2 // Copyright (c) 2017 Intel Corporation
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
17 #ifndef __INCLUDE_PIPELINE_ACL_BE_H__
18 #define __INCLUDE_PIPELINE_ACL_BE_H__
24 * Pipeline ACL Back End (BE).
25 * Responsible for packet processing.
29 #include "pipeline_common_be.h"
30 #include "rte_ct_tcp.h"
31 #include "pipeline_arpicmp_be.h"
33 enum pipeline_acl_key_type {
34 PIPELINE_ACL_IPV4_5TUPLE,
35 PIPELINE_ACL_IPV6_5TUPLE
38 #define MBUF_HDR_ROOM 256
39 #define ETH_HDR_SIZE 14
40 #define IP_HDR_SIZE 20
41 #define IP_HDR_DSCP_OFST 1
42 #define IP_HDR_LENGTH_OFST 2
43 #define IP_HDR_PROTOCOL_OFST 9
44 #define IP_HDR_DST_ADR_OFST 16
45 #define IP_VERSION_4 4
46 #define IP_VERSION_6 6
49 #define IP_HDR_SIZE_IPV6 40
50 #define IP_HDR_DSCP_OFST_IPV6 0
51 #define IP_HDR_LENGTH_OFST_IPV6 4
52 #define IP_HDR_PROTOCOL_OFST_IPV6 6
53 #define IP_HDR_DST_ADR_OFST_IPV6 24
55 #define IPv4_HDR_VERSION 4
56 #define IPv6_HDR_VERSION 6
57 #define IP_VERSION_CHECK 4
59 extern int rte_ACL_hi_counter_block_in_use;
60 extern uint8_t ACL_DEBUG;
63 * A structure defining the ACL counter block.
64 * One counter block per ACL Thread
66 struct rte_ACL_counter_block {
67 char name[PIPELINE_NAME_SIZE];
68 /* as long as a counter doesn't cross cache line, writes are atomic */
69 uint64_t tpkts_processed;
70 uint64_t bytes_processed; /* includes all L3 and higher headers */
73 uint64_t pkts_received;
74 uint64_t pkts_drop_ttl;
75 uint64_t pkts_drop_bad_size;
76 uint64_t pkts_drop_fragmented;
77 uint64_t pkts_drop_without_arp_entry;
79 struct rte_CT_counter_block *ct_counters;
81 uint64_t sum_latencies;
82 /* average latency = sum_latencies / count_latencies */
83 uint32_t count_latencies;
84 } __rte_cache_aligned;
86 #define MAX_ACL_INSTANCES 12/* max number ACL threads, actual usually less */
88 extern struct rte_ACL_counter_block rte_acl_counter_table[MAX_ACL_INSTANCES]
92 * A structure defining the IPv4 5-Tuple for ACL rules.
94 struct pipeline_acl_key_ipv4_5tuple {
99 uint16_t src_port_from;
100 uint16_t src_port_to;
101 uint16_t dst_port_from;
102 uint16_t dst_port_to;
108 * A structure defining the IPv6 5-Tuple for ACL rules.
110 struct pipeline_acl_key_ipv6_5tuple {
112 uint32_t src_ip_mask;
114 uint32_t dst_ip_mask;
115 uint16_t src_port_from;
116 uint16_t src_port_to;
117 uint16_t dst_port_from;
118 uint16_t dst_port_to;
124 * A structure defining the key to store ACL rule.
125 * For both IPv4 and IPv6.
127 struct pipeline_acl_key {
128 enum pipeline_acl_key_type type;
130 struct pipeline_acl_key_ipv4_5tuple ipv4_5tuple;
131 struct pipeline_acl_key_ipv6_5tuple ipv6_5tuple;
136 * A structure defining the ACL pipeline table.
138 struct acl_table_entry {
139 struct rte_pipeline_table_entry head;
143 /* Define ACL actions for bitmap */
144 #define acl_action_packet_drop 1
145 #define acl_action_packet_accept 2
146 #define acl_action_nat 4
147 #define acl_action_fwd 8
148 #define acl_action_count 16
149 #define acl_action_dscp 32
150 #define acl_action_conntrack 64
151 #define acl_action_connexist 128
153 #define acl_private_public 0
154 #define acl_public_private 1
156 #define action_array_max 10000
159 * A structure defining the key to store an ACL action.
161 struct pipeline_action_key {
163 uint32_t action_bitmap;
166 uint8_t dscp_priority;
167 uint8_t private_public;
168 } __rte_cache_aligned;
171 * A structure defining the Action counters.
172 * One Action Counter Block per ACL thread.
174 struct action_counter_block {
176 uint64_t packetCount;
177 } __rte_cache_aligned;
179 extern struct pipeline_action_key *action_array_a;
180 extern struct pipeline_action_key *action_array_b;
181 extern struct pipeline_action_key *action_array_active;
182 extern struct pipeline_action_key *action_array_standby;
183 extern uint32_t action_array_size;
185 extern struct action_counter_block
186 action_counter_table[MAX_ACL_INSTANCES][action_array_max]
189 enum pipeline_acl_msg_req_type {
190 PIPELINE_ACL_MSG_REQ_DBG = 0,
191 PIPELINE_ACL_MSG_REQS
195 * A structure defining the add ACL rule command response message.
197 struct pipeline_acl_add_msg_rsp {
204 * A structure defining the debug command request message.
206 struct pipeline_acl_dbg_msg_req {
207 enum pipeline_msg_req_type type;
208 enum pipeline_acl_msg_req_type subtype;
215 * A structure defining the debug command response message.
217 struct pipeline_acl_dbg_msg_rsp {
222 extern struct pipeline_be_ops pipeline_acl_be_ops;
224 extern int rte_ct_initialize_default_timeouts(struct rte_ct_cnxn_tracker