SRCS-$(CONFIG_RTE_APP_TEST) += test_sched.c
SRCS-$(CONFIG_RTE_APP_TEST) += test_meter.c
SRCS-$(CONFIG_RTE_APP_TEST) += test_kni.c
-SRCS-$(CONFIG_RTE_APP_TEST) += test_pmac_acl.c
SRCS-$(CONFIG_RTE_APP_TEST) += test_power.c
SRCS-$(CONFIG_RTE_APP_TEST) += test_common.c
SRCS-$(CONFIG_RTE_APP_TEST) += test_timer_perf.c
+ifeq ($(CONFIG_RTE_APP_TEST),y)
+SRCS-$(CONFIG_RTE_LIBRTE_ACL) += test_acl.c
+endif
+
CFLAGS += -O3
CFLAGS += $(WERROR_FLAGS)
ret |= test_meter();
if (all || !strcmp(res->autotest, "kni_autotest"))
ret |= test_kni();
- if (all || !strcmp(res->autotest, "acl_autotest"))
- ret |= test_pmac_acl();
if (all || !strcmp(res->autotest, "power_autotest"))
ret |= test_power();
if (all || !strcmp(res->autotest, "common_autotest"))
ret |= test_common();
+#ifdef RTE_LIBRTE_ACL
+ if (all || !strcmp(res->autotest, "acl_autotest"))
+ ret |= test_acl();
+#endif /* RTE_LIBRTE_ACL */
if (ret == 0)
printf("Test OK\n");
"memcpy_perf_autotest#ring_perf_autotest#"
"red_autotest#meter_autotest#sched_autotest#"
"memcpy_perf_autotest#kni_autotest#"
- "pm_autotest#acl_autotest#power_autotest#"
+ "pm_autotest#"
+#ifdef RTE_LIBRTE_ACL
+ "acl_autotest#"
+#endif
+ "power_autotest#"
"timer_perf_autotest#"
"common_autotest#all_autotests");
int test_red(void);
int test_sched(void);
int test_meter(void);
-int test_pmac_acl(void);
+int test_acl(void);
int test_kni(void);
int test_power(void);
int test_common(void);
--- /dev/null
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2010-2013 Intel Corporation. All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <errno.h>
+
+#include <cmdline_parse.h>
+
+#include <rte_string_fns.h>
+#include <rte_mbuf.h>
+
+#include "test.h"
+
+#ifdef RTE_LIBRTE_ACL
+
+#include <rte_byteorder.h>
+#include <rte_ip.h>
+#include <rte_acl.h>
+
+#include "test_acl.h"
+
+#define LEN RTE_ACL_MAX_CATEGORIES
+
+struct rte_acl_param acl_param = {
+ .name = "acl_ctx",
+ .socket_id = SOCKET_ID_ANY,
+ .rule_size = sizeof(struct rte_acl_ipv4vlan_rule),
+ .max_rule_num = 0x30000,
+};
+
+struct rte_acl_ipv4vlan_rule acl_rule = {
+ .data = { .priority = 1, .category_mask = 0xff },
+ .src_port_low = 0,
+ .src_port_high = UINT16_MAX,
+ .dst_port_low = 0,
+ .dst_port_high = UINT16_MAX,
+};
+
+/* byteswap to cpu or network order */
+static void
+bswap_test_data(struct ipv4_7tuple * data, int len, int to_be)
+{
+ int i;
+
+ for (i = 0; i < len; i++) {
+
+ if (to_be) {
+ /* swap all bytes so that they are in network order */
+ data[i].ip_dst = rte_cpu_to_be_32(data[i].ip_dst);
+ data[i].ip_src = rte_cpu_to_be_32(data[i].ip_src);
+ data[i].port_dst = rte_cpu_to_be_16(data[i].port_dst);
+ data[i].port_src = rte_cpu_to_be_16(data[i].port_src);
+ data[i].vlan = rte_cpu_to_be_16(data[i].vlan);
+ data[i].domain = rte_cpu_to_be_16(data[i].domain);
+ }
+ else {
+ data[i].ip_dst = rte_be_to_cpu_32(data[i].ip_dst);
+ data[i].ip_src = rte_be_to_cpu_32(data[i].ip_src);
+ data[i].port_dst = rte_be_to_cpu_16(data[i].port_dst);
+ data[i].port_src = rte_be_to_cpu_16(data[i].port_src);
+ data[i].vlan = rte_be_to_cpu_16(data[i].vlan);
+ data[i].domain = rte_be_to_cpu_16(data[i].domain);
+ }
+ }
+}
+
+/*
+ * Test scalar and SSE ACL lookup.
+ */
+static int
+test_classify(void)
+{
+ struct rte_acl_ctx * acx;
+ int ret, i;
+ uint32_t result, count;
+
+ uint32_t results[DIM(acl_test_data) * RTE_ACL_MAX_CATEGORIES];
+
+ const uint8_t * data[DIM(acl_test_data)];
+
+ const uint32_t layout[RTE_ACL_IPV4VLAN_NUM] = {
+ offsetof(struct ipv4_7tuple, proto),
+ offsetof(struct ipv4_7tuple, vlan),
+ offsetof(struct ipv4_7tuple, ip_src),
+ offsetof(struct ipv4_7tuple, ip_dst),
+ offsetof(struct ipv4_7tuple, port_src),
+ };
+
+ acx = rte_acl_create(&acl_param);
+ if (acx == NULL) {
+ printf("Line %i: Error creating ACL context!\n", __LINE__);
+ return -1;
+ }
+
+ /* add rules to the context */
+ ret = rte_acl_ipv4vlan_add_rules(acx, acl_test_rules,
+ DIM(acl_test_rules));
+ if (ret != 0) {
+ printf("Line %i: Adding rules to ACL context failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* try building the context */
+ ret = rte_acl_ipv4vlan_build(acx, layout, RTE_ACL_MAX_CATEGORIES);
+ if (ret != 0) {
+ printf("Line %i: Building ACL context failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* swap all bytes in the data to network order */
+ bswap_test_data(acl_test_data, DIM(acl_test_data), 1);
+
+ /* store pointers to test data */
+ for (i = 0; i < (int) DIM(acl_test_data); i++)
+ data[i] = (uint8_t *)&acl_test_data[i];
+
+ /**
+ * these will run quite a few times, it's necessary to test code paths
+ * from num=0 to num>8
+ */
+ for (count = 0; count < DIM(acl_test_data); count++) {
+ ret = rte_acl_classify(acx, data, results,
+ count, RTE_ACL_MAX_CATEGORIES);
+ if (ret != 0) {
+ printf("Line %i: SSE classify failed!\n", __LINE__);
+ goto err;
+ }
+
+ /* check if we allow everything we should allow */
+ for (i = 0; i < (int) count; i++) {
+ result = results[i * RTE_ACL_MAX_CATEGORIES + ACL_ALLOW];
+ if (result != acl_test_data[i].allow) {
+ printf("Line %i: Error in allow results at %i "
+ "(expected %"PRIu32" got %"PRIu32")!\n",
+ __LINE__, i, acl_test_data[i].allow,
+ result);
+ goto err;
+ }
+ }
+
+ /* check if we deny everything we should deny */
+ for (i = 0; i < (int) count; i++) {
+ result = results[i * RTE_ACL_MAX_CATEGORIES + ACL_DENY];
+ if (result != acl_test_data[i].deny) {
+ printf("Line %i: Error in deny results at %i "
+ "(expected %"PRIu32" got %"PRIu32")!\n",
+ __LINE__, i, acl_test_data[i].deny,
+ result);
+ goto err;
+ }
+ }
+ }
+
+ /* make a quick check for scalar */
+ ret = rte_acl_classify_scalar(acx, data, results,
+ DIM(acl_test_data), RTE_ACL_MAX_CATEGORIES);
+ if (ret != 0) {
+ printf("Line %i: SSE classify failed!\n", __LINE__);
+ goto err;
+ }
+
+ /* check if we allow everything we should allow */
+ for (i = 0; i < (int) DIM(acl_test_data); i++) {
+ result = results[i * RTE_ACL_MAX_CATEGORIES + ACL_ALLOW];
+ if (result != acl_test_data[i].allow) {
+ printf("Line %i: Error in allow results at %i "
+ "(expected %"PRIu32" got %"PRIu32")!\n",
+ __LINE__, i, acl_test_data[i].allow,
+ result);
+ goto err;
+ }
+ }
+
+ /* check if we deny everything we should deny */
+ for (i = 0; i < (int) DIM(acl_test_data); i++) {
+ result = results[i * RTE_ACL_MAX_CATEGORIES + ACL_DENY];
+ if (result != acl_test_data[i].deny) {
+ printf("Line %i: Error in deny results at %i "
+ "(expected %"PRIu32" got %"PRIu32")!\n",
+ __LINE__, i, acl_test_data[i].deny,
+ result);
+ goto err;
+ }
+ }
+
+ /* free ACL context */
+ rte_acl_free(acx);
+
+ /* swap data back to cpu order so that next time tests don't fail */
+ bswap_test_data(acl_test_data, DIM(acl_test_data), 0);
+
+ return 0;
+err:
+
+ /* swap data back to cpu order so that next time tests don't fail */
+ bswap_test_data(acl_test_data, DIM(acl_test_data), 0);
+
+ rte_acl_free(acx);
+
+ return -1;
+}
+
+/*
+ * Test wrong layout behavior
+ * This test supplies the ACL context with invalid layout, which results in
+ * ACL matching the wrong stuff. However, it should match the wrong stuff
+ * the right way. We switch around source and destination addresses,
+ * source and destination ports, and protocol will point to first byte of
+ * destination port.
+ */
+static int
+test_invalid_layout(void)
+{
+ struct rte_acl_ctx * acx;
+ int ret, i;
+
+ uint32_t results[DIM(invalid_layout_data)];
+ const uint8_t * data[DIM(invalid_layout_data)];
+
+ const uint32_t layout[RTE_ACL_IPV4VLAN_NUM] = {
+ /* proto points to destination port's first byte */
+ offsetof(struct ipv4_7tuple, port_dst),
+
+ 0, /* VLAN not used */
+
+ /* src and dst addresses are swapped */
+ offsetof(struct ipv4_7tuple, ip_dst),
+ offsetof(struct ipv4_7tuple, ip_src),
+
+ /* we can't swap ports here, so we will swap them in the data */
+ offsetof(struct ipv4_7tuple, port_src),
+ };
+
+ acx = rte_acl_create(&acl_param);
+ if (acx == NULL) {
+ printf("Line %i: Error creating ACL context!\n", __LINE__);
+ return -1;
+ }
+
+ /* putting a lot of rules into the context results in greater
+ * coverage numbers. it doesn't matter if they are identical */
+ for (i = 0; i < 1000; i++) {
+ /* add rules to the context */
+ ret = rte_acl_ipv4vlan_add_rules(acx, invalid_layout_rules,
+ DIM(invalid_layout_rules));
+ if (ret != 0) {
+ printf("Line %i: Adding rules to ACL context failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+ }
+
+ /* try building the context */
+ ret = rte_acl_ipv4vlan_build(acx, layout, 1);
+ if (ret != 0) {
+ printf("Line %i: Building ACL context failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* swap all bytes in the data to network order */
+ bswap_test_data(invalid_layout_data, DIM(invalid_layout_data), 1);
+
+ /* prepare data */
+ for (i = 0; i < (int) DIM(invalid_layout_data); i++) {
+ data[i] = (uint8_t *)&invalid_layout_data[i];
+ }
+
+ /* classify tuples */
+ ret = rte_acl_classify(acx, data, results,
+ DIM(results), 1);
+ if (ret != 0) {
+ printf("Line %i: SSE classify failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ for (i = 0; i < (int) DIM(results); i++) {
+ if (results[i] != invalid_layout_data[i].allow) {
+ printf("Line %i: Wrong results at %i (result=%u, should be %u)!\n",
+ __LINE__, i, results[i], invalid_layout_data[i].allow);
+ goto err;
+ }
+ }
+
+ /* classify tuples (scalar) */
+ ret = rte_acl_classify_scalar(acx, data, results,
+ DIM(results), 1);
+ if (ret != 0) {
+ printf("Line %i: Scalar classify failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ for (i = 0; i < (int) DIM(results); i++) {
+ if (results[i] != invalid_layout_data[i].allow) {
+ printf("Line %i: Wrong results at %i (result=%u, should be %u)!\n",
+ __LINE__, i, results[i], invalid_layout_data[i].allow);
+ goto err;
+ }
+ }
+
+ rte_acl_free(acx);
+
+ /* swap data back to cpu order so that next time tests don't fail */
+ bswap_test_data(invalid_layout_data, DIM(invalid_layout_data), 0);
+
+ return 0;
+err:
+
+ /* swap data back to cpu order so that next time tests don't fail */
+ bswap_test_data(invalid_layout_data, DIM(invalid_layout_data), 0);
+
+ rte_acl_free(acx);
+
+ return -1;
+}
+
+/*
+ * Test creating and finding ACL contexts, and adding rules
+ */
+static int
+test_create_find_add(void)
+{
+ struct rte_acl_param param;
+ struct rte_acl_ctx * acx, *acx2, *tmp;
+ struct rte_acl_ipv4vlan_rule rules[LEN];
+
+ const uint32_t layout[RTE_ACL_IPV4VLAN_NUM] = {0};
+
+ const char * acx_name = "acx";
+ const char * acx2_name = "acx2";
+ int i, ret;
+
+ /* create two contexts */
+ memcpy(¶m, &acl_param, sizeof(param));
+ param.max_rule_num = 2;
+
+ param.name = acx_name;
+ acx = rte_acl_create(¶m);
+ if (acx == NULL) {
+ printf("Line %i: Error creating %s!\n", __LINE__, acx_name);
+ return -1;
+ }
+
+ param.name = acx2_name;
+ acx2 = rte_acl_create(¶m);
+ if (acx2 == NULL || acx2 == acx) {
+ printf("Line %i: Error creating %s!\n", __LINE__, acx2_name);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* try to create third one, with an existing name */
+ param.name = acx_name;
+ tmp = rte_acl_create(¶m);
+ if (tmp != acx) {
+ printf("Line %i: Creating context with existing name test failed!\n",
+ __LINE__);
+ if (tmp)
+ rte_acl_free(tmp);
+ goto err;
+ }
+
+ param.name = acx2_name;
+ tmp = rte_acl_create(¶m);
+ if (tmp != acx2) {
+ printf("Line %i: Creating context with existing name test 2 failed!\n",
+ __LINE__);
+ if (tmp)
+ rte_acl_free(tmp);
+ goto err;
+ }
+
+ /* try to find existing ACL contexts */
+ tmp = rte_acl_find_existing(acx_name);
+ if (tmp != acx) {
+ printf("Line %i: Finding %s failed!\n", __LINE__, acx_name);
+ if (tmp)
+ rte_acl_free(tmp);
+ goto err;
+ }
+
+ tmp = rte_acl_find_existing(acx2_name);
+ if (tmp != acx2) {
+ printf("Line %i: Finding %s failed!\n", __LINE__, acx2_name);
+ if (tmp)
+ rte_acl_free(tmp);
+ goto err;
+ }
+
+ /* try to find non-existing context */
+ tmp = rte_acl_find_existing("invalid");
+ if (tmp != NULL) {
+ printf("Line %i: Non-existent ACL context found!\n", __LINE__);
+ goto err;
+ }
+
+ /* free context */
+ rte_acl_free(acx);
+
+
+ /* create valid (but severely limited) acx */
+ memcpy(¶m, &acl_param, sizeof(param));
+ param.max_rule_num = LEN;
+
+ acx = rte_acl_create(¶m);
+ if (acx == NULL) {
+ printf("Line %i: Error creating %s!\n", __LINE__, param.name);
+ goto err;
+ }
+
+ /* create dummy acl */
+ for (i = 0; i < LEN; i++) {
+ memcpy(&rules[i], &acl_rule, sizeof(struct rte_acl_ipv4vlan_rule));
+ rules[i].data.userdata = i + 1; /* skip zero */
+ rules[i].data.category_mask = 1 << i; /* one rule per category */
+ }
+
+ /* try filling up the context */
+ ret = rte_acl_ipv4vlan_add_rules(acx, rules, LEN);
+ if (ret != 0) {
+ printf("Line %i: Adding %i rules to ACL context failed!\n",
+ __LINE__, LEN);
+ goto err;
+ }
+
+ /* try adding to a (supposedly) full context */
+ ret = rte_acl_ipv4vlan_add_rules(acx, rules, 1);
+ if (ret == 0) {
+ printf("Line %i: Adding rules to full ACL context should"
+ "have failed!\n", __LINE__);
+ goto err;
+ }
+
+ /* try building the context */
+ ret = rte_acl_ipv4vlan_build(acx, layout, RTE_ACL_MAX_CATEGORIES);
+ if (ret != 0) {
+ printf("Line %i: Building ACL context failed!\n", __LINE__);
+ goto err;
+ }
+
+ rte_acl_free(acx);
+ rte_acl_free(acx2);
+
+ return 0;
+err:
+ rte_acl_free(acx);
+ rte_acl_free(acx2);
+ return -1;
+}
+
+/*
+ * test various invalid rules
+ */
+static int
+test_invalid_rules(void)
+{
+ struct rte_acl_ctx * acx;
+ int ret;
+
+ struct rte_acl_ipv4vlan_rule rule;
+
+ acx = rte_acl_create(&acl_param);
+ if (acx == NULL) {
+ printf("Line %i: Error creating ACL context!\n", __LINE__);
+ return -1;
+ }
+
+ /* test inverted high/low source and destination ports.
+ * originally, there was a problem with memory consumption when using
+ * such rules.
+ */
+ /* create dummy acl */
+ memcpy(&rule, &acl_rule, sizeof(struct rte_acl_ipv4vlan_rule));
+ rule.data.userdata = 1;
+ rule.dst_port_low = 0xfff0;
+ rule.dst_port_high = 0x0010;
+
+ /* add rules to context and try to build it */
+ ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
+ if (ret == 0) {
+ printf("Line %i: Adding rules to ACL context "
+ "should have failed!\n", __LINE__);
+ goto err;
+ }
+
+ rule.dst_port_low = 0x0;
+ rule.dst_port_high = 0xffff;
+ rule.src_port_low = 0xfff0;
+ rule.src_port_high = 0x0010;
+
+ /* add rules to context and try to build it */
+ ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
+ if (ret == 0) {
+ printf("Line %i: Adding rules to ACL context "
+ "should have failed!\n", __LINE__);
+ goto err;
+ }
+
+ rule.dst_port_low = 0x0;
+ rule.dst_port_high = 0xffff;
+ rule.src_port_low = 0x0;
+ rule.src_port_high = 0xffff;
+
+ rule.dst_mask_len = 33;
+
+ /* add rules to context and try to build it */
+ ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
+ if (ret == 0) {
+ printf("Line %i: Adding rules to ACL context "
+ "should have failed!\n", __LINE__);
+ goto err;
+ }
+
+ rule.dst_mask_len = 0;
+ rule.src_mask_len = 33;
+
+ /* add rules to context and try to build it */
+ ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
+ if (ret == 0) {
+ printf("Line %i: Adding rules to ACL context "
+ "should have failed!\n", __LINE__);
+ goto err;
+ }
+
+ rule.dst_mask_len = 0;
+ rule.src_mask_len = 0;
+ rule.data.userdata = 0;
+
+ /* try adding this rule (it should fail because userdata is invalid) */
+ ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
+ if (ret == 0) {
+ printf("Line %i: Adding a rule with invalid user data "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ rte_acl_free(acx);
+
+ return 0;
+
+err:
+ rte_acl_free(acx);
+
+ return -1;
+}
+
+/*
+ * test functions by passing invalid or
+ * non-workable parameters.
+ *
+ * we do very limited testing of classify functions here
+ * because those are performance-critical and
+ * thus don't do much parameter checking.
+ */
+static int
+test_invalid_parameters(void)
+{
+ struct rte_acl_param param;
+ struct rte_acl_ctx * acx;
+ struct rte_acl_ipv4vlan_rule rule;
+ int result;
+
+ uint32_t layout[RTE_ACL_IPV4VLAN_NUM] = {0};
+
+
+ /**
+ * rte_ac_create()
+ */
+
+ /* NULL param */
+ acx = rte_acl_create(NULL);
+ if (acx != NULL) {
+ printf("Line %i: ACL context creation with NULL param "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* zero rule size */
+ memcpy(¶m, &acl_param, sizeof(param));
+ param.rule_size = 0;
+
+ acx = rte_acl_create(¶m);
+ if (acx == NULL) {
+ printf("Line %i: ACL context creation with zero rule len "
+ "failed!\n", __LINE__);
+ return -1;
+ }
+ else
+ rte_acl_free(acx);
+
+ /* zero max rule num */
+ memcpy(¶m, &acl_param, sizeof(param));
+ param.max_rule_num = 0;
+
+ acx = rte_acl_create(¶m);
+ if (acx == NULL) {
+ printf("Line %i: ACL context creation with zero rule num "
+ "failed!\n", __LINE__);
+ return -1;
+ }
+ else
+ rte_acl_free(acx);
+
+ /* invalid NUMA node */
+ memcpy(¶m, &acl_param, sizeof(param));
+ param.socket_id = RTE_MAX_NUMA_NODES + 1;
+
+ acx = rte_acl_create(¶m);
+ if (acx != NULL) {
+ printf("Line %i: ACL context creation with invalid NUMA "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* NULL name */
+ memcpy(¶m, &acl_param, sizeof(param));
+ param.name = NULL;
+
+ acx = rte_acl_create(¶m);
+ if (acx != NULL) {
+ printf("Line %i: ACL context creation with NULL name "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /**
+ * rte_acl_find_existing
+ */
+
+ acx = rte_acl_find_existing(NULL);
+ if (acx != NULL) {
+ printf("Line %i: NULL ACL context found!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /**
+ * rte_acl_ipv4vlan_add_rules
+ */
+
+ /* initialize everything */
+ memcpy(¶m, &acl_param, sizeof(param));
+ acx = rte_acl_create(¶m);
+ if (acx == NULL) {
+ printf("Line %i: ACL context creation failed!\n", __LINE__);
+ return -1;
+ }
+
+ memcpy(&rule, &acl_rule, sizeof(rule));
+
+ /* NULL context */
+ result = rte_acl_ipv4vlan_add_rules(NULL, &rule, 1);
+ if (result == 0) {
+ printf("Line %i: Adding rules with NULL ACL context "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* NULL rule */
+ result = rte_acl_ipv4vlan_add_rules(acx, NULL, 1);
+ if (result == 0) {
+ printf("Line %i: Adding NULL rule to ACL context "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* zero count (should succeed) */
+ result = rte_acl_ipv4vlan_add_rules(acx, &rule, 0);
+ if (result != 0) {
+ printf("Line %i: Adding 0 rules to ACL context failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* free ACL context */
+ rte_acl_free(acx);
+
+ /* set wrong rule_size so that adding any rules would fail */
+ param.rule_size = sizeof(struct rte_acl_ipv4vlan_rule) + 4;
+ acx = rte_acl_create(¶m);
+ if (acx == NULL) {
+ printf("Line %i: ACL context creation failed!\n", __LINE__);
+ return -1;
+ }
+
+ /* try adding a rule with size different from context rule_size */
+ result = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
+ if (result == 0) {
+ printf("Line %i: Adding an invalid sized rule "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* free ACL context */
+ rte_acl_free(acx);
+
+
+ /**
+ * rte_acl_ipv4vlan_build
+ */
+
+ /* reinitialize context */
+ memcpy(¶m, &acl_param, sizeof(param));
+ acx = rte_acl_create(¶m);
+ if (acx == NULL) {
+ printf("Line %i: ACL context creation failed!\n", __LINE__);
+ return -1;
+ }
+
+ /* NULL context */
+ result = rte_acl_ipv4vlan_build(NULL, layout, 1);
+ if (result == 0) {
+ printf("Line %i: Building with NULL context "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* NULL layout */
+ result = rte_acl_ipv4vlan_build(acx, NULL, 1);
+ if (result == 0) {
+ printf("Line %i: Building with NULL layout "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* zero categories (should not fail) */
+ result = rte_acl_ipv4vlan_build(acx, layout, 0);
+ if (result != 0) {
+ printf("Line %i: Building with 0 categories failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* SSE classify test */
+
+ /* cover zero categories in classify (should not fail) */
+ result = rte_acl_classify(acx, NULL, NULL, 0, 0);
+ if (result != 0) {
+ printf("Line %i: SSE classify with zero categories "
+ "failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* cover invalid but positive categories in classify */
+ result = rte_acl_classify(acx, NULL, NULL, 0, 3);
+ if (result == 0) {
+ printf("Line %i: SSE classify with 3 categories "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* scalar classify test */
+
+ /* cover zero categories in classify (should not fail) */
+ result = rte_acl_classify_scalar(acx, NULL, NULL, 0, 0);
+ if (result != 0) {
+ printf("Line %i: Scalar classify with zero categories "
+ "failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* cover invalid but positive categories in classify */
+ result = rte_acl_classify_scalar(acx, NULL, NULL, 0, 3);
+ if (result == 0) {
+ printf("Line %i: Scalar classify with 3 categories "
+ "should have failed!\n", __LINE__);
+ rte_acl_free(acx);
+ return -1;
+ }
+
+ /* free ACL context */
+ rte_acl_free(acx);
+
+
+ /**
+ * make sure void functions don't crash with NULL parameters
+ */
+
+ rte_acl_free(NULL);
+
+ rte_acl_dump(NULL);
+
+ return 0;
+}
+
+/**
+ * Various tests that don't test much but improve coverage
+ */
+static int
+test_misc(void)
+{
+ struct rte_acl_param param;
+ struct rte_acl_ctx * acx;
+
+ /* create context */
+ memcpy(¶m, &acl_param, sizeof(param));
+
+ acx = rte_acl_create(¶m);
+ if (acx == NULL) {
+ printf("Line %i: Error creating ACL context!\n", __LINE__);
+ return -1;
+ }
+
+ /* dump context with rules - useful for coverage */
+ rte_acl_list_dump();
+
+ rte_acl_dump(acx);
+
+ rte_acl_free(acx);
+
+ return 0;
+}
+
+int
+test_acl(void)
+{
+ if (test_invalid_parameters() < 0)
+ return -1;
+ if (test_invalid_rules() < 0)
+ return -1;
+ if (test_create_find_add() < 0)
+ return -1;
+ if (test_invalid_layout() < 0)
+ return -1;
+ if (test_misc() < 0)
+ return -1;
+ if (test_classify() < 0)
+ return -1;
+
+ return 0;
+}
+#else
+
+int
+test_acl(void)
+{
+ printf("This binary was not compiled with ACL support!\n");
+ return 0;
+}
+
+#endif /* RTE_LIBRTE_ACL */
--- /dev/null
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2010-2013 Intel Corporation. All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef TEST_ACL_H_
+#define TEST_ACL_H_
+
+struct ipv4_7tuple {
+ uint16_t vlan;
+ uint16_t domain;
+ uint8_t proto;
+ uint32_t ip_src;
+ uint32_t ip_dst;
+ uint16_t port_src;
+ uint16_t port_dst;
+ uint32_t allow;
+ uint32_t deny;
+};
+
+/* rules for invalid layout test */
+struct rte_acl_ipv4vlan_rule invalid_layout_rules[] = {
+ /* test src and dst address */
+ {
+ .data = {.userdata = 1, .category_mask = 1},
+ .src_addr = IPv4(10,0,0,0),
+ .src_mask_len = 24,
+ },
+ {
+ .data = {.userdata = 2, .category_mask = 1},
+ .dst_addr = IPv4(10,0,0,0),
+ .dst_mask_len = 24,
+ },
+ /* test src and dst ports */
+ {
+ .data = {.userdata = 3, .category_mask = 1},
+ .dst_port_low = 100,
+ .dst_port_high = 100,
+ },
+ {
+ .data = {.userdata = 4, .category_mask = 1},
+ .src_port_low = 100,
+ .src_port_high = 100,
+ },
+ /* test proto */
+ {
+ .data = {.userdata = 5, .category_mask = 1},
+ .proto = 0xf,
+ .proto_mask = 0xf
+ },
+ {
+ .data = {.userdata = 6, .category_mask = 1},
+ .dst_port_low = 0xf,
+ .dst_port_high = 0xf,
+ }
+};
+
+/* these might look odd because they don't match up the rules. This is
+ * intentional, as the invalid layout test presumes returning the correct
+ * results using the wrong data layout.
+ */
+struct ipv4_7tuple invalid_layout_data[] = {
+ {.ip_src = IPv4(10,0,1,0)}, /* should not match */
+ {.ip_src = IPv4(10,0,0,1), .allow = 2}, /* should match 2 */
+ {.port_src = 100, .allow = 4}, /* should match 4 */
+ {.port_dst = 0xf, .allow = 6}, /* should match 6 */
+};
+
+#define ACL_ALLOW 0
+#define ACL_DENY 1
+#define ACL_ALLOW_MASK 0x1
+#define ACL_DENY_MASK 0x2
+
+/* ruleset for ACL unit test */
+struct rte_acl_ipv4vlan_rule acl_test_rules[] = {
+/* destination IP addresses */
+ /* matches all packets traveling to 192.168.0.0/16 */
+ {
+ .data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK,
+ .priority = 2},
+ .dst_addr = IPv4(192,168,0,0),
+ .dst_mask_len = 16,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets traveling to 192.168.1.0/24 */
+ {
+ .data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK,
+ .priority = 3},
+ .dst_addr = IPv4(192,168,1,0),
+ .dst_mask_len = 24,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets traveling to 192.168.1.50 */
+ {
+ .data = {.userdata = 3, .category_mask = ACL_DENY_MASK,
+ .priority = 2},
+ .dst_addr = IPv4(192,168,1,50),
+ .dst_mask_len = 32,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+
+/* source IP addresses */
+ /* matches all packets traveling from 10.0.0.0/8 */
+ {
+ .data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK,
+ .priority = 2},
+ .src_addr = IPv4(10,0,0,0),
+ .src_mask_len = 8,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets traveling from 10.1.1.0/24 */
+ {
+ .data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK,
+ .priority = 3},
+ .src_addr = IPv4(10,1,1,0),
+ .src_mask_len = 24,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets traveling from 10.1.1.1 */
+ {
+ .data = {.userdata = 6, .category_mask = ACL_DENY_MASK,
+ .priority = 2},
+ .src_addr = IPv4(10,1,1,1),
+ .src_mask_len = 32,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+
+/* VLAN tag */
+ /* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */
+ {
+ .data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK,
+ .priority = 2},
+ .vlan = 0x64,
+ .vlan_mask = 0x7f,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets with VLAN tags that have 0x5 in them */
+ {
+ .data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK,
+ .priority = 2},
+ .vlan = 0x5,
+ .vlan_mask = 0x5,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets with VLAN tag 5 */
+ {
+ .data = {.userdata = 9, .category_mask = ACL_DENY_MASK,
+ .priority = 3},
+ .vlan = 0x5,
+ .vlan_mask = 0xffff,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+
+/* VLAN domain */
+ /* matches all packets with lower 7 bytes of domain equal to 0x64 */
+ {
+ .data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK,
+ .priority = 2},
+ .domain = 0x64,
+ .domain_mask = 0x7f,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets with domains that have 0x5 in them */
+ {
+ .data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK,
+ .priority = 3},
+ .domain = 0x5,
+ .domain_mask = 0x5,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets with domain 5 */
+ {
+ .data = {.userdata = 12, .category_mask = ACL_DENY_MASK,
+ .priority = 3},
+ .domain = 0x5,
+ .domain_mask = 0xffff,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+
+/* destination port */
+ /* matches everything with dst port 80 */
+ {
+ .data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK,
+ .priority = 3},
+ .dst_port_low = 80,
+ .dst_port_high = 80,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ },
+ /* matches everything with dst port 22-1023 */
+ {
+ .data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK,
+ .priority = 2},
+ .dst_port_low = 22,
+ .dst_port_high = 1023,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ },
+ /* matches everything with dst port 1020 */
+ {
+ .data = {.userdata = 15, .category_mask = ACL_DENY_MASK,
+ .priority = 3},
+ .dst_port_low = 1020,
+ .dst_port_high = 1020,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ },
+ /* matches everything with dst portrange 1000-2000 */
+ {
+ .data = {.userdata = 16, .category_mask = ACL_DENY_MASK,
+ .priority = 2},
+ .dst_port_low = 1000,
+ .dst_port_high = 2000,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ },
+
+/* source port */
+ /* matches everything with src port 80 */
+ {
+ .data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK,
+ .priority = 3},
+ .src_port_low = 80,
+ .src_port_high = 80,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches everything with src port 22-1023 */
+ {
+ .data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK,
+ .priority = 2},
+ .src_port_low = 22,
+ .src_port_high = 1023,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches everything with src port 1020 */
+ {
+ .data = {.userdata = 19, .category_mask = ACL_DENY_MASK,
+ .priority = 3},
+ .src_port_low = 1020,
+ .src_port_high = 1020,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches everything with src portrange 1000-2000 */
+ {
+ .data = {.userdata = 20, .category_mask = ACL_DENY_MASK,
+ .priority = 2},
+ .src_port_low = 1000,
+ .src_port_high = 2000,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+
+/* protocol number */
+ /* matches all packets with protocol number either 0x64 or 0xE4 */
+ {
+ .data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK,
+ .priority = 2},
+ .proto = 0x64,
+ .proto_mask = 0x7f,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets with protocol that have 0x5 in them */
+ {
+ .data = {.userdata = 22, .category_mask = ACL_ALLOW_MASK,
+ .priority = 2},
+ .proto = 0x5,
+ .proto_mask = 0x5,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+ /* matches all packets with protocol 5 */
+ {
+ .data = {.userdata = 23, .category_mask = ACL_DENY_MASK,
+ .priority = 3},
+ .proto = 0x5,
+ .proto_mask = 0xff,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 0,
+ .dst_port_high = 0xffff,
+ },
+
+/* rules combining various fields */
+ {
+ .data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK,
+ .priority = 4},
+ /** make sure that unmasked bytes don't fail! */
+ .dst_addr = IPv4(1,2,3,4),
+ .dst_mask_len = 16,
+ .src_addr = IPv4(5,6,7,8),
+ .src_mask_len = 24,
+ .proto = 0x5,
+ .proto_mask = 0xff,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 22,
+ .dst_port_high = 1024,
+ .vlan = 0x8100,
+ .vlan_mask = 0xffff,
+ .domain = 0x64,
+ .domain_mask = 0xffff,
+ },
+ {
+ .data = {.userdata = 25, .category_mask = ACL_DENY_MASK,
+ .priority = 4},
+ .dst_addr = IPv4(5,6,7,8),
+ .dst_mask_len = 24,
+ .src_addr = IPv4(1,2,3,4),
+ .src_mask_len = 16,
+ .proto = 0x5,
+ .proto_mask = 0xff,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 22,
+ .dst_port_high = 1024,
+ .vlan = 0x8100,
+ .vlan_mask = 0xffff,
+ .domain = 0x64,
+ .domain_mask = 0xffff,
+ },
+ {
+ .data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK,
+ .priority = 5},
+ .dst_addr = IPv4(1,2,3,4),
+ .dst_mask_len = 8,
+ .src_addr = IPv4(5,6,7,8),
+ .src_mask_len = 32,
+ .proto = 0x5,
+ .proto_mask = 0xff,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 22,
+ .dst_port_high = 1024,
+ .vlan = 0x64,
+ .vlan_mask = 0xffff,
+ },
+ {
+ .data = {.userdata = 27, .category_mask = ACL_DENY_MASK,
+ .priority = 5},
+ .dst_addr = IPv4(5,6,7,8),
+ .dst_mask_len = 32,
+ .src_addr = IPv4(1,2,3,4),
+ .src_mask_len = 8,
+ .proto = 0x5,
+ .proto_mask = 0xff,
+ .src_port_low = 0,
+ .src_port_high = 0xffff,
+ .dst_port_low = 22,
+ .dst_port_high = 1024,
+ .vlan = 0x64,
+ .vlan_mask = 0xffff,
+ },
+};
+
+/* data for ACL unit test */
+struct ipv4_7tuple acl_test_data[] = {
+/* testing single rule aspects */
+ {.ip_src = IPv4(10,0,0,0), .allow = 4}, /* should match 4 */
+ {.ip_src = IPv4(10,1,1,2), .allow = 5}, /* should match 5 */
+ {.ip_src = IPv4(10,1,1,1), .allow = 5,
+ .deny = 6}, /* should match 5, 6 */
+ {.ip_dst = IPv4(10,0,0,0)}, /* should not match */
+ {.ip_dst = IPv4(10,1,1,2)}, /* should not match */
+ {.ip_dst = IPv4(10,1,1,1)}, /* should not match */
+
+ {.ip_src = IPv4(192,168,2,50)}, /* should not match */
+ {.ip_src = IPv4(192,168,1,2)}, /* should not match */
+ {.ip_src = IPv4(192,168,1,50)}, /* should not match */
+ {.ip_dst = IPv4(192,168,2,50), .allow = 1}, /* should match 1 */
+ {.ip_dst = IPv4(192,168,1,49), .allow = 2}, /* should match 2 */
+ {.ip_dst = IPv4(192,168,1,50), .allow = 2,
+ .deny = 3}, /* should match 2, 3 */
+
+ {.vlan = 0x64, .allow = 7}, /* should match 7 */
+ {.vlan = 0xfE4, .allow = 7}, /* should match 7 */
+ {.vlan = 0xE2}, /* should not match */
+ {.vlan = 0xD, .allow = 8}, /* should match 8 */
+ {.vlan = 0x6}, /* should not match */
+ {.vlan = 0x5, .allow = 8, .deny = 9}, /* should match 8, 9 */
+
+ {.domain = 0x64, .allow = 10}, /* should match 10 */
+ {.domain = 0xfE4, .allow = 10}, /* should match 10 */
+ {.domain = 0xE2}, /* should not match */
+ {.domain = 0xD, .allow = 11}, /* should match 11 */
+ {.domain = 0x6}, /* should not match */
+ {.domain = 0x5, .allow = 11, .deny = 12}, /* should match 11, 12 */
+
+ {.port_dst = 80, .allow = 13}, /* should match 13 */
+ {.port_dst = 79, .allow = 14}, /* should match 14 */
+ {.port_dst = 81, .allow = 14}, /* should match 14 */
+ {.port_dst = 21}, /* should not match */
+ {.port_dst = 1024, .deny = 16}, /* should match 16 */
+ {.port_dst = 1020, .allow = 14, .deny = 15}, /* should match 14, 15 */
+
+ {.port_src = 80, .allow = 17}, /* should match 17 */
+ {.port_src = 79, .allow = 18}, /* should match 18 */
+ {.port_src = 81, .allow = 18}, /* should match 18 */
+ {.port_src = 21}, /* should not match */
+ {.port_src = 1024, .deny = 20}, /* should match 20 */
+ {.port_src = 1020, .allow = 18, .deny = 19}, /* should match 18, 19 */
+
+ {.proto = 0x64, .allow = 21}, /* should match 21 */
+ {.proto = 0xE4, .allow = 21}, /* should match 21 */
+ {.proto = 0xE2}, /* should not match */
+ {.proto = 0xD, .allow = 22}, /* should match 22 */
+ {.proto = 0x6}, /* should not match */
+ {.proto = 0x5, .allow = 22, .deny = 23}, /* should match 22, 23 */
+
+/* testing matching multiple rules at once */
+ {.vlan = 0x5, .ip_src = IPv4(10,1,1,1),
+ .allow = 5, .deny = 9}, /* should match 5, 9 */
+ {.vlan = 0x5, .ip_src = IPv4(192,168,2,50),
+ .allow = 8, .deny = 9}, /* should match 8, 9 */
+ {.vlan = 0x55, .ip_src = IPv4(192,168,1,49),
+ .allow = 8}, /* should match 8 */
+ {.port_dst = 80, .port_src = 1024,
+ .allow = 13, .deny = 20}, /* should match 13,20 */
+ {.port_dst = 79, .port_src = 1024,
+ .allow = 14, .deny = 20}, /* should match 14,20 */
+ {.proto = 0x5, .ip_dst = IPv4(192,168,2,50),
+ .allow = 1, .deny = 23}, /* should match 1, 23 */
+
+ {.proto = 0x5, .ip_dst = IPv4(192,168,1,50),
+ .allow = 2, .deny = 23}, /* should match 2, 23 */
+ {.vlan = 0x64, .domain = 0x5,
+ .allow = 11, .deny = 12}, /* should match 11, 12 */
+ {.proto = 0x5, .port_src = 80,
+ .allow = 17, .deny = 23}, /* should match 17, 23 */
+ {.proto = 0x5, .port_dst = 80,
+ .allow = 13, .deny = 23}, /* should match 13, 23 */
+ {.proto = 0x51, .port_src = 5000}, /* should not match */
+ {.ip_src = IPv4(192,168,1,50),
+ .ip_dst = IPv4(10,0,0,0),
+ .proto = 0x51,
+ .port_src = 5000,
+ .port_dst = 5000}, /* should not match */
+
+/* test full packet rules */
+ {
+ .ip_dst = IPv4(1,2,100,200),
+ .ip_src = IPv4(5,6,7,254),
+ .proto = 0x5,
+ .vlan = 0x8100,
+ .domain = 0x64,
+ .port_src = 12345,
+ .port_dst = 80,
+ .allow = 24,
+ .deny = 23
+ }, /* should match 23, 24 */
+ {
+ .ip_dst = IPv4(5,6,7,254),
+ .ip_src = IPv4(1,2,100,200),
+ .proto = 0x5,
+ .vlan = 0x8100,
+ .domain = 0x64,
+ .port_src = 12345,
+ .port_dst = 80,
+ .allow = 13,
+ .deny = 25
+ }, /* should match 13, 25 */
+ {
+ .ip_dst = IPv4(1,10,20,30),
+ .ip_src = IPv4(5,6,7,8),
+ .proto = 0x5,
+ .vlan = 0x64,
+ .port_src = 12345,
+ .port_dst = 80,
+ .allow = 26,
+ .deny = 23
+ }, /* should match 23, 26 */
+ {
+ .ip_dst = IPv4(5,6,7,8),
+ .ip_src = IPv4(1,10,20,30),
+ .proto = 0x5,
+ .vlan = 0x64,
+ .port_src = 12345,
+ .port_dst = 80,
+ .allow = 13,
+ .deny = 27
+ }, /* should match 13, 27 */
+ {
+ .ip_dst = IPv4(2,2,3,4),
+ .ip_src = IPv4(4,6,7,8),
+ .proto = 0x5,
+ .vlan = 0x64,
+ .port_src = 12345,
+ .port_dst = 80,
+ .allow = 13,
+ .deny = 23
+ }, /* should match 13, 23 */
+ {
+ .ip_dst = IPv4(1,2,3,4),
+ .ip_src = IPv4(4,6,7,8),
+ .proto = 0x5,
+ .vlan = 0x64,
+ .port_src = 12345,
+ .port_dst = 80,
+ .allow = 13,
+ .deny = 23
+ }, /* should match 13, 23 */
+
+
+/* visual separator! */
+ {
+ .ip_dst = IPv4(1,2,100,200),
+ .ip_src = IPv4(5,6,7,254),
+ .proto = 0x55,
+ .vlan = 0x8000,
+ .domain = 0x6464,
+ .port_src = 12345,
+ .port_dst = 8080,
+ .allow = 10
+ }, /* should match 10 */
+ {
+ .ip_dst = IPv4(5,6,7,254),
+ .ip_src = IPv4(1,2,100,200),
+ .proto = 0x55,
+ .vlan = 0x8100,
+ .domain = 0x6464,
+ .port_src = 12345,
+ .port_dst = 180,
+ .allow = 10
+ }, /* should match 10 */
+ {
+ .ip_dst = IPv4(1,10,20,30),
+ .ip_src = IPv4(5,6,7,8),
+ .proto = 0x55,
+ .vlan = 0x64,
+ .port_src = 12345,
+ .port_dst = 180,
+ .allow = 7
+ }, /* should match 7 */
+ {
+ .ip_dst = IPv4(5,6,7,8),
+ .ip_src = IPv4(1,10,20,30),
+ .proto = 0x55,
+ .vlan = 0x64,
+ .port_src = 12345,
+ .port_dst = 180,
+ .allow = 7
+ }, /* should match 7 */
+ {
+ .ip_dst = IPv4(2,2,3,4),
+ .ip_src = IPv4(4,6,7,8),
+ .proto = 0x55,
+ .vlan = 0x64,
+ .port_src = 12345,
+ .port_dst = 180,
+ .allow = 7
+ }, /* should match 7 */
+ {
+ .ip_dst = IPv4(1,2,3,4),
+ .ip_src = IPv4(4,6,7,8),
+ .proto = 0x50,
+ .vlan = 0x6466,
+ .port_src = 12345,
+ .port_dst = 12345,
+ }, /* should not match */
+};
+
+#endif /* TEST_ACL_H_ */
+++ /dev/null
-/*-
- * BSD LICENSE
- *
- * Copyright(c) 2010-2013 Intel Corporation. All rights reserved.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Intel Corporation nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <string.h>
-#include <errno.h>
-
-#include <cmdline_parse.h>
-
-#include <rte_string_fns.h>
-#include <rte_mbuf.h>
-
-#include "test.h"
-
-#ifdef RTE_LIBRTE_PMAC
-
-#include <rte_byteorder.h>
-#include <rte_ip.h>
-#include <rte_acl.h>
-
-#include "test_pmac_acl.h"
-
-#define LEN RTE_ACL_MAX_CATEGORIES
-
-struct rte_acl_param acl_param = {
- .name = "acl_ctx",
- .socket_id = SOCKET_ID_ANY,
- .rule_size = sizeof(struct rte_acl_ipv4vlan_rule),
- .max_rule_num = 0x30000,
-};
-
-struct rte_acl_ipv4vlan_rule acl_rule = {
- .data = { .priority = 1, .category_mask = 0xff },
- .src_port_low = 0,
- .src_port_high = UINT16_MAX,
- .dst_port_low = 0,
- .dst_port_high = UINT16_MAX,
-};
-
-/* byteswap to cpu or network order */
-static void
-bswap_test_data(struct ipv4_7tuple * data, int len, int to_be)
-{
- int i;
-
- for (i = 0; i < len; i++) {
-
- if (to_be) {
- /* swap all bytes so that they are in network order */
- data[i].ip_dst = rte_cpu_to_be_32(data[i].ip_dst);
- data[i].ip_src = rte_cpu_to_be_32(data[i].ip_src);
- data[i].port_dst = rte_cpu_to_be_16(data[i].port_dst);
- data[i].port_src = rte_cpu_to_be_16(data[i].port_src);
- data[i].vlan = rte_cpu_to_be_16(data[i].vlan);
- data[i].domain = rte_cpu_to_be_16(data[i].domain);
- }
- else {
- data[i].ip_dst = rte_be_to_cpu_32(data[i].ip_dst);
- data[i].ip_src = rte_be_to_cpu_32(data[i].ip_src);
- data[i].port_dst = rte_be_to_cpu_16(data[i].port_dst);
- data[i].port_src = rte_be_to_cpu_16(data[i].port_src);
- data[i].vlan = rte_be_to_cpu_16(data[i].vlan);
- data[i].domain = rte_be_to_cpu_16(data[i].domain);
- }
- }
-}
-
-/*
- * Test scalar and SSE ACL lookup.
- */
-static int
-test_classify(void)
-{
- struct rte_acl_ctx * acx;
- int ret, i;
- uint32_t result, count;
-
- uint32_t results[DIM(acl_test_data) * RTE_ACL_MAX_CATEGORIES];
-
- const uint8_t * data[DIM(acl_test_data)];
-
- const uint32_t layout[RTE_ACL_IPV4VLAN_NUM] = {
- offsetof(struct ipv4_7tuple, proto),
- offsetof(struct ipv4_7tuple, vlan),
- offsetof(struct ipv4_7tuple, ip_src),
- offsetof(struct ipv4_7tuple, ip_dst),
- offsetof(struct ipv4_7tuple, port_src),
- };
-
- acx = rte_acl_create(&acl_param);
- if (acx == NULL) {
- printf("Line %i: Error creating ACL context!\n", __LINE__);
- return -1;
- }
-
- /* add rules to the context */
- ret = rte_acl_ipv4vlan_add_rules(acx, acl_test_rules,
- DIM(acl_test_rules));
- if (ret != 0) {
- printf("Line %i: Adding rules to ACL context failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* try building the context */
- ret = rte_acl_ipv4vlan_build(acx, layout, RTE_ACL_MAX_CATEGORIES);
- if (ret != 0) {
- printf("Line %i: Building ACL context failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* swap all bytes in the data to network order */
- bswap_test_data(acl_test_data, DIM(acl_test_data), 1);
-
- /* store pointers to test data */
- for (i = 0; i < (int) DIM(acl_test_data); i++)
- data[i] = (uint8_t *)&acl_test_data[i];
-
- /**
- * these will run quite a few times, it's necessary to test code paths
- * from num=0 to num>8
- */
- for (count = 0; count < DIM(acl_test_data); count++) {
- ret = rte_acl_classify(acx, data, results,
- count, RTE_ACL_MAX_CATEGORIES);
- if (ret != 0) {
- printf("Line %i: SSE classify failed!\n", __LINE__);
- goto err;
- }
-
- /* check if we allow everything we should allow */
- for (i = 0; i < (int) count; i++) {
- result = results[i * RTE_ACL_MAX_CATEGORIES + ACL_ALLOW];
- if (result != acl_test_data[i].allow) {
- printf("Line %i: Error in allow results at %i "
- "(expected %"PRIu32" got %"PRIu32")!\n",
- __LINE__, i, acl_test_data[i].allow,
- result);
- goto err;
- }
- }
-
- /* check if we deny everything we should deny */
- for (i = 0; i < (int) count; i++) {
- result = results[i * RTE_ACL_MAX_CATEGORIES + ACL_DENY];
- if (result != acl_test_data[i].deny) {
- printf("Line %i: Error in deny results at %i "
- "(expected %"PRIu32" got %"PRIu32")!\n",
- __LINE__, i, acl_test_data[i].deny,
- result);
- goto err;
- }
- }
- }
-
- /* make a quick check for scalar */
- ret = rte_acl_classify_scalar(acx, data, results,
- DIM(acl_test_data), RTE_ACL_MAX_CATEGORIES);
- if (ret != 0) {
- printf("Line %i: SSE classify failed!\n", __LINE__);
- goto err;
- }
-
- /* check if we allow everything we should allow */
- for (i = 0; i < (int) DIM(acl_test_data); i++) {
- result = results[i * RTE_ACL_MAX_CATEGORIES + ACL_ALLOW];
- if (result != acl_test_data[i].allow) {
- printf("Line %i: Error in allow results at %i "
- "(expected %"PRIu32" got %"PRIu32")!\n",
- __LINE__, i, acl_test_data[i].allow,
- result);
- goto err;
- }
- }
-
- /* check if we deny everything we should deny */
- for (i = 0; i < (int) DIM(acl_test_data); i++) {
- result = results[i * RTE_ACL_MAX_CATEGORIES + ACL_DENY];
- if (result != acl_test_data[i].deny) {
- printf("Line %i: Error in deny results at %i "
- "(expected %"PRIu32" got %"PRIu32")!\n",
- __LINE__, i, acl_test_data[i].deny,
- result);
- goto err;
- }
- }
-
- /* free ACL context */
- rte_acl_free(acx);
-
- /* swap data back to cpu order so that next time tests don't fail */
- bswap_test_data(acl_test_data, DIM(acl_test_data), 0);
-
- return 0;
-err:
-
- /* swap data back to cpu order so that next time tests don't fail */
- bswap_test_data(acl_test_data, DIM(acl_test_data), 0);
-
- rte_acl_free(acx);
-
- return -1;
-}
-
-/*
- * Test wrong layout behavior
- * This test supplies the ACL context with invalid layout, which results in
- * ACL matching the wrong stuff. However, it should match the wrong stuff
- * the right way. We switch around source and destination addresses,
- * source and destination ports, and protocol will point to first byte of
- * destination port.
- */
-static int
-test_invalid_layout(void)
-{
- struct rte_acl_ctx * acx;
- int ret, i;
-
- uint32_t results[DIM(invalid_layout_data)];
- const uint8_t * data[DIM(invalid_layout_data)];
-
- const uint32_t layout[RTE_ACL_IPV4VLAN_NUM] = {
- /* proto points to destination port's first byte */
- offsetof(struct ipv4_7tuple, port_dst),
-
- 0, /* VLAN not used */
-
- /* src and dst addresses are swapped */
- offsetof(struct ipv4_7tuple, ip_dst),
- offsetof(struct ipv4_7tuple, ip_src),
-
- /* we can't swap ports here, so we will swap them in the data */
- offsetof(struct ipv4_7tuple, port_src),
- };
-
- acx = rte_acl_create(&acl_param);
- if (acx == NULL) {
- printf("Line %i: Error creating ACL context!\n", __LINE__);
- return -1;
- }
-
- /* putting a lot of rules into the context results in greater
- * coverage numbers. it doesn't matter if they are identical */
- for (i = 0; i < 1000; i++) {
- /* add rules to the context */
- ret = rte_acl_ipv4vlan_add_rules(acx, invalid_layout_rules,
- DIM(invalid_layout_rules));
- if (ret != 0) {
- printf("Line %i: Adding rules to ACL context failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
- }
-
- /* try building the context */
- ret = rte_acl_ipv4vlan_build(acx, layout, 1);
- if (ret != 0) {
- printf("Line %i: Building ACL context failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* swap all bytes in the data to network order */
- bswap_test_data(invalid_layout_data, DIM(invalid_layout_data), 1);
-
- /* prepare data */
- for (i = 0; i < (int) DIM(invalid_layout_data); i++) {
- data[i] = (uint8_t *)&invalid_layout_data[i];
- }
-
- /* classify tuples */
- ret = rte_acl_classify(acx, data, results,
- DIM(results), 1);
- if (ret != 0) {
- printf("Line %i: SSE classify failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- for (i = 0; i < (int) DIM(results); i++) {
- if (results[i] != invalid_layout_data[i].allow) {
- printf("Line %i: Wrong results at %i (result=%u, should be %u)!\n",
- __LINE__, i, results[i], invalid_layout_data[i].allow);
- goto err;
- }
- }
-
- /* classify tuples (scalar) */
- ret = rte_acl_classify_scalar(acx, data, results,
- DIM(results), 1);
- if (ret != 0) {
- printf("Line %i: Scalar classify failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- for (i = 0; i < (int) DIM(results); i++) {
- if (results[i] != invalid_layout_data[i].allow) {
- printf("Line %i: Wrong results at %i (result=%u, should be %u)!\n",
- __LINE__, i, results[i], invalid_layout_data[i].allow);
- goto err;
- }
- }
-
- rte_acl_free(acx);
-
- /* swap data back to cpu order so that next time tests don't fail */
- bswap_test_data(invalid_layout_data, DIM(invalid_layout_data), 0);
-
- return 0;
-err:
-
- /* swap data back to cpu order so that next time tests don't fail */
- bswap_test_data(invalid_layout_data, DIM(invalid_layout_data), 0);
-
- rte_acl_free(acx);
-
- return -1;
-}
-
-/*
- * Test creating and finding ACL contexts, and adding rules
- */
-static int
-test_create_find_add(void)
-{
- struct rte_acl_param param;
- struct rte_acl_ctx * acx, *acx2, *tmp;
- struct rte_acl_ipv4vlan_rule rules[LEN];
-
- const uint32_t layout[RTE_ACL_IPV4VLAN_NUM] = {0};
-
- const char * acx_name = "acx";
- const char * acx2_name = "acx2";
- int i, ret;
-
- /* create two contexts */
- memcpy(¶m, &acl_param, sizeof(param));
- param.max_rule_num = 2;
-
- param.name = acx_name;
- acx = rte_acl_create(¶m);
- if (acx == NULL) {
- printf("Line %i: Error creating %s!\n", __LINE__, acx_name);
- return -1;
- }
-
- param.name = acx2_name;
- acx2 = rte_acl_create(¶m);
- if (acx2 == NULL || acx2 == acx) {
- printf("Line %i: Error creating %s!\n", __LINE__, acx2_name);
- rte_acl_free(acx);
- return -1;
- }
-
- /* try to create third one, with an existing name */
- param.name = acx_name;
- tmp = rte_acl_create(¶m);
- if (tmp != acx) {
- printf("Line %i: Creating context with existing name test failed!\n",
- __LINE__);
- if (tmp)
- rte_acl_free(tmp);
- goto err;
- }
-
- param.name = acx2_name;
- tmp = rte_acl_create(¶m);
- if (tmp != acx2) {
- printf("Line %i: Creating context with existing name test 2 failed!\n",
- __LINE__);
- if (tmp)
- rte_acl_free(tmp);
- goto err;
- }
-
- /* try to find existing PM contexts */
- tmp = rte_acl_find_existing(acx_name);
- if (tmp != acx) {
- printf("Line %i: Finding %s failed!\n", __LINE__, acx_name);
- if (tmp)
- rte_acl_free(tmp);
- goto err;
- }
-
- tmp = rte_acl_find_existing(acx2_name);
- if (tmp != acx2) {
- printf("Line %i: Finding %s failed!\n", __LINE__, acx2_name);
- if (tmp)
- rte_acl_free(tmp);
- goto err;
- }
-
- /* try to find non-existing context */
- tmp = rte_acl_find_existing("invalid");
- if (tmp != NULL) {
- printf("Line %i: Non-existent PM context found!\n", __LINE__);
- goto err;
- }
-
- /* free context */
- rte_acl_free(acx);
-
-
- /* create valid (but severely limited) acx */
- memcpy(¶m, &acl_param, sizeof(param));
- param.max_rule_num = LEN;
-
- acx = rte_acl_create(¶m);
- if (acx == NULL) {
- printf("Line %i: Error creating %s!\n", __LINE__, param.name);
- goto err;
- }
-
- /* create dummy acl */
- for (i = 0; i < LEN; i++) {
- memcpy(&rules[i], &acl_rule, sizeof(struct rte_acl_ipv4vlan_rule));
- rules[i].data.userdata = i + 1; /* skip zero */
- rules[i].data.category_mask = 1 << i; /* one rule per category */
- }
-
- /* try filling up the context */
- ret = rte_acl_ipv4vlan_add_rules(acx, rules, LEN);
- if (ret != 0) {
- printf("Line %i: Adding %i rules to ACL context failed!\n",
- __LINE__, LEN);
- goto err;
- }
-
- /* try adding to a (supposedly) full context */
- ret = rte_acl_ipv4vlan_add_rules(acx, rules, 1);
- if (ret == 0) {
- printf("Line %i: Adding rules to full ACL context should"
- "have failed!\n", __LINE__);
- goto err;
- }
-
- /* try building the context */
- ret = rte_acl_ipv4vlan_build(acx, layout, RTE_ACL_MAX_CATEGORIES);
- if (ret != 0) {
- printf("Line %i: Building ACL context failed!\n", __LINE__);
- goto err;
- }
-
- rte_acl_free(acx);
- rte_acl_free(acx2);
-
- return 0;
-err:
- rte_acl_free(acx);
- rte_acl_free(acx2);
- return -1;
-}
-
-/*
- * test various invalid rules
- */
-static int
-test_invalid_rules(void)
-{
- struct rte_acl_ctx * acx;
- int ret;
-
- struct rte_acl_ipv4vlan_rule rule;
-
- acx = rte_acl_create(&acl_param);
- if (acx == NULL) {
- printf("Line %i: Error creating ACL context!\n", __LINE__);
- return -1;
- }
-
- /* test inverted high/low source and destination ports.
- * originally, there was a problem with memory consumption when using
- * such rules.
- */
- /* create dummy acl */
- memcpy(&rule, &acl_rule, sizeof(struct rte_acl_ipv4vlan_rule));
- rule.data.userdata = 1;
- rule.dst_port_low = 0xfff0;
- rule.dst_port_high = 0x0010;
-
- /* add rules to context and try to build it */
- ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
- if (ret == 0) {
- printf("Line %i: Adding rules to ACL context "
- "should have failed!\n", __LINE__);
- goto err;
- }
-
- rule.dst_port_low = 0x0;
- rule.dst_port_high = 0xffff;
- rule.src_port_low = 0xfff0;
- rule.src_port_high = 0x0010;
-
- /* add rules to context and try to build it */
- ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
- if (ret == 0) {
- printf("Line %i: Adding rules to ACL context "
- "should have failed!\n", __LINE__);
- goto err;
- }
-
- rule.dst_port_low = 0x0;
- rule.dst_port_high = 0xffff;
- rule.src_port_low = 0x0;
- rule.src_port_high = 0xffff;
-
- rule.dst_mask_len = 33;
-
- /* add rules to context and try to build it */
- ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
- if (ret == 0) {
- printf("Line %i: Adding rules to ACL context "
- "should have failed!\n", __LINE__);
- goto err;
- }
-
- rule.dst_mask_len = 0;
- rule.src_mask_len = 33;
-
- /* add rules to context and try to build it */
- ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
- if (ret == 0) {
- printf("Line %i: Adding rules to ACL context "
- "should have failed!\n", __LINE__);
- goto err;
- }
-
- rule.dst_mask_len = 0;
- rule.src_mask_len = 0;
- rule.data.userdata = 0;
-
- /* try adding this rule (it should fail because userdata is invalid) */
- ret = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
- if (ret == 0) {
- printf("Line %i: Adding a rule with invalid user data "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- rte_acl_free(acx);
-
- return 0;
-
-err:
- rte_acl_free(acx);
-
- return -1;
-}
-
-/*
- * test functions by passing invalid or
- * non-workable parameters.
- *
- * we do very limited testing of classify functions here
- * because those are performance-critical and
- * thus don't do much parameter checking.
- */
-static int
-test_invalid_parameters(void)
-{
- struct rte_acl_param param;
- struct rte_acl_ctx * acx;
- struct rte_acl_ipv4vlan_rule rule;
- int result;
-
- uint32_t layout[RTE_ACL_IPV4VLAN_NUM] = {0};
-
-
- /**
- * rte_ac_create()
- */
-
- /* NULL param */
- acx = rte_acl_create(NULL);
- if (acx != NULL) {
- printf("Line %i: ACL context creation with NULL param "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* zero rule size */
- memcpy(¶m, &acl_param, sizeof(param));
- param.rule_size = 0;
-
- acx = rte_acl_create(¶m);
- if (acx == NULL) {
- printf("Line %i: ACL context creation with zero rule len "
- "failed!\n", __LINE__);
- return -1;
- }
- else
- rte_acl_free(acx);
-
- /* zero max rule num */
- memcpy(¶m, &acl_param, sizeof(param));
- param.max_rule_num = 0;
-
- acx = rte_acl_create(¶m);
- if (acx == NULL) {
- printf("Line %i: ACL context creation with zero rule num "
- "failed!\n", __LINE__);
- return -1;
- }
- else
- rte_acl_free(acx);
-
- /* invalid NUMA node */
- memcpy(¶m, &acl_param, sizeof(param));
- param.socket_id = RTE_MAX_NUMA_NODES + 1;
-
- acx = rte_acl_create(¶m);
- if (acx != NULL) {
- printf("Line %i: ACL context creation with invalid NUMA "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* NULL name */
- memcpy(¶m, &acl_param, sizeof(param));
- param.name = NULL;
-
- acx = rte_acl_create(¶m);
- if (acx != NULL) {
- printf("Line %i: ACL context creation with NULL name "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /**
- * rte_acl_find_existing
- */
-
- acx = rte_acl_find_existing(NULL);
- if (acx != NULL) {
- printf("Line %i: NULL ACL context found!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /**
- * rte_acl_ipv4vlan_add_rules
- */
-
- /* initialize everything */
- memcpy(¶m, &acl_param, sizeof(param));
- acx = rte_acl_create(¶m);
- if (acx == NULL) {
- printf("Line %i: ACL context creation failed!\n", __LINE__);
- return -1;
- }
-
- memcpy(&rule, &acl_rule, sizeof(rule));
-
- /* NULL context */
- result = rte_acl_ipv4vlan_add_rules(NULL, &rule, 1);
- if (result == 0) {
- printf("Line %i: Adding rules with NULL ACL context "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* NULL rule */
- result = rte_acl_ipv4vlan_add_rules(acx, NULL, 1);
- if (result == 0) {
- printf("Line %i: Adding NULL rule to ACL context "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* zero count (should succeed) */
- result = rte_acl_ipv4vlan_add_rules(acx, &rule, 0);
- if (result != 0) {
- printf("Line %i: Adding 0 rules to ACL context failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* free ACL context */
- rte_acl_free(acx);
-
- /* set wrong rule_size so that adding any rules would fail */
- param.rule_size = sizeof(struct rte_acl_ipv4vlan_rule) + 4;
- acx = rte_acl_create(¶m);
- if (acx == NULL) {
- printf("Line %i: ACL context creation failed!\n", __LINE__);
- return -1;
- }
-
- /* try adding a rule with size different from context rule_size */
- result = rte_acl_ipv4vlan_add_rules(acx, &rule, 1);
- if (result == 0) {
- printf("Line %i: Adding an invalid sized rule "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* free ACL context */
- rte_acl_free(acx);
-
-
- /**
- * rte_acl_ipv4vlan_build
- */
-
- /* reinitialize context */
- memcpy(¶m, &acl_param, sizeof(param));
- acx = rte_acl_create(¶m);
- if (acx == NULL) {
- printf("Line %i: ACL context creation failed!\n", __LINE__);
- return -1;
- }
-
- /* NULL context */
- result = rte_acl_ipv4vlan_build(NULL, layout, 1);
- if (result == 0) {
- printf("Line %i: Building with NULL context "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* NULL layout */
- result = rte_acl_ipv4vlan_build(acx, NULL, 1);
- if (result == 0) {
- printf("Line %i: Building with NULL layout "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* zero categories (should not fail) */
- result = rte_acl_ipv4vlan_build(acx, layout, 0);
- if (result != 0) {
- printf("Line %i: Building with 0 categories failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* SSE classify test */
-
- /* cover zero categories in classify (should not fail) */
- result = rte_acl_classify(acx, NULL, NULL, 0, 0);
- if (result != 0) {
- printf("Line %i: SSE classify with zero categories "
- "failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* cover invalid but positive categories in classify */
- result = rte_acl_classify(acx, NULL, NULL, 0, 3);
- if (result == 0) {
- printf("Line %i: SSE classify with 3 categories "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* scalar classify test */
-
- /* cover zero categories in classify (should not fail) */
- result = rte_acl_classify_scalar(acx, NULL, NULL, 0, 0);
- if (result != 0) {
- printf("Line %i: Scalar classify with zero categories "
- "failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* cover invalid but positive categories in classify */
- result = rte_acl_classify_scalar(acx, NULL, NULL, 0, 3);
- if (result == 0) {
- printf("Line %i: Scalar classify with 3 categories "
- "should have failed!\n", __LINE__);
- rte_acl_free(acx);
- return -1;
- }
-
- /* free ACL context */
- rte_acl_free(acx);
-
-
- /**
- * make sure void functions don't crash with NULL parameters
- */
-
- rte_acl_free(NULL);
-
- rte_acl_dump(NULL);
-
- return 0;
-}
-
-/**
- * Various tests that don't test much but improve coverage
- */
-static int
-test_misc(void)
-{
- struct rte_acl_param param;
- struct rte_acl_ctx * acx;
-
- /* create context */
- memcpy(¶m, &acl_param, sizeof(param));
-
- acx = rte_acl_create(¶m);
- if (acx == NULL) {
- printf("Line %i: Error creating ACL context!\n", __LINE__);
- return -1;
- }
-
- /* dump context with rules - useful for coverage */
- rte_acl_list_dump();
-
- rte_acl_dump(acx);
-
- rte_acl_free(acx);
-
- return 0;
-}
-
-int
-test_pmac_acl(void)
-{
- if (test_invalid_parameters() < 0)
- return -1;
- if (test_invalid_rules() < 0)
- return -1;
- if (test_create_find_add() < 0)
- return -1;
- if (test_invalid_layout() < 0)
- return -1;
- if (test_misc() < 0)
- return -1;
- if (test_classify() < 0)
- return -1;
-
- return 0;
-}
-#else
-
-int
-test_pmac_acl(void)
-{
- printf("This binary was not compiled with PMAC support!\n");
- return 0;
-}
-
-#endif /* RTE_LIBRTE_PMAC */
+++ /dev/null
-/*-
- * BSD LICENSE
- *
- * Copyright(c) 2010-2013 Intel Corporation. All rights reserved.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Intel Corporation nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef TEST_PMAC_ACL_H_
-#define TEST_PMAC_ACL_H_
-
-struct ipv4_7tuple {
- uint16_t vlan;
- uint16_t domain;
- uint8_t proto;
- uint32_t ip_src;
- uint32_t ip_dst;
- uint16_t port_src;
- uint16_t port_dst;
- uint32_t allow;
- uint32_t deny;
-};
-
-/* rules for invalid layout test */
-struct rte_acl_ipv4vlan_rule invalid_layout_rules[] = {
- /* test src and dst address */
- {
- .data = {.userdata = 1, .category_mask = 1},
- .src_addr = IPv4(10,0,0,0),
- .src_mask_len = 24,
- },
- {
- .data = {.userdata = 2, .category_mask = 1},
- .dst_addr = IPv4(10,0,0,0),
- .dst_mask_len = 24,
- },
- /* test src and dst ports */
- {
- .data = {.userdata = 3, .category_mask = 1},
- .dst_port_low = 100,
- .dst_port_high = 100,
- },
- {
- .data = {.userdata = 4, .category_mask = 1},
- .src_port_low = 100,
- .src_port_high = 100,
- },
- /* test proto */
- {
- .data = {.userdata = 5, .category_mask = 1},
- .proto = 0xf,
- .proto_mask = 0xf
- },
- {
- .data = {.userdata = 6, .category_mask = 1},
- .dst_port_low = 0xf,
- .dst_port_high = 0xf,
- }
-};
-
-/* these might look odd because they don't match up the rules. This is
- * intentional, as the invalid layout test presumes returning the correct
- * results using the wrong data layout.
- */
-struct ipv4_7tuple invalid_layout_data[] = {
- {.ip_src = IPv4(10,0,1,0)}, /* should not match */
- {.ip_src = IPv4(10,0,0,1), .allow = 2}, /* should match 2 */
- {.port_src = 100, .allow = 4}, /* should match 4 */
- {.port_dst = 0xf, .allow = 6}, /* should match 6 */
-};
-
-#define ACL_ALLOW 0
-#define ACL_DENY 1
-#define ACL_ALLOW_MASK 0x1
-#define ACL_DENY_MASK 0x2
-
-/* ruleset for ACL unit test */
-struct rte_acl_ipv4vlan_rule acl_test_rules[] = {
-/* destination IP addresses */
- /* matches all packets traveling to 192.168.0.0/16 */
- {
- .data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK,
- .priority = 2},
- .dst_addr = IPv4(192,168,0,0),
- .dst_mask_len = 16,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets traveling to 192.168.1.0/24 */
- {
- .data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK,
- .priority = 3},
- .dst_addr = IPv4(192,168,1,0),
- .dst_mask_len = 24,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets traveling to 192.168.1.50 */
- {
- .data = {.userdata = 3, .category_mask = ACL_DENY_MASK,
- .priority = 2},
- .dst_addr = IPv4(192,168,1,50),
- .dst_mask_len = 32,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
-
-/* source IP addresses */
- /* matches all packets traveling from 10.0.0.0/8 */
- {
- .data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK,
- .priority = 2},
- .src_addr = IPv4(10,0,0,0),
- .src_mask_len = 8,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets traveling from 10.1.1.0/24 */
- {
- .data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK,
- .priority = 3},
- .src_addr = IPv4(10,1,1,0),
- .src_mask_len = 24,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets traveling from 10.1.1.1 */
- {
- .data = {.userdata = 6, .category_mask = ACL_DENY_MASK,
- .priority = 2},
- .src_addr = IPv4(10,1,1,1),
- .src_mask_len = 32,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
-
-/* VLAN tag */
- /* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */
- {
- .data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK,
- .priority = 2},
- .vlan = 0x64,
- .vlan_mask = 0x7f,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets with VLAN tags that have 0x5 in them */
- {
- .data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK,
- .priority = 2},
- .vlan = 0x5,
- .vlan_mask = 0x5,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets with VLAN tag 5 */
- {
- .data = {.userdata = 9, .category_mask = ACL_DENY_MASK,
- .priority = 3},
- .vlan = 0x5,
- .vlan_mask = 0xffff,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
-
-/* VLAN domain */
- /* matches all packets with lower 7 bytes of domain equal to 0x64 */
- {
- .data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK,
- .priority = 2},
- .domain = 0x64,
- .domain_mask = 0x7f,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets with domains that have 0x5 in them */
- {
- .data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK,
- .priority = 3},
- .domain = 0x5,
- .domain_mask = 0x5,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets with domain 5 */
- {
- .data = {.userdata = 12, .category_mask = ACL_DENY_MASK,
- .priority = 3},
- .domain = 0x5,
- .domain_mask = 0xffff,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
-
-/* destination port */
- /* matches everything with dst port 80 */
- {
- .data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK,
- .priority = 3},
- .dst_port_low = 80,
- .dst_port_high = 80,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- },
- /* matches everything with dst port 22-1023 */
- {
- .data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK,
- .priority = 2},
- .dst_port_low = 22,
- .dst_port_high = 1023,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- },
- /* matches everything with dst port 1020 */
- {
- .data = {.userdata = 15, .category_mask = ACL_DENY_MASK,
- .priority = 3},
- .dst_port_low = 1020,
- .dst_port_high = 1020,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- },
- /* matches everything with dst portrange 1000-2000 */
- {
- .data = {.userdata = 16, .category_mask = ACL_DENY_MASK,
- .priority = 2},
- .dst_port_low = 1000,
- .dst_port_high = 2000,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- },
-
-/* source port */
- /* matches everything with src port 80 */
- {
- .data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK,
- .priority = 3},
- .src_port_low = 80,
- .src_port_high = 80,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches everything with src port 22-1023 */
- {
- .data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK,
- .priority = 2},
- .src_port_low = 22,
- .src_port_high = 1023,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches everything with src port 1020 */
- {
- .data = {.userdata = 19, .category_mask = ACL_DENY_MASK,
- .priority = 3},
- .src_port_low = 1020,
- .src_port_high = 1020,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches everything with src portrange 1000-2000 */
- {
- .data = {.userdata = 20, .category_mask = ACL_DENY_MASK,
- .priority = 2},
- .src_port_low = 1000,
- .src_port_high = 2000,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
-
-/* protocol number */
- /* matches all packets with protocol number either 0x64 or 0xE4 */
- {
- .data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK,
- .priority = 2},
- .proto = 0x64,
- .proto_mask = 0x7f,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets with protocol that have 0x5 in them */
- {
- .data = {.userdata = 22, .category_mask = ACL_ALLOW_MASK,
- .priority = 2},
- .proto = 0x5,
- .proto_mask = 0x5,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
- /* matches all packets with protocol 5 */
- {
- .data = {.userdata = 23, .category_mask = ACL_DENY_MASK,
- .priority = 3},
- .proto = 0x5,
- .proto_mask = 0xff,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 0,
- .dst_port_high = 0xffff,
- },
-
-/* rules combining various fields */
- {
- .data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK,
- .priority = 4},
- /** make sure that unmasked bytes don't fail! */
- .dst_addr = IPv4(1,2,3,4),
- .dst_mask_len = 16,
- .src_addr = IPv4(5,6,7,8),
- .src_mask_len = 24,
- .proto = 0x5,
- .proto_mask = 0xff,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 22,
- .dst_port_high = 1024,
- .vlan = 0x8100,
- .vlan_mask = 0xffff,
- .domain = 0x64,
- .domain_mask = 0xffff,
- },
- {
- .data = {.userdata = 25, .category_mask = ACL_DENY_MASK,
- .priority = 4},
- .dst_addr = IPv4(5,6,7,8),
- .dst_mask_len = 24,
- .src_addr = IPv4(1,2,3,4),
- .src_mask_len = 16,
- .proto = 0x5,
- .proto_mask = 0xff,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 22,
- .dst_port_high = 1024,
- .vlan = 0x8100,
- .vlan_mask = 0xffff,
- .domain = 0x64,
- .domain_mask = 0xffff,
- },
- {
- .data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK,
- .priority = 5},
- .dst_addr = IPv4(1,2,3,4),
- .dst_mask_len = 8,
- .src_addr = IPv4(5,6,7,8),
- .src_mask_len = 32,
- .proto = 0x5,
- .proto_mask = 0xff,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 22,
- .dst_port_high = 1024,
- .vlan = 0x64,
- .vlan_mask = 0xffff,
- },
- {
- .data = {.userdata = 27, .category_mask = ACL_DENY_MASK,
- .priority = 5},
- .dst_addr = IPv4(5,6,7,8),
- .dst_mask_len = 32,
- .src_addr = IPv4(1,2,3,4),
- .src_mask_len = 8,
- .proto = 0x5,
- .proto_mask = 0xff,
- .src_port_low = 0,
- .src_port_high = 0xffff,
- .dst_port_low = 22,
- .dst_port_high = 1024,
- .vlan = 0x64,
- .vlan_mask = 0xffff,
- },
-};
-
-/* data for ACL unit test */
-struct ipv4_7tuple acl_test_data[] = {
-/* testing single rule aspects */
- {.ip_src = IPv4(10,0,0,0), .allow = 4}, /* should match 4 */
- {.ip_src = IPv4(10,1,1,2), .allow = 5}, /* should match 5 */
- {.ip_src = IPv4(10,1,1,1), .allow = 5,
- .deny = 6}, /* should match 5, 6 */
- {.ip_dst = IPv4(10,0,0,0)}, /* should not match */
- {.ip_dst = IPv4(10,1,1,2)}, /* should not match */
- {.ip_dst = IPv4(10,1,1,1)}, /* should not match */
-
- {.ip_src = IPv4(192,168,2,50)}, /* should not match */
- {.ip_src = IPv4(192,168,1,2)}, /* should not match */
- {.ip_src = IPv4(192,168,1,50)}, /* should not match */
- {.ip_dst = IPv4(192,168,2,50), .allow = 1}, /* should match 1 */
- {.ip_dst = IPv4(192,168,1,49), .allow = 2}, /* should match 2 */
- {.ip_dst = IPv4(192,168,1,50), .allow = 2,
- .deny = 3}, /* should match 2, 3 */
-
- {.vlan = 0x64, .allow = 7}, /* should match 7 */
- {.vlan = 0xfE4, .allow = 7}, /* should match 7 */
- {.vlan = 0xE2}, /* should not match */
- {.vlan = 0xD, .allow = 8}, /* should match 8 */
- {.vlan = 0x6}, /* should not match */
- {.vlan = 0x5, .allow = 8, .deny = 9}, /* should match 8, 9 */
-
- {.domain = 0x64, .allow = 10}, /* should match 10 */
- {.domain = 0xfE4, .allow = 10}, /* should match 10 */
- {.domain = 0xE2}, /* should not match */
- {.domain = 0xD, .allow = 11}, /* should match 11 */
- {.domain = 0x6}, /* should not match */
- {.domain = 0x5, .allow = 11, .deny = 12}, /* should match 11, 12 */
-
- {.port_dst = 80, .allow = 13}, /* should match 13 */
- {.port_dst = 79, .allow = 14}, /* should match 14 */
- {.port_dst = 81, .allow = 14}, /* should match 14 */
- {.port_dst = 21}, /* should not match */
- {.port_dst = 1024, .deny = 16}, /* should match 16 */
- {.port_dst = 1020, .allow = 14, .deny = 15}, /* should match 14, 15 */
-
- {.port_src = 80, .allow = 17}, /* should match 17 */
- {.port_src = 79, .allow = 18}, /* should match 18 */
- {.port_src = 81, .allow = 18}, /* should match 18 */
- {.port_src = 21}, /* should not match */
- {.port_src = 1024, .deny = 20}, /* should match 20 */
- {.port_src = 1020, .allow = 18, .deny = 19}, /* should match 18, 19 */
-
- {.proto = 0x64, .allow = 21}, /* should match 21 */
- {.proto = 0xE4, .allow = 21}, /* should match 21 */
- {.proto = 0xE2}, /* should not match */
- {.proto = 0xD, .allow = 22}, /* should match 22 */
- {.proto = 0x6}, /* should not match */
- {.proto = 0x5, .allow = 22, .deny = 23}, /* should match 22, 23 */
-
-/* testing matching multiple rules at once */
- {.vlan = 0x5, .ip_src = IPv4(10,1,1,1),
- .allow = 5, .deny = 9}, /* should match 5, 9 */
- {.vlan = 0x5, .ip_src = IPv4(192,168,2,50),
- .allow = 8, .deny = 9}, /* should match 8, 9 */
- {.vlan = 0x55, .ip_src = IPv4(192,168,1,49),
- .allow = 8}, /* should match 8 */
- {.port_dst = 80, .port_src = 1024,
- .allow = 13, .deny = 20}, /* should match 13,20 */
- {.port_dst = 79, .port_src = 1024,
- .allow = 14, .deny = 20}, /* should match 14,20 */
- {.proto = 0x5, .ip_dst = IPv4(192,168,2,50),
- .allow = 1, .deny = 23}, /* should match 1, 23 */
-
- {.proto = 0x5, .ip_dst = IPv4(192,168,1,50),
- .allow = 2, .deny = 23}, /* should match 2, 23 */
- {.vlan = 0x64, .domain = 0x5,
- .allow = 11, .deny = 12}, /* should match 11, 12 */
- {.proto = 0x5, .port_src = 80,
- .allow = 17, .deny = 23}, /* should match 17, 23 */
- {.proto = 0x5, .port_dst = 80,
- .allow = 13, .deny = 23}, /* should match 13, 23 */
- {.proto = 0x51, .port_src = 5000}, /* should not match */
- {.ip_src = IPv4(192,168,1,50),
- .ip_dst = IPv4(10,0,0,0),
- .proto = 0x51,
- .port_src = 5000,
- .port_dst = 5000}, /* should not match */
-
-/* test full packet rules */
- {
- .ip_dst = IPv4(1,2,100,200),
- .ip_src = IPv4(5,6,7,254),
- .proto = 0x5,
- .vlan = 0x8100,
- .domain = 0x64,
- .port_src = 12345,
- .port_dst = 80,
- .allow = 24,
- .deny = 23
- }, /* should match 23, 24 */
- {
- .ip_dst = IPv4(5,6,7,254),
- .ip_src = IPv4(1,2,100,200),
- .proto = 0x5,
- .vlan = 0x8100,
- .domain = 0x64,
- .port_src = 12345,
- .port_dst = 80,
- .allow = 13,
- .deny = 25
- }, /* should match 13, 25 */
- {
- .ip_dst = IPv4(1,10,20,30),
- .ip_src = IPv4(5,6,7,8),
- .proto = 0x5,
- .vlan = 0x64,
- .port_src = 12345,
- .port_dst = 80,
- .allow = 26,
- .deny = 23
- }, /* should match 23, 26 */
- {
- .ip_dst = IPv4(5,6,7,8),
- .ip_src = IPv4(1,10,20,30),
- .proto = 0x5,
- .vlan = 0x64,
- .port_src = 12345,
- .port_dst = 80,
- .allow = 13,
- .deny = 27
- }, /* should match 13, 27 */
- {
- .ip_dst = IPv4(2,2,3,4),
- .ip_src = IPv4(4,6,7,8),
- .proto = 0x5,
- .vlan = 0x64,
- .port_src = 12345,
- .port_dst = 80,
- .allow = 13,
- .deny = 23
- }, /* should match 13, 23 */
- {
- .ip_dst = IPv4(1,2,3,4),
- .ip_src = IPv4(4,6,7,8),
- .proto = 0x5,
- .vlan = 0x64,
- .port_src = 12345,
- .port_dst = 80,
- .allow = 13,
- .deny = 23
- }, /* should match 13, 23 */
-
-
-/* visual separator! */
- {
- .ip_dst = IPv4(1,2,100,200),
- .ip_src = IPv4(5,6,7,254),
- .proto = 0x55,
- .vlan = 0x8000,
- .domain = 0x6464,
- .port_src = 12345,
- .port_dst = 8080,
- .allow = 10
- }, /* should match 10 */
- {
- .ip_dst = IPv4(5,6,7,254),
- .ip_src = IPv4(1,2,100,200),
- .proto = 0x55,
- .vlan = 0x8100,
- .domain = 0x6464,
- .port_src = 12345,
- .port_dst = 180,
- .allow = 10
- }, /* should match 10 */
- {
- .ip_dst = IPv4(1,10,20,30),
- .ip_src = IPv4(5,6,7,8),
- .proto = 0x55,
- .vlan = 0x64,
- .port_src = 12345,
- .port_dst = 180,
- .allow = 7
- }, /* should match 7 */
- {
- .ip_dst = IPv4(5,6,7,8),
- .ip_src = IPv4(1,10,20,30),
- .proto = 0x55,
- .vlan = 0x64,
- .port_src = 12345,
- .port_dst = 180,
- .allow = 7
- }, /* should match 7 */
- {
- .ip_dst = IPv4(2,2,3,4),
- .ip_src = IPv4(4,6,7,8),
- .proto = 0x55,
- .vlan = 0x64,
- .port_src = 12345,
- .port_dst = 180,
- .allow = 7
- }, /* should match 7 */
- {
- .ip_dst = IPv4(1,2,3,4),
- .ip_src = IPv4(4,6,7,8),
- .proto = 0x50,
- .vlan = 0x6466,
- .port_src = 12345,
- .port_dst = 12345,
- }, /* should not match */
-};
-
-#endif /* TEST_PMAC_ACL_H_ */
DIRS-$(CONFIG_RTE_LIBRTE_POWER) += librte_power
DIRS-$(CONFIG_RTE_LIBRTE_METER) += librte_meter
DIRS-$(CONFIG_RTE_LIBRTE_SCHED) += librte_sched
-DIRS-$(CONFIG_RTE_LIBRTE_PMAC) += librte_pmac
+DIRS-$(CONFIG_RTE_LIBRTE_ACL) += librte_acl
ifeq ($(CONFIG_RTE_EXEC_ENV_LINUXAPP),y)
DIRS-$(CONFIG_RTE_LIBRTE_KNI) += librte_kni
#define RTE_LOGTYPE_HASH 0x00000040 /**< Log related to hash table. */
#define RTE_LOGTYPE_LPM 0x00000080 /**< Log related to LPM. */
#define RTE_LOGTYPE_KNI 0x00000100 /**< Log related to KNI. */
-#define RTE_LOGTYPE_PMAC 0x00000200 /**< Log related to PMAC. */
+#define RTE_LOGTYPE_ACL 0x00000200 /**< Log related to ACL. */
#define RTE_LOGTYPE_POWER 0x00000400 /**< Log related to power. */
#define RTE_LOGTYPE_METER 0x00000800 /**< Log related to QoS meter. */
#define RTE_LOGTYPE_SCHED 0x00001000 /**< Log related to QoS port scheduler. */
LDLIBS += -lrte_power
endif
-ifeq ($(CONFIG_RTE_LIBRTE_PMAC),y)
-LDLIBS += -lrte_pmac
+ifeq ($(CONFIG_RTE_LIBRTE_ACL),y)
+LDLIBS += -lrte_acl
endif
ifeq ($(CONFIG_RTE_LIBRTE_METER),y)
git.droids-corp.org / dpdk.git / commitdiff