X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=lib%2Flibrte_ether%2Frte_flow.h;h=09a21e5315c9d228211b93ee0a93e0fe20763cfe;hb=fc6bbb3f28f2336ecae64d4c2732c09c05a5ab4a;hp=34a5876c7573aef3c8b70a0ec87ef358bb1c54b6;hpb=323f811a4ac841f07c733b98717e670a0c140135;p=dpdk.git diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h index 34a5876c75..09a21e5315 100644 --- a/lib/librte_ether/rte_flow.h +++ b/lib/librte_ether/rte_flow.h @@ -1,34 +1,6 @@ -/*- - * BSD LICENSE - * - * Copyright 2016 6WIND S.A. - * Copyright 2016 Mellanox. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of 6WIND S.A. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright 2016 6WIND S.A. + * Copyright 2016 Mellanox Technologies, Ltd */ #ifndef RTE_FLOW_H_ @@ -42,14 +14,19 @@ * associated actions in hardware through flow rules. */ +#include +#include + #include #include +#include #include #include #include #include #include #include +#include #ifdef __cplusplus extern "C" { @@ -95,7 +72,26 @@ struct rte_flow_attr { uint32_t priority; /**< Priority level within group. */ uint32_t ingress:1; /**< Rule applies to ingress traffic. */ uint32_t egress:1; /**< Rule applies to egress traffic. */ - uint32_t reserved:30; /**< Reserved, must be zero. */ + /** + * Instead of simply matching the properties of traffic as it would + * appear on a given DPDK port ID, enabling this attribute transfers + * a flow rule to the lowest possible level of any device endpoints + * found in the pattern. + * + * When supported, this effectively enables an application to + * re-route traffic not necessarily intended for it (e.g. coming + * from or addressed to different physical ports, VFs or + * applications) at the device level. + * + * It complements the behavior of some pattern items such as + * RTE_FLOW_ITEM_TYPE_PHY_PORT and is meaningless without them. + * + * When transferring flow rules, ingress and egress attributes keep + * their original meaning, as if processing traffic emitted or + * received by the application. + */ + uint32_t transfer:1; + uint32_t reserved:29; /**< Reserved, must be zero. */ }; /** @@ -103,15 +99,13 @@ struct rte_flow_attr { * * Pattern items fall in two categories: * - * - Matching protocol headers and packet data (ANY, RAW, ETH, VLAN, IPV4, - * IPV6, ICMP, UDP, TCP, SCTP, VXLAN and so on), usually associated with a + * - Matching protocol headers and packet data, usually associated with a * specification structure. These must be stacked in the same order as the - * protocol layers to match, starting from the lowest. + * protocol layers to match inside packets, starting from the lowest. * - * - Matching meta-data or affecting pattern processing (END, VOID, INVERT, - * PF, VF, PORT and so on), often without a specification structure. Since - * they do not match packet contents, these can be specified anywhere - * within item lists without affecting others. + * - Matching meta-data or affecting pattern processing, often without a + * specification structure. Since they do not match packet contents, their + * position in the list is usually not relevant. * * See the description of individual types for more information. Those * marked with [META] fall into the second category. @@ -158,13 +152,8 @@ enum rte_flow_item_type { /** * [META] * - * Matches packets addressed to the physical function of the device. - * - * If the underlying device function differs from the one that would - * normally receive the matched traffic, specifying this item - * prevents it from reaching that device unless the flow rule - * contains a PF action. Packets are not duplicated between device - * instances by default. + * Matches traffic originating from (ingress) or going to (egress) + * the physical function of the current device. * * No associated specification structure. */ @@ -173,13 +162,8 @@ enum rte_flow_item_type { /** * [META] * - * Matches packets addressed to a virtual function ID of the device. - * - * If the underlying device function differs from the one that would - * normally receive the matched traffic, specifying this item - * prevents it from reaching that device unless the flow rule - * contains a VF action. Packets are not duplicated between device - * instances by default. + * Matches traffic originating from (ingress) or going to (egress) a + * given virtual function of the current device. * * See struct rte_flow_item_vf. */ @@ -188,17 +172,22 @@ enum rte_flow_item_type { /** * [META] * - * Matches packets coming from the specified physical port of the - * underlying device. + * Matches traffic originating from (ingress) or going to (egress) a + * physical port of the underlying device. * - * The first PORT item overrides the physical port normally - * associated with the specified DPDK input port (port_id). This - * item can be provided several times to match additional physical - * ports. + * See struct rte_flow_item_phy_port. + */ + RTE_FLOW_ITEM_TYPE_PHY_PORT, + + /** + * [META] + * + * Matches traffic originating from (ingress) or going to (egress) a + * given DPDK port ID. * - * See struct rte_flow_item_port. + * See struct rte_flow_item_port_id. */ - RTE_FLOW_ITEM_TYPE_PORT, + RTE_FLOW_ITEM_TYPE_PORT_ID, /** * Matches a byte string of a given length at a given offset. @@ -297,6 +286,59 @@ enum rte_flow_item_type { * See struct rte_flow_item_gre. */ RTE_FLOW_ITEM_TYPE_GRE, + + /** + * [META] + * + * Fuzzy pattern match, expect faster than default. + * + * This is for device that support fuzzy matching option. + * Usually a fuzzy matching is fast but the cost is accuracy. + * + * See struct rte_flow_item_fuzzy. + */ + RTE_FLOW_ITEM_TYPE_FUZZY, + + /** + * Matches a GTP header. + * + * Configure flow for GTP packets. + * + * See struct rte_flow_item_gtp. + */ + RTE_FLOW_ITEM_TYPE_GTP, + + /** + * Matches a GTP header. + * + * Configure flow for GTP-C packets. + * + * See struct rte_flow_item_gtp. + */ + RTE_FLOW_ITEM_TYPE_GTPC, + + /** + * Matches a GTP header. + * + * Configure flow for GTP-U packets. + * + * See struct rte_flow_item_gtp. + */ + RTE_FLOW_ITEM_TYPE_GTPU, + + /** + * Matches a ESP header. + * + * See struct rte_flow_item_esp. + */ + RTE_FLOW_ITEM_TYPE_ESP, + + /** + * Matches a GENEVE header. + * + * See struct rte_flow_item_geneve. + */ + RTE_FLOW_ITEM_TYPE_GENEVE, }; /** @@ -324,15 +366,15 @@ static const struct rte_flow_item_any rte_flow_item_any_mask = { /** * RTE_FLOW_ITEM_TYPE_VF * - * Matches packets addressed to a virtual function ID of the device. + * Matches traffic originating from (ingress) or going to (egress) a given + * virtual function of the current device. * - * If the underlying device function differs from the one that would - * normally receive the matched traffic, specifying this item prevents it - * from reaching that device unless the flow rule contains a VF - * action. Packets are not duplicated between device instances by default. + * If supported, should work even if the virtual function is not managed by + * the application and thus not associated with a DPDK port ID. + * + * Note this pattern item does not match VF representors traffic which, as + * separate entities, should be addressed through their own DPDK port IDs. * - * - Likely to return an error or never match any traffic if this causes a - * VF device to match traffic addressed to a different VF. * - Can be specified multiple times to match traffic addressed to several * VF IDs. * - Can be combined with a PF item to match both PF and VF traffic. @@ -340,7 +382,7 @@ static const struct rte_flow_item_any rte_flow_item_any_mask = { * A zeroed mask can be used to match any VF ID. */ struct rte_flow_item_vf { - uint32_t id; /**< Destination VF ID. */ + uint32_t id; /**< VF ID. */ }; /** Default mask for RTE_FLOW_ITEM_TYPE_VF. */ @@ -351,13 +393,13 @@ static const struct rte_flow_item_vf rte_flow_item_vf_mask = { #endif /** - * RTE_FLOW_ITEM_TYPE_PORT + * RTE_FLOW_ITEM_TYPE_PHY_PORT * - * Matches packets coming from the specified physical port of the underlying - * device. + * Matches traffic originating from (ingress) or going to (egress) a + * physical port of the underlying device. * - * The first PORT item overrides the physical port normally associated with - * the specified DPDK input port (port_id). This item can be provided + * The first PHY_PORT item overrides the physical port normally associated + * with the specified DPDK input port (port_id). This item can be provided * several times to match additional physical ports. * * Note that physical ports are not necessarily tied to DPDK input ports @@ -370,17 +412,43 @@ static const struct rte_flow_item_vf rte_flow_item_vf_mask = { * * A zeroed mask can be used to match any port index. */ -struct rte_flow_item_port { +struct rte_flow_item_phy_port { uint32_t index; /**< Physical port index. */ }; -/** Default mask for RTE_FLOW_ITEM_TYPE_PORT. */ +/** Default mask for RTE_FLOW_ITEM_TYPE_PHY_PORT. */ #ifndef __cplusplus -static const struct rte_flow_item_port rte_flow_item_port_mask = { +static const struct rte_flow_item_phy_port rte_flow_item_phy_port_mask = { .index = 0x00000000, }; #endif +/** + * RTE_FLOW_ITEM_TYPE_PORT_ID + * + * Matches traffic originating from (ingress) or going to (egress) a given + * DPDK port ID. + * + * Normally only supported if the port ID in question is known by the + * underlying PMD and related to the device the flow rule is created + * against. + * + * This must not be confused with @p PHY_PORT which refers to the physical + * port of a device, whereas @p PORT_ID refers to a struct rte_eth_dev + * object on the application side (also known as "port representor" + * depending on the kind of underlying device). + */ +struct rte_flow_item_port_id { + uint32_t id; /**< DPDK port ID. */ +}; + +/** Default mask for RTE_FLOW_ITEM_TYPE_PORT_ID. */ +#ifndef __cplusplus +static const struct rte_flow_item_port_id rte_flow_item_port_id_mask = { + .id = 0xffffffff, +}; +#endif + /** * RTE_FLOW_ITEM_TYPE_RAW * @@ -406,7 +474,7 @@ struct rte_flow_item_raw { int32_t offset; /**< Absolute or relative offset for pattern. */ uint16_t limit; /**< Search area limit for start of pattern. */ uint16_t length; /**< Pattern length. */ - uint8_t pattern[]; /**< Byte string to look for. */ + const uint8_t *pattern; /**< Byte string to look for. */ }; /** Default mask for RTE_FLOW_ITEM_TYPE_RAW. */ @@ -418,6 +486,7 @@ static const struct rte_flow_item_raw rte_flow_item_raw_mask = { .offset = 0xffffffff, .limit = 0xffff, .length = 0xffff, + .pattern = NULL, }; #endif @@ -425,11 +494,17 @@ static const struct rte_flow_item_raw rte_flow_item_raw_mask = { * RTE_FLOW_ITEM_TYPE_ETH * * Matches an Ethernet header. + * + * The @p type field either stands for "EtherType" or "TPID" when followed + * by so-called layer 2.5 pattern items such as RTE_FLOW_ITEM_TYPE_VLAN. In + * the latter case, @p type refers to that of the outer header, with the + * inner EtherType/TPID provided by the subsequent pattern item. This is the + * same order as on the wire. */ struct rte_flow_item_eth { struct ether_addr dst; /**< Destination MAC. */ struct ether_addr src; /**< Source MAC. */ - uint16_t type; /**< EtherType. */ + rte_be16_t type; /**< EtherType or TPID. */ }; /** Default mask for RTE_FLOW_ITEM_TYPE_ETH. */ @@ -437,7 +512,7 @@ struct rte_flow_item_eth { static const struct rte_flow_item_eth rte_flow_item_eth_mask = { .dst.addr_bytes = "\xff\xff\xff\xff\xff\xff", .src.addr_bytes = "\xff\xff\xff\xff\xff\xff", - .type = 0x0000, + .type = RTE_BE16(0x0000), }; #endif @@ -446,19 +521,20 @@ static const struct rte_flow_item_eth rte_flow_item_eth_mask = { * * Matches an 802.1Q/ad VLAN tag. * - * This type normally follows either RTE_FLOW_ITEM_TYPE_ETH or - * RTE_FLOW_ITEM_TYPE_VLAN. + * The corresponding standard outer EtherType (TPID) values are + * ETHER_TYPE_VLAN or ETHER_TYPE_QINQ. It can be overridden by the preceding + * pattern item. */ struct rte_flow_item_vlan { - uint16_t tpid; /**< Tag protocol identifier. */ - uint16_t tci; /**< Tag control information. */ + rte_be16_t tci; /**< Tag control information. */ + rte_be16_t inner_type; /**< Inner EtherType or TPID. */ }; /** Default mask for RTE_FLOW_ITEM_TYPE_VLAN. */ #ifndef __cplusplus static const struct rte_flow_item_vlan rte_flow_item_vlan_mask = { - .tpid = 0x0000, - .tci = 0xffff, + .tci = RTE_BE16(0x0fff), + .inner_type = RTE_BE16(0x0000), }; #endif @@ -477,8 +553,8 @@ struct rte_flow_item_ipv4 { #ifndef __cplusplus static const struct rte_flow_item_ipv4 rte_flow_item_ipv4_mask = { .hdr = { - .src_addr = 0xffffffff, - .dst_addr = 0xffffffff, + .src_addr = RTE_BE32(0xffffffff), + .dst_addr = RTE_BE32(0xffffffff), }, }; #endif @@ -540,8 +616,8 @@ struct rte_flow_item_udp { #ifndef __cplusplus static const struct rte_flow_item_udp rte_flow_item_udp_mask = { .hdr = { - .src_port = 0xffff, - .dst_port = 0xffff, + .src_port = RTE_BE16(0xffff), + .dst_port = RTE_BE16(0xffff), }, }; #endif @@ -559,8 +635,8 @@ struct rte_flow_item_tcp { #ifndef __cplusplus static const struct rte_flow_item_tcp rte_flow_item_tcp_mask = { .hdr = { - .src_port = 0xffff, - .dst_port = 0xffff, + .src_port = RTE_BE16(0xffff), + .dst_port = RTE_BE16(0xffff), }, }; #endif @@ -578,8 +654,8 @@ struct rte_flow_item_sctp { #ifndef __cplusplus static const struct rte_flow_item_sctp rte_flow_item_sctp_mask = { .hdr = { - .src_port = 0xffff, - .dst_port = 0xffff, + .src_port = RTE_BE16(0xffff), + .dst_port = RTE_BE16(0xffff), }, }; #endif @@ -607,30 +683,27 @@ static const struct rte_flow_item_vxlan rte_flow_item_vxlan_mask = { * RTE_FLOW_ITEM_TYPE_E_TAG. * * Matches a E-tag header. + * + * The corresponding standard outer EtherType (TPID) value is + * ETHER_TYPE_ETAG. It can be overridden by the preceding pattern item. */ struct rte_flow_item_e_tag { - uint16_t tpid; /**< Tag protocol identifier (0x893F). */ /** * E-Tag control information (E-TCI). * E-PCP (3b), E-DEI (1b), ingress E-CID base (12b). */ - uint16_t epcp_edei_in_ecid_b; + rte_be16_t epcp_edei_in_ecid_b; /** Reserved (2b), GRP (2b), E-CID base (12b). */ - uint16_t rsvd_grp_ecid_b; + rte_be16_t rsvd_grp_ecid_b; uint8_t in_ecid_e; /**< Ingress E-CID ext. */ uint8_t ecid_e; /**< E-CID ext. */ + rte_be16_t inner_type; /**< Inner EtherType or TPID. */ }; /** Default mask for RTE_FLOW_ITEM_TYPE_E_TAG. */ #ifndef __cplusplus static const struct rte_flow_item_e_tag rte_flow_item_e_tag_mask = { -#if RTE_BYTE_ORDER == RTE_BIG_ENDIAN - .rsvd_grp_ecid_b = 0x3fff, -#elif RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN - .rsvd_grp_ecid_b = 0xff3f, -#else -#error Unsupported endianness. -#endif + .rsvd_grp_ecid_b = RTE_BE16(0x3fff), }; #endif @@ -646,8 +719,8 @@ struct rte_flow_item_nvgre { * * c_k_s_rsvd0_ver must have value 0x2000 according to RFC 7637. */ - uint16_t c_k_s_rsvd0_ver; - uint16_t protocol; /**< Protocol type (0x6558). */ + rte_be16_t c_k_s_rsvd0_ver; + rte_be16_t protocol; /**< Protocol type (0x6558). */ uint8_t tni[3]; /**< Virtual subnet ID. */ uint8_t flow_id; /**< Flow ID. */ }; @@ -689,14 +762,108 @@ struct rte_flow_item_gre { * Checksum (1b), reserved 0 (12b), version (3b). * Refer to RFC 2784. */ - uint16_t c_rsvd0_ver; - uint16_t protocol; /**< Protocol type. */ + rte_be16_t c_rsvd0_ver; + rte_be16_t protocol; /**< Protocol type. */ }; /** Default mask for RTE_FLOW_ITEM_TYPE_GRE. */ #ifndef __cplusplus static const struct rte_flow_item_gre rte_flow_item_gre_mask = { - .protocol = 0xffff, + .protocol = RTE_BE16(0xffff), +}; +#endif + +/** + * RTE_FLOW_ITEM_TYPE_FUZZY + * + * Fuzzy pattern match, expect faster than default. + * + * This is for device that support fuzzy match option. + * Usually a fuzzy match is fast but the cost is accuracy. + * i.e. Signature Match only match pattern's hash value, but it is + * possible two different patterns have the same hash value. + * + * Matching accuracy level can be configure by threshold. + * Driver can divide the range of threshold and map to different + * accuracy levels that device support. + * + * Threshold 0 means perfect match (no fuzziness), while threshold + * 0xffffffff means fuzziest match. + */ +struct rte_flow_item_fuzzy { + uint32_t thresh; /**< Accuracy threshold. */ +}; + +/** Default mask for RTE_FLOW_ITEM_TYPE_FUZZY. */ +#ifndef __cplusplus +static const struct rte_flow_item_fuzzy rte_flow_item_fuzzy_mask = { + .thresh = 0xffffffff, +}; +#endif + +/** + * RTE_FLOW_ITEM_TYPE_GTP. + * + * Matches a GTPv1 header. + */ +struct rte_flow_item_gtp { + /** + * Version (3b), protocol type (1b), reserved (1b), + * Extension header flag (1b), + * Sequence number flag (1b), + * N-PDU number flag (1b). + */ + uint8_t v_pt_rsv_flags; + uint8_t msg_type; /**< Message type. */ + rte_be16_t msg_len; /**< Message length. */ + rte_be32_t teid; /**< Tunnel endpoint identifier. */ +}; + +/** Default mask for RTE_FLOW_ITEM_TYPE_GTP. */ +#ifndef __cplusplus +static const struct rte_flow_item_gtp rte_flow_item_gtp_mask = { + .teid = RTE_BE32(0xffffffff), +}; +#endif + +/** + * RTE_FLOW_ITEM_TYPE_ESP + * + * Matches an ESP header. + */ +struct rte_flow_item_esp { + struct esp_hdr hdr; /**< ESP header definition. */ +}; + +/** Default mask for RTE_FLOW_ITEM_TYPE_ESP. */ +#ifndef __cplusplus +static const struct rte_flow_item_esp rte_flow_item_esp_mask = { + .hdr = { + .spi = 0xffffffff, + }, +}; +#endif + +/** + * RTE_FLOW_ITEM_TYPE_GENEVE. + * + * Matches a GENEVE header. + */ +struct rte_flow_item_geneve { + /** + * Version (2b), length of the options fields (6b), OAM packet (1b), + * critical options present (1b), reserved 0 (6b). + */ + rte_be16_t ver_opt_len_o_c_rsvd0; + rte_be16_t protocol; /**< Protocol type. */ + uint8_t vni[3]; /**< Virtual Network Identifier. */ + uint8_t rsvd1; /**< Reserved, normally 0x00. */ +}; + +/** Default mask for RTE_FLOW_ITEM_TYPE_GENEVE. */ +#ifndef __cplusplus +static const struct rte_flow_item_geneve rte_flow_item_geneve_mask = { + .vni = "\xff\xff\xff", }; #endif @@ -745,33 +912,28 @@ struct rte_flow_item { * * Each possible action is represented by a type. Some have associated * configuration structures. Several actions combined in a list can be - * affected to a flow rule. That list is not ordered. + * assigned to a flow rule and are performed in order. * * They fall in three categories: * - * - Terminating actions (such as QUEUE, DROP, RSS, PF, VF) that prevent - * processing matched packets by subsequent flow rules, unless overridden - * with PASSTHRU. - * - * - Non terminating actions (PASSTHRU, DUP) that leave matched packets up - * for additional processing by subsequent flow rules. + * - Actions that modify the fate of matching traffic, for instance by + * dropping or assigning it a specific destination. * - * - Other non terminating meta actions that do not affect the fate of - * packets (END, VOID, MARK, FLAG, COUNT). + * - Actions that modify matching traffic contents or its properties. This + * includes adding/removing encapsulation, encryption, compression and + * marks. * - * When several actions are combined in a flow rule, they should all have - * different types (e.g. dropping a packet twice is not possible). + * - Actions related to the flow rule itself, such as updating counters or + * making it non-terminating. * - * Only the last action of a given type is taken into account. PMDs still - * perform error checking on the entire list. + * Flow rules being terminating by default, not specifying any action of the + * fate kind results in undefined behavior. This applies to both ingress and + * egress. * - * Note that PASSTHRU is the only action able to override a terminating - * rule. + * PASSTHRU, when supported, makes a flow rule non-terminating. */ enum rte_flow_action_type { /** - * [META] - * * End marker for action lists. Prevents further processing of * actions, thereby ending the list. * @@ -780,8 +942,6 @@ enum rte_flow_action_type { RTE_FLOW_ACTION_TYPE_END, /** - * [META] - * * Used as a placeholder for convenience. It is ignored and simply * discarded by PMDs. * @@ -790,18 +950,14 @@ enum rte_flow_action_type { RTE_FLOW_ACTION_TYPE_VOID, /** - * Leaves packets up for additional processing by subsequent flow - * rules. This is the default when a rule does not contain a - * terminating action, but can be specified to force a rule to - * become non-terminating. + * Leaves traffic up for additional processing by subsequent flow + * rules; makes a flow rule non-terminating. * * No associated configuration structure. */ RTE_FLOW_ACTION_TYPE_PASSTHRU, /** - * [META] - * * Attaches an integer value to packets and sets PKT_RX_FDIR and * PKT_RX_FDIR_ID mbuf flags. * @@ -810,8 +966,6 @@ enum rte_flow_action_type { RTE_FLOW_ACTION_TYPE_MARK, /** - * [META] - * * Flags packets. Similar to MARK without a specific value; only * sets the PKT_RX_FDIR mbuf flag. * @@ -836,9 +990,7 @@ enum rte_flow_action_type { RTE_FLOW_ACTION_TYPE_DROP, /** - * [META] - * - * Enables counters for this rule. + * Enables counters for this flow rule. * * These counters can be retrieved and reset through rte_flow_query(), * see struct rte_flow_query_count. @@ -847,16 +999,6 @@ enum rte_flow_action_type { */ RTE_FLOW_ACTION_TYPE_COUNT, - /** - * Duplicates packets to a given queue index. - * - * This is normally combined with QUEUE, however when used alone, it - * is actually similar to QUEUE + PASSTHRU. - * - * See struct rte_flow_action_dup. - */ - RTE_FLOW_ACTION_TYPE_DUP, - /** * Similar to QUEUE, except RSS is additionally performed on packets * to spread them among several queues according to the provided @@ -867,20 +1009,51 @@ enum rte_flow_action_type { RTE_FLOW_ACTION_TYPE_RSS, /** - * Redirects packets to the physical function (PF) of the current - * device. + * Directs matching traffic to the physical function (PF) of the + * current device. * * No associated configuration structure. */ RTE_FLOW_ACTION_TYPE_PF, /** - * Redirects packets to the virtual function (VF) of the current - * device with the specified ID. + * Directs matching traffic to a given virtual function of the + * current device. * * See struct rte_flow_action_vf. */ RTE_FLOW_ACTION_TYPE_VF, + + /** + * Directs packets to a given physical port index of the underlying + * device. + * + * See struct rte_flow_action_phy_port. + */ + RTE_FLOW_ACTION_TYPE_PHY_PORT, + + /** + * Directs matching traffic to a given DPDK port ID. + * + * See struct rte_flow_action_port_id. + */ + RTE_FLOW_ACTION_TYPE_PORT_ID, + + /** + * Traffic metering and policing (MTR). + * + * See struct rte_flow_action_meter. + * See file rte_mtr.h for MTR object configuration. + */ + RTE_FLOW_ACTION_TYPE_METER, + + /** + * Redirects packets to security engine of current device for security + * processing as specified by security session. + * + * See struct rte_flow_action_security. + */ + RTE_FLOW_ACTION_TYPE_SECURITY }; /** @@ -901,8 +1074,6 @@ struct rte_flow_action_mark { * RTE_FLOW_ACTION_TYPE_QUEUE * * Assign packets to a given queue index. - * - * Terminating by default. */ struct rte_flow_action_queue { uint16_t index; /**< Queue index to use. */ @@ -922,55 +1093,141 @@ struct rte_flow_query_count { uint64_t bytes; /**< Number of bytes through this rule [out]. */ }; -/** - * RTE_FLOW_ACTION_TYPE_DUP - * - * Duplicates packets to a given queue index. - * - * This is normally combined with QUEUE, however when used alone, it is - * actually similar to QUEUE + PASSTHRU. - * - * Non-terminating by default. - */ -struct rte_flow_action_dup { - uint16_t index; /**< Queue index to duplicate packets to. */ -}; - /** * RTE_FLOW_ACTION_TYPE_RSS * * Similar to QUEUE, except RSS is additionally performed on packets to * spread them among several queues according to the provided parameters. * + * Unlike global RSS settings used by other DPDK APIs, unsetting the + * @p types field does not disable RSS in a flow rule. Doing so instead + * requests safe unspecified "best-effort" settings from the underlying PMD, + * which depending on the flow rule, may result in anything ranging from + * empty (single queue) to all-inclusive RSS. + * * Note: RSS hash result is stored in the hash.rss mbuf field which overlaps * hash.fdir.lo. Since the MARK action sets the hash.fdir.hi field only, * both can be requested simultaneously. - * - * Terminating by default. */ struct rte_flow_action_rss { - const struct rte_eth_rss_conf *rss_conf; /**< RSS parameters. */ - uint16_t num; /**< Number of entries in queue[]. */ - uint16_t queue[]; /**< Queues indices to use. */ + enum rte_eth_hash_function func; /**< RSS hash function to apply. */ + /** + * Packet encapsulation level RSS hash @p types apply to. + * + * - @p 0 requests the default behavior. Depending on the packet + * type, it can mean outermost, innermost, anything in between or + * even no RSS. + * + * It basically stands for the innermost encapsulation level RSS + * can be performed on according to PMD and device capabilities. + * + * - @p 1 requests RSS to be performed on the outermost packet + * encapsulation level. + * + * - @p 2 and subsequent values request RSS to be performed on the + * specified inner packet encapsulation level, from outermost to + * innermost (lower to higher values). + * + * Values other than @p 0 are not necessarily supported. + * + * Requesting a specific RSS level on unrecognized traffic results + * in undefined behavior. For predictable results, it is recommended + * to make the flow rule pattern match packet headers up to the + * requested encapsulation level so that only matching traffic goes + * through. + */ + uint32_t level; + uint64_t types; /**< Specific RSS hash types (see ETH_RSS_*). */ + uint32_t key_len; /**< Hash key length in bytes. */ + uint32_t queue_num; /**< Number of entries in @p queue. */ + const uint8_t *key; /**< Hash key. */ + const uint16_t *queue; /**< Queue indices to use. */ }; /** * RTE_FLOW_ACTION_TYPE_VF * - * Redirects packets to a virtual function (VF) of the current device. + * Directs matching traffic to a given virtual function of the current + * device. * * Packets matched by a VF pattern item can be redirected to their original * VF ID instead of the specified one. This parameter may not be available * and is not guaranteed to work properly if the VF part is matched by a * prior flow rule or if packets are not addressed to a VF in the first * place. - * - * Terminating by default. */ struct rte_flow_action_vf { uint32_t original:1; /**< Use original VF ID if possible. */ uint32_t reserved:31; /**< Reserved, must be zero. */ - uint32_t id; /**< VF ID to redirect packets to. */ + uint32_t id; /**< VF ID. */ +}; + +/** + * RTE_FLOW_ACTION_TYPE_PHY_PORT + * + * Directs packets to a given physical port index of the underlying + * device. + * + * @see RTE_FLOW_ITEM_TYPE_PHY_PORT + */ +struct rte_flow_action_phy_port { + uint32_t original:1; /**< Use original port index if possible. */ + uint32_t reserved:31; /**< Reserved, must be zero. */ + uint32_t index; /**< Physical port index. */ +}; + +/** + * RTE_FLOW_ACTION_TYPE_PORT_ID + * + * Directs matching traffic to a given DPDK port ID. + * + * @see RTE_FLOW_ITEM_TYPE_PORT_ID + */ +struct rte_flow_action_port_id { + uint32_t original:1; /**< Use original DPDK port ID if possible. */ + uint32_t reserved:31; /**< Reserved, must be zero. */ + uint32_t id; /**< DPDK port ID. */ +}; + +/** + * RTE_FLOW_ACTION_TYPE_METER + * + * Traffic metering and policing (MTR). + * + * Packets matched by items of this type can be either dropped or passed to the + * next item with their color set by the MTR object. + */ +struct rte_flow_action_meter { + uint32_t mtr_id; /**< MTR object ID created with rte_mtr_create(). */ +}; + +/** + * RTE_FLOW_ACTION_TYPE_SECURITY + * + * Perform the security action on flows matched by the pattern items + * according to the configuration of the security session. + * + * This action modifies the payload of matched flows. For INLINE_CRYPTO, the + * security protocol headers and IV are fully provided by the application as + * specified in the flow pattern. The payload of matching packets is + * encrypted on egress, and decrypted and authenticated on ingress. + * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW, + * providing full encapsulation and decapsulation of packets in security + * protocols. The flow pattern specifies both the outer security header fields + * and the inner packet fields. The security session specified in the action + * must match the pattern parameters. + * + * The security session specified in the action must be created on the same + * port as the flow action that is being specified. + * + * The ingress/egress flow attribute should match that specified in the + * security session if the security session supports the definition of the + * direction. + * + * Multiple flows can be configured to use the same security session. + */ +struct rte_flow_action_security { + void *security_session; /**< Pointer to security session structure. */ }; /** @@ -1007,10 +1264,15 @@ enum rte_flow_error_type { RTE_FLOW_ERROR_TYPE_ATTR_PRIORITY, /**< Priority field. */ RTE_FLOW_ERROR_TYPE_ATTR_INGRESS, /**< Ingress field. */ RTE_FLOW_ERROR_TYPE_ATTR_EGRESS, /**< Egress field. */ + RTE_FLOW_ERROR_TYPE_ATTR_TRANSFER, /**< Transfer field. */ RTE_FLOW_ERROR_TYPE_ATTR, /**< Attributes structure. */ RTE_FLOW_ERROR_TYPE_ITEM_NUM, /**< Pattern length. */ + RTE_FLOW_ERROR_TYPE_ITEM_SPEC, /**< Item specification. */ + RTE_FLOW_ERROR_TYPE_ITEM_LAST, /**< Item specification range. */ + RTE_FLOW_ERROR_TYPE_ITEM_MASK, /**< Item specification mask. */ RTE_FLOW_ERROR_TYPE_ITEM, /**< Specific pattern item. */ RTE_FLOW_ERROR_TYPE_ACTION_NUM, /**< Number of actions. */ + RTE_FLOW_ERROR_TYPE_ACTION_CONF, /**< Action configuration. */ RTE_FLOW_ERROR_TYPE_ACTION, /**< Specific action. */ }; @@ -1064,6 +1326,8 @@ struct rte_flow_error { * * -ENOSYS: underlying device does not support this functionality. * + * -EIO: underlying device is removed. + * * -EINVAL: unknown or invalid rule specification. * * -ENOTSUP: valid but unsupported rule specification (e.g. partial @@ -1082,7 +1346,7 @@ struct rte_flow_error { * state (see rte_eth_dev_rx_queue_stop() and rte_eth_dev_stop()). */ int -rte_flow_validate(uint8_t port_id, +rte_flow_validate(uint16_t port_id, const struct rte_flow_attr *attr, const struct rte_flow_item pattern[], const struct rte_flow_action actions[], @@ -1109,7 +1373,7 @@ rte_flow_validate(uint8_t port_id, * rte_flow_validate(). */ struct rte_flow * -rte_flow_create(uint8_t port_id, +rte_flow_create(uint16_t port_id, const struct rte_flow_attr *attr, const struct rte_flow_item pattern[], const struct rte_flow_action actions[], @@ -1136,7 +1400,7 @@ rte_flow_create(uint8_t port_id, * 0 on success, a negative errno value otherwise and rte_errno is set. */ int -rte_flow_destroy(uint8_t port_id, +rte_flow_destroy(uint16_t port_id, struct rte_flow *flow, struct rte_flow_error *error); @@ -1157,7 +1421,7 @@ rte_flow_destroy(uint8_t port_id, * 0 on success, a negative errno value otherwise and rte_errno is set. */ int -rte_flow_flush(uint8_t port_id, +rte_flow_flush(uint16_t port_id, struct rte_flow_error *error); /** @@ -1185,7 +1449,7 @@ rte_flow_flush(uint8_t port_id, * 0 on success, a negative errno value otherwise and rte_errno is set. */ int -rte_flow_query(uint8_t port_id, +rte_flow_query(uint16_t port_id, struct rte_flow *flow, enum rte_flow_action_type action, void *data, @@ -1233,7 +1497,71 @@ rte_flow_query(uint8_t port_id, * 0 on success, a negative errno value otherwise and rte_errno is set. */ int -rte_flow_isolate(uint8_t port_id, int set, struct rte_flow_error *error); +rte_flow_isolate(uint16_t port_id, int set, struct rte_flow_error *error); + +/** + * Initialize flow error structure. + * + * @param[out] error + * Pointer to flow error structure (may be NULL). + * @param code + * Related error code (rte_errno). + * @param type + * Cause field and error types. + * @param cause + * Object responsible for the error. + * @param message + * Human-readable error message. + * + * @return + * Negative error code (errno value) and rte_errno is set. + */ +int +rte_flow_error_set(struct rte_flow_error *error, + int code, + enum rte_flow_error_type type, + const void *cause, + const char *message); + +/** + * Generic flow representation. + * + * This form is sufficient to describe an rte_flow independently from any + * PMD implementation and allows for replayability and identification. + */ +struct rte_flow_desc { + size_t size; /**< Allocated space including data[]. */ + struct rte_flow_attr attr; /**< Attributes. */ + struct rte_flow_item *items; /**< Items. */ + struct rte_flow_action *actions; /**< Actions. */ + uint8_t data[]; /**< Storage for items/actions. */ +}; + +/** + * Copy an rte_flow rule description. + * + * @param[in] fd + * Flow rule description. + * @param[in] len + * Total size of allocated data for the flow description. + * @param[in] attr + * Flow rule attributes. + * @param[in] items + * Pattern specification (list terminated by the END pattern item). + * @param[in] actions + * Associated actions (list terminated by the END action). + * + * @return + * If len is greater or equal to the size of the flow, the total size of the + * flow description and its data. + * If len is lower than the size of the flow, the number of bytes that would + * have been written to desc had it been sufficient. Nothing is written. + */ +size_t +rte_flow_copy(struct rte_flow_desc *fd, size_t len, + const struct rte_flow_attr *attr, + const struct rte_flow_item *items, + const struct rte_flow_action *actions); #ifdef __cplusplus }