4 * Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
49 /* rules for invalid layout test */
50 struct rte_acl_ipv4vlan_rule invalid_layout_rules[] = {
51 /* test src and dst address */
53 .data = {.userdata = 1, .category_mask = 1},
54 .src_addr = IPv4(10,0,0,0),
58 .data = {.userdata = 2, .category_mask = 1},
59 .dst_addr = IPv4(10,0,0,0),
62 /* test src and dst ports */
64 .data = {.userdata = 3, .category_mask = 1},
69 .data = {.userdata = 4, .category_mask = 1},
75 .data = {.userdata = 5, .category_mask = 1},
80 .data = {.userdata = 6, .category_mask = 1},
86 /* these might look odd because they don't match up the rules. This is
87 * intentional, as the invalid layout test presumes returning the correct
88 * results using the wrong data layout.
90 struct ipv4_7tuple invalid_layout_data[] = {
91 {.ip_src = IPv4(10,0,1,0)}, /* should not match */
92 {.ip_src = IPv4(10,0,0,1), .allow = 2}, /* should match 2 */
93 {.port_src = 100, .allow = 4}, /* should match 4 */
94 {.port_dst = 0xf, .allow = 6}, /* should match 6 */
99 #define ACL_ALLOW_MASK 0x1
100 #define ACL_DENY_MASK 0x2
102 /* ruleset for ACL unit test */
103 struct rte_acl_ipv4vlan_rule acl_test_rules[] = {
104 /* destination IP addresses */
105 /* matches all packets traveling to 192.168.0.0/16 */
107 .data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK,
109 .dst_addr = IPv4(192,168,0,0),
112 .src_port_high = 0xffff,
114 .dst_port_high = 0xffff,
116 /* matches all packets traveling to 192.168.1.0/24 */
118 .data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK,
120 .dst_addr = IPv4(192,168,1,0),
123 .src_port_high = 0xffff,
125 .dst_port_high = 0xffff,
127 /* matches all packets traveling to 192.168.1.50 */
129 .data = {.userdata = 3, .category_mask = ACL_DENY_MASK,
131 .dst_addr = IPv4(192,168,1,50),
134 .src_port_high = 0xffff,
136 .dst_port_high = 0xffff,
139 /* source IP addresses */
140 /* matches all packets traveling from 10.0.0.0/8 */
142 .data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK,
144 .src_addr = IPv4(10,0,0,0),
147 .src_port_high = 0xffff,
149 .dst_port_high = 0xffff,
151 /* matches all packets traveling from 10.1.1.0/24 */
153 .data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK,
155 .src_addr = IPv4(10,1,1,0),
158 .src_port_high = 0xffff,
160 .dst_port_high = 0xffff,
162 /* matches all packets traveling from 10.1.1.1 */
164 .data = {.userdata = 6, .category_mask = ACL_DENY_MASK,
166 .src_addr = IPv4(10,1,1,1),
169 .src_port_high = 0xffff,
171 .dst_port_high = 0xffff,
175 /* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */
177 .data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK,
182 .src_port_high = 0xffff,
184 .dst_port_high = 0xffff,
186 /* matches all packets with VLAN tags that have 0x5 in them */
188 .data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK,
193 .src_port_high = 0xffff,
195 .dst_port_high = 0xffff,
197 /* matches all packets with VLAN tag 5 */
199 .data = {.userdata = 9, .category_mask = ACL_DENY_MASK,
204 .src_port_high = 0xffff,
206 .dst_port_high = 0xffff,
210 /* matches all packets with lower 7 bytes of domain equal to 0x64 */
212 .data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK,
217 .src_port_high = 0xffff,
219 .dst_port_high = 0xffff,
221 /* matches all packets with domains that have 0x5 in them */
223 .data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK,
228 .src_port_high = 0xffff,
230 .dst_port_high = 0xffff,
232 /* matches all packets with domain 5 */
234 .data = {.userdata = 12, .category_mask = ACL_DENY_MASK,
237 .domain_mask = 0xffff,
239 .src_port_high = 0xffff,
241 .dst_port_high = 0xffff,
244 /* destination port */
245 /* matches everything with dst port 80 */
247 .data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK,
252 .src_port_high = 0xffff,
254 /* matches everything with dst port 22-1023 */
256 .data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK,
259 .dst_port_high = 1023,
261 .src_port_high = 0xffff,
263 /* matches everything with dst port 1020 */
265 .data = {.userdata = 15, .category_mask = ACL_DENY_MASK,
267 .dst_port_low = 1020,
268 .dst_port_high = 1020,
270 .src_port_high = 0xffff,
272 /* matches everything with dst portrange 1000-2000 */
274 .data = {.userdata = 16, .category_mask = ACL_DENY_MASK,
276 .dst_port_low = 1000,
277 .dst_port_high = 2000,
279 .src_port_high = 0xffff,
283 /* matches everything with src port 80 */
285 .data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK,
290 .dst_port_high = 0xffff,
292 /* matches everything with src port 22-1023 */
294 .data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK,
297 .src_port_high = 1023,
299 .dst_port_high = 0xffff,
301 /* matches everything with src port 1020 */
303 .data = {.userdata = 19, .category_mask = ACL_DENY_MASK,
305 .src_port_low = 1020,
306 .src_port_high = 1020,
308 .dst_port_high = 0xffff,
310 /* matches everything with src portrange 1000-2000 */
312 .data = {.userdata = 20, .category_mask = ACL_DENY_MASK,
314 .src_port_low = 1000,
315 .src_port_high = 2000,
317 .dst_port_high = 0xffff,
320 /* protocol number */
321 /* matches all packets with protocol number either 0x64 or 0xE4 */
323 .data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK,
328 .src_port_high = 0xffff,
330 .dst_port_high = 0xffff,
332 /* matches all packets with protocol that have 0x5 in them */
334 .data = {.userdata = 22, .category_mask = ACL_ALLOW_MASK,
339 .src_port_high = 0xffff,
341 .dst_port_high = 0xffff,
343 /* matches all packets with protocol 5 */
345 .data = {.userdata = 23, .category_mask = ACL_DENY_MASK,
350 .src_port_high = 0xffff,
352 .dst_port_high = 0xffff,
355 /* rules combining various fields */
357 .data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK,
359 /** make sure that unmasked bytes don't fail! */
360 .dst_addr = IPv4(1,2,3,4),
362 .src_addr = IPv4(5,6,7,8),
367 .src_port_high = 0xffff,
369 .dst_port_high = 1024,
373 .domain_mask = 0xffff,
376 .data = {.userdata = 25, .category_mask = ACL_DENY_MASK,
378 .dst_addr = IPv4(5,6,7,8),
380 .src_addr = IPv4(1,2,3,4),
385 .src_port_high = 0xffff,
387 .dst_port_high = 1024,
391 .domain_mask = 0xffff,
394 .data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK,
396 .dst_addr = IPv4(1,2,3,4),
398 .src_addr = IPv4(5,6,7,8),
403 .src_port_high = 0xffff,
405 .dst_port_high = 1024,
410 .data = {.userdata = 27, .category_mask = ACL_DENY_MASK,
412 .dst_addr = IPv4(5,6,7,8),
414 .src_addr = IPv4(1,2,3,4),
419 .src_port_high = 0xffff,
421 .dst_port_high = 1024,
427 /* data for ACL unit test */
428 struct ipv4_7tuple acl_test_data[] = {
429 /* testing single rule aspects */
430 {.ip_src = IPv4(10,0,0,0), .allow = 4}, /* should match 4 */
431 {.ip_src = IPv4(10,1,1,2), .allow = 5}, /* should match 5 */
432 {.ip_src = IPv4(10,1,1,1), .allow = 5,
433 .deny = 6}, /* should match 5, 6 */
434 {.ip_dst = IPv4(10,0,0,0)}, /* should not match */
435 {.ip_dst = IPv4(10,1,1,2)}, /* should not match */
436 {.ip_dst = IPv4(10,1,1,1)}, /* should not match */
438 {.ip_src = IPv4(192,168,2,50)}, /* should not match */
439 {.ip_src = IPv4(192,168,1,2)}, /* should not match */
440 {.ip_src = IPv4(192,168,1,50)}, /* should not match */
441 {.ip_dst = IPv4(192,168,2,50), .allow = 1}, /* should match 1 */
442 {.ip_dst = IPv4(192,168,1,49), .allow = 2}, /* should match 2 */
443 {.ip_dst = IPv4(192,168,1,50), .allow = 2,
444 .deny = 3}, /* should match 2, 3 */
446 {.vlan = 0x64, .allow = 7}, /* should match 7 */
447 {.vlan = 0xfE4, .allow = 7}, /* should match 7 */
448 {.vlan = 0xE2}, /* should not match */
449 {.vlan = 0xD, .allow = 8}, /* should match 8 */
450 {.vlan = 0x6}, /* should not match */
451 {.vlan = 0x5, .allow = 8, .deny = 9}, /* should match 8, 9 */
453 {.domain = 0x64, .allow = 10}, /* should match 10 */
454 {.domain = 0xfE4, .allow = 10}, /* should match 10 */
455 {.domain = 0xE2}, /* should not match */
456 {.domain = 0xD, .allow = 11}, /* should match 11 */
457 {.domain = 0x6}, /* should not match */
458 {.domain = 0x5, .allow = 11, .deny = 12}, /* should match 11, 12 */
460 {.port_dst = 80, .allow = 13}, /* should match 13 */
461 {.port_dst = 79, .allow = 14}, /* should match 14 */
462 {.port_dst = 81, .allow = 14}, /* should match 14 */
463 {.port_dst = 21}, /* should not match */
464 {.port_dst = 1024, .deny = 16}, /* should match 16 */
465 {.port_dst = 1020, .allow = 14, .deny = 15}, /* should match 14, 15 */
467 {.port_src = 80, .allow = 17}, /* should match 17 */
468 {.port_src = 79, .allow = 18}, /* should match 18 */
469 {.port_src = 81, .allow = 18}, /* should match 18 */
470 {.port_src = 21}, /* should not match */
471 {.port_src = 1024, .deny = 20}, /* should match 20 */
472 {.port_src = 1020, .allow = 18, .deny = 19}, /* should match 18, 19 */
474 {.proto = 0x64, .allow = 21}, /* should match 21 */
475 {.proto = 0xE4, .allow = 21}, /* should match 21 */
476 {.proto = 0xE2}, /* should not match */
477 {.proto = 0xD, .allow = 22}, /* should match 22 */
478 {.proto = 0x6}, /* should not match */
479 {.proto = 0x5, .allow = 22, .deny = 23}, /* should match 22, 23 */
481 /* testing matching multiple rules at once */
482 {.vlan = 0x5, .ip_src = IPv4(10,1,1,1),
483 .allow = 5, .deny = 9}, /* should match 5, 9 */
484 {.vlan = 0x5, .ip_src = IPv4(192,168,2,50),
485 .allow = 8, .deny = 9}, /* should match 8, 9 */
486 {.vlan = 0x55, .ip_src = IPv4(192,168,1,49),
487 .allow = 8}, /* should match 8 */
488 {.port_dst = 80, .port_src = 1024,
489 .allow = 13, .deny = 20}, /* should match 13,20 */
490 {.port_dst = 79, .port_src = 1024,
491 .allow = 14, .deny = 20}, /* should match 14,20 */
492 {.proto = 0x5, .ip_dst = IPv4(192,168,2,50),
493 .allow = 1, .deny = 23}, /* should match 1, 23 */
495 {.proto = 0x5, .ip_dst = IPv4(192,168,1,50),
496 .allow = 2, .deny = 23}, /* should match 2, 23 */
497 {.vlan = 0x64, .domain = 0x5,
498 .allow = 11, .deny = 12}, /* should match 11, 12 */
499 {.proto = 0x5, .port_src = 80,
500 .allow = 17, .deny = 23}, /* should match 17, 23 */
501 {.proto = 0x5, .port_dst = 80,
502 .allow = 13, .deny = 23}, /* should match 13, 23 */
503 {.proto = 0x51, .port_src = 5000}, /* should not match */
504 {.ip_src = IPv4(192,168,1,50),
505 .ip_dst = IPv4(10,0,0,0),
508 .port_dst = 5000}, /* should not match */
510 /* test full packet rules */
512 .ip_dst = IPv4(1,2,100,200),
513 .ip_src = IPv4(5,6,7,254),
521 }, /* should match 23, 24 */
523 .ip_dst = IPv4(5,6,7,254),
524 .ip_src = IPv4(1,2,100,200),
532 }, /* should match 13, 25 */
534 .ip_dst = IPv4(1,10,20,30),
535 .ip_src = IPv4(5,6,7,8),
542 }, /* should match 23, 26 */
544 .ip_dst = IPv4(5,6,7,8),
545 .ip_src = IPv4(1,10,20,30),
552 }, /* should match 13, 27 */
554 .ip_dst = IPv4(2,2,3,4),
555 .ip_src = IPv4(4,6,7,8),
562 }, /* should match 13, 23 */
564 .ip_dst = IPv4(1,2,3,4),
565 .ip_src = IPv4(4,6,7,8),
572 }, /* should match 13, 23 */
575 /* visual separator! */
577 .ip_dst = IPv4(1,2,100,200),
578 .ip_src = IPv4(5,6,7,254),
585 }, /* should match 10 */
587 .ip_dst = IPv4(5,6,7,254),
588 .ip_src = IPv4(1,2,100,200),
595 }, /* should match 10 */
597 .ip_dst = IPv4(1,10,20,30),
598 .ip_src = IPv4(5,6,7,8),
604 }, /* should match 7 */
606 .ip_dst = IPv4(5,6,7,8),
607 .ip_src = IPv4(1,10,20,30),
613 }, /* should match 7 */
615 .ip_dst = IPv4(2,2,3,4),
616 .ip_src = IPv4(4,6,7,8),
622 }, /* should match 7 */
624 .ip_dst = IPv4(1,2,3,4),
625 .ip_src = IPv4(4,6,7,8),
630 }, /* should not match */
633 #endif /* TEST_ACL_H_ */