2 // Copyright (c) 2017 Intel Corporation
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
17 #ifndef __INCLUDE_PIPELINE_VFW_BE_H__
18 #define __INCLUDE_PIPELINE_VFW_BE_H__
24 * Pipeline VFW Back End (BE).
25 * Responsible for packet processing.
29 #include <rte_ether.h>
31 #include "pipeline_common_be.h"
32 #include "rte_cnxn_tracking.h"
33 #include "rte_ct_tcp.h"
36 /*#define VFW_DEBUG 0*/
38 extern uint8_t VFW_DEBUG;
39 extern uint8_t firewall_flag;
40 extern uint8_t cnxn_tracking_is_active;
41 #define KEY_SIZE 10 /*IPV4 src_ip + dst_ip + src_port + dst_port */
42 #define IP_32BIT_SIZE 4
43 #define MAX_VFW_INSTANCES 24 /* max number fw threads, actual usually less */
44 #define IPv4_HDR_VERSION 4
45 #define IPv6_HDR_VERSION 6
46 #define IP_VERSION_CHECK 4
47 extern int rte_VFW_hi_counter_block_in_use;
49 enum pipeline_vfw_key_type {
50 PIPELINE_VFW_IPV4_5TUPLE,
51 PIPELINE_VFW_IPV6_5TUPLE
54 * A structure defining the VFW counter block.
55 * One counter block per VFW Thread
57 struct rte_VFW_counter_block {
58 char name[PIPELINE_NAME_SIZE];
60 /* as long as a counter doesn't cross cache line, writes are atomic */
61 uint64_t pkts_received;
62 uint64_t bytes_processed; /**< includes all L3 and higher headers. */
63 uint64_t num_batch_pkts_sum;
64 uint32_t num_pkts_measurements;
65 uint32_t unused_counter;
67 uint64_t entry_timestamp;
68 uint64_t exit_timestamp;
69 uint64_t internal_time_sum;
70 uint64_t external_time_sum;
71 uint32_t time_measurements;
72 uint32_t count_latencies;
74 uint64_t sum_latencies;
75 uint64_t pkts_drop_without_rule;
76 uint64_t pkts_acl_forwarded;
78 /**< Total packets drop for ttl value by firewall.*/
79 uint64_t pkts_drop_ttl;
80 /**< Total packets drop for bad size by firewall. */
81 uint64_t pkts_drop_bad_size;
82 /**< Total packets drop for fragmented by firewall. */
83 uint64_t pkts_drop_fragmented;
84 /**< Total packets drop for without arp entry by firewall.*/
85 uint64_t pkts_drop_without_arp_entry;
86 /**< Total packets drop for ipv6 not tcp/udp by firewall. */
87 uint64_t pkts_drop_unsupported_type;
88 /**< A pointer to connection tracker counters.*/
89 struct rte_CT_counter_block *ct_counters;
90 /* average latency = sum_latencies / count_latencies */
91 uint64_t pkts_fw_forwarded;
92 uint64_t arpicmpPktCount;
93 } __rte_cache_aligned;
95 /** The counter table for VFW pipeline per thread data.*/
96 extern struct rte_VFW_counter_block
97 rte_vfw_counter_table[MAX_VFW_INSTANCES] __rte_cache_aligned;
100 * A structure defining the IPv4 5-Tuple for VFW rules.
102 struct pipeline_vfw_key_ipv4_5tuple {
104 uint32_t src_ip_mask;
106 uint32_t dst_ip_mask;
107 uint16_t src_port_from;
108 uint16_t src_port_to;
109 uint16_t dst_port_from;
110 uint16_t dst_port_to;
116 * A structure defining the IPv6 5-Tuple for VFW rules.
118 struct pipeline_vfw_key_ipv6_5tuple {
120 uint32_t src_ip_mask;
122 uint32_t dst_ip_mask;
123 uint16_t src_port_from;
124 uint16_t src_port_to;
125 uint16_t dst_port_from;
126 uint16_t dst_port_to;
131 /* Messages from CLI for processing by packet processing */
133 enum pipeline_tcpfw_msg_req_type {
135 PIPELINE_TCPFW_MSG_REQ_ENTRY_STATUS,
136 PIPELINE_TCPFW_MSG_REQ_DBG,
137 PIPELINE_TCPFW_MSG_REQ_SYNPROXY_FLAGS,
138 PIPELINE_TCPFW_MSG_REQS
141 * A structure defining the key to store VFW rule.
142 * For both IPv4 and IPv6.
144 struct pipeline_vfw_key {
145 enum pipeline_vfw_key_type type;
147 struct pipeline_vfw_key_ipv4_5tuple ipv4_5tuple;
148 struct pipeline_vfw_key_ipv6_5tuple ipv6_5tuple;
154 extern struct pipeline_action_key *action_array_a;
155 extern struct pipeline_action_key *action_array_b;
156 extern struct pipeline_action_key *action_array_active;
157 extern struct pipeline_action_key *action_array_standby;
158 extern uint32_t action_array_size;
160 extern struct action_counter_block
161 action_counter_table[MAX_VFW_INSTANCES][action_array_max]
165 * A structure defining the add VFW rule command response message.
167 struct pipeline_vfw_add_msg_rsp {
173 struct app_pipeline_vfw_entry_params {
181 struct pipeline_vfw_entry_key {
182 uint32_t ip1[IP_32BIT_SIZE];
183 uint32_t ip2[IP_32BIT_SIZE];
188 /* Messages from CLI for processing by packet processing */
190 enum pipeline_vfw_msg_req_type {
191 PIPELINE_VFW_MSG_REQ_SYNPROXY_FLAGS,
192 PIPELINE_VFW_MSG_REQS
196 * A structure defining the synproxy ON/OFF command request message.
198 struct pipeline_vfw_synproxy_flag_msg_req {
199 enum pipeline_msg_req_type type;
200 enum pipeline_vfw_msg_req_type subtype;
203 uint8_t synproxy_flag;
207 * A structure defining the synproxy ON/OFF command response message.
209 struct pipeline_vfw_synproxy_flag_msg_rsp {
213 extern struct pipeline_be_ops pipeline_vfw_be_ops;
215 extern int rte_ct_initialize_default_timeouts(struct rte_ct_cnxn_tracker