4 * Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include <rte_hexdump.h>
35 #include "test_table.h"
36 #include "test_table_acl.h"
38 #define IPv4(a, b, c, d) ((uint32_t)(((a) & 0xff) << 24) | \
39 (((b) & 0xff) << 16) | \
40 (((c) & 0xff) << 8) | \
44 * Rule and trace formats definitions.
64 struct rte_acl_field_def ipv4_defs[NUM_FIELDS_IPV4] = {
66 .type = RTE_ACL_FIELD_TYPE_BITMASK,
67 .size = sizeof(uint8_t),
68 .field_index = PROTO_FIELD_IPV4,
69 .input_index = PROTO_FIELD_IPV4,
70 .offset = offsetof(struct ipv4_5tuple, proto),
73 .type = RTE_ACL_FIELD_TYPE_MASK,
74 .size = sizeof(uint32_t),
75 .field_index = SRC_FIELD_IPV4,
76 .input_index = SRC_FIELD_IPV4,
77 .offset = offsetof(struct ipv4_5tuple, ip_src),
80 .type = RTE_ACL_FIELD_TYPE_MASK,
81 .size = sizeof(uint32_t),
82 .field_index = DST_FIELD_IPV4,
83 .input_index = DST_FIELD_IPV4,
84 .offset = offsetof(struct ipv4_5tuple, ip_dst),
87 .type = RTE_ACL_FIELD_TYPE_RANGE,
88 .size = sizeof(uint16_t),
89 .field_index = SRCP_FIELD_IPV4,
90 .input_index = SRCP_FIELD_IPV4,
91 .offset = offsetof(struct ipv4_5tuple, port_src),
94 .type = RTE_ACL_FIELD_TYPE_RANGE,
95 .size = sizeof(uint16_t),
96 .field_index = DSTP_FIELD_IPV4,
97 .input_index = SRCP_FIELD_IPV4,
98 .offset = offsetof(struct ipv4_5tuple, port_dst),
102 struct rte_table_acl_rule_add_params table_acl_IPv4_rule;
104 typedef int (*parse_5tuple)(char *text,
105 struct rte_table_acl_rule_add_params *rule);
108 * The order of the fields in the rule string after the initial '@'
113 CB_FLD_SRC_PORT_RANGE,
114 CB_FLD_DST_PORT_RANGE,
120 #define GET_CB_FIELD(in, fd, base, lim, dlm) \
126 val = strtoul((in), &end, (base)); \
127 if (errno != 0 || end[0] != (dlm) || val > (lim)) \
129 (fd) = (typeof(fd)) val; \
137 parse_ipv4_net(const char *in, uint32_t *addr, uint32_t *mask_len)
139 uint8_t a, b, c, d, m;
141 GET_CB_FIELD(in, a, 0, UINT8_MAX, '.');
142 GET_CB_FIELD(in, b, 0, UINT8_MAX, '.');
143 GET_CB_FIELD(in, c, 0, UINT8_MAX, '.');
144 GET_CB_FIELD(in, d, 0, UINT8_MAX, '/');
145 GET_CB_FIELD(in, m, 0, sizeof(uint32_t) * CHAR_BIT, 0);
147 addr[0] = IPv4(a, b, c, d);
154 parse_port_range(const char *in, uint16_t *port_low, uint16_t *port_high)
158 GET_CB_FIELD(in, a, 0, UINT16_MAX, ':');
159 GET_CB_FIELD(in, b, 0, UINT16_MAX, 0);
168 parse_cb_ipv4_rule(char *str, struct rte_table_acl_rule_add_params *v)
171 char *s, *sp, *in[CB_FLD_NUM];
172 static const char *dlm = " \t\n";
177 if (strchr(str, '@') != str)
183 * Populate the 'in' array with the location of each
184 * field in the string we're parsing
186 for (i = 0; i != DIM(in); i++) {
187 in[i] = strtok_r(s, dlm, &sp);
193 /* Parse x.x.x.x/x */
194 rc = parse_ipv4_net(in[CB_FLD_SRC_ADDR],
195 &v->field_value[SRC_FIELD_IPV4].value.u32,
196 &v->field_value[SRC_FIELD_IPV4].mask_range.u32);
198 RTE_LOG(ERR, PIPELINE, "failed to read src address/mask: %s\n",
199 in[CB_FLD_SRC_ADDR]);
203 printf("V=%u, mask=%u\n", v->field_value[SRC_FIELD_IPV4].value.u32,
204 v->field_value[SRC_FIELD_IPV4].mask_range.u32);
206 /* Parse x.x.x.x/x */
207 rc = parse_ipv4_net(in[CB_FLD_DST_ADDR],
208 &v->field_value[DST_FIELD_IPV4].value.u32,
209 &v->field_value[DST_FIELD_IPV4].mask_range.u32);
211 RTE_LOG(ERR, PIPELINE, "failed to read dest address/mask: %s\n",
212 in[CB_FLD_DST_ADDR]);
216 printf("V=%u, mask=%u\n", v->field_value[DST_FIELD_IPV4].value.u32,
217 v->field_value[DST_FIELD_IPV4].mask_range.u32);
219 rc = parse_port_range(in[CB_FLD_SRC_PORT_RANGE],
220 &v->field_value[SRCP_FIELD_IPV4].value.u16,
221 &v->field_value[SRCP_FIELD_IPV4].mask_range.u16);
223 RTE_LOG(ERR, PIPELINE, "failed to read source port range: %s\n",
224 in[CB_FLD_SRC_PORT_RANGE]);
228 printf("V=%u, mask=%u\n", v->field_value[SRCP_FIELD_IPV4].value.u16,
229 v->field_value[SRCP_FIELD_IPV4].mask_range.u16);
231 rc = parse_port_range(in[CB_FLD_DST_PORT_RANGE],
232 &v->field_value[DSTP_FIELD_IPV4].value.u16,
233 &v->field_value[DSTP_FIELD_IPV4].mask_range.u16);
235 RTE_LOG(ERR, PIPELINE, "failed to read dest port range: %s\n",
236 in[CB_FLD_DST_PORT_RANGE]);
240 printf("V=%u, mask=%u\n", v->field_value[DSTP_FIELD_IPV4].value.u16,
241 v->field_value[DSTP_FIELD_IPV4].mask_range.u16);
243 GET_CB_FIELD(in[CB_FLD_PROTO],
244 v->field_value[PROTO_FIELD_IPV4].value.u8,
246 GET_CB_FIELD(in[CB_FLD_PROTO],
247 v->field_value[PROTO_FIELD_IPV4].mask_range.u8,
250 printf("V=%u, mask=%u\n",
251 (unsigned int)v->field_value[PROTO_FIELD_IPV4].value.u8,
252 v->field_value[PROTO_FIELD_IPV4].mask_range.u8);
257 parse_cb_ipv4_rule_del(char *str, struct rte_table_acl_rule_delete_params *v)
260 char *s, *sp, *in[CB_FLD_NUM];
261 static const char *dlm = " \t\n";
266 if (strchr(str, '@') != str)
272 * Populate the 'in' array with the location of each
273 * field in the string we're parsing
275 for (i = 0; i != DIM(in); i++) {
276 in[i] = strtok_r(s, dlm, &sp);
282 /* Parse x.x.x.x/x */
283 rc = parse_ipv4_net(in[CB_FLD_SRC_ADDR],
284 &v->field_value[SRC_FIELD_IPV4].value.u32,
285 &v->field_value[SRC_FIELD_IPV4].mask_range.u32);
287 RTE_LOG(ERR, PIPELINE, "failed to read src address/mask: %s\n",
288 in[CB_FLD_SRC_ADDR]);
292 printf("V=%u, mask=%u\n", v->field_value[SRC_FIELD_IPV4].value.u32,
293 v->field_value[SRC_FIELD_IPV4].mask_range.u32);
295 /* Parse x.x.x.x/x */
296 rc = parse_ipv4_net(in[CB_FLD_DST_ADDR],
297 &v->field_value[DST_FIELD_IPV4].value.u32,
298 &v->field_value[DST_FIELD_IPV4].mask_range.u32);
300 RTE_LOG(ERR, PIPELINE, "failed to read dest address/mask: %s\n",
301 in[CB_FLD_DST_ADDR]);
305 printf("V=%u, mask=%u\n", v->field_value[DST_FIELD_IPV4].value.u32,
306 v->field_value[DST_FIELD_IPV4].mask_range.u32);
308 rc = parse_port_range(in[CB_FLD_SRC_PORT_RANGE],
309 &v->field_value[SRCP_FIELD_IPV4].value.u16,
310 &v->field_value[SRCP_FIELD_IPV4].mask_range.u16);
312 RTE_LOG(ERR, PIPELINE, "failed to read source port range: %s\n",
313 in[CB_FLD_SRC_PORT_RANGE]);
317 printf("V=%u, mask=%u\n", v->field_value[SRCP_FIELD_IPV4].value.u16,
318 v->field_value[SRCP_FIELD_IPV4].mask_range.u16);
320 rc = parse_port_range(in[CB_FLD_DST_PORT_RANGE],
321 &v->field_value[DSTP_FIELD_IPV4].value.u16,
322 &v->field_value[DSTP_FIELD_IPV4].mask_range.u16);
324 RTE_LOG(ERR, PIPELINE, "failed to read dest port range: %s\n",
325 in[CB_FLD_DST_PORT_RANGE]);
329 printf("V=%u, mask=%u\n", v->field_value[DSTP_FIELD_IPV4].value.u16,
330 v->field_value[DSTP_FIELD_IPV4].mask_range.u16);
332 GET_CB_FIELD(in[CB_FLD_PROTO],
333 v->field_value[PROTO_FIELD_IPV4].value.u8,
335 GET_CB_FIELD(in[CB_FLD_PROTO],
336 v->field_value[PROTO_FIELD_IPV4].mask_range.u8,
339 printf("V=%u, mask=%u\n",
340 (unsigned int)v->field_value[PROTO_FIELD_IPV4].value.u8,
341 v->field_value[PROTO_FIELD_IPV4].mask_range.u8);
346 * The format for these rules DO NOT need the port ranges to be
347 * separated by ' : ', just ':'. It's a lot more readable and
350 char lines[][128] = {
351 "@0.0.0.0/0 0.0.0.0/0 0:65535 0:65535 2/0xff", /* Protocol check */
352 "@192.168.3.1/32 0.0.0.0/0 0:65535 0:65535 0/0", /* Src IP checl */
353 "@0.0.0.0/0 10.4.4.1/32 0:65535 0:65535 0/0", /* dst IP check */
354 "@0.0.0.0/0 0.0.0.0/0 105:105 0:65535 0/0", /* src port check */
355 "@0.0.0.0/0 0.0.0.0/0 0:65535 206:206 0/0", /* dst port check */
362 setup_acl_pipeline(void)
366 struct rte_pipeline_params pipeline_params = {
371 struct rte_table_acl_rule_add_params rule_params;
372 struct rte_pipeline_table_acl_rule_delete_params *delete_params;
376 /* Pipeline configuration */
377 p = rte_pipeline_create(&pipeline_params);
379 RTE_LOG(INFO, PIPELINE, "%s: Failed to configure pipeline\n",
384 /* Input port configuration */
385 for (i = 0; i < N_PORTS; i++) {
386 struct rte_port_ring_reader_params port_ring_params = {
390 struct rte_pipeline_port_in_params port_params = {
391 .ops = &rte_port_ring_reader_ops,
392 .arg_create = (void *) &port_ring_params,
394 .burst_size = BURST_SIZE,
397 /* Put in action for some ports */
399 port_params.f_action = port_in_action;
401 ret = rte_pipeline_port_in_create(p, &port_params,
404 rte_panic("Unable to configure input port %d, ret:%d\n",
410 /* output Port configuration */
411 for (i = 0; i < N_PORTS; i++) {
412 struct rte_port_ring_writer_params port_ring_params = {
414 .tx_burst_sz = BURST_SIZE,
417 struct rte_pipeline_port_out_params port_params = {
418 .ops = &rte_port_ring_writer_ops,
419 .arg_create = (void *) &port_ring_params,
425 if (rte_pipeline_port_out_create(p, &port_params,
427 rte_panic("Unable to configure output port %d\n", i);
432 /* Table configuration */
433 for (i = 0; i < N_PORTS; i++) {
434 struct rte_pipeline_table_params table_params;
436 /* Set up defaults for stub */
437 table_params.ops = &rte_table_stub_ops;
438 table_params.arg_create = NULL;
439 table_params.f_action_hit = action_handler_hit;
440 table_params.f_action_miss = NULL;
441 table_params.action_data_size = 0;
443 RTE_LOG(INFO, PIPELINE, "miss_action=%x\n",
444 table_entry_miss_action);
446 printf("RTE_ACL_RULE_SZ(%zu) = %zu\n", DIM(ipv4_defs),
447 RTE_ACL_RULE_SZ(DIM(ipv4_defs)));
449 struct rte_table_acl_params acl_params;
451 acl_params.n_rules = 1 << 5;
452 acl_params.n_rule_fields = DIM(ipv4_defs);
453 snprintf(acl_name, sizeof(acl_name), "ACL%d", i);
454 acl_params.name = acl_name;
455 memcpy(acl_params.field_format, ipv4_defs, sizeof(ipv4_defs));
457 table_params.ops = &rte_table_acl_ops;
458 table_params.arg_create = &acl_params;
460 if (rte_pipeline_table_create(p, &table_params, &table_id[i])) {
461 rte_panic("Unable to configure table %u\n", i);
465 if (connect_miss_action_to_table) {
466 if (rte_pipeline_table_create(p, &table_params,
468 rte_panic("Unable to configure table %u\n", i);
474 for (i = 0; i < N_PORTS; i++) {
475 if (rte_pipeline_port_in_connect_to_table(p, port_in_id[i],
477 rte_panic("Unable to connect input port %u to "
479 port_in_id[i], table_id[i]);
484 /* Add bulk entries to tables */
485 for (i = 0; i < N_PORTS; i++) {
486 struct rte_table_acl_rule_add_params keys[5];
487 struct rte_pipeline_table_entry entries[5];
488 struct rte_table_acl_rule_add_params *key_array[5];
489 struct rte_pipeline_table_entry *table_entries[5];
491 struct rte_pipeline_table_entry *table_entries_ptr[5];
492 struct rte_pipeline_table_entry entries_ptr[5];
494 parser = parse_cb_ipv4_rule;
495 for (n = 0; n < 5; n++) {
496 memset(&keys[n], 0, sizeof(struct rte_table_acl_rule_add_params));
497 key_array[n] = &keys[n];
499 snprintf(line, sizeof(line), "%s", lines[n]);
500 printf("PARSING [%s]\n", line);
502 ret = parser(line, &keys[n]);
504 RTE_LOG(ERR, PIPELINE,
505 "line %u: parse_cb_ipv4vlan_rule"
506 " failed, error code: %d (%s)\n",
507 n, ret, strerror(-ret));
511 keys[n].priority = RTE_ACL_MAX_PRIORITY - n - 1;
513 entries[n].action = RTE_PIPELINE_ACTION_PORT;
514 entries[n].port_id = port_out_id[i^1];
515 table_entries[n] = &entries[n];
516 table_entries_ptr[n] = &entries_ptr[n];
519 ret = rte_pipeline_table_entry_add_bulk(p, table_id[i],
520 (void **)key_array, table_entries, 5, key_found, table_entries_ptr);
522 rte_panic("Add entry bulk to table %u failed (%d)\n",
528 /* Delete bulk entries from tables */
529 for (i = 0; i < N_PORTS; i++) {
530 struct rte_table_acl_rule_delete_params keys[5];
531 struct rte_table_acl_rule_delete_params *key_array[5];
532 struct rte_pipeline_table_entry *table_entries[5];
535 for (n = 0; n < 5; n++) {
536 memset(&keys[n], 0, sizeof(struct rte_table_acl_rule_delete_params));
537 key_array[n] = &keys[n];
539 snprintf(line, sizeof(line), "%s", lines[n]);
540 printf("PARSING [%s]\n", line);
542 ret = parse_cb_ipv4_rule_del(line, &keys[n]);
544 RTE_LOG(ERR, PIPELINE,
545 "line %u: parse_cb_ipv4vlan_rule"
546 " failed, error code: %d (%s)\n",
547 n, ret, strerror(-ret));
552 ret = rte_pipeline_table_entry_delete_bulk(p, table_id[i],
553 (void **)key_array, 5, key_found, table_entries);
555 rte_panic("Delete bulk entries from table %u failed (%d)\n",
559 printf("Bulk deleted rules.\n");
562 /* Add entries to tables */
563 for (i = 0; i < N_PORTS; i++) {
564 struct rte_pipeline_table_entry table_entry = {
565 .action = RTE_PIPELINE_ACTION_PORT,
566 {.port_id = port_out_id[i^1]},
569 struct rte_pipeline_table_entry *entry_ptr;
571 memset(&rule_params, 0, sizeof(rule_params));
572 parser = parse_cb_ipv4_rule;
574 for (n = 1; n <= 5; n++) {
575 snprintf(line, sizeof(line), "%s", lines[n-1]);
576 printf("PARSING [%s]\n", line);
578 ret = parser(line, &rule_params);
580 RTE_LOG(ERR, PIPELINE,
581 "line %u: parse_cb_ipv4vlan_rule"
582 " failed, error code: %d (%s)\n",
583 n, ret, strerror(-ret));
587 rule_params.priority = RTE_ACL_MAX_PRIORITY - n;
589 ret = rte_pipeline_table_entry_add(p, table_id[i],
591 &table_entry, &key_found, &entry_ptr);
593 rte_panic("Add entry to table %u failed (%d)\n",
599 /* delete a few rules */
600 for (n = 2; n <= 3; n++) {
601 snprintf(line, sizeof(line), "%s", lines[n-1]);
602 printf("PARSING [%s]\n", line);
604 ret = parser(line, &rule_params);
606 RTE_LOG(ERR, PIPELINE, "line %u: parse rule "
607 " failed, error code: %d (%s)\n",
608 n, ret, strerror(-ret));
612 delete_params = (struct
613 rte_pipeline_table_acl_rule_delete_params *)
614 &(rule_params.field_value[0]);
615 ret = rte_pipeline_table_entry_delete(p, table_id[i],
616 delete_params, &key_found, NULL);
618 rte_panic("Add entry to table %u failed (%d)\n",
622 printf("Deleted Rule.\n");
626 /* Try to add duplicates */
627 for (n = 1; n <= 5; n++) {
628 snprintf(line, sizeof(line), "%s", lines[n-1]);
629 printf("PARSING [%s]\n", line);
631 ret = parser(line, &rule_params);
633 RTE_LOG(ERR, PIPELINE, "line %u: parse rule"
634 " failed, error code: %d (%s)\n",
635 n, ret, strerror(-ret));
639 rule_params.priority = RTE_ACL_MAX_PRIORITY - n;
641 ret = rte_pipeline_table_entry_add(p, table_id[i],
643 &table_entry, &key_found, &entry_ptr);
645 rte_panic("Add entry to table %u failed (%d)\n",
652 /* Enable input ports */
653 for (i = 0; i < N_PORTS ; i++)
654 if (rte_pipeline_port_in_enable(p, port_in_id[i]))
655 rte_panic("Unable to enable input port %u\n",
658 /* Check pipeline consistency */
659 if (rte_pipeline_check(p) < 0) {
660 rte_panic("Pipeline consistency check failed\n");
671 test_pipeline_single_filter(int expected_count)
673 int i, j, ret, tx_count;
674 struct ipv4_5tuple five_tuple;
676 /* Allocate a few mbufs and manually insert into the rings. */
677 for (i = 0; i < N_PORTS; i++) {
678 for (j = 0; j < 8; j++) {
679 struct rte_mbuf *mbuf;
681 mbuf = rte_pktmbuf_alloc(pool);
683 /* this will cause test failure after cleanup
684 * of already enqueued mbufs, as the mbuf
685 * counts won't match */
687 memset(rte_pktmbuf_mtod(mbuf, char *), 0x00,
688 sizeof(struct ipv4_5tuple));
690 five_tuple.proto = j;
691 five_tuple.ip_src = rte_bswap32(IPv4(192, 168, j, 1));
692 five_tuple.ip_dst = rte_bswap32(IPv4(10, 4, j, 1));
693 five_tuple.port_src = rte_bswap16(100 + j);
694 five_tuple.port_dst = rte_bswap16(200 + j);
696 memcpy(rte_pktmbuf_mtod(mbuf, char *), &five_tuple,
697 sizeof(struct ipv4_5tuple));
698 RTE_LOG(INFO, PIPELINE, "%s: Enqueue onto ring %d\n",
700 rte_ring_enqueue(rings_rx[i], mbuf);
704 /* Run pipeline once */
705 for (i = 0; i< N_PORTS; i++)
708 rte_pipeline_flush(p);
712 for (i = 0; i < N_PORTS; i++) {
713 void *objs[RING_TX_SIZE];
714 struct rte_mbuf *mbuf;
716 ret = rte_ring_sc_dequeue_burst(rings_tx[i], objs, 10, NULL);
718 printf("Got no objects from ring %d - error code %d\n",
721 printf("Got %d object(s) from ring %d!\n", ret, i);
722 for (j = 0; j < ret; j++) {
724 rte_hexdump(stdout, "mbuf",
725 rte_pktmbuf_mtod(mbuf, char *), 64);
726 rte_pktmbuf_free(mbuf);
732 if (tx_count != expected_count) {
733 RTE_LOG(INFO, PIPELINE,
734 "%s: Unexpected packets for ACL test, "
735 "expected %d, got %d\n",
736 __func__, expected_count, tx_count);
740 rte_pipeline_free(p);
753 override_hit_mask = 0xFF; /* All packets are a hit */
755 setup_acl_pipeline();
756 if (test_pipeline_single_filter(10) < 0)