return 1;
}
-
-/**
- * Performs basic VFW packet filtering.
- * @param pkts
- * A pointer to the packets.
- * @param pkts_mask
- * packet mask.
- * @param vfw_pipe
- * A pointer to VFW pipeline.
- */
-
-static uint64_t
-rte_vfw_packet_filter_and_process(struct rte_mbuf **pkts,
- uint64_t pkts_mask,
- struct pipeline_vfw *vfw_pipe)
-{
-
- /*
- * Make use of cache prefetch. At beginning of loop, want to prefetch
- * mbuf data for next iteration (not current one).
- * Note that ethernet header (14 bytes) is cache aligned. IPv4 header
- * is 20 bytes (extensions not supported), while the IPv6 header is 40
- * bytes. TCP header is 20 bytes, UDP is 8. One cache line prefetch
- * will cover IPv4 and TCP or UDP, but to get IPv6 and TCP,
- * need two pre-fetches.
- */
-
- uint8_t pos, next_pos = 0;
- uint64_t pkt_mask; /* bitmask representing a single packet */
- struct rte_mbuf *pkt;
- struct rte_mbuf *next_pkt = NULL;
- void *iphdr;
- void *next_iphdr = NULL;
-
- if (unlikely(pkts_mask == 0))
- return pkts_mask;
- pos = (uint8_t) __builtin_ctzll(pkts_mask);
- pkt_mask = 1LLU << pos; /* bitmask representing only this packet */
- pkt = pkts[pos];
- iphdr = RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START);
- rte_prefetch0(iphdr);
-
- uint64_t bytes_processed = 0;
- /* bitmap of packets left to process */
- uint64_t pkts_to_process = pkts_mask;
- /* bitmap of valid packets to return */
- uint64_t valid_packets = pkts_mask;
-
- /* prefetch counters, updated below. Most likely counters to update
- * at beginnning */
- rte_prefetch0(&vfw_pipe->counters);
-
- do { /* always execute at least once */
-
- /* remove this packet from remaining list */
- uint64_t next_pkts_to_process = pkts_to_process &= ~pkt_mask;
-
- if (likely(next_pkts_to_process)) {
- /* another packet to process after this, prefetch it */
-
- next_pos =
- (uint8_t) __builtin_ctzll(next_pkts_to_process);
- next_pkt = pkts[next_pos];
- next_iphdr =
- RTE_MBUF_METADATA_UINT32_PTR(next_pkt, IP_START);
- rte_prefetch0(next_iphdr);
- }
-
- int discard = 0;
- /* remove this packet from remaining list */
- pkts_to_process &= ~pkt_mask;
- if (enable_hwlb)
- if (!check_arp_icmp(pkt, vfw_pipe))
- discard = 1;
- uint32_t packet_length = rte_pktmbuf_pkt_len(pkt);
-
- bytes_processed += packet_length;
-
- if (rte_vfw_is_IPv4(pkt)) {
- struct ipv4_hdr *ihdr4 = (struct ipv4_hdr *)iphdr;
-
- /* verify that packet size according to mbuf is at least
- * as large as the size according to the IP header.
- */
-
- uint32_t ip_length = rte_bswap16(ihdr4->total_length);
-
- if (unlikely
- (ip_length > (packet_length - ETH_HDR_SIZE))) {
- discard = 1;
- vfw_pipe->counters->pkts_drop_bad_size++;
- }
-
- /*
- * IPv4 fragmented if: MF (more fragments) or Fragment
- * Offset are non-zero. Header in Intel order, so flip
- * constant to compensate. Note that IPv6 uses a header
- * extension for identifying fragments.
- */
-
- int fragmented = (ihdr4->fragment_offset & 0xff3f) != 0;
- uint8_t ttl = ihdr4->time_to_live;
-
- if (unlikely(fragmented)) {
- discard = 1;
- vfw_pipe->counters->pkts_drop_fragmented++;
- }
-
- /*
- * Behave like a router, and decrement the TTL of an
- * IP packet. If this causes the TTL to become zero,
- * the packet will be discarded. Unlike a router,
- * no ICMP code 11 (Time * Exceeded) message will be
- * sent back to the packet originator.
- */
-
- if (unlikely(ttl <= 1)) {
- /*
- * about to decrement to zero (or is somehow
- * already zero), so discard
- */
- discard = 1;
- vfw_pipe->counters->pkts_drop_ttl++;
- }
-
- /*
- * Dropping the packets other than TCP AND UDP.
- */
-
- uint8_t proto = ihdr4->next_proto_id;
-
- if (unlikely(!(proto == IP_TCP_PROTOCOL ||
- proto == IP_UDP_PROTOCOL ||
- proto == IP_ICMP_PROTOCOL))) {
- discard = 1;
- vfw_pipe->counters->
- pkts_drop_unsupported_type++;
- }
-
- if (unlikely(discard)) {
- valid_packets &= ~pkt_mask;
- }
-
- } else if (likely(rte_vfw_is_IPv6(pkt))) {
- struct ipv6_hdr *ihdr6 = (struct ipv6_hdr *)iphdr;
-
- /*
- * verify that packet size according to mbuf is at least
- * as large as the size according to the IP header.
- * For IPv6, note that size includes header extensions
- * but not the base header size
- */
-
- uint32_t ip_length =
- rte_bswap16(ihdr6->payload_len) + IPv6_HEADER_SIZE;
-
- if (unlikely
- (ip_length > (packet_length - ETH_HDR_SIZE))) {
- discard = 1;
- vfw_pipe->counters->pkts_drop_bad_size++;
- }
-
- /*
- * Dropping the packets other than TCP AND UDP.
- */
-
- uint8_t proto = ihdr6->proto;
-
- if (unlikely(!(proto == IP_TCP_PROTOCOL ||
- proto == IP_UDP_PROTOCOL ||
- proto == IP_ICMP_PROTOCOL))) {
- discard = 1;
- if (proto == IPv6_FRAGMENT_HEADER)
- vfw_pipe->counters->
- pkts_drop_fragmented++;
- else
- vfw_pipe->counters->
- pkts_drop_unsupported_type++;
- }
-
- /*
- * Behave like a router, and decrement the TTL of an
- * IP packet. If this causes the TTL to become zero,
- * the packet will be discarded. Unlike a router,
- * no ICMP code 11 (Time * Exceeded) message will be
- * sent back to the packet originator.
- */
-
- if (unlikely(ihdr6->hop_limits <= 1)) {
- /*
- * about to decrement to zero (or is somehow
- * already zero), so discard
- */
- discard = 1;
- vfw_pipe->counters->pkts_drop_ttl++;
- }
-
- if (unlikely(discard))
- valid_packets &= ~pkt_mask;
- else
- ihdr6->hop_limits--;
- } else
- /* discard non-ip */
- valid_packets &= ~pkt_mask;
-
- /* make next packet data the current */
- pkts_to_process = next_pkts_to_process;
- pos = next_pos;
- pkt = next_pkt;
- iphdr = next_iphdr;
- pkt_mask = 1LLU << pos;
-
- } while (pkts_to_process);
-
- /* finalize counters, etc. */
- vfw_pipe->counters->bytes_processed += bytes_processed;
-
- if (likely(firewall_flag))
- return valid_packets;
- else
- return pkts_mask;
-}
/**
* Performs basic VFW ipv4 packet filtering.
* @param pkts
/* remove this packet from remaining list */
pkts_to_process &= ~pkt_mask;
- if (enable_hwlb)
- if (!check_arp_icmp(pkt, vfw_pipe))
- discard = 1;
+ if (enable_hwlb) {
+ if (!check_arp_icmp(pkt, vfw_pipe)) {
+ /* make next packet data the current */
+ pkts_to_process = next_pkts_to_process;
+ pos = next_pos;
+ pkt = next_pkt;
+ ihdr4 = next_iphdr;
+ pkt_mask = 1LLU << pos;
+ valid_packets &= ~pkt_mask;
+ continue;
+ }
+ }
uint32_t packet_length = rte_pktmbuf_pkt_len(pkt);
vfw_pipe->counters->pkts_drop_fragmented++;
}
- /*
- * Behave like a router, and decrement the TTL of an
- * IP packet. If this causes the TTL to become zero,
- * the packet will be discarded. Unlike a router,
- * no ICMP code 11 (Time * Exceeded) message will be
- * sent back to the packet originator.
- */
-
if (unlikely(ttl <= 1)) {
/*
* about to decrement to zero (or is somehow
if (unlikely(discard)) {
valid_packets &= ~pkt_mask;
- } else {
- ihdr4->time_to_live = ttl - 1;
-
- /* update header checksum, from rfc 1141 */
- uint32_t sum;
- uint16_t checksum = rte_bswap16(
- ihdr4->hdr_checksum);
- /* increment checksum high byte */
- sum = checksum + 0x100;
- /* add carry */
- checksum = (sum + (sum >> BIT_CARRY));
- ihdr4->hdr_checksum = rte_bswap16(checksum);
}
/* make next packet data the current */
/* remove this packet from remaining list */
pkts_to_process &= ~pkt_mask;
- if (enable_hwlb)
- if (!check_arp_icmp(pkt, vfw_pipe))
- discard = 1;
+ if (enable_hwlb) {
+ if (!check_arp_icmp(pkt, vfw_pipe)) {
+ /* make next packet data the current */
+ pkts_to_process = next_pkts_to_process;
+ pos = next_pos;
+ pkt = next_pkt;
+ ihdr6 = next_iphdr;
+ pkt_mask = 1LLU << pos;
+ valid_packets &= ~pkt_mask;
+ continue;
+ }
+ }
uint32_t packet_length = rte_pktmbuf_pkt_len(pkt);
ether_addr_copy(&ehdr->s_addr, &ehdr->d_addr);
ether_addr_copy(&saved_copy, &ehdr->s_addr);
}
-/**
- * walk every valid mbuf (denoted by pkts_mask) and apply arp to the packet.
- * To support synproxy, some (altered) packets may need to be sent back where
- * they came from. The ip header has already been adjusted, but the ethernet
- * header has not, so this must be performed here.
- * Return an updated pkts_mask, since arp may drop some packets
- *
- * @param pkts
- * A pointer to the packet.
- * @param pkts_mask
- * Packet mask
- * @param synproxy_reply_mask
- * Reply Packet mask for Synproxy
- * @param vfw_pipe
- * A pointer to VFW pipeline.
- */
-
-static uint64_t
-rte_vfw_arp_packets(struct rte_mbuf **pkts,
- uint64_t pkts_mask,
- uint64_t synproxy_reply_mask,
- struct pipeline_vfw *vfw_pipe)
-{
- uint64_t pkts_to_arp = pkts_mask;
- uint32_t ret;
- uint32_t dest_if = INVALID_DESTIF;
- int ret_mac;
-
- for (; pkts_to_arp;) {
- struct ether_addr hw_addr;
- struct mbuf_tcp_meta_data *meta_data_addr;
- struct ether_hdr *ehdr;
- struct rte_mbuf *pkt;
- uint16_t phy_port;
- uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_arp);
- /* bitmask representing only this packet */
- uint64_t pkt_mask = 1LLU << pos;
- /* remove this packet from remaining list */
- pkts_to_arp &= ~pkt_mask;
- pkt = pkts[pos];
- int must_reverse = ((synproxy_reply_mask & pkt_mask) != 0);
-
- phy_port = pkt->port;
- meta_data_addr = (struct mbuf_tcp_meta_data *)
- RTE_MBUF_METADATA_UINT32_PTR(pkt, META_DATA_OFFSET);
- ehdr = rte_vfw_get_ether_addr(pkt);
-
- void *iphdr = RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START);
-
- if (rte_vfw_is_IPv4(pkt)) {
- struct ipv4_hdr *ihdr = (struct ipv4_hdr *)iphdr;
- uint32_t nhip = 0;
-
- uint32_t dest_address = rte_bswap32(ihdr->dst_addr);
-
- ret = local_get_nh_ipv4(dest_address, &dest_if,
- &nhip, vfw_pipe);
- if (must_reverse) {
- rte_sp_exchange_mac_addresses(ehdr);
- if (is_phy_port_privte(phy_port)) {
- if (!ret) {
- dest_if = get_pub_to_prv_port(
- &dest_address,
- IP_VERSION_4);
- if (dest_if == INVALID_DESTIF) {
- pkts_mask &= ~pkt_mask;
- vfw_pipe->counters->
- pkts_drop_without_arp_entry++;
- }
- do_local_nh_ipv4_cache(dest_if,
- vfw_pipe);
- }
-
- } else {
- if (!ret) {
- dest_if = get_prv_to_pub_port(
- &dest_address,
- IP_VERSION_4);
- if (dest_if == INVALID_DESTIF) {
- pkts_mask &= ~pkt_mask;
- vfw_pipe->counters->
- pkts_drop_without_arp_entry++;
- }
- do_local_nh_ipv4_cache(dest_if,
- vfw_pipe);
- }
- }
-
- } else if (is_phy_port_privte(phy_port)) {
- if (!ret) {
- dest_if = get_prv_to_pub_port(
- &dest_address,
- IP_VERSION_4);
- if (dest_if == INVALID_DESTIF) {
- pkts_mask &= ~pkt_mask;
- vfw_pipe->counters->
- pkts_drop_without_arp_entry++;
- }
- do_local_nh_ipv4_cache(dest_if,
- vfw_pipe);
- }
-
- } else {
- if (!ret) {
- dest_if = get_pub_to_prv_port(
- &dest_address,
- IP_VERSION_4);
- if (dest_if == INVALID_DESTIF) {
- pkts_mask &= ~pkt_mask;
- vfw_pipe->counters->
- pkts_drop_without_arp_entry++;
- }
- do_local_nh_ipv4_cache(dest_if,
- vfw_pipe);
- }
- }
-
- meta_data_addr->output_port =
- vfw_pipe->outport_id[dest_if];
- if (local_dest_mac_present(dest_if)) {
- ether_addr_copy(get_local_link_hw_addr(dest_if),
- &ehdr->d_addr);
- ether_addr_copy(get_link_hw_addr(dest_if),
- &ehdr->s_addr);
- } else {
- ret_mac = get_dest_mac_addr_port(dest_address,
- &dest_if, &hw_addr);
- if (ret_mac == ARP_FOUND) {
-
- link_hw_laddr_valid[dest_if] = 1;
- memcpy(&link_hw_laddr[dest_if], &hw_addr,
- sizeof(struct ether_addr));
-
- ether_addr_copy(&hw_addr,
- &ehdr->d_addr);
- ether_addr_copy(get_link_hw_addr(dest_if),
- &ehdr->s_addr);
-
- if (vfw_debug >= DEBUG_LEVEL_4) {
- char buf[HW_ADDR_SIZE];
-
- ether_format_addr(buf, sizeof(buf),
- &hw_addr);
- printf("MAC found for ip 0x%"PRIx32
- ",dest_if %d: %s, ",
- dest_address,
- dest_if, buf);
- ether_format_addr(buf, sizeof(buf),
- &ehdr->s_addr);
- printf("new eth hdr src: %s, ", buf);
- ether_format_addr(buf, sizeof(buf),
- &ehdr->d_addr);
- printf("new eth hdr dst: %s\n", buf);
- }
-
- } else {
-
- if (vfw_debug >= DEBUG_LEVEL_4) {
- char buf[HW_ADDR_SIZE];
-
- ether_format_addr(buf, sizeof(buf),
- &hw_addr);
- printf("MAC NOT FOUND for ip 0x%"
- PRIx32", dest_if %"
- PRId16": %s, ",
- dest_address,
- dest_if, buf);
- }
- /* ICMP req sent, drop packet by
- * changing the mask */
- pkts_mask &= ~pkt_mask;
- vfw_pipe->
- counters->pkts_drop_without_arp_entry++;
- }
-
- }
- } else if (likely(rte_vfw_is_IPv6(pkt))) {
- struct ipv6_hdr *ihdr = (struct ipv6_hdr *)iphdr;
- uint8_t dest_addr_ipv6[IPV6_ADD_SIZE];
-
- rte_mov16(dest_addr_ipv6, ihdr->dst_addr);
- uint8_t nh_ipv6[IPV6_ADD_SIZE];
-
- memset(nh_ipv6, 0, IPV6_ADD_SIZE);
- ret = local_get_nh_ipv6(&dest_addr_ipv6[0], &dest_if,
- &nh_ipv6[0], vfw_pipe);
- if (must_reverse) {
- rte_sp_exchange_mac_addresses(ehdr);
- if (is_phy_port_privte(phy_port)) {
- if (!ret) {
- dest_if = get_pub_to_prv_port(
- (uint32_t *)
- &dest_addr_ipv6[0],
- IP_VERSION_6);
- if (dest_if == INVALID_DESTIF) {
- pkts_mask &= ~pkt_mask;
- vfw_pipe->counters->
- pkts_drop_without_arp_entry++;
- }
- do_local_nh_ipv6_cache(dest_if,
- vfw_pipe);
- }
-
- } else {
- if (!ret) {
- dest_if = get_prv_to_pub_port(
- (uint32_t *)
- &dest_addr_ipv6[0],
- IP_VERSION_6);
- if (dest_if == INVALID_DESTIF) {
- pkts_mask &= ~pkt_mask;
- vfw_pipe->counters->
- pkts_drop_without_arp_entry++;
- }
- do_local_nh_ipv6_cache(dest_if,
- vfw_pipe);
- }
-
-
- }
-
- } else if (is_phy_port_privte(phy_port)) {
- if (!ret) {
- dest_if = get_prv_to_pub_port(
- (uint32_t *)
- &dest_addr_ipv6[0],
- IP_VERSION_6);
- if (dest_if == INVALID_DESTIF) {
- pkts_mask &= ~pkt_mask;
- vfw_pipe->counters->
- pkts_drop_without_arp_entry++;
- }
- do_local_nh_ipv6_cache(dest_if,
- vfw_pipe);
- }
-
- } else {
- if (!ret) {
- dest_if = get_pub_to_prv_port(
- (uint32_t *)
- &dest_addr_ipv6[0],
- IP_VERSION_6);
- if (dest_if == INVALID_DESTIF) {
- pkts_mask &= ~pkt_mask;
- vfw_pipe->counters->
- pkts_drop_without_arp_entry++;
- }
- do_local_nh_ipv6_cache(dest_if,
- vfw_pipe);
- }
-
- }
- meta_data_addr->output_port = vfw_pipe->
- outport_id[dest_if];
-
- memset(nh_ipv6, 0, IPV6_ADD_SIZE);
- if (get_dest_mac_address_ipv6_port(
- &dest_addr_ipv6[0],
- &dest_if,
- &hw_addr,
- &nh_ipv6[0])) {
- ether_addr_copy(&hw_addr, &ehdr->d_addr);
- ether_addr_copy(get_link_hw_addr(dest_if),
- &ehdr->s_addr);
-
- if (vfw_debug >= DEBUG_LEVEL_4) {
- char buf[HW_ADDR_SIZE];
-
- ether_format_addr(buf, sizeof(buf),
- &hw_addr);
- printf("MAC found for dest_if %d: %s,",
- dest_if, buf);
- ether_format_addr(buf, sizeof(buf),
- &ehdr->s_addr);
- printf("new eth hdr src: %s, ", buf);
- ether_format_addr(buf, sizeof(buf),
- &ehdr->d_addr);
- printf("new eth hdr dst: %s\n", buf);
- }
-
- } else {
- printf("deleting ipv6\n");
- pkts_mask &= ~pkt_mask;
- /*Next Neighbor is not yet implemented
- * for ipv6.*/
- vfw_pipe->counters->
- pkts_drop_without_arp_entry++;
- }
-
- } else
- /* neither IPv4 or IPv6, drop quietly */
- pkts_mask &= ~pkt_mask;
- }
- return pkts_mask;
-}
-
#ifdef EN_SWP_ARP
/**
keep_mask = 0;
}
}
-
-/**
- * The pipeline port-in action is used to do all the firewall and
- * connection tracking work.
- *
- * @param p
- * A pointer to the pipeline.
- * @param pkts
- * A pointer to a burst of packets.
- * @param n_pkts
- * Number of packets to process.
- * @param arg
- * A pointer to pipeline specific data.
- *
- * @return
- * 0 on success, negative on error.
- */
-
-static int
-vfw_port_in_action(struct rte_pipeline *p,
- struct rte_mbuf **pkts,
- __rte_unused uint32_t n_pkts, __rte_unused void *arg)
-{
- struct vfw_ports_in_args *port_in_args =
- (struct vfw_ports_in_args *)arg;
- struct pipeline_vfw *vfw_pipe =
- (struct pipeline_vfw *)port_in_args->pipe;
- struct rte_ct_cnxn_tracker *ct = port_in_args->cnxn_tracker;
-
- start_tsc_measure(vfw_pipe);
-
- uint64_t packet_mask_in = RTE_LEN2MASK(n_pkts, uint64_t);
- uint64_t pkts_drop_mask;
- uint64_t hijack_mask = 0;
- uint64_t synproxy_reply_mask = 0; /* for synproxy */
- uint64_t keep_mask = packet_mask_in;
- struct rte_CT_helper ct_helper;
-
- memset(&ct_helper, 0, sizeof(struct rte_CT_helper));
-
-
- /*
- * This routine uses a bit mask to represent which packets in the
- * "pkts" table are considered valid. Any table entry which exists
- * and is considered valid has the corresponding bit in the mask set.
- * Otherwise, it is cleared. Note that the mask is 64 bits,
- * but the number of packets in the table may be considerably less.
- * Any mask bits which do correspond to actual packets are cleared.
- * Various routines are called which may determine that an existing
- * packet is somehow invalid. The routine will return an altered bit
- * mask, with the bit cleared. At the end of all the checks,
- * packets are dropped if their mask bit is a zero
- */
-
- if (vfw_debug > 1)
- printf("Enter in-port action with %p packet mask\n",
- (void *)packet_mask_in);
- vfw_pipe->counters->pkts_received =
- vfw_pipe->counters->pkts_received + n_pkts;
- if (VFW_DEBUG)
- printf("vfw_port_in_action pkts_received: %" PRIu64
- " n_pkts: %u\n",
- vfw_pipe->counters->pkts_received, n_pkts);
-
- /* first handle handle any previously buffered packets now released */
- vfw_handle_buffered_packets(p, vfw_pipe, ct,
- FORWARD_BUFFERED_PACKETS);
-
- /* now handle any new packets on input ports */
- if (likely(firewall_flag)) {
- keep_mask =
- rte_vfw_packet_filter_and_process(pkts, keep_mask,
- vfw_pipe);
- vfw_pipe->counters->pkts_fw_forwarded +=
- __builtin_popcountll(keep_mask);
- }
-#ifdef ACL_ENABLE
- uint64_t conntrack_mask = 0, connexist_mask = 0;
- keep_mask = lib_acl_pkt_work_key(
- vfw_pipe->plib_acl, pkts, keep_mask,
- &vfw_pipe->counters->pkts_drop_without_rule,
- vfw_rule_table_ipv4_active,
- vfw_rule_table_ipv6_active,
- action_array_active,
- action_counter_table,
- &conntrack_mask, &connexist_mask,
- vfw_ipv4_enabled,
- vfw_ipv6_enabled);
- vfw_pipe->counters->pkts_acl_forwarded +=
- __builtin_popcountll(keep_mask);
- if (conntrack_mask > 0) {
- keep_mask = conntrack_mask;
- ct_helper.no_new_cnxn_mask = connexist_mask;
- cnxn_tracking_is_active = 1;
- } else
- cnxn_tracking_is_active = 0;
-#endif
- if (likely(cnxn_tracking_is_active)) {
- keep_mask = rte_ct_cnxn_tracker_batch_lookup(ct, pkts,
- keep_mask, &ct_helper);
- synproxy_reply_mask = ct_helper.reply_pkt_mask;
- hijack_mask = ct_helper.hijack_mask;
-
- }
-
-
- keep_mask =
- rte_vfw_arp_packets(pkts, keep_mask, synproxy_reply_mask,
- vfw_pipe);
-
- if (vfw_debug > 1) {
- printf(" Exit in-port action with %p packet mask\n",
- (void *)keep_mask);
- if (keep_mask != packet_mask_in)
- printf("dropped packets, %p in, %p out\n",
- (void *)packet_mask_in,
- (void *)keep_mask);
- }
-
- /* Update mask before returning, so that bad packets are dropped */
-
- pkts_drop_mask = packet_mask_in & ~keep_mask;
-
- if (unlikely(pkts_drop_mask != 0)) {
- /* printf("drop %p\n", (void *) pkts_drop_mask); */
- rte_pipeline_ah_packet_drop(p, pkts_drop_mask);
- }
-
- if (unlikely(hijack_mask != 0))
- rte_pipeline_ah_packet_hijack(p, hijack_mask);
-
- vfw_pipe->counters->num_batch_pkts_sum += n_pkts;
- vfw_pipe->counters->num_pkts_measurements++;
-
- end_tsc_measure(vfw_pipe, n_pkts);
-
- return 0;
-}
/**
* The pipeline port-in action is used to do all the firewall and
* connection tracking work for IPV4 packets.
.arg_create =
pipeline_port_in_params_convert(¶ms->port_in
[i]),
- .f_action = vfw_port_in_action,
+ .f_action = vfw_port_in_action_ipv4,
.arg_ah = &(port_in_args[i]),
.burst_size = params->port_in[i].burst_size,
};
- if (pipe_vfw->traffic_type == IP_VERSION_4)
- port_params.f_action = vfw_port_in_action_ipv4;
-
if (pipe_vfw->traffic_type == IP_VERSION_6)
port_params.f_action = vfw_port_in_action_ipv6;
int status = rte_pipeline_port_in_create(pipe->p, &port_params,
Code Review / samplevnf.git / blobdiff