1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2010-2014 Intel Corporation
21 * Legacy support for 7-tuple IPv4 and VLAN rule.
22 * This structure and corresponding API is deprecated.
24 struct rte_acl_ipv4vlan_rule {
25 struct rte_acl_rule_data data; /**< Miscellaneous data for the rule. */
26 uint8_t proto; /**< IPv4 protocol ID. */
27 uint8_t proto_mask; /**< IPv4 protocol ID mask. */
28 uint16_t vlan; /**< VLAN ID. */
29 uint16_t vlan_mask; /**< VLAN ID mask. */
30 uint16_t domain; /**< VLAN domain. */
31 uint16_t domain_mask; /**< VLAN domain mask. */
32 uint32_t src_addr; /**< IPv4 source address. */
33 uint32_t src_mask_len; /**< IPv4 source address mask. */
34 uint32_t dst_addr; /**< IPv4 destination address. */
35 uint32_t dst_mask_len; /**< IPv4 destination address mask. */
36 uint16_t src_port_low; /**< L4 source port low. */
37 uint16_t src_port_high; /**< L4 source port high. */
38 uint16_t dst_port_low; /**< L4 destination port low. */
39 uint16_t dst_port_high; /**< L4 destination port high. */
43 * Specifies fields layout inside rte_acl_rule for rte_acl_ipv4vlan_rule.
46 RTE_ACL_IPV4VLAN_PROTO_FIELD,
47 RTE_ACL_IPV4VLAN_VLAN1_FIELD,
48 RTE_ACL_IPV4VLAN_VLAN2_FIELD,
49 RTE_ACL_IPV4VLAN_SRC_FIELD,
50 RTE_ACL_IPV4VLAN_DST_FIELD,
51 RTE_ACL_IPV4VLAN_SRCP_FIELD,
52 RTE_ACL_IPV4VLAN_DSTP_FIELD,
53 RTE_ACL_IPV4VLAN_NUM_FIELDS
57 * Macro to define rule size for rte_acl_ipv4vlan_rule.
59 #define RTE_ACL_IPV4VLAN_RULE_SZ \
60 RTE_ACL_RULE_SZ(RTE_ACL_IPV4VLAN_NUM_FIELDS)
63 * That effectively defines order of IPV4VLAN classifications:
65 * - VLAN (TAG and DOMAIN)
68 * - PORTS (SRC and DST)
71 RTE_ACL_IPV4VLAN_PROTO,
72 RTE_ACL_IPV4VLAN_VLAN,
75 RTE_ACL_IPV4VLAN_PORTS,
79 /* rules for invalid layout test */
80 struct rte_acl_ipv4vlan_rule invalid_layout_rules[] = {
81 /* test src and dst address */
83 .data = {.userdata = 1, .category_mask = 1,
85 .src_addr = IPv4(10,0,0,0),
89 .data = {.userdata = 2, .category_mask = 1,
91 .dst_addr = IPv4(10,0,0,0),
94 /* test src and dst ports */
96 .data = {.userdata = 3, .category_mask = 1,
102 .data = {.userdata = 4, .category_mask = 1,
105 .src_port_high = 100,
109 .data = {.userdata = 5, .category_mask = 1,
115 .data = {.userdata = 6, .category_mask = 1,
118 .dst_port_high = 0xf,
122 /* these might look odd because they don't match up the rules. This is
123 * intentional, as the invalid layout test presumes returning the correct
124 * results using the wrong data layout.
126 struct ipv4_7tuple invalid_layout_data[] = {
127 {.ip_src = IPv4(10,0,1,0)}, /* should not match */
128 {.ip_src = IPv4(10,0,0,1), .allow = 2}, /* should match 2 */
129 {.port_src = 100, .allow = 4}, /* should match 4 */
130 {.port_dst = 0xf, .allow = 6}, /* should match 6 */
135 #define ACL_ALLOW_MASK 0x1
136 #define ACL_DENY_MASK 0x2
138 /* ruleset for ACL unit test */
139 struct rte_acl_ipv4vlan_rule acl_test_rules[] = {
140 /* destination IP addresses */
141 /* matches all packets traveling to 192.168.0.0/16 */
143 .data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK,
145 .dst_addr = IPv4(192,168,0,0),
148 .src_port_high = 0xffff,
150 .dst_port_high = 0xffff,
152 /* matches all packets traveling to 192.168.1.0/24 */
154 .data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK,
156 .dst_addr = IPv4(192,168,1,0),
159 .src_port_high = 0xffff,
161 .dst_port_high = 0xffff,
163 /* matches all packets traveling to 192.168.1.50 */
165 .data = {.userdata = 3, .category_mask = ACL_DENY_MASK,
167 .dst_addr = IPv4(192,168,1,50),
170 .src_port_high = 0xffff,
172 .dst_port_high = 0xffff,
175 /* source IP addresses */
176 /* matches all packets traveling from 10.0.0.0/8 */
178 .data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK,
180 .src_addr = IPv4(10,0,0,0),
183 .src_port_high = 0xffff,
185 .dst_port_high = 0xffff,
187 /* matches all packets traveling from 10.1.1.0/24 */
189 .data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK,
191 .src_addr = IPv4(10,1,1,0),
194 .src_port_high = 0xffff,
196 .dst_port_high = 0xffff,
198 /* matches all packets traveling from 10.1.1.1 */
200 .data = {.userdata = 6, .category_mask = ACL_DENY_MASK,
202 .src_addr = IPv4(10,1,1,1),
205 .src_port_high = 0xffff,
207 .dst_port_high = 0xffff,
211 /* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */
213 .data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK,
218 .src_port_high = 0xffff,
220 .dst_port_high = 0xffff,
222 /* matches all packets with VLAN tags that have 0x5 in them */
224 .data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK,
229 .src_port_high = 0xffff,
231 .dst_port_high = 0xffff,
233 /* matches all packets with VLAN tag 5 */
235 .data = {.userdata = 9, .category_mask = ACL_DENY_MASK,
240 .src_port_high = 0xffff,
242 .dst_port_high = 0xffff,
246 /* matches all packets with lower 7 bytes of domain equal to 0x64 */
248 .data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK,
253 .src_port_high = 0xffff,
255 .dst_port_high = 0xffff,
257 /* matches all packets with domains that have 0x5 in them */
259 .data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK,
264 .src_port_high = 0xffff,
266 .dst_port_high = 0xffff,
268 /* matches all packets with domain 5 */
270 .data = {.userdata = 12, .category_mask = ACL_DENY_MASK,
273 .domain_mask = 0xffff,
275 .src_port_high = 0xffff,
277 .dst_port_high = 0xffff,
280 /* destination port */
281 /* matches everything with dst port 80 */
283 .data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK,
288 .src_port_high = 0xffff,
290 /* matches everything with dst port 22-1023 */
292 .data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK,
295 .dst_port_high = 1023,
297 .src_port_high = 0xffff,
299 /* matches everything with dst port 1020 */
301 .data = {.userdata = 15, .category_mask = ACL_DENY_MASK,
303 .dst_port_low = 1020,
304 .dst_port_high = 1020,
306 .src_port_high = 0xffff,
308 /* matches everything with dst portrange 1000-2000 */
310 .data = {.userdata = 16, .category_mask = ACL_DENY_MASK,
312 .dst_port_low = 1000,
313 .dst_port_high = 2000,
315 .src_port_high = 0xffff,
319 /* matches everything with src port 80 */
321 .data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK,
326 .dst_port_high = 0xffff,
328 /* matches everything with src port 22-1023 */
330 .data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK,
333 .src_port_high = 1023,
335 .dst_port_high = 0xffff,
337 /* matches everything with src port 1020 */
339 .data = {.userdata = 19, .category_mask = ACL_DENY_MASK,
341 .src_port_low = 1020,
342 .src_port_high = 1020,
344 .dst_port_high = 0xffff,
346 /* matches everything with src portrange 1000-2000 */
348 .data = {.userdata = 20, .category_mask = ACL_DENY_MASK,
350 .src_port_low = 1000,
351 .src_port_high = 2000,
353 .dst_port_high = 0xffff,
356 /* protocol number */
357 /* matches all packets with protocol number either 0x64 or 0xE4 */
359 .data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK,
364 .src_port_high = 0xffff,
366 .dst_port_high = 0xffff,
368 /* matches all packets with protocol that have 0x5 in them */
370 .data = {.userdata = 22, .category_mask = ACL_ALLOW_MASK,
375 .src_port_high = 0xffff,
377 .dst_port_high = 0xffff,
379 /* matches all packets with protocol 5 */
381 .data = {.userdata = 23, .category_mask = ACL_DENY_MASK,
386 .src_port_high = 0xffff,
388 .dst_port_high = 0xffff,
391 /* rules combining various fields */
393 .data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK,
395 /** make sure that unmasked bytes don't fail! */
396 .dst_addr = IPv4(1,2,3,4),
398 .src_addr = IPv4(5,6,7,8),
403 .src_port_high = 0xffff,
405 .dst_port_high = 1024,
409 .domain_mask = 0xffff,
412 .data = {.userdata = 25, .category_mask = ACL_DENY_MASK,
414 .dst_addr = IPv4(5,6,7,8),
416 .src_addr = IPv4(1,2,3,4),
421 .src_port_high = 0xffff,
423 .dst_port_high = 1024,
427 .domain_mask = 0xffff,
430 .data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK,
432 .dst_addr = IPv4(1,2,3,4),
434 .src_addr = IPv4(5,6,7,8),
439 .src_port_high = 0xffff,
441 .dst_port_high = 1024,
446 .data = {.userdata = 27, .category_mask = ACL_DENY_MASK,
448 .dst_addr = IPv4(5,6,7,8),
450 .src_addr = IPv4(1,2,3,4),
455 .src_port_high = 0xffff,
457 .dst_port_high = 1024,
463 /* data for ACL unit test */
464 struct ipv4_7tuple acl_test_data[] = {
465 /* testing single rule aspects */
466 {.ip_src = IPv4(10,0,0,0), .allow = 4}, /* should match 4 */
467 {.ip_src = IPv4(10,1,1,2), .allow = 5}, /* should match 5 */
468 {.ip_src = IPv4(10,1,1,1), .allow = 5,
469 .deny = 6}, /* should match 5, 6 */
470 {.ip_dst = IPv4(10,0,0,0)}, /* should not match */
471 {.ip_dst = IPv4(10,1,1,2)}, /* should not match */
472 {.ip_dst = IPv4(10,1,1,1)}, /* should not match */
474 {.ip_src = IPv4(192,168,2,50)}, /* should not match */
475 {.ip_src = IPv4(192,168,1,2)}, /* should not match */
476 {.ip_src = IPv4(192,168,1,50)}, /* should not match */
477 {.ip_dst = IPv4(192,168,2,50), .allow = 1}, /* should match 1 */
478 {.ip_dst = IPv4(192,168,1,49), .allow = 2}, /* should match 2 */
479 {.ip_dst = IPv4(192,168,1,50), .allow = 2,
480 .deny = 3}, /* should match 2, 3 */
482 {.vlan = 0x64, .allow = 7}, /* should match 7 */
483 {.vlan = 0xfE4, .allow = 7}, /* should match 7 */
484 {.vlan = 0xE2}, /* should not match */
485 {.vlan = 0xD, .allow = 8}, /* should match 8 */
486 {.vlan = 0x6}, /* should not match */
487 {.vlan = 0x5, .allow = 8, .deny = 9}, /* should match 8, 9 */
489 {.domain = 0x64, .allow = 10}, /* should match 10 */
490 {.domain = 0xfE4, .allow = 10}, /* should match 10 */
491 {.domain = 0xE2}, /* should not match */
492 {.domain = 0xD, .allow = 11}, /* should match 11 */
493 {.domain = 0x6}, /* should not match */
494 {.domain = 0x5, .allow = 11, .deny = 12}, /* should match 11, 12 */
496 {.port_dst = 80, .allow = 13}, /* should match 13 */
497 {.port_dst = 79, .allow = 14}, /* should match 14 */
498 {.port_dst = 81, .allow = 14}, /* should match 14 */
499 {.port_dst = 21}, /* should not match */
500 {.port_dst = 1024, .deny = 16}, /* should match 16 */
501 {.port_dst = 1020, .allow = 14, .deny = 15}, /* should match 14, 15 */
503 {.port_src = 80, .allow = 17}, /* should match 17 */
504 {.port_src = 79, .allow = 18}, /* should match 18 */
505 {.port_src = 81, .allow = 18}, /* should match 18 */
506 {.port_src = 21}, /* should not match */
507 {.port_src = 1024, .deny = 20}, /* should match 20 */
508 {.port_src = 1020, .allow = 18, .deny = 19}, /* should match 18, 19 */
510 {.proto = 0x64, .allow = 21}, /* should match 21 */
511 {.proto = 0xE4, .allow = 21}, /* should match 21 */
512 {.proto = 0xE2}, /* should not match */
513 {.proto = 0xD, .allow = 22}, /* should match 22 */
514 {.proto = 0x6}, /* should not match */
515 {.proto = 0x5, .allow = 22, .deny = 23}, /* should match 22, 23 */
517 /* testing matching multiple rules at once */
518 {.vlan = 0x5, .ip_src = IPv4(10,1,1,1),
519 .allow = 5, .deny = 9}, /* should match 5, 9 */
520 {.vlan = 0x5, .ip_src = IPv4(192,168,2,50),
521 .allow = 8, .deny = 9}, /* should match 8, 9 */
522 {.vlan = 0x55, .ip_src = IPv4(192,168,1,49),
523 .allow = 8}, /* should match 8 */
524 {.port_dst = 80, .port_src = 1024,
525 .allow = 13, .deny = 20}, /* should match 13,20 */
526 {.port_dst = 79, .port_src = 1024,
527 .allow = 14, .deny = 20}, /* should match 14,20 */
528 {.proto = 0x5, .ip_dst = IPv4(192,168,2,50),
529 .allow = 1, .deny = 23}, /* should match 1, 23 */
531 {.proto = 0x5, .ip_dst = IPv4(192,168,1,50),
532 .allow = 2, .deny = 23}, /* should match 2, 23 */
533 {.vlan = 0x64, .domain = 0x5,
534 .allow = 11, .deny = 12}, /* should match 11, 12 */
535 {.proto = 0x5, .port_src = 80,
536 .allow = 17, .deny = 23}, /* should match 17, 23 */
537 {.proto = 0x5, .port_dst = 80,
538 .allow = 13, .deny = 23}, /* should match 13, 23 */
539 {.proto = 0x51, .port_src = 5000}, /* should not match */
540 {.ip_src = IPv4(192,168,1,50),
541 .ip_dst = IPv4(10,0,0,0),
544 .port_dst = 5000}, /* should not match */
546 /* test full packet rules */
548 .ip_dst = IPv4(1,2,100,200),
549 .ip_src = IPv4(5,6,7,254),
557 }, /* should match 23, 24 */
559 .ip_dst = IPv4(5,6,7,254),
560 .ip_src = IPv4(1,2,100,200),
568 }, /* should match 13, 25 */
570 .ip_dst = IPv4(1,10,20,30),
571 .ip_src = IPv4(5,6,7,8),
578 }, /* should match 23, 26 */
580 .ip_dst = IPv4(5,6,7,8),
581 .ip_src = IPv4(1,10,20,30),
588 }, /* should match 13, 27 */
590 .ip_dst = IPv4(2,2,3,4),
591 .ip_src = IPv4(4,6,7,8),
598 }, /* should match 13, 23 */
600 .ip_dst = IPv4(1,2,3,4),
601 .ip_src = IPv4(4,6,7,8),
608 }, /* should match 13, 23 */
611 /* visual separator! */
613 .ip_dst = IPv4(1,2,100,200),
614 .ip_src = IPv4(5,6,7,254),
621 }, /* should match 10 */
623 .ip_dst = IPv4(5,6,7,254),
624 .ip_src = IPv4(1,2,100,200),
631 }, /* should match 10 */
633 .ip_dst = IPv4(1,10,20,30),
634 .ip_src = IPv4(5,6,7,8),
640 }, /* should match 7 */
642 .ip_dst = IPv4(5,6,7,8),
643 .ip_src = IPv4(1,10,20,30),
649 }, /* should match 7 */
651 .ip_dst = IPv4(2,2,3,4),
652 .ip_src = IPv4(4,6,7,8),
658 }, /* should match 7 */
660 .ip_dst = IPv4(1,2,3,4),
661 .ip_src = IPv4(4,6,7,8),
666 }, /* should not match */
669 #endif /* TEST_ACL_H_ */
git.droids-corp.org / dpdk.git / blob