From patchwork Sun Jan 12 23:08:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sowmini Varadhan X-Patchwork-Id: 64462 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 74D61A04F0; Mon, 13 Jan 2020 00:09:03 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 8D1251D580; Mon, 13 Jan 2020 00:08:56 +0100 (CET) Received: from mail-qt1-f196.google.com (mail-qt1-f196.google.com [209.85.160.196]) by dpdk.org (Postfix) with ESMTP id 6B8E11D57D for ; Mon, 13 Jan 2020 00:08:54 +0100 (CET) Received: by mail-qt1-f196.google.com with SMTP id k40so7575274qtk.8 for ; Sun, 12 Jan 2020 15:08:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to :references; bh=XAC/kZ55ld1yOyyrNzC6Rx57A+9yqFz5fBnGymRzz+0=; b=RzDUdzDIeYJvD3OKCbW55RjrjLswDtzYT+BzNRxb/6jz25EusHZvVRPpQ09eI3Um6I zTa+kcxwu9if6pgnsBOaGU1f+tIV5GgscchEKkj87ChOTX3kObOiyh+DGIvAV9bKiYoT eC55GDfwJT+znth7S1llQlfBvHcznVGxwTRYvpXRhRpazU2T9iHRmtsxm8n6IFfRGhnM Dhrarf91TLFhwYYpcX7ozcm+bI3oP991D2m8eGzXmVUe6SlLa/T/I4SF9SPFPtmJNVU8 YYgjDKvgf9ThRS60YcP7vcwCtAIgrC+VKpACTzcpqOrb9tbgu+lCqs3fhpaKe/Xniu5k IJTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=XAC/kZ55ld1yOyyrNzC6Rx57A+9yqFz5fBnGymRzz+0=; b=fIc1DtQP9rpQCoImid3JmJIv6vVEG4MeOaTtyIRYHUk1nwrCpxZY+QaUaCsjlwVrpJ +37fmbwIFipcPEHVVMcqvL6RKJh2uX3kehgwGeAbqSVXzm3rkVK/4T7ki+zPPTbo+XWu CpMrYhyN0EU8ypMcP6yVT5H/pNy0ZgYhYv5DA00mjgyHOYnFv+JWOLwKHUnmdoHMEAOC B11C7ApSDigpTd6PSLz9+WWk/MkkL8cCJelpZ91F+F67qYZK547rU/RJsS7MAPnuQL7E 4u9W9pmN6sKWloAgJxw5Yd6Xzhq/bTTTyAtQJSiKVPQjXqD4gSPHrEWvymFdvf7mfak6 FINQ== X-Gm-Message-State: APjAAAWtKE4KCxEceLjccOHIW4X5ewRmJLduihBrhO49BrkRg5Ze6kYd 01xgcEG9lzSds+XHCvfZ17s= X-Google-Smtp-Source: APXvYqw7GtJb6DVHwrxT1B++D35ARr1au8Qn5pLeuzgNxEkoBRt9Aj9HlaHIdRhoDdsTtW7fPYyUcw== X-Received: by 2002:ac8:1730:: with SMTP id w45mr8395049qtj.297.1578870533601; Sun, 12 Jan 2020 15:08:53 -0800 (PST) Received: from sovaradhvm.ojp4suxva1celnnpiyhedynfde.bx.internal.cloudapp.net ([104.211.12.148]) by smtp.gmail.com with ESMTPSA id i23sm4174549qka.113.2020.01.12.15.08.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Jan 2020 15:08:52 -0800 (PST) From: Sowmini Varadhan To: sowmini05@gmail.com, dev@dpdk.org Date: Sun, 12 Jan 2020 23:08:38 +0000 Message-Id: <80429899738d7ae51fce53a340637c6a77ba0bd9.1578787797.git.sowmini.varadhan@microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: In-Reply-To: References: Subject: [dpdk-dev] [PATCH RFC 1/2] Hooks to allow the setting of filters on tcp flags X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The rte_eth_ntuple_filter allows tcp_flags which can check for things like #define RTE_TCP_CWR_FLAG 0x80 /**< Congestion Window Reduced */ #define RTE_TCP_ECE_FLAG 0x40 /**< ECN-Echo */ #define RTE_TCP_URG_FLAG 0x20 /**< Urgent Pointer field significant */ #define RTE_TCP_ACK_FLAG 0x10 /**< Acknowledgment field significant */ #define RTE_TCP_PSH_FLAG 0x08 /**< Push Function */ #define RTE_TCP_RST_FLAG 0x04 /**< Reset the connection */ #define RTE_TCP_SYN_FLAG 0x02 /**< Synchronize sequence numbers */ #define RTE_TCP_FIN_FLAG 0x01 /**< No more data from sender */ but there are no existing examples that demonstrate how to use this feature. This patch extends the exisiting classification support to allow an optional flags in the input file. The flags string can be any concatenation of characters from {C, E, U, A, P, R, S, F} and "*" indicates "dont care". These flags are set in the ntuple_filter and are used to construct the tcp_spec and tcp_mask sent to the driver The rte_acl_field_def is updated to use the (u8) tcp flag as lookup key. Note that, as per https://doc.dpdk.org/guides/prog_guide/packet_classif_access_ctrl.html this field MUST be allocated fo4 4 bytes, thus it has sizeof(uint32_t). However, also note the XXX in this commit: additional updates are needed to the rte_flow_classify_table_entry_add() so that it does not ignore any key fields other than the 5-tuple. Signed-off-by: Sowmini Varadhan --- examples/flow_classify/flow_classify.c | 88 ++++++++++++++++++++-- examples/flow_classify/ipv4_rules_file.txt | 22 +++--- 2 files changed, 91 insertions(+), 19 deletions(-) diff --git a/examples/flow_classify/flow_classify.c b/examples/flow_classify/flow_classify.c index 1c12bbb2f..e74a53be7 100644 --- a/examples/flow_classify/flow_classify.c +++ b/examples/flow_classify/flow_classify.c @@ -51,6 +51,7 @@ enum { CB_FLD_DST_PORT_MASK, CB_FLD_PROTO, CB_FLD_PRIORITY, + CB_FLD_TCP_FLAGS, CB_FLD_NUM, }; @@ -81,6 +82,7 @@ enum { DST_FIELD_IPV4, SRCP_FIELD_IPV4, DSTP_FIELD_IPV4, + TCP_FLAGS_FIELD, NUM_FIELDS_IPV4 }; @@ -88,7 +90,8 @@ enum { PROTO_INPUT_IPV4, SRC_INPUT_IPV4, DST_INPUT_IPV4, - SRCP_DESTP_INPUT_IPV4 + SRCP_DESTP_INPUT_IPV4, + TCP_FLAGS_INDEX, }; static struct rte_acl_field_def ipv4_defs[NUM_FIELDS_IPV4] = { @@ -145,6 +148,17 @@ static struct rte_acl_field_def ipv4_defs[NUM_FIELDS_IPV4] = { sizeof(struct rte_ipv4_hdr) + offsetof(struct rte_tcp_hdr, dst_port), }, + /* next field must be 4 bytes, even though flags is only 1 byte */ + { + /* rte_flags */ + .type = RTE_ACL_FIELD_TYPE_BITMASK, + .size = sizeof(uint32_t), + .field_index = TCP_FLAGS_FIELD, + .input_index = TCP_FLAGS_INDEX, + .offset = sizeof(struct rte_ether_hdr) + + sizeof(struct rte_ipv4_hdr) + + offsetof(struct rte_tcp_hdr, tcp_flags), + }, }; /* flow classify data */ @@ -272,12 +286,14 @@ lcore_main(struct flow_classifier *cls_app) int ret; int i = 0; - ret = rte_flow_classify_table_entry_delete(cls_app->cls, - rules[7]); - if (ret) - printf("table_entry_delete failed [7] %d\n\n", ret); - else - printf("table_entry_delete succeeded [7]\n\n"); + if (rules[7]) { + ret = rte_flow_classify_table_entry_delete(cls_app->cls, + rules[7]); + if (ret) + printf("table_entry_delete failed [7] %d\n\n", ret); + else + printf("table_entry_delete succeeded [7]\n\n"); + } /* * Check that the port is on the same NUMA node as the polling thread @@ -395,6 +411,53 @@ parse_ipv4_net(char *in, uint32_t *addr, uint32_t *mask_len) return 0; } +static int +get_tcp_flags(char *in, struct rte_eth_ntuple_filter *ntuple_filter) +{ + int len = strlen(in); + int i; + uint8_t flags = 0; + + if (strcmp(in, "*") == 0) { + ntuple_filter->tcp_flags = 0; + return 0; + } + + for (i = 0; i < len; i++) { + switch (in[i]) { + case 'S': + flags |= RTE_TCP_SYN_FLAG; + break; + case 'F': + flags |= RTE_TCP_FIN_FLAG; + break; + case 'R': + flags |= RTE_TCP_RST_FLAG; + break; + case 'P': + flags |= RTE_TCP_PSH_FLAG; + break; + case 'A': + flags |= RTE_TCP_ACK_FLAG; + break; + case 'U': + flags |= RTE_TCP_URG_FLAG; + break; + case 'E': + flags |= RTE_TCP_ECE_FLAG; + break; + case 'C': + flags |= RTE_TCP_CWR_FLAG; + break; + default: + fprintf(stderr, "unknown flag %c\n", in[i]); + return -1; + } + } + ntuple_filter->tcp_flags = flags; + return 0; +} + static int parse_ipv4_5tuple_rule(char *str, struct rte_eth_ntuple_filter *ntuple_filter) { @@ -424,7 +487,7 @@ parse_ipv4_5tuple_rule(char *str, struct rte_eth_ntuple_filter *ntuple_filter) &ntuple_filter->dst_ip, &ntuple_filter->dst_ip_mask); if (ret != 0) { - flow_classify_log("failed to read source address/mask: %s\n", + flow_classify_log("failed to read ssourceource address/mask: %s\n", in[CB_FLD_DST_ADDR]); return ret; } @@ -466,6 +529,8 @@ parse_ipv4_5tuple_rule(char *str, struct rte_eth_ntuple_filter *ntuple_filter) ntuple_filter->priority = (uint16_t)temp; if (ntuple_filter->priority > FLOW_CLASSIFY_MAX_PRIORITY) ret = -EINVAL; + if (get_tcp_flags(in[CB_FLD_TCP_FLAGS], ntuple_filter)) + return -EINVAL; return ret; } @@ -582,10 +647,13 @@ add_classify_rule(struct rte_eth_ntuple_filter *ntuple_filter, memset(&tcp_spec, 0, sizeof(tcp_spec)); tcp_spec.hdr.src_port = ntuple_filter->src_port; tcp_spec.hdr.dst_port = ntuple_filter->dst_port; + tcp_spec.hdr.tcp_flags = ntuple_filter->tcp_flags; memset(&tcp_mask, 0, sizeof(tcp_mask)); tcp_mask.hdr.src_port = ntuple_filter->src_port_mask; tcp_mask.hdr.dst_port = ntuple_filter->dst_port_mask; + if (tcp_spec.hdr.tcp_flags != 0) + tcp_mask.hdr.tcp_flags = 0xff; tcp_item.type = RTE_FLOW_ITEM_TYPE_TCP; tcp_item.spec = &tcp_spec; @@ -640,6 +708,10 @@ add_classify_rule(struct rte_eth_ntuple_filter *ntuple_filter, return ret; } + /* XXX but this only adds table_type of RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_5TUPLE + * i.e., it only ever does allocate_acl_ipv4_5tuple_rule() so the tcp_flags is + * ignored! + */ rule = rte_flow_classify_table_entry_add( cls_app->cls, &attr, pattern_ipv4_5tuple, actions, &key_found, &error); diff --git a/examples/flow_classify/ipv4_rules_file.txt b/examples/flow_classify/ipv4_rules_file.txt index dfa0631fc..415573732 100644 --- a/examples/flow_classify/ipv4_rules_file.txt +++ b/examples/flow_classify/ipv4_rules_file.txt @@ -1,14 +1,14 @@ #file format: -#src_ip/masklen dst_ip/masklen src_port : mask dst_port : mask proto/mask priority +#src_ip/masklen dst_ip/masklen src_port : mask dst_port : mask proto/mask priority tcp_flags # -2.2.2.3/24 2.2.2.7/24 32 : 0xffff 33 : 0xffff 17/0xff 0 -9.9.9.3/24 9.9.9.7/24 32 : 0xffff 33 : 0xffff 17/0xff 1 -9.9.9.3/24 9.9.9.7/24 32 : 0xffff 33 : 0xffff 6/0xff 2 -9.9.8.3/24 9.9.8.7/24 32 : 0xffff 33 : 0xffff 6/0xff 3 -6.7.8.9/24 2.3.4.5/24 32 : 0x0000 33 : 0x0000 132/0xff 4 -6.7.8.9/32 192.168.0.36/32 10 : 0xffff 11 : 0xffff 6/0xfe 5 -6.7.8.9/24 192.168.0.36/24 10 : 0xffff 11 : 0xffff 6/0xfe 6 -6.7.8.9/16 192.168.0.36/16 10 : 0xffff 11 : 0xffff 6/0xfe 7 -6.7.8.9/8 192.168.0.36/8 10 : 0xffff 11 : 0xffff 6/0xfe 8 +2.2.2.3/24 2.2.2.7/24 32 : 0xffff 33 : 0xffff 17/0xff 0 * +9.9.9.3/24 9.9.9.7/24 32 : 0xffff 33 : 0xffff 17/0xff 1 * +9.9.9.3/24 9.9.9.7/24 32 : 0xffff 33 : 0xffff 6/0xff 2 * +9.9.8.3/24 9.9.8.7/24 32 : 0xffff 33 : 0xffff 6/0xff 3 * +6.7.8.9/24 2.3.4.5/24 32 : 0x0000 33 : 0x0000 132/0xff 4 * +6.7.8.9/32 192.168.0.36/32 10 : 0xffff 11 : 0xffff 6/0xfe 5 * +6.7.8.9/24 192.168.0.36/24 10 : 0xffff 11 : 0xffff 6/0xfe 6 * +6.7.8.9/16 192.168.0.36/16 10 : 0xffff 11 : 0xffff 6/0xfe 7 * +6.7.8.9/8 192.168.0.36/8 10 : 0xffff 11 : 0xffff 6/0xfe 8 * #error rules -#9.8.7.6/8 192.168.0.36/8 10 : 0xffff 11 : 0xffff 6/0xfe 9 \ No newline at end of file +#9.8.7.6/8 192.168.0.36/8 10 : 0xffff 11 : 0xffff 6/0xfe 9 * From patchwork Sun Jan 12 23:08:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sowmini Varadhan X-Patchwork-Id: 64463 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 587D2A04F0; Mon, 13 Jan 2020 00:09:12 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 4D9701D586; Mon, 13 Jan 2020 00:08:58 +0100 (CET) Received: from mail-qv1-f65.google.com (mail-qv1-f65.google.com [209.85.219.65]) by dpdk.org (Postfix) with ESMTP id D37C81D57F for ; Mon, 13 Jan 2020 00:08:54 +0100 (CET) Received: by mail-qv1-f65.google.com with SMTP id m14so3276213qvl.3 for ; Sun, 12 Jan 2020 15:08:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to :references; bh=gg3uw75PJepj8prQuQmlpE9NDoTnhiOviXagjGlJxAo=; b=ekgvlAoJjSvMf9PhcaVczHrlNf+VPRhUbxpZZeoq6VbmzHni6a33pHETWXODwijKdh QCXp91sla2vWAylzVroWNhKuMgXiihIRJrFCCOx8YOzWSAvAPNyjyCySnX97tmWPQgNq gq5eKQnReomWSDn/1lHNpz2PkMLsC7MUHNUHG74T2Ll2Hlet9LSxvHktu1V3TzwjQyX1 r2+XbvW3TuAynwuRHSCHh0qqqKHmCxFGwoEZP6k17PTBGyoqN9/n7KI7IL/VP23FVXlc xt+seTlVioiZslB1YMUiQ0XE2folBKos1hhCCjaYBbOmNB1us7pckolG3a8qWTxPKyqV 66Aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=gg3uw75PJepj8prQuQmlpE9NDoTnhiOviXagjGlJxAo=; b=kzmiKLsCfs62cL2iR3bYrv4shkGD8rim701aYxAjJCOKtpodiT2fGUllryNLICWl+W C5brxuDxGimqneNsZZunocsrncIL1MCC5DTtMcAE2jpruWA5pX0uzKRcIVtvAROjFECc OQMWLNRy7aAbZAocLxZQU30xWb+2owy9gELO0MAa0vkzfLJhWCZ5q0drD9G9Gb92hmRm od8nUCAqNh5rrIXjluQsfp+iE5Z3Jopn30eswieciYpiqGH0f6+gmuxNgx3rsAG+5HGT K5mxSQgY/6S2t9Mb4ABpt7SWpR7iXmQsbFLEP5CTJnSNJTIVR4Esv6Dt3b/drYkQHXSz zrgw== X-Gm-Message-State: APjAAAX5BUZhkxFW0HiwnHY26B+F1SKuyftkLCe7k9j6rG8pO5rcvw14 Dy8LtPrtT70aGaDX5UJyzMc= X-Google-Smtp-Source: APXvYqxvSCEMLtwU6vU/+HNWdBqHG0luLpJrQJ+wYS0qPFYV+vkdaP9Z/IbmSFSBQYroejBC4PvCTg== X-Received: by 2002:a0c:ebcf:: with SMTP id k15mr9187557qvq.217.1578870534120; Sun, 12 Jan 2020 15:08:54 -0800 (PST) Received: from sovaradhvm.ojp4suxva1celnnpiyhedynfde.bx.internal.cloudapp.net ([104.211.12.148]) by smtp.gmail.com with ESMTPSA id i23sm4174549qka.113.2020.01.12.15.08.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Jan 2020 15:08:53 -0800 (PST) From: Sowmini Varadhan To: sowmini05@gmail.com, dev@dpdk.org Date: Sun, 12 Jan 2020 23:08:39 +0000 Message-Id: <8abacc3b4e7f150e708241adf7611f1bc9ee3fc8.1578787797.git.sowmini.varadhan@microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: In-Reply-To: References: Subject: [dpdk-dev] [PATCH RFC 2/2] Allow the flow_classify example to add an ACL table for tcp. X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The struct rte_flow_classifier can have upto RTE_FLOW_CLASSIFY_TABLE_MAX (32) classifier tables, but the existing flow_classify examples only adds a single table for the L4 5-tuple. When dealing with tcp flows, we frequently want to add add ACLs and filters to filter based on the state of the TCP connection, e.g., by looking at the tcp flags field. So we enhance flow_classify to add an additional acl table for tcp 5-typles. If the input-file-parser detects a filter for a tcp flow with a non-wildcard argument for tcp_flags, the IP4_TCP_5TUPLE table is used by flow_classify. Signed-off-by: Sowmini Varadhan --- examples/flow_classify/flow_classify.c | 33 ++++++-- lib/librte_flow_classify/rte_flow_classify.c | 84 +++++++++++++++++++ lib/librte_flow_classify/rte_flow_classify.h | 19 +++++ .../rte_flow_classify_parse.c | 8 +- 4 files changed, 134 insertions(+), 10 deletions(-) diff --git a/examples/flow_classify/flow_classify.c b/examples/flow_classify/flow_classify.c index e74a53be7..54ae65d46 100644 --- a/examples/flow_classify/flow_classify.c +++ b/examples/flow_classify/flow_classify.c @@ -708,10 +708,6 @@ add_classify_rule(struct rte_eth_ntuple_filter *ntuple_filter, return ret; } - /* XXX but this only adds table_type of RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_5TUPLE - * i.e., it only ever does allocate_acl_ipv4_5tuple_rule() so the tcp_flags is - * ignored! - */ rule = rte_flow_classify_table_entry_add( cls_app->cls, &attr, pattern_ipv4_5tuple, actions, &key_found, &error); @@ -838,7 +834,8 @@ main(int argc, char *argv[]) int ret; int socket_id; struct rte_table_acl_params table_acl_params; - struct rte_flow_classify_table_params cls_table_params; + struct rte_table_acl_params table_acl_tcp_params; + struct rte_flow_classify_table_params cls_table_params[2]; struct flow_classifier *cls_app; struct rte_flow_classifier_params cls_params; uint32_t size; @@ -901,16 +898,34 @@ main(int argc, char *argv[]) memcpy(table_acl_params.field_format, ipv4_defs, sizeof(ipv4_defs)); /* initialise table create params */ - cls_table_params.ops = &rte_table_acl_ops; - cls_table_params.arg_create = &table_acl_params; - cls_table_params.type = RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_5TUPLE; + cls_table_params[0].ops = &rte_table_acl_ops; + cls_table_params[0].arg_create = &table_acl_params; + cls_table_params[0].type = RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_5TUPLE; + + /* initialise ACL table params */ + table_acl_tcp_params.name = "table_acl_ipv4_tcp_5tuple"; + table_acl_tcp_params.n_rules = FLOW_CLASSIFY_MAX_RULE_NUM; + table_acl_tcp_params.n_rule_fields = RTE_DIM(ipv4_defs); + memcpy(table_acl_tcp_params.field_format, ipv4_defs, sizeof(ipv4_defs)); + + /* initialise table create params */ + cls_table_params[1].ops = &rte_table_acl_ops; + cls_table_params[1].arg_create = &table_acl_tcp_params; + cls_table_params[1].type = RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_TCP_5TUPLE; - ret = rte_flow_classify_table_create(cls_app->cls, &cls_table_params); + ret = rte_flow_classify_table_create(cls_app->cls, &cls_table_params[0]); if (ret) { rte_flow_classifier_free(cls_app->cls); rte_free(cls_app); rte_exit(EXIT_FAILURE, "Failed to create classifier table\n"); } + ret = rte_flow_classify_table_create(cls_app->cls, &cls_table_params[1]); + if (ret) { + rte_flow_classifier_free(cls_app->cls); + rte_free(cls_app); + rte_exit(EXIT_FAILURE, "Failed to create classifier table\n"); + } + /* read file of IPv4 5 tuple rules and initialize parameters * for rte_flow_classify_validate and rte_flow_classify_table_entry_add diff --git a/lib/librte_flow_classify/rte_flow_classify.c b/lib/librte_flow_classify/rte_flow_classify.c index 5ff585803..4ec36a397 100644 --- a/lib/librte_flow_classify/rte_flow_classify.c +++ b/lib/librte_flow_classify/rte_flow_classify.c @@ -62,6 +62,7 @@ enum { DST_FIELD_IPV4, SRCP_FIELD_IPV4, DSTP_FIELD_IPV4, + TCP_FLAGS_FIELD, NUM_FIELDS_IPV4 }; @@ -74,6 +75,7 @@ struct classify_rules { enum rte_flow_classify_rule_type type; union { struct rte_flow_classify_ipv4_5tuple ipv4_5tuple; + struct rte_flow_classify_ipv4_tcp_5tuple ipv4_tcp_5tuple; } u; }; @@ -482,6 +484,81 @@ allocate_acl_ipv4_5tuple_rule(struct rte_flow_classifier *cls) return rule; } +static struct rte_flow_classify_rule * +allocate_acl_ipv4_tcp_5tuple_rule(struct rte_flow_classifier *cls) +{ + struct rte_flow_classify_rule *rule; + int log_level; + + rule = malloc(sizeof(struct rte_flow_classify_rule)); + if (!rule) + return rule; + + memset(rule, 0, sizeof(struct rte_flow_classify_rule)); + rule->id = unique_id++; + rule->rules.type = RTE_FLOW_CLASSIFY_RULE_TYPE_IPV4_TCP_5TUPLE; + + /* key add values */ + rule->u.key.key_add.priority = cls->ntuple_filter.priority; + rule->u.key.key_add.field_value[PROTO_FIELD_IPV4].mask_range.u8 = + cls->ntuple_filter.proto_mask; + rule->u.key.key_add.field_value[PROTO_FIELD_IPV4].value.u8 = + cls->ntuple_filter.proto; + rule->rules.u.ipv4_tcp_5tuple.proto = cls->ntuple_filter.proto; + rule->rules.u.ipv4_tcp_5tuple.proto_mask = cls->ntuple_filter.proto_mask; + + rule->u.key.key_add.field_value[SRC_FIELD_IPV4].mask_range.u32 = + cls->ntuple_filter.src_ip_mask; + rule->u.key.key_add.field_value[SRC_FIELD_IPV4].value.u32 = + cls->ntuple_filter.src_ip; + rule->rules.u.ipv4_tcp_5tuple.src_ip_mask = cls->ntuple_filter.src_ip_mask; + rule->rules.u.ipv4_tcp_5tuple.src_ip = cls->ntuple_filter.src_ip; + + rule->u.key.key_add.field_value[DST_FIELD_IPV4].mask_range.u32 = + cls->ntuple_filter.dst_ip_mask; + rule->u.key.key_add.field_value[DST_FIELD_IPV4].value.u32 = + cls->ntuple_filter.dst_ip; + rule->rules.u.ipv4_tcp_5tuple.dst_ip_mask = cls->ntuple_filter.dst_ip_mask; + rule->rules.u.ipv4_tcp_5tuple.dst_ip = cls->ntuple_filter.dst_ip; + + rule->u.key.key_add.field_value[SRCP_FIELD_IPV4].mask_range.u16 = + cls->ntuple_filter.src_port_mask; + rule->u.key.key_add.field_value[SRCP_FIELD_IPV4].value.u16 = + cls->ntuple_filter.src_port; + rule->rules.u.ipv4_tcp_5tuple.src_port_mask = + cls->ntuple_filter.src_port_mask; + rule->rules.u.ipv4_tcp_5tuple.src_port = cls->ntuple_filter.src_port; + + rule->u.key.key_add.field_value[DSTP_FIELD_IPV4].mask_range.u16 = + cls->ntuple_filter.dst_port_mask; + rule->u.key.key_add.field_value[DSTP_FIELD_IPV4].value.u16 = + cls->ntuple_filter.dst_port; + rule->rules.u.ipv4_tcp_5tuple.dst_port_mask = + cls->ntuple_filter.dst_port_mask; + rule->rules.u.ipv4_tcp_5tuple.dst_port = cls->ntuple_filter.dst_port; + + rule->u.key.key_add.field_value[TCP_FLAGS_FIELD].mask_range.u32 = + rte_be_to_cpu_32(0xff); + rule->u.key.key_add.field_value[TCP_FLAGS_FIELD].value.u32 = + rte_be_to_cpu_32(cls->ntuple_filter.tcp_flags); + rule->rules.u.ipv4_tcp_5tuple.tcp_flags = cls->ntuple_filter.tcp_flags; + + log_level = rte_log_get_level(librte_flow_classify_logtype); + + if (log_level == RTE_LOG_DEBUG) + print_acl_ipv4_key_add(&rule->u.key.key_add); + + /* key delete values */ + memcpy(&rule->u.key.key_del.field_value[PROTO_FIELD_IPV4], + &rule->u.key.key_add.field_value[PROTO_FIELD_IPV4], + NUM_FIELDS_IPV4 * sizeof(struct rte_acl_field)); + + if (log_level == RTE_LOG_DEBUG) + print_acl_ipv4_key_delete(&rule->u.key.key_del); + + return rule; +} + struct rte_flow_classify_rule * rte_flow_classify_table_entry_add(struct rte_flow_classifier *cls, const struct rte_flow_attr *attr, @@ -519,6 +596,13 @@ rte_flow_classify_table_entry_add(struct rte_flow_classifier *cls, rule->tbl_type = table_type; cls->table_mask |= table_type; break; + case RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_TCP_5TUPLE: + rule = allocate_acl_ipv4_tcp_5tuple_rule(cls); + if (!rule) + return NULL; + rule->tbl_type = table_type; + cls->table_mask |= table_type; + break; default: return NULL; } diff --git a/lib/librte_flow_classify/rte_flow_classify.h b/lib/librte_flow_classify/rte_flow_classify.h index 74d1ecaf5..921277f90 100644 --- a/lib/librte_flow_classify/rte_flow_classify.h +++ b/lib/librte_flow_classify/rte_flow_classify.h @@ -78,6 +78,8 @@ enum rte_flow_classify_rule_type { RTE_FLOW_CLASSIFY_RULE_TYPE_NONE, /** IPv4 5tuple type */ RTE_FLOW_CLASSIFY_RULE_TYPE_IPV4_5TUPLE, + /** IPv4 TCP 5tuple type */ + RTE_FLOW_CLASSIFY_RULE_TYPE_IPV4_TCP_5TUPLE, }; /** Flow classify table type */ @@ -90,6 +92,8 @@ enum rte_flow_classify_table_type { RTE_FLOW_CLASSIFY_TABLE_ACL_VLAN_IP4_5TUPLE = 1 << 2, /** ACL QinQ IP4 5TUPLE */ RTE_FLOW_CLASSIFY_TABLE_ACL_QINQ_IP4_5TUPLE = 1 << 3, + /** ACL IP4 5TUPLE with tcp_flags */ + RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_TCP_5TUPLE = 1 << 4, }; @@ -129,6 +133,21 @@ struct rte_flow_classify_ipv4_5tuple { uint8_t proto_mask; /**< Mask of L4 protocol. */ }; +/** IPv4 5-tuple data with tcp flags*/ +struct rte_flow_classify_ipv4_tcp_5tuple { + uint32_t dst_ip; /**< Destination IP address in big endian. */ + uint32_t dst_ip_mask; /**< Mask of destination IP address. */ + uint32_t src_ip; /**< Source IP address in big endian. */ + uint32_t src_ip_mask; /**< Mask of destination IP address. */ + uint16_t dst_port; /**< Destination port in big endian. */ + uint16_t dst_port_mask; /**< Mask of destination port. */ + uint16_t src_port; /**< Source Port in big endian. */ + uint16_t src_port_mask; /**< Mask of source port. */ + uint8_t proto; /**< L4 protocol. */ + uint8_t proto_mask; /**< Mask of L4 protocol. */ + uint8_t tcp_flags; /**< Tcp only */ +}; + /** * Flow stats * diff --git a/lib/librte_flow_classify/rte_flow_classify_parse.c b/lib/librte_flow_classify/rte_flow_classify_parse.c index 465330291..fe4ee05b6 100644 --- a/lib/librte_flow_classify/rte_flow_classify_parse.c +++ b/lib/librte_flow_classify/rte_flow_classify_parse.c @@ -216,6 +216,7 @@ classify_parse_ntuple_filter(const struct rte_flow_attr *attr, const struct rte_flow_action_count *count; const struct rte_flow_action_mark *mark_spec; uint32_t index; + bool have_tcp = false; /* parse pattern */ index = 0; @@ -375,6 +376,8 @@ classify_parse_ntuple_filter(const struct rte_flow_attr *attr, filter->dst_port = tcp_spec->hdr.dst_port; filter->src_port = tcp_spec->hdr.src_port; filter->tcp_flags = tcp_spec->hdr.tcp_flags; + if (filter->tcp_flags != 0) + have_tcp = true; } else if (item->type == RTE_FLOW_ITEM_TYPE_UDP) { udp_mask = item->mask; @@ -434,7 +437,10 @@ classify_parse_ntuple_filter(const struct rte_flow_attr *attr, return -EINVAL; } - table_type = RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_5TUPLE; + if (have_tcp) + table_type = RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_TCP_5TUPLE; + else + table_type = RTE_FLOW_CLASSIFY_TABLE_ACL_IP4_5TUPLE; /* parse attr */ /* must be input direction */