2 // Copyright (c) 2017 Intel Corporation
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
19 * Pipeline ACL FE Implementation.
21 * Implementation of the Pipeline ACL Front End (FE).
22 * Runs on the Master pipeline, responsible for CLI commands.
30 #include <sys/queue.h>
31 #include <netinet/in.h>
33 #include <rte_common.h>
34 #include <rte_hexdump.h>
35 #include <rte_malloc.h>
36 #include <cmdline_rdline.h>
37 #include <cmdline_parse.h>
38 #include <cmdline_parse_num.h>
39 #include <cmdline_parse_string.h>
40 #include <cmdline_parse_ipaddr.h>
41 #include <cmdline_parse_etheraddr.h>
42 #include <cmdline_socket.h>
44 #include <rte_table_acl.h>
47 #include "pipeline_common_fe.h"
48 #include "pipeline_acl.h"
49 #include "pipeline_acl_be.h"
50 #include "rte_cnxn_tracking.h"
53 * A structure defining the ACL rule for the TAILQ Tables.
55 struct app_pipeline_acl_rule {
56 struct pipeline_acl_key key;
63 TAILQ_ENTRY(app_pipeline_acl_rule) node;
67 * A structure defining the ACL pipeline front end data.
69 struct app_pipeline_acl {
77 * Define a structure to calculate performance measurements for ACL.
78 * ACL continually updates counters for total number of packets
79 * processed, and total number of bytes processed. Each ACL backend thread
80 * i.e. the packet processing instances updates their own copy of these counters
81 * An optional, 1 second periodic timer fires on the master core, which combines
82 * those numbers to perform byte and packet per second calculations, without
83 * burdening the packet processors.
85 #define RTE_ACL_PERF_MSR_BUFF_SIZE 8 /* must be power of 2 */
86 #define RTE_ACL_PERF_MSR_BUFF_SIZE_MASK (RTE_ACL_PERF_MSR_BUFF_SIZE - 1)
89 * A structure defining the ACL performance measurements.
91 struct rte_acl_performance_measures_t {
92 /* two circular buffers */
93 uint64_t total_packets[RTE_ACL_PERF_MSR_BUFF_SIZE];
94 uint64_t total_bytes[RTE_ACL_PERF_MSR_BUFF_SIZE];
95 uint32_t bytes_last_second;
96 uint32_t ave_bytes_per_second;
97 uint32_t pkts_last_second;
98 uint32_t ave_pkts_per_second;
99 uint64_t total_entries;
100 /* times data has been (over-)written into buffers */
101 uint8_t current_index; /* for circular buffers */
104 struct rte_acl_performance_measures_t rte_acl_performance_measures;
107 * Active and Standby Tables
108 * Active and standby tables exist to allow modifying ACL rules and
109 * actions and having no impact on the packet processing running on
110 * the multiple ACL threads/pipelines. The packet processing does a
111 * lookup on the active tables. Each ACL thread/pipeline runs on
112 * a separate core (i.e. 2,3,4, etc).
114 * All CLI actions run on the ACL Front End (FE) code on Core 0.
115 * All changes, adding/delete rules and action occurs on the standby tables.
116 * In activate the changes in the standby table, the CLI command is entered:
119 * The standby tables become active. The active table becomes the standby.
120 * The new standby table gets updated with the changes that were done.
122 * Table descriptions:
123 * ACL Rule Tables TAILQ - 2 global tables active/standby per ipv4,ipv6
124 * The TAILQ tables are required for the LS CLI command and in order
125 * to do a lookup using a rule when adding or deleting a rule.
126 * The ACL TRIE tables in DPDK do not allow this type of listing or lookup.
128 * ACL Rule Tables TRIE - 2 global tables active/standby per ipv4, ipv6
129 * The TRIE tables are the tables used during packet processing.
130 * A bulk lookup can be performed by passing in a burst of packets.
131 * Unfortunately, the current implementation of the TRIE tables does
132 * not allow lookup using a rule. Hence the need for the TAILQ tables.
134 * ACL Action Tables ARRAY - 2 global tables active/standby
135 * The action tables stores the ACL actions.
136 * Every rule has an action id which defines what action to take
137 * when a packet matching that rule is received.
138 * Actions: accept, drop, fwd, count, nat, dscp, conntrack
140 * Command Table TAILQ - 1 table
141 * After the active and standby tables are swithover, the new standby
142 * table needs to be updated with all the changes that were done.
143 * This table stores all the add and delete commands and updates
144 * the new standby table when the applyruleset command executes.
146 * The active and standby tables can be displayed individually:
147 * p acl ls 0 <== active ACL rules
148 * p acl ls 1 <== standby ACL rules
149 * p action ls 0 <== active ACL actions
150 * p action ls 1 <== standby ACL actions
153 /* Only create global ACL tables once */
154 int acl_rule_table_created;
157 * ACL Rule Tables TAILQ - see description above
158 * Two tables/counters are required for active and standby.
159 * The A and B tables/counters are the actual instances.
160 * The pointers are set to point to these tables/counters.
161 * The pointers are updated during the switchover for the applyruleset.
164 /* Definition of the the TAILQ table */
165 TAILQ_HEAD(app_pipeline_acl_rule_type, app_pipeline_acl_rule);
166 /* Instances of tables and counters */
167 struct app_pipeline_acl_rule_type acl_tailq_rules_ipv4a;
168 struct app_pipeline_acl_rule_type acl_tailq_rules_ipv4b;
169 struct app_pipeline_acl_rule_type acl_tailq_rules_ipv6a;
170 struct app_pipeline_acl_rule_type acl_tailq_rules_ipv6b;
171 uint32_t acl_n_tailq_rules_ipv4a;
172 uint32_t acl_n_tailq_rules_ipv6a;
173 uint32_t acl_n_tailq_rules_ipv4b;
174 uint32_t acl_n_tailq_rules_ipv6b;
175 /* Pointers to tables and counters for switchover in applyruleset */
176 struct app_pipeline_acl_rule_type *acl_tailq_rules_ipv4_active;
177 struct app_pipeline_acl_rule_type *acl_tailq_rules_ipv4_standby;
178 struct app_pipeline_acl_rule_type *acl_tailq_rules_ipv6_active;
179 struct app_pipeline_acl_rule_type *acl_tailq_rules_ipv6_standby;
180 struct app_pipeline_acl_rule_type *acl_tailq_rules_temp_ptr;
181 uint32_t *acl_n_tailq_rules_ipv4_active;
182 uint32_t *acl_n_tailq_rules_ipv4_standby;
183 uint32_t *acl_n_tailq_rules_ipv6_active;
184 uint32_t *acl_n_tailq_rules_ipv6_standby;
186 /* ACL commands to update new standby tables after switchover */
187 TAILQ_HEAD(, app_pipeline_acl_rule) acl_commands;
189 /* ACL IPV4 and IPV6 enable flags for debugging (Default both on) */
190 int acl_ipv4_enabled = 1;
191 int acl_ipv6_enabled = 1;
193 /* Number of ACL Rules, default 4 * 1024 */
194 uint32_t acl_n_rules = 4 * 1024;
195 /* ACL Rule Table TRIE - 2 (Active, Standby) Global table per ipv4, ipv6 */
196 void *acl_rule_table_ipv4_active;
197 void *acl_rule_table_ipv4_standby;
198 void *acl_rule_table_ipv6_active;
199 void *acl_rule_table_ipv6_standby;
202 * Reset running averages for performance measurements.
205 static void rte_acl_reset_running_averages(void)
207 memset(&rte_acl_performance_measures, 0,
208 sizeof(rte_acl_performance_measures));
212 * Compute performance calculations on master to reduce computing on
216 * Total bytes processed during this interval.
217 * @param total_packets
218 * Total packets processed during this interval.
221 static void rte_acl_update_performance_measures(uint64_t total_bytes,
222 uint64_t total_packets)
225 struct rte_acl_performance_measures_t *pm =
226 &rte_acl_performance_measures;
228 if (unlikely(pm->total_entries == 0 && total_packets == 0))
229 /* the timer is running, but no traffic started yet, so do nothing */
232 if (likely(pm->total_entries > 0)) {
233 uint8_t oldest_index;
236 pm->bytes_last_second =
237 total_bytes - pm->total_bytes[pm->current_index];
238 pm->pkts_last_second =
239 total_packets - pm->total_packets[pm->current_index];
241 /* if total_entries zero, current_index must remain as zero */
243 (pm->current_index + 1) & RTE_ACL_PERF_MSR_BUFF_SIZE_MASK;
245 if (unlikely(pm->total_entries <= RTE_ACL_PERF_MSR_BUFF_SIZE)) {
246 /* oldest value is at element 0 */
248 divisor = pm->total_entries;
249 /* note, prior to incrementing total_entries */
251 /* oldest value is at element about to be overwritten */
252 oldest_index = pm->current_index;
253 divisor = RTE_ACL_PERF_MSR_BUFF_SIZE;
256 pm->ave_bytes_per_second =
257 (total_bytes - pm->total_bytes[oldest_index]) / divisor;
258 pm->ave_pkts_per_second =
259 (total_packets - pm->total_packets[oldest_index]) / divisor;
262 pm->total_bytes[pm->current_index] = total_bytes;
263 pm->total_packets[pm->current_index] = total_packets;
268 * Combine data from all acl+connection tracking instances.
269 * Calculate various statistics. Dump to console.
272 static void rte_acl_sum_and_print_counters(void)
275 struct rte_ACL_counter_block acl_counter_sums;
276 struct rte_CT_counter_block ct_counter_sums;
277 /* For ct instance with this fw instance */
278 struct rte_CT_counter_block *ct_counters;
280 memset(&acl_counter_sums, 0, sizeof(acl_counter_sums));
281 memset(&ct_counter_sums, 0, sizeof(ct_counter_sums));
283 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
284 struct rte_ACL_counter_block *acl_ctrs =
285 &rte_acl_counter_table[i];
286 ct_counters = rte_acl_counter_table[i].ct_counters;
289 ("{\"ACL counters\" : {\"id\" : \"%s\", \"packets_processed\" : %"
290 PRIu64 ", \"bytes_processed\" : %" PRIu64
291 ", \"ct_packets_forwarded\" : %" PRIu64
292 ", \"ct_packets_dropped\" : %" PRIu64 "}}\n",
293 acl_ctrs->name, acl_ctrs->tpkts_processed,
294 acl_ctrs->bytes_processed, ct_counters->pkts_forwarded,
295 ct_counters->pkts_drop);
297 /* sum ACL counters */
298 acl_counter_sums.tpkts_processed += acl_ctrs->tpkts_processed;
299 acl_counter_sums.bytes_processed += acl_ctrs->bytes_processed;
300 acl_counter_sums.pkts_drop += acl_ctrs->pkts_drop;
301 acl_counter_sums.pkts_received += acl_ctrs->pkts_received;
302 acl_counter_sums.pkts_drop_ttl += acl_ctrs->pkts_drop_ttl;
303 acl_counter_sums.pkts_drop_bad_size +=
304 acl_ctrs->pkts_drop_bad_size;
305 acl_counter_sums.pkts_drop_fragmented +=
306 acl_ctrs->pkts_drop_fragmented;
307 acl_counter_sums.pkts_drop_without_arp_entry +=
308 acl_ctrs->pkts_drop_without_arp_entry;
309 acl_counter_sums.sum_latencies += acl_ctrs->sum_latencies;
310 acl_counter_sums.count_latencies += acl_ctrs->count_latencies;
312 /* sum cnxn tracking counters */
313 ct_counter_sums.current_active_sessions +=
314 ct_counters->current_active_sessions;
315 ct_counter_sums.sessions_activated +=
316 ct_counters->sessions_activated;
317 ct_counter_sums.sessions_closed += ct_counters->sessions_closed;
318 ct_counter_sums.sessions_timedout +=
319 ct_counters->sessions_timedout;
320 ct_counter_sums.pkts_forwarded += ct_counters->pkts_forwarded;
321 ct_counter_sums.pkts_drop += ct_counters->pkts_drop;
322 ct_counter_sums.pkts_drop_invalid_conn +=
323 ct_counters->pkts_drop_invalid_conn;
324 ct_counter_sums.pkts_drop_invalid_state +=
325 ct_counters->pkts_drop_invalid_state;
326 ct_counter_sums.pkts_drop_invalid_rst +=
327 ct_counters->pkts_drop_invalid_rst;
328 ct_counter_sums.pkts_drop_outof_window +=
329 ct_counters->pkts_drop_outof_window;
332 rte_acl_update_performance_measures(acl_counter_sums.bytes_processed,
333 acl_counter_sums.tpkts_processed);
334 uint64_t average_latency =
335 acl_counter_sums.count_latencies ==
336 0 ? 0 : acl_counter_sums.sum_latencies /
337 acl_counter_sums.count_latencies;
339 printf("{\"ACL sum counters\" : {"
340 "\"packets_last_sec\" : %" PRIu32
341 ", \"average_packets_per_sec\" : %" PRIu32
342 ", \"bytes_last_sec\" : %" PRIu32
343 ", \"average_bytes_per_sec\" : %" PRIu32
344 ", \"packets_processed\" : %" PRIu64 ", \"bytes_processed\" : %"
345 PRIu64 ", \"average_latency_in_clocks\" : %" PRIu64
346 ", \"ct_packets_forwarded\" : %" PRIu64
347 ", \"ct_packets_dropped\" : %" PRIu64 ", \"drops\" : {"
348 "\"TTL_zero\" : %" PRIu64 ", \"bad_size\" : %" PRIu64
349 ", \"fragmented_packet\" : %" PRIu64 ", \"no_arp_entry\" : %"
350 PRIu64 "}, \"ct_sessions\" : {" "\"active\" : %" PRIu64
351 ", \"open\" : %" PRIu64 ", \"closed\" : %" PRIu64
352 ", \"timeout\" : %" PRIu64 "}, \"ct_drops\" : {"
353 "\"out_of_window\" : %" PRIu64 ", \"invalid_conn\" : %" PRIu64
354 ", \"invalid_state_transition\" : %" PRIu64 " \"RST\" : %" PRIu64
355 "}}}\n", rte_acl_performance_measures.pkts_last_second,
356 rte_acl_performance_measures.ave_pkts_per_second,
357 rte_acl_performance_measures.bytes_last_second,
358 rte_acl_performance_measures.ave_bytes_per_second,
359 acl_counter_sums.tpkts_processed,
360 acl_counter_sums.bytes_processed, average_latency,
361 ct_counter_sums.pkts_forwarded, ct_counter_sums.pkts_drop,
362 acl_counter_sums.pkts_drop_ttl,
363 acl_counter_sums.pkts_drop_bad_size,
364 acl_counter_sums.pkts_drop_fragmented,
365 acl_counter_sums.pkts_drop_without_arp_entry,
366 ct_counter_sums.current_active_sessions,
367 ct_counter_sums.sessions_activated,
368 ct_counter_sums.sessions_closed,
369 ct_counter_sums.sessions_timedout,
370 ct_counter_sums.pkts_drop_outof_window,
371 ct_counter_sums.pkts_drop_invalid_conn,
372 ct_counter_sums.pkts_drop_invalid_state,
373 ct_counter_sums.pkts_drop_invalid_rst);
378 * Callback routine for 1 second, periodic timer.
381 * A pointer to the rte_timer.
383 * A pointer to application specific arguments (not used).
386 * 0 on success and port_id is filled, negative on error.
388 void rte_dump_acl_counters_from_master(struct rte_timer *rt, void *arg)
390 rte_acl_sum_and_print_counters();
393 int rte_acl_hertz_computed; /* only launch timer once */
394 uint64_t rte_acl_ticks_in_one_second;
395 /* TODO: is processor hertz computed/stored elsewhere? */
396 struct rte_timer rte_acl_one_second_timer = RTE_TIMER_INITIALIZER;
402 * A pointer to the rule.
405 static void print_acl_ipv4_rule(struct app_pipeline_acl_rule *rule)
407 printf("Prio = %" PRId32 " (SA = %" PRIu32 ".%" PRIu32
408 ".%" PRIu32 ".%" PRIu32 "/%" PRIu32 ", DA = %"
410 ".%" PRIu32 ".%" PRIu32 "/%" PRIu32 ", SP = %"
411 PRIu32 "-%" PRIu32 ", DP = %"
412 PRIu32 "-%" PRIu32 ", Proto = %"
413 PRIu32 " / 0x%" PRIx32 ") => Action ID = %"
414 PRIu32 " (entry ptr = %p)\n",
416 (rule->key.key.ipv4_5tuple.src_ip >> 24) & 0xFF,
417 (rule->key.key.ipv4_5tuple.src_ip >> 16) & 0xFF,
418 (rule->key.key.ipv4_5tuple.src_ip >> 8) & 0xFF,
419 rule->key.key.ipv4_5tuple.src_ip & 0xFF,
420 rule->key.key.ipv4_5tuple.src_ip_mask,
421 (rule->key.key.ipv4_5tuple.dst_ip >> 24) & 0xFF,
422 (rule->key.key.ipv4_5tuple.dst_ip >> 16) & 0xFF,
423 (rule->key.key.ipv4_5tuple.dst_ip >> 8) & 0xFF,
424 rule->key.key.ipv4_5tuple.dst_ip & 0xFF,
425 rule->key.key.ipv4_5tuple.dst_ip_mask,
426 rule->key.key.ipv4_5tuple.src_port_from,
427 rule->key.key.ipv4_5tuple.src_port_to,
428 rule->key.key.ipv4_5tuple.dst_port_from,
429 rule->key.key.ipv4_5tuple.dst_port_to,
430 rule->key.key.ipv4_5tuple.proto,
431 rule->key.key.ipv4_5tuple.proto_mask,
432 rule->action_id, rule->entry_ptr);
439 * A pointer to the rule.
442 static void print_acl_ipv6_rule(struct app_pipeline_acl_rule *rule)
444 printf("Prio = %" PRId32 " (SA = %02" PRIx8 "%02" PRIx8
445 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8
446 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8
447 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8
448 ":%02" PRIx8 "%02" PRIx8 "/" "%" PRIu32 ", DA = %02"
449 PRIx8 "%02" PRIx8 ":%02" PRIx8
450 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8
451 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8
452 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8
453 "%02" PRIx8 "/" "%" PRIu32
454 ", " "SP = %" PRIu32 "-%" PRIu32 ", DP = %"
455 PRIu32 "-%" PRIu32 ", Proto = %"
456 PRIu32 " / 0x%" PRIx32 ") => Action ID = %"
457 PRIu32 " (entry ptr = %p)\n", rule->priority,
458 (rule->key.key.ipv6_5tuple.src_ip[0]),
459 (rule->key.key.ipv6_5tuple.src_ip[1]),
460 (rule->key.key.ipv6_5tuple.src_ip[2]),
461 (rule->key.key.ipv6_5tuple.src_ip[3]),
462 (rule->key.key.ipv6_5tuple.src_ip[4]),
463 (rule->key.key.ipv6_5tuple.src_ip[5]),
464 (rule->key.key.ipv6_5tuple.src_ip[6]),
465 (rule->key.key.ipv6_5tuple.src_ip[7]),
466 (rule->key.key.ipv6_5tuple.src_ip[8]),
467 (rule->key.key.ipv6_5tuple.src_ip[9]),
468 (rule->key.key.ipv6_5tuple.src_ip[10]),
469 (rule->key.key.ipv6_5tuple.src_ip[11]),
470 (rule->key.key.ipv6_5tuple.src_ip[12]),
471 (rule->key.key.ipv6_5tuple.src_ip[13]),
472 (rule->key.key.ipv6_5tuple.src_ip[14]),
473 (rule->key.key.ipv6_5tuple.src_ip[15]),
474 rule->key.key.ipv6_5tuple.src_ip_mask,
475 (rule->key.key.ipv6_5tuple.dst_ip[0]),
476 (rule->key.key.ipv6_5tuple.dst_ip[1]),
477 (rule->key.key.ipv6_5tuple.dst_ip[2]),
478 (rule->key.key.ipv6_5tuple.dst_ip[3]),
479 (rule->key.key.ipv6_5tuple.dst_ip[4]),
480 (rule->key.key.ipv6_5tuple.dst_ip[5]),
481 (rule->key.key.ipv6_5tuple.dst_ip[6]),
482 (rule->key.key.ipv6_5tuple.dst_ip[7]),
483 (rule->key.key.ipv6_5tuple.dst_ip[8]),
484 (rule->key.key.ipv6_5tuple.dst_ip[9]),
485 (rule->key.key.ipv6_5tuple.dst_ip[10]),
486 (rule->key.key.ipv6_5tuple.dst_ip[11]),
487 (rule->key.key.ipv6_5tuple.dst_ip[12]),
488 (rule->key.key.ipv6_5tuple.dst_ip[13]),
489 (rule->key.key.ipv6_5tuple.dst_ip[14]),
490 (rule->key.key.ipv6_5tuple.dst_ip[15]),
491 rule->key.key.ipv6_5tuple.dst_ip_mask,
492 rule->key.key.ipv6_5tuple.src_port_from,
493 rule->key.key.ipv6_5tuple.src_port_to,
494 rule->key.key.ipv6_5tuple.dst_port_from,
495 rule->key.key.ipv6_5tuple.dst_port_to,
496 rule->key.key.ipv6_5tuple.proto,
497 rule->key.key.ipv6_5tuple.proto_mask, rule->action_id,
503 * This function is used by the add and delete rule functions.
504 * Since all updates are done on the standby tables,
505 * only search the standby tables.
506 * Both IPv4 and IPv6 rules can be searched
509 * A pointer to the rule to be found.
512 * - Pointer to the rule found.
513 * - NULL if no rule found.
515 static struct app_pipeline_acl_rule *app_pipeline_acl_rule_find(struct
520 * This function is used by the add and delete rule functions.
521 * Since all updates are done on the standby tables,
522 * only search the standby tables.
525 struct app_pipeline_acl_rule *r;
527 if (key->type == PIPELINE_ACL_IPV4_5TUPLE) {
528 TAILQ_FOREACH(r, acl_tailq_rules_ipv4_standby, node)
530 &r->key, sizeof(struct pipeline_acl_key)) == 0)
533 TAILQ_FOREACH(r, acl_tailq_rules_ipv6_standby, node)
535 &r->key, sizeof(struct pipeline_acl_key)) == 0)
543 * Display ACL Rules to the console.
544 * Rules from Active and standby tables can be dispayed.
545 * Both IPv4 and IPv6 will be displayed.
548 * A pointer to application specific data.
549 * @param active_standby_table
550 * Specifies which table to display:
551 * - active_rule_table (0)
552 * - standby_rule_table (1)
556 app_pipeline_acl_ls(struct app_params *app, uint32_t active_standby_table)
558 struct app_pipeline_acl_rule *rule;
562 if (active_standby_table == active_rule_table) {
563 n_rules = *acl_n_tailq_rules_ipv4_active;
565 printf("ACL Active Table IPV4 Rules\n");
566 for (priority = 0; n_rules; priority++)
567 TAILQ_FOREACH(rule, acl_tailq_rules_ipv4_active, node)
568 if (rule->priority == priority) {
569 print_acl_ipv4_rule(rule);
573 n_rules = *acl_n_tailq_rules_ipv6_active;
575 printf("ACL Active Table IPV6 Rules\n");
576 for (priority = 0; n_rules; priority++)
577 TAILQ_FOREACH(rule, acl_tailq_rules_ipv6_active, node)
578 if (rule->priority == priority) {
579 print_acl_ipv6_rule(rule);
583 n_rules = *acl_n_tailq_rules_ipv4_standby;
585 printf("ACL Standby Table IPV4 Rules\n");
586 for (priority = 0; n_rules; priority++)
587 TAILQ_FOREACH(rule, acl_tailq_rules_ipv4_standby, node)
588 if (rule->priority == priority) {
589 print_acl_ipv4_rule(rule);
593 n_rules = *acl_n_tailq_rules_ipv6_standby;
595 printf("ACL Standby Table IPV6a Rules\n");
596 for (priority = 0; n_rules; priority++)
597 TAILQ_FOREACH(rule, acl_tailq_rules_ipv6_standby, node)
598 if (rule->priority == priority) {
599 print_acl_ipv6_rule(rule);
607 * Initialize ACL pipeline Front End (FE).
610 * A pointer to pipeline parameters
612 * A pointer to pipeline specific data (not used).
615 * - A pointer to the pipeline FE
616 * - NULL if initialization failed.
618 static void *app_pipeline_acl_init(struct pipeline_params *params,
619 __rte_unused void *arg)
621 struct app_pipeline_acl *p;
624 /* Check input arguments */
625 if ((params == NULL) ||
626 (params->n_ports_in == 0) || (params->n_ports_out == 0))
629 /* Memory allocation */
630 size = RTE_CACHE_LINE_ROUNDUP(sizeof(struct app_pipeline_acl));
631 p = rte_zmalloc(NULL, size, RTE_CACHE_LINE_SIZE);
636 p->n_ports_in = params->n_ports_in;
637 p->n_ports_out = params->n_ports_out;
639 if (!acl_rule_table_created) {
640 /* Only create and init once when first ACL pipeline/thread comes up */
642 /* Init tailq tables */
643 TAILQ_INIT(&acl_tailq_rules_ipv4a);
644 acl_n_tailq_rules_ipv4a = 0;
645 TAILQ_INIT(&acl_tailq_rules_ipv4b);
646 acl_n_tailq_rules_ipv4b = 0;
647 TAILQ_INIT(&acl_tailq_rules_ipv6a);
648 acl_n_tailq_rules_ipv6a = 0;
649 TAILQ_INIT(&acl_tailq_rules_ipv6b);
650 acl_n_tailq_rules_ipv6b = 0;
651 TAILQ_INIT(&acl_commands);
652 acl_tailq_rules_ipv4_active = &acl_tailq_rules_ipv4a;
653 acl_tailq_rules_ipv4_standby = &acl_tailq_rules_ipv4b;
654 acl_tailq_rules_ipv6_active = &acl_tailq_rules_ipv6a;
655 acl_tailq_rules_ipv6_standby = &acl_tailq_rules_ipv6b;
656 acl_n_tailq_rules_ipv4_active = &acl_n_tailq_rules_ipv4a;
657 acl_n_tailq_rules_ipv4_standby = &acl_n_tailq_rules_ipv4b;
658 acl_n_tailq_rules_ipv6_active = &acl_n_tailq_rules_ipv6a;
659 acl_n_tailq_rules_ipv6_standby = &acl_n_tailq_rules_ipv6b;
661 /* Both IPV4 and IPV6 enabled by default */
662 acl_ipv4_enabled = 1;
663 acl_ipv6_enabled = 1;
665 printf("ACL FE Init Create ACL Tables acl_n_rules = %i\n",
668 /* Init Action Array and Counter Table */
670 RTE_CACHE_LINE_ROUNDUP(sizeof(struct pipeline_action_key) *
673 rte_zmalloc(NULL, action_array_size, RTE_CACHE_LINE_SIZE);
674 if (action_array_a == NULL)
677 rte_zmalloc(NULL, action_array_size, RTE_CACHE_LINE_SIZE);
678 if (action_array_b == NULL)
680 memset(action_array_a, 0, action_array_size);
681 memset(action_array_b, 0, action_array_size);
682 action_array_active = action_array_a;
683 action_array_standby = action_array_b;
684 memset(&action_counter_table, 0, sizeof(action_counter_table));
686 acl_rule_table_created = 1;
689 if (!rte_acl_hertz_computed) {
690 /* all initialization serialized on core 0, so no need for lock */
691 rte_acl_ticks_in_one_second = rte_get_tsc_hz();
692 rte_acl_hertz_computed = 1;
699 * Free ACL pipeline resources.
702 * A pointer to the pipeline to delete.
705 * 0 on success, negative on error.
707 static int app_pipeline_acl_free(void *pipeline)
709 struct app_pipeline_acl *p = pipeline;
711 /* Check input arguments */
716 /* Ignore Klockwork infinite loop issues for all while loops */
717 while (!TAILQ_EMPTY(&acl_tailq_rules_ipv4a)) {
718 struct app_pipeline_acl_rule *rule;
720 rule = TAILQ_FIRST(&acl_tailq_rules_ipv4a);
721 TAILQ_REMOVE(&acl_tailq_rules_ipv4a, rule, node);
724 while (!TAILQ_EMPTY(&acl_tailq_rules_ipv4b)) {
725 struct app_pipeline_acl_rule *rule;
727 rule = TAILQ_FIRST(&acl_tailq_rules_ipv4b);
728 TAILQ_REMOVE(&acl_tailq_rules_ipv4b, rule, node);
731 while (!TAILQ_EMPTY(&acl_tailq_rules_ipv6a)) {
732 struct app_pipeline_acl_rule *rule;
734 rule = TAILQ_FIRST(&acl_tailq_rules_ipv6a);
735 TAILQ_REMOVE(&acl_tailq_rules_ipv6a, rule, node);
738 while (!TAILQ_EMPTY(&acl_tailq_rules_ipv6b)) {
739 struct app_pipeline_acl_rule *rule;
741 rule = TAILQ_FIRST(&acl_tailq_rules_ipv6b);
742 TAILQ_REMOVE(&acl_tailq_rules_ipv6b, rule, node);
745 while (!TAILQ_EMPTY(&acl_commands)) {
746 struct app_pipeline_acl_rule *command;
748 command = TAILQ_FIRST(&acl_commands);
749 TAILQ_REMOVE(&acl_commands, command, node);
752 rte_free(action_array_a);
753 rte_free(action_array_b);
759 * Verify that the ACL rule is valid.
760 * Both IPv4 and IPv6 rules
763 * A pointer to the ACL rule to verify.
766 * 0 on success, negative on error.
769 app_pipeline_acl_key_check_and_normalize(struct pipeline_acl_key *key)
772 case PIPELINE_ACL_IPV4_5TUPLE:
774 uint32_t src_ip_depth =
775 key->key.ipv4_5tuple.src_ip_mask;
776 uint32_t dst_ip_depth =
777 key->key.ipv4_5tuple.dst_ip_mask;
778 uint16_t src_port_from =
779 key->key.ipv4_5tuple.src_port_from;
780 uint16_t src_port_to = key->key.ipv4_5tuple.src_port_to;
781 uint16_t dst_port_from =
782 key->key.ipv4_5tuple.dst_port_from;
783 uint16_t dst_port_to = key->key.ipv4_5tuple.dst_port_to;
785 uint32_t src_ip_netmask = 0;
786 uint32_t dst_ip_netmask = 0;
788 if ((src_ip_depth > 32) ||
789 (dst_ip_depth > 32) ||
790 (src_port_from > src_port_to) ||
791 (dst_port_from > dst_port_to))
795 src_ip_netmask = (~0) << (32 - src_ip_depth);
798 dst_ip_netmask = ((~0) << (32 - dst_ip_depth));
800 key->key.ipv4_5tuple.src_ip &= src_ip_netmask;
801 key->key.ipv4_5tuple.dst_ip &= dst_ip_netmask;
805 case PIPELINE_ACL_IPV6_5TUPLE:
807 uint32_t src_ip_depth =
808 key->key.ipv6_5tuple.src_ip_mask;
809 uint32_t dst_ip_depth =
810 key->key.ipv6_5tuple.dst_ip_mask;
811 uint16_t src_port_from =
812 key->key.ipv6_5tuple.src_port_from;
813 uint16_t src_port_to = key->key.ipv6_5tuple.src_port_to;
814 uint16_t dst_port_from =
815 key->key.ipv6_5tuple.dst_port_from;
816 uint16_t dst_port_to = key->key.ipv6_5tuple.dst_port_to;
817 uint8_t src_ip_netmask[16];
818 uint8_t dst_ip_netmask[16];
821 convert_prefixlen_to_netmask_ipv6(src_ip_depth,
823 convert_prefixlen_to_netmask_ipv6(dst_ip_depth,
825 for (i = 0; i < 16; i++) {
826 key->key.ipv6_5tuple.src_ip[i] &=
828 key->key.ipv6_5tuple.dst_ip[i] &=
840 * Add ACL rule to the ACL rule table.
841 * Rules are added standby table.
842 * Applyruleset command will activate the change.
843 * Both IPv4 and IPv6 rules can be added.
846 * A pointer to the ACL pipeline parameters.
848 * A pointer to the ACL rule to add.
850 * Priority of the ACL rule.
852 * Port ID of the ACL rule.
854 * Action ID of the ACL rule. Defined in Action Table.
857 * 0 on success, negative on error.
860 app_pipeline_acl_add_rule(struct app_params *app,
861 struct pipeline_acl_key *key,
863 uint32_t port_id, uint32_t action_id)
865 struct app_pipeline_acl_rule *rule;
866 struct pipeline_acl_add_msg_rsp *rsp;
867 int new_rule, src_field_start, dst_field_start, i;
868 uint32_t *ip1, *ip2, *ip3, *ip4, src_mask, dest_mask;
869 uint32_t src_ip[IPV6_32BIT_LENGTH], dst_ip[IPV6_32BIT_LENGTH];
870 const uint32_t nbu32 = sizeof(uint32_t) * CHAR_BIT;
872 struct rte_table_acl_rule_add_params params;
873 struct acl_table_entry entry = {
875 .action = RTE_PIPELINE_ACTION_PORT,
876 {.port_id = port_id},
878 .action_id = action_id,
881 memset(¶ms, 0, sizeof(params));
883 /* Check input arguments */
885 (key == NULL) || !((key->type == PIPELINE_ACL_IPV4_5TUPLE) ||
886 (key->type == PIPELINE_ACL_IPV6_5TUPLE)))
889 if (action_id > action_array_max) {
890 printf("Action ID greater than max\n");
894 if (app_pipeline_acl_key_check_and_normalize(key) != 0)
897 /* Find existing rule or allocate new rule */
898 rule = app_pipeline_acl_rule_find(key);
899 new_rule = (rule == NULL);
901 rule = rte_malloc(NULL, sizeof(*rule), RTE_CACHE_LINE_SIZE);
907 /* Allocate Response */
908 rsp = app_msg_alloc(app);
916 case PIPELINE_ACL_IPV4_5TUPLE:
917 params.priority = priority;
918 params.field_value[0].value.u8 = key->key.ipv4_5tuple.proto;
919 params.field_value[0].mask_range.u8 =
920 key->key.ipv4_5tuple.proto_mask;
921 params.field_value[1].value.u32 = key->key.ipv4_5tuple.src_ip;
922 params.field_value[1].mask_range.u32 =
923 key->key.ipv4_5tuple.src_ip_mask;
924 params.field_value[2].value.u32 = key->key.ipv4_5tuple.dst_ip;
925 params.field_value[2].mask_range.u32 =
926 key->key.ipv4_5tuple.dst_ip_mask;
927 params.field_value[3].value.u16 =
928 key->key.ipv4_5tuple.src_port_from;
929 params.field_value[3].mask_range.u16 =
930 key->key.ipv4_5tuple.src_port_to;
931 params.field_value[4].value.u16 =
932 key->key.ipv4_5tuple.dst_port_from;
933 params.field_value[4].mask_range.u16 =
934 key->key.ipv4_5tuple.dst_port_to;
937 rte_table_acl_ops.f_add(acl_rule_table_ipv4_standby,
939 (struct rte_pipeline_table_entry *)
940 &entry, &rsp->key_found,
941 (void **)&rsp->entry_ptr);
943 if (rsp->status != 0)
945 ("ACL IPV4 Add Rule Command failed key_found: %i\n",
949 ("ACL IPV4 Add Rule Command success key_found: %i\n",
954 case PIPELINE_ACL_IPV6_5TUPLE:
955 ip1 = (uint32_t *) (key->key.ipv6_5tuple.src_ip);
960 params.priority = priority;
961 params.field_value[0].value.u8 = key->key.ipv6_5tuple.proto;
962 params.field_value[0].mask_range.u8 =
963 key->key.ipv6_5tuple.proto_mask;
965 src_ip[0] = rte_bswap32(*ip1);
966 src_ip[1] = rte_bswap32(*ip2);
967 src_ip[2] = rte_bswap32(*ip3);
968 src_ip[3] = rte_bswap32(*ip4);
970 src_mask = key->key.ipv6_5tuple.src_ip_mask;
973 for (i = 0; i != RTE_DIM(src_ip); i++, src_field_start++) {
974 if (src_mask >= (i + 1) * nbu32)
975 params.field_value[src_field_start].
976 mask_range.u32 = nbu32;
978 params.field_value[src_field_start].
981 (i * nbu32) ? src_mask - (i * 32) : 0;
982 params.field_value[src_field_start].value.u32 =
986 ip1 = (uint32_t *) (key->key.ipv6_5tuple.dst_ip);
991 dst_ip[0] = rte_bswap32(*ip1);
992 dst_ip[1] = rte_bswap32(*ip2);
993 dst_ip[2] = rte_bswap32(*ip3);
994 dst_ip[3] = rte_bswap32(*ip4);
996 dest_mask = key->key.ipv6_5tuple.dst_ip_mask;
999 for (i = 0; i != RTE_DIM(dst_ip); i++, dst_field_start++) {
1000 if (dest_mask >= (i + 1) * nbu32)
1001 params.field_value[dst_field_start].
1002 mask_range.u32 = nbu32;
1004 params.field_value[dst_field_start].
1007 (i * nbu32) ? dest_mask - (i * 32) : 0;
1008 params.field_value[dst_field_start].value.u32 =
1012 params.field_value[9].value.u16 =
1013 key->key.ipv6_5tuple.src_port_from;
1014 params.field_value[9].mask_range.u16 =
1015 key->key.ipv6_5tuple.src_port_to;
1016 params.field_value[10].value.u16 =
1017 key->key.ipv6_5tuple.dst_port_from;
1018 params.field_value[10].mask_range.u16 =
1019 key->key.ipv6_5tuple.dst_port_to;
1022 rte_table_acl_ops.f_add(acl_rule_table_ipv6_standby,
1024 (struct rte_pipeline_table_entry *)
1025 &entry, &rsp->key_found,
1026 (void **)&rsp->entry_ptr);
1028 if (rsp->status != 0)
1030 ("ACL IPV6 Add Rule Command failed key_found: %i\n",
1034 ("ACL IPV6 Add Rule Command success key_found: %i\n",
1041 app_msg_free(app, rsp);
1047 /* Read response and write rule */
1049 (rsp->entry_ptr == NULL) ||
1050 ((new_rule == 0) && (rsp->key_found == 0)) ||
1051 ((new_rule == 1) && (rsp->key_found == 1))) {
1052 app_msg_free(app, rsp);
1058 memcpy(&rule->key, key, sizeof(*key));
1059 rule->priority = priority;
1060 rule->port_id = port_id;
1061 rule->action_id = action_id;
1062 rule->entry_ptr = rsp->entry_ptr;
1066 if (key->type == PIPELINE_ACL_IPV4_5TUPLE) {
1067 TAILQ_INSERT_TAIL(acl_tailq_rules_ipv4_standby, rule,
1069 (*acl_n_tailq_rules_ipv4_standby)++;
1071 TAILQ_INSERT_TAIL(acl_tailq_rules_ipv6_standby, rule,
1073 (*acl_n_tailq_rules_ipv6_standby)++;
1077 if (key->type == PIPELINE_ACL_IPV4_5TUPLE)
1078 print_acl_ipv4_rule(rule);
1080 print_acl_ipv6_rule(rule);
1083 app_msg_free(app, rsp);
1089 * Delete ACL rule from the ACL rule table.
1090 * Rules deleted from standby tables.
1091 * Applyruleset command will activate the change.
1092 * Both IPv4 and IPv6 rules can be deleted.
1095 * A pointer to the ACL pipeline parameters.
1097 * A pointer to the ACL rule to delete.
1100 * 0 on success, negative on error.
1103 app_pipeline_acl_delete_rule(struct app_params *app,
1104 struct pipeline_acl_key *key)
1106 struct app_pipeline_acl_rule *rule;
1107 int status, key_found;
1108 uint32_t src_ip[IPV6_32BIT_LENGTH], dst_ip[IPV6_32BIT_LENGTH];
1109 int new_rule, src_field_start, dst_field_start, i;
1110 uint32_t *ip1, *ip2, *ip3, *ip4, src_mask, dest_mask;
1111 const uint32_t nbu32 = sizeof(uint32_t) * CHAR_BIT;
1114 struct rte_table_acl_rule_delete_params params;
1116 memset(¶ms, 0, sizeof(params));
1118 /* Check input arguments */
1119 if ((app == NULL) ||
1120 (key == NULL) || !((key->type == PIPELINE_ACL_IPV4_5TUPLE) ||
1121 (key->type == PIPELINE_ACL_IPV6_5TUPLE)))
1124 if (app_pipeline_acl_key_check_and_normalize(key) != 0)
1128 rule = app_pipeline_acl_rule_find(key);
1130 printf("ACL Delete Rule - Rule does not exist\n");
1134 switch (key->type) {
1135 case PIPELINE_ACL_IPV4_5TUPLE:
1136 params.field_value[0].value.u8 = key->key.ipv4_5tuple.proto;
1137 params.field_value[0].mask_range.u8 =
1138 key->key.ipv4_5tuple.proto_mask;
1139 params.field_value[1].value.u32 = key->key.ipv4_5tuple.src_ip;
1140 params.field_value[1].mask_range.u32 =
1141 key->key.ipv4_5tuple.src_ip_mask;
1142 params.field_value[2].value.u32 = key->key.ipv4_5tuple.dst_ip;
1143 params.field_value[2].mask_range.u32 =
1144 key->key.ipv4_5tuple.dst_ip_mask;
1145 params.field_value[3].value.u16 =
1146 key->key.ipv4_5tuple.src_port_from;
1147 params.field_value[3].mask_range.u16 =
1148 key->key.ipv4_5tuple.src_port_to;
1149 params.field_value[4].value.u16 =
1150 key->key.ipv4_5tuple.dst_port_from;
1151 params.field_value[4].mask_range.u16 =
1152 key->key.ipv4_5tuple.dst_port_to;
1154 status = rte_table_acl_ops.f_delete(acl_rule_table_ipv4_standby,
1155 ¶ms, &key_found, NULL);
1159 ("ACL IPV4 Del Rule Command failed key_found: %i\n",
1163 ("ACL IPV4 Del Rule Command success key_found: %i\n",
1168 case PIPELINE_ACL_IPV6_5TUPLE:
1169 ip1 = (uint32_t *) (key->key.ipv6_5tuple.src_ip);
1174 params.field_value[0].value.u8 = key->key.ipv6_5tuple.proto;
1175 params.field_value[0].mask_range.u8 =
1176 key->key.ipv6_5tuple.proto_mask;
1178 src_ip[0] = rte_bswap32(*ip1);
1179 src_ip[1] = rte_bswap32(*ip2);
1180 src_ip[2] = rte_bswap32(*ip3);
1181 src_ip[3] = rte_bswap32(*ip4);
1183 src_mask = key->key.ipv6_5tuple.src_ip_mask;
1185 src_field_start = 1;
1186 for (i = 0; i != RTE_DIM(src_ip); i++, src_field_start++) {
1187 if (src_mask >= (i + 1) * nbu32)
1188 params.field_value[src_field_start].
1189 mask_range.u32 = nbu32;
1191 params.field_value[src_field_start].
1194 (i * nbu32) ? src_mask - (i * 32) : 0;
1195 params.field_value[src_field_start].value.u32 =
1199 ip1 = (uint32_t *) (key->key.ipv6_5tuple.dst_ip);
1204 dst_ip[0] = rte_bswap32(*ip1);
1205 dst_ip[1] = rte_bswap32(*ip2);
1206 dst_ip[2] = rte_bswap32(*ip3);
1207 dst_ip[3] = rte_bswap32(*ip4);
1209 dest_mask = key->key.ipv6_5tuple.dst_ip_mask;
1211 dst_field_start = 5;
1212 for (i = 0; i != RTE_DIM(dst_ip); i++, dst_field_start++) {
1213 if (dest_mask >= (i + 1) * nbu32)
1214 params.field_value[dst_field_start].
1215 mask_range.u32 = nbu32;
1217 params.field_value[dst_field_start].
1220 (i * nbu32) ? dest_mask - (i * 32) : 0;
1221 params.field_value[dst_field_start].value.u32 =
1225 params.field_value[9].value.u16 =
1226 key->key.ipv6_5tuple.src_port_from;
1227 params.field_value[9].mask_range.u16 =
1228 key->key.ipv6_5tuple.src_port_to;
1229 params.field_value[10].value.u16 =
1230 key->key.ipv6_5tuple.dst_port_from;
1231 params.field_value[10].mask_range.u16 =
1232 key->key.ipv6_5tuple.dst_port_to;
1235 status = rte_table_acl_ops.f_delete(acl_rule_table_ipv6_standby,
1236 ¶ms, &key_found, NULL);
1240 ("ACL IPV6 Del Rule Command failed key_found: %i\n",
1244 ("ACL IPV6 Del Rule Command success key_found: %i\n",
1255 if (status || !key_found)
1259 if (key->type == PIPELINE_ACL_IPV4_5TUPLE) {
1260 TAILQ_REMOVE(acl_tailq_rules_ipv4_standby, rule, node);
1261 (*acl_n_tailq_rules_ipv4_standby)--;
1263 TAILQ_REMOVE(acl_tailq_rules_ipv6_standby, rule, node);
1264 (*acl_n_tailq_rules_ipv6_standby)--;
1273 * Clear all ACL rules from the ACL rule table.
1274 * Rules cleared from standby tables.
1275 * Applyruleset command will activate the change.
1276 * Both IPv4 and IPv6 rules will be cleared.
1279 * A pointer to the ACL pipeline parameters.
1282 * 0 on success, negative on error.
1284 int app_pipeline_acl_clearrules(struct app_params *app)
1286 struct app_pipeline_acl_rule *rule;
1287 struct app_pipeline_acl_rule *command;
1292 /* Check input arguments */
1296 n_rules = *acl_n_tailq_rules_ipv4_standby;
1297 for (priority = 0; n_rules; priority++) {
1298 TAILQ_FOREACH(rule, acl_tailq_rules_ipv4_standby, node) {
1299 if (rule->priority == priority) {
1300 struct pipeline_acl_key key = rule->key;
1302 /* Store command to update standby tables after switchover */
1304 rte_malloc(NULL, sizeof(*command),
1305 RTE_CACHE_LINE_SIZE);
1306 if (command == NULL) {
1307 printf("Cannot allocation command\n");
1311 sizeof(struct app_pipeline_acl_rule));
1312 memcpy(&command->key, &key, sizeof(key));
1313 command->command = acl_delete_command;
1314 TAILQ_INSERT_TAIL(&acl_commands, command, node);
1317 app_pipeline_acl_delete_rule(app, &key);
1323 n_rules = *acl_n_tailq_rules_ipv6_standby;
1324 for (priority = 0; n_rules; priority++) {
1325 TAILQ_FOREACH(rule, acl_tailq_rules_ipv6_standby, node) {
1326 if (rule->priority == priority) {
1327 struct pipeline_acl_key key = rule->key;
1329 /* Store command to update standby tables after switchover */
1331 rte_malloc(NULL, sizeof(*command),
1332 RTE_CACHE_LINE_SIZE);
1333 if (command == NULL) {
1334 printf("Cannot allocation command\n");
1338 sizeof(struct app_pipeline_acl_rule));
1339 memcpy(&command->key, &key, sizeof(key));
1340 command->command = acl_delete_command;
1341 TAILQ_INSERT_TAIL(&acl_commands, command, node);
1344 app_pipeline_acl_delete_rule(app, &key);
1350 /* Clear Action Array */
1351 memset(action_array_standby, 0, action_array_size);
1361 * Open file and process all commands in the file.
1364 * A pointer to the CLI context
1366 * A pointer to the file to process.
1369 static void app_loadrules_file(cmdline_parse_ctx_t *ctx, const char *file_name)
1371 struct cmdline *file_cl;
1374 fd = open(file_name, O_RDONLY);
1376 printf("Cannot open file \"%s\"\n", file_name);
1380 file_cl = cmdline_new(ctx, "", fd, 1);
1381 cmdline_interact(file_cl);
1385 struct cmd_loadrules_file_result {
1386 cmdline_fixed_string_t p_string;
1387 cmdline_fixed_string_t acl_string;
1388 cmdline_fixed_string_t loadrules_string;
1389 char file_name[APP_FILE_NAME_SIZE];
1393 * Parse load rules command.
1394 * Verify that file exists.
1395 * Clear existing rules and action.
1396 * Process commands in command file.
1398 * @param parsed_result
1399 * A pointer to the CLI command parsed result
1401 * A pointer to command line context.
1403 * A pointer to command specific data.
1406 * 0 on success, negative on error.
1410 cmd_loadrules_parsed(void *parsed_result, struct cmdline *cl, void *data)
1412 struct cmd_loadrules_file_result *params = parsed_result;
1413 struct app_params *app = data;
1417 /* Make sure the file exists before clearing rules and actions */
1418 fd = open(params->file_name, O_RDONLY);
1420 printf("Cannot open file \"%s\"\n", params->file_name);
1425 /* Clear all rules and actions */
1426 status = app_pipeline_acl_clearrules(app);
1429 printf("Command clearrules failed\n");
1433 /* Process commands in script file */
1434 app_loadrules_file(cl->ctx, params->file_name);
1437 cmdline_parse_token_string_t cmd_loadrules_p_string =
1438 TOKEN_STRING_INITIALIZER(struct cmd_loadrules_file_result,
1441 cmdline_parse_token_string_t cmd_loadrules_acl_string =
1442 TOKEN_STRING_INITIALIZER(struct cmd_loadrules_file_result,
1445 cmdline_parse_token_string_t cmd_loadrules_loadrules_string =
1446 TOKEN_STRING_INITIALIZER(struct cmd_loadrules_file_result, loadrules_string,
1449 cmdline_parse_token_string_t cmd_loadrules_file_name =
1450 TOKEN_STRING_INITIALIZER(struct cmd_loadrules_file_result, file_name, NULL);
1452 cmdline_parse_inst_t cmd_loadrules = {
1453 .f = cmd_loadrules_parsed,
1455 .help_str = "ACL Load Rules",
1457 (void *)&cmd_loadrules_p_string,
1458 (void *)&cmd_loadrules_acl_string,
1459 (void *)&cmd_loadrules_loadrules_string,
1460 (void *)&cmd_loadrules_file_name,
1466 * Add Action to the Action table.
1467 * Actions are added standby table.
1468 * Applyruleset command will activate the change.
1471 * A pointer to the ACL pipeline parameters.
1473 * A pointer to the Action to add.
1476 * 0 on success, negative on error.
1479 app_pipeline_action_add(struct app_params *app, struct pipeline_action_key *key)
1483 * This function will update the action IDs on the standby table.
1484 * Activating the changes is done with the applyruleset command.
1487 uint32_t action_bitmap = key->action_bitmap;
1488 uint32_t action_id = key->action_id;
1490 if (action_id >= action_array_max) {
1492 printf("Action id: %u out of range\n", action_id);
1496 action_array_standby[action_id].action_id = action_id;
1499 printf("Adding action id: %u Type: ", action_id);
1500 if (action_bitmap == acl_action_packet_accept) {
1501 action_array_standby[action_id].action_bitmap |=
1502 acl_action_packet_accept;
1506 if (action_bitmap == acl_action_packet_drop) {
1507 action_array_standby[action_id].action_bitmap |=
1508 acl_action_packet_drop;
1512 if (action_bitmap == acl_action_nat) {
1513 action_array_standby[action_id].action_bitmap |= acl_action_nat;
1514 action_array_standby[action_id].nat_port = key->nat_port;
1516 printf("NAT Port ID: %u\n", key->nat_port);
1518 if (action_bitmap == acl_action_fwd) {
1519 action_array_standby[action_id].action_bitmap |= acl_action_fwd;
1520 action_array_standby[action_id].fwd_port = key->fwd_port;
1522 printf("FWD Port ID: %u\n", key->fwd_port);
1524 if (action_bitmap == acl_action_count) {
1525 action_array_standby[action_id].action_bitmap |=
1530 if (action_bitmap == acl_action_conntrack) {
1531 action_array_standby[action_id].action_bitmap |=
1532 acl_action_conntrack;
1534 printf("Conntrack\n");
1536 if (action_bitmap == acl_action_connexist) {
1537 action_array_standby[action_id].action_bitmap |=
1538 acl_action_connexist;
1539 action_array_standby[action_id].private_public =
1540 key->private_public;
1542 printf("Conntrack prvpub: %i\n", key->private_public);
1544 if (action_bitmap == acl_action_dscp) {
1545 action_array_standby[action_id].action_bitmap |=
1547 action_array_standby[action_id].dscp_priority =
1550 printf("DSCP Priority: %u\n", key->dscp_priority);
1554 printf("action_bitmap: %" PRIu32 "\n",
1555 action_array_standby[action_id].action_bitmap);
1561 * Delete Action from the Action table.
1562 * Actions are deleted from the standby table.
1563 * Applyruleset command will activate the change.
1566 * A pointer to the ACL pipeline parameters.
1568 * A pointer to the Action to delete.
1571 * 0 on success, negative on error.
1574 app_pipeline_action_delete(struct app_params *app,
1575 struct pipeline_action_key *key)
1578 * This function will update the action IDs on the standby table.
1579 * Activating the changes is done with the applyruleset command.
1582 uint32_t action_bitmap = key->action_bitmap;
1583 uint32_t action_id = key->action_id;
1585 if (action_id >= action_array_max) {
1587 printf("Action id: %u out of range\n", action_id);
1591 if (action_array_standby[action_id].action_bitmap & action_bitmap)
1592 action_array_standby[action_id].action_bitmap &= ~action_bitmap;
1594 printf("ACL Action Delete - Action not set\n");
1597 printf("Deleting action id: %u Type: ", key->action_id);
1598 if (action_bitmap == acl_action_packet_accept)
1600 if (action_bitmap == acl_action_packet_drop)
1602 if (action_bitmap == acl_action_nat)
1604 if (action_bitmap == acl_action_fwd)
1606 if (action_bitmap == acl_action_count)
1608 if (action_bitmap == acl_action_conntrack)
1609 printf("Conntrack\n");
1610 if (action_bitmap == acl_action_connexist)
1611 printf("Connexist\n");
1612 if (action_bitmap == acl_action_dscp)
1615 printf("action_bitmap: %" PRIu32 "\n",
1616 action_array_standby[action_id].action_bitmap);
1627 * A structure defining the ACL add rule command.
1629 struct cmd_acl_add_ip_result {
1630 cmdline_fixed_string_t p_string;
1631 cmdline_fixed_string_t acl_string;
1632 cmdline_fixed_string_t add_string;
1634 cmdline_ipaddr_t src_ip;
1635 uint32_t src_ip_mask;
1636 cmdline_ipaddr_t dst_ip;
1637 uint32_t dst_ip_mask;
1638 uint16_t src_port_from;
1639 uint16_t src_port_to;
1640 uint16_t dst_port_from;
1641 uint16_t dst_port_to;
1649 * Parse ACL add rule CLI command.
1650 * Add rule to standby table.
1651 * Store command to update standby table
1652 * after applyruleset command is invoked.
1654 * @param parsed_result
1655 * A pointer to CLI command parsed result.
1657 * A pointer to command line context.
1659 * A pointer to command specific data
1662 static void cmd_acl_add_ip_parsed(void *parsed_result, __attribute__ ((unused))
1663 struct cmdline *cl, void *data)
1665 struct cmd_acl_add_ip_result *params = parsed_result;
1666 struct app_params *app = data;
1667 struct pipeline_acl_key key;
1668 struct app_pipeline_acl_rule *command;
1671 memset(&key, 0, sizeof(struct pipeline_acl_key));
1673 if (params->src_ip.family == AF_INET) {
1674 key.type = PIPELINE_ACL_IPV4_5TUPLE;
1675 key.key.ipv4_5tuple.src_ip = rte_bswap32((uint32_t)
1678 key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
1679 key.key.ipv4_5tuple.dst_ip = rte_bswap32((uint32_t)
1682 key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
1683 key.key.ipv4_5tuple.src_port_from = params->src_port_from;
1684 key.key.ipv4_5tuple.src_port_to = params->src_port_to;
1685 key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
1686 key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
1687 key.key.ipv4_5tuple.proto = params->proto;
1688 key.key.ipv4_5tuple.proto_mask = params->proto_mask;
1690 if (params->src_ip.family == AF_INET6) {
1692 printf("entered IPV6");
1693 key.type = PIPELINE_ACL_IPV6_5TUPLE;
1694 memcpy(key.key.ipv6_5tuple.src_ip,
1695 params->src_ip.addr.ipv6.s6_addr,
1696 sizeof(params->src_ip.addr.ipv6.s6_addr));
1697 key.key.ipv6_5tuple.src_ip_mask = params->src_ip_mask;
1698 memcpy(key.key.ipv6_5tuple.dst_ip,
1699 params->dst_ip.addr.ipv6.s6_addr,
1700 sizeof(params->src_ip.addr.ipv6.s6_addr));
1701 key.key.ipv6_5tuple.dst_ip_mask = params->dst_ip_mask;
1702 key.key.ipv6_5tuple.src_port_from = params->src_port_from;
1703 key.key.ipv6_5tuple.src_port_to = params->src_port_to;
1704 key.key.ipv6_5tuple.dst_port_from = params->dst_port_from;
1705 key.key.ipv6_5tuple.dst_port_to = params->dst_port_to;
1706 key.key.ipv6_5tuple.proto = params->proto;
1707 key.key.ipv6_5tuple.proto_mask = params->proto_mask;
1710 status = app_pipeline_acl_add_rule(app, &key, params->priority, 1,
1711 /* Set to 1 as default, overwritten by Action FWD/NAT Port */
1715 printf("Command failed\n");
1719 /* Store command to update standby tables after switchover */
1720 command = rte_malloc(NULL, sizeof(*command), RTE_CACHE_LINE_SIZE);
1721 if (command == NULL) {
1722 printf("Cannot allocation command\n");
1725 memset(command, 0, sizeof(struct app_pipeline_acl_rule));
1726 memcpy(&command->key, &key, sizeof(key));
1727 command->priority = params->priority;
1728 command->port_id = params->port_id;
1729 command->action_id = params->action_id;
1730 command->command = acl_add_command;
1731 TAILQ_INSERT_TAIL(&acl_commands, command, node);
1734 cmdline_parse_token_string_t cmd_acl_add_ip_p_string =
1735 TOKEN_STRING_INITIALIZER(struct cmd_acl_add_ip_result, p_string,
1738 cmdline_parse_token_string_t cmd_acl_add_ip_acl_string =
1739 TOKEN_STRING_INITIALIZER(struct cmd_acl_add_ip_result,
1742 cmdline_parse_token_string_t cmd_acl_add_ip_add_string =
1743 TOKEN_STRING_INITIALIZER(struct cmd_acl_add_ip_result,
1746 cmdline_parse_token_num_t cmd_acl_add_ip_priority =
1747 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result, priority,
1750 cmdline_parse_token_ipaddr_t cmd_acl_add_ip_src_ip =
1751 TOKEN_IPADDR_INITIALIZER(struct cmd_acl_add_ip_result, src_ip);
1753 cmdline_parse_token_num_t cmd_acl_add_ip_src_ip_mask =
1754 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result, src_ip_mask,
1757 cmdline_parse_token_ipaddr_t cmd_acl_add_ip_dst_ip =
1758 TOKEN_IPADDR_INITIALIZER(struct cmd_acl_add_ip_result, dst_ip);
1760 cmdline_parse_token_num_t cmd_acl_add_ip_dst_ip_mask =
1761 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result, dst_ip_mask,
1764 cmdline_parse_token_num_t cmd_acl_add_ip_src_port_from =
1765 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1766 src_port_from, UINT16);
1768 cmdline_parse_token_num_t cmd_acl_add_ip_src_port_to =
1769 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1770 src_port_to, UINT16);
1772 cmdline_parse_token_num_t cmd_acl_add_ip_dst_port_from =
1773 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1774 dst_port_from, UINT16);
1776 cmdline_parse_token_num_t cmd_acl_add_ip_dst_port_to =
1777 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1778 dst_port_to, UINT16);
1780 cmdline_parse_token_num_t cmd_acl_add_ip_proto =
1781 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1784 cmdline_parse_token_num_t cmd_acl_add_ip_proto_mask =
1785 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1788 cmdline_parse_token_num_t cmd_acl_add_ip_port_id =
1789 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1792 cmdline_parse_token_num_t cmd_acl_add_ip_action_id =
1793 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1796 cmdline_parse_inst_t cmd_acl_add_ip = {
1797 .f = cmd_acl_add_ip_parsed,
1799 .help_str = "ACL rule add",
1801 (void *)&cmd_acl_add_ip_p_string,
1802 (void *)&cmd_acl_add_ip_acl_string,
1803 (void *)&cmd_acl_add_ip_add_string,
1804 (void *)&cmd_acl_add_ip_priority,
1805 (void *)&cmd_acl_add_ip_src_ip,
1806 (void *)&cmd_acl_add_ip_src_ip_mask,
1807 (void *)&cmd_acl_add_ip_dst_ip,
1808 (void *)&cmd_acl_add_ip_dst_ip_mask,
1809 (void *)&cmd_acl_add_ip_src_port_from,
1810 (void *)&cmd_acl_add_ip_src_port_to,
1811 (void *)&cmd_acl_add_ip_dst_port_from,
1812 (void *)&cmd_acl_add_ip_dst_port_to,
1813 (void *)&cmd_acl_add_ip_proto,
1814 (void *)&cmd_acl_add_ip_proto_mask,
1815 (void *)&cmd_acl_add_ip_action_id,
1825 * A structure defining the ACL delete rule command.
1827 struct cmd_acl_del_ip_result {
1828 cmdline_fixed_string_t p_string;
1829 cmdline_fixed_string_t acl_string;
1830 cmdline_fixed_string_t del_string;
1831 cmdline_ipaddr_t src_ip;
1832 uint32_t src_ip_mask;
1833 cmdline_ipaddr_t dst_ip;
1834 uint32_t dst_ip_mask;
1835 uint16_t src_port_from;
1836 uint16_t src_port_to;
1837 uint16_t dst_port_from;
1838 uint16_t dst_port_to;
1844 * Parse ACL delete rule CLI command.
1845 * Delete rule from standby table.
1846 * Store command to update standby table
1847 * after applyruleset command is invoked.
1849 * @param parsed_result
1850 * A pointer to CLI command parsed result.
1852 * A pointer to command line context.
1854 * A pointer to command specific data
1857 static void cmd_acl_del_ip_parsed(void *parsed_result, __attribute__ ((unused))
1858 struct cmdline *cl, void *data)
1860 struct cmd_acl_del_ip_result *params = parsed_result;
1861 struct app_params *app = data;
1862 struct pipeline_acl_key key;
1863 struct app_pipeline_acl_rule *command;
1866 memset(&key, 0, sizeof(struct pipeline_acl_key));
1868 if (params->src_ip.family == AF_INET) {
1869 key.type = PIPELINE_ACL_IPV4_5TUPLE;
1870 key.key.ipv4_5tuple.src_ip = rte_bswap32((uint32_t)
1873 key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
1874 key.key.ipv4_5tuple.dst_ip = rte_bswap32((uint32_t)
1877 key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
1878 key.key.ipv4_5tuple.src_port_from = params->src_port_from;
1879 key.key.ipv4_5tuple.src_port_to = params->src_port_to;
1880 key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
1881 key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
1882 key.key.ipv4_5tuple.proto = params->proto;
1883 key.key.ipv4_5tuple.proto_mask = params->proto_mask;
1885 if (params->src_ip.family == AF_INET6) {
1886 key.type = PIPELINE_ACL_IPV6_5TUPLE;
1887 memcpy(key.key.ipv6_5tuple.src_ip,
1888 params->src_ip.addr.ipv6.s6_addr,
1889 sizeof(params->src_ip.addr.ipv6.s6_addr));
1890 key.key.ipv6_5tuple.src_ip_mask = params->src_ip_mask;
1891 memcpy(key.key.ipv6_5tuple.dst_ip,
1892 params->dst_ip.addr.ipv6.s6_addr,
1893 sizeof(params->dst_ip.addr.ipv6.s6_addr));
1894 key.key.ipv6_5tuple.dst_ip_mask = params->dst_ip_mask;
1895 key.key.ipv6_5tuple.src_port_from = params->src_port_from;
1896 key.key.ipv6_5tuple.src_port_to = params->src_port_to;
1897 key.key.ipv6_5tuple.dst_port_from = params->dst_port_from;
1898 key.key.ipv6_5tuple.dst_port_to = params->dst_port_to;
1899 key.key.ipv6_5tuple.proto = params->proto;
1900 key.key.ipv6_5tuple.proto_mask = params->proto_mask;
1903 status = app_pipeline_acl_delete_rule(app, &key);
1906 printf("Command failed\n");
1910 /* Store command to update standby tables after switchover */
1911 command = rte_malloc(NULL, sizeof(*command), RTE_CACHE_LINE_SIZE);
1912 if (command == NULL) {
1913 printf("Cannot allocation command\n");
1916 memset(command, 0, sizeof(struct app_pipeline_acl_rule));
1917 memcpy(&command->key, &key, sizeof(key));
1918 command->command = acl_delete_command;
1919 TAILQ_INSERT_TAIL(&acl_commands, command, node);
1922 cmdline_parse_token_string_t cmd_acl_del_ip_p_string =
1923 TOKEN_STRING_INITIALIZER(struct cmd_acl_del_ip_result, p_string,
1926 cmdline_parse_token_string_t cmd_acl_del_ip_acl_string =
1927 TOKEN_STRING_INITIALIZER(struct cmd_acl_del_ip_result,
1930 cmdline_parse_token_string_t cmd_acl_del_ip_del_string =
1931 TOKEN_STRING_INITIALIZER(struct cmd_acl_del_ip_result,
1934 cmdline_parse_token_ipaddr_t cmd_acl_del_ip_src_ip =
1935 TOKEN_IPADDR_INITIALIZER(struct cmd_acl_del_ip_result, src_ip);
1937 cmdline_parse_token_num_t cmd_acl_del_ip_src_ip_mask =
1938 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result, src_ip_mask,
1941 cmdline_parse_token_ipaddr_t cmd_acl_del_ip_dst_ip =
1942 TOKEN_IPADDR_INITIALIZER(struct cmd_acl_del_ip_result, dst_ip);
1944 cmdline_parse_token_num_t cmd_acl_del_ip_dst_ip_mask =
1945 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result, dst_ip_mask,
1948 cmdline_parse_token_num_t cmd_acl_del_ip_src_port_from =
1949 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result,
1950 src_port_from, UINT16);
1952 cmdline_parse_token_num_t cmd_acl_del_ip_src_port_to =
1953 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result, src_port_to,
1956 cmdline_parse_token_num_t cmd_acl_del_ip_dst_port_from =
1957 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result,
1958 dst_port_from, UINT16);
1960 cmdline_parse_token_num_t cmd_acl_del_ip_dst_port_to =
1961 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result,
1962 dst_port_to, UINT16);
1964 cmdline_parse_token_num_t cmd_acl_del_ip_proto =
1965 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result,
1968 cmdline_parse_token_num_t cmd_acl_del_ip_proto_mask =
1969 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result, proto_mask,
1972 cmdline_parse_inst_t cmd_acl_del_ip = {
1973 .f = cmd_acl_del_ip_parsed,
1975 .help_str = "ACL rule delete",
1977 (void *)&cmd_acl_del_ip_p_string,
1978 (void *)&cmd_acl_del_ip_acl_string,
1979 (void *)&cmd_acl_del_ip_del_string,
1980 (void *)&cmd_acl_del_ip_src_ip,
1981 (void *)&cmd_acl_del_ip_src_ip_mask,
1982 (void *)&cmd_acl_del_ip_dst_ip,
1983 (void *)&cmd_acl_del_ip_dst_ip_mask,
1984 (void *)&cmd_acl_del_ip_src_port_from,
1985 (void *)&cmd_acl_del_ip_src_port_to,
1986 (void *)&cmd_acl_del_ip_dst_port_from,
1987 (void *)&cmd_acl_del_ip_dst_port_to,
1988 (void *)&cmd_acl_del_ip_proto,
1989 (void *)&cmd_acl_del_ip_proto_mask,
1999 * A structure defining the ACL stats command.
2001 struct cmd_acl_stats_result {
2002 cmdline_fixed_string_t p_string;
2003 cmdline_fixed_string_t acl_string;
2004 cmdline_fixed_string_t stats_string;
2008 * Display ACL and Connection Tracker stats to the console.
2010 * @param parsed_result
2011 * A pointer to CLI command parsed result.
2013 * A pointer to command line context.
2015 * A pointer to command specific data
2018 static void cmd_acl_stats_parsed(void *parsed_result, __attribute__ ((unused))
2019 struct cmdline *cl, void *data)
2021 struct cmd_acl_stats_result *params = parsed_result;
2022 struct app_params *app = data;
2024 struct rte_ACL_counter_block acl_counter_sums;
2025 struct rte_CT_counter_block ct_counter_sums;
2026 struct rte_CT_counter_block *ct_counters;
2027 struct action_counter_block action_counter_sum[action_array_max];
2029 memset(&acl_counter_sums, 0, sizeof(acl_counter_sums));
2030 memset(&ct_counter_sums, 0, sizeof(ct_counter_sums));
2031 memset(&action_counter_sum, 0, sizeof(action_counter_sum));
2033 printf("ACL Stats\n");
2034 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
2035 struct rte_ACL_counter_block *acl_ctrs =
2036 &rte_acl_counter_table[i];
2037 ct_counters = rte_acl_counter_table[i].ct_counters;
2038 printf("acl entry[%i] tpkts_processed: %" PRIu64
2039 ", pkts_drop: %" PRIu64 ", pkts_received: %" PRIu64
2040 ", bytes_processed: %" PRIu64 "\n", i,
2041 acl_ctrs->tpkts_processed, acl_ctrs->pkts_drop,
2042 acl_ctrs->pkts_received, acl_ctrs->bytes_processed);
2044 acl_counter_sums.tpkts_processed += acl_ctrs->tpkts_processed;
2045 acl_counter_sums.bytes_processed += acl_ctrs->bytes_processed;
2046 acl_counter_sums.pkts_drop += acl_ctrs->pkts_drop;
2047 acl_counter_sums.pkts_received += acl_ctrs->pkts_received;
2048 ct_counter_sums.pkts_forwarded += ct_counters->pkts_forwarded;
2049 ct_counter_sums.pkts_drop += ct_counters->pkts_drop;
2052 printf("ACL TOTAL: tpkts_processed: %" PRIu64 ", pkts_drop: %" PRIu64
2053 ", pkts_received: %" PRIu64 ", bytes_processed: %" PRIu64 "\n\n",
2054 acl_counter_sums.tpkts_processed,
2055 acl_counter_sums.pkts_drop,
2056 acl_counter_sums.pkts_received,
2057 acl_counter_sums.bytes_processed);
2059 printf("CT TOTAL: ct_packets_forwarded: %" PRIu64
2060 ", ct_packets_dropped: %" PRIu64 "\n\n",
2061 ct_counter_sums.pkts_forwarded, ct_counter_sums.pkts_drop);
2063 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
2064 for (j = 0; j < action_array_max; j++) {
2065 if (action_array_active[j].action_bitmap &
2067 action_counter_sum[j].packetCount +=
2068 action_counter_table[i][j].packetCount;
2069 action_counter_sum[j].byteCount +=
2070 action_counter_table[i][j].byteCount;
2075 for (j = 0; j < action_array_max; j++) {
2076 if (action_array_active[j].action_bitmap & acl_action_count)
2077 printf("Action ID: %02u, packetCount: %" PRIu64
2078 ", byteCount: %" PRIu64 "\n", j,
2079 action_counter_sum[j].packetCount,
2080 action_counter_sum[j].byteCount);
2084 cmdline_parse_token_string_t cmd_acl_stats_p_string =
2085 TOKEN_STRING_INITIALIZER(struct cmd_acl_stats_result,
2088 cmdline_parse_token_string_t cmd_acl_stats_acl_string =
2089 TOKEN_STRING_INITIALIZER(struct cmd_acl_stats_result,
2092 cmdline_parse_token_string_t cmd_acl_stats_stats_string =
2093 TOKEN_STRING_INITIALIZER(struct cmd_acl_stats_result,
2094 stats_string, "stats");
2096 cmdline_parse_inst_t cmd_acl_stats = {
2097 .f = cmd_acl_stats_parsed,
2099 .help_str = "ACL stats",
2101 (void *)&cmd_acl_stats_p_string,
2102 (void *)&cmd_acl_stats_acl_string,
2103 (void *)&cmd_acl_stats_stats_string,
2113 * A structure defining the ACL clear stats command.
2115 struct cmd_acl_clearstats_result {
2116 cmdline_fixed_string_t p_string;
2117 cmdline_fixed_string_t acl_string;
2118 cmdline_fixed_string_t clearstats_string;
2122 * Clear ACL and Connection Tracker stats.
2124 * @param parsed_result
2125 * A pointer to CLI command parsed result.
2127 * A pointer to command line context.
2129 * A pointer to command specific data
2132 static void cmd_acl_clearstats_parsed(__attribute__ ((unused))
2133 void *parsed_result,
2134 __attribute__ ((unused))
2136 __attribute__ ((unused))
2141 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
2142 rte_acl_counter_table[i].tpkts_processed = 0;
2143 rte_acl_counter_table[i].bytes_processed = 0;
2144 rte_acl_counter_table[i].pkts_drop = 0;
2145 rte_acl_counter_table[i].pkts_received = 0;
2146 rte_acl_counter_table[i].pkts_drop_ttl = 0;
2147 rte_acl_counter_table[i].pkts_drop_bad_size = 0;
2148 rte_acl_counter_table[i].pkts_drop_fragmented = 0;
2149 rte_acl_counter_table[i].pkts_drop_without_arp_entry = 0;
2150 rte_acl_counter_table[i].ct_counters->pkts_forwarded = 0;
2151 rte_acl_counter_table[i].ct_counters->pkts_drop = 0;
2154 memset(&action_counter_table, 0, sizeof(action_counter_table));
2158 cmdline_parse_token_string_t cmd_acl_clearstats_p_string =
2159 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearstats_result,
2162 cmdline_parse_token_string_t cmd_acl_clearstats_acl_string =
2163 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearstats_result,
2166 cmdline_parse_token_string_t cmd_acl_clearstats_clearstats_string =
2167 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearstats_result,
2168 clearstats_string, "clearstats");
2170 cmdline_parse_inst_t cmd_acl_clearstats = {
2171 .f = cmd_acl_clearstats_parsed,
2173 .help_str = "ACL clearstats",
2175 (void *)&cmd_acl_clearstats_p_string,
2176 (void *)&cmd_acl_clearstats_acl_string,
2177 (void *)&cmd_acl_clearstats_clearstats_string,
2187 * A structure defining the ACL debug command.
2189 struct cmd_acl_dbg_result {
2190 cmdline_fixed_string_t p_string;
2191 cmdline_fixed_string_t acl_string;
2192 cmdline_fixed_string_t dbg_string;
2197 * Parse and handle ACL debug command.
2199 * @param parsed_result
2200 * A pointer to CLI command parsed result.
2202 * A pointer to command line context.
2204 * A pointer to command specific data
2207 static void cmd_acl_dbg_parsed(void *parsed_result, __attribute__ ((unused))
2208 struct cmdline *cl, void *data)
2210 struct cmd_acl_dbg_result *params = parsed_result;
2211 struct app_params *app = data;
2213 if (params->dbg == 0) {
2214 printf("DBG turned OFF\n");
2216 } else if (params->dbg == 1) {
2217 printf("DBG turned ON\n");
2219 } else if (params->dbg == 2) {
2220 printf("ACL IPV4 enabled\n");
2221 printf("ACL IPV6 enabled\n");
2222 acl_ipv4_enabled = 1;
2223 acl_ipv6_enabled = 1;
2224 } else if (params->dbg == 3) {
2225 printf("ACL IPV4 enabled\n");
2226 printf("ACL IPV6 disabled\n");
2227 acl_ipv4_enabled = 1;
2228 acl_ipv6_enabled = 0;
2229 } else if (params->dbg == 4) {
2230 printf("ACL IPV4 disabled\n");
2231 printf("ACL IPV6 enabled\n");
2232 acl_ipv4_enabled = 0;
2233 acl_ipv6_enabled = 1;
2234 } else if (params->dbg == 5) {
2235 printf("ACL Version: 3.03\n");
2237 printf("Invalid DBG setting\n");
2240 cmdline_parse_token_string_t cmd_acl_dbg_p_string =
2241 TOKEN_STRING_INITIALIZER(struct cmd_acl_dbg_result,
2244 cmdline_parse_token_string_t cmd_acl_dbg_acl_string =
2245 TOKEN_STRING_INITIALIZER(struct cmd_acl_dbg_result,
2248 cmdline_parse_token_string_t cmd_acl_dbg_dbg_string =
2249 TOKEN_STRING_INITIALIZER(struct cmd_acl_dbg_result,
2252 cmdline_parse_token_num_t cmd_acl_dbg_dbg =
2253 TOKEN_NUM_INITIALIZER(struct cmd_acl_dbg_result, dbg,
2256 cmdline_parse_inst_t cmd_acl_dbg = {
2257 .f = cmd_acl_dbg_parsed,
2259 .help_str = "ACL dbg",
2261 (void *)&cmd_acl_dbg_p_string,
2262 (void *)&cmd_acl_dbg_acl_string,
2263 (void *)&cmd_acl_dbg_dbg_string,
2264 (void *)&cmd_acl_dbg_dbg,
2274 * A structure defining the ACL clear rules command.
2276 struct cmd_acl_clearrules_result {
2277 cmdline_fixed_string_t p_string;
2278 cmdline_fixed_string_t acl_string;
2279 cmdline_fixed_string_t clearrules_string;
2283 * Parse clear rule command.
2285 * @param parsed_result
2286 * A pointer to CLI command parsed result.
2288 * A pointer to command line context.
2290 * A pointer to command specific data
2293 static void cmd_acl_clearrules_parsed(__attribute__ ((unused))
2294 void *parsed_result,
2295 __attribute__ ((unused))
2296 struct cmdline *cl, void *data)
2298 struct app_params *app = data;
2301 status = app_pipeline_acl_clearrules(app);
2304 printf("Command failed\n");
2309 cmdline_parse_token_string_t cmd_acl_clearrules_p_string =
2310 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearrules_result,
2313 cmdline_parse_token_string_t cmd_acl_clearrules_acl_string =
2314 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearrules_result,
2317 cmdline_parse_token_string_t cmd_acl_clearrules_clearrules_string =
2318 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearrules_result,
2319 clearrules_string, "clearrules");
2321 cmdline_parse_inst_t cmd_acl_clearrules = {
2322 .f = cmd_acl_clearrules_parsed,
2324 .help_str = "ACL clearrules",
2326 (void *)&cmd_acl_clearrules_p_string,
2327 (void *)&cmd_acl_clearrules_acl_string,
2328 (void *)&cmd_acl_clearrules_clearrules_string,
2338 * A structure defining the ACL ls CLI command result.
2340 struct cmd_acl_ls_result {
2341 cmdline_fixed_string_t p_string;
2342 cmdline_fixed_string_t acl_string;
2343 cmdline_fixed_string_t ls_string;
2344 uint32_t table_instance;
2348 * Parse ACL ls command to display rules to the console.
2350 * @param parsed_result
2351 * A pointer to CLI command parsed result.
2353 * A pointer to command line context.
2355 * A pointer to command specific data
2358 static void cmd_acl_ls_parsed(__attribute__ ((unused))
2359 void *parsed_result, __attribute__ ((unused))
2360 struct cmdline *cl, void *data)
2362 struct app_params *app = data;
2363 struct cmd_acl_ls_result *params = parsed_result;
2365 app_pipeline_acl_ls(app, params->table_instance);
2368 cmdline_parse_token_string_t cmd_acl_ls_p_string =
2369 TOKEN_STRING_INITIALIZER(struct cmd_acl_ls_result, p_string,
2372 cmdline_parse_token_string_t cmd_acl_ls_acl_string =
2373 TOKEN_STRING_INITIALIZER(struct cmd_acl_ls_result,
2376 cmdline_parse_token_string_t cmd_acl_ls_ls_string =
2377 TOKEN_STRING_INITIALIZER(struct cmd_acl_ls_result, ls_string,
2380 cmdline_parse_token_num_t cmd_acl_ls_table_instance =
2381 TOKEN_NUM_INITIALIZER(struct cmd_acl_ls_result, table_instance,
2384 cmdline_parse_inst_t cmd_acl_ls = {
2385 .f = cmd_acl_ls_parsed,
2387 .help_str = "ACL rule list",
2389 (void *)&cmd_acl_ls_p_string,
2390 (void *)&cmd_acl_ls_acl_string,
2391 (void *)&cmd_acl_ls_ls_string,
2392 (void *)&cmd_acl_ls_table_instance,
2398 * p acl applyruleset
2402 * A structure defining the ACL apply ruleset command.
2404 struct cmd_acl_applyruleset_result {
2405 cmdline_fixed_string_t p_string;
2406 cmdline_fixed_string_t acl_string;
2407 cmdline_fixed_string_t applyruleset_string;
2411 * Parse ACL Apply Ruleset Command.
2412 * Switchover active and standby tables.
2413 * Sync newly standby tables to match updated data.
2414 * Both ACL rule and ACL action tables updated.
2416 * @param parsed_result
2417 * A pointer to CLI command parsed result.
2419 * A pointer to command line context.
2421 * A pointer to command specific data
2424 static void cmd_acl_applyruleset_parsed(__attribute__ ((unused))
2425 void *parsed_result,
2426 __attribute__ ((unused))
2427 struct cmdline *cl, void *data)
2429 struct app_params *app = data;
2431 uint32_t *temp_count_ptr;
2432 struct pipeline_action_key *action_array_temp_ptr;
2435 printf("ACL Apply Ruleset\n");
2437 /* Switchover Active and Standby TRIE rule tables */
2438 temp_ptr = acl_rule_table_ipv4_active;
2439 acl_rule_table_ipv4_active = acl_rule_table_ipv4_standby;
2440 acl_rule_table_ipv4_standby = temp_ptr;
2441 temp_ptr = acl_rule_table_ipv6_active;
2442 acl_rule_table_ipv6_active = acl_rule_table_ipv6_standby;
2443 acl_rule_table_ipv6_standby = temp_ptr;
2445 /* Switchover tailq tables */
2446 acl_tailq_rules_temp_ptr = acl_tailq_rules_ipv4_active;
2447 acl_tailq_rules_ipv4_active = acl_tailq_rules_ipv4_standby;
2448 acl_tailq_rules_ipv4_standby = acl_tailq_rules_temp_ptr;
2449 acl_tailq_rules_temp_ptr = acl_tailq_rules_ipv6_active;
2450 acl_tailq_rules_ipv6_active = acl_tailq_rules_ipv6_standby;
2451 acl_tailq_rules_ipv6_standby = acl_tailq_rules_temp_ptr;
2452 temp_count_ptr = acl_n_tailq_rules_ipv4_active;
2453 acl_n_tailq_rules_ipv4_active = acl_n_tailq_rules_ipv4_standby;
2454 acl_n_tailq_rules_ipv4_standby = temp_count_ptr;
2455 temp_count_ptr = acl_n_tailq_rules_ipv6_active;
2456 acl_n_tailq_rules_ipv6_active = acl_n_tailq_rules_ipv6_standby;
2457 acl_n_tailq_rules_ipv6_standby = temp_count_ptr;
2459 /* Switchover Active and Standby action table */
2460 action_array_temp_ptr = action_array_active;
2461 action_array_active = action_array_standby;
2462 action_array_standby = action_array_temp_ptr;
2463 /* Update Standby action table with all changes */
2464 memcpy(action_array_standby, action_array_active, action_array_size);
2466 /* Update Standby Rule Tables with all changes */
2467 while (!TAILQ_EMPTY(&acl_commands)) {
2468 struct app_pipeline_acl_rule *command;
2470 command = TAILQ_FIRST(&acl_commands);
2471 TAILQ_REMOVE(&acl_commands, command, node);
2473 if (command->command == acl_add_command) {
2474 status = app_pipeline_acl_add_rule(app,
2478 command->action_id);
2481 app_pipeline_acl_delete_rule(app, &command->key);
2484 printf("Command applyruleset add rule failed\n");
2493 cmdline_parse_token_string_t cmd_acl_applyruleset_p_string =
2494 TOKEN_STRING_INITIALIZER(struct cmd_acl_applyruleset_result, p_string,
2497 cmdline_parse_token_string_t cmd_acl_applyruleset_acl_string =
2498 TOKEN_STRING_INITIALIZER(struct cmd_acl_applyruleset_result,
2501 cmdline_parse_token_string_t cmd_acl_applyruleset_applyruleset_string =
2502 TOKEN_STRING_INITIALIZER(struct cmd_acl_applyruleset_result,
2503 applyruleset_string,
2506 cmdline_parse_inst_t cmd_acl_applyruleset = {
2507 .f = cmd_acl_applyruleset_parsed,
2509 .help_str = "ACL applyruleset",
2511 (void *)&cmd_acl_applyruleset_p_string,
2512 (void *)&cmd_acl_applyruleset_acl_string,
2513 (void *)&cmd_acl_applyruleset_applyruleset_string,
2519 * p action add accept
2523 * A structure defining the add accept action command.
2525 struct cmd_action_add_accept_result {
2526 cmdline_fixed_string_t p_string;
2527 cmdline_fixed_string_t action_string;
2528 cmdline_fixed_string_t add_string;
2530 cmdline_fixed_string_t accept_string;
2534 * Parse Accept Action Add Command.
2536 * @param parsed_result
2537 * A pointer to CLI command parsed result.
2539 * A pointer to command line context.
2541 * A pointer to command specific data
2545 cmd_action_add_accept_parsed(void *parsed_result, __attribute__ ((unused))
2546 struct cmdline *cl, void *data)
2548 struct cmd_action_add_accept_result *params = parsed_result;
2549 struct app_params *app = data;
2550 struct pipeline_action_key key;
2553 key.action_id = params->action_id;
2554 key.action_bitmap = acl_action_packet_accept;
2556 status = app_pipeline_action_add(app, &key);
2559 printf("Command failed\n");
2564 cmdline_parse_token_string_t cmd_action_add_accept_p_string =
2565 TOKEN_STRING_INITIALIZER(struct cmd_action_add_accept_result, p_string,
2568 cmdline_parse_token_string_t cmd_action_add_accept_action_string =
2569 TOKEN_STRING_INITIALIZER(struct cmd_action_add_accept_result,
2570 action_string, "action");
2572 cmdline_parse_token_string_t cmd_action_add_accept_add_string =
2573 TOKEN_STRING_INITIALIZER(struct cmd_action_add_accept_result,
2576 cmdline_parse_token_num_t cmd_action_add_accept_action_id =
2577 TOKEN_NUM_INITIALIZER(struct cmd_action_add_accept_result, action_id,
2580 cmdline_parse_token_string_t cmd_action_add_accept_accept_string =
2581 TOKEN_STRING_INITIALIZER(struct cmd_action_add_accept_result,
2582 accept_string, "accept");
2584 cmdline_parse_inst_t cmd_action_add_accept = {
2585 .f = cmd_action_add_accept_parsed,
2587 .help_str = "ACL action add accept",
2589 (void *)&cmd_action_add_accept_p_string,
2590 (void *)&cmd_action_add_accept_action_string,
2591 (void *)&cmd_action_add_accept_add_string,
2592 (void *)&cmd_action_add_accept_action_id,
2593 (void *)&cmd_action_add_accept_accept_string,
2599 * p action del accept
2603 * A structure defining the delete accept action command.
2605 struct cmd_action_del_accept_result {
2606 cmdline_fixed_string_t p_string;
2607 cmdline_fixed_string_t action_string;
2608 cmdline_fixed_string_t del_string;
2610 cmdline_fixed_string_t accept_string;
2614 * Parse Accept Action Delete Command.
2616 * @param parsed_result
2617 * A pointer to CLI command parsed result.
2619 * A pointer to command line context.
2621 * A pointer to command specific data
2625 cmd_action_del_accept_parsed(void *parsed_result, __attribute__ ((unused))
2626 struct cmdline *cl, void *data)
2628 struct cmd_action_del_accept_result *params = parsed_result;
2629 struct app_params *app = data;
2630 struct pipeline_action_key key;
2633 key.action_id = params->action_id;
2634 key.action_bitmap = acl_action_packet_accept;
2636 status = app_pipeline_action_delete(app, &key);
2639 printf("Command failed\n");
2644 cmdline_parse_token_string_t cmd_action_del_accept_p_string =
2645 TOKEN_STRING_INITIALIZER(struct cmd_action_del_accept_result, p_string,
2648 cmdline_parse_token_string_t cmd_action_del_accept_action_string =
2649 TOKEN_STRING_INITIALIZER(struct cmd_action_del_accept_result,
2650 action_string, "action");
2652 cmdline_parse_token_string_t cmd_action_del_accept_del_string =
2653 TOKEN_STRING_INITIALIZER(struct cmd_action_del_accept_result,
2656 cmdline_parse_token_num_t cmd_action_del_accept_action_id =
2657 TOKEN_NUM_INITIALIZER(struct cmd_action_del_accept_result, action_id,
2660 cmdline_parse_token_string_t cmd_action_del_accept_accept_string =
2661 TOKEN_STRING_INITIALIZER(struct cmd_action_del_accept_result,
2662 accept_string, "accept");
2664 cmdline_parse_inst_t cmd_action_del_accept = {
2665 .f = cmd_action_del_accept_parsed,
2667 .help_str = "ACL action delete accept",
2669 (void *)&cmd_action_del_accept_p_string,
2670 (void *)&cmd_action_del_accept_action_string,
2671 (void *)&cmd_action_del_accept_del_string,
2672 (void *)&cmd_action_del_accept_action_id,
2673 (void *)&cmd_action_del_accept_accept_string,
2683 * A structure defining the add drop action command.
2685 struct cmd_action_add_drop_result {
2686 cmdline_fixed_string_t p_string;
2687 cmdline_fixed_string_t action_string;
2688 cmdline_fixed_string_t add_string;
2690 cmdline_fixed_string_t drop_string;
2694 * Parse Drop Action Add Command.
2696 * @param parsed_result
2697 * A pointer to CLI command parsed result.
2699 * A pointer to command line context.
2701 * A pointer to command specific data
2705 cmd_action_add_drop_parsed(void *parsed_result, __attribute__ ((unused))
2706 struct cmdline *cl, void *data)
2708 struct cmd_action_add_drop_result *params = parsed_result;
2709 struct app_params *app = data;
2710 struct pipeline_action_key key;
2713 key.action_id = params->action_id;
2714 key.action_bitmap = acl_action_packet_drop;
2716 status = app_pipeline_action_add(app, &key);
2719 printf("Command failed\n");
2724 cmdline_parse_token_string_t cmd_action_add_drop_p_string =
2725 TOKEN_STRING_INITIALIZER(struct cmd_action_add_drop_result, p_string,
2728 cmdline_parse_token_string_t cmd_action_add_drop_action_string =
2729 TOKEN_STRING_INITIALIZER(struct cmd_action_add_drop_result,
2730 action_string, "action");
2732 cmdline_parse_token_string_t cmd_action_add_drop_add_string =
2733 TOKEN_STRING_INITIALIZER(struct cmd_action_add_drop_result,
2736 cmdline_parse_token_num_t cmd_action_add_drop_action_id =
2737 TOKEN_NUM_INITIALIZER(struct cmd_action_add_drop_result, action_id,
2740 cmdline_parse_token_string_t cmd_action_add_drop_drop_string =
2741 TOKEN_STRING_INITIALIZER(struct cmd_action_add_drop_result,
2742 drop_string, "drop");
2744 cmdline_parse_inst_t cmd_action_add_drop = {
2745 .f = cmd_action_add_drop_parsed,
2747 .help_str = "ACL action add drop",
2749 (void *)&cmd_action_add_drop_p_string,
2750 (void *)&cmd_action_add_drop_action_string,
2751 (void *)&cmd_action_add_drop_add_string,
2752 (void *)&cmd_action_add_drop_action_id,
2753 (void *)&cmd_action_add_drop_drop_string,
2763 * A structure defining the delete drop action command.
2765 struct cmd_action_del_drop_result {
2766 cmdline_fixed_string_t p_string;
2767 cmdline_fixed_string_t action_string;
2768 cmdline_fixed_string_t del_string;
2770 cmdline_fixed_string_t drop_string;
2774 * Parse Drop Action Delete Command.
2776 * @param parsed_result
2777 * A pointer to CLI command parsed result.
2779 * A pointer to command line context.
2781 * A pointer to command specific data
2785 cmd_action_del_drop_parsed(void *parsed_result, __attribute__ ((unused))
2786 struct cmdline *cl, void *data)
2788 struct cmd_action_del_drop_result *params = parsed_result;
2789 struct app_params *app = data;
2790 struct pipeline_action_key key;
2793 key.action_id = params->action_id;
2794 key.action_bitmap = acl_action_packet_drop;
2796 status = app_pipeline_action_delete(app, &key);
2799 printf("Command failed\n");
2804 cmdline_parse_token_string_t cmd_action_del_drop_p_string =
2805 TOKEN_STRING_INITIALIZER(struct cmd_action_del_drop_result, p_string,
2808 cmdline_parse_token_string_t cmd_action_del_drop_action_string =
2809 TOKEN_STRING_INITIALIZER(struct cmd_action_del_drop_result,
2810 action_string, "action");
2812 cmdline_parse_token_string_t cmd_action_del_drop_del_string =
2813 TOKEN_STRING_INITIALIZER(struct cmd_action_del_drop_result,
2816 cmdline_parse_token_num_t cmd_action_del_drop_action_id =
2817 TOKEN_NUM_INITIALIZER(struct cmd_action_del_drop_result, action_id,
2820 cmdline_parse_token_string_t cmd_action_del_drop_drop_string =
2821 TOKEN_STRING_INITIALIZER(struct cmd_action_del_drop_result,
2822 drop_string, "drop");
2824 cmdline_parse_inst_t cmd_action_del_drop = {
2825 .f = cmd_action_del_drop_parsed,
2827 .help_str = "ACL action delete drop",
2829 (void *)&cmd_action_del_drop_p_string,
2830 (void *)&cmd_action_del_drop_action_string,
2831 (void *)&cmd_action_del_drop_del_string,
2832 (void *)&cmd_action_del_drop_action_id,
2833 (void *)&cmd_action_del_drop_drop_string,
2843 * A structure defining the add forward action command.
2845 struct cmd_action_add_fwd_result {
2846 cmdline_fixed_string_t p_string;
2847 cmdline_fixed_string_t action_string;
2848 cmdline_fixed_string_t add_string;
2850 cmdline_fixed_string_t fwd_string;
2855 * Parse Forward Action Add Command.
2857 * @param parsed_result
2858 * A pointer to CLI command parsed result.
2860 * A pointer to command line context.
2862 * A pointer to command specific data
2866 cmd_action_add_fwd_parsed(void *parsed_result, __attribute__ ((unused))
2867 struct cmdline *cl, void *data)
2869 struct cmd_action_add_fwd_result *params = parsed_result;
2870 struct app_params *app = data;
2871 struct pipeline_action_key key;
2874 key.action_id = params->action_id;
2875 key.action_bitmap = acl_action_fwd;
2876 key.fwd_port = params->port_id;
2878 status = app_pipeline_action_add(app, &key);
2881 printf("Command failed\n");
2886 cmdline_parse_token_string_t cmd_action_add_fwd_p_string =
2887 TOKEN_STRING_INITIALIZER(struct cmd_action_add_fwd_result, p_string,
2890 cmdline_parse_token_string_t cmd_action_add_fwd_action_string =
2891 TOKEN_STRING_INITIALIZER(struct cmd_action_add_fwd_result,
2892 action_string, "action");
2894 cmdline_parse_token_string_t cmd_action_add_fwd_add_string =
2895 TOKEN_STRING_INITIALIZER(struct cmd_action_add_fwd_result,
2898 cmdline_parse_token_num_t cmd_action_add_fwd_action_id =
2899 TOKEN_NUM_INITIALIZER(struct cmd_action_add_fwd_result, action_id,
2902 cmdline_parse_token_string_t cmd_action_add_fwd_fwd_string =
2903 TOKEN_STRING_INITIALIZER(struct cmd_action_add_fwd_result,
2906 cmdline_parse_token_num_t cmd_action_add_fwd_port_id =
2907 TOKEN_NUM_INITIALIZER(struct cmd_action_add_fwd_result, port_id,
2910 cmdline_parse_inst_t cmd_action_add_fwd = {
2911 .f = cmd_action_add_fwd_parsed,
2913 .help_str = "ACL action add fwd",
2915 (void *)&cmd_action_add_fwd_p_string,
2916 (void *)&cmd_action_add_fwd_action_string,
2917 (void *)&cmd_action_add_fwd_add_string,
2918 (void *)&cmd_action_add_fwd_action_id,
2919 (void *)&cmd_action_add_fwd_fwd_string,
2920 (void *)&cmd_action_add_fwd_port_id,
2930 * A structure defining the delete forward action command.
2932 struct cmd_action_del_fwd_result {
2933 cmdline_fixed_string_t p_string;
2934 cmdline_fixed_string_t action_string;
2935 cmdline_fixed_string_t del_string;
2937 cmdline_fixed_string_t fwd_string;
2941 * Parse Forward Action Delete Command.
2943 * @param parsed_result
2944 * A pointer to CLI command parsed result.
2946 * A pointer to command line context.
2948 * A pointer to command specific data
2952 cmd_action_del_fwd_parsed(void *parsed_result, __attribute__ ((unused))
2953 struct cmdline *cl, void *data)
2955 struct cmd_action_del_fwd_result *params = parsed_result;
2956 struct app_params *app = data;
2957 struct pipeline_action_key key;
2960 key.action_id = params->action_id;
2961 key.action_bitmap = acl_action_fwd;
2963 status = app_pipeline_action_delete(app, &key);
2966 printf("Command failed\n");
2971 cmdline_parse_token_string_t cmd_action_del_fwd_p_string =
2972 TOKEN_STRING_INITIALIZER(struct cmd_action_del_fwd_result, p_string,
2975 cmdline_parse_token_string_t cmd_action_del_fwd_action_string =
2976 TOKEN_STRING_INITIALIZER(struct cmd_action_del_fwd_result,
2977 action_string, "action");
2979 cmdline_parse_token_string_t cmd_action_del_fwd_del_string =
2980 TOKEN_STRING_INITIALIZER(struct cmd_action_del_fwd_result,
2983 cmdline_parse_token_num_t cmd_action_del_fwd_action_id =
2984 TOKEN_NUM_INITIALIZER(struct cmd_action_del_fwd_result, action_id,
2987 cmdline_parse_token_string_t cmd_action_del_fwd_fwd_string =
2988 TOKEN_STRING_INITIALIZER(struct cmd_action_del_fwd_result,
2991 cmdline_parse_inst_t cmd_action_del_fwd = {
2992 .f = cmd_action_del_fwd_parsed,
2994 .help_str = "ACL action delete fwd",
2996 (void *)&cmd_action_del_fwd_p_string,
2997 (void *)&cmd_action_del_fwd_action_string,
2998 (void *)&cmd_action_del_fwd_del_string,
2999 (void *)&cmd_action_del_fwd_action_id,
3000 (void *)&cmd_action_del_fwd_fwd_string,
3010 * A structure defining the add NAT action command.
3012 struct cmd_action_add_nat_result {
3013 cmdline_fixed_string_t p_string;
3014 cmdline_fixed_string_t action_string;
3015 cmdline_fixed_string_t add_string;
3017 cmdline_fixed_string_t nat_string;
3022 * Parse NAT Action Add Command.
3024 * @param parsed_result
3025 * A pointer to CLI command parsed result.
3027 * A pointer to command line context.
3029 * A pointer to command specific data
3033 cmd_action_add_nat_parsed(void *parsed_result, __attribute__ ((unused))
3034 struct cmdline *cl, void *data)
3036 struct cmd_action_add_nat_result *params = parsed_result;
3037 struct app_params *app = data;
3038 struct pipeline_action_key key;
3041 key.action_id = params->action_id;
3042 key.action_bitmap = acl_action_nat;
3043 key.nat_port = params->port_id;
3045 status = app_pipeline_action_add(app, &key);
3048 printf("Command failed\n");
3053 cmdline_parse_token_string_t cmd_action_add_nat_p_string =
3054 TOKEN_STRING_INITIALIZER(struct cmd_action_add_nat_result, p_string,
3057 cmdline_parse_token_string_t cmd_action_add_nat_action_string =
3058 TOKEN_STRING_INITIALIZER(struct cmd_action_add_nat_result,
3059 action_string, "action");
3061 cmdline_parse_token_string_t cmd_action_add_nat_add_string =
3062 TOKEN_STRING_INITIALIZER(struct cmd_action_add_nat_result,
3065 cmdline_parse_token_num_t cmd_action_add_nat_action_id =
3066 TOKEN_NUM_INITIALIZER(struct cmd_action_add_nat_result, action_id,
3069 cmdline_parse_token_string_t cmd_action_add_nat_nat_string =
3070 TOKEN_STRING_INITIALIZER(struct cmd_action_add_nat_result,
3073 cmdline_parse_token_num_t cmd_action_add_nat_port_id =
3074 TOKEN_NUM_INITIALIZER(struct cmd_action_add_nat_result, port_id,
3077 cmdline_parse_inst_t cmd_action_add_nat = {
3078 .f = cmd_action_add_nat_parsed,
3080 .help_str = "ACL action add nat",
3082 (void *)&cmd_action_add_nat_p_string,
3083 (void *)&cmd_action_add_nat_action_string,
3084 (void *)&cmd_action_add_nat_add_string,
3085 (void *)&cmd_action_add_nat_action_id,
3086 (void *)&cmd_action_add_nat_nat_string,
3087 (void *)&cmd_action_add_nat_port_id,
3097 * A structure defining the delete NAT action command.
3099 struct cmd_action_del_nat_result {
3100 cmdline_fixed_string_t p_string;
3101 cmdline_fixed_string_t action_string;
3102 cmdline_fixed_string_t del_string;
3104 cmdline_fixed_string_t nat_string;
3108 * Parse NAT Action Delete Command.
3110 * @param parsed_result
3111 * A pointer to CLI command parsed result.
3113 * A pointer to command line context.
3115 * A pointer to command specific data
3119 cmd_action_del_nat_parsed(void *parsed_result, __attribute__ ((unused))
3120 struct cmdline *cl, void *data)
3122 struct cmd_action_del_nat_result *params = parsed_result;
3123 struct app_params *app = data;
3124 struct pipeline_action_key key;
3127 key.action_id = params->action_id;
3128 key.action_bitmap = acl_action_nat;
3130 status = app_pipeline_action_delete(app, &key);
3133 printf("Command failed\n");
3138 cmdline_parse_token_string_t cmd_action_del_nat_p_string =
3139 TOKEN_STRING_INITIALIZER(struct cmd_action_del_nat_result, p_string,
3142 cmdline_parse_token_string_t cmd_action_del_nat_action_string =
3143 TOKEN_STRING_INITIALIZER(struct cmd_action_del_nat_result,
3144 action_string, "action");
3146 cmdline_parse_token_string_t cmd_action_del_nat_del_string =
3147 TOKEN_STRING_INITIALIZER(struct cmd_action_del_nat_result,
3150 cmdline_parse_token_num_t cmd_action_del_nat_action_id =
3151 TOKEN_NUM_INITIALIZER(struct cmd_action_del_nat_result, action_id,
3154 cmdline_parse_token_string_t cmd_action_del_nat_nat_string =
3155 TOKEN_STRING_INITIALIZER(struct cmd_action_del_nat_result,
3158 cmdline_parse_inst_t cmd_action_del_nat = {
3159 .f = cmd_action_del_nat_parsed,
3161 .help_str = "ACL action delete nat",
3163 (void *)&cmd_action_del_nat_p_string,
3164 (void *)&cmd_action_del_nat_action_string,
3165 (void *)&cmd_action_del_nat_del_string,
3166 (void *)&cmd_action_del_nat_action_id,
3167 (void *)&cmd_action_del_nat_nat_string,
3173 * p action add count
3177 * A structure defining the add count action command.
3179 struct cmd_action_add_count_result {
3180 cmdline_fixed_string_t p_string;
3181 cmdline_fixed_string_t action_string;
3182 cmdline_fixed_string_t add_string;
3184 cmdline_fixed_string_t count_string;
3188 * Parse Count Action Add Command.
3190 * @param parsed_result
3191 * A pointer to CLI command parsed result.
3193 * A pointer to command line context.
3195 * A pointer to command specific data
3199 cmd_action_add_count_parsed(void *parsed_result, __attribute__ ((unused))
3200 struct cmdline *cl, void *data)
3202 struct cmd_action_add_count_result *params = parsed_result;
3203 struct app_params *app = data;
3204 struct pipeline_action_key key;
3207 key.action_id = params->action_id;
3208 key.action_bitmap = acl_action_count;
3210 status = app_pipeline_action_add(app, &key);
3213 printf("Command failed\n");
3218 cmdline_parse_token_string_t cmd_action_add_count_p_string =
3219 TOKEN_STRING_INITIALIZER(struct cmd_action_add_count_result, p_string,
3222 cmdline_parse_token_string_t cmd_action_add_count_action_string =
3223 TOKEN_STRING_INITIALIZER(struct cmd_action_add_count_result,
3224 action_string, "action");
3226 cmdline_parse_token_string_t cmd_action_add_count_add_string =
3227 TOKEN_STRING_INITIALIZER(struct cmd_action_add_count_result,
3230 cmdline_parse_token_num_t cmd_action_add_count_action_id =
3231 TOKEN_NUM_INITIALIZER(struct cmd_action_add_count_result, action_id,
3234 cmdline_parse_token_string_t cmd_action_add_count_count_string =
3235 TOKEN_STRING_INITIALIZER(struct cmd_action_add_count_result,
3236 count_string, "count");
3238 cmdline_parse_inst_t cmd_action_add_count = {
3239 .f = cmd_action_add_count_parsed,
3241 .help_str = "ACL action add count",
3243 (void *)&cmd_action_add_count_p_string,
3244 (void *)&cmd_action_add_count_action_string,
3245 (void *)&cmd_action_add_count_add_string,
3246 (void *)&cmd_action_add_count_action_id,
3247 (void *)&cmd_action_add_count_count_string,
3253 * p action del count
3257 * A structure defining the delete count action command.
3259 struct cmd_action_del_count_result {
3260 cmdline_fixed_string_t p_string;
3261 cmdline_fixed_string_t action_string;
3262 cmdline_fixed_string_t del_string;
3264 cmdline_fixed_string_t count_string;
3268 * Parse Count Action Delete Command.
3270 * @param parsed_result
3271 * A pointer to CLI command parsed result.
3273 * A pointer to command line context.
3275 * A pointer to command specific data
3279 cmd_action_del_count_parsed(void *parsed_result, __attribute__ ((unused))
3280 struct cmdline *cl, void *data)
3282 struct cmd_action_del_count_result *params = parsed_result;
3283 struct app_params *app = data;
3284 struct pipeline_action_key key;
3287 key.action_id = params->action_id;
3288 key.action_bitmap = acl_action_count;
3290 status = app_pipeline_action_delete(app, &key);
3293 printf("Command failed\n");
3298 cmdline_parse_token_string_t cmd_action_del_count_p_string =
3299 TOKEN_STRING_INITIALIZER(struct cmd_action_del_count_result, p_string,
3302 cmdline_parse_token_string_t cmd_action_del_count_action_string =
3303 TOKEN_STRING_INITIALIZER(struct cmd_action_del_count_result,
3304 action_string, "action");
3306 cmdline_parse_token_string_t cmd_action_del_count_del_string =
3307 TOKEN_STRING_INITIALIZER(struct cmd_action_del_count_result,
3310 cmdline_parse_token_num_t cmd_action_del_count_action_id =
3311 TOKEN_NUM_INITIALIZER(struct cmd_action_del_count_result, action_id,
3314 cmdline_parse_token_string_t cmd_action_del_count_count_string =
3315 TOKEN_STRING_INITIALIZER(struct cmd_action_del_count_result,
3316 count_string, "count");
3318 cmdline_parse_inst_t cmd_action_del_count = {
3319 .f = cmd_action_del_count_parsed,
3321 .help_str = "ACL action delete count",
3323 (void *)&cmd_action_del_count_p_string,
3324 (void *)&cmd_action_del_count_action_string,
3325 (void *)&cmd_action_del_count_del_string,
3326 (void *)&cmd_action_del_count_action_id,
3327 (void *)&cmd_action_del_count_count_string,
3337 * A structure defining the add DSCP action command.
3339 struct cmd_action_add_dscp_result {
3340 cmdline_fixed_string_t p_string;
3341 cmdline_fixed_string_t action_string;
3342 cmdline_fixed_string_t add_string;
3344 cmdline_fixed_string_t dscp_string;
3345 uint8_t dscp_priority;
3349 * Parse DSCP Action Add Command.
3351 * @param parsed_result
3352 * A pointer to CLI command parsed result.
3354 * A pointer to command line context.
3356 * A pointer to command specific data
3360 cmd_action_add_dscp_parsed(void *parsed_result, __attribute__ ((unused))
3361 struct cmdline *cl, void *data)
3363 struct cmd_action_add_dscp_result *params = parsed_result;
3364 struct app_params *app = data;
3365 struct pipeline_action_key key;
3368 key.action_id = params->action_id;
3369 key.action_bitmap = acl_action_dscp;
3370 key.dscp_priority = params->dscp_priority;
3372 status = app_pipeline_action_add(app, &key);
3375 printf("Command failed\n");
3380 cmdline_parse_token_string_t cmd_action_add_dscp_p_string =
3381 TOKEN_STRING_INITIALIZER(struct cmd_action_add_dscp_result, p_string,
3384 cmdline_parse_token_string_t cmd_action_add_dscp_action_string =
3385 TOKEN_STRING_INITIALIZER(struct cmd_action_add_dscp_result,
3386 action_string, "action");
3388 cmdline_parse_token_string_t cmd_action_add_dscp_add_string =
3389 TOKEN_STRING_INITIALIZER(struct cmd_action_add_dscp_result,
3392 cmdline_parse_token_num_t cmd_action_add_dscp_action_id =
3393 TOKEN_NUM_INITIALIZER(struct cmd_action_add_dscp_result, action_id,
3396 cmdline_parse_token_string_t cmd_action_add_dscp_dscp_string =
3397 TOKEN_STRING_INITIALIZER(struct cmd_action_add_dscp_result,
3398 dscp_string, "dscp");
3400 cmdline_parse_token_num_t cmd_action_add_dscp_dscp_priority =
3401 TOKEN_NUM_INITIALIZER(struct cmd_action_add_dscp_result, dscp_priority,
3404 cmdline_parse_inst_t cmd_action_add_dscp = {
3405 .f = cmd_action_add_dscp_parsed,
3407 .help_str = "ACL action add dscp",
3409 (void *)&cmd_action_add_dscp_p_string,
3410 (void *)&cmd_action_add_dscp_action_string,
3411 (void *)&cmd_action_add_dscp_add_string,
3412 (void *)&cmd_action_add_dscp_action_id,
3413 (void *)&cmd_action_add_dscp_dscp_string,
3414 (void *)&cmd_action_add_dscp_dscp_priority,
3424 * A structure defining the delete DSCP action command.
3426 struct cmd_action_del_dscp_result {
3427 cmdline_fixed_string_t p_string;
3428 cmdline_fixed_string_t action_string;
3429 cmdline_fixed_string_t del_string;
3431 cmdline_fixed_string_t dscp_string;
3435 * Parse DSCP Action Delete Command.
3437 * @param parsed_result
3438 * A pointer to CLI command parsed result.
3440 * A pointer to command line context.
3442 * A pointer to command specific data
3446 cmd_action_del_dscp_parsed(void *parsed_result, __attribute__ ((unused))
3447 struct cmdline *cl, void *data)
3449 struct cmd_action_del_dscp_result *params = parsed_result;
3450 struct app_params *app = data;
3451 struct pipeline_action_key key;
3454 key.action_id = params->action_id;
3455 key.action_bitmap = acl_action_dscp;
3457 status = app_pipeline_action_delete(app, &key);
3460 printf("Command failed\n");
3465 cmdline_parse_token_string_t cmd_action_del_dscp_p_string =
3466 TOKEN_STRING_INITIALIZER(struct cmd_action_del_dscp_result, p_string,
3469 cmdline_parse_token_string_t cmd_action_del_dscp_action_string =
3470 TOKEN_STRING_INITIALIZER(struct cmd_action_del_dscp_result,
3471 action_string, "action");
3473 cmdline_parse_token_string_t cmd_action_del_dscp_del_string =
3474 TOKEN_STRING_INITIALIZER(struct cmd_action_del_dscp_result,
3477 cmdline_parse_token_num_t cmd_action_del_dscp_action_id =
3478 TOKEN_NUM_INITIALIZER(struct cmd_action_del_dscp_result, action_id,
3481 cmdline_parse_token_string_t cmd_action_del_dscp_dscp_string =
3482 TOKEN_STRING_INITIALIZER(struct cmd_action_del_dscp_result,
3483 dscp_string, "dscp");
3485 cmdline_parse_inst_t cmd_action_del_dscp = {
3486 .f = cmd_action_del_dscp_parsed,
3488 .help_str = "ACL action delete dscp",
3490 (void *)&cmd_action_del_dscp_p_string,
3491 (void *)&cmd_action_del_dscp_action_string,
3492 (void *)&cmd_action_del_dscp_del_string,
3493 (void *)&cmd_action_del_dscp_action_id,
3494 (void *)&cmd_action_del_dscp_dscp_string,
3500 * p action add conntrack
3504 * A structure defining the add Connection Tracking action command.
3506 struct cmd_action_add_conntrack_result {
3507 cmdline_fixed_string_t p_string;
3508 cmdline_fixed_string_t action_string;
3509 cmdline_fixed_string_t add_string;
3511 cmdline_fixed_string_t conntrack_string;
3515 * Parse Connection Tracking Action Add Command.
3517 * @param parsed_result
3518 * A pointer to CLI command parsed result.
3520 * A pointer to command line context.
3522 * A pointer to command specific data
3526 cmd_action_add_conntrack_parsed(void *parsed_result, __attribute__ ((unused))
3527 struct cmdline *cl, void *data)
3529 struct cmd_action_add_conntrack_result *params = parsed_result;
3530 struct app_params *app = data;
3531 struct pipeline_action_key key;
3534 key.action_id = params->action_id;
3535 key.action_bitmap = acl_action_conntrack;
3537 status = app_pipeline_action_add(app, &key);
3540 printf("Command failed\n");
3545 cmdline_parse_token_string_t cmd_action_add_conntrack_p_string =
3546 TOKEN_STRING_INITIALIZER(struct cmd_action_add_conntrack_result, p_string,
3549 cmdline_parse_token_string_t cmd_action_add_conntrack_action_string =
3550 TOKEN_STRING_INITIALIZER(struct cmd_action_add_conntrack_result,
3551 action_string, "action");
3553 cmdline_parse_token_string_t cmd_action_add_conntrack_add_string =
3554 TOKEN_STRING_INITIALIZER(struct cmd_action_add_conntrack_result,
3557 cmdline_parse_token_num_t cmd_action_add_conntrack_action_id =
3558 TOKEN_NUM_INITIALIZER(struct cmd_action_add_conntrack_result, action_id,
3561 cmdline_parse_token_string_t cmd_action_add_conntrack_conntrack_string =
3562 TOKEN_STRING_INITIALIZER(struct cmd_action_add_conntrack_result,
3563 conntrack_string, "conntrack");
3565 cmdline_parse_inst_t cmd_action_add_conntrack = {
3566 .f = cmd_action_add_conntrack_parsed,
3568 .help_str = "ACL action add conntrack",
3570 (void *)&cmd_action_add_conntrack_p_string,
3571 (void *)&cmd_action_add_conntrack_action_string,
3572 (void *)&cmd_action_add_conntrack_add_string,
3573 (void *)&cmd_action_add_conntrack_action_id,
3574 (void *)&cmd_action_add_conntrack_conntrack_string,
3580 * p action del conntrack
3584 * A structure defining the delete Connection Tracking action command.
3586 struct cmd_action_del_conntrack_result {
3587 cmdline_fixed_string_t p_string;
3588 cmdline_fixed_string_t action_string;
3589 cmdline_fixed_string_t del_string;
3591 cmdline_fixed_string_t conntrack_string;
3595 * Parse Connection Tracking Action Delete Command.
3597 * @param parsed_result
3598 * A pointer to CLI command parsed result.
3600 * A pointer to command line context.
3602 * A pointer to command specific data
3606 cmd_action_del_conntrack_parsed(void *parsed_result, __attribute__ ((unused))
3607 struct cmdline *cl, void *data)
3609 struct cmd_action_del_conntrack_result *params = parsed_result;
3610 struct app_params *app = data;
3611 struct pipeline_action_key key;
3614 key.action_id = params->action_id;
3615 key.action_bitmap = acl_action_conntrack;
3617 status = app_pipeline_action_delete(app, &key);
3620 printf("Command failed\n");
3625 cmdline_parse_token_string_t cmd_action_del_conntrack_p_string =
3626 TOKEN_STRING_INITIALIZER(struct cmd_action_del_conntrack_result, p_string,
3629 cmdline_parse_token_string_t cmd_action_del_conntrack_action_string =
3630 TOKEN_STRING_INITIALIZER(struct cmd_action_del_conntrack_result,
3631 action_string, "action");
3633 cmdline_parse_token_string_t cmd_action_del_conntrack_del_string =
3634 TOKEN_STRING_INITIALIZER(struct cmd_action_del_conntrack_result,
3637 cmdline_parse_token_num_t cmd_action_del_conntrack_action_id =
3638 TOKEN_NUM_INITIALIZER(struct cmd_action_del_conntrack_result, action_id,
3641 cmdline_parse_token_string_t cmd_action_del_conntrack_conntrack_string =
3642 TOKEN_STRING_INITIALIZER(struct cmd_action_del_conntrack_result,
3643 conntrack_string, "conntrack");
3645 cmdline_parse_inst_t cmd_action_del_conntrack = {
3646 .f = cmd_action_del_conntrack_parsed,
3648 .help_str = "ACL action delete conntrack",
3650 (void *)&cmd_action_del_conntrack_p_string,
3651 (void *)&cmd_action_del_conntrack_action_string,
3652 (void *)&cmd_action_del_conntrack_del_string,
3653 (void *)&cmd_action_del_conntrack_action_id,
3654 (void *)&cmd_action_del_conntrack_conntrack_string,
3660 * p action add connexist
3664 * A structure defining the add Connection Exist action command.
3666 struct cmd_action_add_connexist_result {
3667 cmdline_fixed_string_t p_string;
3668 cmdline_fixed_string_t action_string;
3669 cmdline_fixed_string_t add_string;
3671 cmdline_fixed_string_t connexist_string;
3672 cmdline_fixed_string_t private_public_string;
3676 * Parse Connection Exist Action Add Command.
3678 * @param parsed_result
3679 * A pointer to CLI command parsed result.
3681 * A pointer to command line context.
3683 * A pointer to command specific data
3687 cmd_action_add_connexist_parsed(void *parsed_result, __attribute__ ((unused))
3688 struct cmdline *cl, void *data)
3690 struct cmd_action_add_connexist_result *params = parsed_result;
3691 struct app_params *app = data;
3692 struct pipeline_action_key key;
3696 printf("public_private: %s\n", params->private_public_string);
3697 key.action_id = params->action_id;
3698 key.action_bitmap = acl_action_connexist;
3699 if (strcmp(params->private_public_string, "prvpub") == 0)
3700 key.private_public = acl_private_public;
3701 else if (strcmp(params->private_public_string, "pubprv") == 0)
3702 key.private_public = acl_public_private;
3704 printf("Command failed - Invalid string: %s\n",
3705 params->private_public_string);
3709 status = app_pipeline_action_add(app, &key);
3712 printf("Command failed\n");
3717 cmdline_parse_token_string_t cmd_action_add_connexist_p_string =
3718 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result, p_string,
3721 cmdline_parse_token_string_t cmd_action_add_connexist_action_string =
3722 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result,
3723 action_string, "action");
3725 cmdline_parse_token_string_t cmd_action_add_connexist_add_string =
3726 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result,
3729 cmdline_parse_token_num_t cmd_action_add_connexist_action_id =
3730 TOKEN_NUM_INITIALIZER(struct cmd_action_add_connexist_result, action_id,
3733 cmdline_parse_token_string_t cmd_action_add_connexist_connexist_string =
3734 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result,
3735 connexist_string, "connexist");
3737 cmdline_parse_token_string_t cmd_action_add_connexist_private_public =
3738 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result,
3739 private_public_string,
3742 cmdline_parse_inst_t cmd_action_add_connexist = {
3743 .f = cmd_action_add_connexist_parsed,
3745 .help_str = "ACL action add connexist",
3747 (void *)&cmd_action_add_connexist_p_string,
3748 (void *)&cmd_action_add_connexist_action_string,
3749 (void *)&cmd_action_add_connexist_add_string,
3750 (void *)&cmd_action_add_connexist_action_id,
3751 (void *)&cmd_action_add_connexist_connexist_string,
3752 (void *)&cmd_action_add_connexist_private_public,
3758 * p action del connexist
3762 * A structure defining the delete Connection Exist action command.
3764 struct cmd_action_del_connexist_result {
3765 cmdline_fixed_string_t p_string;
3766 cmdline_fixed_string_t action_string;
3767 cmdline_fixed_string_t del_string;
3769 cmdline_fixed_string_t connexist_string;
3773 * Parse Connection Exist Action Delete Command.
3775 * @param parsed_result
3776 * A pointer to CLI command parsed result.
3778 * A pointer to command line context.
3780 * A pointer to command specific data
3784 cmd_action_del_connexist_parsed(void *parsed_result, __attribute__ ((unused))
3785 struct cmdline *cl, void *data)
3787 struct cmd_action_del_connexist_result *params = parsed_result;
3788 struct app_params *app = data;
3789 struct pipeline_action_key key;
3792 key.action_id = params->action_id;
3793 key.action_bitmap = acl_action_connexist;
3795 status = app_pipeline_action_delete(app, &key);
3798 printf("Command failed\n");
3803 cmdline_parse_token_string_t cmd_action_del_connexist_p_string =
3804 TOKEN_STRING_INITIALIZER(struct cmd_action_del_connexist_result, p_string,
3807 cmdline_parse_token_string_t cmd_action_del_connexist_action_string =
3808 TOKEN_STRING_INITIALIZER(struct cmd_action_del_connexist_result,
3809 action_string, "action");
3811 cmdline_parse_token_string_t cmd_action_del_connexist_add_string =
3812 TOKEN_STRING_INITIALIZER(struct cmd_action_del_connexist_result,
3815 cmdline_parse_token_num_t cmd_action_del_connexist_action_id =
3816 TOKEN_NUM_INITIALIZER(struct cmd_action_del_connexist_result, action_id,
3819 cmdline_parse_token_string_t cmd_action_del_connexist_connexist_string =
3820 TOKEN_STRING_INITIALIZER(struct cmd_action_del_connexist_result,
3821 connexist_string, "connexist");
3823 cmdline_parse_inst_t cmd_action_del_connexist = {
3824 .f = cmd_action_del_connexist_parsed,
3826 .help_str = "ACL action del connexist",
3828 (void *)&cmd_action_del_connexist_p_string,
3829 (void *)&cmd_action_del_connexist_action_string,
3830 (void *)&cmd_action_del_connexist_add_string,
3831 (void *)&cmd_action_del_connexist_action_id,
3832 (void *)&cmd_action_del_connexist_connexist_string,
3842 * A structure defining the action ls command.
3844 struct cmd_action_ls_result {
3845 cmdline_fixed_string_t p_string;
3846 cmdline_fixed_string_t action_string;
3847 cmdline_fixed_string_t ls_string;
3848 uint32_t table_instance;
3852 * Parse Action LS Command.
3854 * @param parsed_result
3855 * A pointer to CLI command parsed result.
3857 * A pointer to command line context.
3859 * A pointer to command specific data
3862 static void cmd_action_ls_parsed(void *parsed_result, __attribute__ ((unused))
3863 struct cmdline *cl, void *data)
3865 struct cmd_action_ls_result *params = parsed_result;
3866 struct app_params *app = data;
3867 uint32_t action_bitmap, i, j;
3868 uint8_t action_found = 0;
3869 struct action_counter_block action_counter_sum;
3871 if (params->table_instance == active_rule_table) {
3872 printf("Active Action Table:\n");
3873 printf("Action ID Action\n");
3874 printf("========= ======\n");
3876 for (i = 0; i < action_array_max; i++) {
3877 action_bitmap = action_array_active[i].action_bitmap;
3878 if (action_bitmap != 0) {
3880 if (action_bitmap & acl_action_packet_accept)
3881 printf(" %04u Accept\n", i);
3882 if (action_bitmap & acl_action_packet_drop)
3883 printf(" %04u Drop\n", i);
3884 if (action_bitmap & acl_action_nat)
3889 action_array_active[i].nat_port);
3890 if (action_bitmap & acl_action_fwd)
3895 action_array_active[i].fwd_port);
3896 if (action_bitmap & acl_action_count) {
3897 action_counter_sum.packetCount = 0;
3898 action_counter_sum.byteCount = 0;
3901 rte_ACL_hi_counter_block_in_use;
3903 action_counter_sum.packetCount
3904 += action_counter_table[j]
3906 action_counter_sum.byteCount +=
3907 action_counter_table[j]
3912 "Count Packet Count: %"
3913 PRIu64 " Byte Count: %" PRIu64
3915 action_counter_sum.packetCount,
3916 action_counter_sum.byteCount);
3918 if (action_bitmap & acl_action_conntrack)
3919 printf(" %04u Conntrack\n", i);
3920 if (action_bitmap & acl_action_connexist) {
3921 printf(" %04u Connexist", i);
3922 if (action_array_active
3923 [i].private_public ==
3925 printf(" prvpub\n");
3927 printf(" pubprv\n");
3929 if (action_bitmap & acl_action_dscp)
3932 "DSCP Priority: %u\n",
3944 printf("Standby Action Table:\n");
3945 printf("Action ID Action\n");
3946 printf("========= ======\n");
3948 for (i = 0; i < action_array_max; i++) {
3949 action_bitmap = action_array_standby[i].action_bitmap;
3950 if (action_bitmap != 0) {
3952 if (action_bitmap & acl_action_packet_accept)
3953 printf(" %04u Accept\n", i);
3954 if (action_bitmap & acl_action_packet_drop)
3955 printf(" %04u Drop\n", i);
3956 if (action_bitmap & acl_action_nat)
3961 action_array_standby[i].nat_port);
3962 if (action_bitmap & acl_action_fwd)
3967 action_array_standby[i].fwd_port);
3968 if (action_bitmap & acl_action_count)
3969 printf(" %04u Count\n", i);
3970 if (action_bitmap & acl_action_conntrack)
3971 printf(" %04u Conntrack\n", i);
3972 if (action_bitmap & acl_action_connexist) {
3973 printf(" %04u Connexist", i);
3974 if (action_array_standby
3975 [i].private_public ==
3977 printf(" prvpub\n");
3979 printf(" pubprv\n");
3981 if (action_bitmap & acl_action_dscp)
3984 "DSCP Priority: %u\n",
3986 action_array_standby
3996 cmdline_parse_token_string_t cmd_action_ls_p_string =
3997 TOKEN_STRING_INITIALIZER(struct cmd_action_ls_result, p_string,
4000 cmdline_parse_token_string_t cmd_action_ls_action_string =
4001 TOKEN_STRING_INITIALIZER(struct cmd_action_ls_result,
4002 action_string, "action");
4004 cmdline_parse_token_string_t cmd_action_ls_ls_string =
4005 TOKEN_STRING_INITIALIZER(struct cmd_action_ls_result, ls_string,
4008 cmdline_parse_token_num_t cmd_action_ls_table_instance =
4009 TOKEN_NUM_INITIALIZER(struct cmd_action_ls_result, table_instance,
4012 cmdline_parse_inst_t cmd_action_ls = {
4013 .f = cmd_action_ls_parsed,
4015 .help_str = "ACL action list",
4017 (void *)&cmd_action_ls_p_string,
4018 (void *)&cmd_action_ls_action_string,
4019 (void *)&cmd_action_ls_ls_string,
4020 (void *)&cmd_action_ls_table_instance,
4026 * p acl onesectimer start/stop
4030 * A structure defining the ACL Dump Counter start/stop command.
4032 struct cmd_acl_per_sec_ctr_dump_result {
4033 cmdline_fixed_string_t p_string;
4034 cmdline_fixed_string_t acl_string;
4035 cmdline_fixed_string_t per_sec_ctr_dump_string;
4036 cmdline_fixed_string_t stop_string;
4040 * Parse Dump Counter Start Command.
4041 * Start timer to display stats to console at regular intervals.
4043 * @param parsed_result
4044 * A pointer to CLI command parsed result.
4046 * A pointer to command line context.
4048 * A pointer to command specific data
4052 cmd_acl_per_sec_ctr_dump_start_parsed(void *parsed_result,
4053 __attribute__ ((unused))
4054 struct cmdline *cl, void *data)
4056 struct cmd_acl_per_sec_ctr_dump_result *params = parsed_result;
4057 struct app_params *app = data;
4059 rte_acl_reset_running_averages();
4060 uint32_t core_id = rte_lcore_id();/* execute timeout on current core */
4061 int success = rte_timer_reset(&rte_acl_one_second_timer,
4062 rte_acl_ticks_in_one_second, PERIODICAL,
4064 rte_dump_acl_counters_from_master, NULL);
4068 * Parse Dump Counter Stop Command.
4069 * Stop timer that was started to display stats.
4071 * @param parsed_result
4072 * A pointer to CLI command parsed result.
4074 * A pointer to command line context.
4076 * A pointer to command specific data
4080 cmd_acl_per_sec_ctr_dump_stop_parsed(void *parsed_result,
4081 __attribute__ ((unused))
4082 struct cmdline *cl, void *data)
4084 struct cmd_acl_per_sec_ctr_dump_result *params = parsed_result;
4085 struct app_params *app = data;
4087 rte_timer_stop(&rte_acl_one_second_timer);
4090 cmdline_parse_token_string_t cmd_acl_per_sec_ctr_dump_p_string =
4091 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4094 cmdline_parse_token_string_t cmd_acl_per_sec_ctr_dump_acl_string =
4095 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4098 cmdline_parse_token_string_t cmd_acl_per_sec_ctr_dump_string =
4099 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4100 per_sec_ctr_dump_string, "counterdump");
4102 cmdline_parse_token_string_t cmd_acl_stop_string =
4103 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4104 stop_string, "stop");
4106 cmdline_parse_token_string_t cmd_acl_start_string =
4107 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4108 stop_string, "start");
4110 cmdline_parse_inst_t cmd_acl_per_sec_ctr_dump_stop = {
4111 .f = cmd_acl_per_sec_ctr_dump_stop_parsed,
4113 .help_str = "ACL counterdump stop",
4115 (void *)&cmd_acl_per_sec_ctr_dump_p_string,
4116 (void *)&cmd_acl_per_sec_ctr_dump_acl_string,
4117 (void *)&cmd_acl_per_sec_ctr_dump_string,
4118 (void *)&cmd_acl_stop_string,
4123 cmdline_parse_inst_t cmd_acl_per_sec_ctr_dump_start = {
4124 .f = cmd_acl_per_sec_ctr_dump_start_parsed,
4126 .help_str = "ACL counterdump start",
4128 (void *)&cmd_acl_per_sec_ctr_dump_p_string,
4129 (void *)&cmd_acl_per_sec_ctr_dump_acl_string,
4130 (void *)&cmd_acl_per_sec_ctr_dump_string,
4131 (void *)&cmd_acl_start_string,
4136 static cmdline_parse_ctx_t pipeline_cmds[] = {
4137 (cmdline_parse_inst_t *) &cmd_acl_add_ip,
4138 (cmdline_parse_inst_t *) &cmd_acl_del_ip,
4139 (cmdline_parse_inst_t *) &cmd_acl_stats,
4140 (cmdline_parse_inst_t *) &cmd_acl_clearstats,
4141 (cmdline_parse_inst_t *) &cmd_acl_dbg,
4142 (cmdline_parse_inst_t *) &cmd_acl_clearrules,
4143 (cmdline_parse_inst_t *) &cmd_loadrules,
4144 (cmdline_parse_inst_t *) &cmd_acl_ls,
4145 (cmdline_parse_inst_t *) &cmd_action_add_accept,
4146 (cmdline_parse_inst_t *) &cmd_action_del_accept,
4147 (cmdline_parse_inst_t *) &cmd_action_add_drop,
4148 (cmdline_parse_inst_t *) &cmd_action_del_drop,
4149 (cmdline_parse_inst_t *) &cmd_action_add_fwd,
4150 (cmdline_parse_inst_t *) &cmd_action_del_fwd,
4151 (cmdline_parse_inst_t *) &cmd_action_add_nat,
4152 (cmdline_parse_inst_t *) &cmd_action_del_nat,
4153 (cmdline_parse_inst_t *) &cmd_action_add_count,
4154 (cmdline_parse_inst_t *) &cmd_action_del_count,
4155 (cmdline_parse_inst_t *) &cmd_action_add_dscp,
4156 (cmdline_parse_inst_t *) &cmd_action_del_dscp,
4157 (cmdline_parse_inst_t *) &cmd_action_add_conntrack,
4158 (cmdline_parse_inst_t *) &cmd_action_del_conntrack,
4159 (cmdline_parse_inst_t *) &cmd_action_add_connexist,
4160 (cmdline_parse_inst_t *) &cmd_action_del_connexist,
4161 (cmdline_parse_inst_t *) &cmd_action_ls,
4162 (cmdline_parse_inst_t *) &cmd_acl_applyruleset,
4163 (cmdline_parse_inst_t *) &cmd_acl_per_sec_ctr_dump_stop,
4164 (cmdline_parse_inst_t *) &cmd_acl_per_sec_ctr_dump_start,
4168 static struct pipeline_fe_ops pipeline_acl_fe_ops = {
4169 .f_init = app_pipeline_acl_init,
4170 .f_free = app_pipeline_acl_free,
4171 .cmds = pipeline_cmds,
4174 struct pipeline_type pipeline_acl = {
4176 .be_ops = &pipeline_acl_be_ops,
4177 .fe_ops = &pipeline_acl_fe_ops,