1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright 2016 6WIND S.A.
3 * Copyright 2016 Mellanox Technologies, Ltd
11 * RTE generic flow API
13 * This interface provides the ability to program packet matching and
14 * associated actions in hardware through flow rules.
21 #include <rte_common.h>
22 #include <rte_ether.h>
28 #include <rte_byteorder.h>
30 #include <rte_higig.h>
31 #include <rte_ecpri.h>
33 #include <rte_mbuf_dyn.h>
40 * Flow rule attributes.
42 * Priorities are set on a per rule based within groups.
44 * Lower values denote higher priority, the highest priority for a flow rule
45 * is 0, so that a flow that matches for than one rule, the rule with the
46 * lowest priority value will always be matched.
48 * Although optional, applications are encouraged to group similar rules as
49 * much as possible to fully take advantage of hardware capabilities
50 * (e.g. optimized matching) and work around limitations (e.g. a single
51 * pattern type possibly allowed in a given group). Applications should be
52 * aware that groups are not linked by default, and that they must be
53 * explicitly linked by the application using the JUMP action.
55 * Priority levels are arbitrary and up to the application, they
56 * do not need to be contiguous nor start from 0, however the maximum number
57 * varies between devices and may be affected by existing flow rules.
59 * If a packet is matched by several rules of a given group for a given
60 * priority level, the outcome is undefined. It can take any path, may be
61 * duplicated or even cause unrecoverable errors.
63 * Note that support for more than a single group and priority level is not
66 * Flow rules can apply to inbound and/or outbound traffic (ingress/egress).
68 * Several pattern items and actions are valid and can be used in both
69 * directions. Those valid for only one direction are described as such.
71 * At least one direction must be specified.
73 * Specifying both directions at once for a given rule is not recommended
74 * but may be valid in a few cases (e.g. shared counter).
76 struct rte_flow_attr {
77 uint32_t group; /**< Priority group. */
78 uint32_t priority; /**< Rule priority level within group. */
79 uint32_t ingress:1; /**< Rule applies to ingress traffic. */
80 uint32_t egress:1; /**< Rule applies to egress traffic. */
82 * Instead of simply matching the properties of traffic as it would
83 * appear on a given DPDK port ID, enabling this attribute transfers
84 * a flow rule to the lowest possible level of any device endpoints
85 * found in the pattern.
87 * When supported, this effectively enables an application to
88 * re-route traffic not necessarily intended for it (e.g. coming
89 * from or addressed to different physical ports, VFs or
90 * applications) at the device level.
92 * It complements the behavior of some pattern items such as
93 * RTE_FLOW_ITEM_TYPE_PHY_PORT and is meaningless without them.
95 * When transferring flow rules, ingress and egress attributes keep
96 * their original meaning, as if processing traffic emitted or
97 * received by the application.
100 uint32_t reserved:29; /**< Reserved, must be zero. */
104 * Matching pattern item types.
106 * Pattern items fall in two categories:
108 * - Matching protocol headers and packet data, usually associated with a
109 * specification structure. These must be stacked in the same order as the
110 * protocol layers to match inside packets, starting from the lowest.
112 * - Matching meta-data or affecting pattern processing, often without a
113 * specification structure. Since they do not match packet contents, their
114 * position in the list is usually not relevant.
116 * See the description of individual types for more information. Those
117 * marked with [META] fall into the second category.
119 enum rte_flow_item_type {
123 * End marker for item lists. Prevents further processing of items,
124 * thereby ending the pattern.
126 * No associated specification structure.
128 RTE_FLOW_ITEM_TYPE_END,
133 * Used as a placeholder for convenience. It is ignored and simply
136 * No associated specification structure.
138 RTE_FLOW_ITEM_TYPE_VOID,
143 * Inverted matching, i.e. process packets that do not match the
146 * No associated specification structure.
148 RTE_FLOW_ITEM_TYPE_INVERT,
151 * Matches any protocol in place of the current layer, a single ANY
152 * may also stand for several protocol layers.
154 * See struct rte_flow_item_any.
156 RTE_FLOW_ITEM_TYPE_ANY,
161 * Matches traffic originating from (ingress) or going to (egress)
162 * the physical function of the current device.
164 * No associated specification structure.
166 RTE_FLOW_ITEM_TYPE_PF,
171 * Matches traffic originating from (ingress) or going to (egress) a
172 * given virtual function of the current device.
174 * See struct rte_flow_item_vf.
176 RTE_FLOW_ITEM_TYPE_VF,
181 * Matches traffic originating from (ingress) or going to (egress) a
182 * physical port of the underlying device.
184 * See struct rte_flow_item_phy_port.
186 RTE_FLOW_ITEM_TYPE_PHY_PORT,
191 * Matches traffic originating from (ingress) or going to (egress) a
192 * given DPDK port ID.
194 * See struct rte_flow_item_port_id.
196 RTE_FLOW_ITEM_TYPE_PORT_ID,
199 * Matches a byte string of a given length at a given offset.
201 * See struct rte_flow_item_raw.
203 RTE_FLOW_ITEM_TYPE_RAW,
206 * Matches an Ethernet header.
208 * See struct rte_flow_item_eth.
210 RTE_FLOW_ITEM_TYPE_ETH,
213 * Matches an 802.1Q/ad VLAN tag.
215 * See struct rte_flow_item_vlan.
217 RTE_FLOW_ITEM_TYPE_VLAN,
220 * Matches an IPv4 header.
222 * See struct rte_flow_item_ipv4.
224 RTE_FLOW_ITEM_TYPE_IPV4,
227 * Matches an IPv6 header.
229 * See struct rte_flow_item_ipv6.
231 RTE_FLOW_ITEM_TYPE_IPV6,
234 * Matches an ICMP header.
236 * See struct rte_flow_item_icmp.
238 RTE_FLOW_ITEM_TYPE_ICMP,
241 * Matches a UDP header.
243 * See struct rte_flow_item_udp.
245 RTE_FLOW_ITEM_TYPE_UDP,
248 * Matches a TCP header.
250 * See struct rte_flow_item_tcp.
252 RTE_FLOW_ITEM_TYPE_TCP,
255 * Matches a SCTP header.
257 * See struct rte_flow_item_sctp.
259 RTE_FLOW_ITEM_TYPE_SCTP,
262 * Matches a VXLAN header.
264 * See struct rte_flow_item_vxlan.
266 RTE_FLOW_ITEM_TYPE_VXLAN,
269 * Matches a E_TAG header.
271 * See struct rte_flow_item_e_tag.
273 RTE_FLOW_ITEM_TYPE_E_TAG,
276 * Matches a NVGRE header.
278 * See struct rte_flow_item_nvgre.
280 RTE_FLOW_ITEM_TYPE_NVGRE,
283 * Matches a MPLS header.
285 * See struct rte_flow_item_mpls.
287 RTE_FLOW_ITEM_TYPE_MPLS,
290 * Matches a GRE header.
292 * See struct rte_flow_item_gre.
294 RTE_FLOW_ITEM_TYPE_GRE,
299 * Fuzzy pattern match, expect faster than default.
301 * This is for device that support fuzzy matching option.
302 * Usually a fuzzy matching is fast but the cost is accuracy.
304 * See struct rte_flow_item_fuzzy.
306 RTE_FLOW_ITEM_TYPE_FUZZY,
309 * Matches a GTP header.
311 * Configure flow for GTP packets.
313 * See struct rte_flow_item_gtp.
315 RTE_FLOW_ITEM_TYPE_GTP,
318 * Matches a GTP header.
320 * Configure flow for GTP-C packets.
322 * See struct rte_flow_item_gtp.
324 RTE_FLOW_ITEM_TYPE_GTPC,
327 * Matches a GTP header.
329 * Configure flow for GTP-U packets.
331 * See struct rte_flow_item_gtp.
333 RTE_FLOW_ITEM_TYPE_GTPU,
336 * Matches a ESP header.
338 * See struct rte_flow_item_esp.
340 RTE_FLOW_ITEM_TYPE_ESP,
343 * Matches a GENEVE header.
345 * See struct rte_flow_item_geneve.
347 RTE_FLOW_ITEM_TYPE_GENEVE,
350 * Matches a VXLAN-GPE header.
352 * See struct rte_flow_item_vxlan_gpe.
354 RTE_FLOW_ITEM_TYPE_VXLAN_GPE,
357 * Matches an ARP header for Ethernet/IPv4.
359 * See struct rte_flow_item_arp_eth_ipv4.
361 RTE_FLOW_ITEM_TYPE_ARP_ETH_IPV4,
364 * Matches the presence of any IPv6 extension header.
366 * See struct rte_flow_item_ipv6_ext.
368 RTE_FLOW_ITEM_TYPE_IPV6_EXT,
371 * Matches any ICMPv6 header.
373 * See struct rte_flow_item_icmp6.
375 RTE_FLOW_ITEM_TYPE_ICMP6,
378 * Matches an ICMPv6 neighbor discovery solicitation.
380 * See struct rte_flow_item_icmp6_nd_ns.
382 RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS,
385 * Matches an ICMPv6 neighbor discovery advertisement.
387 * See struct rte_flow_item_icmp6_nd_na.
389 RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA,
392 * Matches the presence of any ICMPv6 neighbor discovery option.
394 * See struct rte_flow_item_icmp6_nd_opt.
396 RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT,
399 * Matches an ICMPv6 neighbor discovery source Ethernet link-layer
402 * See struct rte_flow_item_icmp6_nd_opt_sla_eth.
404 RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_SLA_ETH,
407 * Matches an ICMPv6 neighbor discovery target Ethernet link-layer
410 * See struct rte_flow_item_icmp6_nd_opt_tla_eth.
412 RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_TLA_ETH,
415 * Matches specified mark field.
417 * See struct rte_flow_item_mark.
419 RTE_FLOW_ITEM_TYPE_MARK,
424 * Matches a metadata value.
426 * See struct rte_flow_item_meta.
428 RTE_FLOW_ITEM_TYPE_META,
431 * Matches a GRE optional key field.
433 * The value should a big-endian 32bit integer.
435 * When this item present the K bit is implicitly matched as "1"
436 * in the default mask.
439 * @code rte_be32_t * @endcode
441 RTE_FLOW_ITEM_TYPE_GRE_KEY,
444 * Matches a GTP extension header: PDU session container.
446 * Configure flow for GTP packets with extension header type 0x85.
448 * See struct rte_flow_item_gtp_psc.
450 RTE_FLOW_ITEM_TYPE_GTP_PSC,
453 * Matches a PPPoE header.
455 * Configure flow for PPPoE session packets.
457 * See struct rte_flow_item_pppoe.
459 RTE_FLOW_ITEM_TYPE_PPPOES,
462 * Matches a PPPoE header.
464 * Configure flow for PPPoE discovery packets.
466 * See struct rte_flow_item_pppoe.
468 RTE_FLOW_ITEM_TYPE_PPPOED,
471 * Matches a PPPoE optional proto_id field.
473 * It only applies to PPPoE session packets.
475 * See struct rte_flow_item_pppoe_proto_id.
477 RTE_FLOW_ITEM_TYPE_PPPOE_PROTO_ID,
480 * Matches Network service header (NSH).
481 * See struct rte_flow_item_nsh.
484 RTE_FLOW_ITEM_TYPE_NSH,
487 * Matches Internet Group Management Protocol (IGMP).
488 * See struct rte_flow_item_igmp.
491 RTE_FLOW_ITEM_TYPE_IGMP,
494 * Matches IP Authentication Header (AH).
495 * See struct rte_flow_item_ah.
498 RTE_FLOW_ITEM_TYPE_AH,
501 * Matches a HIGIG header.
502 * see struct rte_flow_item_higig2_hdr.
504 RTE_FLOW_ITEM_TYPE_HIGIG2,
509 * Matches a tag value.
511 * See struct rte_flow_item_tag.
513 RTE_FLOW_ITEM_TYPE_TAG,
516 * Matches a L2TPv3 over IP header.
518 * Configure flow for L2TPv3 over IP packets.
520 * See struct rte_flow_item_l2tpv3oip.
522 RTE_FLOW_ITEM_TYPE_L2TPV3OIP,
525 * Matches PFCP Header.
526 * See struct rte_flow_item_pfcp.
529 RTE_FLOW_ITEM_TYPE_PFCP,
532 * Matches eCPRI Header.
534 * Configure flow for eCPRI over ETH or UDP packets.
536 * See struct rte_flow_item_ecpri.
538 RTE_FLOW_ITEM_TYPE_ECPRI,
541 * Matches the presence of IPv6 fragment extension header.
543 * See struct rte_flow_item_ipv6_frag_ext.
545 RTE_FLOW_ITEM_TYPE_IPV6_FRAG_EXT,
548 * Matches Geneve Variable Length Option
550 * See struct rte_flow_item_geneve_opt
552 RTE_FLOW_ITEM_TYPE_GENEVE_OPT,
557 * RTE_FLOW_ITEM_TYPE_HIGIG2
558 * Matches higig2 header
561 struct rte_flow_item_higig2_hdr {
562 struct rte_higig2_hdr hdr;
565 /** Default mask for RTE_FLOW_ITEM_TYPE_HIGIG2. */
567 static const struct rte_flow_item_higig2_hdr rte_flow_item_higig2_hdr_mask = {
570 .classification = 0xffff,
578 * RTE_FLOW_ITEM_TYPE_ANY
580 * Matches any protocol in place of the current layer, a single ANY may also
581 * stand for several protocol layers.
583 * This is usually specified as the first pattern item when looking for a
584 * protocol anywhere in a packet.
586 * A zeroed mask stands for any number of layers.
588 struct rte_flow_item_any {
589 uint32_t num; /**< Number of layers covered. */
592 /** Default mask for RTE_FLOW_ITEM_TYPE_ANY. */
594 static const struct rte_flow_item_any rte_flow_item_any_mask = {
600 * RTE_FLOW_ITEM_TYPE_VF
602 * Matches traffic originating from (ingress) or going to (egress) a given
603 * virtual function of the current device.
605 * If supported, should work even if the virtual function is not managed by
606 * the application and thus not associated with a DPDK port ID.
608 * Note this pattern item does not match VF representors traffic which, as
609 * separate entities, should be addressed through their own DPDK port IDs.
611 * - Can be specified multiple times to match traffic addressed to several
613 * - Can be combined with a PF item to match both PF and VF traffic.
615 * A zeroed mask can be used to match any VF ID.
617 struct rte_flow_item_vf {
618 uint32_t id; /**< VF ID. */
621 /** Default mask for RTE_FLOW_ITEM_TYPE_VF. */
623 static const struct rte_flow_item_vf rte_flow_item_vf_mask = {
629 * RTE_FLOW_ITEM_TYPE_PHY_PORT
631 * Matches traffic originating from (ingress) or going to (egress) a
632 * physical port of the underlying device.
634 * The first PHY_PORT item overrides the physical port normally associated
635 * with the specified DPDK input port (port_id). This item can be provided
636 * several times to match additional physical ports.
638 * Note that physical ports are not necessarily tied to DPDK input ports
639 * (port_id) when those are not under DPDK control. Possible values are
640 * specific to each device, they are not necessarily indexed from zero and
641 * may not be contiguous.
643 * As a device property, the list of allowed values as well as the value
644 * associated with a port_id should be retrieved by other means.
646 * A zeroed mask can be used to match any port index.
648 struct rte_flow_item_phy_port {
649 uint32_t index; /**< Physical port index. */
652 /** Default mask for RTE_FLOW_ITEM_TYPE_PHY_PORT. */
654 static const struct rte_flow_item_phy_port rte_flow_item_phy_port_mask = {
660 * RTE_FLOW_ITEM_TYPE_PORT_ID
662 * Matches traffic originating from (ingress) or going to (egress) a given
665 * Normally only supported if the port ID in question is known by the
666 * underlying PMD and related to the device the flow rule is created
669 * This must not be confused with @p PHY_PORT which refers to the physical
670 * port of a device, whereas @p PORT_ID refers to a struct rte_eth_dev
671 * object on the application side (also known as "port representor"
672 * depending on the kind of underlying device).
674 struct rte_flow_item_port_id {
675 uint32_t id; /**< DPDK port ID. */
678 /** Default mask for RTE_FLOW_ITEM_TYPE_PORT_ID. */
680 static const struct rte_flow_item_port_id rte_flow_item_port_id_mask = {
686 * RTE_FLOW_ITEM_TYPE_RAW
688 * Matches a byte string of a given length at a given offset.
690 * Offset is either absolute (using the start of the packet) or relative to
691 * the end of the previous matched item in the stack, in which case negative
692 * values are allowed.
694 * If search is enabled, offset is used as the starting point. The search
695 * area can be delimited by setting limit to a nonzero value, which is the
696 * maximum number of bytes after offset where the pattern may start.
698 * Matching a zero-length pattern is allowed, doing so resets the relative
699 * offset for subsequent items.
701 * This type does not support ranges (struct rte_flow_item.last).
703 struct rte_flow_item_raw {
704 uint32_t relative:1; /**< Look for pattern after the previous item. */
705 uint32_t search:1; /**< Search pattern from offset (see also limit). */
706 uint32_t reserved:30; /**< Reserved, must be set to zero. */
707 int32_t offset; /**< Absolute or relative offset for pattern. */
708 uint16_t limit; /**< Search area limit for start of pattern. */
709 uint16_t length; /**< Pattern length. */
710 const uint8_t *pattern; /**< Byte string to look for. */
713 /** Default mask for RTE_FLOW_ITEM_TYPE_RAW. */
715 static const struct rte_flow_item_raw rte_flow_item_raw_mask = {
718 .reserved = 0x3fffffff,
719 .offset = 0xffffffff,
727 * RTE_FLOW_ITEM_TYPE_ETH
729 * Matches an Ethernet header.
731 * The @p type field either stands for "EtherType" or "TPID" when followed
732 * by so-called layer 2.5 pattern items such as RTE_FLOW_ITEM_TYPE_VLAN. In
733 * the latter case, @p type refers to that of the outer header, with the
734 * inner EtherType/TPID provided by the subsequent pattern item. This is the
735 * same order as on the wire.
736 * If the @p type field contains a TPID value, then only tagged packets with the
737 * specified TPID will match the pattern.
738 * The field @p has_vlan can be used to match any type of tagged packets,
739 * instead of using the @p type field.
740 * If the @p type and @p has_vlan fields are not specified, then both tagged
741 * and untagged packets will match the pattern.
743 struct rte_flow_item_eth {
744 struct rte_ether_addr dst; /**< Destination MAC. */
745 struct rte_ether_addr src; /**< Source MAC. */
746 rte_be16_t type; /**< EtherType or TPID. */
747 uint32_t has_vlan:1; /**< Packet header contains at least one VLAN. */
748 uint32_t reserved:31; /**< Reserved, must be zero. */
751 /** Default mask for RTE_FLOW_ITEM_TYPE_ETH. */
753 static const struct rte_flow_item_eth rte_flow_item_eth_mask = {
754 .dst.addr_bytes = "\xff\xff\xff\xff\xff\xff",
755 .src.addr_bytes = "\xff\xff\xff\xff\xff\xff",
756 .type = RTE_BE16(0x0000),
761 * RTE_FLOW_ITEM_TYPE_VLAN
763 * Matches an 802.1Q/ad VLAN tag.
765 * The corresponding standard outer EtherType (TPID) values are
766 * RTE_ETHER_TYPE_VLAN or RTE_ETHER_TYPE_QINQ. It can be overridden by
767 * the preceding pattern item.
768 * If a @p VLAN item is present in the pattern, then only tagged packets will
770 * The field @p has_more_vlan can be used to match any type of tagged packets,
771 * instead of using the @p inner_type field.
772 * If the @p inner_type and @p has_more_vlan fields are not specified,
773 * then any tagged packets will match the pattern.
775 struct rte_flow_item_vlan {
776 rte_be16_t tci; /**< Tag control information. */
777 rte_be16_t inner_type; /**< Inner EtherType or TPID. */
778 uint32_t has_more_vlan:1;
779 /**< Packet header contains at least one more VLAN, after this VLAN. */
780 uint32_t reserved:31; /**< Reserved, must be zero. */
783 /** Default mask for RTE_FLOW_ITEM_TYPE_VLAN. */
785 static const struct rte_flow_item_vlan rte_flow_item_vlan_mask = {
786 .tci = RTE_BE16(0x0fff),
787 .inner_type = RTE_BE16(0x0000),
792 * RTE_FLOW_ITEM_TYPE_IPV4
794 * Matches an IPv4 header.
796 * Note: IPv4 options are handled by dedicated pattern items.
798 struct rte_flow_item_ipv4 {
799 struct rte_ipv4_hdr hdr; /**< IPv4 header definition. */
802 /** Default mask for RTE_FLOW_ITEM_TYPE_IPV4. */
804 static const struct rte_flow_item_ipv4 rte_flow_item_ipv4_mask = {
806 .src_addr = RTE_BE32(0xffffffff),
807 .dst_addr = RTE_BE32(0xffffffff),
813 * RTE_FLOW_ITEM_TYPE_IPV6.
815 * Matches an IPv6 header.
817 * Dedicated flags indicate if header contains specific extension headers.
819 struct rte_flow_item_ipv6 {
820 struct rte_ipv6_hdr hdr; /**< IPv6 header definition. */
821 uint32_t has_hop_ext:1;
822 /**< Header contains Hop-by-Hop Options extension header. */
823 uint32_t has_route_ext:1;
824 /**< Header contains Routing extension header. */
825 uint32_t has_frag_ext:1;
826 /**< Header contains Fragment extension header. */
827 uint32_t has_auth_ext:1;
828 /**< Header contains Authentication extension header. */
829 uint32_t has_esp_ext:1;
830 /**< Header contains Encapsulation Security Payload extension header. */
831 uint32_t has_dest_ext:1;
832 /**< Header contains Destination Options extension header. */
833 uint32_t has_mobil_ext:1;
834 /**< Header contains Mobility extension header. */
835 uint32_t has_hip_ext:1;
836 /**< Header contains Host Identity Protocol extension header. */
837 uint32_t has_shim6_ext:1;
838 /**< Header contains Shim6 Protocol extension header. */
839 uint32_t reserved:23;
840 /**< Reserved for future extension headers, must be zero. */
843 /** Default mask for RTE_FLOW_ITEM_TYPE_IPV6. */
845 static const struct rte_flow_item_ipv6 rte_flow_item_ipv6_mask = {
848 "\xff\xff\xff\xff\xff\xff\xff\xff"
849 "\xff\xff\xff\xff\xff\xff\xff\xff",
851 "\xff\xff\xff\xff\xff\xff\xff\xff"
852 "\xff\xff\xff\xff\xff\xff\xff\xff",
858 * RTE_FLOW_ITEM_TYPE_ICMP.
860 * Matches an ICMP header.
862 struct rte_flow_item_icmp {
863 struct rte_icmp_hdr hdr; /**< ICMP header definition. */
866 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP. */
868 static const struct rte_flow_item_icmp rte_flow_item_icmp_mask = {
877 * RTE_FLOW_ITEM_TYPE_UDP.
879 * Matches a UDP header.
881 struct rte_flow_item_udp {
882 struct rte_udp_hdr hdr; /**< UDP header definition. */
885 /** Default mask for RTE_FLOW_ITEM_TYPE_UDP. */
887 static const struct rte_flow_item_udp rte_flow_item_udp_mask = {
889 .src_port = RTE_BE16(0xffff),
890 .dst_port = RTE_BE16(0xffff),
896 * RTE_FLOW_ITEM_TYPE_TCP.
898 * Matches a TCP header.
900 struct rte_flow_item_tcp {
901 struct rte_tcp_hdr hdr; /**< TCP header definition. */
904 /** Default mask for RTE_FLOW_ITEM_TYPE_TCP. */
906 static const struct rte_flow_item_tcp rte_flow_item_tcp_mask = {
908 .src_port = RTE_BE16(0xffff),
909 .dst_port = RTE_BE16(0xffff),
915 * RTE_FLOW_ITEM_TYPE_SCTP.
917 * Matches a SCTP header.
919 struct rte_flow_item_sctp {
920 struct rte_sctp_hdr hdr; /**< SCTP header definition. */
923 /** Default mask for RTE_FLOW_ITEM_TYPE_SCTP. */
925 static const struct rte_flow_item_sctp rte_flow_item_sctp_mask = {
927 .src_port = RTE_BE16(0xffff),
928 .dst_port = RTE_BE16(0xffff),
934 * RTE_FLOW_ITEM_TYPE_VXLAN.
936 * Matches a VXLAN header (RFC 7348).
938 struct rte_flow_item_vxlan {
939 uint8_t flags; /**< Normally 0x08 (I flag). */
940 uint8_t rsvd0[3]; /**< Reserved, normally 0x000000. */
941 uint8_t vni[3]; /**< VXLAN identifier. */
942 uint8_t rsvd1; /**< Reserved, normally 0x00. */
945 /** Default mask for RTE_FLOW_ITEM_TYPE_VXLAN. */
947 static const struct rte_flow_item_vxlan rte_flow_item_vxlan_mask = {
948 .vni = "\xff\xff\xff",
953 * RTE_FLOW_ITEM_TYPE_E_TAG.
955 * Matches a E-tag header.
957 * The corresponding standard outer EtherType (TPID) value is
958 * RTE_ETHER_TYPE_ETAG. It can be overridden by the preceding pattern item.
960 struct rte_flow_item_e_tag {
962 * E-Tag control information (E-TCI).
963 * E-PCP (3b), E-DEI (1b), ingress E-CID base (12b).
965 rte_be16_t epcp_edei_in_ecid_b;
966 /** Reserved (2b), GRP (2b), E-CID base (12b). */
967 rte_be16_t rsvd_grp_ecid_b;
968 uint8_t in_ecid_e; /**< Ingress E-CID ext. */
969 uint8_t ecid_e; /**< E-CID ext. */
970 rte_be16_t inner_type; /**< Inner EtherType or TPID. */
973 /** Default mask for RTE_FLOW_ITEM_TYPE_E_TAG. */
975 static const struct rte_flow_item_e_tag rte_flow_item_e_tag_mask = {
976 .rsvd_grp_ecid_b = RTE_BE16(0x3fff),
981 * RTE_FLOW_ITEM_TYPE_NVGRE.
983 * Matches a NVGRE header.
985 struct rte_flow_item_nvgre {
987 * Checksum (1b), undefined (1b), key bit (1b), sequence number (1b),
988 * reserved 0 (9b), version (3b).
990 * c_k_s_rsvd0_ver must have value 0x2000 according to RFC 7637.
992 rte_be16_t c_k_s_rsvd0_ver;
993 rte_be16_t protocol; /**< Protocol type (0x6558). */
994 uint8_t tni[3]; /**< Virtual subnet ID. */
995 uint8_t flow_id; /**< Flow ID. */
998 /** Default mask for RTE_FLOW_ITEM_TYPE_NVGRE. */
1000 static const struct rte_flow_item_nvgre rte_flow_item_nvgre_mask = {
1001 .tni = "\xff\xff\xff",
1006 * RTE_FLOW_ITEM_TYPE_MPLS.
1008 * Matches a MPLS header.
1010 struct rte_flow_item_mpls {
1012 * Label (20b), TC (3b), Bottom of Stack (1b).
1014 uint8_t label_tc_s[3];
1015 uint8_t ttl; /** Time-to-Live. */
1018 /** Default mask for RTE_FLOW_ITEM_TYPE_MPLS. */
1020 static const struct rte_flow_item_mpls rte_flow_item_mpls_mask = {
1021 .label_tc_s = "\xff\xff\xf0",
1026 * RTE_FLOW_ITEM_TYPE_GRE.
1028 * Matches a GRE header.
1030 struct rte_flow_item_gre {
1032 * Checksum (1b), reserved 0 (12b), version (3b).
1033 * Refer to RFC 2784.
1035 rte_be16_t c_rsvd0_ver;
1036 rte_be16_t protocol; /**< Protocol type. */
1039 /** Default mask for RTE_FLOW_ITEM_TYPE_GRE. */
1041 static const struct rte_flow_item_gre rte_flow_item_gre_mask = {
1042 .protocol = RTE_BE16(0xffff),
1047 * RTE_FLOW_ITEM_TYPE_FUZZY
1049 * Fuzzy pattern match, expect faster than default.
1051 * This is for device that support fuzzy match option.
1052 * Usually a fuzzy match is fast but the cost is accuracy.
1053 * i.e. Signature Match only match pattern's hash value, but it is
1054 * possible two different patterns have the same hash value.
1056 * Matching accuracy level can be configure by threshold.
1057 * Driver can divide the range of threshold and map to different
1058 * accuracy levels that device support.
1060 * Threshold 0 means perfect match (no fuzziness), while threshold
1061 * 0xffffffff means fuzziest match.
1063 struct rte_flow_item_fuzzy {
1064 uint32_t thresh; /**< Accuracy threshold. */
1067 /** Default mask for RTE_FLOW_ITEM_TYPE_FUZZY. */
1069 static const struct rte_flow_item_fuzzy rte_flow_item_fuzzy_mask = {
1070 .thresh = 0xffffffff,
1075 * RTE_FLOW_ITEM_TYPE_GTP.
1077 * Matches a GTPv1 header.
1079 struct rte_flow_item_gtp {
1081 * Version (3b), protocol type (1b), reserved (1b),
1082 * Extension header flag (1b),
1083 * Sequence number flag (1b),
1084 * N-PDU number flag (1b).
1086 uint8_t v_pt_rsv_flags;
1087 uint8_t msg_type; /**< Message type. */
1088 rte_be16_t msg_len; /**< Message length. */
1089 rte_be32_t teid; /**< Tunnel endpoint identifier. */
1092 /** Default mask for RTE_FLOW_ITEM_TYPE_GTP. */
1094 static const struct rte_flow_item_gtp rte_flow_item_gtp_mask = {
1095 .teid = RTE_BE32(0xffffffff),
1100 * RTE_FLOW_ITEM_TYPE_ESP
1102 * Matches an ESP header.
1104 struct rte_flow_item_esp {
1105 struct rte_esp_hdr hdr; /**< ESP header definition. */
1108 /** Default mask for RTE_FLOW_ITEM_TYPE_ESP. */
1110 static const struct rte_flow_item_esp rte_flow_item_esp_mask = {
1112 .spi = RTE_BE32(0xffffffff),
1118 * RTE_FLOW_ITEM_TYPE_GENEVE.
1120 * Matches a GENEVE header.
1122 struct rte_flow_item_geneve {
1124 * Version (2b), length of the options fields (6b), OAM packet (1b),
1125 * critical options present (1b), reserved 0 (6b).
1127 rte_be16_t ver_opt_len_o_c_rsvd0;
1128 rte_be16_t protocol; /**< Protocol type. */
1129 uint8_t vni[3]; /**< Virtual Network Identifier. */
1130 uint8_t rsvd1; /**< Reserved, normally 0x00. */
1133 /** Default mask for RTE_FLOW_ITEM_TYPE_GENEVE. */
1135 static const struct rte_flow_item_geneve rte_flow_item_geneve_mask = {
1136 .vni = "\xff\xff\xff",
1141 * RTE_FLOW_ITEM_TYPE_VXLAN_GPE (draft-ietf-nvo3-vxlan-gpe-05).
1143 * Matches a VXLAN-GPE header.
1145 struct rte_flow_item_vxlan_gpe {
1146 uint8_t flags; /**< Normally 0x0c (I and P flags). */
1147 uint8_t rsvd0[2]; /**< Reserved, normally 0x0000. */
1148 uint8_t protocol; /**< Protocol type. */
1149 uint8_t vni[3]; /**< VXLAN identifier. */
1150 uint8_t rsvd1; /**< Reserved, normally 0x00. */
1153 /** Default mask for RTE_FLOW_ITEM_TYPE_VXLAN_GPE. */
1155 static const struct rte_flow_item_vxlan_gpe rte_flow_item_vxlan_gpe_mask = {
1156 .vni = "\xff\xff\xff",
1161 * RTE_FLOW_ITEM_TYPE_ARP_ETH_IPV4
1163 * Matches an ARP header for Ethernet/IPv4.
1165 struct rte_flow_item_arp_eth_ipv4 {
1166 rte_be16_t hrd; /**< Hardware type, normally 1. */
1167 rte_be16_t pro; /**< Protocol type, normally 0x0800. */
1168 uint8_t hln; /**< Hardware address length, normally 6. */
1169 uint8_t pln; /**< Protocol address length, normally 4. */
1170 rte_be16_t op; /**< Opcode (1 for request, 2 for reply). */
1171 struct rte_ether_addr sha; /**< Sender hardware address. */
1172 rte_be32_t spa; /**< Sender IPv4 address. */
1173 struct rte_ether_addr tha; /**< Target hardware address. */
1174 rte_be32_t tpa; /**< Target IPv4 address. */
1177 /** Default mask for RTE_FLOW_ITEM_TYPE_ARP_ETH_IPV4. */
1179 static const struct rte_flow_item_arp_eth_ipv4
1180 rte_flow_item_arp_eth_ipv4_mask = {
1181 .sha.addr_bytes = "\xff\xff\xff\xff\xff\xff",
1182 .spa = RTE_BE32(0xffffffff),
1183 .tha.addr_bytes = "\xff\xff\xff\xff\xff\xff",
1184 .tpa = RTE_BE32(0xffffffff),
1189 * RTE_FLOW_ITEM_TYPE_IPV6_EXT
1191 * Matches the presence of any IPv6 extension header.
1193 * Normally preceded by any of:
1195 * - RTE_FLOW_ITEM_TYPE_IPV6
1196 * - RTE_FLOW_ITEM_TYPE_IPV6_EXT
1198 struct rte_flow_item_ipv6_ext {
1199 uint8_t next_hdr; /**< Next header. */
1202 /** Default mask for RTE_FLOW_ITEM_TYPE_IPV6_EXT. */
1205 struct rte_flow_item_ipv6_ext rte_flow_item_ipv6_ext_mask = {
1211 * RTE_FLOW_ITEM_TYPE_IPV6_FRAG_EXT
1213 * Matches the presence of IPv6 fragment extension header.
1215 * Preceded by any of:
1217 * - RTE_FLOW_ITEM_TYPE_IPV6
1218 * - RTE_FLOW_ITEM_TYPE_IPV6_EXT
1220 struct rte_flow_item_ipv6_frag_ext {
1221 struct rte_ipv6_fragment_ext hdr;
1225 * RTE_FLOW_ITEM_TYPE_ICMP6
1227 * Matches any ICMPv6 header.
1229 struct rte_flow_item_icmp6 {
1230 uint8_t type; /**< ICMPv6 type. */
1231 uint8_t code; /**< ICMPv6 code. */
1232 uint16_t checksum; /**< ICMPv6 checksum. */
1235 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6. */
1237 static const struct rte_flow_item_icmp6 rte_flow_item_icmp6_mask = {
1244 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS
1246 * Matches an ICMPv6 neighbor discovery solicitation.
1248 struct rte_flow_item_icmp6_nd_ns {
1249 uint8_t type; /**< ICMPv6 type, normally 135. */
1250 uint8_t code; /**< ICMPv6 code, normally 0. */
1251 rte_be16_t checksum; /**< ICMPv6 checksum. */
1252 rte_be32_t reserved; /**< Reserved, normally 0. */
1253 uint8_t target_addr[16]; /**< Target address. */
1256 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS. */
1259 struct rte_flow_item_icmp6_nd_ns rte_flow_item_icmp6_nd_ns_mask = {
1261 "\xff\xff\xff\xff\xff\xff\xff\xff"
1262 "\xff\xff\xff\xff\xff\xff\xff\xff",
1267 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA
1269 * Matches an ICMPv6 neighbor discovery advertisement.
1271 struct rte_flow_item_icmp6_nd_na {
1272 uint8_t type; /**< ICMPv6 type, normally 136. */
1273 uint8_t code; /**< ICMPv6 code, normally 0. */
1274 rte_be16_t checksum; /**< ICMPv6 checksum. */
1276 * Route flag (1b), solicited flag (1b), override flag (1b),
1279 rte_be32_t rso_reserved;
1280 uint8_t target_addr[16]; /**< Target address. */
1283 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA. */
1286 struct rte_flow_item_icmp6_nd_na rte_flow_item_icmp6_nd_na_mask = {
1288 "\xff\xff\xff\xff\xff\xff\xff\xff"
1289 "\xff\xff\xff\xff\xff\xff\xff\xff",
1294 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT
1296 * Matches the presence of any ICMPv6 neighbor discovery option.
1298 * Normally preceded by any of:
1300 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA
1301 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS
1302 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT
1304 struct rte_flow_item_icmp6_nd_opt {
1305 uint8_t type; /**< ND option type. */
1306 uint8_t length; /**< ND option length. */
1309 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT. */
1311 static const struct rte_flow_item_icmp6_nd_opt
1312 rte_flow_item_icmp6_nd_opt_mask = {
1318 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_SLA_ETH
1320 * Matches an ICMPv6 neighbor discovery source Ethernet link-layer address
1323 * Normally preceded by any of:
1325 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA
1326 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT
1328 struct rte_flow_item_icmp6_nd_opt_sla_eth {
1329 uint8_t type; /**< ND option type, normally 1. */
1330 uint8_t length; /**< ND option length, normally 1. */
1331 struct rte_ether_addr sla; /**< Source Ethernet LLA. */
1334 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_SLA_ETH. */
1336 static const struct rte_flow_item_icmp6_nd_opt_sla_eth
1337 rte_flow_item_icmp6_nd_opt_sla_eth_mask = {
1338 .sla.addr_bytes = "\xff\xff\xff\xff\xff\xff",
1343 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_TLA_ETH
1345 * Matches an ICMPv6 neighbor discovery target Ethernet link-layer address
1348 * Normally preceded by any of:
1350 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS
1351 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT
1353 struct rte_flow_item_icmp6_nd_opt_tla_eth {
1354 uint8_t type; /**< ND option type, normally 2. */
1355 uint8_t length; /**< ND option length, normally 1. */
1356 struct rte_ether_addr tla; /**< Target Ethernet LLA. */
1359 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_TLA_ETH. */
1361 static const struct rte_flow_item_icmp6_nd_opt_tla_eth
1362 rte_flow_item_icmp6_nd_opt_tla_eth_mask = {
1363 .tla.addr_bytes = "\xff\xff\xff\xff\xff\xff",
1368 * RTE_FLOW_ITEM_TYPE_META
1370 * Matches a specified metadata value. On egress, metadata can be set
1371 * either by mbuf dynamic metadata field with PKT_TX_DYNF_METADATA flag or
1372 * RTE_FLOW_ACTION_TYPE_SET_META. On ingress, RTE_FLOW_ACTION_TYPE_SET_META
1373 * sets metadata for a packet and the metadata will be reported via mbuf
1374 * metadata dynamic field with PKT_RX_DYNF_METADATA flag. The dynamic mbuf
1375 * field must be registered in advance by rte_flow_dynf_metadata_register().
1377 struct rte_flow_item_meta {
1381 /** Default mask for RTE_FLOW_ITEM_TYPE_META. */
1383 static const struct rte_flow_item_meta rte_flow_item_meta_mask = {
1389 * RTE_FLOW_ITEM_TYPE_GTP_PSC.
1391 * Matches a GTP PDU extension header with type 0x85.
1393 struct rte_flow_item_gtp_psc {
1394 uint8_t pdu_type; /**< PDU type. */
1395 uint8_t qfi; /**< QoS flow identifier. */
1398 /** Default mask for RTE_FLOW_ITEM_TYPE_GTP_PSC. */
1400 static const struct rte_flow_item_gtp_psc
1401 rte_flow_item_gtp_psc_mask = {
1407 * RTE_FLOW_ITEM_TYPE_PPPOE.
1409 * Matches a PPPoE header.
1411 struct rte_flow_item_pppoe {
1413 * Version (4b), type (4b).
1415 uint8_t version_type;
1416 uint8_t code; /**< Message type. */
1417 rte_be16_t session_id; /**< Session identifier. */
1418 rte_be16_t length; /**< Payload length. */
1422 * RTE_FLOW_ITEM_TYPE_PPPOE_PROTO_ID.
1424 * Matches a PPPoE optional proto_id field.
1426 * It only applies to PPPoE session packets.
1428 * Normally preceded by any of:
1430 * - RTE_FLOW_ITEM_TYPE_PPPOE
1431 * - RTE_FLOW_ITEM_TYPE_PPPOE_PROTO_ID
1433 struct rte_flow_item_pppoe_proto_id {
1434 rte_be16_t proto_id; /**< PPP protocol identifier. */
1437 /** Default mask for RTE_FLOW_ITEM_TYPE_PPPOE_PROTO_ID. */
1439 static const struct rte_flow_item_pppoe_proto_id
1440 rte_flow_item_pppoe_proto_id_mask = {
1441 .proto_id = RTE_BE16(0xffff),
1447 * @b EXPERIMENTAL: this structure may change without prior notice
1449 * RTE_FLOW_ITEM_TYPE_TAG
1451 * Matches a specified tag value at the specified index.
1453 struct rte_flow_item_tag {
1458 /** Default mask for RTE_FLOW_ITEM_TYPE_TAG. */
1460 static const struct rte_flow_item_tag rte_flow_item_tag_mask = {
1467 * RTE_FLOW_ITEM_TYPE_L2TPV3OIP.
1469 * Matches a L2TPv3 over IP header.
1471 struct rte_flow_item_l2tpv3oip {
1472 rte_be32_t session_id; /**< Session ID. */
1475 /** Default mask for RTE_FLOW_ITEM_TYPE_L2TPV3OIP. */
1477 static const struct rte_flow_item_l2tpv3oip rte_flow_item_l2tpv3oip_mask = {
1478 .session_id = RTE_BE32(UINT32_MAX),
1485 * @b EXPERIMENTAL: this structure may change without prior notice
1487 * RTE_FLOW_ITEM_TYPE_MARK
1489 * Matches an arbitrary integer value which was set using the ``MARK`` action
1490 * in a previously matched rule.
1492 * This item can only be specified once as a match criteria as the ``MARK``
1493 * action can only be specified once in a flow action.
1495 * This value is arbitrary and application-defined. Maximum allowed value
1496 * depends on the underlying implementation.
1498 * Depending on the underlying implementation the MARK item may be supported on
1499 * the physical device, with virtual groups in the PMD or not at all.
1501 struct rte_flow_item_mark {
1502 uint32_t id; /**< Integer value to match against. */
1505 /** Default mask for RTE_FLOW_ITEM_TYPE_MARK. */
1507 static const struct rte_flow_item_mark rte_flow_item_mark_mask = {
1514 * @b EXPERIMENTAL: this structure may change without prior notice
1516 * RTE_FLOW_ITEM_TYPE_NSH
1518 * Match network service header (NSH), RFC 8300
1521 struct rte_flow_item_nsh {
1524 uint32_t reserved:1;
1527 uint32_t reserved1:4;
1529 uint32_t next_proto:8;
1534 /** Default mask for RTE_FLOW_ITEM_TYPE_NSH. */
1536 static const struct rte_flow_item_nsh rte_flow_item_nsh_mask = {
1546 * @b EXPERIMENTAL: this structure may change without prior notice
1548 * RTE_FLOW_ITEM_TYPE_IGMP
1550 * Match Internet Group Management Protocol (IGMP), RFC 2236
1553 struct rte_flow_item_igmp {
1555 uint32_t max_resp_time:8;
1556 uint32_t checksum:16;
1557 uint32_t group_addr;
1560 /** Default mask for RTE_FLOW_ITEM_TYPE_IGMP. */
1562 static const struct rte_flow_item_igmp rte_flow_item_igmp_mask = {
1563 .group_addr = 0xffffffff,
1569 * @b EXPERIMENTAL: this structure may change without prior notice
1571 * RTE_FLOW_ITEM_TYPE_AH
1573 * Match IP Authentication Header (AH), RFC 4302
1576 struct rte_flow_item_ah {
1577 uint32_t next_hdr:8;
1578 uint32_t payload_len:8;
1579 uint32_t reserved:16;
1584 /** Default mask for RTE_FLOW_ITEM_TYPE_AH. */
1586 static const struct rte_flow_item_ah rte_flow_item_ah_mask = {
1593 * @b EXPERIMENTAL: this structure may change without prior notice
1595 * RTE_FLOW_ITEM_TYPE_PFCP
1599 struct rte_flow_item_pfcp {
1606 /** Default mask for RTE_FLOW_ITEM_TYPE_PFCP. */
1608 static const struct rte_flow_item_pfcp rte_flow_item_pfcp_mask = {
1610 .seid = RTE_BE64(UINT64_C(0xffffffffffffffff)),
1616 * @b EXPERIMENTAL: this structure may change without prior notice
1618 * RTE_FLOW_ITEM_TYPE_ECPRI
1620 * Match eCPRI Header
1622 struct rte_flow_item_ecpri {
1623 struct rte_ecpri_combined_msg_hdr hdr;
1626 /** Default mask for RTE_FLOW_ITEM_TYPE_ECPRI. */
1628 static const struct rte_flow_item_ecpri rte_flow_item_ecpri_mask = {
1638 * RTE_FLOW_ITEM_TYPE_GENEVE_OPT
1640 * Matches a GENEVE Variable Length Option
1642 struct rte_flow_item_geneve_opt {
1643 rte_be16_t option_class;
1644 uint8_t option_type;
1649 /** Default mask for RTE_FLOW_ITEM_TYPE_GENEVE_OPT. */
1651 static const struct rte_flow_item_geneve_opt
1652 rte_flow_item_geneve_opt_mask = {
1653 .option_type = 0xff,
1658 * Matching pattern item definition.
1660 * A pattern is formed by stacking items starting from the lowest protocol
1661 * layer to match. This stacking restriction does not apply to meta items
1662 * which can be placed anywhere in the stack without affecting the meaning
1663 * of the resulting pattern.
1665 * Patterns are terminated by END items.
1667 * The spec field should be a valid pointer to a structure of the related
1668 * item type. It may remain unspecified (NULL) in many cases to request
1669 * broad (nonspecific) matching. In such cases, last and mask must also be
1672 * Optionally, last can point to a structure of the same type to define an
1673 * inclusive range. This is mostly supported by integer and address fields,
1674 * may cause errors otherwise. Fields that do not support ranges must be set
1675 * to 0 or to the same value as the corresponding fields in spec.
1677 * Only the fields defined to nonzero values in the default masks (see
1678 * rte_flow_item_{name}_mask constants) are considered relevant by
1679 * default. This can be overridden by providing a mask structure of the
1680 * same type with applicable bits set to one. It can also be used to
1681 * partially filter out specific fields (e.g. as an alternate mean to match
1682 * ranges of IP addresses).
1684 * Mask is a simple bit-mask applied before interpreting the contents of
1685 * spec and last, which may yield unexpected results if not used
1686 * carefully. For example, if for an IPv4 address field, spec provides
1687 * 10.1.2.3, last provides 10.3.4.5 and mask provides 255.255.0.0, the
1688 * effective range becomes 10.1.0.0 to 10.3.255.255.
1690 struct rte_flow_item {
1691 enum rte_flow_item_type type; /**< Item type. */
1692 const void *spec; /**< Pointer to item specification structure. */
1693 const void *last; /**< Defines an inclusive range (spec to last). */
1694 const void *mask; /**< Bit-mask applied to spec and last. */
1700 * Each possible action is represented by a type.
1701 * An action can have an associated configuration object.
1702 * Several actions combined in a list can be assigned
1703 * to a flow rule and are performed in order.
1705 * They fall in three categories:
1707 * - Actions that modify the fate of matching traffic, for instance by
1708 * dropping or assigning it a specific destination.
1710 * - Actions that modify matching traffic contents or its properties. This
1711 * includes adding/removing encapsulation, encryption, compression and
1714 * - Actions related to the flow rule itself, such as updating counters or
1715 * making it non-terminating.
1717 * Flow rules being terminating by default, not specifying any action of the
1718 * fate kind results in undefined behavior. This applies to both ingress and
1721 * PASSTHRU, when supported, makes a flow rule non-terminating.
1723 enum rte_flow_action_type {
1725 * End marker for action lists. Prevents further processing of
1726 * actions, thereby ending the list.
1728 * No associated configuration structure.
1730 RTE_FLOW_ACTION_TYPE_END,
1733 * Used as a placeholder for convenience. It is ignored and simply
1734 * discarded by PMDs.
1736 * No associated configuration structure.
1738 RTE_FLOW_ACTION_TYPE_VOID,
1741 * Leaves traffic up for additional processing by subsequent flow
1742 * rules; makes a flow rule non-terminating.
1744 * No associated configuration structure.
1746 RTE_FLOW_ACTION_TYPE_PASSTHRU,
1749 * RTE_FLOW_ACTION_TYPE_JUMP
1751 * Redirects packets to a group on the current device.
1753 * See struct rte_flow_action_jump.
1755 RTE_FLOW_ACTION_TYPE_JUMP,
1758 * Attaches an integer value to packets and sets PKT_RX_FDIR and
1759 * PKT_RX_FDIR_ID mbuf flags.
1761 * See struct rte_flow_action_mark.
1763 RTE_FLOW_ACTION_TYPE_MARK,
1766 * Flags packets. Similar to MARK without a specific value; only
1767 * sets the PKT_RX_FDIR mbuf flag.
1769 * No associated configuration structure.
1771 RTE_FLOW_ACTION_TYPE_FLAG,
1774 * Assigns packets to a given queue index.
1776 * See struct rte_flow_action_queue.
1778 RTE_FLOW_ACTION_TYPE_QUEUE,
1783 * PASSTHRU overrides this action if both are specified.
1785 * No associated configuration structure.
1787 RTE_FLOW_ACTION_TYPE_DROP,
1790 * Enables counters for this flow rule.
1792 * These counters can be retrieved and reset through rte_flow_query() or
1793 * rte_flow_shared_action_query() if the action provided via handle,
1794 * see struct rte_flow_query_count.
1796 * See struct rte_flow_action_count.
1798 RTE_FLOW_ACTION_TYPE_COUNT,
1801 * Similar to QUEUE, except RSS is additionally performed on packets
1802 * to spread them among several queues according to the provided
1805 * See struct rte_flow_action_rss.
1807 RTE_FLOW_ACTION_TYPE_RSS,
1810 * Directs matching traffic to the physical function (PF) of the
1813 * No associated configuration structure.
1815 RTE_FLOW_ACTION_TYPE_PF,
1818 * Directs matching traffic to a given virtual function of the
1821 * See struct rte_flow_action_vf.
1823 RTE_FLOW_ACTION_TYPE_VF,
1826 * Directs packets to a given physical port index of the underlying
1829 * See struct rte_flow_action_phy_port.
1831 RTE_FLOW_ACTION_TYPE_PHY_PORT,
1834 * Directs matching traffic to a given DPDK port ID.
1836 * See struct rte_flow_action_port_id.
1838 RTE_FLOW_ACTION_TYPE_PORT_ID,
1841 * Traffic metering and policing (MTR).
1843 * See struct rte_flow_action_meter.
1844 * See file rte_mtr.h for MTR object configuration.
1846 RTE_FLOW_ACTION_TYPE_METER,
1849 * Redirects packets to security engine of current device for security
1850 * processing as specified by security session.
1852 * See struct rte_flow_action_security.
1854 RTE_FLOW_ACTION_TYPE_SECURITY,
1857 * Implements OFPAT_SET_MPLS_TTL ("MPLS TTL") as defined by the
1858 * OpenFlow Switch Specification.
1860 * See struct rte_flow_action_of_set_mpls_ttl.
1862 RTE_FLOW_ACTION_TYPE_OF_SET_MPLS_TTL,
1865 * Implements OFPAT_DEC_MPLS_TTL ("decrement MPLS TTL") as defined
1866 * by the OpenFlow Switch Specification.
1868 * No associated configuration structure.
1870 RTE_FLOW_ACTION_TYPE_OF_DEC_MPLS_TTL,
1873 * Implements OFPAT_SET_NW_TTL ("IP TTL") as defined by the OpenFlow
1874 * Switch Specification.
1876 * See struct rte_flow_action_of_set_nw_ttl.
1878 RTE_FLOW_ACTION_TYPE_OF_SET_NW_TTL,
1881 * Implements OFPAT_DEC_NW_TTL ("decrement IP TTL") as defined by
1882 * the OpenFlow Switch Specification.
1884 * No associated configuration structure.
1886 RTE_FLOW_ACTION_TYPE_OF_DEC_NW_TTL,
1889 * Implements OFPAT_COPY_TTL_OUT ("copy TTL "outwards" -- from
1890 * next-to-outermost to outermost") as defined by the OpenFlow
1891 * Switch Specification.
1893 * No associated configuration structure.
1895 RTE_FLOW_ACTION_TYPE_OF_COPY_TTL_OUT,
1898 * Implements OFPAT_COPY_TTL_IN ("copy TTL "inwards" -- from
1899 * outermost to next-to-outermost") as defined by the OpenFlow
1900 * Switch Specification.
1902 * No associated configuration structure.
1904 RTE_FLOW_ACTION_TYPE_OF_COPY_TTL_IN,
1907 * Implements OFPAT_POP_VLAN ("pop the outer VLAN tag") as defined
1908 * by the OpenFlow Switch Specification.
1910 * No associated configuration structure.
1912 RTE_FLOW_ACTION_TYPE_OF_POP_VLAN,
1915 * Implements OFPAT_PUSH_VLAN ("push a new VLAN tag") as defined by
1916 * the OpenFlow Switch Specification.
1918 * See struct rte_flow_action_of_push_vlan.
1920 RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN,
1923 * Implements OFPAT_SET_VLAN_VID ("set the 802.1q VLAN id") as
1924 * defined by the OpenFlow Switch Specification.
1926 * See struct rte_flow_action_of_set_vlan_vid.
1928 RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID,
1931 * Implements OFPAT_SET_LAN_PCP ("set the 802.1q priority") as
1932 * defined by the OpenFlow Switch Specification.
1934 * See struct rte_flow_action_of_set_vlan_pcp.
1936 RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP,
1939 * Implements OFPAT_POP_MPLS ("pop the outer MPLS tag") as defined
1940 * by the OpenFlow Switch Specification.
1942 * See struct rte_flow_action_of_pop_mpls.
1944 RTE_FLOW_ACTION_TYPE_OF_POP_MPLS,
1947 * Implements OFPAT_PUSH_MPLS ("push a new MPLS tag") as defined by
1948 * the OpenFlow Switch Specification.
1950 * See struct rte_flow_action_of_push_mpls.
1952 RTE_FLOW_ACTION_TYPE_OF_PUSH_MPLS,
1955 * Encapsulate flow in VXLAN tunnel as defined in
1956 * rte_flow_action_vxlan_encap action structure.
1958 * See struct rte_flow_action_vxlan_encap.
1960 RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP,
1963 * Decapsulate outer most VXLAN tunnel from matched flow.
1965 * If flow pattern does not define a valid VXLAN tunnel (as specified by
1966 * RFC7348) then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION
1969 RTE_FLOW_ACTION_TYPE_VXLAN_DECAP,
1972 * Encapsulate flow in NVGRE tunnel defined in the
1973 * rte_flow_action_nvgre_encap action structure.
1975 * See struct rte_flow_action_nvgre_encap.
1977 RTE_FLOW_ACTION_TYPE_NVGRE_ENCAP,
1980 * Decapsulate outer most NVGRE tunnel from matched flow.
1982 * If flow pattern does not define a valid NVGRE tunnel (as specified by
1983 * RFC7637) then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION
1986 RTE_FLOW_ACTION_TYPE_NVGRE_DECAP,
1989 * Add outer header whose template is provided in its data buffer
1991 * See struct rte_flow_action_raw_encap.
1993 RTE_FLOW_ACTION_TYPE_RAW_ENCAP,
1996 * Remove outer header whose template is provided in its data buffer.
1998 * See struct rte_flow_action_raw_decap
2000 RTE_FLOW_ACTION_TYPE_RAW_DECAP,
2003 * Modify IPv4 source address in the outermost IPv4 header.
2005 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_IPV4,
2006 * then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION error.
2008 * See struct rte_flow_action_set_ipv4.
2010 RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC,
2013 * Modify IPv4 destination address in the outermost IPv4 header.
2015 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_IPV4,
2016 * then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION error.
2018 * See struct rte_flow_action_set_ipv4.
2020 RTE_FLOW_ACTION_TYPE_SET_IPV4_DST,
2023 * Modify IPv6 source address in the outermost IPv6 header.
2025 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_IPV6,
2026 * then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION error.
2028 * See struct rte_flow_action_set_ipv6.
2030 RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC,
2033 * Modify IPv6 destination address in the outermost IPv6 header.
2035 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_IPV6,
2036 * then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION error.
2038 * See struct rte_flow_action_set_ipv6.
2040 RTE_FLOW_ACTION_TYPE_SET_IPV6_DST,
2043 * Modify source port number in the outermost TCP/UDP header.
2045 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_TCP
2046 * or RTE_FLOW_ITEM_TYPE_UDP, then the PMD should return a
2047 * RTE_FLOW_ERROR_TYPE_ACTION error.
2049 * See struct rte_flow_action_set_tp.
2051 RTE_FLOW_ACTION_TYPE_SET_TP_SRC,
2054 * Modify destination port number in the outermost TCP/UDP header.
2056 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_TCP
2057 * or RTE_FLOW_ITEM_TYPE_UDP, then the PMD should return a
2058 * RTE_FLOW_ERROR_TYPE_ACTION error.
2060 * See struct rte_flow_action_set_tp.
2062 RTE_FLOW_ACTION_TYPE_SET_TP_DST,
2065 * Swap the source and destination MAC addresses in the outermost
2068 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_ETH,
2069 * then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION error.
2071 * No associated configuration structure.
2073 RTE_FLOW_ACTION_TYPE_MAC_SWAP,
2076 * Decrease TTL value directly
2078 * No associated configuration structure.
2080 RTE_FLOW_ACTION_TYPE_DEC_TTL,
2085 * See struct rte_flow_action_set_ttl
2087 RTE_FLOW_ACTION_TYPE_SET_TTL,
2090 * Set source MAC address from matched flow.
2092 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_ETH,
2093 * the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION error.
2095 * See struct rte_flow_action_set_mac.
2097 RTE_FLOW_ACTION_TYPE_SET_MAC_SRC,
2100 * Set destination MAC address from matched flow.
2102 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_ETH,
2103 * the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION error.
2105 * See struct rte_flow_action_set_mac.
2107 RTE_FLOW_ACTION_TYPE_SET_MAC_DST,
2110 * Increase sequence number in the outermost TCP header.
2112 * Action configuration specifies the value to increase
2113 * TCP sequence number as a big-endian 32 bit integer.
2116 * @code rte_be32_t * @endcode
2118 * Using this action on non-matching traffic will result in
2119 * undefined behavior.
2121 RTE_FLOW_ACTION_TYPE_INC_TCP_SEQ,
2124 * Decrease sequence number in the outermost TCP header.
2126 * Action configuration specifies the value to decrease
2127 * TCP sequence number as a big-endian 32 bit integer.
2130 * @code rte_be32_t * @endcode
2132 * Using this action on non-matching traffic will result in
2133 * undefined behavior.
2135 RTE_FLOW_ACTION_TYPE_DEC_TCP_SEQ,
2138 * Increase acknowledgment number in the outermost TCP header.
2140 * Action configuration specifies the value to increase
2141 * TCP acknowledgment number as a big-endian 32 bit integer.
2144 * @code rte_be32_t * @endcode
2146 * Using this action on non-matching traffic will result in
2147 * undefined behavior.
2149 RTE_FLOW_ACTION_TYPE_INC_TCP_ACK,
2152 * Decrease acknowledgment number in the outermost TCP header.
2154 * Action configuration specifies the value to decrease
2155 * TCP acknowledgment number as a big-endian 32 bit integer.
2158 * @code rte_be32_t * @endcode
2160 * Using this action on non-matching traffic will result in
2161 * undefined behavior.
2163 RTE_FLOW_ACTION_TYPE_DEC_TCP_ACK,
2168 * Tag is for internal flow usage only and
2169 * is not delivered to the application.
2171 * See struct rte_flow_action_set_tag.
2173 RTE_FLOW_ACTION_TYPE_SET_TAG,
2176 * Set metadata on ingress or egress path.
2178 * See struct rte_flow_action_set_meta.
2180 RTE_FLOW_ACTION_TYPE_SET_META,
2183 * Modify IPv4 DSCP in the outermost IP header.
2185 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_IPV4,
2186 * then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION error.
2188 * See struct rte_flow_action_set_dscp.
2190 RTE_FLOW_ACTION_TYPE_SET_IPV4_DSCP,
2193 * Modify IPv6 DSCP in the outermost IP header.
2195 * If flow pattern does not define a valid RTE_FLOW_ITEM_TYPE_IPV6,
2196 * then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION error.
2198 * See struct rte_flow_action_set_dscp.
2200 RTE_FLOW_ACTION_TYPE_SET_IPV6_DSCP,
2203 * Report as aged flow if timeout passed without any matching on the
2206 * See struct rte_flow_action_age.
2207 * See function rte_flow_get_aged_flows
2208 * see enum RTE_ETH_EVENT_FLOW_AGED
2209 * See struct rte_flow_query_age
2211 RTE_FLOW_ACTION_TYPE_AGE,
2214 * The matching packets will be duplicated with specified ratio and
2215 * applied with own set of actions with a fate action.
2217 * See struct rte_flow_action_sample.
2219 RTE_FLOW_ACTION_TYPE_SAMPLE,
2222 * Describe action shared across multiple flow rules.
2224 * Allow multiple rules reference the same action by handle (see
2225 * struct rte_flow_shared_action).
2227 RTE_FLOW_ACTION_TYPE_SHARED,
2230 * Modify a packet header field, tag, mark or metadata.
2232 * Allow the modification of an arbitrary header field via
2233 * set, add and sub operations or copying its content into
2234 * tag, meta or mark for future processing.
2236 * See struct rte_flow_action_modify_field.
2238 RTE_FLOW_ACTION_TYPE_MODIFY_FIELD,
2242 * RTE_FLOW_ACTION_TYPE_MARK
2244 * Attaches an integer value to packets and sets PKT_RX_FDIR and
2245 * PKT_RX_FDIR_ID mbuf flags.
2247 * This value is arbitrary and application-defined. Maximum allowed value
2248 * depends on the underlying implementation. It is returned in the
2249 * hash.fdir.hi mbuf field.
2251 struct rte_flow_action_mark {
2252 uint32_t id; /**< Integer value to return with packets. */
2257 * @b EXPERIMENTAL: this structure may change without prior notice
2259 * RTE_FLOW_ACTION_TYPE_JUMP
2261 * Redirects packets to a group on the current device.
2263 * In a hierarchy of groups, which can be used to represent physical or logical
2264 * flow tables on the device, this action allows the action to be a redirect to
2265 * a group on that device.
2267 struct rte_flow_action_jump {
2272 * RTE_FLOW_ACTION_TYPE_QUEUE
2274 * Assign packets to a given queue index.
2276 struct rte_flow_action_queue {
2277 uint16_t index; /**< Queue index to use. */
2282 * @b EXPERIMENTAL: this structure may change without prior notice
2284 * RTE_FLOW_ACTION_TYPE_AGE
2286 * Report flow as aged-out if timeout passed without any matching
2287 * on the flow. RTE_ETH_EVENT_FLOW_AGED event is triggered when a
2288 * port detects new aged-out flows.
2290 * The flow context and the flow handle will be reported by the
2291 * rte_flow_get_aged_flows API.
2293 struct rte_flow_action_age {
2294 uint32_t timeout:24; /**< Time in seconds. */
2295 uint32_t reserved:8; /**< Reserved, must be zero. */
2297 /**< The user flow context, NULL means the rte_flow pointer. */
2301 * RTE_FLOW_ACTION_TYPE_AGE (query)
2303 * Query structure to retrieve the aging status information of a
2304 * shared AGE action, or a flow rule using the AGE action.
2306 struct rte_flow_query_age {
2307 uint32_t reserved:6; /**< Reserved, must be zero. */
2308 uint32_t aged:1; /**< 1 if aging timeout expired, 0 otherwise. */
2309 uint32_t sec_since_last_hit_valid:1;
2310 /**< sec_since_last_hit value is valid. */
2311 uint32_t sec_since_last_hit:24; /**< Seconds since last traffic hit. */
2316 * @b EXPERIMENTAL: this structure may change without prior notice
2318 * RTE_FLOW_ACTION_TYPE_COUNT
2320 * Adds a counter action to a matched flow.
2322 * If more than one count action is specified in a single flow rule, then each
2323 * action must specify a unique id.
2325 * Counters can be retrieved and reset through ``rte_flow_query()``, see
2326 * ``struct rte_flow_query_count``.
2328 * @deprecated Shared attribute is deprecated, use generic
2329 * RTE_FLOW_ACTION_TYPE_SHARED action.
2331 * The shared flag indicates whether the counter is unique to the flow rule the
2332 * action is specified with, or whether it is a shared counter.
2334 * For a count action with the shared flag set, then then a global device
2335 * namespace is assumed for the counter id, so that any matched flow rules using
2336 * a count action with the same counter id on the same port will contribute to
2339 * For ports within the same switch domain then the counter id namespace extends
2340 * to all ports within that switch domain.
2342 struct rte_flow_action_count {
2343 /** @deprecated Share counter ID with other flow rules. */
2345 uint32_t reserved:31; /**< Reserved, must be zero. */
2346 uint32_t id; /**< Counter ID. */
2350 * RTE_FLOW_ACTION_TYPE_COUNT (query)
2352 * Query structure to retrieve and reset flow rule counters.
2354 struct rte_flow_query_count {
2355 uint32_t reset:1; /**< Reset counters after query [in]. */
2356 uint32_t hits_set:1; /**< hits field is set [out]. */
2357 uint32_t bytes_set:1; /**< bytes field is set [out]. */
2358 uint32_t reserved:29; /**< Reserved, must be zero [in, out]. */
2359 uint64_t hits; /**< Number of hits for this rule [out]. */
2360 uint64_t bytes; /**< Number of bytes through this rule [out]. */
2364 * Hash function types.
2366 enum rte_eth_hash_function {
2367 RTE_ETH_HASH_FUNCTION_DEFAULT = 0,
2368 RTE_ETH_HASH_FUNCTION_TOEPLITZ, /**< Toeplitz */
2369 RTE_ETH_HASH_FUNCTION_SIMPLE_XOR, /**< Simple XOR */
2371 * Symmetric Toeplitz: src, dst will be replaced by
2372 * xor(src, dst). For the case with src/dst only,
2373 * src or dst address will xor with zero pair.
2375 RTE_ETH_HASH_FUNCTION_SYMMETRIC_TOEPLITZ,
2376 RTE_ETH_HASH_FUNCTION_MAX,
2380 * RTE_FLOW_ACTION_TYPE_RSS
2382 * Similar to QUEUE, except RSS is additionally performed on packets to
2383 * spread them among several queues according to the provided parameters.
2385 * Unlike global RSS settings used by other DPDK APIs, unsetting the
2386 * @p types field does not disable RSS in a flow rule. Doing so instead
2387 * requests safe unspecified "best-effort" settings from the underlying PMD,
2388 * which depending on the flow rule, may result in anything ranging from
2389 * empty (single queue) to all-inclusive RSS.
2391 * Note: RSS hash result is stored in the hash.rss mbuf field which overlaps
2392 * hash.fdir.lo. Since the MARK action sets the hash.fdir.hi field only,
2393 * both can be requested simultaneously.
2395 struct rte_flow_action_rss {
2396 enum rte_eth_hash_function func; /**< RSS hash function to apply. */
2398 * Packet encapsulation level RSS hash @p types apply to.
2400 * - @p 0 requests the default behavior. Depending on the packet
2401 * type, it can mean outermost, innermost, anything in between or
2404 * It basically stands for the innermost encapsulation level RSS
2405 * can be performed on according to PMD and device capabilities.
2407 * - @p 1 requests RSS to be performed on the outermost packet
2408 * encapsulation level.
2410 * - @p 2 and subsequent values request RSS to be performed on the
2411 * specified inner packet encapsulation level, from outermost to
2412 * innermost (lower to higher values).
2414 * Values other than @p 0 are not necessarily supported.
2416 * Requesting a specific RSS level on unrecognized traffic results
2417 * in undefined behavior. For predictable results, it is recommended
2418 * to make the flow rule pattern match packet headers up to the
2419 * requested encapsulation level so that only matching traffic goes
2423 uint64_t types; /**< Specific RSS hash types (see ETH_RSS_*). */
2424 uint32_t key_len; /**< Hash key length in bytes. */
2425 uint32_t queue_num; /**< Number of entries in @p queue. */
2426 const uint8_t *key; /**< Hash key. */
2427 const uint16_t *queue; /**< Queue indices to use. */
2431 * RTE_FLOW_ACTION_TYPE_VF
2433 * Directs matching traffic to a given virtual function of the current
2436 * Packets matched by a VF pattern item can be redirected to their original
2437 * VF ID instead of the specified one. This parameter may not be available
2438 * and is not guaranteed to work properly if the VF part is matched by a
2439 * prior flow rule or if packets are not addressed to a VF in the first
2442 struct rte_flow_action_vf {
2443 uint32_t original:1; /**< Use original VF ID if possible. */
2444 uint32_t reserved:31; /**< Reserved, must be zero. */
2445 uint32_t id; /**< VF ID. */
2449 * RTE_FLOW_ACTION_TYPE_PHY_PORT
2451 * Directs packets to a given physical port index of the underlying
2454 * @see RTE_FLOW_ITEM_TYPE_PHY_PORT
2456 struct rte_flow_action_phy_port {
2457 uint32_t original:1; /**< Use original port index if possible. */
2458 uint32_t reserved:31; /**< Reserved, must be zero. */
2459 uint32_t index; /**< Physical port index. */
2463 * RTE_FLOW_ACTION_TYPE_PORT_ID
2465 * Directs matching traffic to a given DPDK port ID.
2467 * @see RTE_FLOW_ITEM_TYPE_PORT_ID
2469 struct rte_flow_action_port_id {
2470 uint32_t original:1; /**< Use original DPDK port ID if possible. */
2471 uint32_t reserved:31; /**< Reserved, must be zero. */
2472 uint32_t id; /**< DPDK port ID. */
2476 * RTE_FLOW_ACTION_TYPE_METER
2478 * Traffic metering and policing (MTR).
2480 * Packets matched by items of this type can be either dropped or passed to the
2481 * next item with their color set by the MTR object.
2483 struct rte_flow_action_meter {
2484 uint32_t mtr_id; /**< MTR object ID created with rte_mtr_create(). */
2488 * RTE_FLOW_ACTION_TYPE_SECURITY
2490 * Perform the security action on flows matched by the pattern items
2491 * according to the configuration of the security session.
2493 * This action modifies the payload of matched flows. For INLINE_CRYPTO, the
2494 * security protocol headers and IV are fully provided by the application as
2495 * specified in the flow pattern. The payload of matching packets is
2496 * encrypted on egress, and decrypted and authenticated on ingress.
2497 * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW,
2498 * providing full encapsulation and decapsulation of packets in security
2499 * protocols. The flow pattern specifies both the outer security header fields
2500 * and the inner packet fields. The security session specified in the action
2501 * must match the pattern parameters.
2503 * The security session specified in the action must be created on the same
2504 * port as the flow action that is being specified.
2506 * The ingress/egress flow attribute should match that specified in the
2507 * security session if the security session supports the definition of the
2510 * Multiple flows can be configured to use the same security session.
2512 * The NULL value is allowed for security session. If security session is NULL,
2513 * then SPI field in ESP flow item and IP addresses in flow items 'IPv4' and
2514 * 'IPv6' will be allowed to be a range. The rule thus created can enable
2515 * security processing on multiple flows.
2517 struct rte_flow_action_security {
2518 void *security_session; /**< Pointer to security session structure. */
2522 * RTE_FLOW_ACTION_TYPE_OF_SET_MPLS_TTL
2524 * Implements OFPAT_SET_MPLS_TTL ("MPLS TTL") as defined by the OpenFlow
2525 * Switch Specification.
2527 struct rte_flow_action_of_set_mpls_ttl {
2528 uint8_t mpls_ttl; /**< MPLS TTL. */
2532 * RTE_FLOW_ACTION_TYPE_OF_SET_NW_TTL
2534 * Implements OFPAT_SET_NW_TTL ("IP TTL") as defined by the OpenFlow Switch
2537 struct rte_flow_action_of_set_nw_ttl {
2538 uint8_t nw_ttl; /**< IP TTL. */
2542 * RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN
2544 * Implements OFPAT_PUSH_VLAN ("push a new VLAN tag") as defined by the
2545 * OpenFlow Switch Specification.
2547 struct rte_flow_action_of_push_vlan {
2548 rte_be16_t ethertype; /**< EtherType. */
2552 * RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID
2554 * Implements OFPAT_SET_VLAN_VID ("set the 802.1q VLAN id") as defined by
2555 * the OpenFlow Switch Specification.
2557 struct rte_flow_action_of_set_vlan_vid {
2558 rte_be16_t vlan_vid; /**< VLAN id. */
2562 * RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP
2564 * Implements OFPAT_SET_LAN_PCP ("set the 802.1q priority") as defined by
2565 * the OpenFlow Switch Specification.
2567 struct rte_flow_action_of_set_vlan_pcp {
2568 uint8_t vlan_pcp; /**< VLAN priority. */
2572 * RTE_FLOW_ACTION_TYPE_OF_POP_MPLS
2574 * Implements OFPAT_POP_MPLS ("pop the outer MPLS tag") as defined by the
2575 * OpenFlow Switch Specification.
2577 struct rte_flow_action_of_pop_mpls {
2578 rte_be16_t ethertype; /**< EtherType. */
2582 * RTE_FLOW_ACTION_TYPE_OF_PUSH_MPLS
2584 * Implements OFPAT_PUSH_MPLS ("push a new MPLS tag") as defined by the
2585 * OpenFlow Switch Specification.
2587 struct rte_flow_action_of_push_mpls {
2588 rte_be16_t ethertype; /**< EtherType. */
2593 * @b EXPERIMENTAL: this structure may change without prior notice
2595 * RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP
2597 * VXLAN tunnel end-point encapsulation data definition
2599 * The tunnel definition is provided through the flow item pattern, the
2600 * provided pattern must conform to RFC7348 for the tunnel specified. The flow
2601 * definition must be provided in order from the RTE_FLOW_ITEM_TYPE_ETH
2602 * definition up the end item which is specified by RTE_FLOW_ITEM_TYPE_END.
2604 * The mask field allows user to specify which fields in the flow item
2605 * definitions can be ignored and which have valid data and can be used
2608 * Note: the last field is not used in the definition of a tunnel and can be
2611 * Valid flow definition for RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP include:
2613 * - ETH / IPV4 / UDP / VXLAN / END
2614 * - ETH / IPV6 / UDP / VXLAN / END
2615 * - ETH / VLAN / IPV4 / UDP / VXLAN / END
2618 struct rte_flow_action_vxlan_encap {
2620 * Encapsulating vxlan tunnel definition
2621 * (terminated by the END pattern item).
2623 struct rte_flow_item *definition;
2628 * @b EXPERIMENTAL: this structure may change without prior notice
2630 * RTE_FLOW_ACTION_TYPE_NVGRE_ENCAP
2632 * NVGRE tunnel end-point encapsulation data definition
2634 * The tunnel definition is provided through the flow item pattern the
2635 * provided pattern must conform with RFC7637. The flow definition must be
2636 * provided in order from the RTE_FLOW_ITEM_TYPE_ETH definition up the end item
2637 * which is specified by RTE_FLOW_ITEM_TYPE_END.
2639 * The mask field allows user to specify which fields in the flow item
2640 * definitions can be ignored and which have valid data and can be used
2643 * Note: the last field is not used in the definition of a tunnel and can be
2646 * Valid flow definition for RTE_FLOW_ACTION_TYPE_NVGRE_ENCAP include:
2648 * - ETH / IPV4 / NVGRE / END
2649 * - ETH / VLAN / IPV6 / NVGRE / END
2652 struct rte_flow_action_nvgre_encap {
2654 * Encapsulating vxlan tunnel definition
2655 * (terminated by the END pattern item).
2657 struct rte_flow_item *definition;
2662 * @b EXPERIMENTAL: this structure may change without prior notice
2664 * RTE_FLOW_ACTION_TYPE_RAW_ENCAP
2666 * Raw tunnel end-point encapsulation data definition.
2668 * The data holds the headers definitions to be applied on the packet.
2669 * The data must start with ETH header up to the tunnel item header itself.
2670 * When used right after RAW_DECAP (for decapsulating L3 tunnel type for
2671 * example MPLSoGRE) the data will just hold layer 2 header.
2673 * The preserve parameter holds which bits in the packet the PMD is not allowed
2674 * to change, this parameter can also be NULL and then the PMD is allowed
2675 * to update any field.
2677 * size holds the number of bytes in @p data and @p preserve.
2679 struct rte_flow_action_raw_encap {
2680 uint8_t *data; /**< Encapsulation data. */
2681 uint8_t *preserve; /**< Bit-mask of @p data to preserve on output. */
2682 size_t size; /**< Size of @p data and @p preserve. */
2687 * @b EXPERIMENTAL: this structure may change without prior notice
2689 * RTE_FLOW_ACTION_TYPE_RAW_DECAP
2691 * Raw tunnel end-point decapsulation data definition.
2693 * The data holds the headers definitions to be removed from the packet.
2694 * The data must start with ETH header up to the tunnel item header itself.
2695 * When used right before RAW_DECAP (for encapsulating L3 tunnel type for
2696 * example MPLSoGRE) the data will just hold layer 2 header.
2698 * size holds the number of bytes in @p data.
2700 struct rte_flow_action_raw_decap {
2701 uint8_t *data; /**< Encapsulation data. */
2702 size_t size; /**< Size of @p data and @p preserve. */
2707 * @b EXPERIMENTAL: this structure may change without prior notice
2709 * RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC
2710 * RTE_FLOW_ACTION_TYPE_SET_IPV4_DST
2712 * Allows modification of IPv4 source (RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC)
2713 * and destination address (RTE_FLOW_ACTION_TYPE_SET_IPV4_DST) in the
2714 * specified outermost IPv4 header.
2716 struct rte_flow_action_set_ipv4 {
2717 rte_be32_t ipv4_addr;
2722 * @b EXPERIMENTAL: this structure may change without prior notice
2724 * RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC
2725 * RTE_FLOW_ACTION_TYPE_SET_IPV6_DST
2727 * Allows modification of IPv6 source (RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC)
2728 * and destination address (RTE_FLOW_ACTION_TYPE_SET_IPV6_DST) in the
2729 * specified outermost IPv6 header.
2731 struct rte_flow_action_set_ipv6 {
2732 uint8_t ipv6_addr[16];
2737 * @b EXPERIMENTAL: this structure may change without prior notice
2739 * RTE_FLOW_ACTION_TYPE_SET_TP_SRC
2740 * RTE_FLOW_ACTION_TYPE_SET_TP_DST
2742 * Allows modification of source (RTE_FLOW_ACTION_TYPE_SET_TP_SRC)
2743 * and destination (RTE_FLOW_ACTION_TYPE_SET_TP_DST) port numbers
2744 * in the specified outermost TCP/UDP header.
2746 struct rte_flow_action_set_tp {
2751 * RTE_FLOW_ACTION_TYPE_SET_TTL
2753 * Set the TTL value directly for IPv4 or IPv6
2755 struct rte_flow_action_set_ttl {
2760 * RTE_FLOW_ACTION_TYPE_SET_MAC
2762 * Set MAC address from the matched flow
2764 struct rte_flow_action_set_mac {
2765 uint8_t mac_addr[RTE_ETHER_ADDR_LEN];
2770 * @b EXPERIMENTAL: this structure may change without prior notice
2772 * RTE_FLOW_ACTION_TYPE_SET_TAG
2774 * Set a tag which is a transient data used during flow matching. This is not
2775 * delivered to application. Multiple tags are supported by specifying index.
2777 struct rte_flow_action_set_tag {
2785 * @b EXPERIMENTAL: this structure may change without prior notice
2787 * RTE_FLOW_ACTION_TYPE_SET_META
2789 * Set metadata. Metadata set by mbuf metadata dynamic field with
2790 * PKT_TX_DYNF_DATA flag on egress will be overridden by this action. On
2791 * ingress, the metadata will be carried by mbuf metadata dynamic field
2792 * with PKT_RX_DYNF_METADATA flag if set. The dynamic mbuf field must be
2793 * registered in advance by rte_flow_dynf_metadata_register().
2795 * Altering partial bits is supported with mask. For bits which have never
2796 * been set, unpredictable value will be seen depending on driver
2797 * implementation. For loopback/hairpin packet, metadata set on Rx/Tx may
2798 * or may not be propagated to the other path depending on HW capability.
2800 * RTE_FLOW_ITEM_TYPE_META matches metadata.
2802 struct rte_flow_action_set_meta {
2808 * RTE_FLOW_ACTION_TYPE_SET_IPV4_DSCP
2809 * RTE_FLOW_ACTION_TYPE_SET_IPV6_DSCP
2811 * Set the DSCP value for IPv4/IPv6 header.
2812 * DSCP in low 6 bits, rest ignored.
2814 struct rte_flow_action_set_dscp {
2819 * RTE_FLOW_ACTION_TYPE_SHARED
2821 * Opaque type returned after successfully creating a shared action.
2823 * This handle can be used to manage and query the related action:
2824 * - share it across multiple flow rules
2825 * - update action configuration
2826 * - query action data
2829 struct rte_flow_shared_action;
2832 * Field IDs for MODIFY_FIELD action.
2834 enum rte_flow_field_id {
2835 RTE_FLOW_FIELD_START = 0, /**< Start of a packet. */
2836 RTE_FLOW_FIELD_MAC_DST,
2837 RTE_FLOW_FIELD_MAC_SRC,
2838 RTE_FLOW_FIELD_VLAN_TYPE,
2839 RTE_FLOW_FIELD_VLAN_ID,
2840 RTE_FLOW_FIELD_MAC_TYPE,
2841 RTE_FLOW_FIELD_IPV4_DSCP,
2842 RTE_FLOW_FIELD_IPV4_TTL,
2843 RTE_FLOW_FIELD_IPV4_SRC,
2844 RTE_FLOW_FIELD_IPV4_DST,
2845 RTE_FLOW_FIELD_IPV6_HOPLIMIT,
2846 RTE_FLOW_FIELD_IPV6_SRC,
2847 RTE_FLOW_FIELD_IPV6_DST,
2848 RTE_FLOW_FIELD_TCP_PORT_SRC,
2849 RTE_FLOW_FIELD_TCP_PORT_DST,
2850 RTE_FLOW_FIELD_TCP_SEQ_NUM,
2851 RTE_FLOW_FIELD_TCP_ACK_NUM,
2852 RTE_FLOW_FIELD_TCP_FLAGS,
2853 RTE_FLOW_FIELD_UDP_PORT_SRC,
2854 RTE_FLOW_FIELD_UDP_PORT_DST,
2855 RTE_FLOW_FIELD_VXLAN_VNI,
2856 RTE_FLOW_FIELD_GENEVE_VNI,
2857 RTE_FLOW_FIELD_GTP_TEID,
2859 RTE_FLOW_FIELD_MARK,
2860 RTE_FLOW_FIELD_META,
2861 RTE_FLOW_FIELD_POINTER, /**< Memory pointer. */
2862 RTE_FLOW_FIELD_VALUE, /**< Immediate value. */
2866 * Field description for MODIFY_FIELD action.
2868 struct rte_flow_action_modify_data {
2869 enum rte_flow_field_id field; /**< Field or memory type ID. */
2873 /**< Encapsulation level or tag index. */
2875 /**< Number of bits to skip from a field. */
2879 * Immediate value for RTE_FLOW_FIELD_VALUE or
2880 * memory address for RTE_FLOW_FIELD_POINTER.
2887 * Operation types for MODIFY_FIELD action.
2889 enum rte_flow_modify_op {
2890 RTE_FLOW_MODIFY_SET = 0, /**< Set a new value. */
2891 RTE_FLOW_MODIFY_ADD, /**< Add a value to a field. */
2892 RTE_FLOW_MODIFY_SUB, /**< Subtract a value from a field. */
2897 * @b EXPERIMENTAL: this structure may change without prior notice
2899 * RTE_FLOW_ACTION_TYPE_MODIFY_FIELD
2901 * Modify a destination header field according to the specified
2902 * operation. Another packet field can be used as a source as well
2903 * as tag, mark, metadata, immediate value or a pointer to it.
2905 struct rte_flow_action_modify_field {
2906 enum rte_flow_modify_op operation; /**< Operation to perform. */
2907 struct rte_flow_action_modify_data dst; /**< Destination field. */
2908 struct rte_flow_action_modify_data src; /**< Source field. */
2909 uint32_t width; /**< Number of bits to use from a source field. */
2912 /* Mbuf dynamic field offset for metadata. */
2913 extern int32_t rte_flow_dynf_metadata_offs;
2915 /* Mbuf dynamic field flag mask for metadata. */
2916 extern uint64_t rte_flow_dynf_metadata_mask;
2918 /* Mbuf dynamic field pointer for metadata. */
2919 #define RTE_FLOW_DYNF_METADATA(m) \
2920 RTE_MBUF_DYNFIELD((m), rte_flow_dynf_metadata_offs, uint32_t *)
2922 /* Mbuf dynamic flags for metadata. */
2923 #define PKT_RX_DYNF_METADATA (rte_flow_dynf_metadata_mask)
2924 #define PKT_TX_DYNF_METADATA (rte_flow_dynf_metadata_mask)
2927 static inline uint32_t
2928 rte_flow_dynf_metadata_get(struct rte_mbuf *m)
2930 return *RTE_FLOW_DYNF_METADATA(m);
2935 rte_flow_dynf_metadata_set(struct rte_mbuf *m, uint32_t v)
2937 *RTE_FLOW_DYNF_METADATA(m) = v;
2941 * Definition of a single action.
2943 * A list of actions is terminated by a END action.
2945 * For simple actions without a configuration object, conf remains NULL.
2947 struct rte_flow_action {
2948 enum rte_flow_action_type type; /**< Action type. */
2949 const void *conf; /**< Pointer to action configuration object. */
2953 * Opaque type returned after successfully creating a flow.
2955 * This handle can be used to manage and query the related flow (e.g. to
2956 * destroy it or retrieve counters).
2962 * @b EXPERIMENTAL: this structure may change without prior notice
2964 * RTE_FLOW_ACTION_TYPE_SAMPLE
2966 * Adds a sample action to a matched flow.
2968 * The matching packets will be duplicated with specified ratio and applied
2969 * with own set of actions with a fate action, the sampled packet could be
2970 * redirected to queue or port. All the packets continue processing on the
2971 * default flow path.
2973 * When the sample ratio is set to 1 then the packets will be 100% mirrored.
2974 * Additional action list be supported to add for sampled or mirrored packets.
2976 struct rte_flow_action_sample {
2977 uint32_t ratio; /**< packets sampled equals to '1/ratio'. */
2978 const struct rte_flow_action *actions;
2979 /**< sub-action list specific for the sampling hit cases. */
2983 * Verbose error types.
2985 * Most of them provide the type of the object referenced by struct
2986 * rte_flow_error.cause.
2988 enum rte_flow_error_type {
2989 RTE_FLOW_ERROR_TYPE_NONE, /**< No error. */
2990 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, /**< Cause unspecified. */
2991 RTE_FLOW_ERROR_TYPE_HANDLE, /**< Flow rule (handle). */
2992 RTE_FLOW_ERROR_TYPE_ATTR_GROUP, /**< Group field. */
2993 RTE_FLOW_ERROR_TYPE_ATTR_PRIORITY, /**< Priority field. */
2994 RTE_FLOW_ERROR_TYPE_ATTR_INGRESS, /**< Ingress field. */
2995 RTE_FLOW_ERROR_TYPE_ATTR_EGRESS, /**< Egress field. */
2996 RTE_FLOW_ERROR_TYPE_ATTR_TRANSFER, /**< Transfer field. */
2997 RTE_FLOW_ERROR_TYPE_ATTR, /**< Attributes structure. */
2998 RTE_FLOW_ERROR_TYPE_ITEM_NUM, /**< Pattern length. */
2999 RTE_FLOW_ERROR_TYPE_ITEM_SPEC, /**< Item specification. */
3000 RTE_FLOW_ERROR_TYPE_ITEM_LAST, /**< Item specification range. */
3001 RTE_FLOW_ERROR_TYPE_ITEM_MASK, /**< Item specification mask. */
3002 RTE_FLOW_ERROR_TYPE_ITEM, /**< Specific pattern item. */
3003 RTE_FLOW_ERROR_TYPE_ACTION_NUM, /**< Number of actions. */
3004 RTE_FLOW_ERROR_TYPE_ACTION_CONF, /**< Action configuration. */
3005 RTE_FLOW_ERROR_TYPE_ACTION, /**< Specific action. */
3009 * Verbose error structure definition.
3011 * This object is normally allocated by applications and set by PMDs, the
3012 * message points to a constant string which does not need to be freed by
3013 * the application, however its pointer can be considered valid only as long
3014 * as its associated DPDK port remains configured. Closing the underlying
3015 * device or unloading the PMD invalidates it.
3017 * Both cause and message may be NULL regardless of the error type.
3019 struct rte_flow_error {
3020 enum rte_flow_error_type type; /**< Cause field and error types. */
3021 const void *cause; /**< Object responsible for the error. */
3022 const char *message; /**< Human-readable error message. */
3026 * Complete flow rule description.
3028 * This object type is used when converting a flow rule description.
3030 * @see RTE_FLOW_CONV_OP_RULE
3031 * @see rte_flow_conv()
3034 struct rte_flow_conv_rule {
3036 const struct rte_flow_attr *attr_ro; /**< RO attributes. */
3037 struct rte_flow_attr *attr; /**< Attributes. */
3040 const struct rte_flow_item *pattern_ro; /**< RO pattern. */
3041 struct rte_flow_item *pattern; /**< Pattern items. */
3044 const struct rte_flow_action *actions_ro; /**< RO actions. */
3045 struct rte_flow_action *actions; /**< List of actions. */
3050 * Conversion operations for flow API objects.
3052 * @see rte_flow_conv()
3054 enum rte_flow_conv_op {
3056 * No operation to perform.
3058 * rte_flow_conv() simply returns 0.
3060 RTE_FLOW_CONV_OP_NONE,
3063 * Convert attributes structure.
3065 * This is a basic copy of an attributes structure.
3068 * @code const struct rte_flow_attr * @endcode
3070 * @code struct rte_flow_attr * @endcode
3072 RTE_FLOW_CONV_OP_ATTR,
3075 * Convert a single item.
3077 * Duplicates @p spec, @p last and @p mask but not outside objects.
3080 * @code const struct rte_flow_item * @endcode
3082 * @code struct rte_flow_item * @endcode
3084 RTE_FLOW_CONV_OP_ITEM,
3087 * Convert a single action.
3089 * Duplicates @p conf but not outside objects.
3092 * @code const struct rte_flow_action * @endcode
3094 * @code struct rte_flow_action * @endcode
3096 RTE_FLOW_CONV_OP_ACTION,
3099 * Convert an entire pattern.
3101 * Duplicates all pattern items at once with the same constraints as
3102 * RTE_FLOW_CONV_OP_ITEM.
3105 * @code const struct rte_flow_item * @endcode
3107 * @code struct rte_flow_item * @endcode
3109 RTE_FLOW_CONV_OP_PATTERN,
3112 * Convert a list of actions.
3114 * Duplicates the entire list of actions at once with the same
3115 * constraints as RTE_FLOW_CONV_OP_ACTION.
3118 * @code const struct rte_flow_action * @endcode
3120 * @code struct rte_flow_action * @endcode
3122 RTE_FLOW_CONV_OP_ACTIONS,
3125 * Convert a complete flow rule description.
3127 * Comprises attributes, pattern and actions together at once with
3128 * the usual constraints.
3131 * @code const struct rte_flow_conv_rule * @endcode
3133 * @code struct rte_flow_conv_rule * @endcode
3135 RTE_FLOW_CONV_OP_RULE,
3138 * Convert item type to its name string.
3140 * Writes a NUL-terminated string to @p dst. Like snprintf(), the
3141 * returned value excludes the terminator which is always written
3145 * @code (const void *)enum rte_flow_item_type @endcode
3147 * @code char * @endcode
3149 RTE_FLOW_CONV_OP_ITEM_NAME,
3152 * Convert action type to its name string.
3154 * Writes a NUL-terminated string to @p dst. Like snprintf(), the
3155 * returned value excludes the terminator which is always written
3159 * @code (const void *)enum rte_flow_action_type @endcode
3161 * @code char * @endcode
3163 RTE_FLOW_CONV_OP_ACTION_NAME,
3166 * Convert item type to pointer to item name.
3168 * Retrieves item name pointer from its type. The string itself is
3169 * not copied; instead, a unique pointer to an internal static
3170 * constant storage is written to @p dst.
3173 * @code (const void *)enum rte_flow_item_type @endcode
3175 * @code const char ** @endcode
3177 RTE_FLOW_CONV_OP_ITEM_NAME_PTR,
3180 * Convert action type to pointer to action name.
3182 * Retrieves action name pointer from its type. The string itself is
3183 * not copied; instead, a unique pointer to an internal static
3184 * constant storage is written to @p dst.
3187 * @code (const void *)enum rte_flow_action_type @endcode
3189 * @code const char ** @endcode
3191 RTE_FLOW_CONV_OP_ACTION_NAME_PTR,
3196 * @b EXPERIMENTAL: this API may change without prior notice.
3198 * Dump hardware internal representation information of
3201 * @param[in] port_id
3202 * The port identifier of the Ethernet device.
3204 * A pointer to a file for output.
3206 * Perform verbose error reporting if not NULL. PMDs initialize this
3207 * structure in case of error only.
3209 * 0 on success, a nagative value otherwise.
3213 rte_flow_dev_dump(uint16_t port_id, FILE *file, struct rte_flow_error *error);
3216 * Check if mbuf dynamic field for metadata is registered.
3219 * True if registered, false otherwise.
3223 rte_flow_dynf_metadata_avail(void)
3225 return !!rte_flow_dynf_metadata_mask;
3229 * Register mbuf dynamic field and flag for metadata.
3231 * This function must be called prior to use SET_META action in order to
3232 * register the dynamic mbuf field. Otherwise, the data cannot be delivered to
3236 * 0 on success, a negative errno value otherwise and rte_errno is set.
3240 rte_flow_dynf_metadata_register(void);
3243 * Check whether a flow rule can be created on a given port.
3245 * The flow rule is validated for correctness and whether it could be accepted
3246 * by the device given sufficient resources. The rule is checked against the
3247 * current device mode and queue configuration. The flow rule may also
3248 * optionally be validated against existing flow rules and device resources.
3249 * This function has no effect on the target device.
3251 * The returned value is guaranteed to remain valid only as long as no
3252 * successful calls to rte_flow_create() or rte_flow_destroy() are made in
3253 * the meantime and no device parameter affecting flow rules in any way are
3254 * modified, due to possible collisions or resource limitations (although in
3255 * such cases EINVAL should not be returned).
3258 * Port identifier of Ethernet device.
3260 * Flow rule attributes.
3261 * @param[in] pattern
3262 * Pattern specification (list terminated by the END pattern item).
3263 * @param[in] actions
3264 * Associated actions (list terminated by the END action).
3266 * Perform verbose error reporting if not NULL. PMDs initialize this
3267 * structure in case of error only.
3270 * 0 if flow rule is valid and can be created. A negative errno value
3271 * otherwise (rte_errno is also set), the following errors are defined:
3273 * -ENOSYS: underlying device does not support this functionality.
3275 * -EIO: underlying device is removed.
3277 * -EINVAL: unknown or invalid rule specification.
3279 * -ENOTSUP: valid but unsupported rule specification (e.g. partial
3280 * bit-masks are unsupported).
3282 * -EEXIST: collision with an existing rule. Only returned if device
3283 * supports flow rule collision checking and there was a flow rule
3284 * collision. Not receiving this return code is no guarantee that creating
3285 * the rule will not fail due to a collision.
3287 * -ENOMEM: not enough memory to execute the function, or if the device
3288 * supports resource validation, resource limitation on the device.
3290 * -EBUSY: action cannot be performed due to busy device resources, may
3291 * succeed if the affected queues or even the entire port are in a stopped
3292 * state (see rte_eth_dev_rx_queue_stop() and rte_eth_dev_stop()).
3295 rte_flow_validate(uint16_t port_id,
3296 const struct rte_flow_attr *attr,
3297 const struct rte_flow_item pattern[],
3298 const struct rte_flow_action actions[],
3299 struct rte_flow_error *error);
3302 * Create a flow rule on a given port.
3305 * Port identifier of Ethernet device.
3307 * Flow rule attributes.
3308 * @param[in] pattern
3309 * Pattern specification (list terminated by the END pattern item).
3310 * @param[in] actions
3311 * Associated actions (list terminated by the END action).
3313 * Perform verbose error reporting if not NULL. PMDs initialize this
3314 * structure in case of error only.
3317 * A valid handle in case of success, NULL otherwise and rte_errno is set
3318 * to the positive version of one of the error codes defined for
3319 * rte_flow_validate().
3322 rte_flow_create(uint16_t port_id,
3323 const struct rte_flow_attr *attr,
3324 const struct rte_flow_item pattern[],
3325 const struct rte_flow_action actions[],
3326 struct rte_flow_error *error);
3329 * Destroy a flow rule on a given port.
3331 * Failure to destroy a flow rule handle may occur when other flow rules
3332 * depend on it, and destroying it would result in an inconsistent state.
3334 * This function is only guaranteed to succeed if handles are destroyed in
3335 * reverse order of their creation.
3338 * Port identifier of Ethernet device.
3340 * Flow rule handle to destroy.
3342 * Perform verbose error reporting if not NULL. PMDs initialize this
3343 * structure in case of error only.
3346 * 0 on success, a negative errno value otherwise and rte_errno is set.
3349 rte_flow_destroy(uint16_t port_id,
3350 struct rte_flow *flow,
3351 struct rte_flow_error *error);
3354 * Destroy all flow rules associated with a port.
3356 * In the unlikely event of failure, handles are still considered destroyed
3357 * and no longer valid but the port must be assumed to be in an inconsistent
3361 * Port identifier of Ethernet device.
3363 * Perform verbose error reporting if not NULL. PMDs initialize this
3364 * structure in case of error only.
3367 * 0 on success, a negative errno value otherwise and rte_errno is set.
3370 rte_flow_flush(uint16_t port_id,
3371 struct rte_flow_error *error);
3374 * Query an existing flow rule.
3376 * This function allows retrieving flow-specific data such as counters.
3377 * Data is gathered by special actions which must be present in the flow
3380 * \see RTE_FLOW_ACTION_TYPE_COUNT
3383 * Port identifier of Ethernet device.
3385 * Flow rule handle to query.
3387 * Action definition as defined in original flow rule.
3388 * @param[in, out] data
3389 * Pointer to storage for the associated query data type.
3391 * Perform verbose error reporting if not NULL. PMDs initialize this
3392 * structure in case of error only.
3395 * 0 on success, a negative errno value otherwise and rte_errno is set.
3398 rte_flow_query(uint16_t port_id,
3399 struct rte_flow *flow,
3400 const struct rte_flow_action *action,
3402 struct rte_flow_error *error);
3405 * Restrict ingress traffic to the defined flow rules.
3407 * Isolated mode guarantees that all ingress traffic comes from defined flow
3408 * rules only (current and future).
3410 * Besides making ingress more deterministic, it allows PMDs to safely reuse
3411 * resources otherwise assigned to handle the remaining traffic, such as
3412 * global RSS configuration settings, VLAN filters, MAC address entries,
3413 * legacy filter API rules and so on in order to expand the set of possible
3416 * Calling this function as soon as possible after device initialization,
3417 * ideally before the first call to rte_eth_dev_configure(), is recommended
3418 * to avoid possible failures due to conflicting settings.
3420 * Once effective, leaving isolated mode may not be possible depending on
3421 * PMD implementation.
3423 * Additionally, the following functionality has no effect on the underlying
3424 * port and may return errors such as ENOTSUP ("not supported"):
3426 * - Toggling promiscuous mode.
3427 * - Toggling allmulticast mode.
3428 * - Configuring MAC addresses.
3429 * - Configuring multicast addresses.
3430 * - Configuring VLAN filters.
3431 * - Configuring Rx filters through the legacy API (e.g. FDIR).
3432 * - Configuring global RSS settings.
3435 * Port identifier of Ethernet device.
3437 * Nonzero to enter isolated mode, attempt to leave it otherwise.
3439 * Perform verbose error reporting if not NULL. PMDs initialize this
3440 * structure in case of error only.
3443 * 0 on success, a negative errno value otherwise and rte_errno is set.
3446 rte_flow_isolate(uint16_t port_id, int set, struct rte_flow_error *error);
3449 * Initialize flow error structure.
3452 * Pointer to flow error structure (may be NULL).
3454 * Related error code (rte_errno).
3456 * Cause field and error types.
3458 * Object responsible for the error.
3460 * Human-readable error message.
3463 * Negative error code (errno value) and rte_errno is set.
3466 rte_flow_error_set(struct rte_flow_error *error,
3468 enum rte_flow_error_type type,
3470 const char *message);
3474 * @see rte_flow_copy()
3476 struct rte_flow_desc {
3477 size_t size; /**< Allocated space including data[]. */
3478 struct rte_flow_attr attr; /**< Attributes. */
3479 struct rte_flow_item *items; /**< Items. */
3480 struct rte_flow_action *actions; /**< Actions. */
3481 uint8_t data[]; /**< Storage for items/actions. */
3486 * Copy an rte_flow rule description.
3488 * This interface is kept for compatibility with older applications but is
3489 * implemented as a wrapper to rte_flow_conv(). It is deprecated due to its
3490 * lack of flexibility and reliance on a type unusable with C++ programs
3491 * (struct rte_flow_desc).
3494 * Flow rule description.
3496 * Total size of allocated data for the flow description.
3498 * Flow rule attributes.
3500 * Pattern specification (list terminated by the END pattern item).
3501 * @param[in] actions
3502 * Associated actions (list terminated by the END action).
3505 * If len is greater or equal to the size of the flow, the total size of the
3506 * flow description and its data.
3507 * If len is lower than the size of the flow, the number of bytes that would
3508 * have been written to desc had it been sufficient. Nothing is written.
3512 rte_flow_copy(struct rte_flow_desc *fd, size_t len,
3513 const struct rte_flow_attr *attr,
3514 const struct rte_flow_item *items,
3515 const struct rte_flow_action *actions);
3518 * Flow object conversion helper.
3520 * This function performs conversion of various flow API objects to a
3521 * pre-allocated destination buffer. See enum rte_flow_conv_op for possible
3522 * operations and details about each of them.
3524 * Since destination buffer must be large enough, it works in a manner
3525 * reminiscent of snprintf():
3527 * - If @p size is 0, @p dst may be a NULL pointer, otherwise @p dst must be
3529 * - If positive, the returned value represents the number of bytes needed
3530 * to store the conversion of @p src to @p dst according to @p op
3531 * regardless of the @p size parameter.
3532 * - Since no more than @p size bytes can be written to @p dst, output is
3533 * truncated and may be inconsistent when the returned value is larger
3535 * - In case of conversion error, a negative error code is returned and
3536 * @p dst contents are unspecified.
3539 * Operation to perform, related to the object type of @p dst.
3541 * Destination buffer address. Must be suitably aligned by the caller.
3543 * Destination buffer size in bytes.
3545 * Source object to copy. Depending on @p op, its type may differ from
3548 * Perform verbose error reporting if not NULL. Initialized in case of
3552 * The number of bytes required to convert @p src to @p dst on success, a
3553 * negative errno value otherwise and rte_errno is set.
3555 * @see rte_flow_conv_op
3559 rte_flow_conv(enum rte_flow_conv_op op,
3563 struct rte_flow_error *error);
3566 * Get aged-out flows of a given port.
3568 * RTE_ETH_EVENT_FLOW_AGED event will be triggered when at least one new aged
3569 * out flow was detected after the last call to rte_flow_get_aged_flows.
3570 * This function can be called to get the aged flows usynchronously from the
3571 * event callback or synchronously regardless the event.
3572 * This is not safe to call rte_flow_get_aged_flows function with other flow
3573 * functions from multiple threads simultaneously.
3576 * Port identifier of Ethernet device.
3577 * @param[in, out] contexts
3578 * The address of an array of pointers to the aged-out flows contexts.
3579 * @param[in] nb_contexts
3580 * The length of context array pointers.
3582 * Perform verbose error reporting if not NULL. Initialized in case of
3586 * if nb_contexts is 0, return the amount of all aged contexts.
3587 * if nb_contexts is not 0 , return the amount of aged flows reported
3588 * in the context array, otherwise negative errno value.
3590 * @see rte_flow_action_age
3591 * @see RTE_ETH_EVENT_FLOW_AGED
3595 rte_flow_get_aged_flows(uint16_t port_id, void **contexts,
3596 uint32_t nb_contexts, struct rte_flow_error *error);
3599 * Specify shared action configuration
3601 struct rte_flow_shared_action_conf {
3603 * Flow direction for shared action configuration.
3605 * Shared action should be valid at least for one flow direction,
3606 * otherwise it is invalid for both ingress and egress rules.
3609 /**< Action valid for rules applied to ingress traffic. */
3611 /**< Action valid for rules applied to egress traffic. */
3614 * When set to 1, indicates that the action is valid for
3615 * transfer traffic; otherwise, for non-transfer traffic.
3617 * See struct rte_flow_attr.
3619 uint32_t transfer:1;
3624 * @b EXPERIMENTAL: this API may change without prior notice.
3626 * Create shared action for reuse in multiple flow rules.
3627 * The created shared action has single state and configuration
3628 * across all flow rules using it.
3630 * @param[in] port_id
3631 * The port identifier of the Ethernet device.
3633 * Shared action configuration.
3635 * Action configuration for shared action creation.
3637 * Perform verbose error reporting if not NULL. PMDs initialize this
3638 * structure in case of error only.
3640 * A valid handle in case of success, NULL otherwise and rte_errno is set
3641 * to one of the error codes defined:
3642 * - (ENODEV) if *port_id* invalid.
3643 * - (ENOSYS) if underlying device does not support this functionality.
3644 * - (EIO) if underlying device is removed.
3645 * - (EINVAL) if *action* invalid.
3646 * - (ENOTSUP) if *action* valid but unsupported.
3649 struct rte_flow_shared_action *
3650 rte_flow_shared_action_create(uint16_t port_id,
3651 const struct rte_flow_shared_action_conf *conf,
3652 const struct rte_flow_action *action,
3653 struct rte_flow_error *error);
3657 * @b EXPERIMENTAL: this API may change without prior notice.
3659 * Destroy the shared action by handle.
3661 * @param[in] port_id
3662 * The port identifier of the Ethernet device.
3664 * Handle for the shared action to be destroyed.
3666 * Perform verbose error reporting if not NULL. PMDs initialize this
3667 * structure in case of error only.
3670 * - (-ENODEV) if *port_id* invalid.
3671 * - (-ENOSYS) if underlying device does not support this functionality.
3672 * - (-EIO) if underlying device is removed.
3673 * - (-ENOENT) if action pointed by *action* handle was not found.
3674 * - (-EBUSY) if action pointed by *action* handle still used by some rules
3675 * rte_errno is also set.
3679 rte_flow_shared_action_destroy(uint16_t port_id,
3680 struct rte_flow_shared_action *action,
3681 struct rte_flow_error *error);
3685 * @b EXPERIMENTAL: this API may change without prior notice.
3687 * Update in-place the shared action configuration pointed by *action* handle
3688 * with the configuration provided as *update* argument.
3689 * The update of the shared action configuration effects all flow rules reusing
3690 * the action via handle.
3692 * @param[in] port_id
3693 * The port identifier of the Ethernet device.
3695 * Handle for the shared action to be updated.
3697 * Action specification used to modify the action pointed by handle.
3698 * *update* should be of same type with the action pointed by the *action*
3699 * handle argument, otherwise considered as invalid.
3701 * Perform verbose error reporting if not NULL. PMDs initialize this
3702 * structure in case of error only.
3705 * - (-ENODEV) if *port_id* invalid.
3706 * - (-ENOSYS) if underlying device does not support this functionality.
3707 * - (-EIO) if underlying device is removed.
3708 * - (-EINVAL) if *update* invalid.
3709 * - (-ENOTSUP) if *update* valid but unsupported.
3710 * - (-ENOENT) if action pointed by *ctx* was not found.
3711 * rte_errno is also set.
3715 rte_flow_shared_action_update(uint16_t port_id,
3716 struct rte_flow_shared_action *action,
3717 const struct rte_flow_action *update,
3718 struct rte_flow_error *error);
3722 * @b EXPERIMENTAL: this API may change without prior notice.
3724 * Query the shared action by handle.
3726 * Retrieve action-specific data such as counters.
3727 * Data is gathered by special action which may be present/referenced in
3728 * more than one flow rule definition.
3730 * \see RTE_FLOW_ACTION_TYPE_COUNT
3733 * Port identifier of Ethernet device.
3735 * Handle for the shared action to query.
3736 * @param[in, out] data
3737 * Pointer to storage for the associated query data type.
3739 * Perform verbose error reporting if not NULL. PMDs initialize this
3740 * structure in case of error only.
3743 * 0 on success, a negative errno value otherwise and rte_errno is set.
3747 rte_flow_shared_action_query(uint16_t port_id,
3748 const struct rte_flow_shared_action *action,
3750 struct rte_flow_error *error);
3752 /* Tunnel has a type and the key information. */
3753 struct rte_flow_tunnel {
3755 * Tunnel type, for example RTE_FLOW_ITEM_TYPE_VXLAN,
3756 * RTE_FLOW_ITEM_TYPE_NVGRE etc.
3758 enum rte_flow_item_type type;
3759 uint64_t tun_id; /**< Tunnel identification. */
3764 rte_be32_t src_addr; /**< IPv4 source address. */
3765 rte_be32_t dst_addr; /**< IPv4 destination address. */
3768 uint8_t src_addr[16]; /**< IPv6 source address. */
3769 uint8_t dst_addr[16]; /**< IPv6 destination address. */
3772 rte_be16_t tp_src; /**< Tunnel port source. */
3773 rte_be16_t tp_dst; /**< Tunnel port destination. */
3774 uint16_t tun_flags; /**< Tunnel flags. */
3776 bool is_ipv6; /**< True for valid IPv6 fields. Otherwise IPv4. */
3779 * the following members are required to restore packet
3782 uint8_t tos; /**< TOS for IPv4, TC for IPv6. */
3783 uint8_t ttl; /**< TTL for IPv4, HL for IPv6. */
3784 uint32_t label; /**< Flow Label for IPv6. */
3788 * Indicate that the packet has a tunnel.
3790 #define RTE_FLOW_RESTORE_INFO_TUNNEL (1ULL << 0)
3793 * Indicate that the packet has a non decapsulated tunnel header.
3795 #define RTE_FLOW_RESTORE_INFO_ENCAPSULATED (1ULL << 1)
3798 * Indicate that the packet has a group_id.
3800 #define RTE_FLOW_RESTORE_INFO_GROUP_ID (1ULL << 2)
3803 * Restore information structure to communicate the current packet processing
3804 * state when some of the processing pipeline is done in hardware and should
3805 * continue in software.
3807 struct rte_flow_restore_info {
3809 * Bitwise flags (RTE_FLOW_RESTORE_INFO_*) to indicate validation of
3810 * other fields in struct rte_flow_restore_info.
3813 uint32_t group_id; /**< Group ID where packed missed */
3814 struct rte_flow_tunnel tunnel; /**< Tunnel information. */
3818 * Allocate an array of actions to be used in rte_flow_create, to implement
3819 * tunnel-decap-set for the given tunnel.
3821 * actions vxlan_decap / tunnel-decap-set(tunnel properties) /
3822 * jump group 0 / end
3825 * Port identifier of Ethernet device.
3827 * Tunnel properties.
3828 * @param[out] actions
3829 * Array of actions to be allocated by the PMD. This array should be
3830 * concatenated with the actions array provided to rte_flow_create.
3831 * @param[out] num_of_actions
3832 * Number of actions allocated.
3834 * Perform verbose error reporting if not NULL. PMDs initialize this
3835 * structure in case of error only.
3838 * 0 on success, a negative errno value otherwise and rte_errno is set.
3842 rte_flow_tunnel_decap_set(uint16_t port_id,
3843 struct rte_flow_tunnel *tunnel,
3844 struct rte_flow_action **actions,
3845 uint32_t *num_of_actions,
3846 struct rte_flow_error *error);
3849 * Allocate an array of items to be used in rte_flow_create, to implement
3850 * tunnel-match for the given tunnel.
3852 * pattern tunnel-match(tunnel properties) / outer-header-matches /
3853 * inner-header-matches / end
3856 * Port identifier of Ethernet device.
3858 * Tunnel properties.
3860 * Array of items to be allocated by the PMD. This array should be
3861 * concatenated with the items array provided to rte_flow_create.
3862 * @param[out] num_of_items
3863 * Number of items allocated.
3865 * Perform verbose error reporting if not NULL. PMDs initialize this
3866 * structure in case of error only.
3869 * 0 on success, a negative errno value otherwise and rte_errno is set.
3873 rte_flow_tunnel_match(uint16_t port_id,
3874 struct rte_flow_tunnel *tunnel,
3875 struct rte_flow_item **items,
3876 uint32_t *num_of_items,
3877 struct rte_flow_error *error);
3880 * Populate the current packet processing state, if exists, for the given mbuf.
3883 * Port identifier of Ethernet device.
3887 * Restore information. Upon success contains the HW state.
3889 * Perform verbose error reporting if not NULL. PMDs initialize this
3890 * structure in case of error only.
3893 * 0 on success, a negative errno value otherwise and rte_errno is set.
3897 rte_flow_get_restore_info(uint16_t port_id,
3899 struct rte_flow_restore_info *info,
3900 struct rte_flow_error *error);
3903 * Release the action array as allocated by rte_flow_tunnel_decap_set.
3906 * Port identifier of Ethernet device.
3907 * @param[in] actions
3908 * Array of actions to be released.
3909 * @param[in] num_of_actions
3910 * Number of elements in actions array.
3912 * Perform verbose error reporting if not NULL. PMDs initialize this
3913 * structure in case of error only.
3916 * 0 on success, a negative errno value otherwise and rte_errno is set.
3920 rte_flow_tunnel_action_decap_release(uint16_t port_id,
3921 struct rte_flow_action *actions,
3922 uint32_t num_of_actions,
3923 struct rte_flow_error *error);
3926 * Release the item array as allocated by rte_flow_tunnel_match.
3929 * Port identifier of Ethernet device.
3931 * Array of items to be released.
3932 * @param[in] num_of_items
3933 * Number of elements in item array.
3935 * Perform verbose error reporting if not NULL. PMDs initialize this
3936 * structure in case of error only.
3939 * 0 on success, a negative errno value otherwise and rte_errno is set.
3943 rte_flow_tunnel_item_release(uint16_t port_id,
3944 struct rte_flow_item *items,
3945 uint32_t num_of_items,
3946 struct rte_flow_error *error);
3951 #endif /* RTE_FLOW_H_ */