2 // Copyright (c) 2017 Intel Corporation
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
19 * Pipeline ACL FE Implementation.
21 * Implementation of the Pipeline ACL Front End (FE).
22 * Runs on the Master pipeline, responsible for CLI commands.
30 #include <sys/queue.h>
31 #include <netinet/in.h>
33 #include <rte_common.h>
34 #include <rte_hexdump.h>
35 #include <rte_malloc.h>
36 #include <cmdline_rdline.h>
37 #include <cmdline_parse.h>
38 #include <cmdline_parse_num.h>
39 #include <cmdline_parse_string.h>
40 #include <cmdline_parse_ipaddr.h>
41 #include <cmdline_parse_etheraddr.h>
42 #include <cmdline_socket.h>
44 #include <rte_table_acl.h>
47 #include "pipeline_common_fe.h"
48 #include "pipeline_acl.h"
49 #include "pipeline_acl_be.h"
50 #include "rte_cnxn_tracking.h"
52 int acl_load_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata);
53 int acl_clear_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata);
54 int acl_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata);
55 uint32_t rules_loaded = 0;
56 extern struct cmdline *pipe_cl;
57 struct app_params *myapp;
60 * A structure defining the ACL rule for the TAILQ Tables.
62 struct app_pipeline_acl_rule {
63 struct pipeline_acl_key key;
70 TAILQ_ENTRY(app_pipeline_acl_rule) node;
74 * A structure defining the ACL pipeline front end data.
76 struct app_pipeline_acl {
84 * Define a structure to calculate performance measurements for ACL.
85 * ACL continually updates counters for total number of packets
86 * processed, and total number of bytes processed. Each ACL backend thread
87 * i.e. the packet processing instances updates their own copy of these counters
88 * An optional, 1 second periodic timer fires on the master core, which combines
89 * those numbers to perform byte and packet per second calculations, without
90 * burdening the packet processors.
92 #define RTE_ACL_PERF_MSR_BUFF_SIZE 8 /* must be power of 2 */
93 #define RTE_ACL_PERF_MSR_BUFF_SIZE_MASK (RTE_ACL_PERF_MSR_BUFF_SIZE - 1)
96 * A structure defining the ACL performance measurements.
98 struct rte_acl_performance_measures_t {
99 /* two circular buffers */
100 uint64_t total_packets[RTE_ACL_PERF_MSR_BUFF_SIZE];
101 uint64_t total_bytes[RTE_ACL_PERF_MSR_BUFF_SIZE];
102 uint32_t bytes_last_second;
103 uint32_t ave_bytes_per_second;
104 uint32_t pkts_last_second;
105 uint32_t ave_pkts_per_second;
106 uint64_t total_entries;
107 /* times data has been (over-)written into buffers */
108 uint8_t current_index; /* for circular buffers */
111 struct rte_acl_performance_measures_t rte_acl_performance_measures;
114 * Active and Standby Tables
115 * Active and standby tables exist to allow modifying ACL rules and
116 * actions and having no impact on the packet processing running on
117 * the multiple ACL threads/pipelines. The packet processing does a
118 * lookup on the active tables. Each ACL thread/pipeline runs on
119 * a separate core (i.e. 2,3,4, etc).
121 * All CLI actions run on the ACL Front End (FE) code on Core 0.
122 * All changes, adding/delete rules and action occurs on the standby tables.
123 * In activate the changes in the standby table, the CLI command is entered:
126 * The standby tables become active. The active table becomes the standby.
127 * The new standby table gets updated with the changes that were done.
129 * Table descriptions:
130 * ACL Rule Tables TAILQ - 2 global tables active/standby per ipv4,ipv6
131 * The TAILQ tables are required for the LS CLI command and in order
132 * to do a lookup using a rule when adding or deleting a rule.
133 * The ACL TRIE tables in DPDK do not allow this type of listing or lookup.
135 * ACL Rule Tables TRIE - 2 global tables active/standby per ipv4, ipv6
136 * The TRIE tables are the tables used during packet processing.
137 * A bulk lookup can be performed by passing in a burst of packets.
138 * Unfortunately, the current implementation of the TRIE tables does
139 * not allow lookup using a rule. Hence the need for the TAILQ tables.
141 * ACL Action Tables ARRAY - 2 global tables active/standby
142 * The action tables stores the ACL actions.
143 * Every rule has an action id which defines what action to take
144 * when a packet matching that rule is received.
145 * Actions: accept, drop, fwd, count, nat, dscp, conntrack
147 * Command Table TAILQ - 1 table
148 * After the active and standby tables are swithover, the new standby
149 * table needs to be updated with all the changes that were done.
150 * This table stores all the add and delete commands and updates
151 * the new standby table when the applyruleset command executes.
153 * The active and standby tables can be displayed individually:
154 * p acl ls 0 <== active ACL rules
155 * p acl ls 1 <== standby ACL rules
156 * p action ls 0 <== active ACL actions
157 * p action ls 1 <== standby ACL actions
160 /* Only create global ACL tables once */
161 int acl_rule_table_created;
164 * ACL Rule Tables TAILQ - see description above
165 * Two tables/counters are required for active and standby.
166 * The A and B tables/counters are the actual instances.
167 * The pointers are set to point to these tables/counters.
168 * The pointers are updated during the switchover for the applyruleset.
171 /* Definition of the the TAILQ table */
172 TAILQ_HEAD(app_pipeline_acl_rule_type, app_pipeline_acl_rule);
173 /* Instances of tables and counters */
174 struct app_pipeline_acl_rule_type acl_tailq_rules_ipv4a;
175 struct app_pipeline_acl_rule_type acl_tailq_rules_ipv4b;
176 struct app_pipeline_acl_rule_type acl_tailq_rules_ipv6a;
177 struct app_pipeline_acl_rule_type acl_tailq_rules_ipv6b;
178 uint32_t acl_n_tailq_rules_ipv4a;
179 uint32_t acl_n_tailq_rules_ipv6a;
180 uint32_t acl_n_tailq_rules_ipv4b;
181 uint32_t acl_n_tailq_rules_ipv6b;
182 /* Pointers to tables and counters for switchover in applyruleset */
183 struct app_pipeline_acl_rule_type *acl_tailq_rules_ipv4_active;
184 struct app_pipeline_acl_rule_type *acl_tailq_rules_ipv4_standby;
185 struct app_pipeline_acl_rule_type *acl_tailq_rules_ipv6_active;
186 struct app_pipeline_acl_rule_type *acl_tailq_rules_ipv6_standby;
187 struct app_pipeline_acl_rule_type *acl_tailq_rules_temp_ptr;
188 uint32_t *acl_n_tailq_rules_ipv4_active;
189 uint32_t *acl_n_tailq_rules_ipv4_standby;
190 uint32_t *acl_n_tailq_rules_ipv6_active;
191 uint32_t *acl_n_tailq_rules_ipv6_standby;
193 /* ACL commands to update new standby tables after switchover */
194 TAILQ_HEAD(, app_pipeline_acl_rule) acl_commands;
196 /* ACL IPV4 and IPV6 enable flags for debugging (Default both on) */
197 int acl_ipv4_enabled = 1;
198 int acl_ipv6_enabled = 1;
200 /* Number of ACL Rules, default 4 * 1024 */
201 uint32_t acl_n_rules = 4 * 1024;
202 /* ACL Rule Table TRIE - 2 (Active, Standby) Global table per ipv4, ipv6 */
203 void *acl_rule_table_ipv4_active;
204 void *acl_rule_table_ipv4_standby;
205 void *acl_rule_table_ipv6_active;
206 void *acl_rule_table_ipv6_standby;
209 * Reset running averages for performance measurements.
212 static void rte_acl_reset_running_averages(void)
214 memset(&rte_acl_performance_measures, 0,
215 sizeof(rte_acl_performance_measures));
219 * Compute performance calculations on master to reduce computing on
223 * Total bytes processed during this interval.
224 * @param total_packets
225 * Total packets processed during this interval.
228 static void rte_acl_update_performance_measures(uint64_t total_bytes,
229 uint64_t total_packets)
232 struct rte_acl_performance_measures_t *pm =
233 &rte_acl_performance_measures;
235 if (unlikely(pm->total_entries == 0 && total_packets == 0))
236 /* the timer is running, but no traffic started yet, so do nothing */
239 if (likely(pm->total_entries > 0)) {
240 uint8_t oldest_index;
243 pm->bytes_last_second =
244 total_bytes - pm->total_bytes[pm->current_index];
245 pm->pkts_last_second =
246 total_packets - pm->total_packets[pm->current_index];
248 /* if total_entries zero, current_index must remain as zero */
250 (pm->current_index + 1) & RTE_ACL_PERF_MSR_BUFF_SIZE_MASK;
252 if (unlikely(pm->total_entries <= RTE_ACL_PERF_MSR_BUFF_SIZE)) {
253 /* oldest value is at element 0 */
255 divisor = pm->total_entries;
256 /* note, prior to incrementing total_entries */
258 /* oldest value is at element about to be overwritten */
259 oldest_index = pm->current_index;
260 divisor = RTE_ACL_PERF_MSR_BUFF_SIZE;
263 pm->ave_bytes_per_second =
264 (total_bytes - pm->total_bytes[oldest_index]) / divisor;
265 pm->ave_pkts_per_second =
266 (total_packets - pm->total_packets[oldest_index]) / divisor;
269 pm->total_bytes[pm->current_index] = total_bytes;
270 pm->total_packets[pm->current_index] = total_packets;
275 * Combine data from all acl+connection tracking instances.
276 * Calculate various statistics. Dump to console.
279 static void rte_acl_sum_and_print_counters(void)
282 struct rte_ACL_counter_block acl_counter_sums;
283 struct rte_CT_counter_block ct_counter_sums;
284 /* For ct instance with this fw instance */
285 struct rte_CT_counter_block *ct_counters;
287 memset(&acl_counter_sums, 0, sizeof(acl_counter_sums));
288 memset(&ct_counter_sums, 0, sizeof(ct_counter_sums));
290 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
291 struct rte_ACL_counter_block *acl_ctrs =
292 &rte_acl_counter_table[i];
293 ct_counters = rte_acl_counter_table[i].ct_counters;
296 ("{\"ACL counters\" : {\"id\" : \"%s\", \"packets_processed\" : %"
297 PRIu64 ", \"bytes_processed\" : %" PRIu64
298 ", \"ct_packets_forwarded\" : %" PRIu64
299 ", \"ct_packets_dropped\" : %" PRIu64 "}}\n",
300 acl_ctrs->name, acl_ctrs->tpkts_processed,
301 acl_ctrs->bytes_processed, ct_counters->pkts_forwarded,
302 ct_counters->pkts_drop);
304 /* sum ACL counters */
305 acl_counter_sums.tpkts_processed += acl_ctrs->tpkts_processed;
306 acl_counter_sums.bytes_processed += acl_ctrs->bytes_processed;
307 acl_counter_sums.pkts_drop += acl_ctrs->pkts_drop;
308 acl_counter_sums.pkts_received += acl_ctrs->pkts_received;
309 acl_counter_sums.pkts_drop_ttl += acl_ctrs->pkts_drop_ttl;
310 acl_counter_sums.pkts_drop_bad_size +=
311 acl_ctrs->pkts_drop_bad_size;
312 acl_counter_sums.pkts_drop_fragmented +=
313 acl_ctrs->pkts_drop_fragmented;
314 acl_counter_sums.pkts_drop_without_arp_entry +=
315 acl_ctrs->pkts_drop_without_arp_entry;
316 acl_counter_sums.sum_latencies += acl_ctrs->sum_latencies;
317 acl_counter_sums.count_latencies += acl_ctrs->count_latencies;
319 /* sum cnxn tracking counters */
320 ct_counter_sums.current_active_sessions +=
321 ct_counters->current_active_sessions;
322 ct_counter_sums.sessions_activated +=
323 ct_counters->sessions_activated;
324 ct_counter_sums.sessions_closed += ct_counters->sessions_closed;
325 ct_counter_sums.sessions_timedout +=
326 ct_counters->sessions_timedout;
327 ct_counter_sums.pkts_forwarded += ct_counters->pkts_forwarded;
328 ct_counter_sums.pkts_drop += ct_counters->pkts_drop;
329 ct_counter_sums.pkts_drop_invalid_conn +=
330 ct_counters->pkts_drop_invalid_conn;
331 ct_counter_sums.pkts_drop_invalid_state +=
332 ct_counters->pkts_drop_invalid_state;
333 ct_counter_sums.pkts_drop_invalid_rst +=
334 ct_counters->pkts_drop_invalid_rst;
335 ct_counter_sums.pkts_drop_outof_window +=
336 ct_counters->pkts_drop_outof_window;
339 rte_acl_update_performance_measures(acl_counter_sums.bytes_processed,
340 acl_counter_sums.tpkts_processed);
341 uint64_t average_latency =
342 acl_counter_sums.count_latencies ==
343 0 ? 0 : acl_counter_sums.sum_latencies /
344 acl_counter_sums.count_latencies;
346 printf("{\"ACL sum counters\" : {"
347 "\"packets_last_sec\" : %" PRIu32
348 ", \"average_packets_per_sec\" : %" PRIu32
349 ", \"bytes_last_sec\" : %" PRIu32
350 ", \"average_bytes_per_sec\" : %" PRIu32
351 ", \"packets_processed\" : %" PRIu64 ", \"bytes_processed\" : %"
352 PRIu64 ", \"average_latency_in_clocks\" : %" PRIu64
353 ", \"ct_packets_forwarded\" : %" PRIu64
354 ", \"ct_packets_dropped\" : %" PRIu64 ", \"drops\" : {"
355 "\"TTL_zero\" : %" PRIu64 ", \"bad_size\" : %" PRIu64
356 ", \"fragmented_packet\" : %" PRIu64 ", \"no_arp_entry\" : %"
357 PRIu64 "}, \"ct_sessions\" : {" "\"active\" : %" PRIu64
358 ", \"open\" : %" PRIu64 ", \"closed\" : %" PRIu64
359 ", \"timeout\" : %" PRIu64 "}, \"ct_drops\" : {"
360 "\"out_of_window\" : %" PRIu64 ", \"invalid_conn\" : %" PRIu64
361 ", \"invalid_state_transition\" : %" PRIu64 " \"RST\" : %" PRIu64
362 "}}}\n", rte_acl_performance_measures.pkts_last_second,
363 rte_acl_performance_measures.ave_pkts_per_second,
364 rte_acl_performance_measures.bytes_last_second,
365 rte_acl_performance_measures.ave_bytes_per_second,
366 acl_counter_sums.tpkts_processed,
367 acl_counter_sums.bytes_processed, average_latency,
368 ct_counter_sums.pkts_forwarded, ct_counter_sums.pkts_drop,
369 acl_counter_sums.pkts_drop_ttl,
370 acl_counter_sums.pkts_drop_bad_size,
371 acl_counter_sums.pkts_drop_fragmented,
372 acl_counter_sums.pkts_drop_without_arp_entry,
373 ct_counter_sums.current_active_sessions,
374 ct_counter_sums.sessions_activated,
375 ct_counter_sums.sessions_closed,
376 ct_counter_sums.sessions_timedout,
377 ct_counter_sums.pkts_drop_outof_window,
378 ct_counter_sums.pkts_drop_invalid_conn,
379 ct_counter_sums.pkts_drop_invalid_state,
380 ct_counter_sums.pkts_drop_invalid_rst);
385 * Callback routine for 1 second, periodic timer.
388 * A pointer to the rte_timer.
390 * A pointer to application specific arguments (not used).
393 * 0 on success and port_id is filled, negative on error.
395 void rte_dump_acl_counters_from_master(struct rte_timer *rt, void *arg)
397 rte_acl_sum_and_print_counters();
400 int rte_acl_hertz_computed; /* only launch timer once */
401 uint64_t rte_acl_ticks_in_one_second;
402 /* TODO: is processor hertz computed/stored elsewhere? */
403 struct rte_timer rte_acl_one_second_timer = RTE_TIMER_INITIALIZER;
409 * A pointer to the rule.
412 static void print_acl_ipv4_rule(struct app_pipeline_acl_rule *rule)
414 printf("Prio = %" PRId32 " (SA = %" PRIu32 ".%" PRIu32
415 ".%" PRIu32 ".%" PRIu32 "/%" PRIu32 ", DA = %"
417 ".%" PRIu32 ".%" PRIu32 "/%" PRIu32 ", SP = %"
418 PRIu32 "-%" PRIu32 ", DP = %"
419 PRIu32 "-%" PRIu32 ", Proto = %"
420 PRIu32 " / 0x%" PRIx32 ") => Action ID = %"
421 PRIu32 " (entry ptr = %p)\n",
423 (rule->key.key.ipv4_5tuple.src_ip >> 24) & 0xFF,
424 (rule->key.key.ipv4_5tuple.src_ip >> 16) & 0xFF,
425 (rule->key.key.ipv4_5tuple.src_ip >> 8) & 0xFF,
426 rule->key.key.ipv4_5tuple.src_ip & 0xFF,
427 rule->key.key.ipv4_5tuple.src_ip_mask,
428 (rule->key.key.ipv4_5tuple.dst_ip >> 24) & 0xFF,
429 (rule->key.key.ipv4_5tuple.dst_ip >> 16) & 0xFF,
430 (rule->key.key.ipv4_5tuple.dst_ip >> 8) & 0xFF,
431 rule->key.key.ipv4_5tuple.dst_ip & 0xFF,
432 rule->key.key.ipv4_5tuple.dst_ip_mask,
433 rule->key.key.ipv4_5tuple.src_port_from,
434 rule->key.key.ipv4_5tuple.src_port_to,
435 rule->key.key.ipv4_5tuple.dst_port_from,
436 rule->key.key.ipv4_5tuple.dst_port_to,
437 rule->key.key.ipv4_5tuple.proto,
438 rule->key.key.ipv4_5tuple.proto_mask,
439 rule->action_id, rule->entry_ptr);
446 * A pointer to the rule.
449 static void print_acl_ipv6_rule(struct app_pipeline_acl_rule *rule)
451 printf("Prio = %" PRId32 " (SA = %02" PRIx8 "%02" PRIx8
452 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8
453 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8
454 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8
455 ":%02" PRIx8 "%02" PRIx8 "/" "%" PRIu32 ", DA = %02"
456 PRIx8 "%02" PRIx8 ":%02" PRIx8
457 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8
458 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8
459 "%02" PRIx8 ":%02" PRIx8 "%02" PRIx8 ":%02" PRIx8
460 "%02" PRIx8 "/" "%" PRIu32
461 ", " "SP = %" PRIu32 "-%" PRIu32 ", DP = %"
462 PRIu32 "-%" PRIu32 ", Proto = %"
463 PRIu32 " / 0x%" PRIx32 ") => Action ID = %"
464 PRIu32 " (entry ptr = %p)\n", rule->priority,
465 (rule->key.key.ipv6_5tuple.src_ip[0]),
466 (rule->key.key.ipv6_5tuple.src_ip[1]),
467 (rule->key.key.ipv6_5tuple.src_ip[2]),
468 (rule->key.key.ipv6_5tuple.src_ip[3]),
469 (rule->key.key.ipv6_5tuple.src_ip[4]),
470 (rule->key.key.ipv6_5tuple.src_ip[5]),
471 (rule->key.key.ipv6_5tuple.src_ip[6]),
472 (rule->key.key.ipv6_5tuple.src_ip[7]),
473 (rule->key.key.ipv6_5tuple.src_ip[8]),
474 (rule->key.key.ipv6_5tuple.src_ip[9]),
475 (rule->key.key.ipv6_5tuple.src_ip[10]),
476 (rule->key.key.ipv6_5tuple.src_ip[11]),
477 (rule->key.key.ipv6_5tuple.src_ip[12]),
478 (rule->key.key.ipv6_5tuple.src_ip[13]),
479 (rule->key.key.ipv6_5tuple.src_ip[14]),
480 (rule->key.key.ipv6_5tuple.src_ip[15]),
481 rule->key.key.ipv6_5tuple.src_ip_mask,
482 (rule->key.key.ipv6_5tuple.dst_ip[0]),
483 (rule->key.key.ipv6_5tuple.dst_ip[1]),
484 (rule->key.key.ipv6_5tuple.dst_ip[2]),
485 (rule->key.key.ipv6_5tuple.dst_ip[3]),
486 (rule->key.key.ipv6_5tuple.dst_ip[4]),
487 (rule->key.key.ipv6_5tuple.dst_ip[5]),
488 (rule->key.key.ipv6_5tuple.dst_ip[6]),
489 (rule->key.key.ipv6_5tuple.dst_ip[7]),
490 (rule->key.key.ipv6_5tuple.dst_ip[8]),
491 (rule->key.key.ipv6_5tuple.dst_ip[9]),
492 (rule->key.key.ipv6_5tuple.dst_ip[10]),
493 (rule->key.key.ipv6_5tuple.dst_ip[11]),
494 (rule->key.key.ipv6_5tuple.dst_ip[12]),
495 (rule->key.key.ipv6_5tuple.dst_ip[13]),
496 (rule->key.key.ipv6_5tuple.dst_ip[14]),
497 (rule->key.key.ipv6_5tuple.dst_ip[15]),
498 rule->key.key.ipv6_5tuple.dst_ip_mask,
499 rule->key.key.ipv6_5tuple.src_port_from,
500 rule->key.key.ipv6_5tuple.src_port_to,
501 rule->key.key.ipv6_5tuple.dst_port_from,
502 rule->key.key.ipv6_5tuple.dst_port_to,
503 rule->key.key.ipv6_5tuple.proto,
504 rule->key.key.ipv6_5tuple.proto_mask, rule->action_id,
510 * This function is used by the add and delete rule functions.
511 * Since all updates are done on the standby tables,
512 * only search the standby tables.
513 * Both IPv4 and IPv6 rules can be searched
516 * A pointer to the rule to be found.
519 * - Pointer to the rule found.
520 * - NULL if no rule found.
522 static struct app_pipeline_acl_rule *app_pipeline_acl_rule_find(struct
527 * This function is used by the add and delete rule functions.
528 * Since all updates are done on the standby tables,
529 * only search the standby tables.
532 struct app_pipeline_acl_rule *r;
534 if (key->type == PIPELINE_ACL_IPV4_5TUPLE) {
535 TAILQ_FOREACH(r, acl_tailq_rules_ipv4_standby, node)
537 &r->key, sizeof(struct pipeline_acl_key)) == 0)
540 TAILQ_FOREACH(r, acl_tailq_rules_ipv6_standby, node)
542 &r->key, sizeof(struct pipeline_acl_key)) == 0)
550 * Display ACL Rules to the console.
551 * Rules from Active and standby tables can be dispayed.
552 * Both IPv4 and IPv6 will be displayed.
555 * A pointer to application specific data.
556 * @param active_standby_table
557 * Specifies which table to display:
558 * - active_rule_table (0)
559 * - standby_rule_table (1)
563 app_pipeline_acl_ls(struct app_params *app, uint32_t active_standby_table)
565 struct app_pipeline_acl_rule *rule;
569 if (active_standby_table == active_rule_table) {
570 n_rules = *acl_n_tailq_rules_ipv4_active;
572 printf("ACL Active Table IPV4 Rules\n");
573 for (priority = 0; n_rules; priority++)
574 TAILQ_FOREACH(rule, acl_tailq_rules_ipv4_active, node)
575 if (rule->priority == priority) {
576 print_acl_ipv4_rule(rule);
580 n_rules = *acl_n_tailq_rules_ipv6_active;
582 printf("ACL Active Table IPV6 Rules\n");
583 for (priority = 0; n_rules; priority++)
584 TAILQ_FOREACH(rule, acl_tailq_rules_ipv6_active, node)
585 if (rule->priority == priority) {
586 print_acl_ipv6_rule(rule);
590 n_rules = *acl_n_tailq_rules_ipv4_standby;
592 printf("ACL Standby Table IPV4 Rules\n");
593 for (priority = 0; n_rules; priority++)
594 TAILQ_FOREACH(rule, acl_tailq_rules_ipv4_standby, node)
595 if (rule->priority == priority) {
596 print_acl_ipv4_rule(rule);
600 n_rules = *acl_n_tailq_rules_ipv6_standby;
602 printf("ACL Standby Table IPV6a Rules\n");
603 for (priority = 0; n_rules; priority++)
604 TAILQ_FOREACH(rule, acl_tailq_rules_ipv6_standby, node)
605 if (rule->priority == priority) {
606 print_acl_ipv6_rule(rule);
614 * Initialize ACL pipeline Front End (FE).
617 * A pointer to pipeline parameters
619 * A pointer to pipeline specific data (not used).
622 * - A pointer to the pipeline FE
623 * - NULL if initialization failed.
625 static void *app_pipeline_acl_init(struct pipeline_params *params,
626 __rte_unused void *arg)
628 struct app_pipeline_acl *p;
631 /* Check input arguments */
632 if ((params == NULL) ||
633 (params->n_ports_in == 0) || (params->n_ports_out == 0))
636 /* Memory allocation */
637 size = RTE_CACHE_LINE_ROUNDUP(sizeof(struct app_pipeline_acl));
638 p = rte_zmalloc(NULL, size, RTE_CACHE_LINE_SIZE);
643 p->n_ports_in = params->n_ports_in;
644 p->n_ports_out = params->n_ports_out;
646 if (!acl_rule_table_created) {
647 /* Only create and init once when first ACL pipeline/thread comes up */
649 /* Init tailq tables */
650 TAILQ_INIT(&acl_tailq_rules_ipv4a);
651 acl_n_tailq_rules_ipv4a = 0;
652 TAILQ_INIT(&acl_tailq_rules_ipv4b);
653 acl_n_tailq_rules_ipv4b = 0;
654 TAILQ_INIT(&acl_tailq_rules_ipv6a);
655 acl_n_tailq_rules_ipv6a = 0;
656 TAILQ_INIT(&acl_tailq_rules_ipv6b);
657 acl_n_tailq_rules_ipv6b = 0;
658 TAILQ_INIT(&acl_commands);
659 acl_tailq_rules_ipv4_active = &acl_tailq_rules_ipv4a;
660 acl_tailq_rules_ipv4_standby = &acl_tailq_rules_ipv4b;
661 acl_tailq_rules_ipv6_active = &acl_tailq_rules_ipv6a;
662 acl_tailq_rules_ipv6_standby = &acl_tailq_rules_ipv6b;
663 acl_n_tailq_rules_ipv4_active = &acl_n_tailq_rules_ipv4a;
664 acl_n_tailq_rules_ipv4_standby = &acl_n_tailq_rules_ipv4b;
665 acl_n_tailq_rules_ipv6_active = &acl_n_tailq_rules_ipv6a;
666 acl_n_tailq_rules_ipv6_standby = &acl_n_tailq_rules_ipv6b;
668 /* Both IPV4 and IPV6 enabled by default */
669 acl_ipv4_enabled = 1;
670 acl_ipv6_enabled = 1;
672 printf("ACL FE Init Create ACL Tables acl_n_rules = %i\n",
675 /* Init Action Array and Counter Table */
677 RTE_CACHE_LINE_ROUNDUP(sizeof(struct pipeline_action_key) *
680 rte_zmalloc(NULL, action_array_size, RTE_CACHE_LINE_SIZE);
681 if (action_array_a == NULL)
684 rte_zmalloc(NULL, action_array_size, RTE_CACHE_LINE_SIZE);
685 if (action_array_b == NULL)
687 memset(action_array_a, 0, action_array_size);
688 memset(action_array_b, 0, action_array_size);
689 action_array_active = action_array_a;
690 action_array_standby = action_array_b;
691 memset(&action_counter_table, 0, sizeof(action_counter_table));
693 acl_rule_table_created = 1;
696 if (!rte_acl_hertz_computed) {
697 /* all initialization serialized on core 0, so no need for lock */
698 rte_acl_ticks_in_one_second = rte_get_tsc_hz();
699 rte_acl_hertz_computed = 1;
706 * Free ACL pipeline resources.
709 * A pointer to the pipeline to delete.
712 * 0 on success, negative on error.
714 static int app_pipeline_acl_free(void *pipeline)
716 struct app_pipeline_acl *p = pipeline;
718 /* Check input arguments */
723 /* Ignore Klockwork infinite loop issues for all while loops */
724 while (!TAILQ_EMPTY(&acl_tailq_rules_ipv4a)) {
725 struct app_pipeline_acl_rule *rule;
727 rule = TAILQ_FIRST(&acl_tailq_rules_ipv4a);
728 TAILQ_REMOVE(&acl_tailq_rules_ipv4a, rule, node);
731 while (!TAILQ_EMPTY(&acl_tailq_rules_ipv4b)) {
732 struct app_pipeline_acl_rule *rule;
734 rule = TAILQ_FIRST(&acl_tailq_rules_ipv4b);
735 TAILQ_REMOVE(&acl_tailq_rules_ipv4b, rule, node);
738 while (!TAILQ_EMPTY(&acl_tailq_rules_ipv6a)) {
739 struct app_pipeline_acl_rule *rule;
741 rule = TAILQ_FIRST(&acl_tailq_rules_ipv6a);
742 TAILQ_REMOVE(&acl_tailq_rules_ipv6a, rule, node);
745 while (!TAILQ_EMPTY(&acl_tailq_rules_ipv6b)) {
746 struct app_pipeline_acl_rule *rule;
748 rule = TAILQ_FIRST(&acl_tailq_rules_ipv6b);
749 TAILQ_REMOVE(&acl_tailq_rules_ipv6b, rule, node);
752 while (!TAILQ_EMPTY(&acl_commands)) {
753 struct app_pipeline_acl_rule *command;
755 command = TAILQ_FIRST(&acl_commands);
756 TAILQ_REMOVE(&acl_commands, command, node);
759 rte_free(action_array_a);
760 rte_free(action_array_b);
766 * Verify that the ACL rule is valid.
767 * Both IPv4 and IPv6 rules
770 * A pointer to the ACL rule to verify.
773 * 0 on success, negative on error.
776 app_pipeline_acl_key_check_and_normalize(struct pipeline_acl_key *key)
779 case PIPELINE_ACL_IPV4_5TUPLE:
781 uint32_t src_ip_depth =
782 key->key.ipv4_5tuple.src_ip_mask;
783 uint32_t dst_ip_depth =
784 key->key.ipv4_5tuple.dst_ip_mask;
785 uint16_t src_port_from =
786 key->key.ipv4_5tuple.src_port_from;
787 uint16_t src_port_to = key->key.ipv4_5tuple.src_port_to;
788 uint16_t dst_port_from =
789 key->key.ipv4_5tuple.dst_port_from;
790 uint16_t dst_port_to = key->key.ipv4_5tuple.dst_port_to;
792 uint32_t src_ip_netmask = 0;
793 uint32_t dst_ip_netmask = 0;
795 if ((src_ip_depth > 32) ||
796 (dst_ip_depth > 32) ||
797 (src_port_from > src_port_to) ||
798 (dst_port_from > dst_port_to))
802 src_ip_netmask = (~0) << (32 - src_ip_depth);
805 dst_ip_netmask = ((~0) << (32 - dst_ip_depth));
807 key->key.ipv4_5tuple.src_ip &= src_ip_netmask;
808 key->key.ipv4_5tuple.dst_ip &= dst_ip_netmask;
812 case PIPELINE_ACL_IPV6_5TUPLE:
814 uint32_t src_ip_depth =
815 key->key.ipv6_5tuple.src_ip_mask;
816 uint32_t dst_ip_depth =
817 key->key.ipv6_5tuple.dst_ip_mask;
818 uint16_t src_port_from =
819 key->key.ipv6_5tuple.src_port_from;
820 uint16_t src_port_to = key->key.ipv6_5tuple.src_port_to;
821 uint16_t dst_port_from =
822 key->key.ipv6_5tuple.dst_port_from;
823 uint16_t dst_port_to = key->key.ipv6_5tuple.dst_port_to;
824 uint8_t src_ip_netmask[16];
825 uint8_t dst_ip_netmask[16];
828 convert_prefixlen_to_netmask_ipv6(src_ip_depth,
830 convert_prefixlen_to_netmask_ipv6(dst_ip_depth,
832 for (i = 0; i < 16; i++) {
833 key->key.ipv6_5tuple.src_ip[i] &=
835 key->key.ipv6_5tuple.dst_ip[i] &=
847 * Add ACL rule to the ACL rule table.
848 * Rules are added standby table.
849 * Applyruleset command will activate the change.
850 * Both IPv4 and IPv6 rules can be added.
853 * A pointer to the ACL pipeline parameters.
855 * A pointer to the ACL rule to add.
857 * Priority of the ACL rule.
859 * Port ID of the ACL rule.
861 * Action ID of the ACL rule. Defined in Action Table.
864 * 0 on success, negative on error.
867 app_pipeline_acl_add_rule(struct app_params *app,
868 struct pipeline_acl_key *key,
870 uint32_t port_id, uint32_t action_id)
872 struct app_pipeline_acl_rule *rule;
873 struct pipeline_acl_add_msg_rsp *rsp;
874 int new_rule, src_field_start, dst_field_start, i;
875 uint32_t *ip1, *ip2, *ip3, *ip4, src_mask, dest_mask;
876 uint32_t src_ip[IPV6_32BIT_LENGTH], dst_ip[IPV6_32BIT_LENGTH];
877 const uint32_t nbu32 = sizeof(uint32_t) * CHAR_BIT;
879 struct rte_table_acl_rule_add_params params;
880 struct acl_table_entry entry = {
882 .action = RTE_PIPELINE_ACTION_PORT,
883 {.port_id = port_id},
885 .action_id = action_id,
888 memset(¶ms, 0, sizeof(params));
890 /* Check input arguments */
892 (key == NULL) || !((key->type == PIPELINE_ACL_IPV4_5TUPLE) ||
893 (key->type == PIPELINE_ACL_IPV6_5TUPLE)))
896 if (action_id > action_array_max) {
897 printf("Action ID greater than max\n");
901 if (app_pipeline_acl_key_check_and_normalize(key) != 0)
904 /* Find existing rule or allocate new rule */
905 rule = app_pipeline_acl_rule_find(key);
906 new_rule = (rule == NULL);
908 rule = rte_malloc(NULL, sizeof(*rule), RTE_CACHE_LINE_SIZE);
914 /* Allocate Response */
915 rsp = app_msg_alloc(app);
923 case PIPELINE_ACL_IPV4_5TUPLE:
924 params.priority = priority;
925 params.field_value[0].value.u8 = key->key.ipv4_5tuple.proto;
926 params.field_value[0].mask_range.u8 =
927 key->key.ipv4_5tuple.proto_mask;
928 params.field_value[1].value.u32 = key->key.ipv4_5tuple.src_ip;
929 params.field_value[1].mask_range.u32 =
930 key->key.ipv4_5tuple.src_ip_mask;
931 params.field_value[2].value.u32 = key->key.ipv4_5tuple.dst_ip;
932 params.field_value[2].mask_range.u32 =
933 key->key.ipv4_5tuple.dst_ip_mask;
934 params.field_value[3].value.u16 =
935 key->key.ipv4_5tuple.src_port_from;
936 params.field_value[3].mask_range.u16 =
937 key->key.ipv4_5tuple.src_port_to;
938 params.field_value[4].value.u16 =
939 key->key.ipv4_5tuple.dst_port_from;
940 params.field_value[4].mask_range.u16 =
941 key->key.ipv4_5tuple.dst_port_to;
944 rte_table_acl_ops.f_add(acl_rule_table_ipv4_standby,
946 (struct rte_pipeline_table_entry *)
947 &entry, &rsp->key_found,
948 (void **)&rsp->entry_ptr);
950 if (rsp->status != 0)
952 ("ACL IPV4 Add Rule Command failed key_found: %i\n",
956 ("ACL IPV4 Add Rule Command success key_found: %i\n",
961 case PIPELINE_ACL_IPV6_5TUPLE:
962 ip1 = (uint32_t *) (key->key.ipv6_5tuple.src_ip);
967 params.priority = priority;
968 params.field_value[0].value.u8 = key->key.ipv6_5tuple.proto;
969 params.field_value[0].mask_range.u8 =
970 key->key.ipv6_5tuple.proto_mask;
972 src_ip[0] = rte_bswap32(*ip1);
973 src_ip[1] = rte_bswap32(*ip2);
974 src_ip[2] = rte_bswap32(*ip3);
975 src_ip[3] = rte_bswap32(*ip4);
977 src_mask = key->key.ipv6_5tuple.src_ip_mask;
980 for (i = 0; i != RTE_DIM(src_ip); i++, src_field_start++) {
981 if (src_mask >= (i + 1) * nbu32)
982 params.field_value[src_field_start].
983 mask_range.u32 = nbu32;
985 params.field_value[src_field_start].
988 (i * nbu32) ? src_mask - (i * 32) : 0;
989 params.field_value[src_field_start].value.u32 =
993 ip1 = (uint32_t *) (key->key.ipv6_5tuple.dst_ip);
998 dst_ip[0] = rte_bswap32(*ip1);
999 dst_ip[1] = rte_bswap32(*ip2);
1000 dst_ip[2] = rte_bswap32(*ip3);
1001 dst_ip[3] = rte_bswap32(*ip4);
1003 dest_mask = key->key.ipv6_5tuple.dst_ip_mask;
1005 dst_field_start = 5;
1006 for (i = 0; i != RTE_DIM(dst_ip); i++, dst_field_start++) {
1007 if (dest_mask >= (i + 1) * nbu32)
1008 params.field_value[dst_field_start].
1009 mask_range.u32 = nbu32;
1011 params.field_value[dst_field_start].
1014 (i * nbu32) ? dest_mask - (i * 32) : 0;
1015 params.field_value[dst_field_start].value.u32 =
1019 params.field_value[9].value.u16 =
1020 key->key.ipv6_5tuple.src_port_from;
1021 params.field_value[9].mask_range.u16 =
1022 key->key.ipv6_5tuple.src_port_to;
1023 params.field_value[10].value.u16 =
1024 key->key.ipv6_5tuple.dst_port_from;
1025 params.field_value[10].mask_range.u16 =
1026 key->key.ipv6_5tuple.dst_port_to;
1029 rte_table_acl_ops.f_add(acl_rule_table_ipv6_standby,
1031 (struct rte_pipeline_table_entry *)
1032 &entry, &rsp->key_found,
1033 (void **)&rsp->entry_ptr);
1035 if (rsp->status != 0)
1037 ("ACL IPV6 Add Rule Command failed key_found: %i\n",
1041 ("ACL IPV6 Add Rule Command success key_found: %i\n",
1048 app_msg_free(app, rsp);
1054 /* Read response and write rule */
1056 (rsp->entry_ptr == NULL) ||
1057 ((new_rule == 0) && (rsp->key_found == 0)) ||
1058 ((new_rule == 1) && (rsp->key_found == 1))) {
1059 app_msg_free(app, rsp);
1065 memcpy(&rule->key, key, sizeof(*key));
1066 rule->priority = priority;
1067 rule->port_id = port_id;
1068 rule->action_id = action_id;
1069 rule->entry_ptr = rsp->entry_ptr;
1073 if (key->type == PIPELINE_ACL_IPV4_5TUPLE) {
1074 TAILQ_INSERT_TAIL(acl_tailq_rules_ipv4_standby, rule,
1076 (*acl_n_tailq_rules_ipv4_standby)++;
1078 TAILQ_INSERT_TAIL(acl_tailq_rules_ipv6_standby, rule,
1080 (*acl_n_tailq_rules_ipv6_standby)++;
1084 if (key->type == PIPELINE_ACL_IPV4_5TUPLE)
1085 print_acl_ipv4_rule(rule);
1087 print_acl_ipv6_rule(rule);
1090 app_msg_free(app, rsp);
1096 * Delete ACL rule from the ACL rule table.
1097 * Rules deleted from standby tables.
1098 * Applyruleset command will activate the change.
1099 * Both IPv4 and IPv6 rules can be deleted.
1102 * A pointer to the ACL pipeline parameters.
1104 * A pointer to the ACL rule to delete.
1107 * 0 on success, negative on error.
1110 app_pipeline_acl_delete_rule(struct app_params *app,
1111 struct pipeline_acl_key *key)
1113 struct app_pipeline_acl_rule *rule;
1114 int status, key_found;
1115 uint32_t src_ip[IPV6_32BIT_LENGTH], dst_ip[IPV6_32BIT_LENGTH];
1116 int new_rule, src_field_start, dst_field_start, i;
1117 uint32_t *ip1, *ip2, *ip3, *ip4, src_mask, dest_mask;
1118 const uint32_t nbu32 = sizeof(uint32_t) * CHAR_BIT;
1121 struct rte_table_acl_rule_delete_params params;
1123 memset(¶ms, 0, sizeof(params));
1125 /* Check input arguments */
1126 if ((app == NULL) ||
1127 (key == NULL) || !((key->type == PIPELINE_ACL_IPV4_5TUPLE) ||
1128 (key->type == PIPELINE_ACL_IPV6_5TUPLE)))
1131 if (app_pipeline_acl_key_check_and_normalize(key) != 0)
1135 rule = app_pipeline_acl_rule_find(key);
1137 printf("ACL Delete Rule - Rule does not exist\n");
1141 switch (key->type) {
1142 case PIPELINE_ACL_IPV4_5TUPLE:
1143 params.field_value[0].value.u8 = key->key.ipv4_5tuple.proto;
1144 params.field_value[0].mask_range.u8 =
1145 key->key.ipv4_5tuple.proto_mask;
1146 params.field_value[1].value.u32 = key->key.ipv4_5tuple.src_ip;
1147 params.field_value[1].mask_range.u32 =
1148 key->key.ipv4_5tuple.src_ip_mask;
1149 params.field_value[2].value.u32 = key->key.ipv4_5tuple.dst_ip;
1150 params.field_value[2].mask_range.u32 =
1151 key->key.ipv4_5tuple.dst_ip_mask;
1152 params.field_value[3].value.u16 =
1153 key->key.ipv4_5tuple.src_port_from;
1154 params.field_value[3].mask_range.u16 =
1155 key->key.ipv4_5tuple.src_port_to;
1156 params.field_value[4].value.u16 =
1157 key->key.ipv4_5tuple.dst_port_from;
1158 params.field_value[4].mask_range.u16 =
1159 key->key.ipv4_5tuple.dst_port_to;
1161 status = rte_table_acl_ops.f_delete(acl_rule_table_ipv4_standby,
1162 ¶ms, &key_found, NULL);
1166 ("ACL IPV4 Del Rule Command failed key_found: %i\n",
1170 ("ACL IPV4 Del Rule Command success key_found: %i\n",
1175 case PIPELINE_ACL_IPV6_5TUPLE:
1176 ip1 = (uint32_t *) (key->key.ipv6_5tuple.src_ip);
1181 params.field_value[0].value.u8 = key->key.ipv6_5tuple.proto;
1182 params.field_value[0].mask_range.u8 =
1183 key->key.ipv6_5tuple.proto_mask;
1185 src_ip[0] = rte_bswap32(*ip1);
1186 src_ip[1] = rte_bswap32(*ip2);
1187 src_ip[2] = rte_bswap32(*ip3);
1188 src_ip[3] = rte_bswap32(*ip4);
1190 src_mask = key->key.ipv6_5tuple.src_ip_mask;
1192 src_field_start = 1;
1193 for (i = 0; i != RTE_DIM(src_ip); i++, src_field_start++) {
1194 if (src_mask >= (i + 1) * nbu32)
1195 params.field_value[src_field_start].
1196 mask_range.u32 = nbu32;
1198 params.field_value[src_field_start].
1201 (i * nbu32) ? src_mask - (i * 32) : 0;
1202 params.field_value[src_field_start].value.u32 =
1206 ip1 = (uint32_t *) (key->key.ipv6_5tuple.dst_ip);
1211 dst_ip[0] = rte_bswap32(*ip1);
1212 dst_ip[1] = rte_bswap32(*ip2);
1213 dst_ip[2] = rte_bswap32(*ip3);
1214 dst_ip[3] = rte_bswap32(*ip4);
1216 dest_mask = key->key.ipv6_5tuple.dst_ip_mask;
1218 dst_field_start = 5;
1219 for (i = 0; i != RTE_DIM(dst_ip); i++, dst_field_start++) {
1220 if (dest_mask >= (i + 1) * nbu32)
1221 params.field_value[dst_field_start].
1222 mask_range.u32 = nbu32;
1224 params.field_value[dst_field_start].
1227 (i * nbu32) ? dest_mask - (i * 32) : 0;
1228 params.field_value[dst_field_start].value.u32 =
1232 params.field_value[9].value.u16 =
1233 key->key.ipv6_5tuple.src_port_from;
1234 params.field_value[9].mask_range.u16 =
1235 key->key.ipv6_5tuple.src_port_to;
1236 params.field_value[10].value.u16 =
1237 key->key.ipv6_5tuple.dst_port_from;
1238 params.field_value[10].mask_range.u16 =
1239 key->key.ipv6_5tuple.dst_port_to;
1242 status = rte_table_acl_ops.f_delete(acl_rule_table_ipv6_standby,
1243 ¶ms, &key_found, NULL);
1247 ("ACL IPV6 Del Rule Command failed key_found: %i\n",
1251 ("ACL IPV6 Del Rule Command success key_found: %i\n",
1262 if (status || !key_found)
1266 if (key->type == PIPELINE_ACL_IPV4_5TUPLE) {
1267 TAILQ_REMOVE(acl_tailq_rules_ipv4_standby, rule, node);
1268 (*acl_n_tailq_rules_ipv4_standby)--;
1270 TAILQ_REMOVE(acl_tailq_rules_ipv6_standby, rule, node);
1271 (*acl_n_tailq_rules_ipv6_standby)--;
1280 * Clear all ACL rules from the ACL rule table.
1281 * Rules cleared from standby tables.
1282 * Applyruleset command will activate the change.
1283 * Both IPv4 and IPv6 rules will be cleared.
1286 * A pointer to the ACL pipeline parameters.
1289 * 0 on success, negative on error.
1291 int app_pipeline_acl_clearrules(struct app_params *app)
1293 struct app_pipeline_acl_rule *rule;
1294 struct app_pipeline_acl_rule *command;
1299 /* Check input arguments */
1303 n_rules = *acl_n_tailq_rules_ipv4_standby;
1304 for (priority = 0; n_rules; priority++) {
1305 TAILQ_FOREACH(rule, acl_tailq_rules_ipv4_standby, node) {
1306 if (rule->priority == priority) {
1307 struct pipeline_acl_key key = rule->key;
1309 /* Store command to update standby tables after switchover */
1311 rte_malloc(NULL, sizeof(*command),
1312 RTE_CACHE_LINE_SIZE);
1313 if (command == NULL) {
1314 printf("Cannot allocation command\n");
1318 sizeof(struct app_pipeline_acl_rule));
1319 memcpy(&command->key, &key, sizeof(key));
1320 command->command = acl_delete_command;
1321 TAILQ_INSERT_TAIL(&acl_commands, command, node);
1324 app_pipeline_acl_delete_rule(app, &key);
1330 n_rules = *acl_n_tailq_rules_ipv6_standby;
1331 for (priority = 0; n_rules; priority++) {
1332 TAILQ_FOREACH(rule, acl_tailq_rules_ipv6_standby, node) {
1333 if (rule->priority == priority) {
1334 struct pipeline_acl_key key = rule->key;
1336 /* Store command to update standby tables after switchover */
1338 rte_malloc(NULL, sizeof(*command),
1339 RTE_CACHE_LINE_SIZE);
1340 if (command == NULL) {
1341 printf("Cannot allocation command\n");
1345 sizeof(struct app_pipeline_acl_rule));
1346 memcpy(&command->key, &key, sizeof(key));
1347 command->command = acl_delete_command;
1348 TAILQ_INSERT_TAIL(&acl_commands, command, node);
1351 app_pipeline_acl_delete_rule(app, &key);
1357 /* Clear Action Array */
1358 memset(action_array_standby, 0, action_array_size);
1368 * Open file and process all commands in the file.
1371 * A pointer to the CLI context
1373 * A pointer to the file to process.
1376 static void app_loadrules_file(cmdline_parse_ctx_t *ctx, const char *file_name)
1378 struct cmdline *file_cl;
1381 fd = open(file_name, O_RDONLY);
1383 printf("Cannot open file \"%s\"\n", file_name);
1387 file_cl = cmdline_new(ctx, "", fd, 1);
1388 cmdline_interact(file_cl);
1392 struct cmd_loadrules_file_result {
1393 cmdline_fixed_string_t p_string;
1394 cmdline_fixed_string_t acl_string;
1395 cmdline_fixed_string_t loadrules_string;
1396 char file_name[APP_FILE_NAME_SIZE];
1400 * Parse load rules command.
1401 * Verify that file exists.
1402 * Clear existing rules and action.
1403 * Process commands in command file.
1405 * @param parsed_result
1406 * A pointer to the CLI command parsed result
1408 * A pointer to command line context.
1410 * A pointer to command specific data.
1413 * 0 on success, negative on error.
1417 cmd_loadrules_parsed(void *parsed_result, struct cmdline *cl, void *data)
1419 struct cmd_loadrules_file_result *params = parsed_result;
1420 struct app_params *app = data;
1424 /* Make sure the file exists before clearing rules and actions */
1425 fd = open(params->file_name, O_RDONLY);
1427 printf("Cannot open file \"%s\"\n", params->file_name);
1432 /* Clear all rules and actions */
1433 status = app_pipeline_acl_clearrules(app);
1436 printf("Command clearrules failed\n");
1440 /* Process commands in script file */
1441 app_loadrules_file(cl->ctx, params->file_name);
1444 cmdline_parse_token_string_t cmd_loadrules_p_string =
1445 TOKEN_STRING_INITIALIZER(struct cmd_loadrules_file_result,
1448 cmdline_parse_token_string_t cmd_loadrules_acl_string =
1449 TOKEN_STRING_INITIALIZER(struct cmd_loadrules_file_result,
1452 cmdline_parse_token_string_t cmd_loadrules_loadrules_string =
1453 TOKEN_STRING_INITIALIZER(struct cmd_loadrules_file_result, loadrules_string,
1456 cmdline_parse_token_string_t cmd_loadrules_file_name =
1457 TOKEN_STRING_INITIALIZER(struct cmd_loadrules_file_result, file_name, NULL);
1459 cmdline_parse_inst_t cmd_loadrules = {
1460 .f = cmd_loadrules_parsed,
1462 .help_str = "ACL Load Rules",
1464 (void *)&cmd_loadrules_p_string,
1465 (void *)&cmd_loadrules_acl_string,
1466 (void *)&cmd_loadrules_loadrules_string,
1467 (void *)&cmd_loadrules_file_name,
1473 * Add Action to the Action table.
1474 * Actions are added standby table.
1475 * Applyruleset command will activate the change.
1478 * A pointer to the ACL pipeline parameters.
1480 * A pointer to the Action to add.
1483 * 0 on success, negative on error.
1486 app_pipeline_action_add(struct app_params *app, struct pipeline_action_key *key)
1490 * This function will update the action IDs on the standby table.
1491 * Activating the changes is done with the applyruleset command.
1494 uint32_t action_bitmap = key->action_bitmap;
1495 uint32_t action_id = key->action_id;
1497 if (action_id >= action_array_max) {
1499 printf("Action id: %u out of range\n", action_id);
1503 action_array_standby[action_id].action_id = action_id;
1506 printf("Adding action id: %u Type: ", action_id);
1507 if (action_bitmap == acl_action_packet_accept) {
1508 action_array_standby[action_id].action_bitmap |=
1509 acl_action_packet_accept;
1513 if (action_bitmap == acl_action_packet_drop) {
1514 action_array_standby[action_id].action_bitmap |=
1515 acl_action_packet_drop;
1519 if (action_bitmap == acl_action_nat) {
1520 action_array_standby[action_id].action_bitmap |= acl_action_nat;
1521 action_array_standby[action_id].nat_port = key->nat_port;
1523 printf("NAT Port ID: %u\n", key->nat_port);
1525 if (action_bitmap == acl_action_fwd) {
1526 action_array_standby[action_id].action_bitmap |= acl_action_fwd;
1527 action_array_standby[action_id].fwd_port = key->fwd_port;
1529 printf("FWD Port ID: %u\n", key->fwd_port);
1531 if (action_bitmap == acl_action_count) {
1532 action_array_standby[action_id].action_bitmap |=
1537 if (action_bitmap == acl_action_conntrack) {
1538 action_array_standby[action_id].action_bitmap |=
1539 acl_action_conntrack;
1541 printf("Conntrack\n");
1543 if (action_bitmap == acl_action_connexist) {
1544 action_array_standby[action_id].action_bitmap |=
1545 acl_action_connexist;
1546 action_array_standby[action_id].private_public =
1547 key->private_public;
1549 printf("Conntrack prvpub: %i\n", key->private_public);
1551 if (action_bitmap == acl_action_dscp) {
1552 action_array_standby[action_id].action_bitmap |=
1554 action_array_standby[action_id].dscp_priority =
1557 printf("DSCP Priority: %u\n", key->dscp_priority);
1561 printf("action_bitmap: %" PRIu32 "\n",
1562 action_array_standby[action_id].action_bitmap);
1568 * Delete Action from the Action table.
1569 * Actions are deleted from the standby table.
1570 * Applyruleset command will activate the change.
1573 * A pointer to the ACL pipeline parameters.
1575 * A pointer to the Action to delete.
1578 * 0 on success, negative on error.
1581 app_pipeline_action_delete(struct app_params *app,
1582 struct pipeline_action_key *key)
1585 * This function will update the action IDs on the standby table.
1586 * Activating the changes is done with the applyruleset command.
1589 uint32_t action_bitmap = key->action_bitmap;
1590 uint32_t action_id = key->action_id;
1592 if (action_id >= action_array_max) {
1594 printf("Action id: %u out of range\n", action_id);
1598 if (action_array_standby[action_id].action_bitmap & action_bitmap)
1599 action_array_standby[action_id].action_bitmap &= ~action_bitmap;
1601 printf("ACL Action Delete - Action not set\n");
1604 printf("Deleting action id: %u Type: ", key->action_id);
1605 if (action_bitmap == acl_action_packet_accept)
1607 if (action_bitmap == acl_action_packet_drop)
1609 if (action_bitmap == acl_action_nat)
1611 if (action_bitmap == acl_action_fwd)
1613 if (action_bitmap == acl_action_count)
1615 if (action_bitmap == acl_action_conntrack)
1616 printf("Conntrack\n");
1617 if (action_bitmap == acl_action_connexist)
1618 printf("Connexist\n");
1619 if (action_bitmap == acl_action_dscp)
1622 printf("action_bitmap: %" PRIu32 "\n",
1623 action_array_standby[action_id].action_bitmap);
1634 * A structure defining the ACL add rule command.
1636 struct cmd_acl_add_ip_result {
1637 cmdline_fixed_string_t p_string;
1638 cmdline_fixed_string_t acl_string;
1639 cmdline_fixed_string_t add_string;
1641 cmdline_ipaddr_t src_ip;
1642 uint32_t src_ip_mask;
1643 cmdline_ipaddr_t dst_ip;
1644 uint32_t dst_ip_mask;
1645 uint16_t src_port_from;
1646 uint16_t src_port_to;
1647 uint16_t dst_port_from;
1648 uint16_t dst_port_to;
1656 * Parse ACL add rule CLI command.
1657 * Add rule to standby table.
1658 * Store command to update standby table
1659 * after applyruleset command is invoked.
1661 * @param parsed_result
1662 * A pointer to CLI command parsed result.
1664 * A pointer to command line context.
1666 * A pointer to command specific data
1669 static void cmd_acl_add_ip_parsed(void *parsed_result, __attribute__ ((unused))
1670 struct cmdline *cl, void *data)
1672 struct cmd_acl_add_ip_result *params = parsed_result;
1673 struct app_params *app = data;
1674 struct pipeline_acl_key key;
1675 struct app_pipeline_acl_rule *command;
1678 memset(&key, 0, sizeof(struct pipeline_acl_key));
1680 if (params->src_ip.family == AF_INET) {
1681 key.type = PIPELINE_ACL_IPV4_5TUPLE;
1682 key.key.ipv4_5tuple.src_ip = rte_bswap32((uint32_t)
1685 key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
1686 key.key.ipv4_5tuple.dst_ip = rte_bswap32((uint32_t)
1689 key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
1690 key.key.ipv4_5tuple.src_port_from = params->src_port_from;
1691 key.key.ipv4_5tuple.src_port_to = params->src_port_to;
1692 key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
1693 key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
1694 key.key.ipv4_5tuple.proto = params->proto;
1695 key.key.ipv4_5tuple.proto_mask = params->proto_mask;
1697 if (params->src_ip.family == AF_INET6) {
1699 printf("entered IPV6");
1700 key.type = PIPELINE_ACL_IPV6_5TUPLE;
1701 memcpy(key.key.ipv6_5tuple.src_ip,
1702 params->src_ip.addr.ipv6.s6_addr,
1703 sizeof(params->src_ip.addr.ipv6.s6_addr));
1704 key.key.ipv6_5tuple.src_ip_mask = params->src_ip_mask;
1705 memcpy(key.key.ipv6_5tuple.dst_ip,
1706 params->dst_ip.addr.ipv6.s6_addr,
1707 sizeof(params->src_ip.addr.ipv6.s6_addr));
1708 key.key.ipv6_5tuple.dst_ip_mask = params->dst_ip_mask;
1709 key.key.ipv6_5tuple.src_port_from = params->src_port_from;
1710 key.key.ipv6_5tuple.src_port_to = params->src_port_to;
1711 key.key.ipv6_5tuple.dst_port_from = params->dst_port_from;
1712 key.key.ipv6_5tuple.dst_port_to = params->dst_port_to;
1713 key.key.ipv6_5tuple.proto = params->proto;
1714 key.key.ipv6_5tuple.proto_mask = params->proto_mask;
1717 status = app_pipeline_acl_add_rule(app, &key, params->priority, 1,
1718 /* Set to 1 as default, overwritten by Action FWD/NAT Port */
1722 printf("Command failed\n");
1726 /* Store command to update standby tables after switchover */
1727 command = rte_malloc(NULL, sizeof(*command), RTE_CACHE_LINE_SIZE);
1728 if (command == NULL) {
1729 printf("Cannot allocation command\n");
1732 memset(command, 0, sizeof(struct app_pipeline_acl_rule));
1733 memcpy(&command->key, &key, sizeof(key));
1734 command->priority = params->priority;
1735 command->port_id = params->port_id;
1736 command->action_id = params->action_id;
1737 command->command = acl_add_command;
1738 TAILQ_INSERT_TAIL(&acl_commands, command, node);
1741 cmdline_parse_token_string_t cmd_acl_add_ip_p_string =
1742 TOKEN_STRING_INITIALIZER(struct cmd_acl_add_ip_result, p_string,
1745 cmdline_parse_token_string_t cmd_acl_add_ip_acl_string =
1746 TOKEN_STRING_INITIALIZER(struct cmd_acl_add_ip_result,
1749 cmdline_parse_token_string_t cmd_acl_add_ip_add_string =
1750 TOKEN_STRING_INITIALIZER(struct cmd_acl_add_ip_result,
1753 cmdline_parse_token_num_t cmd_acl_add_ip_priority =
1754 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result, priority,
1757 cmdline_parse_token_ipaddr_t cmd_acl_add_ip_src_ip =
1758 TOKEN_IPADDR_INITIALIZER(struct cmd_acl_add_ip_result, src_ip);
1760 cmdline_parse_token_num_t cmd_acl_add_ip_src_ip_mask =
1761 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result, src_ip_mask,
1764 cmdline_parse_token_ipaddr_t cmd_acl_add_ip_dst_ip =
1765 TOKEN_IPADDR_INITIALIZER(struct cmd_acl_add_ip_result, dst_ip);
1767 cmdline_parse_token_num_t cmd_acl_add_ip_dst_ip_mask =
1768 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result, dst_ip_mask,
1771 cmdline_parse_token_num_t cmd_acl_add_ip_src_port_from =
1772 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1773 src_port_from, UINT16);
1775 cmdline_parse_token_num_t cmd_acl_add_ip_src_port_to =
1776 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1777 src_port_to, UINT16);
1779 cmdline_parse_token_num_t cmd_acl_add_ip_dst_port_from =
1780 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1781 dst_port_from, UINT16);
1783 cmdline_parse_token_num_t cmd_acl_add_ip_dst_port_to =
1784 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1785 dst_port_to, UINT16);
1787 cmdline_parse_token_num_t cmd_acl_add_ip_proto =
1788 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1791 cmdline_parse_token_num_t cmd_acl_add_ip_proto_mask =
1792 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1795 cmdline_parse_token_num_t cmd_acl_add_ip_port_id =
1796 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1799 cmdline_parse_token_num_t cmd_acl_add_ip_action_id =
1800 TOKEN_NUM_INITIALIZER(struct cmd_acl_add_ip_result,
1803 cmdline_parse_inst_t cmd_acl_add_ip = {
1804 .f = cmd_acl_add_ip_parsed,
1806 .help_str = "ACL rule add",
1808 (void *)&cmd_acl_add_ip_p_string,
1809 (void *)&cmd_acl_add_ip_acl_string,
1810 (void *)&cmd_acl_add_ip_add_string,
1811 (void *)&cmd_acl_add_ip_priority,
1812 (void *)&cmd_acl_add_ip_src_ip,
1813 (void *)&cmd_acl_add_ip_src_ip_mask,
1814 (void *)&cmd_acl_add_ip_dst_ip,
1815 (void *)&cmd_acl_add_ip_dst_ip_mask,
1816 (void *)&cmd_acl_add_ip_src_port_from,
1817 (void *)&cmd_acl_add_ip_src_port_to,
1818 (void *)&cmd_acl_add_ip_dst_port_from,
1819 (void *)&cmd_acl_add_ip_dst_port_to,
1820 (void *)&cmd_acl_add_ip_proto,
1821 (void *)&cmd_acl_add_ip_proto_mask,
1822 (void *)&cmd_acl_add_ip_action_id,
1832 * A structure defining the ACL delete rule command.
1834 struct cmd_acl_del_ip_result {
1835 cmdline_fixed_string_t p_string;
1836 cmdline_fixed_string_t acl_string;
1837 cmdline_fixed_string_t del_string;
1838 cmdline_ipaddr_t src_ip;
1839 uint32_t src_ip_mask;
1840 cmdline_ipaddr_t dst_ip;
1841 uint32_t dst_ip_mask;
1842 uint16_t src_port_from;
1843 uint16_t src_port_to;
1844 uint16_t dst_port_from;
1845 uint16_t dst_port_to;
1851 * Parse ACL delete rule CLI command.
1852 * Delete rule from standby table.
1853 * Store command to update standby table
1854 * after applyruleset command is invoked.
1856 * @param parsed_result
1857 * A pointer to CLI command parsed result.
1859 * A pointer to command line context.
1861 * A pointer to command specific data
1864 static void cmd_acl_del_ip_parsed(void *parsed_result, __attribute__ ((unused))
1865 struct cmdline *cl, void *data)
1867 struct cmd_acl_del_ip_result *params = parsed_result;
1868 struct app_params *app = data;
1869 struct pipeline_acl_key key;
1870 struct app_pipeline_acl_rule *command;
1873 memset(&key, 0, sizeof(struct pipeline_acl_key));
1875 if (params->src_ip.family == AF_INET) {
1876 key.type = PIPELINE_ACL_IPV4_5TUPLE;
1877 key.key.ipv4_5tuple.src_ip = rte_bswap32((uint32_t)
1880 key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
1881 key.key.ipv4_5tuple.dst_ip = rte_bswap32((uint32_t)
1884 key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
1885 key.key.ipv4_5tuple.src_port_from = params->src_port_from;
1886 key.key.ipv4_5tuple.src_port_to = params->src_port_to;
1887 key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
1888 key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
1889 key.key.ipv4_5tuple.proto = params->proto;
1890 key.key.ipv4_5tuple.proto_mask = params->proto_mask;
1892 if (params->src_ip.family == AF_INET6) {
1893 key.type = PIPELINE_ACL_IPV6_5TUPLE;
1894 memcpy(key.key.ipv6_5tuple.src_ip,
1895 params->src_ip.addr.ipv6.s6_addr,
1896 sizeof(params->src_ip.addr.ipv6.s6_addr));
1897 key.key.ipv6_5tuple.src_ip_mask = params->src_ip_mask;
1898 memcpy(key.key.ipv6_5tuple.dst_ip,
1899 params->dst_ip.addr.ipv6.s6_addr,
1900 sizeof(params->dst_ip.addr.ipv6.s6_addr));
1901 key.key.ipv6_5tuple.dst_ip_mask = params->dst_ip_mask;
1902 key.key.ipv6_5tuple.src_port_from = params->src_port_from;
1903 key.key.ipv6_5tuple.src_port_to = params->src_port_to;
1904 key.key.ipv6_5tuple.dst_port_from = params->dst_port_from;
1905 key.key.ipv6_5tuple.dst_port_to = params->dst_port_to;
1906 key.key.ipv6_5tuple.proto = params->proto;
1907 key.key.ipv6_5tuple.proto_mask = params->proto_mask;
1910 status = app_pipeline_acl_delete_rule(app, &key);
1913 printf("Command failed\n");
1917 /* Store command to update standby tables after switchover */
1918 command = rte_malloc(NULL, sizeof(*command), RTE_CACHE_LINE_SIZE);
1919 if (command == NULL) {
1920 printf("Cannot allocation command\n");
1923 memset(command, 0, sizeof(struct app_pipeline_acl_rule));
1924 memcpy(&command->key, &key, sizeof(key));
1925 command->command = acl_delete_command;
1926 TAILQ_INSERT_TAIL(&acl_commands, command, node);
1929 cmdline_parse_token_string_t cmd_acl_del_ip_p_string =
1930 TOKEN_STRING_INITIALIZER(struct cmd_acl_del_ip_result, p_string,
1933 cmdline_parse_token_string_t cmd_acl_del_ip_acl_string =
1934 TOKEN_STRING_INITIALIZER(struct cmd_acl_del_ip_result,
1937 cmdline_parse_token_string_t cmd_acl_del_ip_del_string =
1938 TOKEN_STRING_INITIALIZER(struct cmd_acl_del_ip_result,
1941 cmdline_parse_token_ipaddr_t cmd_acl_del_ip_src_ip =
1942 TOKEN_IPADDR_INITIALIZER(struct cmd_acl_del_ip_result, src_ip);
1944 cmdline_parse_token_num_t cmd_acl_del_ip_src_ip_mask =
1945 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result, src_ip_mask,
1948 cmdline_parse_token_ipaddr_t cmd_acl_del_ip_dst_ip =
1949 TOKEN_IPADDR_INITIALIZER(struct cmd_acl_del_ip_result, dst_ip);
1951 cmdline_parse_token_num_t cmd_acl_del_ip_dst_ip_mask =
1952 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result, dst_ip_mask,
1955 cmdline_parse_token_num_t cmd_acl_del_ip_src_port_from =
1956 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result,
1957 src_port_from, UINT16);
1959 cmdline_parse_token_num_t cmd_acl_del_ip_src_port_to =
1960 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result, src_port_to,
1963 cmdline_parse_token_num_t cmd_acl_del_ip_dst_port_from =
1964 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result,
1965 dst_port_from, UINT16);
1967 cmdline_parse_token_num_t cmd_acl_del_ip_dst_port_to =
1968 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result,
1969 dst_port_to, UINT16);
1971 cmdline_parse_token_num_t cmd_acl_del_ip_proto =
1972 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result,
1975 cmdline_parse_token_num_t cmd_acl_del_ip_proto_mask =
1976 TOKEN_NUM_INITIALIZER(struct cmd_acl_del_ip_result, proto_mask,
1979 cmdline_parse_inst_t cmd_acl_del_ip = {
1980 .f = cmd_acl_del_ip_parsed,
1982 .help_str = "ACL rule delete",
1984 (void *)&cmd_acl_del_ip_p_string,
1985 (void *)&cmd_acl_del_ip_acl_string,
1986 (void *)&cmd_acl_del_ip_del_string,
1987 (void *)&cmd_acl_del_ip_src_ip,
1988 (void *)&cmd_acl_del_ip_src_ip_mask,
1989 (void *)&cmd_acl_del_ip_dst_ip,
1990 (void *)&cmd_acl_del_ip_dst_ip_mask,
1991 (void *)&cmd_acl_del_ip_src_port_from,
1992 (void *)&cmd_acl_del_ip_src_port_to,
1993 (void *)&cmd_acl_del_ip_dst_port_from,
1994 (void *)&cmd_acl_del_ip_dst_port_to,
1995 (void *)&cmd_acl_del_ip_proto,
1996 (void *)&cmd_acl_del_ip_proto_mask,
2006 * A structure defining the ACL stats command.
2008 struct cmd_acl_stats_result {
2009 cmdline_fixed_string_t p_string;
2010 cmdline_fixed_string_t acl_string;
2011 cmdline_fixed_string_t stats_string;
2015 * Display ACL and Connection Tracker stats to the console.
2017 * @param parsed_result
2018 * A pointer to CLI command parsed result.
2020 * A pointer to command line context.
2022 * A pointer to command specific data
2025 static void cmd_acl_stats_parsed(void *parsed_result, __attribute__ ((unused))
2026 struct cmdline *cl, void *data)
2028 struct cmd_acl_stats_result *params = parsed_result;
2029 struct app_params *app = data;
2031 struct rte_ACL_counter_block acl_counter_sums;
2032 struct rte_CT_counter_block ct_counter_sums;
2033 struct rte_CT_counter_block *ct_counters;
2034 struct action_counter_block action_counter_sum[action_array_max];
2036 memset(&acl_counter_sums, 0, sizeof(acl_counter_sums));
2037 memset(&ct_counter_sums, 0, sizeof(ct_counter_sums));
2038 memset(&action_counter_sum, 0, sizeof(action_counter_sum));
2040 printf("ACL Stats\n");
2041 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
2042 struct rte_ACL_counter_block *acl_ctrs =
2043 &rte_acl_counter_table[i];
2044 ct_counters = rte_acl_counter_table[i].ct_counters;
2045 printf("acl entry[%i] tpkts_processed: %" PRIu64
2046 ", pkts_drop: %" PRIu64 ", pkts_received: %" PRIu64
2047 ", bytes_processed: %" PRIu64 "\n", i,
2048 acl_ctrs->tpkts_processed, acl_ctrs->pkts_drop,
2049 acl_ctrs->pkts_received, acl_ctrs->bytes_processed);
2051 acl_counter_sums.tpkts_processed += acl_ctrs->tpkts_processed;
2052 acl_counter_sums.bytes_processed += acl_ctrs->bytes_processed;
2053 acl_counter_sums.pkts_drop += acl_ctrs->pkts_drop;
2054 acl_counter_sums.pkts_received += acl_ctrs->pkts_received;
2055 ct_counter_sums.pkts_forwarded += ct_counters->pkts_forwarded;
2056 ct_counter_sums.pkts_drop += ct_counters->pkts_drop;
2059 printf("ACL TOTAL: tpkts_processed: %" PRIu64 ", pkts_drop: %" PRIu64
2060 ", pkts_received: %" PRIu64 ", bytes_processed: %" PRIu64 "\n\n",
2061 acl_counter_sums.tpkts_processed,
2062 acl_counter_sums.pkts_drop,
2063 acl_counter_sums.pkts_received,
2064 acl_counter_sums.bytes_processed);
2066 printf("CT TOTAL: ct_packets_forwarded: %" PRIu64
2067 ", ct_packets_dropped: %" PRIu64 "\n\n",
2068 ct_counter_sums.pkts_forwarded, ct_counter_sums.pkts_drop);
2070 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
2071 for (j = 0; j < action_array_max; j++) {
2072 if (action_array_active[j].action_bitmap &
2074 action_counter_sum[j].packetCount +=
2075 action_counter_table[i][j].packetCount;
2076 action_counter_sum[j].byteCount +=
2077 action_counter_table[i][j].byteCount;
2082 for (j = 0; j < action_array_max; j++) {
2083 if (action_array_active[j].action_bitmap & acl_action_count)
2084 printf("Action ID: %02u, packetCount: %" PRIu64
2085 ", byteCount: %" PRIu64 "\n", j,
2086 action_counter_sum[j].packetCount,
2087 action_counter_sum[j].byteCount);
2091 cmdline_parse_token_string_t cmd_acl_stats_p_string =
2092 TOKEN_STRING_INITIALIZER(struct cmd_acl_stats_result,
2095 cmdline_parse_token_string_t cmd_acl_stats_acl_string =
2096 TOKEN_STRING_INITIALIZER(struct cmd_acl_stats_result,
2099 cmdline_parse_token_string_t cmd_acl_stats_stats_string =
2100 TOKEN_STRING_INITIALIZER(struct cmd_acl_stats_result,
2101 stats_string, "stats");
2103 cmdline_parse_inst_t cmd_acl_stats = {
2104 .f = cmd_acl_stats_parsed,
2106 .help_str = "ACL stats",
2108 (void *)&cmd_acl_stats_p_string,
2109 (void *)&cmd_acl_stats_acl_string,
2110 (void *)&cmd_acl_stats_stats_string,
2120 * A structure defining the ACL clear stats command.
2122 struct cmd_acl_clearstats_result {
2123 cmdline_fixed_string_t p_string;
2124 cmdline_fixed_string_t acl_string;
2125 cmdline_fixed_string_t clearstats_string;
2129 * Clear ACL and Connection Tracker stats.
2131 * @param parsed_result
2132 * A pointer to CLI command parsed result.
2134 * A pointer to command line context.
2136 * A pointer to command specific data
2139 static void cmd_acl_clearstats_parsed(__attribute__ ((unused))
2140 void *parsed_result,
2141 __attribute__ ((unused))
2143 __attribute__ ((unused))
2148 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
2149 rte_acl_counter_table[i].tpkts_processed = 0;
2150 rte_acl_counter_table[i].bytes_processed = 0;
2151 rte_acl_counter_table[i].pkts_drop = 0;
2152 rte_acl_counter_table[i].pkts_received = 0;
2153 rte_acl_counter_table[i].pkts_drop_ttl = 0;
2154 rte_acl_counter_table[i].pkts_drop_bad_size = 0;
2155 rte_acl_counter_table[i].pkts_drop_fragmented = 0;
2156 rte_acl_counter_table[i].pkts_drop_without_arp_entry = 0;
2157 rte_acl_counter_table[i].ct_counters->pkts_forwarded = 0;
2158 rte_acl_counter_table[i].ct_counters->pkts_drop = 0;
2161 memset(&action_counter_table, 0, sizeof(action_counter_table));
2165 cmdline_parse_token_string_t cmd_acl_clearstats_p_string =
2166 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearstats_result,
2169 cmdline_parse_token_string_t cmd_acl_clearstats_acl_string =
2170 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearstats_result,
2173 cmdline_parse_token_string_t cmd_acl_clearstats_clearstats_string =
2174 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearstats_result,
2175 clearstats_string, "clearstats");
2177 cmdline_parse_inst_t cmd_acl_clearstats = {
2178 .f = cmd_acl_clearstats_parsed,
2180 .help_str = "ACL clearstats",
2182 (void *)&cmd_acl_clearstats_p_string,
2183 (void *)&cmd_acl_clearstats_acl_string,
2184 (void *)&cmd_acl_clearstats_clearstats_string,
2194 * A structure defining the ACL debug command.
2196 struct cmd_acl_dbg_result {
2197 cmdline_fixed_string_t p_string;
2198 cmdline_fixed_string_t acl_string;
2199 cmdline_fixed_string_t dbg_string;
2204 * Parse and handle ACL debug command.
2206 * @param parsed_result
2207 * A pointer to CLI command parsed result.
2209 * A pointer to command line context.
2211 * A pointer to command specific data
2214 static void cmd_acl_dbg_parsed(void *parsed_result, __attribute__ ((unused))
2215 struct cmdline *cl, void *data)
2217 struct cmd_acl_dbg_result *params = parsed_result;
2218 struct app_params *app = data;
2220 if (params->dbg == 0) {
2221 printf("DBG turned OFF\n");
2223 } else if (params->dbg == 1) {
2224 printf("DBG turned ON\n");
2226 } else if (params->dbg == 2) {
2227 printf("ACL IPV4 enabled\n");
2228 printf("ACL IPV6 enabled\n");
2229 acl_ipv4_enabled = 1;
2230 acl_ipv6_enabled = 1;
2231 } else if (params->dbg == 3) {
2232 printf("ACL IPV4 enabled\n");
2233 printf("ACL IPV6 disabled\n");
2234 acl_ipv4_enabled = 1;
2235 acl_ipv6_enabled = 0;
2236 } else if (params->dbg == 4) {
2237 printf("ACL IPV4 disabled\n");
2238 printf("ACL IPV6 enabled\n");
2239 acl_ipv4_enabled = 0;
2240 acl_ipv6_enabled = 1;
2241 } else if (params->dbg == 5) {
2242 printf("ACL Version: 3.03\n");
2244 printf("Invalid DBG setting\n");
2247 cmdline_parse_token_string_t cmd_acl_dbg_p_string =
2248 TOKEN_STRING_INITIALIZER(struct cmd_acl_dbg_result,
2251 cmdline_parse_token_string_t cmd_acl_dbg_acl_string =
2252 TOKEN_STRING_INITIALIZER(struct cmd_acl_dbg_result,
2255 cmdline_parse_token_string_t cmd_acl_dbg_dbg_string =
2256 TOKEN_STRING_INITIALIZER(struct cmd_acl_dbg_result,
2259 cmdline_parse_token_num_t cmd_acl_dbg_dbg =
2260 TOKEN_NUM_INITIALIZER(struct cmd_acl_dbg_result, dbg,
2263 cmdline_parse_inst_t cmd_acl_dbg = {
2264 .f = cmd_acl_dbg_parsed,
2266 .help_str = "ACL dbg",
2268 (void *)&cmd_acl_dbg_p_string,
2269 (void *)&cmd_acl_dbg_acl_string,
2270 (void *)&cmd_acl_dbg_dbg_string,
2271 (void *)&cmd_acl_dbg_dbg,
2281 * A structure defining the ACL clear rules command.
2283 struct cmd_acl_clearrules_result {
2284 cmdline_fixed_string_t p_string;
2285 cmdline_fixed_string_t acl_string;
2286 cmdline_fixed_string_t clearrules_string;
2290 * Parse clear rule command.
2292 * @param parsed_result
2293 * A pointer to CLI command parsed result.
2295 * A pointer to command line context.
2297 * A pointer to command specific data
2300 static void cmd_acl_clearrules_parsed(__attribute__ ((unused))
2301 void *parsed_result,
2302 __attribute__ ((unused))
2303 struct cmdline *cl, void *data)
2305 struct app_params *app = data;
2308 status = app_pipeline_acl_clearrules(app);
2311 printf("Command failed\n");
2316 cmdline_parse_token_string_t cmd_acl_clearrules_p_string =
2317 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearrules_result,
2320 cmdline_parse_token_string_t cmd_acl_clearrules_acl_string =
2321 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearrules_result,
2324 cmdline_parse_token_string_t cmd_acl_clearrules_clearrules_string =
2325 TOKEN_STRING_INITIALIZER(struct cmd_acl_clearrules_result,
2326 clearrules_string, "clearrules");
2328 cmdline_parse_inst_t cmd_acl_clearrules = {
2329 .f = cmd_acl_clearrules_parsed,
2331 .help_str = "ACL clearrules",
2333 (void *)&cmd_acl_clearrules_p_string,
2334 (void *)&cmd_acl_clearrules_acl_string,
2335 (void *)&cmd_acl_clearrules_clearrules_string,
2345 * A structure defining the ACL ls CLI command result.
2347 struct cmd_acl_ls_result {
2348 cmdline_fixed_string_t p_string;
2349 cmdline_fixed_string_t acl_string;
2350 cmdline_fixed_string_t ls_string;
2351 uint32_t table_instance;
2355 * Parse ACL ls command to display rules to the console.
2357 * @param parsed_result
2358 * A pointer to CLI command parsed result.
2360 * A pointer to command line context.
2362 * A pointer to command specific data
2365 static void cmd_acl_ls_parsed(__attribute__ ((unused))
2366 void *parsed_result, __attribute__ ((unused))
2367 struct cmdline *cl, void *data)
2369 struct app_params *app = data;
2370 struct cmd_acl_ls_result *params = parsed_result;
2372 app_pipeline_acl_ls(app, params->table_instance);
2375 cmdline_parse_token_string_t cmd_acl_ls_p_string =
2376 TOKEN_STRING_INITIALIZER(struct cmd_acl_ls_result, p_string,
2379 cmdline_parse_token_string_t cmd_acl_ls_acl_string =
2380 TOKEN_STRING_INITIALIZER(struct cmd_acl_ls_result,
2383 cmdline_parse_token_string_t cmd_acl_ls_ls_string =
2384 TOKEN_STRING_INITIALIZER(struct cmd_acl_ls_result, ls_string,
2387 cmdline_parse_token_num_t cmd_acl_ls_table_instance =
2388 TOKEN_NUM_INITIALIZER(struct cmd_acl_ls_result, table_instance,
2391 cmdline_parse_inst_t cmd_acl_ls = {
2392 .f = cmd_acl_ls_parsed,
2394 .help_str = "ACL rule list",
2396 (void *)&cmd_acl_ls_p_string,
2397 (void *)&cmd_acl_ls_acl_string,
2398 (void *)&cmd_acl_ls_ls_string,
2399 (void *)&cmd_acl_ls_table_instance,
2405 * p acl applyruleset
2409 * A structure defining the ACL apply ruleset command.
2411 struct cmd_acl_applyruleset_result {
2412 cmdline_fixed_string_t p_string;
2413 cmdline_fixed_string_t acl_string;
2414 cmdline_fixed_string_t applyruleset_string;
2418 * Parse ACL Apply Ruleset Command.
2419 * Switchover active and standby tables.
2420 * Sync newly standby tables to match updated data.
2421 * Both ACL rule and ACL action tables updated.
2423 * @param parsed_result
2424 * A pointer to CLI command parsed result.
2426 * A pointer to command line context.
2428 * A pointer to command specific data
2431 static void cmd_acl_applyruleset_parsed(__attribute__ ((unused))
2432 void *parsed_result,
2433 __attribute__ ((unused))
2434 struct cmdline *cl, void *data)
2436 struct app_params *app = data;
2438 uint32_t *temp_count_ptr;
2439 struct pipeline_action_key *action_array_temp_ptr;
2442 printf("ACL Apply Ruleset\n");
2444 /* Switchover Active and Standby TRIE rule tables */
2445 temp_ptr = acl_rule_table_ipv4_active;
2446 acl_rule_table_ipv4_active = acl_rule_table_ipv4_standby;
2447 acl_rule_table_ipv4_standby = temp_ptr;
2448 temp_ptr = acl_rule_table_ipv6_active;
2449 acl_rule_table_ipv6_active = acl_rule_table_ipv6_standby;
2450 acl_rule_table_ipv6_standby = temp_ptr;
2452 /* Switchover tailq tables */
2453 acl_tailq_rules_temp_ptr = acl_tailq_rules_ipv4_active;
2454 acl_tailq_rules_ipv4_active = acl_tailq_rules_ipv4_standby;
2455 acl_tailq_rules_ipv4_standby = acl_tailq_rules_temp_ptr;
2456 acl_tailq_rules_temp_ptr = acl_tailq_rules_ipv6_active;
2457 acl_tailq_rules_ipv6_active = acl_tailq_rules_ipv6_standby;
2458 acl_tailq_rules_ipv6_standby = acl_tailq_rules_temp_ptr;
2459 temp_count_ptr = acl_n_tailq_rules_ipv4_active;
2460 acl_n_tailq_rules_ipv4_active = acl_n_tailq_rules_ipv4_standby;
2461 acl_n_tailq_rules_ipv4_standby = temp_count_ptr;
2462 temp_count_ptr = acl_n_tailq_rules_ipv6_active;
2463 acl_n_tailq_rules_ipv6_active = acl_n_tailq_rules_ipv6_standby;
2464 acl_n_tailq_rules_ipv6_standby = temp_count_ptr;
2466 /* Switchover Active and Standby action table */
2467 action_array_temp_ptr = action_array_active;
2468 action_array_active = action_array_standby;
2469 action_array_standby = action_array_temp_ptr;
2470 /* Update Standby action table with all changes */
2471 memcpy(action_array_standby, action_array_active, action_array_size);
2473 /* Update Standby Rule Tables with all changes */
2474 while (!TAILQ_EMPTY(&acl_commands)) {
2475 struct app_pipeline_acl_rule *command;
2477 command = TAILQ_FIRST(&acl_commands);
2478 TAILQ_REMOVE(&acl_commands, command, node);
2480 if (command->command == acl_add_command) {
2481 status = app_pipeline_acl_add_rule(app,
2485 command->action_id);
2488 app_pipeline_acl_delete_rule(app, &command->key);
2491 printf("Command applyruleset add rule failed\n");
2500 cmdline_parse_token_string_t cmd_acl_applyruleset_p_string =
2501 TOKEN_STRING_INITIALIZER(struct cmd_acl_applyruleset_result, p_string,
2504 cmdline_parse_token_string_t cmd_acl_applyruleset_acl_string =
2505 TOKEN_STRING_INITIALIZER(struct cmd_acl_applyruleset_result,
2508 cmdline_parse_token_string_t cmd_acl_applyruleset_applyruleset_string =
2509 TOKEN_STRING_INITIALIZER(struct cmd_acl_applyruleset_result,
2510 applyruleset_string,
2513 cmdline_parse_inst_t cmd_acl_applyruleset = {
2514 .f = cmd_acl_applyruleset_parsed,
2516 .help_str = "ACL applyruleset",
2518 (void *)&cmd_acl_applyruleset_p_string,
2519 (void *)&cmd_acl_applyruleset_acl_string,
2520 (void *)&cmd_acl_applyruleset_applyruleset_string,
2526 * p action add accept
2530 * A structure defining the add accept action command.
2532 struct cmd_action_add_accept_result {
2533 cmdline_fixed_string_t p_string;
2534 cmdline_fixed_string_t action_string;
2535 cmdline_fixed_string_t add_string;
2537 cmdline_fixed_string_t accept_string;
2541 * Parse Accept Action Add Command.
2543 * @param parsed_result
2544 * A pointer to CLI command parsed result.
2546 * A pointer to command line context.
2548 * A pointer to command specific data
2552 cmd_action_add_accept_parsed(void *parsed_result, __attribute__ ((unused))
2553 struct cmdline *cl, void *data)
2555 struct cmd_action_add_accept_result *params = parsed_result;
2556 struct app_params *app = data;
2557 struct pipeline_action_key key;
2560 key.action_id = params->action_id;
2561 key.action_bitmap = acl_action_packet_accept;
2563 status = app_pipeline_action_add(app, &key);
2566 printf("Command failed\n");
2571 cmdline_parse_token_string_t cmd_action_add_accept_p_string =
2572 TOKEN_STRING_INITIALIZER(struct cmd_action_add_accept_result, p_string,
2575 cmdline_parse_token_string_t cmd_action_add_accept_action_string =
2576 TOKEN_STRING_INITIALIZER(struct cmd_action_add_accept_result,
2577 action_string, "action");
2579 cmdline_parse_token_string_t cmd_action_add_accept_add_string =
2580 TOKEN_STRING_INITIALIZER(struct cmd_action_add_accept_result,
2583 cmdline_parse_token_num_t cmd_action_add_accept_action_id =
2584 TOKEN_NUM_INITIALIZER(struct cmd_action_add_accept_result, action_id,
2587 cmdline_parse_token_string_t cmd_action_add_accept_accept_string =
2588 TOKEN_STRING_INITIALIZER(struct cmd_action_add_accept_result,
2589 accept_string, "accept");
2591 cmdline_parse_inst_t cmd_action_add_accept = {
2592 .f = cmd_action_add_accept_parsed,
2594 .help_str = "ACL action add accept",
2596 (void *)&cmd_action_add_accept_p_string,
2597 (void *)&cmd_action_add_accept_action_string,
2598 (void *)&cmd_action_add_accept_add_string,
2599 (void *)&cmd_action_add_accept_action_id,
2600 (void *)&cmd_action_add_accept_accept_string,
2606 * p action del accept
2610 * A structure defining the delete accept action command.
2612 struct cmd_action_del_accept_result {
2613 cmdline_fixed_string_t p_string;
2614 cmdline_fixed_string_t action_string;
2615 cmdline_fixed_string_t del_string;
2617 cmdline_fixed_string_t accept_string;
2621 * Parse Accept Action Delete Command.
2623 * @param parsed_result
2624 * A pointer to CLI command parsed result.
2626 * A pointer to command line context.
2628 * A pointer to command specific data
2632 cmd_action_del_accept_parsed(void *parsed_result, __attribute__ ((unused))
2633 struct cmdline *cl, void *data)
2635 struct cmd_action_del_accept_result *params = parsed_result;
2636 struct app_params *app = data;
2637 struct pipeline_action_key key;
2640 key.action_id = params->action_id;
2641 key.action_bitmap = acl_action_packet_accept;
2643 status = app_pipeline_action_delete(app, &key);
2646 printf("Command failed\n");
2651 cmdline_parse_token_string_t cmd_action_del_accept_p_string =
2652 TOKEN_STRING_INITIALIZER(struct cmd_action_del_accept_result, p_string,
2655 cmdline_parse_token_string_t cmd_action_del_accept_action_string =
2656 TOKEN_STRING_INITIALIZER(struct cmd_action_del_accept_result,
2657 action_string, "action");
2659 cmdline_parse_token_string_t cmd_action_del_accept_del_string =
2660 TOKEN_STRING_INITIALIZER(struct cmd_action_del_accept_result,
2663 cmdline_parse_token_num_t cmd_action_del_accept_action_id =
2664 TOKEN_NUM_INITIALIZER(struct cmd_action_del_accept_result, action_id,
2667 cmdline_parse_token_string_t cmd_action_del_accept_accept_string =
2668 TOKEN_STRING_INITIALIZER(struct cmd_action_del_accept_result,
2669 accept_string, "accept");
2671 cmdline_parse_inst_t cmd_action_del_accept = {
2672 .f = cmd_action_del_accept_parsed,
2674 .help_str = "ACL action delete accept",
2676 (void *)&cmd_action_del_accept_p_string,
2677 (void *)&cmd_action_del_accept_action_string,
2678 (void *)&cmd_action_del_accept_del_string,
2679 (void *)&cmd_action_del_accept_action_id,
2680 (void *)&cmd_action_del_accept_accept_string,
2690 * A structure defining the add drop action command.
2692 struct cmd_action_add_drop_result {
2693 cmdline_fixed_string_t p_string;
2694 cmdline_fixed_string_t action_string;
2695 cmdline_fixed_string_t add_string;
2697 cmdline_fixed_string_t drop_string;
2701 * Parse Drop Action Add Command.
2703 * @param parsed_result
2704 * A pointer to CLI command parsed result.
2706 * A pointer to command line context.
2708 * A pointer to command specific data
2712 cmd_action_add_drop_parsed(void *parsed_result, __attribute__ ((unused))
2713 struct cmdline *cl, void *data)
2715 struct cmd_action_add_drop_result *params = parsed_result;
2716 struct app_params *app = data;
2717 struct pipeline_action_key key;
2720 key.action_id = params->action_id;
2721 key.action_bitmap = acl_action_packet_drop;
2723 status = app_pipeline_action_add(app, &key);
2726 printf("Command failed\n");
2731 cmdline_parse_token_string_t cmd_action_add_drop_p_string =
2732 TOKEN_STRING_INITIALIZER(struct cmd_action_add_drop_result, p_string,
2735 cmdline_parse_token_string_t cmd_action_add_drop_action_string =
2736 TOKEN_STRING_INITIALIZER(struct cmd_action_add_drop_result,
2737 action_string, "action");
2739 cmdline_parse_token_string_t cmd_action_add_drop_add_string =
2740 TOKEN_STRING_INITIALIZER(struct cmd_action_add_drop_result,
2743 cmdline_parse_token_num_t cmd_action_add_drop_action_id =
2744 TOKEN_NUM_INITIALIZER(struct cmd_action_add_drop_result, action_id,
2747 cmdline_parse_token_string_t cmd_action_add_drop_drop_string =
2748 TOKEN_STRING_INITIALIZER(struct cmd_action_add_drop_result,
2749 drop_string, "drop");
2751 cmdline_parse_inst_t cmd_action_add_drop = {
2752 .f = cmd_action_add_drop_parsed,
2754 .help_str = "ACL action add drop",
2756 (void *)&cmd_action_add_drop_p_string,
2757 (void *)&cmd_action_add_drop_action_string,
2758 (void *)&cmd_action_add_drop_add_string,
2759 (void *)&cmd_action_add_drop_action_id,
2760 (void *)&cmd_action_add_drop_drop_string,
2770 * A structure defining the delete drop action command.
2772 struct cmd_action_del_drop_result {
2773 cmdline_fixed_string_t p_string;
2774 cmdline_fixed_string_t action_string;
2775 cmdline_fixed_string_t del_string;
2777 cmdline_fixed_string_t drop_string;
2781 * Parse Drop Action Delete Command.
2783 * @param parsed_result
2784 * A pointer to CLI command parsed result.
2786 * A pointer to command line context.
2788 * A pointer to command specific data
2792 cmd_action_del_drop_parsed(void *parsed_result, __attribute__ ((unused))
2793 struct cmdline *cl, void *data)
2795 struct cmd_action_del_drop_result *params = parsed_result;
2796 struct app_params *app = data;
2797 struct pipeline_action_key key;
2800 key.action_id = params->action_id;
2801 key.action_bitmap = acl_action_packet_drop;
2803 status = app_pipeline_action_delete(app, &key);
2806 printf("Command failed\n");
2811 cmdline_parse_token_string_t cmd_action_del_drop_p_string =
2812 TOKEN_STRING_INITIALIZER(struct cmd_action_del_drop_result, p_string,
2815 cmdline_parse_token_string_t cmd_action_del_drop_action_string =
2816 TOKEN_STRING_INITIALIZER(struct cmd_action_del_drop_result,
2817 action_string, "action");
2819 cmdline_parse_token_string_t cmd_action_del_drop_del_string =
2820 TOKEN_STRING_INITIALIZER(struct cmd_action_del_drop_result,
2823 cmdline_parse_token_num_t cmd_action_del_drop_action_id =
2824 TOKEN_NUM_INITIALIZER(struct cmd_action_del_drop_result, action_id,
2827 cmdline_parse_token_string_t cmd_action_del_drop_drop_string =
2828 TOKEN_STRING_INITIALIZER(struct cmd_action_del_drop_result,
2829 drop_string, "drop");
2831 cmdline_parse_inst_t cmd_action_del_drop = {
2832 .f = cmd_action_del_drop_parsed,
2834 .help_str = "ACL action delete drop",
2836 (void *)&cmd_action_del_drop_p_string,
2837 (void *)&cmd_action_del_drop_action_string,
2838 (void *)&cmd_action_del_drop_del_string,
2839 (void *)&cmd_action_del_drop_action_id,
2840 (void *)&cmd_action_del_drop_drop_string,
2850 * A structure defining the add forward action command.
2852 struct cmd_action_add_fwd_result {
2853 cmdline_fixed_string_t p_string;
2854 cmdline_fixed_string_t action_string;
2855 cmdline_fixed_string_t add_string;
2857 cmdline_fixed_string_t fwd_string;
2862 * Parse Forward Action Add Command.
2864 * @param parsed_result
2865 * A pointer to CLI command parsed result.
2867 * A pointer to command line context.
2869 * A pointer to command specific data
2873 cmd_action_add_fwd_parsed(void *parsed_result, __attribute__ ((unused))
2874 struct cmdline *cl, void *data)
2876 struct cmd_action_add_fwd_result *params = parsed_result;
2877 struct app_params *app = data;
2878 struct pipeline_action_key key;
2881 key.action_id = params->action_id;
2882 key.action_bitmap = acl_action_fwd;
2883 key.fwd_port = params->port_id;
2885 status = app_pipeline_action_add(app, &key);
2888 printf("Command failed\n");
2893 cmdline_parse_token_string_t cmd_action_add_fwd_p_string =
2894 TOKEN_STRING_INITIALIZER(struct cmd_action_add_fwd_result, p_string,
2897 cmdline_parse_token_string_t cmd_action_add_fwd_action_string =
2898 TOKEN_STRING_INITIALIZER(struct cmd_action_add_fwd_result,
2899 action_string, "action");
2901 cmdline_parse_token_string_t cmd_action_add_fwd_add_string =
2902 TOKEN_STRING_INITIALIZER(struct cmd_action_add_fwd_result,
2905 cmdline_parse_token_num_t cmd_action_add_fwd_action_id =
2906 TOKEN_NUM_INITIALIZER(struct cmd_action_add_fwd_result, action_id,
2909 cmdline_parse_token_string_t cmd_action_add_fwd_fwd_string =
2910 TOKEN_STRING_INITIALIZER(struct cmd_action_add_fwd_result,
2913 cmdline_parse_token_num_t cmd_action_add_fwd_port_id =
2914 TOKEN_NUM_INITIALIZER(struct cmd_action_add_fwd_result, port_id,
2917 cmdline_parse_inst_t cmd_action_add_fwd = {
2918 .f = cmd_action_add_fwd_parsed,
2920 .help_str = "ACL action add fwd",
2922 (void *)&cmd_action_add_fwd_p_string,
2923 (void *)&cmd_action_add_fwd_action_string,
2924 (void *)&cmd_action_add_fwd_add_string,
2925 (void *)&cmd_action_add_fwd_action_id,
2926 (void *)&cmd_action_add_fwd_fwd_string,
2927 (void *)&cmd_action_add_fwd_port_id,
2937 * A structure defining the delete forward action command.
2939 struct cmd_action_del_fwd_result {
2940 cmdline_fixed_string_t p_string;
2941 cmdline_fixed_string_t action_string;
2942 cmdline_fixed_string_t del_string;
2944 cmdline_fixed_string_t fwd_string;
2948 * Parse Forward Action Delete Command.
2950 * @param parsed_result
2951 * A pointer to CLI command parsed result.
2953 * A pointer to command line context.
2955 * A pointer to command specific data
2959 cmd_action_del_fwd_parsed(void *parsed_result, __attribute__ ((unused))
2960 struct cmdline *cl, void *data)
2962 struct cmd_action_del_fwd_result *params = parsed_result;
2963 struct app_params *app = data;
2964 struct pipeline_action_key key;
2967 key.action_id = params->action_id;
2968 key.action_bitmap = acl_action_fwd;
2970 status = app_pipeline_action_delete(app, &key);
2973 printf("Command failed\n");
2978 cmdline_parse_token_string_t cmd_action_del_fwd_p_string =
2979 TOKEN_STRING_INITIALIZER(struct cmd_action_del_fwd_result, p_string,
2982 cmdline_parse_token_string_t cmd_action_del_fwd_action_string =
2983 TOKEN_STRING_INITIALIZER(struct cmd_action_del_fwd_result,
2984 action_string, "action");
2986 cmdline_parse_token_string_t cmd_action_del_fwd_del_string =
2987 TOKEN_STRING_INITIALIZER(struct cmd_action_del_fwd_result,
2990 cmdline_parse_token_num_t cmd_action_del_fwd_action_id =
2991 TOKEN_NUM_INITIALIZER(struct cmd_action_del_fwd_result, action_id,
2994 cmdline_parse_token_string_t cmd_action_del_fwd_fwd_string =
2995 TOKEN_STRING_INITIALIZER(struct cmd_action_del_fwd_result,
2998 cmdline_parse_inst_t cmd_action_del_fwd = {
2999 .f = cmd_action_del_fwd_parsed,
3001 .help_str = "ACL action delete fwd",
3003 (void *)&cmd_action_del_fwd_p_string,
3004 (void *)&cmd_action_del_fwd_action_string,
3005 (void *)&cmd_action_del_fwd_del_string,
3006 (void *)&cmd_action_del_fwd_action_id,
3007 (void *)&cmd_action_del_fwd_fwd_string,
3017 * A structure defining the add NAT action command.
3019 struct cmd_action_add_nat_result {
3020 cmdline_fixed_string_t p_string;
3021 cmdline_fixed_string_t action_string;
3022 cmdline_fixed_string_t add_string;
3024 cmdline_fixed_string_t nat_string;
3029 * Parse NAT Action Add Command.
3031 * @param parsed_result
3032 * A pointer to CLI command parsed result.
3034 * A pointer to command line context.
3036 * A pointer to command specific data
3040 cmd_action_add_nat_parsed(void *parsed_result, __attribute__ ((unused))
3041 struct cmdline *cl, void *data)
3043 struct cmd_action_add_nat_result *params = parsed_result;
3044 struct app_params *app = data;
3045 struct pipeline_action_key key;
3048 key.action_id = params->action_id;
3049 key.action_bitmap = acl_action_nat;
3050 key.nat_port = params->port_id;
3052 status = app_pipeline_action_add(app, &key);
3055 printf("Command failed\n");
3060 cmdline_parse_token_string_t cmd_action_add_nat_p_string =
3061 TOKEN_STRING_INITIALIZER(struct cmd_action_add_nat_result, p_string,
3064 cmdline_parse_token_string_t cmd_action_add_nat_action_string =
3065 TOKEN_STRING_INITIALIZER(struct cmd_action_add_nat_result,
3066 action_string, "action");
3068 cmdline_parse_token_string_t cmd_action_add_nat_add_string =
3069 TOKEN_STRING_INITIALIZER(struct cmd_action_add_nat_result,
3072 cmdline_parse_token_num_t cmd_action_add_nat_action_id =
3073 TOKEN_NUM_INITIALIZER(struct cmd_action_add_nat_result, action_id,
3076 cmdline_parse_token_string_t cmd_action_add_nat_nat_string =
3077 TOKEN_STRING_INITIALIZER(struct cmd_action_add_nat_result,
3080 cmdline_parse_token_num_t cmd_action_add_nat_port_id =
3081 TOKEN_NUM_INITIALIZER(struct cmd_action_add_nat_result, port_id,
3084 cmdline_parse_inst_t cmd_action_add_nat = {
3085 .f = cmd_action_add_nat_parsed,
3087 .help_str = "ACL action add nat",
3089 (void *)&cmd_action_add_nat_p_string,
3090 (void *)&cmd_action_add_nat_action_string,
3091 (void *)&cmd_action_add_nat_add_string,
3092 (void *)&cmd_action_add_nat_action_id,
3093 (void *)&cmd_action_add_nat_nat_string,
3094 (void *)&cmd_action_add_nat_port_id,
3104 * A structure defining the delete NAT action command.
3106 struct cmd_action_del_nat_result {
3107 cmdline_fixed_string_t p_string;
3108 cmdline_fixed_string_t action_string;
3109 cmdline_fixed_string_t del_string;
3111 cmdline_fixed_string_t nat_string;
3115 * Parse NAT Action Delete Command.
3117 * @param parsed_result
3118 * A pointer to CLI command parsed result.
3120 * A pointer to command line context.
3122 * A pointer to command specific data
3126 cmd_action_del_nat_parsed(void *parsed_result, __attribute__ ((unused))
3127 struct cmdline *cl, void *data)
3129 struct cmd_action_del_nat_result *params = parsed_result;
3130 struct app_params *app = data;
3131 struct pipeline_action_key key;
3134 key.action_id = params->action_id;
3135 key.action_bitmap = acl_action_nat;
3137 status = app_pipeline_action_delete(app, &key);
3140 printf("Command failed\n");
3145 cmdline_parse_token_string_t cmd_action_del_nat_p_string =
3146 TOKEN_STRING_INITIALIZER(struct cmd_action_del_nat_result, p_string,
3149 cmdline_parse_token_string_t cmd_action_del_nat_action_string =
3150 TOKEN_STRING_INITIALIZER(struct cmd_action_del_nat_result,
3151 action_string, "action");
3153 cmdline_parse_token_string_t cmd_action_del_nat_del_string =
3154 TOKEN_STRING_INITIALIZER(struct cmd_action_del_nat_result,
3157 cmdline_parse_token_num_t cmd_action_del_nat_action_id =
3158 TOKEN_NUM_INITIALIZER(struct cmd_action_del_nat_result, action_id,
3161 cmdline_parse_token_string_t cmd_action_del_nat_nat_string =
3162 TOKEN_STRING_INITIALIZER(struct cmd_action_del_nat_result,
3165 cmdline_parse_inst_t cmd_action_del_nat = {
3166 .f = cmd_action_del_nat_parsed,
3168 .help_str = "ACL action delete nat",
3170 (void *)&cmd_action_del_nat_p_string,
3171 (void *)&cmd_action_del_nat_action_string,
3172 (void *)&cmd_action_del_nat_del_string,
3173 (void *)&cmd_action_del_nat_action_id,
3174 (void *)&cmd_action_del_nat_nat_string,
3180 * p action add count
3184 * A structure defining the add count action command.
3186 struct cmd_action_add_count_result {
3187 cmdline_fixed_string_t p_string;
3188 cmdline_fixed_string_t action_string;
3189 cmdline_fixed_string_t add_string;
3191 cmdline_fixed_string_t count_string;
3195 * Parse Count Action Add Command.
3197 * @param parsed_result
3198 * A pointer to CLI command parsed result.
3200 * A pointer to command line context.
3202 * A pointer to command specific data
3206 cmd_action_add_count_parsed(void *parsed_result, __attribute__ ((unused))
3207 struct cmdline *cl, void *data)
3209 struct cmd_action_add_count_result *params = parsed_result;
3210 struct app_params *app = data;
3211 struct pipeline_action_key key;
3214 key.action_id = params->action_id;
3215 key.action_bitmap = acl_action_count;
3217 status = app_pipeline_action_add(app, &key);
3220 printf("Command failed\n");
3225 cmdline_parse_token_string_t cmd_action_add_count_p_string =
3226 TOKEN_STRING_INITIALIZER(struct cmd_action_add_count_result, p_string,
3229 cmdline_parse_token_string_t cmd_action_add_count_action_string =
3230 TOKEN_STRING_INITIALIZER(struct cmd_action_add_count_result,
3231 action_string, "action");
3233 cmdline_parse_token_string_t cmd_action_add_count_add_string =
3234 TOKEN_STRING_INITIALIZER(struct cmd_action_add_count_result,
3237 cmdline_parse_token_num_t cmd_action_add_count_action_id =
3238 TOKEN_NUM_INITIALIZER(struct cmd_action_add_count_result, action_id,
3241 cmdline_parse_token_string_t cmd_action_add_count_count_string =
3242 TOKEN_STRING_INITIALIZER(struct cmd_action_add_count_result,
3243 count_string, "count");
3245 cmdline_parse_inst_t cmd_action_add_count = {
3246 .f = cmd_action_add_count_parsed,
3248 .help_str = "ACL action add count",
3250 (void *)&cmd_action_add_count_p_string,
3251 (void *)&cmd_action_add_count_action_string,
3252 (void *)&cmd_action_add_count_add_string,
3253 (void *)&cmd_action_add_count_action_id,
3254 (void *)&cmd_action_add_count_count_string,
3260 * p action del count
3264 * A structure defining the delete count action command.
3266 struct cmd_action_del_count_result {
3267 cmdline_fixed_string_t p_string;
3268 cmdline_fixed_string_t action_string;
3269 cmdline_fixed_string_t del_string;
3271 cmdline_fixed_string_t count_string;
3275 * Parse Count Action Delete Command.
3277 * @param parsed_result
3278 * A pointer to CLI command parsed result.
3280 * A pointer to command line context.
3282 * A pointer to command specific data
3286 cmd_action_del_count_parsed(void *parsed_result, __attribute__ ((unused))
3287 struct cmdline *cl, void *data)
3289 struct cmd_action_del_count_result *params = parsed_result;
3290 struct app_params *app = data;
3291 struct pipeline_action_key key;
3294 key.action_id = params->action_id;
3295 key.action_bitmap = acl_action_count;
3297 status = app_pipeline_action_delete(app, &key);
3300 printf("Command failed\n");
3305 cmdline_parse_token_string_t cmd_action_del_count_p_string =
3306 TOKEN_STRING_INITIALIZER(struct cmd_action_del_count_result, p_string,
3309 cmdline_parse_token_string_t cmd_action_del_count_action_string =
3310 TOKEN_STRING_INITIALIZER(struct cmd_action_del_count_result,
3311 action_string, "action");
3313 cmdline_parse_token_string_t cmd_action_del_count_del_string =
3314 TOKEN_STRING_INITIALIZER(struct cmd_action_del_count_result,
3317 cmdline_parse_token_num_t cmd_action_del_count_action_id =
3318 TOKEN_NUM_INITIALIZER(struct cmd_action_del_count_result, action_id,
3321 cmdline_parse_token_string_t cmd_action_del_count_count_string =
3322 TOKEN_STRING_INITIALIZER(struct cmd_action_del_count_result,
3323 count_string, "count");
3325 cmdline_parse_inst_t cmd_action_del_count = {
3326 .f = cmd_action_del_count_parsed,
3328 .help_str = "ACL action delete count",
3330 (void *)&cmd_action_del_count_p_string,
3331 (void *)&cmd_action_del_count_action_string,
3332 (void *)&cmd_action_del_count_del_string,
3333 (void *)&cmd_action_del_count_action_id,
3334 (void *)&cmd_action_del_count_count_string,
3344 * A structure defining the add DSCP action command.
3346 struct cmd_action_add_dscp_result {
3347 cmdline_fixed_string_t p_string;
3348 cmdline_fixed_string_t action_string;
3349 cmdline_fixed_string_t add_string;
3351 cmdline_fixed_string_t dscp_string;
3352 uint8_t dscp_priority;
3356 * Parse DSCP Action Add Command.
3358 * @param parsed_result
3359 * A pointer to CLI command parsed result.
3361 * A pointer to command line context.
3363 * A pointer to command specific data
3367 cmd_action_add_dscp_parsed(void *parsed_result, __attribute__ ((unused))
3368 struct cmdline *cl, void *data)
3370 struct cmd_action_add_dscp_result *params = parsed_result;
3371 struct app_params *app = data;
3372 struct pipeline_action_key key;
3375 key.action_id = params->action_id;
3376 key.action_bitmap = acl_action_dscp;
3377 key.dscp_priority = params->dscp_priority;
3379 status = app_pipeline_action_add(app, &key);
3382 printf("Command failed\n");
3387 cmdline_parse_token_string_t cmd_action_add_dscp_p_string =
3388 TOKEN_STRING_INITIALIZER(struct cmd_action_add_dscp_result, p_string,
3391 cmdline_parse_token_string_t cmd_action_add_dscp_action_string =
3392 TOKEN_STRING_INITIALIZER(struct cmd_action_add_dscp_result,
3393 action_string, "action");
3395 cmdline_parse_token_string_t cmd_action_add_dscp_add_string =
3396 TOKEN_STRING_INITIALIZER(struct cmd_action_add_dscp_result,
3399 cmdline_parse_token_num_t cmd_action_add_dscp_action_id =
3400 TOKEN_NUM_INITIALIZER(struct cmd_action_add_dscp_result, action_id,
3403 cmdline_parse_token_string_t cmd_action_add_dscp_dscp_string =
3404 TOKEN_STRING_INITIALIZER(struct cmd_action_add_dscp_result,
3405 dscp_string, "dscp");
3407 cmdline_parse_token_num_t cmd_action_add_dscp_dscp_priority =
3408 TOKEN_NUM_INITIALIZER(struct cmd_action_add_dscp_result, dscp_priority,
3411 cmdline_parse_inst_t cmd_action_add_dscp = {
3412 .f = cmd_action_add_dscp_parsed,
3414 .help_str = "ACL action add dscp",
3416 (void *)&cmd_action_add_dscp_p_string,
3417 (void *)&cmd_action_add_dscp_action_string,
3418 (void *)&cmd_action_add_dscp_add_string,
3419 (void *)&cmd_action_add_dscp_action_id,
3420 (void *)&cmd_action_add_dscp_dscp_string,
3421 (void *)&cmd_action_add_dscp_dscp_priority,
3431 * A structure defining the delete DSCP action command.
3433 struct cmd_action_del_dscp_result {
3434 cmdline_fixed_string_t p_string;
3435 cmdline_fixed_string_t action_string;
3436 cmdline_fixed_string_t del_string;
3438 cmdline_fixed_string_t dscp_string;
3442 * Parse DSCP Action Delete Command.
3444 * @param parsed_result
3445 * A pointer to CLI command parsed result.
3447 * A pointer to command line context.
3449 * A pointer to command specific data
3453 cmd_action_del_dscp_parsed(void *parsed_result, __attribute__ ((unused))
3454 struct cmdline *cl, void *data)
3456 struct cmd_action_del_dscp_result *params = parsed_result;
3457 struct app_params *app = data;
3458 struct pipeline_action_key key;
3461 key.action_id = params->action_id;
3462 key.action_bitmap = acl_action_dscp;
3464 status = app_pipeline_action_delete(app, &key);
3467 printf("Command failed\n");
3472 cmdline_parse_token_string_t cmd_action_del_dscp_p_string =
3473 TOKEN_STRING_INITIALIZER(struct cmd_action_del_dscp_result, p_string,
3476 cmdline_parse_token_string_t cmd_action_del_dscp_action_string =
3477 TOKEN_STRING_INITIALIZER(struct cmd_action_del_dscp_result,
3478 action_string, "action");
3480 cmdline_parse_token_string_t cmd_action_del_dscp_del_string =
3481 TOKEN_STRING_INITIALIZER(struct cmd_action_del_dscp_result,
3484 cmdline_parse_token_num_t cmd_action_del_dscp_action_id =
3485 TOKEN_NUM_INITIALIZER(struct cmd_action_del_dscp_result, action_id,
3488 cmdline_parse_token_string_t cmd_action_del_dscp_dscp_string =
3489 TOKEN_STRING_INITIALIZER(struct cmd_action_del_dscp_result,
3490 dscp_string, "dscp");
3492 cmdline_parse_inst_t cmd_action_del_dscp = {
3493 .f = cmd_action_del_dscp_parsed,
3495 .help_str = "ACL action delete dscp",
3497 (void *)&cmd_action_del_dscp_p_string,
3498 (void *)&cmd_action_del_dscp_action_string,
3499 (void *)&cmd_action_del_dscp_del_string,
3500 (void *)&cmd_action_del_dscp_action_id,
3501 (void *)&cmd_action_del_dscp_dscp_string,
3507 * p action add conntrack
3511 * A structure defining the add Connection Tracking action command.
3513 struct cmd_action_add_conntrack_result {
3514 cmdline_fixed_string_t p_string;
3515 cmdline_fixed_string_t action_string;
3516 cmdline_fixed_string_t add_string;
3518 cmdline_fixed_string_t conntrack_string;
3522 * Parse Connection Tracking Action Add Command.
3524 * @param parsed_result
3525 * A pointer to CLI command parsed result.
3527 * A pointer to command line context.
3529 * A pointer to command specific data
3533 cmd_action_add_conntrack_parsed(void *parsed_result, __attribute__ ((unused))
3534 struct cmdline *cl, void *data)
3536 struct cmd_action_add_conntrack_result *params = parsed_result;
3537 struct app_params *app = data;
3538 struct pipeline_action_key key;
3541 key.action_id = params->action_id;
3542 key.action_bitmap = acl_action_conntrack;
3544 status = app_pipeline_action_add(app, &key);
3547 printf("Command failed\n");
3552 cmdline_parse_token_string_t cmd_action_add_conntrack_p_string =
3553 TOKEN_STRING_INITIALIZER(struct cmd_action_add_conntrack_result, p_string,
3556 cmdline_parse_token_string_t cmd_action_add_conntrack_action_string =
3557 TOKEN_STRING_INITIALIZER(struct cmd_action_add_conntrack_result,
3558 action_string, "action");
3560 cmdline_parse_token_string_t cmd_action_add_conntrack_add_string =
3561 TOKEN_STRING_INITIALIZER(struct cmd_action_add_conntrack_result,
3564 cmdline_parse_token_num_t cmd_action_add_conntrack_action_id =
3565 TOKEN_NUM_INITIALIZER(struct cmd_action_add_conntrack_result, action_id,
3568 cmdline_parse_token_string_t cmd_action_add_conntrack_conntrack_string =
3569 TOKEN_STRING_INITIALIZER(struct cmd_action_add_conntrack_result,
3570 conntrack_string, "conntrack");
3572 cmdline_parse_inst_t cmd_action_add_conntrack = {
3573 .f = cmd_action_add_conntrack_parsed,
3575 .help_str = "ACL action add conntrack",
3577 (void *)&cmd_action_add_conntrack_p_string,
3578 (void *)&cmd_action_add_conntrack_action_string,
3579 (void *)&cmd_action_add_conntrack_add_string,
3580 (void *)&cmd_action_add_conntrack_action_id,
3581 (void *)&cmd_action_add_conntrack_conntrack_string,
3587 * p action del conntrack
3591 * A structure defining the delete Connection Tracking action command.
3593 struct cmd_action_del_conntrack_result {
3594 cmdline_fixed_string_t p_string;
3595 cmdline_fixed_string_t action_string;
3596 cmdline_fixed_string_t del_string;
3598 cmdline_fixed_string_t conntrack_string;
3602 * Parse Connection Tracking Action Delete Command.
3604 * @param parsed_result
3605 * A pointer to CLI command parsed result.
3607 * A pointer to command line context.
3609 * A pointer to command specific data
3613 cmd_action_del_conntrack_parsed(void *parsed_result, __attribute__ ((unused))
3614 struct cmdline *cl, void *data)
3616 struct cmd_action_del_conntrack_result *params = parsed_result;
3617 struct app_params *app = data;
3618 struct pipeline_action_key key;
3621 key.action_id = params->action_id;
3622 key.action_bitmap = acl_action_conntrack;
3624 status = app_pipeline_action_delete(app, &key);
3627 printf("Command failed\n");
3632 cmdline_parse_token_string_t cmd_action_del_conntrack_p_string =
3633 TOKEN_STRING_INITIALIZER(struct cmd_action_del_conntrack_result, p_string,
3636 cmdline_parse_token_string_t cmd_action_del_conntrack_action_string =
3637 TOKEN_STRING_INITIALIZER(struct cmd_action_del_conntrack_result,
3638 action_string, "action");
3640 cmdline_parse_token_string_t cmd_action_del_conntrack_del_string =
3641 TOKEN_STRING_INITIALIZER(struct cmd_action_del_conntrack_result,
3644 cmdline_parse_token_num_t cmd_action_del_conntrack_action_id =
3645 TOKEN_NUM_INITIALIZER(struct cmd_action_del_conntrack_result, action_id,
3648 cmdline_parse_token_string_t cmd_action_del_conntrack_conntrack_string =
3649 TOKEN_STRING_INITIALIZER(struct cmd_action_del_conntrack_result,
3650 conntrack_string, "conntrack");
3652 cmdline_parse_inst_t cmd_action_del_conntrack = {
3653 .f = cmd_action_del_conntrack_parsed,
3655 .help_str = "ACL action delete conntrack",
3657 (void *)&cmd_action_del_conntrack_p_string,
3658 (void *)&cmd_action_del_conntrack_action_string,
3659 (void *)&cmd_action_del_conntrack_del_string,
3660 (void *)&cmd_action_del_conntrack_action_id,
3661 (void *)&cmd_action_del_conntrack_conntrack_string,
3667 * p action add connexist
3671 * A structure defining the add Connection Exist action command.
3673 struct cmd_action_add_connexist_result {
3674 cmdline_fixed_string_t p_string;
3675 cmdline_fixed_string_t action_string;
3676 cmdline_fixed_string_t add_string;
3678 cmdline_fixed_string_t connexist_string;
3679 cmdline_fixed_string_t private_public_string;
3683 * Parse Connection Exist Action Add Command.
3685 * @param parsed_result
3686 * A pointer to CLI command parsed result.
3688 * A pointer to command line context.
3690 * A pointer to command specific data
3694 cmd_action_add_connexist_parsed(void *parsed_result, __attribute__ ((unused))
3695 struct cmdline *cl, void *data)
3697 struct cmd_action_add_connexist_result *params = parsed_result;
3698 struct app_params *app = data;
3699 struct pipeline_action_key key;
3703 printf("public_private: %s\n", params->private_public_string);
3704 key.action_id = params->action_id;
3705 key.action_bitmap = acl_action_connexist;
3706 if (strcmp(params->private_public_string, "prvpub") == 0)
3707 key.private_public = acl_private_public;
3708 else if (strcmp(params->private_public_string, "pubprv") == 0)
3709 key.private_public = acl_public_private;
3711 printf("Command failed - Invalid string: %s\n",
3712 params->private_public_string);
3716 status = app_pipeline_action_add(app, &key);
3719 printf("Command failed\n");
3724 cmdline_parse_token_string_t cmd_action_add_connexist_p_string =
3725 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result, p_string,
3728 cmdline_parse_token_string_t cmd_action_add_connexist_action_string =
3729 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result,
3730 action_string, "action");
3732 cmdline_parse_token_string_t cmd_action_add_connexist_add_string =
3733 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result,
3736 cmdline_parse_token_num_t cmd_action_add_connexist_action_id =
3737 TOKEN_NUM_INITIALIZER(struct cmd_action_add_connexist_result, action_id,
3740 cmdline_parse_token_string_t cmd_action_add_connexist_connexist_string =
3741 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result,
3742 connexist_string, "connexist");
3744 cmdline_parse_token_string_t cmd_action_add_connexist_private_public =
3745 TOKEN_STRING_INITIALIZER(struct cmd_action_add_connexist_result,
3746 private_public_string,
3749 cmdline_parse_inst_t cmd_action_add_connexist = {
3750 .f = cmd_action_add_connexist_parsed,
3752 .help_str = "ACL action add connexist",
3754 (void *)&cmd_action_add_connexist_p_string,
3755 (void *)&cmd_action_add_connexist_action_string,
3756 (void *)&cmd_action_add_connexist_add_string,
3757 (void *)&cmd_action_add_connexist_action_id,
3758 (void *)&cmd_action_add_connexist_connexist_string,
3759 (void *)&cmd_action_add_connexist_private_public,
3765 * p action del connexist
3769 * A structure defining the delete Connection Exist action command.
3771 struct cmd_action_del_connexist_result {
3772 cmdline_fixed_string_t p_string;
3773 cmdline_fixed_string_t action_string;
3774 cmdline_fixed_string_t del_string;
3776 cmdline_fixed_string_t connexist_string;
3780 * Parse Connection Exist Action Delete Command.
3782 * @param parsed_result
3783 * A pointer to CLI command parsed result.
3785 * A pointer to command line context.
3787 * A pointer to command specific data
3791 cmd_action_del_connexist_parsed(void *parsed_result, __attribute__ ((unused))
3792 struct cmdline *cl, void *data)
3794 struct cmd_action_del_connexist_result *params = parsed_result;
3795 struct app_params *app = data;
3796 struct pipeline_action_key key;
3799 key.action_id = params->action_id;
3800 key.action_bitmap = acl_action_connexist;
3802 status = app_pipeline_action_delete(app, &key);
3805 printf("Command failed\n");
3810 cmdline_parse_token_string_t cmd_action_del_connexist_p_string =
3811 TOKEN_STRING_INITIALIZER(struct cmd_action_del_connexist_result, p_string,
3814 cmdline_parse_token_string_t cmd_action_del_connexist_action_string =
3815 TOKEN_STRING_INITIALIZER(struct cmd_action_del_connexist_result,
3816 action_string, "action");
3818 cmdline_parse_token_string_t cmd_action_del_connexist_add_string =
3819 TOKEN_STRING_INITIALIZER(struct cmd_action_del_connexist_result,
3822 cmdline_parse_token_num_t cmd_action_del_connexist_action_id =
3823 TOKEN_NUM_INITIALIZER(struct cmd_action_del_connexist_result, action_id,
3826 cmdline_parse_token_string_t cmd_action_del_connexist_connexist_string =
3827 TOKEN_STRING_INITIALIZER(struct cmd_action_del_connexist_result,
3828 connexist_string, "connexist");
3830 cmdline_parse_inst_t cmd_action_del_connexist = {
3831 .f = cmd_action_del_connexist_parsed,
3833 .help_str = "ACL action del connexist",
3835 (void *)&cmd_action_del_connexist_p_string,
3836 (void *)&cmd_action_del_connexist_action_string,
3837 (void *)&cmd_action_del_connexist_add_string,
3838 (void *)&cmd_action_del_connexist_action_id,
3839 (void *)&cmd_action_del_connexist_connexist_string,
3849 * A structure defining the action ls command.
3851 struct cmd_action_ls_result {
3852 cmdline_fixed_string_t p_string;
3853 cmdline_fixed_string_t action_string;
3854 cmdline_fixed_string_t ls_string;
3855 uint32_t table_instance;
3859 * Parse Action LS Command.
3861 * @param parsed_result
3862 * A pointer to CLI command parsed result.
3864 * A pointer to command line context.
3866 * A pointer to command specific data
3869 static void cmd_action_ls_parsed(void *parsed_result, __attribute__ ((unused))
3870 struct cmdline *cl, void *data)
3872 struct cmd_action_ls_result *params = parsed_result;
3873 struct app_params *app = data;
3874 uint32_t action_bitmap, i, j;
3875 uint8_t action_found = 0;
3876 struct action_counter_block action_counter_sum;
3878 if (params->table_instance == active_rule_table) {
3879 printf("Active Action Table:\n");
3880 printf("Action ID Action\n");
3881 printf("========= ======\n");
3883 for (i = 0; i < action_array_max; i++) {
3884 action_bitmap = action_array_active[i].action_bitmap;
3885 if (action_bitmap != 0) {
3887 if (action_bitmap & acl_action_packet_accept)
3888 printf(" %04u Accept\n", i);
3889 if (action_bitmap & acl_action_packet_drop)
3890 printf(" %04u Drop\n", i);
3891 if (action_bitmap & acl_action_nat)
3896 action_array_active[i].nat_port);
3897 if (action_bitmap & acl_action_fwd)
3902 action_array_active[i].fwd_port);
3903 if (action_bitmap & acl_action_count) {
3904 action_counter_sum.packetCount = 0;
3905 action_counter_sum.byteCount = 0;
3908 rte_ACL_hi_counter_block_in_use;
3910 action_counter_sum.packetCount
3911 += action_counter_table[j]
3913 action_counter_sum.byteCount +=
3914 action_counter_table[j]
3919 "Count Packet Count: %"
3920 PRIu64 " Byte Count: %" PRIu64
3922 action_counter_sum.packetCount,
3923 action_counter_sum.byteCount);
3925 if (action_bitmap & acl_action_conntrack)
3926 printf(" %04u Conntrack\n", i);
3927 if (action_bitmap & acl_action_connexist) {
3928 printf(" %04u Connexist", i);
3929 if (action_array_active
3930 [i].private_public ==
3932 printf(" prvpub\n");
3934 printf(" pubprv\n");
3936 if (action_bitmap & acl_action_dscp)
3939 "DSCP Priority: %u\n",
3951 printf("Standby Action Table:\n");
3952 printf("Action ID Action\n");
3953 printf("========= ======\n");
3955 for (i = 0; i < action_array_max; i++) {
3956 action_bitmap = action_array_standby[i].action_bitmap;
3957 if (action_bitmap != 0) {
3959 if (action_bitmap & acl_action_packet_accept)
3960 printf(" %04u Accept\n", i);
3961 if (action_bitmap & acl_action_packet_drop)
3962 printf(" %04u Drop\n", i);
3963 if (action_bitmap & acl_action_nat)
3968 action_array_standby[i].nat_port);
3969 if (action_bitmap & acl_action_fwd)
3974 action_array_standby[i].fwd_port);
3975 if (action_bitmap & acl_action_count)
3976 printf(" %04u Count\n", i);
3977 if (action_bitmap & acl_action_conntrack)
3978 printf(" %04u Conntrack\n", i);
3979 if (action_bitmap & acl_action_connexist) {
3980 printf(" %04u Connexist", i);
3981 if (action_array_standby
3982 [i].private_public ==
3984 printf(" prvpub\n");
3986 printf(" pubprv\n");
3988 if (action_bitmap & acl_action_dscp)
3991 "DSCP Priority: %u\n",
3993 action_array_standby
4003 cmdline_parse_token_string_t cmd_action_ls_p_string =
4004 TOKEN_STRING_INITIALIZER(struct cmd_action_ls_result, p_string,
4007 cmdline_parse_token_string_t cmd_action_ls_action_string =
4008 TOKEN_STRING_INITIALIZER(struct cmd_action_ls_result,
4009 action_string, "action");
4011 cmdline_parse_token_string_t cmd_action_ls_ls_string =
4012 TOKEN_STRING_INITIALIZER(struct cmd_action_ls_result, ls_string,
4015 cmdline_parse_token_num_t cmd_action_ls_table_instance =
4016 TOKEN_NUM_INITIALIZER(struct cmd_action_ls_result, table_instance,
4019 cmdline_parse_inst_t cmd_action_ls = {
4020 .f = cmd_action_ls_parsed,
4022 .help_str = "ACL action list",
4024 (void *)&cmd_action_ls_p_string,
4025 (void *)&cmd_action_ls_action_string,
4026 (void *)&cmd_action_ls_ls_string,
4027 (void *)&cmd_action_ls_table_instance,
4033 * p acl onesectimer start/stop
4037 * A structure defining the ACL Dump Counter start/stop command.
4039 struct cmd_acl_per_sec_ctr_dump_result {
4040 cmdline_fixed_string_t p_string;
4041 cmdline_fixed_string_t acl_string;
4042 cmdline_fixed_string_t per_sec_ctr_dump_string;
4043 cmdline_fixed_string_t stop_string;
4047 * Parse Dump Counter Start Command.
4048 * Start timer to display stats to console at regular intervals.
4050 * @param parsed_result
4051 * A pointer to CLI command parsed result.
4053 * A pointer to command line context.
4055 * A pointer to command specific data
4059 cmd_acl_per_sec_ctr_dump_start_parsed(void *parsed_result,
4060 __attribute__ ((unused))
4061 struct cmdline *cl, void *data)
4063 struct cmd_acl_per_sec_ctr_dump_result *params = parsed_result;
4064 struct app_params *app = data;
4066 rte_acl_reset_running_averages();
4067 uint32_t core_id = rte_lcore_id();/* execute timeout on current core */
4068 int success = rte_timer_reset(&rte_acl_one_second_timer,
4069 rte_acl_ticks_in_one_second, PERIODICAL,
4071 rte_dump_acl_counters_from_master, NULL);
4075 * Parse Dump Counter Stop Command.
4076 * Stop timer that was started to display stats.
4078 * @param parsed_result
4079 * A pointer to CLI command parsed result.
4081 * A pointer to command line context.
4083 * A pointer to command specific data
4087 cmd_acl_per_sec_ctr_dump_stop_parsed(void *parsed_result,
4088 __attribute__ ((unused))
4089 struct cmdline *cl, void *data)
4091 struct cmd_acl_per_sec_ctr_dump_result *params = parsed_result;
4092 struct app_params *app = data;
4094 rte_timer_stop(&rte_acl_one_second_timer);
4097 cmdline_parse_token_string_t cmd_acl_per_sec_ctr_dump_p_string =
4098 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4101 cmdline_parse_token_string_t cmd_acl_per_sec_ctr_dump_acl_string =
4102 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4105 cmdline_parse_token_string_t cmd_acl_per_sec_ctr_dump_string =
4106 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4107 per_sec_ctr_dump_string, "counterdump");
4109 cmdline_parse_token_string_t cmd_acl_stop_string =
4110 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4111 stop_string, "stop");
4113 cmdline_parse_token_string_t cmd_acl_start_string =
4114 TOKEN_STRING_INITIALIZER(struct cmd_acl_per_sec_ctr_dump_result,
4115 stop_string, "start");
4117 cmdline_parse_inst_t cmd_acl_per_sec_ctr_dump_stop = {
4118 .f = cmd_acl_per_sec_ctr_dump_stop_parsed,
4120 .help_str = "ACL counterdump stop",
4122 (void *)&cmd_acl_per_sec_ctr_dump_p_string,
4123 (void *)&cmd_acl_per_sec_ctr_dump_acl_string,
4124 (void *)&cmd_acl_per_sec_ctr_dump_string,
4125 (void *)&cmd_acl_stop_string,
4130 cmdline_parse_inst_t cmd_acl_per_sec_ctr_dump_start = {
4131 .f = cmd_acl_per_sec_ctr_dump_start_parsed,
4133 .help_str = "ACL counterdump start",
4135 (void *)&cmd_acl_per_sec_ctr_dump_p_string,
4136 (void *)&cmd_acl_per_sec_ctr_dump_acl_string,
4137 (void *)&cmd_acl_per_sec_ctr_dump_string,
4138 (void *)&cmd_acl_start_string,
4143 static cmdline_parse_ctx_t pipeline_cmds[] = {
4144 (cmdline_parse_inst_t *) &cmd_acl_add_ip,
4145 (cmdline_parse_inst_t *) &cmd_acl_del_ip,
4146 (cmdline_parse_inst_t *) &cmd_acl_stats,
4147 (cmdline_parse_inst_t *) &cmd_acl_clearstats,
4148 (cmdline_parse_inst_t *) &cmd_acl_dbg,
4149 (cmdline_parse_inst_t *) &cmd_acl_clearrules,
4150 (cmdline_parse_inst_t *) &cmd_loadrules,
4151 (cmdline_parse_inst_t *) &cmd_acl_ls,
4152 (cmdline_parse_inst_t *) &cmd_action_add_accept,
4153 (cmdline_parse_inst_t *) &cmd_action_del_accept,
4154 (cmdline_parse_inst_t *) &cmd_action_add_drop,
4155 (cmdline_parse_inst_t *) &cmd_action_del_drop,
4156 (cmdline_parse_inst_t *) &cmd_action_add_fwd,
4157 (cmdline_parse_inst_t *) &cmd_action_del_fwd,
4158 (cmdline_parse_inst_t *) &cmd_action_add_nat,
4159 (cmdline_parse_inst_t *) &cmd_action_del_nat,
4160 (cmdline_parse_inst_t *) &cmd_action_add_count,
4161 (cmdline_parse_inst_t *) &cmd_action_del_count,
4162 (cmdline_parse_inst_t *) &cmd_action_add_dscp,
4163 (cmdline_parse_inst_t *) &cmd_action_del_dscp,
4164 (cmdline_parse_inst_t *) &cmd_action_add_conntrack,
4165 (cmdline_parse_inst_t *) &cmd_action_del_conntrack,
4166 (cmdline_parse_inst_t *) &cmd_action_add_connexist,
4167 (cmdline_parse_inst_t *) &cmd_action_del_connexist,
4168 (cmdline_parse_inst_t *) &cmd_action_ls,
4169 (cmdline_parse_inst_t *) &cmd_acl_applyruleset,
4170 (cmdline_parse_inst_t *) &cmd_acl_per_sec_ctr_dump_stop,
4171 (cmdline_parse_inst_t *) &cmd_acl_per_sec_ctr_dump_start,
4175 static struct pipeline_fe_ops pipeline_acl_fe_ops = {
4176 .f_init = app_pipeline_acl_init,
4177 .f_free = app_pipeline_acl_free,
4178 .cmds = pipeline_cmds,
4181 struct pipeline_type pipeline_acl = {
4183 .be_ops = &pipeline_acl_be_ops,
4184 .fe_ops = &pipeline_acl_fe_ops,
4187 void all_acl_stats(struct mg_connection *conn)
4190 struct app_params *app = myapp;
4192 struct rte_ACL_counter_block acl_counter_sums;
4193 struct rte_CT_counter_block ct_counter_sums;
4194 struct rte_CT_counter_block *ct_counters;
4195 struct action_counter_block action_counter_sum[action_array_max];
4197 memset(&acl_counter_sums, 0, sizeof(acl_counter_sums));
4198 memset(&ct_counter_sums, 0, sizeof(ct_counter_sums));
4201 "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: "
4203 mg_printf(conn, "<html><body>");
4204 mg_printf(conn, "ACL Stats\n");
4205 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
4206 struct rte_ACL_counter_block *acl_ctrs =
4207 &rte_acl_counter_table[i];
4208 ct_counters = rte_acl_counter_table[i].ct_counters;
4209 mg_printf(conn, "acl entry[%i] tpkts_processed: %" PRIu64
4210 ", pkts_drop: %" PRIu64 ", pkts_received: %" PRIu64
4211 ", bytes_processed: %" PRIu64 "\n", i,
4212 acl_ctrs->tpkts_processed, acl_ctrs->pkts_drop,
4213 acl_ctrs->pkts_received, acl_ctrs->bytes_processed);
4215 acl_counter_sums.tpkts_processed += acl_ctrs->tpkts_processed;
4216 acl_counter_sums.bytes_processed += acl_ctrs->bytes_processed;
4217 acl_counter_sums.pkts_drop += acl_ctrs->pkts_drop;
4218 acl_counter_sums.pkts_received += acl_ctrs->pkts_received;
4219 ct_counter_sums.pkts_forwarded += ct_counters->pkts_forwarded;
4220 ct_counter_sums.pkts_drop += ct_counters->pkts_drop;
4223 mg_printf(conn, "ACL TOTAL: tpkts_processed: %" PRIu64 ", pkts_drop: %" PRIu64
4224 ", pkts_received: %" PRIu64 ", bytes_processed: %" PRIu64 "\n\n",
4225 acl_counter_sums.tpkts_processed,
4226 acl_counter_sums.pkts_drop,
4227 acl_counter_sums.pkts_received,
4228 acl_counter_sums.bytes_processed);
4230 mg_printf(conn, "CT TOTAL: ct_packets_forwarded: %" PRIu64
4231 ", ct_packets_dropped: %" PRIu64 "\n\n",
4232 ct_counter_sums.pkts_forwarded, ct_counter_sums.pkts_drop);
4234 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
4235 for (j = 0; j < action_array_max; j++) {
4236 if (action_array_active[j].action_bitmap &
4238 action_counter_sum[j].packetCount +=
4239 action_counter_table[i][j].packetCount;
4240 action_counter_sum[j].byteCount +=
4241 action_counter_table[i][j].byteCount;
4246 for (j = 0; j < action_array_max; j++) {
4247 if (action_array_active[j].action_bitmap & acl_action_count)
4248 mg_printf(conn, "Action ID: %02u, packetCount: %" PRIu64
4249 ", byteCount: %" PRIu64 "\n", j,
4250 action_counter_sum[j].packetCount,
4251 action_counter_sum[j].byteCount);
4253 mg_printf(conn, "<p>Command Passed</p>");
4254 mg_printf(conn, "</body></html>\n");
4257 int acl_stats_handler(struct mg_connection *conn, void *cbdata)
4259 uint32_t num_links = 0, len = 0;
4261 const struct mg_request_info *ri = mg_get_request_info(conn);
4262 struct app_params *app = myapp;
4265 if (!strcmp(ri->request_method, "GET")) {
4266 all_acl_stats(conn);
4267 mg_printf(conn, "%s\n", &buf[0]);
4271 if (strcmp(ri->request_method, "POST")) {
4273 "HTTP/1.1 405 Method Not Allowed\r\nConnection: close\r\n");
4274 mg_printf(conn, "Content-Type: text/plain\r\n\r\n");
4276 "%s method not allowed in the GET handler\n",
4277 ri->request_method);
4280 for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) {
4281 rte_acl_counter_table[i].tpkts_processed = 0;
4282 rte_acl_counter_table[i].bytes_processed = 0;
4283 rte_acl_counter_table[i].pkts_drop = 0;
4284 rte_acl_counter_table[i].pkts_received = 0;
4285 rte_acl_counter_table[i].pkts_drop_ttl = 0;
4286 rte_acl_counter_table[i].pkts_drop_bad_size = 0;
4287 rte_acl_counter_table[i].pkts_drop_fragmented = 0;
4288 rte_acl_counter_table[i].pkts_drop_without_arp_entry = 0;
4289 rte_acl_counter_table[i].ct_counters->pkts_forwarded = 0;
4290 rte_acl_counter_table[i].ct_counters->pkts_drop = 0;
4293 memset(&action_counter_table, 0, sizeof(action_counter_table));
4295 mg_printf(conn, "%s\n", &buf[0]);
4300 int acl_version_handler(struct mg_connection *conn, void *cbdata)
4302 const struct mg_request_info *req_info = mg_get_request_info(conn);
4305 "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: "
4307 mg_printf(conn, "<html><body>");
4308 mg_printf(conn, "<p>Command Passed</p>");
4309 mg_printf(conn, "</body></html>\n");
4314 int acl_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata)
4317 const struct mg_request_info *req_info = mg_get_request_info(conn);
4318 if (strcmp(req_info->request_method, "GET")) {
4319 mg_printf(conn, "Only GET method allowed");
4324 "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: "
4326 mg_printf(conn, "<html><body>");
4327 mg_printf(conn, "<h2> These are the methods that are supported </h2>");
4328 mg_printf(conn, "<h3> /load </h3>");
4329 mg_printf(conn, "<h3> /clear </h3>");
4330 mg_printf(conn, "<html><body>");
4332 mg_printf(conn, "</body></html>\n");
4337 static int acl_field_found(const char *key,
4338 const char *filename,
4343 struct mg_connection *conn = (struct mg_connection *)user_data;
4345 mg_printf(conn, "\r\n\r\n%s:\r\n", key);
4346 mg_printf(conn, "Inside vfw_field_found %s \n", filename);
4348 if (filename && *filename) {
4349 snprintf(path, pathlen, "/tmp/%s", filename);
4350 struct app_params *app = myapp;
4354 mg_printf(conn, "path: %s\n", path);
4356 /* Make sure the file exists before clearing rules and actions */
4357 fd = open(path, O_RDONLY);
4359 mg_printf(conn, "Cannot open file \"%s\"\n", filename);
4360 return FORM_FIELD_STORAGE_GET;
4364 return FORM_FIELD_STORAGE_STORE;
4367 return FORM_FIELD_STORAGE_GET;
4370 static int acl_field_get(const char *key, const char *value, size_t valuelen,
4373 struct mg_connection *conn = (struct mg_connection *)user_data;
4376 mg_printf(conn, "%s = ", key);
4378 mg_write(conn, value, valuelen);
4383 static int acl_field_stored(const char *path, long long file_size,
4386 struct mg_connection *conn = (struct mg_connection *)user_data;
4390 "stored as %s (%lu bytes)\r\n\r\n",
4392 (unsigned long)file_size);
4394 /* Clear all rules and actions */
4395 status = app_pipeline_acl_clearrules(myapp);
4398 mg_printf(conn, "Command failed\n");
4402 /* Process commands in script file */
4403 app_loadrules_file(pipe_cl->ctx, path);
4409 int acl_load_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata)
4411 /* Handler may access the request info using mg_get_request_info */
4413 const struct mg_request_info *req_info = mg_get_request_info(conn);
4414 struct mg_form_data_handler fdh = {acl_field_found, acl_field_get,
4415 acl_field_stored, 0};
4417 /* It would be possible to check the request info here before calling
4418 * mg_handle_form_request. */
4422 "HTTP/1.1 200 OK\r\nContent-Type: "
4423 "text/plain\r\nConnection: close\r\n\r\n");
4425 if (!strcmp(req_info->request_method, "GET")) {
4426 mg_printf(conn, "Rule file is %s\n", rules_loaded? "LOADED":"NOT LOADED");
4429 if (strcmp(req_info->request_method, "PUT")) {
4430 mg_printf(conn, "Only PUT method allowed");
4434 fdh.user_data = (void *)conn;
4436 /* Call the form handler */
4437 mg_printf(conn, "Form data:");
4438 ret = mg_handle_form_request(conn, &fdh);
4439 mg_printf(conn, "\r\n%i fields found", ret);
4444 int acl_clear_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata)
4446 struct app_params *app = myapp;
4449 "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: "
4451 mg_printf(conn, "<html><body>");
4452 status = app_pipeline_acl_clearrules(app);
4455 mg_printf(conn, "Command failed\n");
4459 mg_printf(conn, "Command Success\n");
4460 mg_printf(conn, "</body></html>\n");
4464 void rest_api_acl_init(struct mg_context *ctx, struct app_params *app)
4468 /* vCGNAPT commands */
4469 mg_set_request_handler(ctx, "/vnf/config/rules", acl_rules_handler, 0);
4470 mg_set_request_handler(ctx, "/vnf/config/rules/load", acl_load_rules_handler, 0);
4471 mg_set_request_handler(ctx, "/vnf/config/rules/clear", acl_clear_rules_handler, 0);
4472 mg_set_request_handler(ctx, "/vnf/status", acl_version_handler, 0);
4473 mg_set_request_handler(ctx, "/vnf/stats", acl_stats_handler, 0);