4 * Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 #include <sys/types.h>
40 #include <sys/queue.h>
45 #include <rte_common.h>
46 #include <rte_byteorder.h>
48 #include <rte_memory.h>
49 #include <rte_memcpy.h>
50 #include <rte_memzone.h>
51 #include <rte_tailq.h>
53 #include <rte_per_lcore.h>
54 #include <rte_launch.h>
55 #include <rte_atomic.h>
56 #include <rte_cycles.h>
57 #include <rte_prefetch.h>
58 #include <rte_lcore.h>
59 #include <rte_per_lcore.h>
60 #include <rte_branch_prediction.h>
61 #include <rte_interrupts.h>
63 #include <rte_random.h>
64 #include <rte_debug.h>
65 #include <rte_ether.h>
66 #include <rte_ethdev.h>
68 #include <rte_mempool.h>
73 #include <rte_string_fns.h>
78 #define DO_RFC_1812_CHECKS
80 #define RTE_LOGTYPE_L3FWD RTE_LOGTYPE_USER1
82 #define MAX_JUMBO_PKT_LEN 9600
84 #define MEMPOOL_CACHE_SIZE 256
86 #define MBUF_SIZE (2048 + sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM)
89 * This expression is used to calculate the number of mbufs needed
90 * depending on user input, taking into account memory for rx and tx hardware
91 * rings, cache per lcore and mtable per port per lcore.
92 * RTE_MAX is used to ensure that NB_MBUF never goes below a
93 * minimum value of 8192
96 #define NB_MBUF RTE_MAX(\
97 (nb_ports * nb_rx_queue*RTE_TEST_RX_DESC_DEFAULT + \
98 nb_ports * nb_lcores * MAX_PKT_BURST + \
99 nb_ports * n_tx_queue * RTE_TEST_TX_DESC_DEFAULT + \
100 nb_lcores * MEMPOOL_CACHE_SIZE), \
104 * RX and TX Prefetch, Host, and Write-back threshold values should be
105 * carefully set for optimal performance. Consult the network
106 * controller's datasheet and supporting DPDK documentation for guidance
107 * on how these parameters should be set.
109 #define RX_PTHRESH 8 /**< Default values of RX prefetch threshold reg. */
110 #define RX_HTHRESH 8 /**< Default values of RX host threshold reg. */
111 #define RX_WTHRESH 4 /**< Default values of RX write-back threshold reg. */
114 * These default values are optimized for use with the Intel(R) 82599 10 GbE
115 * Controller and the DPDK ixgbe PMD. Consider using other values for other
116 * network controllers and/or network drivers.
118 #define TX_PTHRESH 36 /**< Default values of TX prefetch threshold reg. */
119 #define TX_HTHRESH 0 /**< Default values of TX host threshold reg. */
120 #define TX_WTHRESH 0 /**< Default values of TX write-back threshold reg. */
122 #define MAX_PKT_BURST 32
123 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
127 /* Configure how many packets ahead to prefetch, when reading packets */
128 #define PREFETCH_OFFSET 3
131 * Configurable number of RX/TX ring descriptors
133 #define RTE_TEST_RX_DESC_DEFAULT 128
134 #define RTE_TEST_TX_DESC_DEFAULT 512
135 static uint16_t nb_rxd = RTE_TEST_RX_DESC_DEFAULT;
136 static uint16_t nb_txd = RTE_TEST_TX_DESC_DEFAULT;
138 /* ethernet addresses of ports */
139 static struct ether_addr ports_eth_addr[RTE_MAX_ETHPORTS];
141 /* mask of enabled ports */
142 static uint32_t enabled_port_mask;
143 static int promiscuous_on; /**< Ports set in promiscuous mode off by default. */
144 static int numa_on = 1; /**< NUMA is enabled by default. */
148 struct rte_mbuf *m_table[MAX_PKT_BURST];
151 struct lcore_rx_queue {
154 } __rte_cache_aligned;
156 #define MAX_RX_QUEUE_PER_LCORE 16
157 #define MAX_TX_QUEUE_PER_PORT RTE_MAX_ETHPORTS
158 #define MAX_RX_QUEUE_PER_PORT 128
160 #define MAX_LCORE_PARAMS 1024
161 struct lcore_params {
165 } __rte_cache_aligned;
167 static struct lcore_params lcore_params_array[MAX_LCORE_PARAMS];
168 static struct lcore_params lcore_params_array_default[] = {
180 static struct lcore_params *lcore_params = lcore_params_array_default;
181 static uint16_t nb_lcore_params = sizeof(lcore_params_array_default) /
182 sizeof(lcore_params_array_default[0]);
184 static struct rte_eth_conf port_conf = {
186 .mq_mode = ETH_MQ_RX_RSS,
187 .max_rx_pkt_len = ETHER_MAX_LEN,
189 .header_split = 0, /**< Header Split disabled */
190 .hw_ip_checksum = 1, /**< IP checksum offload enabled */
191 .hw_vlan_filter = 0, /**< VLAN filtering disabled */
192 .jumbo_frame = 0, /**< Jumbo Frame Support disabled */
193 .hw_strip_crc = 0, /**< CRC stripped by hardware */
198 .rss_hf = ETH_RSS_IPV4 | ETH_RSS_IPV4_TCP
200 | ETH_RSS_IPV6 | ETH_RSS_IPV6_EX
201 | ETH_RSS_IPV6_TCP | ETH_RSS_IPV6_TCP_EX
202 | ETH_RSS_IPV6_UDP | ETH_RSS_IPV6_UDP_EX,
206 .mq_mode = ETH_MQ_TX_NONE,
210 static const struct rte_eth_rxconf rx_conf = {
212 .pthresh = RX_PTHRESH,
213 .hthresh = RX_HTHRESH,
214 .wthresh = RX_WTHRESH,
216 .rx_free_thresh = 32,
219 static const struct rte_eth_txconf tx_conf = {
221 .pthresh = TX_PTHRESH,
222 .hthresh = TX_HTHRESH,
223 .wthresh = TX_WTHRESH,
225 .tx_free_thresh = 0, /* Use PMD default values */
226 .tx_rs_thresh = 0, /* Use PMD default values */
230 static struct rte_mempool *pktmbuf_pool[NB_SOCKETS];
232 /***********************start of ACL part******************************/
233 #ifdef DO_RFC_1812_CHECKS
235 is_valid_ipv4_pkt(struct ipv4_hdr *pkt, uint32_t link_len);
238 send_single_packet(struct rte_mbuf *m, uint8_t port);
240 #define MAX_ACL_RULE_NUM 100000
241 #define DEFAULT_MAX_CATEGORIES 1
242 #define L3FWD_ACL_IPV4_NAME "l3fwd-acl-ipv4"
243 #define L3FWD_ACL_IPV6_NAME "l3fwd-acl-ipv6"
244 #define ACL_LEAD_CHAR ('@')
245 #define ROUTE_LEAD_CHAR ('R')
246 #define COMMENT_LEAD_CHAR ('#')
247 #define OPTION_CONFIG "config"
248 #define OPTION_NONUMA "no-numa"
249 #define OPTION_ENBJMO "enable-jumbo"
250 #define OPTION_RULE_IPV4 "rule_ipv4"
251 #define OPTION_RULE_IPV6 "rule_ipv6"
252 #define OPTION_SCALAR "scalar"
253 #define ACL_DENY_SIGNATURE 0xf0000000
254 #define RTE_LOGTYPE_L3FWDACL RTE_LOGTYPE_USER3
255 #define acl_log(format, ...) RTE_LOG(ERR, L3FWDACL, format, ##__VA_ARGS__)
256 #define uint32_t_to_char(ip, a, b, c, d) do {\
257 *a = (unsigned char)(ip >> 24 & 0xff);\
258 *b = (unsigned char)(ip >> 16 & 0xff);\
259 *c = (unsigned char)(ip >> 8 & 0xff);\
260 *d = (unsigned char)(ip & 0xff);\
262 #define OFF_ETHHEAD (sizeof(struct ether_hdr))
263 #define OFF_IPV42PROTO (offsetof(struct ipv4_hdr, next_proto_id))
264 #define OFF_IPV62PROTO (offsetof(struct ipv6_hdr, proto))
265 #define MBUF_IPV4_2PROTO(m) \
266 (rte_pktmbuf_mtod((m), uint8_t *) + OFF_ETHHEAD + OFF_IPV42PROTO)
267 #define MBUF_IPV6_2PROTO(m) \
268 (rte_pktmbuf_mtod((m), uint8_t *) + OFF_ETHHEAD + OFF_IPV62PROTO)
270 #define GET_CB_FIELD(in, fd, base, lim, dlm) do { \
274 val = strtoul((in), &end, (base)); \
275 if (errno != 0 || end[0] != (dlm) || val > (lim)) \
277 (fd) = (typeof(fd))val; \
282 * ACL rules should have higher priorities than route ones to ensure ACL rule
283 * always be found when input packets have multi-matches in the database.
284 * A exception case is performance measure, which can define route rules with
285 * higher priority and route rules will always be returned in each lookup.
286 * Reserve range from ACL_RULE_PRIORITY_MAX + 1 to
287 * RTE_ACL_MAX_PRIORITY for route entries in performance measure
289 #define ACL_RULE_PRIORITY_MAX 0x10000000
292 * Forward port info save in ACL lib starts from 1
293 * since ACL assume 0 is invalid.
294 * So, need add 1 when saving and minus 1 when forwarding packets.
296 #define FWD_PORT_SHIFT 1
299 * Rule and trace formats definitions.
311 struct rte_acl_field_def ipv4_defs[NUM_FIELDS_IPV4] = {
313 .type = RTE_ACL_FIELD_TYPE_BITMASK,
314 .size = sizeof(uint8_t),
315 .field_index = PROTO_FIELD_IPV4,
316 .input_index = RTE_ACL_IPV4VLAN_PROTO,
320 .type = RTE_ACL_FIELD_TYPE_MASK,
321 .size = sizeof(uint32_t),
322 .field_index = SRC_FIELD_IPV4,
323 .input_index = RTE_ACL_IPV4VLAN_SRC,
324 .offset = offsetof(struct ipv4_hdr, src_addr) -
325 offsetof(struct ipv4_hdr, next_proto_id),
328 .type = RTE_ACL_FIELD_TYPE_MASK,
329 .size = sizeof(uint32_t),
330 .field_index = DST_FIELD_IPV4,
331 .input_index = RTE_ACL_IPV4VLAN_DST,
332 .offset = offsetof(struct ipv4_hdr, dst_addr) -
333 offsetof(struct ipv4_hdr, next_proto_id),
336 .type = RTE_ACL_FIELD_TYPE_RANGE,
337 .size = sizeof(uint16_t),
338 .field_index = SRCP_FIELD_IPV4,
339 .input_index = RTE_ACL_IPV4VLAN_PORTS,
340 .offset = sizeof(struct ipv4_hdr) -
341 offsetof(struct ipv4_hdr, next_proto_id),
344 .type = RTE_ACL_FIELD_TYPE_RANGE,
345 .size = sizeof(uint16_t),
346 .field_index = DSTP_FIELD_IPV4,
347 .input_index = RTE_ACL_IPV4VLAN_PORTS,
348 .offset = sizeof(struct ipv4_hdr) -
349 offsetof(struct ipv4_hdr, next_proto_id) +
354 #define IPV6_ADDR_LEN 16
355 #define IPV6_ADDR_U16 (IPV6_ADDR_LEN / sizeof(uint16_t))
356 #define IPV6_ADDR_U32 (IPV6_ADDR_LEN / sizeof(uint32_t))
373 struct rte_acl_field_def ipv6_defs[NUM_FIELDS_IPV6] = {
375 .type = RTE_ACL_FIELD_TYPE_BITMASK,
376 .size = sizeof(uint8_t),
377 .field_index = PROTO_FIELD_IPV6,
378 .input_index = PROTO_FIELD_IPV6,
382 .type = RTE_ACL_FIELD_TYPE_MASK,
383 .size = sizeof(uint32_t),
384 .field_index = SRC1_FIELD_IPV6,
385 .input_index = SRC1_FIELD_IPV6,
386 .offset = offsetof(struct ipv6_hdr, src_addr) -
387 offsetof(struct ipv6_hdr, proto),
390 .type = RTE_ACL_FIELD_TYPE_MASK,
391 .size = sizeof(uint32_t),
392 .field_index = SRC2_FIELD_IPV6,
393 .input_index = SRC2_FIELD_IPV6,
394 .offset = offsetof(struct ipv6_hdr, src_addr) -
395 offsetof(struct ipv6_hdr, proto) + sizeof(uint32_t),
398 .type = RTE_ACL_FIELD_TYPE_MASK,
399 .size = sizeof(uint32_t),
400 .field_index = SRC3_FIELD_IPV6,
401 .input_index = SRC3_FIELD_IPV6,
402 .offset = offsetof(struct ipv6_hdr, src_addr) -
403 offsetof(struct ipv6_hdr, proto) + 2 * sizeof(uint32_t),
406 .type = RTE_ACL_FIELD_TYPE_MASK,
407 .size = sizeof(uint32_t),
408 .field_index = SRC4_FIELD_IPV6,
409 .input_index = SRC4_FIELD_IPV6,
410 .offset = offsetof(struct ipv6_hdr, src_addr) -
411 offsetof(struct ipv6_hdr, proto) + 3 * sizeof(uint32_t),
414 .type = RTE_ACL_FIELD_TYPE_MASK,
415 .size = sizeof(uint32_t),
416 .field_index = DST1_FIELD_IPV6,
417 .input_index = DST1_FIELD_IPV6,
418 .offset = offsetof(struct ipv6_hdr, dst_addr)
419 - offsetof(struct ipv6_hdr, proto),
422 .type = RTE_ACL_FIELD_TYPE_MASK,
423 .size = sizeof(uint32_t),
424 .field_index = DST2_FIELD_IPV6,
425 .input_index = DST2_FIELD_IPV6,
426 .offset = offsetof(struct ipv6_hdr, dst_addr) -
427 offsetof(struct ipv6_hdr, proto) + sizeof(uint32_t),
430 .type = RTE_ACL_FIELD_TYPE_MASK,
431 .size = sizeof(uint32_t),
432 .field_index = DST3_FIELD_IPV6,
433 .input_index = DST3_FIELD_IPV6,
434 .offset = offsetof(struct ipv6_hdr, dst_addr) -
435 offsetof(struct ipv6_hdr, proto) + 2 * sizeof(uint32_t),
438 .type = RTE_ACL_FIELD_TYPE_MASK,
439 .size = sizeof(uint32_t),
440 .field_index = DST4_FIELD_IPV6,
441 .input_index = DST4_FIELD_IPV6,
442 .offset = offsetof(struct ipv6_hdr, dst_addr) -
443 offsetof(struct ipv6_hdr, proto) + 3 * sizeof(uint32_t),
446 .type = RTE_ACL_FIELD_TYPE_RANGE,
447 .size = sizeof(uint16_t),
448 .field_index = SRCP_FIELD_IPV6,
449 .input_index = SRCP_FIELD_IPV6,
450 .offset = sizeof(struct ipv6_hdr) -
451 offsetof(struct ipv6_hdr, proto),
454 .type = RTE_ACL_FIELD_TYPE_RANGE,
455 .size = sizeof(uint16_t),
456 .field_index = DSTP_FIELD_IPV6,
457 .input_index = SRCP_FIELD_IPV6,
458 .offset = sizeof(struct ipv6_hdr) -
459 offsetof(struct ipv6_hdr, proto) + sizeof(uint16_t),
468 CB_FLD_SRC_PORT_HIGH,
471 CB_FLD_DST_PORT_HIGH,
477 RTE_ACL_RULE_DEF(acl4_rule, RTE_DIM(ipv4_defs));
478 RTE_ACL_RULE_DEF(acl6_rule, RTE_DIM(ipv6_defs));
480 struct acl_search_t {
481 const uint8_t *data_ipv4[MAX_PKT_BURST];
482 struct rte_mbuf *m_ipv4[MAX_PKT_BURST];
483 uint32_t res_ipv4[MAX_PKT_BURST];
486 const uint8_t *data_ipv6[MAX_PKT_BURST];
487 struct rte_mbuf *m_ipv6[MAX_PKT_BURST];
488 uint32_t res_ipv6[MAX_PKT_BURST];
493 char mapped[NB_SOCKETS];
494 struct rte_acl_ctx *acx_ipv4[NB_SOCKETS];
495 struct rte_acl_ctx *acx_ipv6[NB_SOCKETS];
496 #ifdef L3FWDACL_DEBUG
497 struct acl4_rule *rule_ipv4;
498 struct acl6_rule *rule_ipv6;
503 const char *rule_ipv4_name;
504 const char *rule_ipv6_name;
508 const char cb_port_delim[] = ":";
511 print_one_ipv4_rule(struct acl4_rule *rule, int extra)
513 unsigned char a, b, c, d;
515 uint32_t_to_char(rule->field[SRC_FIELD_IPV4].value.u32,
517 printf("%hhu.%hhu.%hhu.%hhu/%u ", a, b, c, d,
518 rule->field[SRC_FIELD_IPV4].mask_range.u32);
519 uint32_t_to_char(rule->field[DST_FIELD_IPV4].value.u32,
521 printf("%hhu.%hhu.%hhu.%hhu/%u ", a, b, c, d,
522 rule->field[DST_FIELD_IPV4].mask_range.u32);
523 printf("%hu : %hu %hu : %hu 0x%hhx/0x%hhx ",
524 rule->field[SRCP_FIELD_IPV4].value.u16,
525 rule->field[SRCP_FIELD_IPV4].mask_range.u16,
526 rule->field[DSTP_FIELD_IPV4].value.u16,
527 rule->field[DSTP_FIELD_IPV4].mask_range.u16,
528 rule->field[PROTO_FIELD_IPV4].value.u8,
529 rule->field[PROTO_FIELD_IPV4].mask_range.u8);
531 printf("0x%x-0x%x-0x%x ",
532 rule->data.category_mask,
534 rule->data.userdata);
538 print_one_ipv6_rule(struct acl6_rule *rule, int extra)
540 unsigned char a, b, c, d;
542 uint32_t_to_char(rule->field[SRC1_FIELD_IPV6].value.u32,
544 printf("%.2x%.2x:%.2x%.2x", a, b, c, d);
545 uint32_t_to_char(rule->field[SRC2_FIELD_IPV6].value.u32,
547 printf(":%.2x%.2x:%.2x%.2x", a, b, c, d);
548 uint32_t_to_char(rule->field[SRC3_FIELD_IPV6].value.u32,
550 printf(":%.2x%.2x:%.2x%.2x", a, b, c, d);
551 uint32_t_to_char(rule->field[SRC4_FIELD_IPV6].value.u32,
553 printf(":%.2x%.2x:%.2x%.2x/%u ", a, b, c, d,
554 rule->field[SRC1_FIELD_IPV6].mask_range.u32
555 + rule->field[SRC2_FIELD_IPV6].mask_range.u32
556 + rule->field[SRC3_FIELD_IPV6].mask_range.u32
557 + rule->field[SRC4_FIELD_IPV6].mask_range.u32);
559 uint32_t_to_char(rule->field[DST1_FIELD_IPV6].value.u32,
561 printf("%.2x%.2x:%.2x%.2x", a, b, c, d);
562 uint32_t_to_char(rule->field[DST2_FIELD_IPV6].value.u32,
564 printf(":%.2x%.2x:%.2x%.2x", a, b, c, d);
565 uint32_t_to_char(rule->field[DST3_FIELD_IPV6].value.u32,
567 printf(":%.2x%.2x:%.2x%.2x", a, b, c, d);
568 uint32_t_to_char(rule->field[DST4_FIELD_IPV6].value.u32,
570 printf(":%.2x%.2x:%.2x%.2x/%u ", a, b, c, d,
571 rule->field[DST1_FIELD_IPV6].mask_range.u32
572 + rule->field[DST2_FIELD_IPV6].mask_range.u32
573 + rule->field[DST3_FIELD_IPV6].mask_range.u32
574 + rule->field[DST4_FIELD_IPV6].mask_range.u32);
576 printf("%hu : %hu %hu : %hu 0x%hhx/0x%hhx ",
577 rule->field[SRCP_FIELD_IPV6].value.u16,
578 rule->field[SRCP_FIELD_IPV6].mask_range.u16,
579 rule->field[DSTP_FIELD_IPV6].value.u16,
580 rule->field[DSTP_FIELD_IPV6].mask_range.u16,
581 rule->field[PROTO_FIELD_IPV6].value.u8,
582 rule->field[PROTO_FIELD_IPV6].mask_range.u8);
584 printf("0x%x-0x%x-0x%x ",
585 rule->data.category_mask,
587 rule->data.userdata);
590 /* Bypass comment and empty lines */
592 is_bypass_line(char *buff)
597 if (buff[0] == COMMENT_LEAD_CHAR)
600 while (buff[i] != '\0') {
601 if (!isspace(buff[i]))
608 #ifdef L3FWDACL_DEBUG
610 dump_acl4_rule(struct rte_mbuf *m, uint32_t sig)
612 uint32_t offset = sig & ~ACL_DENY_SIGNATURE;
613 unsigned char a, b, c, d;
614 struct ipv4_hdr *ipv4_hdr = (struct ipv4_hdr *)
615 (rte_pktmbuf_mtod(m, unsigned char *) +
616 sizeof(struct ether_hdr));
618 uint32_t_to_char(rte_bswap32(ipv4_hdr->src_addr), &a, &b, &c, &d);
619 printf("Packet Src:%hhu.%hhu.%hhu.%hhu ", a, b, c, d);
620 uint32_t_to_char(rte_bswap32(ipv4_hdr->dst_addr), &a, &b, &c, &d);
621 printf("Dst:%hhu.%hhu.%hhu.%hhu ", a, b, c, d);
623 printf("Src port:%hu,Dst port:%hu ",
624 rte_bswap16(*(uint16_t *)(ipv4_hdr + 1)),
625 rte_bswap16(*((uint16_t *)(ipv4_hdr + 1) + 1)));
626 printf("hit ACL %d - ", offset);
628 print_one_ipv4_rule(acl_config.rule_ipv4 + offset, 1);
634 dump_acl6_rule(struct rte_mbuf *m, uint32_t sig)
637 uint32_t offset = sig & ~ACL_DENY_SIGNATURE;
638 struct ipv6_hdr *ipv6_hdr = (struct ipv6_hdr *)
639 (rte_pktmbuf_mtod(m, unsigned char *) +
640 sizeof(struct ether_hdr));
642 printf("Packet Src");
643 for (i = 0; i < RTE_DIM(ipv6_hdr->src_addr); i += sizeof(uint16_t))
645 ipv6_hdr->src_addr[i], ipv6_hdr->src_addr[i + 1]);
648 for (i = 0; i < RTE_DIM(ipv6_hdr->dst_addr); i += sizeof(uint16_t))
650 ipv6_hdr->dst_addr[i], ipv6_hdr->dst_addr[i + 1]);
652 printf("\nSrc port:%hu,Dst port:%hu ",
653 rte_bswap16(*(uint16_t *)(ipv6_hdr + 1)),
654 rte_bswap16(*((uint16_t *)(ipv6_hdr + 1) + 1)));
655 printf("hit ACL %d - ", offset);
657 print_one_ipv6_rule(acl_config.rule_ipv6 + offset, 1);
661 #endif /* L3FWDACL_DEBUG */
664 dump_ipv4_rules(struct acl4_rule *rule, int num, int extra)
668 for (i = 0; i < num; i++, rule++) {
669 printf("\t%d:", i + 1);
670 print_one_ipv4_rule(rule, extra);
676 dump_ipv6_rules(struct acl6_rule *rule, int num, int extra)
680 for (i = 0; i < num; i++, rule++) {
681 printf("\t%d:", i + 1);
682 print_one_ipv6_rule(rule, extra);
687 #ifdef DO_RFC_1812_CHECKS
689 prepare_one_packet(struct rte_mbuf **pkts_in, struct acl_search_t *acl,
692 struct ipv4_hdr *ipv4_hdr;
693 struct rte_mbuf *pkt = pkts_in[index];
695 int type = pkt->ol_flags & (PKT_RX_IPV4_HDR | PKT_RX_IPV6_HDR);
697 if (type == PKT_RX_IPV4_HDR) {
699 ipv4_hdr = (struct ipv4_hdr *)(rte_pktmbuf_mtod(pkt,
700 unsigned char *) + sizeof(struct ether_hdr));
702 /* Check to make sure the packet is valid (RFC1812) */
703 if (is_valid_ipv4_pkt(ipv4_hdr, pkt->pkt_len) >= 0) {
705 /* Update time to live and header checksum */
706 --(ipv4_hdr->time_to_live);
707 ++(ipv4_hdr->hdr_checksum);
709 /* Fill acl structure */
710 acl->data_ipv4[acl->num_ipv4] = MBUF_IPV4_2PROTO(pkt);
711 acl->m_ipv4[(acl->num_ipv4)++] = pkt;
714 /* Not a valid IPv4 packet */
715 rte_pktmbuf_free(pkt);
718 } else if (type == PKT_RX_IPV6_HDR) {
720 /* Fill acl structure */
721 acl->data_ipv6[acl->num_ipv6] = MBUF_IPV6_2PROTO(pkt);
722 acl->m_ipv6[(acl->num_ipv6)++] = pkt;
725 /* Unknown type, drop the packet */
726 rte_pktmbuf_free(pkt);
732 prepare_one_packet(struct rte_mbuf **pkts_in, struct acl_search_t *acl,
735 struct rte_mbuf *pkt = pkts_in[index];
737 int type = pkt->ol_flags & (PKT_RX_IPV4_HDR | PKT_RX_IPV6_HDR);
739 if (type == PKT_RX_IPV4_HDR) {
741 /* Fill acl structure */
742 acl->data_ipv4[acl->num_ipv4] = MBUF_IPV4_2PROTO(pkt);
743 acl->m_ipv4[(acl->num_ipv4)++] = pkt;
746 } else if (type == PKT_RX_IPV6_HDR) {
748 /* Fill acl structure */
749 acl->data_ipv6[acl->num_ipv6] = MBUF_IPV6_2PROTO(pkt);
750 acl->m_ipv6[(acl->num_ipv6)++] = pkt;
752 /* Unknown type, drop the packet */
753 rte_pktmbuf_free(pkt);
756 #endif /* DO_RFC_1812_CHECKS */
759 prepare_acl_parameter(struct rte_mbuf **pkts_in, struct acl_search_t *acl,
767 /* Prefetch first packets */
768 for (i = 0; i < PREFETCH_OFFSET && i < nb_rx; i++) {
769 rte_prefetch0(rte_pktmbuf_mtod(
770 pkts_in[i], void *));
773 for (i = 0; i < (nb_rx - PREFETCH_OFFSET); i++) {
774 rte_prefetch0(rte_pktmbuf_mtod(pkts_in[
775 i + PREFETCH_OFFSET], void *));
776 prepare_one_packet(pkts_in, acl, i);
779 /* Process left packets */
780 for (; i < nb_rx; i++)
781 prepare_one_packet(pkts_in, acl, i);
785 send_one_packet(struct rte_mbuf *m, uint32_t res)
787 if (likely((res & ACL_DENY_SIGNATURE) == 0 && res != 0)) {
788 /* forward packets */
789 send_single_packet(m,
790 (uint8_t)(res - FWD_PORT_SHIFT));
792 /* in the ACL list, drop it */
793 #ifdef L3FWDACL_DEBUG
794 if ((res & ACL_DENY_SIGNATURE) != 0) {
795 if (m->ol_flags & PKT_RX_IPV4_HDR)
796 dump_acl4_rule(m, res);
798 dump_acl6_rule(m, res);
808 send_packets(struct rte_mbuf **m, uint32_t *res, int num)
812 /* Prefetch first packets */
813 for (i = 0; i < PREFETCH_OFFSET && i < num; i++) {
814 rte_prefetch0(rte_pktmbuf_mtod(
818 for (i = 0; i < (num - PREFETCH_OFFSET); i++) {
819 rte_prefetch0(rte_pktmbuf_mtod(m[
820 i + PREFETCH_OFFSET], void *));
821 send_one_packet(m[i], res[i]);
824 /* Process left packets */
826 send_one_packet(m[i], res[i]);
830 * Parses IPV6 address, exepcts the following format:
831 * XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX (where X - is a hexedecimal digit).
834 parse_ipv6_addr(const char *in, const char **end, uint32_t v[IPV6_ADDR_U32],
837 uint32_t addr[IPV6_ADDR_U16];
839 GET_CB_FIELD(in, addr[0], 16, UINT16_MAX, ':');
840 GET_CB_FIELD(in, addr[1], 16, UINT16_MAX, ':');
841 GET_CB_FIELD(in, addr[2], 16, UINT16_MAX, ':');
842 GET_CB_FIELD(in, addr[3], 16, UINT16_MAX, ':');
843 GET_CB_FIELD(in, addr[4], 16, UINT16_MAX, ':');
844 GET_CB_FIELD(in, addr[5], 16, UINT16_MAX, ':');
845 GET_CB_FIELD(in, addr[6], 16, UINT16_MAX, ':');
846 GET_CB_FIELD(in, addr[7], 16, UINT16_MAX, dlm);
850 v[0] = (addr[0] << 16) + addr[1];
851 v[1] = (addr[2] << 16) + addr[3];
852 v[2] = (addr[4] << 16) + addr[5];
853 v[3] = (addr[6] << 16) + addr[7];
859 parse_ipv6_net(const char *in, struct rte_acl_field field[4])
864 const uint32_t nbu32 = sizeof(uint32_t) * CHAR_BIT;
867 rc = parse_ipv6_addr(in, &mp, v, '/');
872 GET_CB_FIELD(mp, m, 0, CHAR_BIT * sizeof(v), 0);
874 /* put all together. */
875 for (i = 0; i != RTE_DIM(v); i++) {
876 if (m >= (i + 1) * nbu32)
877 field[i].mask_range.u32 = nbu32;
879 field[i].mask_range.u32 = m > (i * nbu32) ?
882 field[i].value.u32 = v[i];
889 parse_cb_ipv6_rule(char *str, struct rte_acl_rule *v, int has_userdata)
892 char *s, *sp, *in[CB_FLD_NUM];
893 static const char *dlm = " \t\n";
894 int dim = has_userdata ? CB_FLD_NUM : CB_FLD_USERDATA;
897 for (i = 0; i != dim; i++, s = NULL) {
898 in[i] = strtok_r(s, dlm, &sp);
903 rc = parse_ipv6_net(in[CB_FLD_SRC_ADDR], v->field + SRC1_FIELD_IPV6);
905 acl_log("failed to read source address/mask: %s\n",
906 in[CB_FLD_SRC_ADDR]);
910 rc = parse_ipv6_net(in[CB_FLD_DST_ADDR], v->field + DST1_FIELD_IPV6);
912 acl_log("failed to read destination address/mask: %s\n",
913 in[CB_FLD_DST_ADDR]);
918 GET_CB_FIELD(in[CB_FLD_SRC_PORT_LOW],
919 v->field[SRCP_FIELD_IPV6].value.u16,
921 GET_CB_FIELD(in[CB_FLD_SRC_PORT_HIGH],
922 v->field[SRCP_FIELD_IPV6].mask_range.u16,
925 if (strncmp(in[CB_FLD_SRC_PORT_DLM], cb_port_delim,
926 sizeof(cb_port_delim)) != 0)
929 /* destination port. */
930 GET_CB_FIELD(in[CB_FLD_DST_PORT_LOW],
931 v->field[DSTP_FIELD_IPV6].value.u16,
933 GET_CB_FIELD(in[CB_FLD_DST_PORT_HIGH],
934 v->field[DSTP_FIELD_IPV6].mask_range.u16,
937 if (strncmp(in[CB_FLD_DST_PORT_DLM], cb_port_delim,
938 sizeof(cb_port_delim)) != 0)
941 if (v->field[SRCP_FIELD_IPV6].mask_range.u16
942 < v->field[SRCP_FIELD_IPV6].value.u16
943 || v->field[DSTP_FIELD_IPV6].mask_range.u16
944 < v->field[DSTP_FIELD_IPV6].value.u16)
947 GET_CB_FIELD(in[CB_FLD_PROTO], v->field[PROTO_FIELD_IPV6].value.u8,
949 GET_CB_FIELD(in[CB_FLD_PROTO], v->field[PROTO_FIELD_IPV6].mask_range.u8,
953 GET_CB_FIELD(in[CB_FLD_USERDATA], v->data.userdata,
960 * Parse ClassBench rules file.
962 * '@'<src_ipv4_addr>'/'<masklen> <space> \
963 * <dst_ipv4_addr>'/'<masklen> <space> \
964 * <src_port_low> <space> ":" <src_port_high> <space> \
965 * <dst_port_low> <space> ":" <dst_port_high> <space> \
969 parse_ipv4_net(const char *in, uint32_t *addr, uint32_t *mask_len)
971 uint8_t a, b, c, d, m;
973 GET_CB_FIELD(in, a, 0, UINT8_MAX, '.');
974 GET_CB_FIELD(in, b, 0, UINT8_MAX, '.');
975 GET_CB_FIELD(in, c, 0, UINT8_MAX, '.');
976 GET_CB_FIELD(in, d, 0, UINT8_MAX, '/');
977 GET_CB_FIELD(in, m, 0, sizeof(uint32_t) * CHAR_BIT, 0);
979 addr[0] = IPv4(a, b, c, d);
986 parse_cb_ipv4vlan_rule(char *str, struct rte_acl_rule *v, int has_userdata)
989 char *s, *sp, *in[CB_FLD_NUM];
990 static const char *dlm = " \t\n";
991 int dim = has_userdata ? CB_FLD_NUM : CB_FLD_USERDATA;
994 for (i = 0; i != dim; i++, s = NULL) {
995 in[i] = strtok_r(s, dlm, &sp);
1000 rc = parse_ipv4_net(in[CB_FLD_SRC_ADDR],
1001 &v->field[SRC_FIELD_IPV4].value.u32,
1002 &v->field[SRC_FIELD_IPV4].mask_range.u32);
1004 acl_log("failed to read source address/mask: %s\n",
1005 in[CB_FLD_SRC_ADDR]);
1009 rc = parse_ipv4_net(in[CB_FLD_DST_ADDR],
1010 &v->field[DST_FIELD_IPV4].value.u32,
1011 &v->field[DST_FIELD_IPV4].mask_range.u32);
1013 acl_log("failed to read destination address/mask: %s\n",
1014 in[CB_FLD_DST_ADDR]);
1018 GET_CB_FIELD(in[CB_FLD_SRC_PORT_LOW],
1019 v->field[SRCP_FIELD_IPV4].value.u16,
1021 GET_CB_FIELD(in[CB_FLD_SRC_PORT_HIGH],
1022 v->field[SRCP_FIELD_IPV4].mask_range.u16,
1025 if (strncmp(in[CB_FLD_SRC_PORT_DLM], cb_port_delim,
1026 sizeof(cb_port_delim)) != 0)
1029 GET_CB_FIELD(in[CB_FLD_DST_PORT_LOW],
1030 v->field[DSTP_FIELD_IPV4].value.u16,
1032 GET_CB_FIELD(in[CB_FLD_DST_PORT_HIGH],
1033 v->field[DSTP_FIELD_IPV4].mask_range.u16,
1036 if (strncmp(in[CB_FLD_DST_PORT_DLM], cb_port_delim,
1037 sizeof(cb_port_delim)) != 0)
1040 if (v->field[SRCP_FIELD_IPV4].mask_range.u16
1041 < v->field[SRCP_FIELD_IPV4].value.u16
1042 || v->field[DSTP_FIELD_IPV4].mask_range.u16
1043 < v->field[DSTP_FIELD_IPV4].value.u16)
1046 GET_CB_FIELD(in[CB_FLD_PROTO], v->field[PROTO_FIELD_IPV4].value.u8,
1048 GET_CB_FIELD(in[CB_FLD_PROTO], v->field[PROTO_FIELD_IPV4].mask_range.u8,
1052 GET_CB_FIELD(in[CB_FLD_USERDATA], v->data.userdata, 0,
1059 add_rules(const char *rule_path,
1060 struct rte_acl_rule **proute_base,
1061 unsigned int *proute_num,
1062 struct rte_acl_rule **pacl_base,
1063 unsigned int *pacl_num, uint32_t rule_size,
1064 int (*parser)(char *, struct rte_acl_rule*, int))
1066 uint8_t *acl_rules, *route_rules;
1067 struct rte_acl_rule *next;
1068 unsigned int acl_num = 0, route_num = 0, total_num = 0;
1069 unsigned int acl_cnt = 0, route_cnt = 0;
1070 char buff[LINE_MAX];
1071 FILE *fh = fopen(rule_path, "rb");
1075 rte_exit(EXIT_FAILURE, "%s: Open %s failed\n", __func__,
1078 while ((fgets(buff, LINE_MAX, fh) != NULL)) {
1079 if (buff[0] == ROUTE_LEAD_CHAR)
1081 else if (buff[0] == ACL_LEAD_CHAR)
1086 rte_exit(EXIT_FAILURE, "Not find any route entries in %s!\n",
1089 fseek(fh, 0, SEEK_SET);
1091 acl_rules = (uint8_t *)calloc(acl_num, rule_size);
1093 if (NULL == acl_rules)
1094 rte_exit(EXIT_FAILURE, "%s: failed to malloc memory\n",
1097 route_rules = (uint8_t *)calloc(route_num, rule_size);
1099 if (NULL == route_rules)
1100 rte_exit(EXIT_FAILURE, "%s: failed to malloc memory\n",
1104 while (fgets(buff, LINE_MAX, fh) != NULL) {
1107 if (is_bypass_line(buff))
1113 if (s == ROUTE_LEAD_CHAR)
1114 next = (struct rte_acl_rule *)(route_rules +
1115 route_cnt * rule_size);
1118 else if (s == ACL_LEAD_CHAR)
1119 next = (struct rte_acl_rule *)(acl_rules +
1120 acl_cnt * rule_size);
1124 rte_exit(EXIT_FAILURE,
1125 "%s Line %u: should start with leading "
1127 rule_path, i, ROUTE_LEAD_CHAR, ACL_LEAD_CHAR);
1129 if (parser(buff + 1, next, s == ROUTE_LEAD_CHAR) != 0)
1130 rte_exit(EXIT_FAILURE,
1131 "%s Line %u: parse rules error\n",
1134 if (s == ROUTE_LEAD_CHAR) {
1135 /* Check the forwarding port number */
1136 if ((enabled_port_mask & (1 << next->data.userdata)) ==
1138 rte_exit(EXIT_FAILURE,
1139 "%s Line %u: fwd number illegal:%u\n",
1140 rule_path, i, next->data.userdata);
1141 next->data.userdata += FWD_PORT_SHIFT;
1144 next->data.userdata = ACL_DENY_SIGNATURE + acl_cnt;
1148 next->data.priority = RTE_ACL_MAX_PRIORITY - total_num;
1149 next->data.category_mask = -1;
1155 *pacl_base = (struct rte_acl_rule *)acl_rules;
1156 *pacl_num = acl_num;
1157 *proute_base = (struct rte_acl_rule *)route_rules;
1158 *proute_num = route_cnt;
1164 dump_acl_config(void)
1166 printf("ACL option are:\n");
1167 printf(OPTION_RULE_IPV4": %s\n", parm_config.rule_ipv4_name);
1168 printf(OPTION_RULE_IPV6": %s\n", parm_config.rule_ipv6_name);
1169 printf(OPTION_SCALAR": %d\n", parm_config.scalar);
1173 check_acl_config(void)
1175 if (parm_config.rule_ipv4_name == NULL) {
1176 acl_log("ACL IPv4 rule file not specified\n");
1178 } else if (parm_config.rule_ipv6_name == NULL) {
1179 acl_log("ACL IPv6 rule file not specified\n");
1186 static struct rte_acl_ctx*
1187 setup_acl(struct rte_acl_rule *route_base,
1188 struct rte_acl_rule *acl_base, unsigned int route_num,
1189 unsigned int acl_num, int ipv6, int socketid)
1191 char name[PATH_MAX];
1192 struct rte_acl_param acl_param;
1193 struct rte_acl_config acl_build_param;
1194 struct rte_acl_ctx *context;
1195 int dim = ipv6 ? RTE_DIM(ipv6_defs) : RTE_DIM(ipv4_defs);
1197 /* Create ACL contexts */
1198 snprintf(name, sizeof(name), "%s%d",
1199 ipv6 ? L3FWD_ACL_IPV6_NAME : L3FWD_ACL_IPV4_NAME,
1202 acl_param.name = name;
1203 acl_param.socket_id = socketid;
1204 acl_param.rule_size = RTE_ACL_RULE_SZ(dim);
1205 acl_param.max_rule_num = MAX_ACL_RULE_NUM;
1207 if ((context = rte_acl_create(&acl_param)) == NULL)
1208 rte_exit(EXIT_FAILURE, "Failed to create ACL context\n");
1210 if (parm_config.scalar && rte_acl_set_ctx_classify(context,
1211 RTE_ACL_CLASSIFY_SCALAR) != 0)
1212 rte_exit(EXIT_FAILURE,
1213 "Failed to setup classify method for ACL context\n");
1215 if (rte_acl_add_rules(context, route_base, route_num) < 0)
1216 rte_exit(EXIT_FAILURE, "add rules failed\n");
1218 if (rte_acl_add_rules(context, acl_base, acl_num) < 0)
1219 rte_exit(EXIT_FAILURE, "add rules failed\n");
1221 /* Perform builds */
1222 acl_build_param.num_categories = DEFAULT_MAX_CATEGORIES;
1224 acl_build_param.num_fields = dim;
1225 memcpy(&acl_build_param.defs, ipv6 ? ipv6_defs : ipv4_defs,
1226 ipv6 ? sizeof(ipv6_defs) : sizeof(ipv4_defs));
1228 if (rte_acl_build(context, &acl_build_param) != 0)
1229 rte_exit(EXIT_FAILURE, "Failed to build ACL trie\n");
1231 rte_acl_dump(context);
1242 struct rte_acl_rule *acl_base_ipv4, *route_base_ipv4,
1243 *acl_base_ipv6, *route_base_ipv6;
1244 unsigned int acl_num_ipv4 = 0, route_num_ipv4 = 0,
1245 acl_num_ipv6 = 0, route_num_ipv6 = 0;
1247 if (check_acl_config() != 0)
1248 rte_exit(EXIT_FAILURE, "Failed to get valid ACL options\n");
1252 /* Load rules from the input file */
1253 if (add_rules(parm_config.rule_ipv4_name, &route_base_ipv4,
1254 &route_num_ipv4, &acl_base_ipv4, &acl_num_ipv4,
1255 sizeof(struct acl4_rule), &parse_cb_ipv4vlan_rule) < 0)
1256 rte_exit(EXIT_FAILURE, "Failed to add rules\n");
1258 acl_log("IPv4 Route entries %u:\n", route_num_ipv4);
1259 dump_ipv4_rules((struct acl4_rule *)route_base_ipv4, route_num_ipv4, 1);
1261 acl_log("IPv4 ACL entries %u:\n", acl_num_ipv4);
1262 dump_ipv4_rules((struct acl4_rule *)acl_base_ipv4, acl_num_ipv4, 1);
1264 if (add_rules(parm_config.rule_ipv6_name, &route_base_ipv6,
1266 &acl_base_ipv6, &acl_num_ipv6,
1267 sizeof(struct acl6_rule), &parse_cb_ipv6_rule) < 0)
1268 rte_exit(EXIT_FAILURE, "Failed to add rules\n");
1270 acl_log("IPv6 Route entries %u:\n", route_num_ipv6);
1271 dump_ipv6_rules((struct acl6_rule *)route_base_ipv6, route_num_ipv6, 1);
1273 acl_log("IPv6 ACL entries %u:\n", acl_num_ipv6);
1274 dump_ipv6_rules((struct acl6_rule *)acl_base_ipv6, acl_num_ipv6, 1);
1276 memset(&acl_config, 0, sizeof(acl_config));
1278 /* Check sockets a context should be created on */
1280 acl_config.mapped[0] = 1;
1282 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
1283 if (rte_lcore_is_enabled(lcore_id) == 0)
1286 socketid = rte_lcore_to_socket_id(lcore_id);
1287 if (socketid >= NB_SOCKETS) {
1288 acl_log("Socket %d of lcore %u is out "
1290 socketid, lcore_id, NB_SOCKETS);
1294 acl_config.mapped[socketid] = 1;
1298 for (i = 0; i < NB_SOCKETS; i++) {
1299 if (acl_config.mapped[i]) {
1300 acl_config.acx_ipv4[i] = setup_acl(route_base_ipv4,
1301 acl_base_ipv4, route_num_ipv4, acl_num_ipv4,
1304 acl_config.acx_ipv6[i] = setup_acl(route_base_ipv6,
1305 acl_base_ipv6, route_num_ipv6, acl_num_ipv6,
1310 free(route_base_ipv4);
1311 free(route_base_ipv6);
1313 #ifdef L3FWDACL_DEBUG
1314 acl_config.rule_ipv4 = (struct acl4_rule *)acl_base_ipv4;
1315 acl_config.rule_ipv6 = (struct acl6_rule *)acl_base_ipv6;
1317 free(acl_base_ipv4);
1318 free(acl_base_ipv6);
1324 /***********************end of ACL part******************************/
1327 uint16_t n_rx_queue;
1328 struct lcore_rx_queue rx_queue_list[MAX_RX_QUEUE_PER_LCORE];
1329 uint16_t tx_queue_id[RTE_MAX_ETHPORTS];
1330 struct mbuf_table tx_mbufs[RTE_MAX_ETHPORTS];
1331 } __rte_cache_aligned;
1333 static struct lcore_conf lcore_conf[RTE_MAX_LCORE];
1335 /* Send burst of packets on an output interface */
1337 send_burst(struct lcore_conf *qconf, uint16_t n, uint8_t port)
1339 struct rte_mbuf **m_table;
1343 queueid = qconf->tx_queue_id[port];
1344 m_table = (struct rte_mbuf **)qconf->tx_mbufs[port].m_table;
1346 ret = rte_eth_tx_burst(port, queueid, m_table, n);
1347 if (unlikely(ret < n)) {
1349 rte_pktmbuf_free(m_table[ret]);
1350 } while (++ret < n);
1356 /* Enqueue a single packet, and send burst if queue is filled */
1358 send_single_packet(struct rte_mbuf *m, uint8_t port)
1362 struct lcore_conf *qconf;
1364 lcore_id = rte_lcore_id();
1366 qconf = &lcore_conf[lcore_id];
1367 len = qconf->tx_mbufs[port].len;
1368 qconf->tx_mbufs[port].m_table[len] = m;
1371 /* enough pkts to be sent */
1372 if (unlikely(len == MAX_PKT_BURST)) {
1373 send_burst(qconf, MAX_PKT_BURST, port);
1377 qconf->tx_mbufs[port].len = len;
1381 #ifdef DO_RFC_1812_CHECKS
1383 is_valid_ipv4_pkt(struct ipv4_hdr *pkt, uint32_t link_len)
1385 /* From http://www.rfc-editor.org/rfc/rfc1812.txt section 5.2.2 */
1387 * 1. The packet length reported by the Link Layer must be large
1388 * enough to hold the minimum length legal IP datagram (20 bytes).
1390 if (link_len < sizeof(struct ipv4_hdr))
1393 /* 2. The IP checksum must be correct. */
1394 /* this is checked in H/W */
1397 * 3. The IP version number must be 4. If the version number is not 4
1398 * then the packet may be another version of IP, such as IPng or
1401 if (((pkt->version_ihl) >> 4) != 4)
1404 * 4. The IP header length field must be large enough to hold the
1405 * minimum length legal IP datagram (20 bytes = 5 words).
1407 if ((pkt->version_ihl & 0xf) < 5)
1411 * 5. The IP total length field must be large enough to hold the IP
1412 * datagram header, whose length is specified in the IP header length
1415 if (rte_cpu_to_be_16(pkt->total_length) < sizeof(struct ipv4_hdr))
1422 /* main processing loop */
1424 main_loop(__attribute__((unused)) void *dummy)
1426 struct rte_mbuf *pkts_burst[MAX_PKT_BURST];
1428 uint64_t prev_tsc, diff_tsc, cur_tsc;
1430 uint8_t portid, queueid;
1431 struct lcore_conf *qconf;
1433 const uint64_t drain_tsc = (rte_get_tsc_hz() + US_PER_S - 1)
1434 / US_PER_S * BURST_TX_DRAIN_US;
1437 lcore_id = rte_lcore_id();
1438 qconf = &lcore_conf[lcore_id];
1439 socketid = rte_lcore_to_socket_id(lcore_id);
1441 if (qconf->n_rx_queue == 0) {
1442 RTE_LOG(INFO, L3FWD, "lcore %u has nothing to do\n", lcore_id);
1446 RTE_LOG(INFO, L3FWD, "entering main loop on lcore %u\n", lcore_id);
1448 for (i = 0; i < qconf->n_rx_queue; i++) {
1450 portid = qconf->rx_queue_list[i].port_id;
1451 queueid = qconf->rx_queue_list[i].queue_id;
1452 RTE_LOG(INFO, L3FWD,
1453 " -- lcoreid=%u portid=%hhu rxqueueid=%hhu\n",
1454 lcore_id, portid, queueid);
1459 cur_tsc = rte_rdtsc();
1462 * TX burst queue drain
1464 diff_tsc = cur_tsc - prev_tsc;
1465 if (unlikely(diff_tsc > drain_tsc)) {
1468 * This could be optimized (use queueid instead of
1469 * portid), but it is not called so often
1471 for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++) {
1472 if (qconf->tx_mbufs[portid].len == 0)
1474 send_burst(&lcore_conf[lcore_id],
1475 qconf->tx_mbufs[portid].len,
1477 qconf->tx_mbufs[portid].len = 0;
1484 * Read packet from RX queues
1486 for (i = 0; i < qconf->n_rx_queue; ++i) {
1488 portid = qconf->rx_queue_list[i].port_id;
1489 queueid = qconf->rx_queue_list[i].queue_id;
1490 nb_rx = rte_eth_rx_burst(portid, queueid,
1491 pkts_burst, MAX_PKT_BURST);
1494 struct acl_search_t acl_search;
1496 prepare_acl_parameter(pkts_burst, &acl_search,
1499 if (acl_search.num_ipv4) {
1501 acl_config.acx_ipv4[socketid],
1502 acl_search.data_ipv4,
1503 acl_search.res_ipv4,
1504 acl_search.num_ipv4,
1505 DEFAULT_MAX_CATEGORIES);
1507 send_packets(acl_search.m_ipv4,
1508 acl_search.res_ipv4,
1509 acl_search.num_ipv4);
1512 if (acl_search.num_ipv6) {
1514 acl_config.acx_ipv6[socketid],
1515 acl_search.data_ipv6,
1516 acl_search.res_ipv6,
1517 acl_search.num_ipv6,
1518 DEFAULT_MAX_CATEGORIES);
1520 send_packets(acl_search.m_ipv6,
1521 acl_search.res_ipv6,
1522 acl_search.num_ipv6);
1530 check_lcore_params(void)
1532 uint8_t queue, lcore;
1536 for (i = 0; i < nb_lcore_params; ++i) {
1537 queue = lcore_params[i].queue_id;
1538 if (queue >= MAX_RX_QUEUE_PER_PORT) {
1539 printf("invalid queue number: %hhu\n", queue);
1542 lcore = lcore_params[i].lcore_id;
1543 if (!rte_lcore_is_enabled(lcore)) {
1544 printf("error: lcore %hhu is not enabled in "
1545 "lcore mask\n", lcore);
1548 socketid = rte_lcore_to_socket_id(lcore);
1549 if (socketid != 0 && numa_on == 0) {
1550 printf("warning: lcore %hhu is on socket %d "
1559 check_port_config(const unsigned nb_ports)
1564 for (i = 0; i < nb_lcore_params; ++i) {
1565 portid = lcore_params[i].port_id;
1567 if ((enabled_port_mask & (1 << portid)) == 0) {
1568 printf("port %u is not enabled in port mask\n", portid);
1571 if (portid >= nb_ports) {
1572 printf("port %u is not present on the board\n", portid);
1580 get_port_n_rx_queues(const uint8_t port)
1585 for (i = 0; i < nb_lcore_params; ++i) {
1586 if (lcore_params[i].port_id == port &&
1587 lcore_params[i].queue_id > queue)
1588 queue = lcore_params[i].queue_id;
1590 return (uint8_t)(++queue);
1594 init_lcore_rx_queues(void)
1596 uint16_t i, nb_rx_queue;
1599 for (i = 0; i < nb_lcore_params; ++i) {
1600 lcore = lcore_params[i].lcore_id;
1601 nb_rx_queue = lcore_conf[lcore].n_rx_queue;
1602 if (nb_rx_queue >= MAX_RX_QUEUE_PER_LCORE) {
1603 printf("error: too many queues (%u) for lcore: %u\n",
1604 (unsigned)nb_rx_queue + 1, (unsigned)lcore);
1607 lcore_conf[lcore].rx_queue_list[nb_rx_queue].port_id =
1608 lcore_params[i].port_id;
1609 lcore_conf[lcore].rx_queue_list[nb_rx_queue].queue_id =
1610 lcore_params[i].queue_id;
1611 lcore_conf[lcore].n_rx_queue++;
1619 print_usage(const char *prgname)
1621 printf("%s [EAL options] -- -p PORTMASK -P"
1622 "--"OPTION_RULE_IPV4"=FILE"
1623 "--"OPTION_RULE_IPV6"=FILE"
1624 " [--"OPTION_CONFIG" (port,queue,lcore)[,(port,queue,lcore]]"
1625 " [--"OPTION_ENBJMO" [--max-pkt-len PKTLEN]]\n"
1626 " -p PORTMASK: hexadecimal bitmask of ports to configure\n"
1627 " -P : enable promiscuous mode\n"
1628 " --"OPTION_CONFIG": (port,queue,lcore): "
1629 "rx queues configuration\n"
1630 " --"OPTION_NONUMA": optional, disable numa awareness\n"
1631 " --"OPTION_ENBJMO": enable jumbo frame"
1632 " which max packet len is PKTLEN in decimal (64-9600)\n"
1633 " --"OPTION_RULE_IPV4"=FILE: specify the ipv4 rules entries "
1635 "Each rule occupy one line. "
1636 "2 kinds of rules are supported. "
1637 "One is ACL entry at while line leads with character '%c', "
1638 "another is route entry at while line leads with "
1640 " --"OPTION_RULE_IPV6"=FILE: specify the ipv6 rules "
1642 " --"OPTION_SCALAR": Use scalar function to do lookup\n",
1643 prgname, ACL_LEAD_CHAR, ROUTE_LEAD_CHAR);
1647 parse_max_pkt_len(const char *pktlen)
1652 /* parse decimal string */
1653 len = strtoul(pktlen, &end, 10);
1654 if ((pktlen[0] == '\0') || (end == NULL) || (*end != '\0'))
1664 parse_portmask(const char *portmask)
1669 /* parse hexadecimal string */
1670 pm = strtoul(portmask, &end, 16);
1671 if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
1681 parse_config(const char *q_arg)
1684 const char *p, *p0 = q_arg;
1692 unsigned long int_fld[_NUM_FLD];
1693 char *str_fld[_NUM_FLD];
1697 nb_lcore_params = 0;
1699 while ((p = strchr(p0, '(')) != NULL) {
1701 if ((p0 = strchr(p, ')')) == NULL)
1705 if (size >= sizeof(s))
1708 snprintf(s, sizeof(s), "%.*s", size, p);
1709 if (rte_strsplit(s, sizeof(s), str_fld, _NUM_FLD, ',') !=
1712 for (i = 0; i < _NUM_FLD; i++) {
1714 int_fld[i] = strtoul(str_fld[i], &end, 0);
1715 if (errno != 0 || end == str_fld[i] || int_fld[i] > 255)
1718 if (nb_lcore_params >= MAX_LCORE_PARAMS) {
1719 printf("exceeded max number of lcore params: %hu\n",
1723 lcore_params_array[nb_lcore_params].port_id =
1724 (uint8_t)int_fld[FLD_PORT];
1725 lcore_params_array[nb_lcore_params].queue_id =
1726 (uint8_t)int_fld[FLD_QUEUE];
1727 lcore_params_array[nb_lcore_params].lcore_id =
1728 (uint8_t)int_fld[FLD_LCORE];
1731 lcore_params = lcore_params_array;
1735 /* Parse the argument given in the command line of the application */
1737 parse_args(int argc, char **argv)
1742 char *prgname = argv[0];
1743 static struct option lgopts[] = {
1744 {OPTION_CONFIG, 1, 0, 0},
1745 {OPTION_NONUMA, 0, 0, 0},
1746 {OPTION_ENBJMO, 0, 0, 0},
1747 {OPTION_RULE_IPV4, 1, 0, 0},
1748 {OPTION_RULE_IPV6, 1, 0, 0},
1749 {OPTION_SCALAR, 0, 0, 0},
1755 while ((opt = getopt_long(argc, argvopt, "p:P",
1756 lgopts, &option_index)) != EOF) {
1761 enabled_port_mask = parse_portmask(optarg);
1762 if (enabled_port_mask == 0) {
1763 printf("invalid portmask\n");
1764 print_usage(prgname);
1769 printf("Promiscuous mode selected\n");
1775 if (!strncmp(lgopts[option_index].name,
1777 sizeof(OPTION_CONFIG))) {
1778 ret = parse_config(optarg);
1780 printf("invalid config\n");
1781 print_usage(prgname);
1786 if (!strncmp(lgopts[option_index].name,
1788 sizeof(OPTION_NONUMA))) {
1789 printf("numa is disabled\n");
1793 if (!strncmp(lgopts[option_index].name,
1794 OPTION_ENBJMO, sizeof(OPTION_ENBJMO))) {
1795 struct option lenopts = {
1802 printf("jumbo frame is enabled\n");
1803 port_conf.rxmode.jumbo_frame = 1;
1806 * if no max-pkt-len set, then use the
1807 * default value ETHER_MAX_LEN
1809 if (0 == getopt_long(argc, argvopt, "",
1810 &lenopts, &option_index)) {
1811 ret = parse_max_pkt_len(optarg);
1813 (ret > MAX_JUMBO_PKT_LEN)) {
1814 printf("invalid packet "
1816 print_usage(prgname);
1819 port_conf.rxmode.max_rx_pkt_len = ret;
1821 printf("set jumbo frame max packet length "
1824 port_conf.rxmode.max_rx_pkt_len);
1827 if (!strncmp(lgopts[option_index].name,
1829 sizeof(OPTION_RULE_IPV4)))
1830 parm_config.rule_ipv4_name = optarg;
1832 if (!strncmp(lgopts[option_index].name,
1834 sizeof(OPTION_RULE_IPV6))) {
1835 parm_config.rule_ipv6_name = optarg;
1838 if (!strncmp(lgopts[option_index].name,
1839 OPTION_SCALAR, sizeof(OPTION_SCALAR)))
1840 parm_config.scalar = 1;
1846 print_usage(prgname);
1852 argv[optind-1] = prgname;
1855 optind = 0; /* reset getopt lib */
1860 print_ethaddr(const char *name, const struct ether_addr *eth_addr)
1862 printf("%s%02X:%02X:%02X:%02X:%02X:%02X", name,
1863 eth_addr->addr_bytes[0],
1864 eth_addr->addr_bytes[1],
1865 eth_addr->addr_bytes[2],
1866 eth_addr->addr_bytes[3],
1867 eth_addr->addr_bytes[4],
1868 eth_addr->addr_bytes[5]);
1872 init_mem(unsigned nb_mbuf)
1878 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
1879 if (rte_lcore_is_enabled(lcore_id) == 0)
1883 socketid = rte_lcore_to_socket_id(lcore_id);
1887 if (socketid >= NB_SOCKETS) {
1888 rte_exit(EXIT_FAILURE,
1889 "Socket %d of lcore %u is out of range %d\n",
1890 socketid, lcore_id, NB_SOCKETS);
1892 if (pktmbuf_pool[socketid] == NULL) {
1893 snprintf(s, sizeof(s), "mbuf_pool_%d", socketid);
1894 pktmbuf_pool[socketid] =
1895 rte_mempool_create(s, nb_mbuf, MBUF_SIZE,
1897 sizeof(struct rte_pktmbuf_pool_private),
1898 rte_pktmbuf_pool_init, NULL,
1899 rte_pktmbuf_init, NULL,
1901 if (pktmbuf_pool[socketid] == NULL)
1902 rte_exit(EXIT_FAILURE,
1903 "Cannot init mbuf pool on socket %d\n",
1906 printf("Allocated mbuf pool on socket %d\n",
1913 /* Check the link status of all ports in up to 9s, and print them finally */
1915 check_all_ports_link_status(uint8_t port_num, uint32_t port_mask)
1917 #define CHECK_INTERVAL 100 /* 100ms */
1918 #define MAX_CHECK_TIME 90 /* 9s (90 * 100ms) in total */
1919 uint8_t portid, count, all_ports_up, print_flag = 0;
1920 struct rte_eth_link link;
1922 printf("\nChecking link status");
1924 for (count = 0; count <= MAX_CHECK_TIME; count++) {
1926 for (portid = 0; portid < port_num; portid++) {
1927 if ((port_mask & (1 << portid)) == 0)
1929 memset(&link, 0, sizeof(link));
1930 rte_eth_link_get_nowait(portid, &link);
1931 /* print link status if flag set */
1932 if (print_flag == 1) {
1933 if (link.link_status)
1934 printf("Port %d Link Up - speed %u "
1935 "Mbps - %s\n", (uint8_t)portid,
1936 (unsigned)link.link_speed,
1937 (link.link_duplex == ETH_LINK_FULL_DUPLEX) ?
1938 ("full-duplex") : ("half-duplex\n"));
1940 printf("Port %d Link Down\n",
1944 /* clear all_ports_up flag if any link down */
1945 if (link.link_status == 0) {
1950 /* after finally printing all link status, get out */
1951 if (print_flag == 1)
1954 if (all_ports_up == 0) {
1957 rte_delay_ms(CHECK_INTERVAL);
1960 /* set the print_flag if all ports up or timeout */
1961 if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) {
1969 MAIN(int argc, char **argv)
1971 struct lcore_conf *qconf;
1976 uint32_t n_tx_queue, nb_lcores;
1977 uint8_t portid, nb_rx_queue, queue, socketid;
1980 ret = rte_eal_init(argc, argv);
1982 rte_exit(EXIT_FAILURE, "Invalid EAL parameters\n");
1986 /* parse application arguments (after the EAL ones) */
1987 ret = parse_args(argc, argv);
1989 rte_exit(EXIT_FAILURE, "Invalid L3FWD parameters\n");
1991 if (check_lcore_params() < 0)
1992 rte_exit(EXIT_FAILURE, "check_lcore_params failed\n");
1994 ret = init_lcore_rx_queues();
1996 rte_exit(EXIT_FAILURE, "init_lcore_rx_queues failed\n");
1998 if (rte_eal_pci_probe() < 0)
1999 rte_exit(EXIT_FAILURE, "Cannot probe PCI\n");
2001 nb_ports = rte_eth_dev_count();
2002 if (nb_ports > RTE_MAX_ETHPORTS)
2003 nb_ports = RTE_MAX_ETHPORTS;
2005 if (check_port_config(nb_ports) < 0)
2006 rte_exit(EXIT_FAILURE, "check_port_config failed\n");
2008 /* Add ACL rules and route entries, build trie */
2009 if (app_acl_init() < 0)
2010 rte_exit(EXIT_FAILURE, "app_acl_init failed\n");
2012 nb_lcores = rte_lcore_count();
2014 /* initialize all ports */
2015 for (portid = 0; portid < nb_ports; portid++) {
2016 /* skip ports that are not enabled */
2017 if ((enabled_port_mask & (1 << portid)) == 0) {
2018 printf("\nSkipping disabled port %d\n", portid);
2023 printf("Initializing port %d ... ", portid);
2026 nb_rx_queue = get_port_n_rx_queues(portid);
2027 n_tx_queue = nb_lcores;
2028 if (n_tx_queue > MAX_TX_QUEUE_PER_PORT)
2029 n_tx_queue = MAX_TX_QUEUE_PER_PORT;
2030 printf("Creating queues: nb_rxq=%d nb_txq=%u... ",
2031 nb_rx_queue, (unsigned)n_tx_queue);
2032 ret = rte_eth_dev_configure(portid, nb_rx_queue,
2033 (uint16_t)n_tx_queue, &port_conf);
2035 rte_exit(EXIT_FAILURE,
2036 "Cannot configure device: err=%d, port=%d\n",
2039 rte_eth_macaddr_get(portid, &ports_eth_addr[portid]);
2040 print_ethaddr(" Address:", &ports_eth_addr[portid]);
2044 ret = init_mem(NB_MBUF);
2046 rte_exit(EXIT_FAILURE, "init_mem failed\n");
2048 /* init one TX queue per couple (lcore,port) */
2050 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
2051 if (rte_lcore_is_enabled(lcore_id) == 0)
2055 socketid = (uint8_t)
2056 rte_lcore_to_socket_id(lcore_id);
2060 printf("txq=%u,%d,%d ", lcore_id, queueid, socketid);
2062 ret = rte_eth_tx_queue_setup(portid, queueid, nb_txd,
2063 socketid, &tx_conf);
2065 rte_exit(EXIT_FAILURE,
2066 "rte_eth_tx_queue_setup: err=%d, "
2067 "port=%d\n", ret, portid);
2069 qconf = &lcore_conf[lcore_id];
2070 qconf->tx_queue_id[portid] = queueid;
2076 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
2077 if (rte_lcore_is_enabled(lcore_id) == 0)
2079 qconf = &lcore_conf[lcore_id];
2080 printf("\nInitializing rx queues on lcore %u ... ", lcore_id);
2082 /* init RX queues */
2083 for (queue = 0; queue < qconf->n_rx_queue; ++queue) {
2084 portid = qconf->rx_queue_list[queue].port_id;
2085 queueid = qconf->rx_queue_list[queue].queue_id;
2088 socketid = (uint8_t)
2089 rte_lcore_to_socket_id(lcore_id);
2093 printf("rxq=%d,%d,%d ", portid, queueid, socketid);
2096 ret = rte_eth_rx_queue_setup(portid, queueid, nb_rxd,
2098 pktmbuf_pool[socketid]);
2100 rte_exit(EXIT_FAILURE,
2101 "rte_eth_rx_queue_setup: err=%d,"
2102 "port=%d\n", ret, portid);
2109 for (portid = 0; portid < nb_ports; portid++) {
2110 if ((enabled_port_mask & (1 << portid)) == 0)
2114 ret = rte_eth_dev_start(portid);
2116 rte_exit(EXIT_FAILURE,
2117 "rte_eth_dev_start: err=%d, port=%d\n",
2121 * If enabled, put device in promiscuous mode.
2122 * This allows IO forwarding mode to forward packets
2123 * to itself through 2 cross-connected ports of the
2127 rte_eth_promiscuous_enable(portid);
2130 check_all_ports_link_status((uint8_t)nb_ports, enabled_port_mask);
2132 /* launch per-lcore init on every lcore */
2133 rte_eal_mp_remote_launch(main_loop, NULL, CALL_MASTER);
2134 RTE_LCORE_FOREACH_SLAVE(lcore_id) {
2135 if (rte_eal_wait_lcore(lcore_id) < 0)