1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright 2016 6WIND S.A.
3 * Copyright 2016 Mellanox Technologies, Ltd
11 * RTE generic flow API
13 * This interface provides the ability to program packet matching and
14 * associated actions in hardware through flow rules.
21 #include <rte_ether.h>
22 #include <rte_eth_ctrl.h>
28 #include <rte_byteorder.h>
36 * Flow rule attributes.
38 * Priorities are set on a per rule based within groups.
40 * Lower values denote higher priority, the highest priority for a flow rule
41 * is 0, so that a flow that matches for than one rule, the rule with the
42 * lowest priority value will always be matched.
44 * Although optional, applications are encouraged to group similar rules as
45 * much as possible to fully take advantage of hardware capabilities
46 * (e.g. optimized matching) and work around limitations (e.g. a single
47 * pattern type possibly allowed in a given group). Applications should be
48 * aware that groups are not linked by default, and that they must be
49 * explicitly linked by the application using the JUMP action.
51 * Priority levels are arbitrary and up to the application, they
52 * do not need to be contiguous nor start from 0, however the maximum number
53 * varies between devices and may be affected by existing flow rules.
55 * If a packet is matched by several rules of a given group for a given
56 * priority level, the outcome is undefined. It can take any path, may be
57 * duplicated or even cause unrecoverable errors.
59 * Note that support for more than a single group and priority level is not
62 * Flow rules can apply to inbound and/or outbound traffic (ingress/egress).
64 * Several pattern items and actions are valid and can be used in both
65 * directions. Those valid for only one direction are described as such.
67 * At least one direction must be specified.
69 * Specifying both directions at once for a given rule is not recommended
70 * but may be valid in a few cases (e.g. shared counter).
72 struct rte_flow_attr {
73 uint32_t group; /**< Priority group. */
74 uint32_t priority; /**< Rule priority level within group. */
75 uint32_t ingress:1; /**< Rule applies to ingress traffic. */
76 uint32_t egress:1; /**< Rule applies to egress traffic. */
78 * Instead of simply matching the properties of traffic as it would
79 * appear on a given DPDK port ID, enabling this attribute transfers
80 * a flow rule to the lowest possible level of any device endpoints
81 * found in the pattern.
83 * When supported, this effectively enables an application to
84 * re-route traffic not necessarily intended for it (e.g. coming
85 * from or addressed to different physical ports, VFs or
86 * applications) at the device level.
88 * It complements the behavior of some pattern items such as
89 * RTE_FLOW_ITEM_TYPE_PHY_PORT and is meaningless without them.
91 * When transferring flow rules, ingress and egress attributes keep
92 * their original meaning, as if processing traffic emitted or
93 * received by the application.
96 uint32_t reserved:29; /**< Reserved, must be zero. */
100 * Matching pattern item types.
102 * Pattern items fall in two categories:
104 * - Matching protocol headers and packet data, usually associated with a
105 * specification structure. These must be stacked in the same order as the
106 * protocol layers to match inside packets, starting from the lowest.
108 * - Matching meta-data or affecting pattern processing, often without a
109 * specification structure. Since they do not match packet contents, their
110 * position in the list is usually not relevant.
112 * See the description of individual types for more information. Those
113 * marked with [META] fall into the second category.
115 enum rte_flow_item_type {
119 * End marker for item lists. Prevents further processing of items,
120 * thereby ending the pattern.
122 * No associated specification structure.
124 RTE_FLOW_ITEM_TYPE_END,
129 * Used as a placeholder for convenience. It is ignored and simply
132 * No associated specification structure.
134 RTE_FLOW_ITEM_TYPE_VOID,
139 * Inverted matching, i.e. process packets that do not match the
142 * No associated specification structure.
144 RTE_FLOW_ITEM_TYPE_INVERT,
147 * Matches any protocol in place of the current layer, a single ANY
148 * may also stand for several protocol layers.
150 * See struct rte_flow_item_any.
152 RTE_FLOW_ITEM_TYPE_ANY,
157 * Matches traffic originating from (ingress) or going to (egress)
158 * the physical function of the current device.
160 * No associated specification structure.
162 RTE_FLOW_ITEM_TYPE_PF,
167 * Matches traffic originating from (ingress) or going to (egress) a
168 * given virtual function of the current device.
170 * See struct rte_flow_item_vf.
172 RTE_FLOW_ITEM_TYPE_VF,
177 * Matches traffic originating from (ingress) or going to (egress) a
178 * physical port of the underlying device.
180 * See struct rte_flow_item_phy_port.
182 RTE_FLOW_ITEM_TYPE_PHY_PORT,
187 * Matches traffic originating from (ingress) or going to (egress) a
188 * given DPDK port ID.
190 * See struct rte_flow_item_port_id.
192 RTE_FLOW_ITEM_TYPE_PORT_ID,
195 * Matches a byte string of a given length at a given offset.
197 * See struct rte_flow_item_raw.
199 RTE_FLOW_ITEM_TYPE_RAW,
202 * Matches an Ethernet header.
204 * See struct rte_flow_item_eth.
206 RTE_FLOW_ITEM_TYPE_ETH,
209 * Matches an 802.1Q/ad VLAN tag.
211 * See struct rte_flow_item_vlan.
213 RTE_FLOW_ITEM_TYPE_VLAN,
216 * Matches an IPv4 header.
218 * See struct rte_flow_item_ipv4.
220 RTE_FLOW_ITEM_TYPE_IPV4,
223 * Matches an IPv6 header.
225 * See struct rte_flow_item_ipv6.
227 RTE_FLOW_ITEM_TYPE_IPV6,
230 * Matches an ICMP header.
232 * See struct rte_flow_item_icmp.
234 RTE_FLOW_ITEM_TYPE_ICMP,
237 * Matches a UDP header.
239 * See struct rte_flow_item_udp.
241 RTE_FLOW_ITEM_TYPE_UDP,
244 * Matches a TCP header.
246 * See struct rte_flow_item_tcp.
248 RTE_FLOW_ITEM_TYPE_TCP,
251 * Matches a SCTP header.
253 * See struct rte_flow_item_sctp.
255 RTE_FLOW_ITEM_TYPE_SCTP,
258 * Matches a VXLAN header.
260 * See struct rte_flow_item_vxlan.
262 RTE_FLOW_ITEM_TYPE_VXLAN,
265 * Matches a E_TAG header.
267 * See struct rte_flow_item_e_tag.
269 RTE_FLOW_ITEM_TYPE_E_TAG,
272 * Matches a NVGRE header.
274 * See struct rte_flow_item_nvgre.
276 RTE_FLOW_ITEM_TYPE_NVGRE,
279 * Matches a MPLS header.
281 * See struct rte_flow_item_mpls.
283 RTE_FLOW_ITEM_TYPE_MPLS,
286 * Matches a GRE header.
288 * See struct rte_flow_item_gre.
290 RTE_FLOW_ITEM_TYPE_GRE,
295 * Fuzzy pattern match, expect faster than default.
297 * This is for device that support fuzzy matching option.
298 * Usually a fuzzy matching is fast but the cost is accuracy.
300 * See struct rte_flow_item_fuzzy.
302 RTE_FLOW_ITEM_TYPE_FUZZY,
305 * Matches a GTP header.
307 * Configure flow for GTP packets.
309 * See struct rte_flow_item_gtp.
311 RTE_FLOW_ITEM_TYPE_GTP,
314 * Matches a GTP header.
316 * Configure flow for GTP-C packets.
318 * See struct rte_flow_item_gtp.
320 RTE_FLOW_ITEM_TYPE_GTPC,
323 * Matches a GTP header.
325 * Configure flow for GTP-U packets.
327 * See struct rte_flow_item_gtp.
329 RTE_FLOW_ITEM_TYPE_GTPU,
332 * Matches a ESP header.
334 * See struct rte_flow_item_esp.
336 RTE_FLOW_ITEM_TYPE_ESP,
339 * Matches a GENEVE header.
341 * See struct rte_flow_item_geneve.
343 RTE_FLOW_ITEM_TYPE_GENEVE,
346 * Matches a VXLAN-GPE header.
348 * See struct rte_flow_item_vxlan_gpe.
350 RTE_FLOW_ITEM_TYPE_VXLAN_GPE,
353 * Matches an ARP header for Ethernet/IPv4.
355 * See struct rte_flow_item_arp_eth_ipv4.
357 RTE_FLOW_ITEM_TYPE_ARP_ETH_IPV4,
360 * Matches the presence of any IPv6 extension header.
362 * See struct rte_flow_item_ipv6_ext.
364 RTE_FLOW_ITEM_TYPE_IPV6_EXT,
367 * Matches any ICMPv6 header.
369 * See struct rte_flow_item_icmp6.
371 RTE_FLOW_ITEM_TYPE_ICMP6,
374 * Matches an ICMPv6 neighbor discovery solicitation.
376 * See struct rte_flow_item_icmp6_nd_ns.
378 RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS,
381 * Matches an ICMPv6 neighbor discovery advertisement.
383 * See struct rte_flow_item_icmp6_nd_na.
385 RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA,
388 * Matches the presence of any ICMPv6 neighbor discovery option.
390 * See struct rte_flow_item_icmp6_nd_opt.
392 RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT,
395 * Matches an ICMPv6 neighbor discovery source Ethernet link-layer
398 * See struct rte_flow_item_icmp6_nd_opt_sla_eth.
400 RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_SLA_ETH,
403 * Matches an ICMPv6 neighbor discovery target Ethernet link-layer
406 * See struct rte_flow_item_icmp6_nd_opt_tla_eth.
408 RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_TLA_ETH,
411 * Matches specified mark field.
413 * See struct rte_flow_item_mark.
415 RTE_FLOW_ITEM_TYPE_MARK,
419 * RTE_FLOW_ITEM_TYPE_ANY
421 * Matches any protocol in place of the current layer, a single ANY may also
422 * stand for several protocol layers.
424 * This is usually specified as the first pattern item when looking for a
425 * protocol anywhere in a packet.
427 * A zeroed mask stands for any number of layers.
429 struct rte_flow_item_any {
430 uint32_t num; /**< Number of layers covered. */
433 /** Default mask for RTE_FLOW_ITEM_TYPE_ANY. */
435 static const struct rte_flow_item_any rte_flow_item_any_mask = {
441 * RTE_FLOW_ITEM_TYPE_VF
443 * Matches traffic originating from (ingress) or going to (egress) a given
444 * virtual function of the current device.
446 * If supported, should work even if the virtual function is not managed by
447 * the application and thus not associated with a DPDK port ID.
449 * Note this pattern item does not match VF representors traffic which, as
450 * separate entities, should be addressed through their own DPDK port IDs.
452 * - Can be specified multiple times to match traffic addressed to several
454 * - Can be combined with a PF item to match both PF and VF traffic.
456 * A zeroed mask can be used to match any VF ID.
458 struct rte_flow_item_vf {
459 uint32_t id; /**< VF ID. */
462 /** Default mask for RTE_FLOW_ITEM_TYPE_VF. */
464 static const struct rte_flow_item_vf rte_flow_item_vf_mask = {
470 * RTE_FLOW_ITEM_TYPE_PHY_PORT
472 * Matches traffic originating from (ingress) or going to (egress) a
473 * physical port of the underlying device.
475 * The first PHY_PORT item overrides the physical port normally associated
476 * with the specified DPDK input port (port_id). This item can be provided
477 * several times to match additional physical ports.
479 * Note that physical ports are not necessarily tied to DPDK input ports
480 * (port_id) when those are not under DPDK control. Possible values are
481 * specific to each device, they are not necessarily indexed from zero and
482 * may not be contiguous.
484 * As a device property, the list of allowed values as well as the value
485 * associated with a port_id should be retrieved by other means.
487 * A zeroed mask can be used to match any port index.
489 struct rte_flow_item_phy_port {
490 uint32_t index; /**< Physical port index. */
493 /** Default mask for RTE_FLOW_ITEM_TYPE_PHY_PORT. */
495 static const struct rte_flow_item_phy_port rte_flow_item_phy_port_mask = {
501 * RTE_FLOW_ITEM_TYPE_PORT_ID
503 * Matches traffic originating from (ingress) or going to (egress) a given
506 * Normally only supported if the port ID in question is known by the
507 * underlying PMD and related to the device the flow rule is created
510 * This must not be confused with @p PHY_PORT which refers to the physical
511 * port of a device, whereas @p PORT_ID refers to a struct rte_eth_dev
512 * object on the application side (also known as "port representor"
513 * depending on the kind of underlying device).
515 struct rte_flow_item_port_id {
516 uint32_t id; /**< DPDK port ID. */
519 /** Default mask for RTE_FLOW_ITEM_TYPE_PORT_ID. */
521 static const struct rte_flow_item_port_id rte_flow_item_port_id_mask = {
527 * RTE_FLOW_ITEM_TYPE_RAW
529 * Matches a byte string of a given length at a given offset.
531 * Offset is either absolute (using the start of the packet) or relative to
532 * the end of the previous matched item in the stack, in which case negative
533 * values are allowed.
535 * If search is enabled, offset is used as the starting point. The search
536 * area can be delimited by setting limit to a nonzero value, which is the
537 * maximum number of bytes after offset where the pattern may start.
539 * Matching a zero-length pattern is allowed, doing so resets the relative
540 * offset for subsequent items.
542 * This type does not support ranges (struct rte_flow_item.last).
544 struct rte_flow_item_raw {
545 uint32_t relative:1; /**< Look for pattern after the previous item. */
546 uint32_t search:1; /**< Search pattern from offset (see also limit). */
547 uint32_t reserved:30; /**< Reserved, must be set to zero. */
548 int32_t offset; /**< Absolute or relative offset for pattern. */
549 uint16_t limit; /**< Search area limit for start of pattern. */
550 uint16_t length; /**< Pattern length. */
551 const uint8_t *pattern; /**< Byte string to look for. */
554 /** Default mask for RTE_FLOW_ITEM_TYPE_RAW. */
556 static const struct rte_flow_item_raw rte_flow_item_raw_mask = {
559 .reserved = 0x3fffffff,
560 .offset = 0xffffffff,
568 * RTE_FLOW_ITEM_TYPE_ETH
570 * Matches an Ethernet header.
572 * The @p type field either stands for "EtherType" or "TPID" when followed
573 * by so-called layer 2.5 pattern items such as RTE_FLOW_ITEM_TYPE_VLAN. In
574 * the latter case, @p type refers to that of the outer header, with the
575 * inner EtherType/TPID provided by the subsequent pattern item. This is the
576 * same order as on the wire.
578 struct rte_flow_item_eth {
579 struct ether_addr dst; /**< Destination MAC. */
580 struct ether_addr src; /**< Source MAC. */
581 rte_be16_t type; /**< EtherType or TPID. */
584 /** Default mask for RTE_FLOW_ITEM_TYPE_ETH. */
586 static const struct rte_flow_item_eth rte_flow_item_eth_mask = {
587 .dst.addr_bytes = "\xff\xff\xff\xff\xff\xff",
588 .src.addr_bytes = "\xff\xff\xff\xff\xff\xff",
589 .type = RTE_BE16(0x0000),
594 * RTE_FLOW_ITEM_TYPE_VLAN
596 * Matches an 802.1Q/ad VLAN tag.
598 * The corresponding standard outer EtherType (TPID) values are
599 * ETHER_TYPE_VLAN or ETHER_TYPE_QINQ. It can be overridden by the preceding
602 struct rte_flow_item_vlan {
603 rte_be16_t tci; /**< Tag control information. */
604 rte_be16_t inner_type; /**< Inner EtherType or TPID. */
607 /** Default mask for RTE_FLOW_ITEM_TYPE_VLAN. */
609 static const struct rte_flow_item_vlan rte_flow_item_vlan_mask = {
610 .tci = RTE_BE16(0x0fff),
611 .inner_type = RTE_BE16(0x0000),
616 * RTE_FLOW_ITEM_TYPE_IPV4
618 * Matches an IPv4 header.
620 * Note: IPv4 options are handled by dedicated pattern items.
622 struct rte_flow_item_ipv4 {
623 struct ipv4_hdr hdr; /**< IPv4 header definition. */
626 /** Default mask for RTE_FLOW_ITEM_TYPE_IPV4. */
628 static const struct rte_flow_item_ipv4 rte_flow_item_ipv4_mask = {
630 .src_addr = RTE_BE32(0xffffffff),
631 .dst_addr = RTE_BE32(0xffffffff),
637 * RTE_FLOW_ITEM_TYPE_IPV6.
639 * Matches an IPv6 header.
641 * Note: IPv6 options are handled by dedicated pattern items, see
642 * RTE_FLOW_ITEM_TYPE_IPV6_EXT.
644 struct rte_flow_item_ipv6 {
645 struct ipv6_hdr hdr; /**< IPv6 header definition. */
648 /** Default mask for RTE_FLOW_ITEM_TYPE_IPV6. */
650 static const struct rte_flow_item_ipv6 rte_flow_item_ipv6_mask = {
653 "\xff\xff\xff\xff\xff\xff\xff\xff"
654 "\xff\xff\xff\xff\xff\xff\xff\xff",
656 "\xff\xff\xff\xff\xff\xff\xff\xff"
657 "\xff\xff\xff\xff\xff\xff\xff\xff",
663 * RTE_FLOW_ITEM_TYPE_ICMP.
665 * Matches an ICMP header.
667 struct rte_flow_item_icmp {
668 struct icmp_hdr hdr; /**< ICMP header definition. */
671 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP. */
673 static const struct rte_flow_item_icmp rte_flow_item_icmp_mask = {
682 * RTE_FLOW_ITEM_TYPE_UDP.
684 * Matches a UDP header.
686 struct rte_flow_item_udp {
687 struct udp_hdr hdr; /**< UDP header definition. */
690 /** Default mask for RTE_FLOW_ITEM_TYPE_UDP. */
692 static const struct rte_flow_item_udp rte_flow_item_udp_mask = {
694 .src_port = RTE_BE16(0xffff),
695 .dst_port = RTE_BE16(0xffff),
701 * RTE_FLOW_ITEM_TYPE_TCP.
703 * Matches a TCP header.
705 struct rte_flow_item_tcp {
706 struct tcp_hdr hdr; /**< TCP header definition. */
709 /** Default mask for RTE_FLOW_ITEM_TYPE_TCP. */
711 static const struct rte_flow_item_tcp rte_flow_item_tcp_mask = {
713 .src_port = RTE_BE16(0xffff),
714 .dst_port = RTE_BE16(0xffff),
720 * RTE_FLOW_ITEM_TYPE_SCTP.
722 * Matches a SCTP header.
724 struct rte_flow_item_sctp {
725 struct sctp_hdr hdr; /**< SCTP header definition. */
728 /** Default mask for RTE_FLOW_ITEM_TYPE_SCTP. */
730 static const struct rte_flow_item_sctp rte_flow_item_sctp_mask = {
732 .src_port = RTE_BE16(0xffff),
733 .dst_port = RTE_BE16(0xffff),
739 * RTE_FLOW_ITEM_TYPE_VXLAN.
741 * Matches a VXLAN header (RFC 7348).
743 struct rte_flow_item_vxlan {
744 uint8_t flags; /**< Normally 0x08 (I flag). */
745 uint8_t rsvd0[3]; /**< Reserved, normally 0x000000. */
746 uint8_t vni[3]; /**< VXLAN identifier. */
747 uint8_t rsvd1; /**< Reserved, normally 0x00. */
750 /** Default mask for RTE_FLOW_ITEM_TYPE_VXLAN. */
752 static const struct rte_flow_item_vxlan rte_flow_item_vxlan_mask = {
753 .vni = "\xff\xff\xff",
758 * RTE_FLOW_ITEM_TYPE_E_TAG.
760 * Matches a E-tag header.
762 * The corresponding standard outer EtherType (TPID) value is
763 * ETHER_TYPE_ETAG. It can be overridden by the preceding pattern item.
765 struct rte_flow_item_e_tag {
767 * E-Tag control information (E-TCI).
768 * E-PCP (3b), E-DEI (1b), ingress E-CID base (12b).
770 rte_be16_t epcp_edei_in_ecid_b;
771 /** Reserved (2b), GRP (2b), E-CID base (12b). */
772 rte_be16_t rsvd_grp_ecid_b;
773 uint8_t in_ecid_e; /**< Ingress E-CID ext. */
774 uint8_t ecid_e; /**< E-CID ext. */
775 rte_be16_t inner_type; /**< Inner EtherType or TPID. */
778 /** Default mask for RTE_FLOW_ITEM_TYPE_E_TAG. */
780 static const struct rte_flow_item_e_tag rte_flow_item_e_tag_mask = {
781 .rsvd_grp_ecid_b = RTE_BE16(0x3fff),
786 * RTE_FLOW_ITEM_TYPE_NVGRE.
788 * Matches a NVGRE header.
790 struct rte_flow_item_nvgre {
792 * Checksum (1b), undefined (1b), key bit (1b), sequence number (1b),
793 * reserved 0 (9b), version (3b).
795 * c_k_s_rsvd0_ver must have value 0x2000 according to RFC 7637.
797 rte_be16_t c_k_s_rsvd0_ver;
798 rte_be16_t protocol; /**< Protocol type (0x6558). */
799 uint8_t tni[3]; /**< Virtual subnet ID. */
800 uint8_t flow_id; /**< Flow ID. */
803 /** Default mask for RTE_FLOW_ITEM_TYPE_NVGRE. */
805 static const struct rte_flow_item_nvgre rte_flow_item_nvgre_mask = {
806 .tni = "\xff\xff\xff",
811 * RTE_FLOW_ITEM_TYPE_MPLS.
813 * Matches a MPLS header.
815 struct rte_flow_item_mpls {
817 * Label (20b), TC (3b), Bottom of Stack (1b).
819 uint8_t label_tc_s[3];
820 uint8_t ttl; /** Time-to-Live. */
823 /** Default mask for RTE_FLOW_ITEM_TYPE_MPLS. */
825 static const struct rte_flow_item_mpls rte_flow_item_mpls_mask = {
826 .label_tc_s = "\xff\xff\xf0",
831 * RTE_FLOW_ITEM_TYPE_GRE.
833 * Matches a GRE header.
835 struct rte_flow_item_gre {
837 * Checksum (1b), reserved 0 (12b), version (3b).
840 rte_be16_t c_rsvd0_ver;
841 rte_be16_t protocol; /**< Protocol type. */
844 /** Default mask for RTE_FLOW_ITEM_TYPE_GRE. */
846 static const struct rte_flow_item_gre rte_flow_item_gre_mask = {
847 .protocol = RTE_BE16(0xffff),
852 * RTE_FLOW_ITEM_TYPE_FUZZY
854 * Fuzzy pattern match, expect faster than default.
856 * This is for device that support fuzzy match option.
857 * Usually a fuzzy match is fast but the cost is accuracy.
858 * i.e. Signature Match only match pattern's hash value, but it is
859 * possible two different patterns have the same hash value.
861 * Matching accuracy level can be configure by threshold.
862 * Driver can divide the range of threshold and map to different
863 * accuracy levels that device support.
865 * Threshold 0 means perfect match (no fuzziness), while threshold
866 * 0xffffffff means fuzziest match.
868 struct rte_flow_item_fuzzy {
869 uint32_t thresh; /**< Accuracy threshold. */
872 /** Default mask for RTE_FLOW_ITEM_TYPE_FUZZY. */
874 static const struct rte_flow_item_fuzzy rte_flow_item_fuzzy_mask = {
875 .thresh = 0xffffffff,
880 * RTE_FLOW_ITEM_TYPE_GTP.
882 * Matches a GTPv1 header.
884 struct rte_flow_item_gtp {
886 * Version (3b), protocol type (1b), reserved (1b),
887 * Extension header flag (1b),
888 * Sequence number flag (1b),
889 * N-PDU number flag (1b).
891 uint8_t v_pt_rsv_flags;
892 uint8_t msg_type; /**< Message type. */
893 rte_be16_t msg_len; /**< Message length. */
894 rte_be32_t teid; /**< Tunnel endpoint identifier. */
897 /** Default mask for RTE_FLOW_ITEM_TYPE_GTP. */
899 static const struct rte_flow_item_gtp rte_flow_item_gtp_mask = {
900 .teid = RTE_BE32(0xffffffff),
905 * RTE_FLOW_ITEM_TYPE_ESP
907 * Matches an ESP header.
909 struct rte_flow_item_esp {
910 struct esp_hdr hdr; /**< ESP header definition. */
913 /** Default mask for RTE_FLOW_ITEM_TYPE_ESP. */
915 static const struct rte_flow_item_esp rte_flow_item_esp_mask = {
923 * RTE_FLOW_ITEM_TYPE_GENEVE.
925 * Matches a GENEVE header.
927 struct rte_flow_item_geneve {
929 * Version (2b), length of the options fields (6b), OAM packet (1b),
930 * critical options present (1b), reserved 0 (6b).
932 rte_be16_t ver_opt_len_o_c_rsvd0;
933 rte_be16_t protocol; /**< Protocol type. */
934 uint8_t vni[3]; /**< Virtual Network Identifier. */
935 uint8_t rsvd1; /**< Reserved, normally 0x00. */
938 /** Default mask for RTE_FLOW_ITEM_TYPE_GENEVE. */
940 static const struct rte_flow_item_geneve rte_flow_item_geneve_mask = {
941 .vni = "\xff\xff\xff",
946 * RTE_FLOW_ITEM_TYPE_VXLAN_GPE (draft-ietf-nvo3-vxlan-gpe-05).
948 * Matches a VXLAN-GPE header.
950 struct rte_flow_item_vxlan_gpe {
951 uint8_t flags; /**< Normally 0x0c (I and P flags). */
952 uint8_t rsvd0[2]; /**< Reserved, normally 0x0000. */
953 uint8_t protocol; /**< Protocol type. */
954 uint8_t vni[3]; /**< VXLAN identifier. */
955 uint8_t rsvd1; /**< Reserved, normally 0x00. */
958 /** Default mask for RTE_FLOW_ITEM_TYPE_VXLAN_GPE. */
960 static const struct rte_flow_item_vxlan_gpe rte_flow_item_vxlan_gpe_mask = {
961 .vni = "\xff\xff\xff",
966 * RTE_FLOW_ITEM_TYPE_ARP_ETH_IPV4
968 * Matches an ARP header for Ethernet/IPv4.
970 struct rte_flow_item_arp_eth_ipv4 {
971 rte_be16_t hrd; /**< Hardware type, normally 1. */
972 rte_be16_t pro; /**< Protocol type, normally 0x0800. */
973 uint8_t hln; /**< Hardware address length, normally 6. */
974 uint8_t pln; /**< Protocol address length, normally 4. */
975 rte_be16_t op; /**< Opcode (1 for request, 2 for reply). */
976 struct ether_addr sha; /**< Sender hardware address. */
977 rte_be32_t spa; /**< Sender IPv4 address. */
978 struct ether_addr tha; /**< Target hardware address. */
979 rte_be32_t tpa; /**< Target IPv4 address. */
982 /** Default mask for RTE_FLOW_ITEM_TYPE_ARP_ETH_IPV4. */
984 static const struct rte_flow_item_arp_eth_ipv4
985 rte_flow_item_arp_eth_ipv4_mask = {
986 .sha.addr_bytes = "\xff\xff\xff\xff\xff\xff",
987 .spa = RTE_BE32(0xffffffff),
988 .tha.addr_bytes = "\xff\xff\xff\xff\xff\xff",
989 .tpa = RTE_BE32(0xffffffff),
994 * RTE_FLOW_ITEM_TYPE_IPV6_EXT
996 * Matches the presence of any IPv6 extension header.
998 * Normally preceded by any of:
1000 * - RTE_FLOW_ITEM_TYPE_IPV6
1001 * - RTE_FLOW_ITEM_TYPE_IPV6_EXT
1003 struct rte_flow_item_ipv6_ext {
1004 uint8_t next_hdr; /**< Next header. */
1007 /** Default mask for RTE_FLOW_ITEM_TYPE_IPV6_EXT. */
1010 struct rte_flow_item_ipv6_ext rte_flow_item_ipv6_ext_mask = {
1016 * RTE_FLOW_ITEM_TYPE_ICMP6
1018 * Matches any ICMPv6 header.
1020 struct rte_flow_item_icmp6 {
1021 uint8_t type; /**< ICMPv6 type. */
1022 uint8_t code; /**< ICMPv6 code. */
1023 uint16_t checksum; /**< ICMPv6 checksum. */
1026 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6. */
1028 static const struct rte_flow_item_icmp6 rte_flow_item_icmp6_mask = {
1035 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS
1037 * Matches an ICMPv6 neighbor discovery solicitation.
1039 struct rte_flow_item_icmp6_nd_ns {
1040 uint8_t type; /**< ICMPv6 type, normally 135. */
1041 uint8_t code; /**< ICMPv6 code, normally 0. */
1042 rte_be16_t checksum; /**< ICMPv6 checksum. */
1043 rte_be32_t reserved; /**< Reserved, normally 0. */
1044 uint8_t target_addr[16]; /**< Target address. */
1047 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS. */
1050 struct rte_flow_item_icmp6_nd_ns rte_flow_item_icmp6_nd_ns_mask = {
1052 "\xff\xff\xff\xff\xff\xff\xff\xff"
1053 "\xff\xff\xff\xff\xff\xff\xff\xff",
1058 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA
1060 * Matches an ICMPv6 neighbor discovery advertisement.
1062 struct rte_flow_item_icmp6_nd_na {
1063 uint8_t type; /**< ICMPv6 type, normally 136. */
1064 uint8_t code; /**< ICMPv6 code, normally 0. */
1065 rte_be16_t checksum; /**< ICMPv6 checksum. */
1067 * Route flag (1b), solicited flag (1b), override flag (1b),
1070 rte_be32_t rso_reserved;
1071 uint8_t target_addr[16]; /**< Target address. */
1074 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA. */
1077 struct rte_flow_item_icmp6_nd_na rte_flow_item_icmp6_nd_na_mask = {
1079 "\xff\xff\xff\xff\xff\xff\xff\xff"
1080 "\xff\xff\xff\xff\xff\xff\xff\xff",
1085 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT
1087 * Matches the presence of any ICMPv6 neighbor discovery option.
1089 * Normally preceded by any of:
1091 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA
1092 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS
1093 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT
1095 struct rte_flow_item_icmp6_nd_opt {
1096 uint8_t type; /**< ND option type. */
1097 uint8_t length; /**< ND option length. */
1100 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT. */
1102 static const struct rte_flow_item_icmp6_nd_opt
1103 rte_flow_item_icmp6_nd_opt_mask = {
1109 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_SLA_ETH
1111 * Matches an ICMPv6 neighbor discovery source Ethernet link-layer address
1114 * Normally preceded by any of:
1116 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA
1117 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT
1119 struct rte_flow_item_icmp6_nd_opt_sla_eth {
1120 uint8_t type; /**< ND option type, normally 1. */
1121 uint8_t length; /**< ND option length, normally 1. */
1122 struct ether_addr sla; /**< Source Ethernet LLA. */
1125 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_SLA_ETH. */
1127 static const struct rte_flow_item_icmp6_nd_opt_sla_eth
1128 rte_flow_item_icmp6_nd_opt_sla_eth_mask = {
1129 .sla.addr_bytes = "\xff\xff\xff\xff\xff\xff",
1134 * RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_TLA_ETH
1136 * Matches an ICMPv6 neighbor discovery target Ethernet link-layer address
1139 * Normally preceded by any of:
1141 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS
1142 * - RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT
1144 struct rte_flow_item_icmp6_nd_opt_tla_eth {
1145 uint8_t type; /**< ND option type, normally 2. */
1146 uint8_t length; /**< ND option length, normally 1. */
1147 struct ether_addr tla; /**< Target Ethernet LLA. */
1150 /** Default mask for RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_TLA_ETH. */
1152 static const struct rte_flow_item_icmp6_nd_opt_tla_eth
1153 rte_flow_item_icmp6_nd_opt_tla_eth_mask = {
1154 .tla.addr_bytes = "\xff\xff\xff\xff\xff\xff",
1160 * @b EXPERIMENTAL: this structure may change without prior notice
1162 * RTE_FLOW_ITEM_TYPE_MARK
1164 * Matches an arbitrary integer value which was set using the ``MARK`` action
1165 * in a previously matched rule.
1167 * This item can only be specified once as a match criteria as the ``MARK``
1168 * action can only be specified once in a flow action.
1170 * This value is arbitrary and application-defined. Maximum allowed value
1171 * depends on the underlying implementation.
1173 * Depending on the underlying implementation the MARK item may be supported on
1174 * the physical device, with virtual groups in the PMD or not at all.
1176 struct rte_flow_item_mark {
1177 uint32_t id; /**< Integer value to match against. */
1181 * Matching pattern item definition.
1183 * A pattern is formed by stacking items starting from the lowest protocol
1184 * layer to match. This stacking restriction does not apply to meta items
1185 * which can be placed anywhere in the stack without affecting the meaning
1186 * of the resulting pattern.
1188 * Patterns are terminated by END items.
1190 * The spec field should be a valid pointer to a structure of the related
1191 * item type. It may remain unspecified (NULL) in many cases to request
1192 * broad (nonspecific) matching. In such cases, last and mask must also be
1195 * Optionally, last can point to a structure of the same type to define an
1196 * inclusive range. This is mostly supported by integer and address fields,
1197 * may cause errors otherwise. Fields that do not support ranges must be set
1198 * to 0 or to the same value as the corresponding fields in spec.
1200 * Only the fields defined to nonzero values in the default masks (see
1201 * rte_flow_item_{name}_mask constants) are considered relevant by
1202 * default. This can be overridden by providing a mask structure of the
1203 * same type with applicable bits set to one. It can also be used to
1204 * partially filter out specific fields (e.g. as an alternate mean to match
1205 * ranges of IP addresses).
1207 * Mask is a simple bit-mask applied before interpreting the contents of
1208 * spec and last, which may yield unexpected results if not used
1209 * carefully. For example, if for an IPv4 address field, spec provides
1210 * 10.1.2.3, last provides 10.3.4.5 and mask provides 255.255.0.0, the
1211 * effective range becomes 10.1.0.0 to 10.3.255.255.
1213 struct rte_flow_item {
1214 enum rte_flow_item_type type; /**< Item type. */
1215 const void *spec; /**< Pointer to item specification structure. */
1216 const void *last; /**< Defines an inclusive range (spec to last). */
1217 const void *mask; /**< Bit-mask applied to spec and last. */
1223 * Each possible action is represented by a type. Some have associated
1224 * configuration structures. Several actions combined in a list can be
1225 * assigned to a flow rule and are performed in order.
1227 * They fall in three categories:
1229 * - Actions that modify the fate of matching traffic, for instance by
1230 * dropping or assigning it a specific destination.
1232 * - Actions that modify matching traffic contents or its properties. This
1233 * includes adding/removing encapsulation, encryption, compression and
1236 * - Actions related to the flow rule itself, such as updating counters or
1237 * making it non-terminating.
1239 * Flow rules being terminating by default, not specifying any action of the
1240 * fate kind results in undefined behavior. This applies to both ingress and
1243 * PASSTHRU, when supported, makes a flow rule non-terminating.
1245 enum rte_flow_action_type {
1247 * End marker for action lists. Prevents further processing of
1248 * actions, thereby ending the list.
1250 * No associated configuration structure.
1252 RTE_FLOW_ACTION_TYPE_END,
1255 * Used as a placeholder for convenience. It is ignored and simply
1256 * discarded by PMDs.
1258 * No associated configuration structure.
1260 RTE_FLOW_ACTION_TYPE_VOID,
1263 * Leaves traffic up for additional processing by subsequent flow
1264 * rules; makes a flow rule non-terminating.
1266 * No associated configuration structure.
1268 RTE_FLOW_ACTION_TYPE_PASSTHRU,
1271 * RTE_FLOW_ACTION_TYPE_JUMP
1273 * Redirects packets to a group on the current device.
1275 * See struct rte_flow_action_jump.
1277 RTE_FLOW_ACTION_TYPE_JUMP,
1280 * Attaches an integer value to packets and sets PKT_RX_FDIR and
1281 * PKT_RX_FDIR_ID mbuf flags.
1283 * See struct rte_flow_action_mark.
1285 RTE_FLOW_ACTION_TYPE_MARK,
1288 * Flags packets. Similar to MARK without a specific value; only
1289 * sets the PKT_RX_FDIR mbuf flag.
1291 * No associated configuration structure.
1293 RTE_FLOW_ACTION_TYPE_FLAG,
1296 * Assigns packets to a given queue index.
1298 * See struct rte_flow_action_queue.
1300 RTE_FLOW_ACTION_TYPE_QUEUE,
1305 * PASSTHRU overrides this action if both are specified.
1307 * No associated configuration structure.
1309 RTE_FLOW_ACTION_TYPE_DROP,
1312 * Enables counters for this flow rule.
1314 * These counters can be retrieved and reset through rte_flow_query(),
1315 * see struct rte_flow_query_count.
1317 * See struct rte_flow_action_count.
1319 RTE_FLOW_ACTION_TYPE_COUNT,
1322 * Similar to QUEUE, except RSS is additionally performed on packets
1323 * to spread them among several queues according to the provided
1326 * See struct rte_flow_action_rss.
1328 RTE_FLOW_ACTION_TYPE_RSS,
1331 * Directs matching traffic to the physical function (PF) of the
1334 * No associated configuration structure.
1336 RTE_FLOW_ACTION_TYPE_PF,
1339 * Directs matching traffic to a given virtual function of the
1342 * See struct rte_flow_action_vf.
1344 RTE_FLOW_ACTION_TYPE_VF,
1347 * Directs packets to a given physical port index of the underlying
1350 * See struct rte_flow_action_phy_port.
1352 RTE_FLOW_ACTION_TYPE_PHY_PORT,
1355 * Directs matching traffic to a given DPDK port ID.
1357 * See struct rte_flow_action_port_id.
1359 RTE_FLOW_ACTION_TYPE_PORT_ID,
1362 * Traffic metering and policing (MTR).
1364 * See struct rte_flow_action_meter.
1365 * See file rte_mtr.h for MTR object configuration.
1367 RTE_FLOW_ACTION_TYPE_METER,
1370 * Redirects packets to security engine of current device for security
1371 * processing as specified by security session.
1373 * See struct rte_flow_action_security.
1375 RTE_FLOW_ACTION_TYPE_SECURITY,
1378 * Implements OFPAT_SET_MPLS_TTL ("MPLS TTL") as defined by the
1379 * OpenFlow Switch Specification.
1381 * See struct rte_flow_action_of_set_mpls_ttl.
1383 RTE_FLOW_ACTION_TYPE_OF_SET_MPLS_TTL,
1386 * Implements OFPAT_DEC_MPLS_TTL ("decrement MPLS TTL") as defined
1387 * by the OpenFlow Switch Specification.
1389 * No associated configuration structure.
1391 RTE_FLOW_ACTION_TYPE_OF_DEC_MPLS_TTL,
1394 * Implements OFPAT_SET_NW_TTL ("IP TTL") as defined by the OpenFlow
1395 * Switch Specification.
1397 * See struct rte_flow_action_of_set_nw_ttl.
1399 RTE_FLOW_ACTION_TYPE_OF_SET_NW_TTL,
1402 * Implements OFPAT_DEC_NW_TTL ("decrement IP TTL") as defined by
1403 * the OpenFlow Switch Specification.
1405 * No associated configuration structure.
1407 RTE_FLOW_ACTION_TYPE_OF_DEC_NW_TTL,
1410 * Implements OFPAT_COPY_TTL_OUT ("copy TTL "outwards" -- from
1411 * next-to-outermost to outermost") as defined by the OpenFlow
1412 * Switch Specification.
1414 * No associated configuration structure.
1416 RTE_FLOW_ACTION_TYPE_OF_COPY_TTL_OUT,
1419 * Implements OFPAT_COPY_TTL_IN ("copy TTL "inwards" -- from
1420 * outermost to next-to-outermost") as defined by the OpenFlow
1421 * Switch Specification.
1423 * No associated configuration structure.
1425 RTE_FLOW_ACTION_TYPE_OF_COPY_TTL_IN,
1428 * Implements OFPAT_POP_VLAN ("pop the outer VLAN tag") as defined
1429 * by the OpenFlow Switch Specification.
1431 * No associated configuration structure.
1433 RTE_FLOW_ACTION_TYPE_OF_POP_VLAN,
1436 * Implements OFPAT_PUSH_VLAN ("push a new VLAN tag") as defined by
1437 * the OpenFlow Switch Specification.
1439 * See struct rte_flow_action_of_push_vlan.
1441 RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN,
1444 * Implements OFPAT_SET_VLAN_VID ("set the 802.1q VLAN id") as
1445 * defined by the OpenFlow Switch Specification.
1447 * See struct rte_flow_action_of_set_vlan_vid.
1449 RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID,
1452 * Implements OFPAT_SET_LAN_PCP ("set the 802.1q priority") as
1453 * defined by the OpenFlow Switch Specification.
1455 * See struct rte_flow_action_of_set_vlan_pcp.
1457 RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP,
1460 * Implements OFPAT_POP_MPLS ("pop the outer MPLS tag") as defined
1461 * by the OpenFlow Switch Specification.
1463 * See struct rte_flow_action_of_pop_mpls.
1465 RTE_FLOW_ACTION_TYPE_OF_POP_MPLS,
1468 * Implements OFPAT_PUSH_MPLS ("push a new MPLS tag") as defined by
1469 * the OpenFlow Switch Specification.
1471 * See struct rte_flow_action_of_push_mpls.
1473 RTE_FLOW_ACTION_TYPE_OF_PUSH_MPLS,
1476 * Encapsulate flow in VXLAN tunnel as defined in
1477 * rte_flow_action_vxlan_encap action structure.
1479 * See struct rte_flow_action_vxlan_encap.
1481 RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP,
1484 * Decapsulate outer most VXLAN tunnel from matched flow.
1486 * If flow pattern does not define a valid VXLAN tunnel (as specified by
1487 * RFC7348) then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION
1490 RTE_FLOW_ACTION_TYPE_VXLAN_DECAP,
1493 * Encapsulate flow in NVGRE tunnel defined in the
1494 * rte_flow_action_nvgre_encap action structure.
1496 * See struct rte_flow_action_nvgre_encap.
1498 RTE_FLOW_ACTION_TYPE_NVGRE_ENCAP,
1501 * Decapsulate outer most NVGRE tunnel from matched flow.
1503 * If flow pattern does not define a valid NVGRE tunnel (as specified by
1504 * RFC7637) then the PMD should return a RTE_FLOW_ERROR_TYPE_ACTION
1507 RTE_FLOW_ACTION_TYPE_NVGRE_DECAP,
1511 * RTE_FLOW_ACTION_TYPE_MARK
1513 * Attaches an integer value to packets and sets PKT_RX_FDIR and
1514 * PKT_RX_FDIR_ID mbuf flags.
1516 * This value is arbitrary and application-defined. Maximum allowed value
1517 * depends on the underlying implementation. It is returned in the
1518 * hash.fdir.hi mbuf field.
1520 struct rte_flow_action_mark {
1521 uint32_t id; /**< Integer value to return with packets. */
1526 * @b EXPERIMENTAL: this structure may change without prior notice
1528 * RTE_FLOW_ACTION_TYPE_JUMP
1530 * Redirects packets to a group on the current device.
1532 * In a hierarchy of groups, which can be used to represent physical or logical
1533 * flow tables on the device, this action allows the action to be a redirect to
1534 * a group on that device.
1536 struct rte_flow_action_jump {
1541 * RTE_FLOW_ACTION_TYPE_QUEUE
1543 * Assign packets to a given queue index.
1545 struct rte_flow_action_queue {
1546 uint16_t index; /**< Queue index to use. */
1552 * @b EXPERIMENTAL: this structure may change without prior notice
1554 * RTE_FLOW_ACTION_TYPE_COUNT
1556 * Adds a counter action to a matched flow.
1558 * If more than one count action is specified in a single flow rule, then each
1559 * action must specify a unique id.
1561 * Counters can be retrieved and reset through ``rte_flow_query()``, see
1562 * ``struct rte_flow_query_count``.
1564 * The shared flag indicates whether the counter is unique to the flow rule the
1565 * action is specified with, or whether it is a shared counter.
1567 * For a count action with the shared flag set, then then a global device
1568 * namespace is assumed for the counter id, so that any matched flow rules using
1569 * a count action with the same counter id on the same port will contribute to
1572 * For ports within the same switch domain then the counter id namespace extends
1573 * to all ports within that switch domain.
1575 struct rte_flow_action_count {
1576 uint32_t shared:1; /**< Share counter ID with other flow rules. */
1577 uint32_t reserved:31; /**< Reserved, must be zero. */
1578 uint32_t id; /**< Counter ID. */
1582 * RTE_FLOW_ACTION_TYPE_COUNT (query)
1584 * Query structure to retrieve and reset flow rule counters.
1586 struct rte_flow_query_count {
1587 uint32_t reset:1; /**< Reset counters after query [in]. */
1588 uint32_t hits_set:1; /**< hits field is set [out]. */
1589 uint32_t bytes_set:1; /**< bytes field is set [out]. */
1590 uint32_t reserved:29; /**< Reserved, must be zero [in, out]. */
1591 uint64_t hits; /**< Number of hits for this rule [out]. */
1592 uint64_t bytes; /**< Number of bytes through this rule [out]. */
1596 * RTE_FLOW_ACTION_TYPE_RSS
1598 * Similar to QUEUE, except RSS is additionally performed on packets to
1599 * spread them among several queues according to the provided parameters.
1601 * Unlike global RSS settings used by other DPDK APIs, unsetting the
1602 * @p types field does not disable RSS in a flow rule. Doing so instead
1603 * requests safe unspecified "best-effort" settings from the underlying PMD,
1604 * which depending on the flow rule, may result in anything ranging from
1605 * empty (single queue) to all-inclusive RSS.
1607 * Note: RSS hash result is stored in the hash.rss mbuf field which overlaps
1608 * hash.fdir.lo. Since the MARK action sets the hash.fdir.hi field only,
1609 * both can be requested simultaneously.
1611 struct rte_flow_action_rss {
1612 enum rte_eth_hash_function func; /**< RSS hash function to apply. */
1614 * Packet encapsulation level RSS hash @p types apply to.
1616 * - @p 0 requests the default behavior. Depending on the packet
1617 * type, it can mean outermost, innermost, anything in between or
1620 * It basically stands for the innermost encapsulation level RSS
1621 * can be performed on according to PMD and device capabilities.
1623 * - @p 1 requests RSS to be performed on the outermost packet
1624 * encapsulation level.
1626 * - @p 2 and subsequent values request RSS to be performed on the
1627 * specified inner packet encapsulation level, from outermost to
1628 * innermost (lower to higher values).
1630 * Values other than @p 0 are not necessarily supported.
1632 * Requesting a specific RSS level on unrecognized traffic results
1633 * in undefined behavior. For predictable results, it is recommended
1634 * to make the flow rule pattern match packet headers up to the
1635 * requested encapsulation level so that only matching traffic goes
1639 uint64_t types; /**< Specific RSS hash types (see ETH_RSS_*). */
1640 uint32_t key_len; /**< Hash key length in bytes. */
1641 uint32_t queue_num; /**< Number of entries in @p queue. */
1642 const uint8_t *key; /**< Hash key. */
1643 const uint16_t *queue; /**< Queue indices to use. */
1647 * RTE_FLOW_ACTION_TYPE_VF
1649 * Directs matching traffic to a given virtual function of the current
1652 * Packets matched by a VF pattern item can be redirected to their original
1653 * VF ID instead of the specified one. This parameter may not be available
1654 * and is not guaranteed to work properly if the VF part is matched by a
1655 * prior flow rule or if packets are not addressed to a VF in the first
1658 struct rte_flow_action_vf {
1659 uint32_t original:1; /**< Use original VF ID if possible. */
1660 uint32_t reserved:31; /**< Reserved, must be zero. */
1661 uint32_t id; /**< VF ID. */
1665 * RTE_FLOW_ACTION_TYPE_PHY_PORT
1667 * Directs packets to a given physical port index of the underlying
1670 * @see RTE_FLOW_ITEM_TYPE_PHY_PORT
1672 struct rte_flow_action_phy_port {
1673 uint32_t original:1; /**< Use original port index if possible. */
1674 uint32_t reserved:31; /**< Reserved, must be zero. */
1675 uint32_t index; /**< Physical port index. */
1679 * RTE_FLOW_ACTION_TYPE_PORT_ID
1681 * Directs matching traffic to a given DPDK port ID.
1683 * @see RTE_FLOW_ITEM_TYPE_PORT_ID
1685 struct rte_flow_action_port_id {
1686 uint32_t original:1; /**< Use original DPDK port ID if possible. */
1687 uint32_t reserved:31; /**< Reserved, must be zero. */
1688 uint32_t id; /**< DPDK port ID. */
1692 * RTE_FLOW_ACTION_TYPE_METER
1694 * Traffic metering and policing (MTR).
1696 * Packets matched by items of this type can be either dropped or passed to the
1697 * next item with their color set by the MTR object.
1699 struct rte_flow_action_meter {
1700 uint32_t mtr_id; /**< MTR object ID created with rte_mtr_create(). */
1704 * RTE_FLOW_ACTION_TYPE_SECURITY
1706 * Perform the security action on flows matched by the pattern items
1707 * according to the configuration of the security session.
1709 * This action modifies the payload of matched flows. For INLINE_CRYPTO, the
1710 * security protocol headers and IV are fully provided by the application as
1711 * specified in the flow pattern. The payload of matching packets is
1712 * encrypted on egress, and decrypted and authenticated on ingress.
1713 * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW,
1714 * providing full encapsulation and decapsulation of packets in security
1715 * protocols. The flow pattern specifies both the outer security header fields
1716 * and the inner packet fields. The security session specified in the action
1717 * must match the pattern parameters.
1719 * The security session specified in the action must be created on the same
1720 * port as the flow action that is being specified.
1722 * The ingress/egress flow attribute should match that specified in the
1723 * security session if the security session supports the definition of the
1726 * Multiple flows can be configured to use the same security session.
1728 struct rte_flow_action_security {
1729 void *security_session; /**< Pointer to security session structure. */
1733 * RTE_FLOW_ACTION_TYPE_OF_SET_MPLS_TTL
1735 * Implements OFPAT_SET_MPLS_TTL ("MPLS TTL") as defined by the OpenFlow
1736 * Switch Specification.
1738 struct rte_flow_action_of_set_mpls_ttl {
1739 uint8_t mpls_ttl; /**< MPLS TTL. */
1743 * RTE_FLOW_ACTION_TYPE_OF_SET_NW_TTL
1745 * Implements OFPAT_SET_NW_TTL ("IP TTL") as defined by the OpenFlow Switch
1748 struct rte_flow_action_of_set_nw_ttl {
1749 uint8_t nw_ttl; /**< IP TTL. */
1753 * RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN
1755 * Implements OFPAT_PUSH_VLAN ("push a new VLAN tag") as defined by the
1756 * OpenFlow Switch Specification.
1758 struct rte_flow_action_of_push_vlan {
1759 rte_be16_t ethertype; /**< EtherType. */
1763 * RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID
1765 * Implements OFPAT_SET_VLAN_VID ("set the 802.1q VLAN id") as defined by
1766 * the OpenFlow Switch Specification.
1768 struct rte_flow_action_of_set_vlan_vid {
1769 rte_be16_t vlan_vid; /**< VLAN id. */
1773 * RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP
1775 * Implements OFPAT_SET_LAN_PCP ("set the 802.1q priority") as defined by
1776 * the OpenFlow Switch Specification.
1778 struct rte_flow_action_of_set_vlan_pcp {
1779 uint8_t vlan_pcp; /**< VLAN priority. */
1783 * RTE_FLOW_ACTION_TYPE_OF_POP_MPLS
1785 * Implements OFPAT_POP_MPLS ("pop the outer MPLS tag") as defined by the
1786 * OpenFlow Switch Specification.
1788 struct rte_flow_action_of_pop_mpls {
1789 rte_be16_t ethertype; /**< EtherType. */
1793 * RTE_FLOW_ACTION_TYPE_OF_PUSH_MPLS
1795 * Implements OFPAT_PUSH_MPLS ("push a new MPLS tag") as defined by the
1796 * OpenFlow Switch Specification.
1798 struct rte_flow_action_of_push_mpls {
1799 rte_be16_t ethertype; /**< EtherType. */
1804 * @b EXPERIMENTAL: this structure may change without prior notice
1806 * RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP
1808 * VXLAN tunnel end-point encapsulation data definition
1810 * The tunnel definition is provided through the flow item pattern, the
1811 * provided pattern must conform to RFC7348 for the tunnel specified. The flow
1812 * definition must be provided in order from the RTE_FLOW_ITEM_TYPE_ETH
1813 * definition up the end item which is specified by RTE_FLOW_ITEM_TYPE_END.
1815 * The mask field allows user to specify which fields in the flow item
1816 * definitions can be ignored and which have valid data and can be used
1819 * Note: the last field is not used in the definition of a tunnel and can be
1822 * Valid flow definition for RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP include:
1824 * - ETH / IPV4 / UDP / VXLAN / END
1825 * - ETH / IPV6 / UDP / VXLAN / END
1826 * - ETH / VLAN / IPV4 / UDP / VXLAN / END
1829 struct rte_flow_action_vxlan_encap {
1831 * Encapsulating vxlan tunnel definition
1832 * (terminated by the END pattern item).
1834 struct rte_flow_item *definition;
1839 * @b EXPERIMENTAL: this structure may change without prior notice
1841 * RTE_FLOW_ACTION_TYPE_NVGRE_ENCAP
1843 * NVGRE tunnel end-point encapsulation data definition
1845 * The tunnel definition is provided through the flow item pattern the
1846 * provided pattern must conform with RFC7637. The flow definition must be
1847 * provided in order from the RTE_FLOW_ITEM_TYPE_ETH definition up the end item
1848 * which is specified by RTE_FLOW_ITEM_TYPE_END.
1850 * The mask field allows user to specify which fields in the flow item
1851 * definitions can be ignored and which have valid data and can be used
1854 * Note: the last field is not used in the definition of a tunnel and can be
1857 * Valid flow definition for RTE_FLOW_ACTION_TYPE_NVGRE_ENCAP include:
1859 * - ETH / IPV4 / NVGRE / END
1860 * - ETH / VLAN / IPV6 / NVGRE / END
1863 struct rte_flow_action_nvgre_encap {
1865 * Encapsulating vxlan tunnel definition
1866 * (terminated by the END pattern item).
1868 struct rte_flow_item *definition;
1872 * Definition of a single action.
1874 * A list of actions is terminated by a END action.
1876 * For simple actions without a configuration structure, conf remains NULL.
1878 struct rte_flow_action {
1879 enum rte_flow_action_type type; /**< Action type. */
1880 const void *conf; /**< Pointer to action configuration structure. */
1884 * Opaque type returned after successfully creating a flow.
1886 * This handle can be used to manage and query the related flow (e.g. to
1887 * destroy it or retrieve counters).
1892 * Verbose error types.
1894 * Most of them provide the type of the object referenced by struct
1895 * rte_flow_error.cause.
1897 enum rte_flow_error_type {
1898 RTE_FLOW_ERROR_TYPE_NONE, /**< No error. */
1899 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, /**< Cause unspecified. */
1900 RTE_FLOW_ERROR_TYPE_HANDLE, /**< Flow rule (handle). */
1901 RTE_FLOW_ERROR_TYPE_ATTR_GROUP, /**< Group field. */
1902 RTE_FLOW_ERROR_TYPE_ATTR_PRIORITY, /**< Priority field. */
1903 RTE_FLOW_ERROR_TYPE_ATTR_INGRESS, /**< Ingress field. */
1904 RTE_FLOW_ERROR_TYPE_ATTR_EGRESS, /**< Egress field. */
1905 RTE_FLOW_ERROR_TYPE_ATTR_TRANSFER, /**< Transfer field. */
1906 RTE_FLOW_ERROR_TYPE_ATTR, /**< Attributes structure. */
1907 RTE_FLOW_ERROR_TYPE_ITEM_NUM, /**< Pattern length. */
1908 RTE_FLOW_ERROR_TYPE_ITEM_SPEC, /**< Item specification. */
1909 RTE_FLOW_ERROR_TYPE_ITEM_LAST, /**< Item specification range. */
1910 RTE_FLOW_ERROR_TYPE_ITEM_MASK, /**< Item specification mask. */
1911 RTE_FLOW_ERROR_TYPE_ITEM, /**< Specific pattern item. */
1912 RTE_FLOW_ERROR_TYPE_ACTION_NUM, /**< Number of actions. */
1913 RTE_FLOW_ERROR_TYPE_ACTION_CONF, /**< Action configuration. */
1914 RTE_FLOW_ERROR_TYPE_ACTION, /**< Specific action. */
1918 * Verbose error structure definition.
1920 * This object is normally allocated by applications and set by PMDs, the
1921 * message points to a constant string which does not need to be freed by
1922 * the application, however its pointer can be considered valid only as long
1923 * as its associated DPDK port remains configured. Closing the underlying
1924 * device or unloading the PMD invalidates it.
1926 * Both cause and message may be NULL regardless of the error type.
1928 struct rte_flow_error {
1929 enum rte_flow_error_type type; /**< Cause field and error types. */
1930 const void *cause; /**< Object responsible for the error. */
1931 const char *message; /**< Human-readable error message. */
1935 * Check whether a flow rule can be created on a given port.
1937 * The flow rule is validated for correctness and whether it could be accepted
1938 * by the device given sufficient resources. The rule is checked against the
1939 * current device mode and queue configuration. The flow rule may also
1940 * optionally be validated against existing flow rules and device resources.
1941 * This function has no effect on the target device.
1943 * The returned value is guaranteed to remain valid only as long as no
1944 * successful calls to rte_flow_create() or rte_flow_destroy() are made in
1945 * the meantime and no device parameter affecting flow rules in any way are
1946 * modified, due to possible collisions or resource limitations (although in
1947 * such cases EINVAL should not be returned).
1950 * Port identifier of Ethernet device.
1952 * Flow rule attributes.
1953 * @param[in] pattern
1954 * Pattern specification (list terminated by the END pattern item).
1955 * @param[in] actions
1956 * Associated actions (list terminated by the END action).
1958 * Perform verbose error reporting if not NULL. PMDs initialize this
1959 * structure in case of error only.
1962 * 0 if flow rule is valid and can be created. A negative errno value
1963 * otherwise (rte_errno is also set), the following errors are defined:
1965 * -ENOSYS: underlying device does not support this functionality.
1967 * -EIO: underlying device is removed.
1969 * -EINVAL: unknown or invalid rule specification.
1971 * -ENOTSUP: valid but unsupported rule specification (e.g. partial
1972 * bit-masks are unsupported).
1974 * -EEXIST: collision with an existing rule. Only returned if device
1975 * supports flow rule collision checking and there was a flow rule
1976 * collision. Not receiving this return code is no guarantee that creating
1977 * the rule will not fail due to a collision.
1979 * -ENOMEM: not enough memory to execute the function, or if the device
1980 * supports resource validation, resource limitation on the device.
1982 * -EBUSY: action cannot be performed due to busy device resources, may
1983 * succeed if the affected queues or even the entire port are in a stopped
1984 * state (see rte_eth_dev_rx_queue_stop() and rte_eth_dev_stop()).
1987 rte_flow_validate(uint16_t port_id,
1988 const struct rte_flow_attr *attr,
1989 const struct rte_flow_item pattern[],
1990 const struct rte_flow_action actions[],
1991 struct rte_flow_error *error);
1994 * Create a flow rule on a given port.
1997 * Port identifier of Ethernet device.
1999 * Flow rule attributes.
2000 * @param[in] pattern
2001 * Pattern specification (list terminated by the END pattern item).
2002 * @param[in] actions
2003 * Associated actions (list terminated by the END action).
2005 * Perform verbose error reporting if not NULL. PMDs initialize this
2006 * structure in case of error only.
2009 * A valid handle in case of success, NULL otherwise and rte_errno is set
2010 * to the positive version of one of the error codes defined for
2011 * rte_flow_validate().
2014 rte_flow_create(uint16_t port_id,
2015 const struct rte_flow_attr *attr,
2016 const struct rte_flow_item pattern[],
2017 const struct rte_flow_action actions[],
2018 struct rte_flow_error *error);
2021 * Destroy a flow rule on a given port.
2023 * Failure to destroy a flow rule handle may occur when other flow rules
2024 * depend on it, and destroying it would result in an inconsistent state.
2026 * This function is only guaranteed to succeed if handles are destroyed in
2027 * reverse order of their creation.
2030 * Port identifier of Ethernet device.
2032 * Flow rule handle to destroy.
2034 * Perform verbose error reporting if not NULL. PMDs initialize this
2035 * structure in case of error only.
2038 * 0 on success, a negative errno value otherwise and rte_errno is set.
2041 rte_flow_destroy(uint16_t port_id,
2042 struct rte_flow *flow,
2043 struct rte_flow_error *error);
2046 * Destroy all flow rules associated with a port.
2048 * In the unlikely event of failure, handles are still considered destroyed
2049 * and no longer valid but the port must be assumed to be in an inconsistent
2053 * Port identifier of Ethernet device.
2055 * Perform verbose error reporting if not NULL. PMDs initialize this
2056 * structure in case of error only.
2059 * 0 on success, a negative errno value otherwise and rte_errno is set.
2062 rte_flow_flush(uint16_t port_id,
2063 struct rte_flow_error *error);
2066 * Query an existing flow rule.
2068 * This function allows retrieving flow-specific data such as counters.
2069 * Data is gathered by special actions which must be present in the flow
2072 * \see RTE_FLOW_ACTION_TYPE_COUNT
2075 * Port identifier of Ethernet device.
2077 * Flow rule handle to query.
2079 * Action definition as defined in original flow rule.
2080 * @param[in, out] data
2081 * Pointer to storage for the associated query data type.
2083 * Perform verbose error reporting if not NULL. PMDs initialize this
2084 * structure in case of error only.
2087 * 0 on success, a negative errno value otherwise and rte_errno is set.
2090 rte_flow_query(uint16_t port_id,
2091 struct rte_flow *flow,
2092 const struct rte_flow_action *action,
2094 struct rte_flow_error *error);
2097 * Restrict ingress traffic to the defined flow rules.
2099 * Isolated mode guarantees that all ingress traffic comes from defined flow
2100 * rules only (current and future).
2102 * Besides making ingress more deterministic, it allows PMDs to safely reuse
2103 * resources otherwise assigned to handle the remaining traffic, such as
2104 * global RSS configuration settings, VLAN filters, MAC address entries,
2105 * legacy filter API rules and so on in order to expand the set of possible
2108 * Calling this function as soon as possible after device initialization,
2109 * ideally before the first call to rte_eth_dev_configure(), is recommended
2110 * to avoid possible failures due to conflicting settings.
2112 * Once effective, leaving isolated mode may not be possible depending on
2113 * PMD implementation.
2115 * Additionally, the following functionality has no effect on the underlying
2116 * port and may return errors such as ENOTSUP ("not supported"):
2118 * - Toggling promiscuous mode.
2119 * - Toggling allmulticast mode.
2120 * - Configuring MAC addresses.
2121 * - Configuring multicast addresses.
2122 * - Configuring VLAN filters.
2123 * - Configuring Rx filters through the legacy API (e.g. FDIR).
2124 * - Configuring global RSS settings.
2127 * Port identifier of Ethernet device.
2129 * Nonzero to enter isolated mode, attempt to leave it otherwise.
2131 * Perform verbose error reporting if not NULL. PMDs initialize this
2132 * structure in case of error only.
2135 * 0 on success, a negative errno value otherwise and rte_errno is set.
2138 rte_flow_isolate(uint16_t port_id, int set, struct rte_flow_error *error);
2141 * Initialize flow error structure.
2144 * Pointer to flow error structure (may be NULL).
2146 * Related error code (rte_errno).
2148 * Cause field and error types.
2150 * Object responsible for the error.
2152 * Human-readable error message.
2155 * Negative error code (errno value) and rte_errno is set.
2158 rte_flow_error_set(struct rte_flow_error *error,
2160 enum rte_flow_error_type type,
2162 const char *message);
2165 * Generic flow representation.
2167 * This form is sufficient to describe an rte_flow independently from any
2168 * PMD implementation and allows for replayability and identification.
2170 struct rte_flow_desc {
2171 size_t size; /**< Allocated space including data[]. */
2172 struct rte_flow_attr attr; /**< Attributes. */
2173 struct rte_flow_item *items; /**< Items. */
2174 struct rte_flow_action *actions; /**< Actions. */
2175 uint8_t data[]; /**< Storage for items/actions. */
2179 * Copy an rte_flow rule description.
2182 * Flow rule description.
2184 * Total size of allocated data for the flow description.
2186 * Flow rule attributes.
2188 * Pattern specification (list terminated by the END pattern item).
2189 * @param[in] actions
2190 * Associated actions (list terminated by the END action).
2193 * If len is greater or equal to the size of the flow, the total size of the
2194 * flow description and its data.
2195 * If len is lower than the size of the flow, the number of bytes that would
2196 * have been written to desc had it been sufficient. Nothing is written.
2199 rte_flow_copy(struct rte_flow_desc *fd, size_t len,
2200 const struct rte_flow_attr *attr,
2201 const struct rte_flow_item *items,
2202 const struct rte_flow_action *actions);
2208 #endif /* RTE_FLOW_H_ */