSTP_FIELD_IPV6].mask_range.u16
953 < v->field[DSTP_FIELD_IPV6].value.u16)
956 GET_CB_FIELD(in[CB_FLD_PROTO], v->field[PROTO_FIELD_IPV6].value.u8,
958 GET_CB_FIELD(in[CB_FLD_PROTO], v->field[PROTO_FIELD_IPV6].mask_range.u8,
962 GET_CB_FIELD(in[CB_FLD_USERDATA], v->data.userdata,
969 * Parse ClassBench rules file.
971 * '@'<src_ipv4_addr>'/'<masklen> <space> \
972 * <dst_ipv4_addr>'/'<masklen> <space> \
973 * <src_port_low> <space> ":" <src_port_high> <space> \
974 * <dst_port_low> <space> ":" <dst_port_high> <space> \
978 parse_ipv4_net(const char *in, uint32_t *addr, uint32_t *mask_len)
980 uint8_t a, b, c, d, m;
982 GET_CB_FIELD(in, a, 0, UINT8_MAX, '.');
983 GET_CB_FIELD(in, b, 0, UINT8_MAX, '.');
984 GET_CB_FIELD(in, c, 0, UINT8_MAX, '.');
985 GET_CB_FIELD(in, d, 0, UINT8_MAX, '/');
986 GET_CB_FIELD(in, m, 0, sizeof(uint32_t) * CHAR_BIT, 0);
988 addr[0] = IPv4(a, b, c, d);
995 parse_cb_ipv4vlan_rule(char *str, struct rte_acl_rule *v, int has_userdata)
998 char *s, *sp, *in[CB_FLD_NUM];
999 static const char *dlm = " \t\n";
1000 int dim = has_userdata ? CB_FLD_NUM : CB_FLD_USERDATA;
1003 for (i = 0; i != dim; i++, s = NULL) {
1004 in[i] = strtok_r(s, dlm, &sp);
1009 rc = parse_ipv4_net(in[CB_FLD_SRC_ADDR],
1010 &v->field[SRC_FIELD_IPV4].value.u32,
1011 &v->field[SRC_FIELD_IPV4].mask_range.u32);
1013 acl_log("failed to read source address/mask: %s\n",
1014 in[CB_FLD_SRC_ADDR]);
1018 rc = parse_ipv4_net(in[CB_FLD_DST_ADDR],
1019 &v->field[DST_FIELD_IPV4].value.u32,
1020 &v->field[DST_FIELD_IPV4].mask_range.u32);
1022 acl_log("failed to read destination address/mask: %s\n",
1023 in[CB_FLD_DST_ADDR]);
1027 GET_CB_FIELD(in[CB_FLD_SRC_PORT_LOW],
1028 v->field[SRCP_FIELD_IPV4].value.u16,
1030 GET_CB_FIELD(in[CB_FLD_SRC_PORT_HIGH],
1031 v->field[SRCP_FIELD_IPV4].mask_range.u16,
1034 if (strncmp(in[CB_FLD_SRC_PORT_DLM], cb_port_delim,
1035 sizeof(cb_port_delim)) != 0)
1038 GET_CB_FIELD(in[CB_FLD_DST_PORT_LOW],
1039 v->field[DSTP_FIELD_IPV4].value.u16,
1041 GET_CB_FIELD(in[CB_FLD_DST_PORT_HIGH],
1042 v->field[DSTP_FIELD_IPV4].mask_range.u16,
1045 if (strncmp(in[CB_FLD_DST_PORT_DLM], cb_port_delim,
1046 sizeof(cb_port_delim)) != 0)
1049 if (v->field[SRCP_FIELD_IPV4].mask_range.u16
1050 < v->field[SRCP_FIELD_IPV4].value.u16
1051 || v->field[DSTP_FIELD_IPV4].mask_range.u16
1052 < v->field[DSTP_FIELD_IPV4].value.u16)
1055 GET_CB_FIELD(in[CB_FLD_PROTO], v->field[PROTO_FIELD_IPV4].value.u8,
1057 GET_CB_FIELD(in[CB_FLD_PROTO], v->field[PROTO_FIELD_IPV4].mask_range.u8,
1061 GET_CB_FIELD(in[CB_FLD_USERDATA], v->data.userdata, 0,
1068 add_rules(const char *rule_path,
1069 struct rte_acl_rule **proute_base,
1070 unsigned int *proute_num,
1071 struct rte_acl_rule **pacl_base,
1072 unsigned int *pacl_num, uint32_t rule_size,
1073 int (*parser)(char *, struct rte_acl_rule*, int))
1075 uint8_t *acl_rules, *route_rules;
1076 struct rte_acl_rule *next;
1077 unsigned int acl_num = 0, route_num = 0, total_num = 0;
1078 unsigned int acl_cnt = 0, route_cnt = 0;
1079 char buff[LINE_MAX];
1080 FILE *fh = fopen(rule_path, "rb");
1084 rte_exit(EXIT_FAILURE, "%s: Open %s failed\n", __func__,
1087 while ((fgets(buff, LINE_MAX, fh) != NULL)) {
1088 if (buff[0] == ROUTE_LEAD_CHAR)
1090 else if (buff[0] == ACL_LEAD_CHAR)
1095 rte_exit(EXIT_FAILURE, "Not find any route entries in %s!\n",
1098 fseek(fh, 0, SEEK_SET);
1100 acl_rules = (uint8_t *)calloc(acl_num, rule_size);
1102 if (NULL == acl_rules)
1103 rte_exit(EXIT_FAILURE, "%s: failed to malloc memory\n",
1106 route_rules = (uint8_t *)calloc(route_num, rule_size);
1108 if (NULL == route_rules)
1109 rte_exit(EXIT_FAILURE, "%s: failed to malloc memory\n",
1113 while (fgets(buff, LINE_MAX, fh) != NULL) {
1116 if (is_bypass_line(buff))
1122 if (s == ROUTE_LEAD_CHAR)
1123 next = (struct rte_acl_rule *)(route_rules +
1124 route_cnt * rule_size);
1127 else if (s == ACL_LEAD_CHAR)
1128 next = (struct rte_acl_rule *)(acl_rules +
1129 acl_cnt * rule_size);
1133 rte_exit(EXIT_FAILURE,
1134 "%s Line %u: should start with leading "
1136 rule_path, i, ROUTE_LEAD_CHAR, ACL_LEAD_CHAR);
1138 if (parser(buff + 1, next, s == ROUTE_LEAD_CHAR) != 0)
1139 rte_exit(EXIT_FAILURE,
1140 "%s Line %u: parse rules error\n",
1143 if (s == ROUTE_LEAD_CHAR) {
1144 /* Check the forwarding port number */
1145 if ((enabled_port_mask & (1 << next->data.userdata)) ==
1147 rte_exit(EXIT_FAILURE,
1148 "%s Line %u: fwd number illegal:%u\n",
1149 rule_path, i, next->data.userdata);
1150 next->data.userdata += FWD_PORT_SHIFT;
1153 next->data.userdata = ACL_DENY_SIGNATURE + acl_cnt;
1157 next->data.priority = RTE_ACL_MAX_PRIORITY - total_num;
1158 next->data.category_mask = -1;
1164 *pacl_base = (struct rte_acl_rule *)acl_rules;
1165 *pacl_num = acl_num;
1166 *proute_base = (struct rte_acl_rule *)route_rules;
1167 *proute_num = route_cnt;
1173 dump_acl_config(void)
1175 printf("ACL option are:\n");
1176 printf(OPTION_RULE_IPV4": %s\n", parm_config.rule_ipv4_name);
1177 printf(OPTION_RULE_IPV6": %s\n", parm_config.rule_ipv6_name);
1178 printf(OPTION_SCALAR": %d\n", parm_config.scalar);
1182 check_acl_config(void)
1184 if (parm_config.rule_ipv4_name == NULL) {
1185 acl_log("ACL IPv4 rule file not specified\n");
1187 } else if (parm_config.rule_ipv6_name == NULL) {
1188 acl_log("ACL IPv6 rule file not specified\n");
1195 static struct rte_acl_ctx*
1196 setup_acl(struct rte_acl_rule *route_base,
1197 struct rte_acl_rule *acl_base, unsigned int route_num,
1198 unsigned int acl_num, int ipv6, int socketid)
1200 char name[PATH_MAX];
1201 struct rte_acl_param acl_param;
1202 struct rte_acl_config acl_build_param;
1203 struct rte_acl_ctx *context;
1204 int dim = ipv6 ? RTE_DIM(ipv6_defs) : RTE_DIM(ipv4_defs);
1206 /* Create ACL contexts */
1207 rte_snprintf(name, sizeof(name), "%s%d",
1208 ipv6 ? L3FWD_ACL_IPV6_NAME : L3FWD_ACL_IPV4_NAME,
1211 acl_param.name = name;
1212 acl_param.socket_id = socketid;
1213 acl_param.rule_size = RTE_ACL_RULE_SZ(dim);
1214 acl_param.max_rule_num = MAX_ACL_RULE_NUM;
1216 if ((context = rte_acl_create(&acl_param)) == NULL)
1217 rte_exit(EXIT_FAILURE, "Failed to create ACL context\n");
1219 if (rte_acl_add_rules(context, route_base, route_num) < 0)
1220 rte_exit(EXIT_FAILURE, "add rules failed\n");
1222 if (rte_acl_add_rules(context, acl_base, acl_num) < 0)
1223 rte_exit(EXIT_FAILURE, "add rules failed\n");
1225 /* Perform builds */
1226 acl_build_param.num_categories = DEFAULT_MAX_CATEGORIES;
1228 acl_build_param.num_fields = dim;
1229 memcpy(&acl_build_param.defs, ipv6 ? ipv6_defs : ipv4_defs,
1230 ipv6 ? sizeof(ipv6_defs) : sizeof(ipv4_defs));
1232 if (rte_acl_build(context, &acl_build_param) != 0)
1233 rte_exit(EXIT_FAILURE, "Failed to build ACL trie\n");
1235 rte_acl_dump(context);
1246 struct rte_acl_rule *acl_base_ipv4, *route_base_ipv4,
1247 *acl_base_ipv6, *route_base_ipv6;
1248 unsigned int acl_num_ipv4 = 0, route_num_ipv4 = 0,
1249 acl_num_ipv6 = 0, route_num_ipv6 = 0;
1251 if (check_acl_config() != 0)
1252 rte_exit(EXIT_FAILURE, "Failed to get valid ACL options\n");
1256 /* Load rules from the input file */
1257 if (add_rules(parm_config.rule_ipv4_name, &route_base_ipv4,
1258 &route_num_ipv4, &acl_base_ipv4, &acl_num_ipv4,
1259 sizeof(struct acl4_rule), &parse_cb_ipv4vlan_rule) < 0)
1260 rte_exit(EXIT_FAILURE, "Failed to add rules\n");
1262 acl_log("IPv4 Route entries %u:\n", route_num_ipv4);
1263 dump_ipv4_rules((struct acl4_rule *)route_base_ipv4, route_num_ipv4, 1);
1265 acl_log("IPv4 ACL entries %u:\n", acl_num_ipv4);
1266 dump_ipv4_rules((struct acl4_rule *)acl_base_ipv4, acl_num_ipv4, 1);
1268 if (add_rules(parm_config.rule_ipv6_name, &route_base_ipv6,
1270 &acl_base_ipv6, &acl_num_ipv6,
1271 sizeof(struct acl6_rule), &parse_cb_ipv6_rule) < 0)
1272 rte_exit(EXIT_FAILURE, "Failed to add rules\n");
1274 acl_log("IPv6 Route entries %u:\n", route_num_ipv6);
1275 dump_ipv6_rules((struct acl6_rule *)route_base_ipv6, route_num_ipv6, 1);
1277 acl_log("IPv6 ACL entries %u:\n", acl_num_ipv6);
1278 dump_ipv6_rules((struct acl6_rule *)acl_base_ipv6, acl_num_ipv6, 1);
1280 memset(&acl_config, 0, sizeof(acl_config));
1282 /* Check sockets a context should be created on */
1284 acl_config.mapped[0] = 1;
1286 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
1287 if (rte_lcore_is_enabled(lcore_id) == 0)
1290 socketid = rte_lcore_to_socket_id(lcore_id);
1291 if (socketid >= NB_SOCKETS) {
1292 acl_log("Socket %d of lcore %u is out "
1294 socketid, lcore_id, NB_SOCKETS);
1298 acl_config.mapped[socketid] = 1;
1302 for (i = 0; i < NB_SOCKETS; i++) {
1303 if (acl_config.mapped[i]) {
1304 acl_config.acx_ipv4[i] = setup_acl(route_base_ipv4,
1305 acl_base_ipv4, route_num_ipv4, acl_num_ipv4,
1308 acl_config.acx_ipv6[i] = setup_acl(route_base_ipv6,
1309 acl_base_ipv6, route_num_ipv6, acl_num_ipv6,
1314 free(route_base_ipv4);
1315 free(route_base_ipv6);
1317 #ifdef L3FWDACL_DEBUG
1318 acl_config.rule_ipv4 = (struct acl4_rule *)acl_base_ipv4;
1319 acl_config.rule_ipv6 = (struct acl6_rule *)acl_base_ipv6;
1321 free(acl_base_ipv4);
1322 free(acl_base_ipv6);
1328 /***********************end of ACL part******************************/
1331 uint16_t n_rx_queue;
1332 struct lcore_rx_queue rx_queue_list[MAX_RX_QUEUE_PER_LCORE];
1333 uint16_t tx_queue_id[RTE_MAX_ETHPORTS];
1334 struct mbuf_table tx_mbufs[RTE_MAX_ETHPORTS];
1335 } __rte_cache_aligned;
1337 static struct lcore_conf lcore_conf[RTE_MAX_LCORE];
1339 /* Send burst of packets on an output interface */
1341 send_burst(struct lcore_conf *qconf, uint16_t n, uint8_t port)
1343 struct rte_mbuf **m_table;
1347 queueid = qconf->tx_queue_id[port];
1348 m_table = (struct rte_mbuf **)qconf->tx_mbufs[port].m_table;
1350 ret = rte_eth_tx_burst(port, queueid, m_table, n);
1351 if (unlikely(ret < n)) {
1353 rte_pktmbuf_free(m_table[ret]);
1354 } while (++ret < n);
1360 /* Enqueue a single packet, and send burst if queue is filled */
1362 send_single_packet(struct rte_mbuf *m, uint8_t port)
1366 struct lcore_conf *qconf;
1368 lcore_id = rte_lcore_id();
1370 qconf = &lcore_conf[lcore_id];
1371 len = qconf->tx_mbufs[port].len;
1372 qconf->tx_mbufs[port].m_table[len] = m;
1375 /* enough pkts to be sent */
1376 if (unlikely(len == MAX_PKT_BURST)) {
1377 send_burst(qconf, MAX_PKT_BURST, port);
1381 qconf->tx_mbufs[port].len = len;
1385 #ifdef DO_RFC_1812_CHECKS
1387 is_valid_ipv4_pkt(struct ipv4_hdr *pkt, uint32_t link_len)
1389 /* From http://www.rfc-editor.org/rfc/rfc1812.txt section 5.2.2 */
1391 * 1. The packet length reported by the Link Layer must be large
1392 * enough to hold the minimum length legal IP datagram (20 bytes).
1394 if (link_len < sizeof(struct ipv4_hdr))
1397 /* 2. The IP checksum must be correct. */
1398 /* this is checked in H/W */
1401 * 3. The IP version number must be 4. If the version number is not 4
1402 * then the packet may be another version of IP, such as IPng or
1405 if (((pkt->version_ihl) >> 4) != 4)
1408 * 4. The IP header length field must be large enough to hold the
1409 * minimum length legal IP datagram (20 bytes = 5 words).
1411 if ((pkt->version_ihl & 0xf) < 5)
1415 * 5. The IP total length field must be large enough to hold the IP
1416 * datagram header, whose length is specified in the IP header length
1419 if (rte_cpu_to_be_16(pkt->total_length) < sizeof(struct ipv4_hdr))
1426 /* main processing loop */
1428 main_loop(__attribute__((unused)) void *dummy)
1430 struct rte_mbuf *pkts_burst[MAX_PKT_BURST];
1432 uint64_t prev_tsc, diff_tsc, cur_tsc;
1434 uint8_t portid, queueid;
1435 struct lcore_conf *qconf;
1437 const uint64_t drain_tsc = (rte_get_tsc_hz() + US_PER_S - 1)
1438 / US_PER_S * BURST_TX_DRAIN_US;
1439 int scalar = parm_config.scalar;
1443 lcore_id = rte_lcore_id();
1444 qconf = &lcore_conf[lcore_id];
1445 socketid = rte_lcore_to_socket_id(lcore_id);
1447 if (qconf->n_rx_queue == 0) {
1448 RTE_LOG(INFO, L3FWD, "lcore %u has nothing to do\n", lcore_id);
1452 RTE_LOG(INFO, L3FWD, "entering main loop on lcore %u\n", lcore_id);
1454 for (i = 0; i < qconf->n_rx_queue; i++) {
1456 portid = qconf->rx_queue_list[i].port_id;
1457 queueid = qconf->rx_queue_list[i].queue_id;
1458 RTE_LOG(INFO, L3FWD,
1459 " -- lcoreid=%u portid=%hhu rxqueueid=%hhu\n",
1460 lcore_id, portid, queueid);
1465 cur_tsc = rte_rdtsc();
1468 * TX burst queue drain
1470 diff_tsc = cur_tsc - prev_tsc;
1471 if (unlikely(diff_tsc > drain_tsc)) {
1474 * This could be optimized (use queueid instead of
1475 * portid), but it is not called so often
1477 for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++) {
1478 if (qconf->tx_mbufs[portid].len == 0)
1480 send_burst(&lcore_conf[lcore_id],
1481 qconf->tx_mbufs[portid].len,
1483 qconf->tx_mbufs[portid].len = 0;
1490 * Read packet from RX queues
1492 for (i = 0; i < qconf->n_rx_queue; ++i) {
1494 portid = qconf->rx_queue_list[i].port_id;
1495 queueid = qconf->rx_queue_list[i].queue_id;
1496 nb_rx = rte_eth_rx_burst(portid, queueid,
1497 pkts_burst, MAX_PKT_BURST);
1500 struct acl_search_t acl_search;
1502 prepare_acl_parameter(pkts_burst, &acl_search,
1505 if (acl_search.num_ipv4) {
1506 CLASSIFY(acl_config.acx_ipv4[socketid],
1507 acl_search.data_ipv4,
1508 acl_search.res_ipv4,
1509 acl_search.num_ipv4,
1510 DEFAULT_MAX_CATEGORIES);
1512 send_packets(acl_search.m_ipv4,
1513 acl_search.res_ipv4,
1514 acl_search.num_ipv4);
1517 if (acl_search.num_ipv6) {
1518 CLASSIFY(acl_config.acx_ipv6[socketid],
1519 acl_search.data_ipv6,
1520 acl_search.res_ipv6,
1521 acl_search.num_ipv6,
1522 DEFAULT_MAX_CATEGORIES);
1524 send_packets(acl_search.m_ipv6,
1525 acl_search.res_ipv6,
1526 acl_search.num_ipv6);
1534 check_lcore_params(void)
1536 uint8_t queue, lcore;
1540 for (i = 0; i < nb_lcore_params; ++i) {
1541 queue = lcore_params[i].queue_id;
1542 if (queue >= MAX_RX_QUEUE_PER_PORT) {
1543 printf("invalid queue number: %hhu\n", queue);
1546 lcore = lcore_params[i].lcore_id;
1547 if (!rte_lcore_is_enabled(lcore)) {
1548 printf("error: lcore %hhu is not enabled in "
1549 "lcore mask\n", lcore);
1552 socketid = rte_lcore_to_socket_id(lcore);
1553 if (socketid != 0 && numa_on == 0) {
1554 printf("warning: lcore %hhu is on socket %d "
1563 check_port_config(const unsigned nb_ports)
1568 for (i = 0; i < nb_lcore_params; ++i) {
1569 portid = lcore_params[i].port_id;
1571 if ((enabled_port_mask & (1 << portid)) == 0) {
1572 printf("port %u is not enabled in port mask\n", portid);
1575 if (portid >= nb_ports) {
1576 printf("port %u is not present on the board\n", portid);
1584 get_port_n_rx_queues(const uint8_t port)
1589 for (i = 0; i < nb_lcore_params; ++i) {
1590 if (lcore_params[i].port_id == port &&
1591 lcore_params[i].queue_id > queue)
1592 queue = lcore_params[i].queue_id;
1594 return (uint8_t)(++queue);
1598 init_lcore_rx_queues(void)
1600 uint16_t i, nb_rx_queue;
1603 for (i = 0; i < nb_lcore_params; ++i) {
1604 lcore = lcore_params[i].lcore_id;
1605 nb_rx_queue = lcore_conf[lcore].n_rx_queue;
1606 if (nb_rx_queue >= MAX_RX_QUEUE_PER_LCORE) {
1607 printf("error: too many queues (%u) for lcore: %u\n",
1608 (unsigned)nb_rx_queue + 1, (unsigned)lcore);
1611 lcore_conf[lcore].rx_queue_list[nb_rx_queue].port_id =
1612 lcore_params[i].port_id;
1613 lcore_conf[lcore].rx_queue_list[nb_rx_queue].queue_id =
1614 lcore_params[i].queue_id;
1615 lcore_conf[lcore].n_rx_queue++;
1623 print_usage(const char *prgname)
1625 printf("%s [EAL options] -- -p PORTMASK -P"
1626 "--"OPTION_RULE_IPV4"=FILE"
1627 "--"OPTION_RULE_IPV6"=FILE"
1628 " [--"OPTION_CONFIG" (port,queue,lcore)[,(port,queue,lcore]]"
1629 " [--"OPTION_ENBJMO" [--max-pkt-len PKTLEN]]\n"
1630 " -p PORTMASK: hexadecimal bitmask of ports to configure\n"
1631 " -P : enable promiscuous mode\n"
1632 " --"OPTION_CONFIG": (port,queue,lcore): "
1633 "rx queues configuration\n"
1634 " --"OPTION_NONUMA": optional, disable numa awareness\n"
1635 " --"OPTION_ENBJMO": enable jumbo frame"
1636 " which max packet len is PKTLEN in decimal (64-9600)\n"
1637 " --"OPTION_RULE_IPV4"=FILE: specify the ipv4 rules entries "
1639 "Each rule occupy one line. "
1640 "2 kinds of rules are supported. "
1641 "One is ACL entry at while line leads with character '%c', "
1642 "another is route entry at while line leads with "
1644 " --"OPTION_RULE_IPV6"=FILE: specify the ipv6 rules "
1646 " --"OPTION_SCALAR": Use scalar function to do lookup\n",
1647 prgname, ACL_LEAD_CHAR, ROUTE_LEAD_CHAR);
1651 parse_max_pkt_len(const char *pktlen)
1656 /* parse decimal string */
1657 len = strtoul(pktlen, &end, 10);
1658 if ((pktlen[0] == '\0') || (end == NULL) || (*end != '\0'))
1668 parse_portmask(const char *portmask)
1673 /* parse hexadecimal string */
1674 pm = strtoul(portmask, &end, 16);
1675 if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
1685 parse_config(const char *q_arg)
1688 const char *p, *p0 = q_arg;
1696 unsigned long int_fld[_NUM_FLD];
1697 char *str_fld[_NUM_FLD];
1701 nb_lcore_params = 0;
1703 while ((p = strchr(p0, '(')) != NULL) {
1705 if ((p0 = strchr(p, ')')) == NULL)
1709 if (size >= sizeof(s))
1712 rte_snprintf(s, sizeof(s), "%.*s", size, p);
1713 if (rte_strsplit(s, sizeof(s), str_fld, _NUM_FLD, ',') !=
1716 for (i = 0; i < _NUM_FLD; i++) {
1718 int_fld[i] = strtoul(str_fld[i], &end, 0);
1719 if (errno != 0 || end == str_fld[i] || int_fld[i] > 255)
1722 if (nb_lcore_params >= MAX_LCORE_PARAMS) {
1723 printf("exceeded max number of lcore params: %hu\n",
1727 lcore_params_array[nb_lcore_params].port_id =
1728 (uint8_t)int_fld[FLD_PORT];
1729 lcore_params_array[nb_lcore_params].queue_id =
1730 (uint8_t)int_fld[FLD_QUEUE];
1731 lcore_params_array[nb_lcore_params].lcore_id =
1732 (uint8_t)int_fld[FLD_LCORE];
1735 lcore_params = lcore_params_array;
1739 /* Parse the argument given in the command line of the application */
1741 parse_args(int argc, char **argv)
1746 char *prgname = argv[0];
1747 static struct option lgopts[] = {
1748 {OPTION_CONFIG, 1, 0, 0},
1749 {OPTION_NONUMA, 0, 0, 0},
1750 {OPTION_ENBJMO, 0, 0, 0},
1751 {OPTION_RULE_IPV4, 1, 0, 0},
1752 {OPTION_RULE_IPV6, 1, 0, 0},
1753 {OPTION_SCALAR, 0, 0, 0},
1759 while ((opt = getopt_long(argc, argvopt, "p:P",
1760 lgopts, &option_index)) != EOF) {
1765 enabled_port_mask = parse_portmask(optarg);
1766 if (enabled_port_mask == 0) {
1767 printf("invalid portmask\n");
1768 print_usage(prgname);
1773 printf("Promiscuous mode selected\n");
1779 if (!strncmp(lgopts[option_index].name,
1781 sizeof(OPTION_CONFIG))) {
1782 ret = parse_config(optarg);
1784 printf("invalid config\n");
1785 print_usage(prgname);
1790 if (!strncmp(lgopts[option_index].name,
1792 sizeof(OPTION_NONUMA))) {
1793 printf("numa is disabled\n");
1797 if (!strncmp(lgopts[option_index].name,
1798 OPTION_ENBJMO, sizeof(OPTION_ENBJMO))) {
1799 struct option lenopts = {
1806 printf("jumbo frame is enabled\n");
1807 port_conf.rxmode.jumbo_frame = 1;
1810 * if no max-pkt-len set, then use the
1811 * default value ETHER_MAX_LEN
1813 if (0 == getopt_long(argc, argvopt, "",
1814 &lenopts, &option_index)) {
1815 ret = parse_max_pkt_len(optarg);
1817 (ret > MAX_JUMBO_PKT_LEN)) {
1818 printf("invalid packet "
1820 print_usage(prgname);
1823 port_conf.rxmode.max_rx_pkt_len = ret;
1825 printf("set jumbo frame max packet length "
1828 port_conf.rxmode.max_rx_pkt_len);
1831 if (!strncmp(lgopts[option_index].name,
1833 sizeof(OPTION_RULE_IPV4)))
1834 parm_config.rule_ipv4_name = optarg;
1836 if (!strncmp(lgopts[option_index].name,
1838 sizeof(OPTION_RULE_IPV6))) {
1839 parm_config.rule_ipv6_name = optarg;
1842 if (!strncmp(lgopts[option_index].name,
1843 OPTION_SCALAR, sizeof(OPTION_SCALAR)))
1844 parm_config.scalar = 1;
1850 print_usage(prgname);
1856 argv[optind-1] = prgname;
1859 optind = 0; /* reset getopt lib */
1864 print_ethaddr(const char *name, const struct ether_addr *eth_addr)
1866 printf("%s%02X:%02X:%02X:%02X:%02X:%02X", name,
1867 eth_addr->addr_bytes[0],
1868 eth_addr->addr_bytes[1],
1869 eth_addr->addr_bytes[2],
1870 eth_addr->addr_bytes[3],
1871 eth_addr->addr_bytes[4],
1872 eth_addr->addr_bytes[5]);
1876 init_mem(unsigned nb_mbuf)
1882 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
1883 if (rte_lcore_is_enabled(lcore_id) == 0)
1887 socketid = rte_lcore_to_socket_id(lcore_id);
1891 if (socketid >= NB_SOCKETS) {
1892 rte_exit(EXIT_FAILURE,
1893 "Socket %d of lcore %u is out of range %d\n",
1894 socketid, lcore_id, NB_SOCKETS);
1896 if (pktmbuf_pool[socketid] == NULL) {
1897 rte_snprintf(s, sizeof(s), "mbuf_pool_%d", socketid);
1898 pktmbuf_pool[socketid] =
1899 rte_mempool_create(s, nb_mbuf, MBUF_SIZE,
1901 sizeof(struct rte_pktmbuf_pool_private),
1902 rte_pktmbuf_pool_init, NULL,
1903 rte_pktmbuf_init, NULL,
1905 if (pktmbuf_pool[socketid] == NULL)
1906 rte_exit(EXIT_FAILURE,
1907 "Cannot init mbuf pool on socket %d\n",
1910 printf("Allocated mbuf pool on socket %d\n",
1917 /* Check the link status of all ports in up to 9s, and print them finally */
1919 check_all_ports_link_status(uint8_t port_num, uint32_t port_mask)
1921 #define CHECK_INTERVAL 100 /* 100ms */
1922 #define MAX_CHECK_TIME 90 /* 9s (90 * 100ms) in total */
1923 uint8_t portid, count, all_ports_up, print_flag = 0;
1924 struct rte_eth_link link;
1926 printf("\nChecking link status");
1928 for (count = 0; count <= MAX_CHECK_TIME; count++) {
1930 for (portid = 0; portid < port_num; portid++) {
1931 if ((port_mask & (1 << portid)) == 0)
1933 memset(&link, 0, sizeof(link));
1934 rte_eth_link_get_nowait(portid, &link);
1935 /* print link status if flag set */
1936 if (print_flag == 1) {
1937 if (link.link_status)
1938 printf("Port %d Link Up - speed %u "
1939 "Mbps - %s\n", (uint8_t)portid,
1940 (unsigned)link.link_speed,
1941 (link.link_duplex == ETH_LINK_FULL_DUPLEX) ?
1942 ("full-duplex") : ("half-duplex\n"));
1944 printf("Port %d Link Down\n",
1948 /* clear all_ports_up flag if any link down */
1949 if (link.link_status == 0) {
1954 /* after finally printing all link status, get out */
1955 if (print_flag == 1)
1958 if (all_ports_up == 0) {
1961 rte_delay_ms(CHECK_INTERVAL);
1964 /* set the print_flag if all ports up or timeout */
1965 if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) {
1973 MAIN(int argc, char **argv)
1975 struct lcore_conf *qconf;
1980 uint32_t n_tx_queue, nb_lcores;
1981 uint8_t portid, nb_rx_queue, queue, socketid;
1984 ret = rte_eal_init(argc, argv);
1986 rte_exit(EXIT_FAILURE, "Invalid EAL parameters\n");
1990 /* parse application arguments (after the EAL ones) */
1991 ret = parse_args(argc, argv);
1993 rte_exit(EXIT_FAILURE, "Invalid L3FWD parameters\n");
1995 if (check_lcore_params() < 0)
1996 rte_exit(EXIT_FAILURE, "check_lcore_params failed\n");
1998 ret = init_lcore_rx_queues();
2000 rte_exit(EXIT_FAILURE, "init_lcore_rx_queues failed\n");
2002 if (rte_eal_pci_probe() < 0)
2003 rte_exit(EXIT_FAILURE, "Cannot probe PCI\n");
2005 nb_ports = rte_eth_dev_count();
2006 if (nb_ports > RTE_MAX_ETHPORTS)
2007 nb_ports = RTE_MAX_ETHPORTS;
2009 if (check_port_config(nb_ports) < 0)
2010 rte_exit(EXIT_FAILURE, "check_port_config failed\n");
2012 /* Add ACL rules and route entries, build trie */
2013 if (app_acl_init() < 0)
2014 rte_exit(EXIT_FAILURE, "app_acl_init failed\n");
2016 nb_lcores = rte_lcore_count();
2018 /* initialize all ports */
2019 for (portid = 0; portid < nb_ports; portid++) {
2020 /* skip ports that are not enabled */
2021 if ((enabled_port_mask & (1 << portid)) == 0) {
2022 printf("\nSkipping disabled port %d\n", portid);
2027 printf("Initializing port %d ... ", portid);
2030 nb_rx_queue = get_port_n_rx_queues(portid);
2031 n_tx_queue = nb_lcores;
2032 if (n_tx_queue > MAX_TX_QUEUE_PER_PORT)
2033 n_tx_queue = MAX_TX_QUEUE_PER_PORT;
2034 printf("Creating queues: nb_rxq=%d nb_txq=%u... ",
2035 nb_rx_queue, (unsigned)n_tx_queue);
2036 ret = rte_eth_dev_configure(portid, nb_rx_queue,
2037 (uint16_t)n_tx_queue, &port_conf);
2039 rte_exit(EXIT_FAILURE,
2040 "Cannot configure device: err=%d, port=%d\n",
2043 rte_eth_macaddr_get(portid, &ports_eth_addr[portid]);
2044 print_ethaddr(" Address:", &ports_eth_addr[portid]);
2048 ret = init_mem(NB_MBUF);
2050 rte_exit(EXIT_FAILURE, "init_mem failed\n");
2052 /* init one TX queue per couple (lcore,port) */
2054 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
2055 if (rte_lcore_is_enabled(lcore_id) == 0)
2059 socketid = (uint8_t)
2060 rte_lcore_to_socket_id(lcore_id);
2064 printf("txq=%u,%d,%d ", lcore_id, queueid, socketid);
2066 ret = rte_eth_tx_queue_setup(portid, queueid, nb_txd,
2067 socketid, &tx_conf);
2069 rte_exit(EXIT_FAILURE,
2070 "rte_eth_tx_queue_setup: err=%d, "
2071 "port=%d\n", ret, portid);
2073 qconf = &lcore_conf[lcore_id];
2074 qconf->tx_queue_id[portid] = queueid;
2080 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
2081 if (rte_lcore_is_enabled(lcore_id) == 0)
2083 qconf = &lcore_conf[lcore_id];
2084 printf("\nInitializing rx queues on lcore %u ... ", lcore_id);
2086 /* init RX queues */
2087 for (queue = 0; queue < qconf->n_rx_queue; ++queue) {
2088 portid = qconf->rx_queue_list[queue].port_id;
2089 queueid = qconf->rx_queue_list[queue].queue_id;
2092 socketid = (uint8_t)
2093 rte_lcore_to_socket_id(lcore_id);
2097 printf("rxq=%d,%d,%d ", portid, queueid, socketid);
2100 ret = rte_eth_rx_queue_setup(portid, queueid, nb_rxd,
2102 pktmbuf_pool[socketid]);
2104 rte_exit(EXIT_FAILURE,
2105 "rte_eth_rx_queue_setup: err=%d,"
2106 "port=%d\n", ret, portid);
2113 for (portid = 0; portid < nb_ports; portid++) {
2114 if ((enabled_port_mask & (1 << portid)) == 0)
2118 ret = rte_eth_dev_start(portid);
2120 rte_exit(EXIT_FAILURE,
2121 "rte_eth_dev_start: err=%d, port=%d\n",
2125 * If enabled, put device in promiscuous mode.
2126 * This allows IO forwarding mode to forward packets
2127 * to itself through 2 cross-connected ports of the
2131 rte_eth_promiscuous_enable(portid);
2134 check_all_ports_link_status((uint8_t)nb_ports, enabled_port_mask);
2136 /* launch per-lcore init on every lcore */
2137 rte_eal_mp_remote_launch(main_loop, NULL, CALL_MASTER);
2138 RTE_LCORE_FOREACH_SLAVE(lcore_id) {
2139 if (rte_eal_wait_lcore(lcore_id) < 0)