2 // Copyright (c) 2017 Intel Corporation
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
17 #ifndef __INCLUDE_PIPELINE_ACL_BE_H__
18 #define __INCLUDE_PIPELINE_ACL_BE_H__
24 * Pipeline ACL Back End (BE).
25 * Responsible for packet processing.
29 #include "pipeline_common_be.h"
30 #include "rte_ct_tcp.h"
31 #include "pipeline_arpicmp_be.h"
33 enum pipeline_acl_key_type {
34 PIPELINE_ACL_IPV4_5TUPLE,
35 PIPELINE_ACL_IPV6_5TUPLE
38 #define MBUF_HDR_ROOM 256
39 #define ETH_HDR_SIZE 14
40 #define IP_HDR_SIZE 20
41 #define IP_HDR_DSCP_OFST 1
42 #define IP_HDR_LENGTH_OFST 2
43 #define IP_HDR_PROTOCOL_OFST 9
44 #define IP_HDR_DST_ADR_OFST 16
45 #define IP_VERSION_4 4
46 #define IP_VERSION_6 6
50 #define IP_HDR_SIZE_IPV6 40
51 #define IP_HDR_DSCP_OFST_IPV6 0
52 #define IP_HDR_LENGTH_OFST_IPV6 4
53 #define IP_HDR_PROTOCOL_OFST_IPV6 6
54 #define IP_HDR_DST_ADR_OFST_IPV6 24
56 #define IPv4_HDR_VERSION 4
57 #define IPv6_HDR_VERSION 6
58 #define IP_VERSION_CHECK 4
60 extern int rte_ACL_hi_counter_block_in_use;
61 extern uint8_t ACL_DEBUG;
64 * A structure defining the ACL counter block.
65 * One counter block per ACL Thread
67 struct rte_ACL_counter_block {
69 /* as long as a counter doesn't cross cache line, writes are atomic */
70 uint64_t tpkts_processed;
71 uint64_t bytes_processed; /* includes all L3 and higher headers */
74 uint64_t pkts_received;
75 uint64_t pkts_drop_ttl;
76 uint64_t pkts_drop_bad_size;
77 uint64_t pkts_drop_fragmented;
78 uint64_t pkts_drop_without_arp_entry;
80 struct rte_CT_counter_block *ct_counters;
82 uint64_t sum_latencies;
83 /* average latency = sum_latencies / count_latencies */
84 uint32_t count_latencies;
85 } __rte_cache_aligned;
87 #define MAX_ACL_INSTANCES 12/* max number ACL threads, actual usually less */
89 extern struct rte_ACL_counter_block rte_acl_counter_table[MAX_ACL_INSTANCES]
93 * A structure defining the IPv4 5-Tuple for ACL rules.
95 struct pipeline_acl_key_ipv4_5tuple {
100 uint16_t src_port_from;
101 uint16_t src_port_to;
102 uint16_t dst_port_from;
103 uint16_t dst_port_to;
109 * A structure defining the IPv6 5-Tuple for ACL rules.
111 struct pipeline_acl_key_ipv6_5tuple {
113 uint32_t src_ip_mask;
115 uint32_t dst_ip_mask;
116 uint16_t src_port_from;
117 uint16_t src_port_to;
118 uint16_t dst_port_from;
119 uint16_t dst_port_to;
125 * A structure defining the key to store ACL rule.
126 * For both IPv4 and IPv6.
128 struct pipeline_acl_key {
129 enum pipeline_acl_key_type type;
131 struct pipeline_acl_key_ipv4_5tuple ipv4_5tuple;
132 struct pipeline_acl_key_ipv6_5tuple ipv6_5tuple;
137 * A structure defining the ACL pipeline table.
139 struct acl_table_entry {
140 struct rte_pipeline_table_entry head;
144 /* Define ACL actions for bitmap */
145 #define acl_action_packet_drop 1
146 #define acl_action_packet_accept 2
147 #define acl_action_nat 4
148 #define acl_action_fwd 8
149 #define acl_action_count 16
150 #define acl_action_dscp 32
151 #define acl_action_conntrack 64
152 #define acl_action_connexist 128
154 #define acl_private_public 0
155 #define acl_public_private 1
157 #define action_array_max 10000
160 * A structure defining the key to store an ACL action.
162 struct pipeline_action_key {
164 uint32_t action_bitmap;
167 uint8_t dscp_priority;
168 uint8_t private_public;
169 } __rte_cache_aligned;
172 * A structure defining the Action counters.
173 * One Action Counter Block per ACL thread.
175 struct action_counter_block {
177 uint64_t packetCount;
178 } __rte_cache_aligned;
180 extern struct pipeline_action_key *action_array_a;
181 extern struct pipeline_action_key *action_array_b;
182 extern struct pipeline_action_key *action_array_active;
183 extern struct pipeline_action_key *action_array_standby;
184 extern uint32_t action_array_size;
186 extern struct action_counter_block
187 action_counter_table[MAX_ACL_INSTANCES][action_array_max]
190 enum pipeline_acl_msg_req_type {
191 PIPELINE_ACL_MSG_REQ_DBG = 0,
192 PIPELINE_ACL_MSG_REQS
196 * A structure defining the add ACL rule command response message.
198 struct pipeline_acl_add_msg_rsp {
205 * A structure defining the debug command request message.
207 struct pipeline_acl_dbg_msg_req {
208 enum pipeline_msg_req_type type;
209 enum pipeline_acl_msg_req_type subtype;
216 * A structure defining the debug command response message.
218 struct pipeline_acl_dbg_msg_rsp {
223 extern struct pipeline_be_ops pipeline_acl_be_ops;
225 extern int rte_ct_initialize_default_timeouts(struct rte_ct_cnxn_tracker