numam-dpdk/drivers/net/softnic/rte_eth_softnic_flow.c
Reshma Pattan 69fd1729c6 net/softnic: fix string copy
Use strlcpy instead of strcpy to avoid buffer overrun.

Coverity issues: 323475,323478,323514,323515
Fixes: b767f8efc8 ("net/softnic: replace pointers with arrays")
Fixes: c169b6a588 ("net/softnic: map flow attribute to pipeline table")

Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
2018-11-02 11:23:00 +01:00

2288 lines
53 KiB
C

/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2018 Intel Corporation
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <rte_common.h>
#include <rte_byteorder.h>
#include <rte_malloc.h>
#include <rte_string_fns.h>
#include <rte_flow.h>
#include <rte_flow_driver.h>
#include <rte_tailq.h>
#include "rte_eth_softnic_internals.h"
#include "rte_eth_softnic.h"
#define rte_htons rte_cpu_to_be_16
#define rte_htonl rte_cpu_to_be_32
#define rte_ntohs rte_be_to_cpu_16
#define rte_ntohl rte_be_to_cpu_32
static struct rte_flow *
softnic_flow_find(struct softnic_table *table,
struct softnic_table_rule_match *rule_match)
{
struct rte_flow *flow;
TAILQ_FOREACH(flow, &table->flows, node)
if (memcmp(&flow->match, rule_match, sizeof(*rule_match)) == 0)
return flow;
return NULL;
}
int
flow_attr_map_set(struct pmd_internals *softnic,
uint32_t group_id,
int ingress,
const char *pipeline_name,
uint32_t table_id)
{
struct pipeline *pipeline;
struct flow_attr_map *map;
if (group_id >= SOFTNIC_FLOW_MAX_GROUPS ||
pipeline_name == NULL)
return -1;
pipeline = softnic_pipeline_find(softnic, pipeline_name);
if (pipeline == NULL ||
table_id >= pipeline->n_tables)
return -1;
map = (ingress) ? &softnic->flow.ingress_map[group_id] :
&softnic->flow.egress_map[group_id];
strlcpy(map->pipeline_name, pipeline_name, sizeof(map->pipeline_name));
map->table_id = table_id;
map->valid = 1;
return 0;
}
struct flow_attr_map *
flow_attr_map_get(struct pmd_internals *softnic,
uint32_t group_id,
int ingress)
{
if (group_id >= SOFTNIC_FLOW_MAX_GROUPS)
return NULL;
return (ingress) ? &softnic->flow.ingress_map[group_id] :
&softnic->flow.egress_map[group_id];
}
static int
flow_pipeline_table_get(struct pmd_internals *softnic,
const struct rte_flow_attr *attr,
const char **pipeline_name,
uint32_t *table_id,
struct rte_flow_error *error)
{
struct flow_attr_map *map;
if (attr == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ATTR,
NULL,
"Null attr");
if (!attr->ingress && !attr->egress)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ATTR_INGRESS,
attr,
"Ingress/egress not specified");
if (attr->ingress && attr->egress)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ATTR_INGRESS,
attr,
"Setting both ingress and egress is not allowed");
map = flow_attr_map_get(softnic,
attr->group,
attr->ingress);
if (map == NULL ||
map->valid == 0)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ATTR_GROUP,
attr,
"Invalid group ID");
if (pipeline_name)
*pipeline_name = map->pipeline_name;
if (table_id)
*table_id = map->table_id;
return 0;
}
union flow_item {
uint8_t raw[TABLE_RULE_MATCH_SIZE_MAX];
struct rte_flow_item_eth eth;
struct rte_flow_item_vlan vlan;
struct rte_flow_item_ipv4 ipv4;
struct rte_flow_item_ipv6 ipv6;
struct rte_flow_item_icmp icmp;
struct rte_flow_item_udp udp;
struct rte_flow_item_tcp tcp;
struct rte_flow_item_sctp sctp;
struct rte_flow_item_vxlan vxlan;
struct rte_flow_item_e_tag e_tag;
struct rte_flow_item_nvgre nvgre;
struct rte_flow_item_mpls mpls;
struct rte_flow_item_gre gre;
struct rte_flow_item_gtp gtp;
struct rte_flow_item_esp esp;
struct rte_flow_item_geneve geneve;
struct rte_flow_item_vxlan_gpe vxlan_gpe;
struct rte_flow_item_arp_eth_ipv4 arp_eth_ipv4;
struct rte_flow_item_ipv6_ext ipv6_ext;
struct rte_flow_item_icmp6 icmp6;
struct rte_flow_item_icmp6_nd_ns icmp6_nd_ns;
struct rte_flow_item_icmp6_nd_na icmp6_nd_na;
struct rte_flow_item_icmp6_nd_opt icmp6_nd_opt;
struct rte_flow_item_icmp6_nd_opt_sla_eth icmp6_nd_opt_sla_eth;
struct rte_flow_item_icmp6_nd_opt_tla_eth icmp6_nd_opt_tla_eth;
};
static const union flow_item flow_item_raw_mask;
static int
flow_item_is_proto(enum rte_flow_item_type type,
const void **mask,
size_t *size)
{
switch (type) {
case RTE_FLOW_ITEM_TYPE_RAW:
*mask = &flow_item_raw_mask;
*size = sizeof(flow_item_raw_mask);
return 1; /* TRUE */
case RTE_FLOW_ITEM_TYPE_ETH:
*mask = &rte_flow_item_eth_mask;
*size = sizeof(struct rte_flow_item_eth);
return 1; /* TRUE */
case RTE_FLOW_ITEM_TYPE_VLAN:
*mask = &rte_flow_item_vlan_mask;
*size = sizeof(struct rte_flow_item_vlan);
return 1;
case RTE_FLOW_ITEM_TYPE_IPV4:
*mask = &rte_flow_item_ipv4_mask;
*size = sizeof(struct rte_flow_item_ipv4);
return 1;
case RTE_FLOW_ITEM_TYPE_IPV6:
*mask = &rte_flow_item_ipv6_mask;
*size = sizeof(struct rte_flow_item_ipv6);
return 1;
case RTE_FLOW_ITEM_TYPE_ICMP:
*mask = &rte_flow_item_icmp_mask;
*size = sizeof(struct rte_flow_item_icmp);
return 1;
case RTE_FLOW_ITEM_TYPE_UDP:
*mask = &rte_flow_item_udp_mask;
*size = sizeof(struct rte_flow_item_udp);
return 1;
case RTE_FLOW_ITEM_TYPE_TCP:
*mask = &rte_flow_item_tcp_mask;
*size = sizeof(struct rte_flow_item_tcp);
return 1;
case RTE_FLOW_ITEM_TYPE_SCTP:
*mask = &rte_flow_item_sctp_mask;
*size = sizeof(struct rte_flow_item_sctp);
return 1;
case RTE_FLOW_ITEM_TYPE_VXLAN:
*mask = &rte_flow_item_vxlan_mask;
*size = sizeof(struct rte_flow_item_vxlan);
return 1;
case RTE_FLOW_ITEM_TYPE_E_TAG:
*mask = &rte_flow_item_e_tag_mask;
*size = sizeof(struct rte_flow_item_e_tag);
return 1;
case RTE_FLOW_ITEM_TYPE_NVGRE:
*mask = &rte_flow_item_nvgre_mask;
*size = sizeof(struct rte_flow_item_nvgre);
return 1;
case RTE_FLOW_ITEM_TYPE_MPLS:
*mask = &rte_flow_item_mpls_mask;
*size = sizeof(struct rte_flow_item_mpls);
return 1;
case RTE_FLOW_ITEM_TYPE_GRE:
*mask = &rte_flow_item_gre_mask;
*size = sizeof(struct rte_flow_item_gre);
return 1;
case RTE_FLOW_ITEM_TYPE_GTP:
case RTE_FLOW_ITEM_TYPE_GTPC:
case RTE_FLOW_ITEM_TYPE_GTPU:
*mask = &rte_flow_item_gtp_mask;
*size = sizeof(struct rte_flow_item_gtp);
return 1;
case RTE_FLOW_ITEM_TYPE_ESP:
*mask = &rte_flow_item_esp_mask;
*size = sizeof(struct rte_flow_item_esp);
return 1;
case RTE_FLOW_ITEM_TYPE_GENEVE:
*mask = &rte_flow_item_geneve_mask;
*size = sizeof(struct rte_flow_item_geneve);
return 1;
case RTE_FLOW_ITEM_TYPE_VXLAN_GPE:
*mask = &rte_flow_item_vxlan_gpe_mask;
*size = sizeof(struct rte_flow_item_vxlan_gpe);
return 1;
case RTE_FLOW_ITEM_TYPE_ARP_ETH_IPV4:
*mask = &rte_flow_item_arp_eth_ipv4_mask;
*size = sizeof(struct rte_flow_item_arp_eth_ipv4);
return 1;
case RTE_FLOW_ITEM_TYPE_IPV6_EXT:
*mask = &rte_flow_item_ipv6_ext_mask;
*size = sizeof(struct rte_flow_item_ipv6_ext);
return 1;
case RTE_FLOW_ITEM_TYPE_ICMP6:
*mask = &rte_flow_item_icmp6_mask;
*size = sizeof(struct rte_flow_item_icmp6);
return 1;
case RTE_FLOW_ITEM_TYPE_ICMP6_ND_NS:
*mask = &rte_flow_item_icmp6_nd_ns_mask;
*size = sizeof(struct rte_flow_item_icmp6_nd_ns);
return 1;
case RTE_FLOW_ITEM_TYPE_ICMP6_ND_NA:
*mask = &rte_flow_item_icmp6_nd_na_mask;
*size = sizeof(struct rte_flow_item_icmp6_nd_na);
return 1;
case RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT:
*mask = &rte_flow_item_icmp6_nd_opt_mask;
*size = sizeof(struct rte_flow_item_icmp6_nd_opt);
return 1;
case RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_SLA_ETH:
*mask = &rte_flow_item_icmp6_nd_opt_sla_eth_mask;
*size = sizeof(struct rte_flow_item_icmp6_nd_opt_sla_eth);
return 1;
case RTE_FLOW_ITEM_TYPE_ICMP6_ND_OPT_TLA_ETH:
*mask = &rte_flow_item_icmp6_nd_opt_tla_eth_mask;
*size = sizeof(struct rte_flow_item_icmp6_nd_opt_tla_eth);
return 1;
default: return 0; /* FALSE */
}
}
static int
flow_item_raw_preprocess(const struct rte_flow_item *item,
union flow_item *item_spec,
union flow_item *item_mask,
size_t *item_size,
int *item_disabled,
struct rte_flow_error *error)
{
const struct rte_flow_item_raw *item_raw_spec = item->spec;
const struct rte_flow_item_raw *item_raw_mask = item->mask;
const uint8_t *pattern;
const uint8_t *pattern_mask;
uint8_t *spec = (uint8_t *)item_spec;
uint8_t *mask = (uint8_t *)item_mask;
size_t pattern_length, pattern_offset, i;
int disabled;
if (!item->spec)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"RAW: Null specification");
if (item->last)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"RAW: Range not allowed (last must be NULL)");
if (item_raw_spec->relative == 0)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"RAW: Absolute offset not supported");
if (item_raw_spec->search)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"RAW: Search not supported");
if (item_raw_spec->offset < 0)
return rte_flow_error_set(error,
ENOTSUP, RTE_FLOW_ERROR_TYPE_ITEM,
item,
"RAW: Negative offset not supported");
if (item_raw_spec->length == 0)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"RAW: Zero pattern length");
if (item_raw_spec->offset + item_raw_spec->length >
TABLE_RULE_MATCH_SIZE_MAX)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"RAW: Item too big");
if (!item_raw_spec->pattern && item_raw_mask && item_raw_mask->pattern)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"RAW: Non-NULL pattern mask not allowed with NULL pattern");
pattern = item_raw_spec->pattern;
pattern_mask = (item_raw_mask) ? item_raw_mask->pattern : NULL;
pattern_length = (size_t)item_raw_spec->length;
pattern_offset = (size_t)item_raw_spec->offset;
disabled = 0;
if (pattern_mask == NULL)
disabled = 1;
else
for (i = 0; i < pattern_length; i++)
if ((pattern)[i])
disabled = 1;
memset(spec, 0, TABLE_RULE_MATCH_SIZE_MAX);
if (pattern)
memcpy(&spec[pattern_offset], pattern, pattern_length);
memset(mask, 0, TABLE_RULE_MATCH_SIZE_MAX);
if (pattern_mask)
memcpy(&mask[pattern_offset], pattern_mask, pattern_length);
*item_size = pattern_offset + pattern_length;
*item_disabled = disabled;
return 0;
}
static int
flow_item_proto_preprocess(const struct rte_flow_item *item,
union flow_item *item_spec,
union flow_item *item_mask,
size_t *item_size,
int *item_disabled,
struct rte_flow_error *error)
{
const void *mask_default;
uint8_t *spec = (uint8_t *)item_spec;
uint8_t *mask = (uint8_t *)item_mask;
size_t size, i;
if (!flow_item_is_proto(item->type, &mask_default, &size))
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"Item type not supported");
if (item->type == RTE_FLOW_ITEM_TYPE_RAW)
return flow_item_raw_preprocess(item,
item_spec,
item_mask,
item_size,
item_disabled,
error);
/* spec */
if (!item->spec) {
/* If spec is NULL, then last and mask also have to be NULL. */
if (item->last || item->mask)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"Invalid item (NULL spec with non-NULL last or mask)");
memset(item_spec, 0, size);
memset(item_mask, 0, size);
*item_size = size;
*item_disabled = 1; /* TRUE */
return 0;
}
memcpy(spec, item->spec, size);
*item_size = size;
/* mask */
if (item->mask)
memcpy(mask, item->mask, size);
else
memcpy(mask, mask_default, size);
/* disabled */
for (i = 0; i < size; i++)
if (mask[i])
break;
*item_disabled = (i == size) ? 1 : 0;
/* Apply mask over spec. */
for (i = 0; i < size; i++)
spec[i] &= mask[i];
/* last */
if (item->last) {
uint8_t last[size];
/* init last */
memcpy(last, item->last, size);
for (i = 0; i < size; i++)
last[i] &= mask[i];
/* check for range */
for (i = 0; i < size; i++)
if (last[i] != spec[i])
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"Range not supported");
}
return 0;
}
/***
* Skip disabled protocol items and VOID items
* until any of the mutually exclusive conditions
* from the list below takes place:
* (A) A protocol present in the proto_mask
* is met (either ENABLED or DISABLED);
* (B) A protocol NOT present in the proto_mask is met in ENABLED state;
* (C) The END item is met.
*/
static int
flow_item_skip_disabled_protos(const struct rte_flow_item **item,
uint64_t proto_mask,
size_t *length,
struct rte_flow_error *error)
{
size_t len = 0;
for ( ; (*item)->type != RTE_FLOW_ITEM_TYPE_END; (*item)++) {
union flow_item spec, mask;
size_t size;
int disabled = 0, status;
if ((*item)->type == RTE_FLOW_ITEM_TYPE_VOID)
continue;
status = flow_item_proto_preprocess(*item,
&spec,
&mask,
&size,
&disabled,
error);
if (status)
return status;
if ((proto_mask & (1LLU << (*item)->type)) ||
!disabled)
break;
len += size;
}
if (length)
*length = len;
return 0;
}
#define FLOW_ITEM_PROTO_IP \
((1LLU << RTE_FLOW_ITEM_TYPE_IPV4) | \
(1LLU << RTE_FLOW_ITEM_TYPE_IPV6))
static void
flow_item_skip_void(const struct rte_flow_item **item)
{
for ( ; ; (*item)++)
if ((*item)->type != RTE_FLOW_ITEM_TYPE_VOID)
return;
}
#define IP_PROTOCOL_TCP 0x06
#define IP_PROTOCOL_UDP 0x11
#define IP_PROTOCOL_SCTP 0x84
static int
mask_to_depth(uint64_t mask,
uint32_t *depth)
{
uint64_t n;
if (mask == UINT64_MAX) {
if (depth)
*depth = 64;
return 0;
}
mask = ~mask;
if (mask & (mask + 1))
return -1;
n = __builtin_popcountll(mask);
if (depth)
*depth = (uint32_t)(64 - n);
return 0;
}
static int
ipv4_mask_to_depth(uint32_t mask,
uint32_t *depth)
{
uint32_t d;
int status;
status = mask_to_depth(mask | (UINT64_MAX << 32), &d);
if (status)
return status;
d -= 32;
if (depth)
*depth = d;
return 0;
}
static int
ipv6_mask_to_depth(uint8_t *mask,
uint32_t *depth)
{
uint64_t *m = (uint64_t *)mask;
uint64_t m0 = rte_be_to_cpu_64(m[0]);
uint64_t m1 = rte_be_to_cpu_64(m[1]);
uint32_t d0, d1;
int status;
status = mask_to_depth(m0, &d0);
if (status)
return status;
status = mask_to_depth(m1, &d1);
if (status)
return status;
if (d0 < 64 && d1)
return -1;
if (depth)
*depth = d0 + d1;
return 0;
}
static int
port_mask_to_range(uint16_t port,
uint16_t port_mask,
uint16_t *port0,
uint16_t *port1)
{
int status;
uint16_t p0, p1;
status = mask_to_depth(port_mask | (UINT64_MAX << 16), NULL);
if (status)
return -1;
p0 = port & port_mask;
p1 = p0 | ~port_mask;
if (port0)
*port0 = p0;
if (port1)
*port1 = p1;
return 0;
}
static int
flow_rule_match_acl_get(struct pmd_internals *softnic __rte_unused,
struct pipeline *pipeline __rte_unused,
struct softnic_table *table __rte_unused,
const struct rte_flow_attr *attr,
const struct rte_flow_item *item,
struct softnic_table_rule_match *rule_match,
struct rte_flow_error *error)
{
union flow_item spec, mask;
size_t size, length = 0;
int disabled = 0, status;
uint8_t ip_proto, ip_proto_mask;
memset(rule_match, 0, sizeof(*rule_match));
rule_match->match_type = TABLE_ACL;
rule_match->match.acl.priority = attr->priority;
/* VOID or disabled protos only, if any. */
status = flow_item_skip_disabled_protos(&item,
FLOW_ITEM_PROTO_IP, &length, error);
if (status)
return status;
/* IP only. */
status = flow_item_proto_preprocess(item, &spec, &mask,
&size, &disabled, error);
if (status)
return status;
switch (item->type) {
case RTE_FLOW_ITEM_TYPE_IPV4:
{
uint32_t sa_depth, da_depth;
status = ipv4_mask_to_depth(rte_ntohl(mask.ipv4.hdr.src_addr),
&sa_depth);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal IPv4 header source address mask");
status = ipv4_mask_to_depth(rte_ntohl(mask.ipv4.hdr.dst_addr),
&da_depth);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal IPv4 header destination address mask");
ip_proto = spec.ipv4.hdr.next_proto_id;
ip_proto_mask = mask.ipv4.hdr.next_proto_id;
rule_match->match.acl.ip_version = 1;
rule_match->match.acl.ipv4.sa =
rte_ntohl(spec.ipv4.hdr.src_addr);
rule_match->match.acl.ipv4.da =
rte_ntohl(spec.ipv4.hdr.dst_addr);
rule_match->match.acl.sa_depth = sa_depth;
rule_match->match.acl.da_depth = da_depth;
rule_match->match.acl.proto = ip_proto;
rule_match->match.acl.proto_mask = ip_proto_mask;
break;
} /* RTE_FLOW_ITEM_TYPE_IPV4 */
case RTE_FLOW_ITEM_TYPE_IPV6:
{
uint32_t sa_depth, da_depth;
status = ipv6_mask_to_depth(mask.ipv6.hdr.src_addr, &sa_depth);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal IPv6 header source address mask");
status = ipv6_mask_to_depth(mask.ipv6.hdr.dst_addr, &da_depth);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal IPv6 header destination address mask");
ip_proto = spec.ipv6.hdr.proto;
ip_proto_mask = mask.ipv6.hdr.proto;
rule_match->match.acl.ip_version = 0;
memcpy(rule_match->match.acl.ipv6.sa,
spec.ipv6.hdr.src_addr,
sizeof(spec.ipv6.hdr.src_addr));
memcpy(rule_match->match.acl.ipv6.da,
spec.ipv6.hdr.dst_addr,
sizeof(spec.ipv6.hdr.dst_addr));
rule_match->match.acl.sa_depth = sa_depth;
rule_match->match.acl.da_depth = da_depth;
rule_match->match.acl.proto = ip_proto;
rule_match->match.acl.proto_mask = ip_proto_mask;
break;
} /* RTE_FLOW_ITEM_TYPE_IPV6 */
default:
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: IP protocol required");
} /* switch */
if (ip_proto_mask != UINT8_MAX)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal IP protocol mask");
item++;
/* VOID only, if any. */
flow_item_skip_void(&item);
/* TCP/UDP/SCTP only. */
status = flow_item_proto_preprocess(item, &spec, &mask,
&size, &disabled, error);
if (status)
return status;
switch (item->type) {
case RTE_FLOW_ITEM_TYPE_TCP:
{
uint16_t sp0, sp1, dp0, dp1;
if (ip_proto != IP_PROTOCOL_TCP)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Item type is TCP, but IP protocol is not");
status = port_mask_to_range(rte_ntohs(spec.tcp.hdr.src_port),
rte_ntohs(mask.tcp.hdr.src_port),
&sp0,
&sp1);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal TCP source port mask");
status = port_mask_to_range(rte_ntohs(spec.tcp.hdr.dst_port),
rte_ntohs(mask.tcp.hdr.dst_port),
&dp0,
&dp1);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal TCP destination port mask");
rule_match->match.acl.sp0 = sp0;
rule_match->match.acl.sp1 = sp1;
rule_match->match.acl.dp0 = dp0;
rule_match->match.acl.dp1 = dp1;
break;
} /* RTE_FLOW_ITEM_TYPE_TCP */
case RTE_FLOW_ITEM_TYPE_UDP:
{
uint16_t sp0, sp1, dp0, dp1;
if (ip_proto != IP_PROTOCOL_UDP)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Item type is UDP, but IP protocol is not");
status = port_mask_to_range(rte_ntohs(spec.udp.hdr.src_port),
rte_ntohs(mask.udp.hdr.src_port),
&sp0,
&sp1);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal UDP source port mask");
status = port_mask_to_range(rte_ntohs(spec.udp.hdr.dst_port),
rte_ntohs(mask.udp.hdr.dst_port),
&dp0,
&dp1);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal UDP destination port mask");
rule_match->match.acl.sp0 = sp0;
rule_match->match.acl.sp1 = sp1;
rule_match->match.acl.dp0 = dp0;
rule_match->match.acl.dp1 = dp1;
break;
} /* RTE_FLOW_ITEM_TYPE_UDP */
case RTE_FLOW_ITEM_TYPE_SCTP:
{
uint16_t sp0, sp1, dp0, dp1;
if (ip_proto != IP_PROTOCOL_SCTP)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Item type is SCTP, but IP protocol is not");
status = port_mask_to_range(rte_ntohs(spec.sctp.hdr.src_port),
rte_ntohs(mask.sctp.hdr.src_port),
&sp0,
&sp1);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal SCTP source port mask");
status = port_mask_to_range(rte_ntohs(spec.sctp.hdr.dst_port),
rte_ntohs(mask.sctp.hdr.dst_port),
&dp0,
&dp1);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Illegal SCTP destination port mask");
rule_match->match.acl.sp0 = sp0;
rule_match->match.acl.sp1 = sp1;
rule_match->match.acl.dp0 = dp0;
rule_match->match.acl.dp1 = dp1;
break;
} /* RTE_FLOW_ITEM_TYPE_SCTP */
default:
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: TCP/UDP/SCTP required");
} /* switch */
item++;
/* VOID or disabled protos only, if any. */
status = flow_item_skip_disabled_protos(&item, 0, NULL, error);
if (status)
return status;
/* END only. */
if (item->type != RTE_FLOW_ITEM_TYPE_END)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"ACL: Expecting END item");
return 0;
}
/***
* Both *tmask* and *fmask* are byte arrays of size *tsize* and *fsize*
* respectively.
* They are located within a larger buffer at offsets *toffset* and *foffset*
* respectivelly. Both *tmask* and *fmask* represent bitmasks for the larger
* buffer.
* Question: are the two masks equivalent?
*
* Notes:
* 1. Offset basically indicates that the first offset bytes in the buffer
* are "don't care", so offset is equivalent to pre-pending an "all-zeros"
* array of *offset* bytes to the *mask*.
* 2. Each *mask* might contain a number of zero bytes at the beginning or
* at the end.
* 3. Bytes in the larger buffer after the end of the *mask* are also considered
* "don't care", so they are equivalent to appending an "all-zeros" array of
* bytes to the *mask*.
*
* Example:
* Buffer = [xx xx xx xx xx xx xx xx], buffer size = 8 bytes
* tmask = [00 22 00 33 00], toffset = 2, tsize = 5
* => buffer mask = [00 00 00 22 00 33 00 00]
* fmask = [22 00 33], foffset = 3, fsize = 3 =>
* => buffer mask = [00 00 00 22 00 33 00 00]
* Therefore, the tmask and fmask from this example are equivalent.
*/
static int
hash_key_mask_is_same(uint8_t *tmask,
size_t toffset,
size_t tsize,
uint8_t *fmask,
size_t foffset,
size_t fsize,
size_t *toffset_plus,
size_t *foffset_plus)
{
size_t tpos; /* Position of first non-zero byte in the tmask buffer. */
size_t fpos; /* Position of first non-zero byte in the fmask buffer. */
/* Compute tpos and fpos. */
for (tpos = 0; tmask[tpos] == 0; tpos++)
;
for (fpos = 0; fmask[fpos] == 0; fpos++)
;
if (toffset + tpos != foffset + fpos)
return 0; /* FALSE */
tsize -= tpos;
fsize -= fpos;
if (tsize < fsize) {
size_t i;
for (i = 0; i < tsize; i++)
if (tmask[tpos + i] != fmask[fpos + i])
return 0; /* FALSE */
for ( ; i < fsize; i++)
if (fmask[fpos + i])
return 0; /* FALSE */
} else {
size_t i;
for (i = 0; i < fsize; i++)
if (tmask[tpos + i] != fmask[fpos + i])
return 0; /* FALSE */
for ( ; i < tsize; i++)
if (tmask[tpos + i])
return 0; /* FALSE */
}
if (toffset_plus)
*toffset_plus = tpos;
if (foffset_plus)
*foffset_plus = fpos;
return 1; /* TRUE */
}
static int
flow_rule_match_hash_get(struct pmd_internals *softnic __rte_unused,
struct pipeline *pipeline __rte_unused,
struct softnic_table *table,
const struct rte_flow_attr *attr __rte_unused,
const struct rte_flow_item *item,
struct softnic_table_rule_match *rule_match,
struct rte_flow_error *error)
{
struct softnic_table_rule_match_hash key, key_mask;
struct softnic_table_hash_params *params = &table->params.match.hash;
size_t offset = 0, length = 0, tpos, fpos;
int status;
memset(&key, 0, sizeof(key));
memset(&key_mask, 0, sizeof(key_mask));
/* VOID or disabled protos only, if any. */
status = flow_item_skip_disabled_protos(&item, 0, &offset, error);
if (status)
return status;
if (item->type == RTE_FLOW_ITEM_TYPE_END)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"HASH: END detected too early");
/* VOID or any protocols (enabled or disabled). */
for ( ; item->type != RTE_FLOW_ITEM_TYPE_END; item++) {
union flow_item spec, mask;
size_t size;
int disabled, status;
if (item->type == RTE_FLOW_ITEM_TYPE_VOID)
continue;
status = flow_item_proto_preprocess(item,
&spec,
&mask,
&size,
&disabled,
error);
if (status)
return status;
if (length + size > sizeof(key)) {
if (disabled)
break;
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"HASH: Item too big");
}
memcpy(&key.key[length], &spec, size);
memcpy(&key_mask.key[length], &mask, size);
length += size;
}
if (item->type != RTE_FLOW_ITEM_TYPE_END) {
/* VOID or disabled protos only, if any. */
status = flow_item_skip_disabled_protos(&item, 0, NULL, error);
if (status)
return status;
/* END only. */
if (item->type != RTE_FLOW_ITEM_TYPE_END)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"HASH: Expecting END item");
}
/* Compare flow key mask against table key mask. */
offset += sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM;
if (!hash_key_mask_is_same(params->key_mask,
params->key_offset,
params->key_size,
key_mask.key,
offset,
length,
&tpos,
&fpos))
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"HASH: Item list is not observing the match format");
/* Rule match. */
memset(rule_match, 0, sizeof(*rule_match));
rule_match->match_type = TABLE_HASH;
memcpy(&rule_match->match.hash.key[tpos],
&key.key[fpos],
RTE_MIN(sizeof(rule_match->match.hash.key) - tpos,
length - fpos));
return 0;
}
static int
flow_rule_match_get(struct pmd_internals *softnic,
struct pipeline *pipeline,
struct softnic_table *table,
const struct rte_flow_attr *attr,
const struct rte_flow_item *item,
struct softnic_table_rule_match *rule_match,
struct rte_flow_error *error)
{
switch (table->params.match_type) {
case TABLE_ACL:
return flow_rule_match_acl_get(softnic,
pipeline,
table,
attr,
item,
rule_match,
error);
/* FALLTHROUGH */
case TABLE_HASH:
return flow_rule_match_hash_get(softnic,
pipeline,
table,
attr,
item,
rule_match,
error);
/* FALLTHROUGH */
default:
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Unsupported pipeline table match type");
}
}
static int
flow_rule_action_get(struct pmd_internals *softnic,
struct pipeline *pipeline,
struct softnic_table *table,
const struct rte_flow_attr *attr,
const struct rte_flow_action *action,
struct softnic_table_rule_action *rule_action,
struct rte_flow_error *error)
{
struct softnic_table_action_profile *profile;
struct softnic_table_action_profile_params *params;
int n_jump_queue_rss_drop = 0;
int n_count = 0;
int n_mark = 0;
int n_vxlan_decap = 0;
profile = softnic_table_action_profile_find(softnic,
table->params.action_profile_name);
if (profile == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
action,
"JUMP: Table action profile");
params = &profile->params;
for ( ; action->type != RTE_FLOW_ACTION_TYPE_END; action++) {
if (action->type == RTE_FLOW_ACTION_TYPE_VOID)
continue;
switch (action->type) {
case RTE_FLOW_ACTION_TYPE_JUMP:
{
const struct rte_flow_action_jump *conf = action->conf;
struct flow_attr_map *map;
if (conf == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"JUMP: Null configuration");
if (n_jump_queue_rss_drop)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"Only one termination action is"
" allowed per flow");
if ((params->action_mask &
(1LLU << RTE_TABLE_ACTION_FWD)) == 0)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"JUMP action not enabled for this table");
n_jump_queue_rss_drop = 1;
map = flow_attr_map_get(softnic,
conf->group,
attr->ingress);
if (map == NULL || map->valid == 0)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"JUMP: Invalid group mapping");
if (strcmp(pipeline->name, map->pipeline_name) != 0)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"JUMP: Jump to table in different pipeline");
/* RTE_TABLE_ACTION_FWD */
rule_action->fwd.action = RTE_PIPELINE_ACTION_TABLE;
rule_action->fwd.id = map->table_id;
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_FWD;
break;
} /* RTE_FLOW_ACTION_TYPE_JUMP */
case RTE_FLOW_ACTION_TYPE_QUEUE:
{
char name[NAME_SIZE];
struct rte_eth_dev *dev;
const struct rte_flow_action_queue *conf = action->conf;
uint32_t port_id;
int status;
if (conf == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"QUEUE: Null configuration");
if (n_jump_queue_rss_drop)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"Only one termination action is allowed"
" per flow");
if ((params->action_mask &
(1LLU << RTE_TABLE_ACTION_FWD)) == 0)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"QUEUE action not enabled for this table");
n_jump_queue_rss_drop = 1;
dev = ETHDEV(softnic);
if (dev == NULL ||
conf->index >= dev->data->nb_rx_queues)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"QUEUE: Invalid RX queue ID");
sprintf(name, "RXQ%u", (uint32_t)conf->index);
status = softnic_pipeline_port_out_find(softnic,
pipeline->name,
name,
&port_id);
if (status)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"QUEUE: RX queue not accessible from this pipeline");
/* RTE_TABLE_ACTION_FWD */
rule_action->fwd.action = RTE_PIPELINE_ACTION_PORT;
rule_action->fwd.id = port_id;
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_FWD;
break;
} /*RTE_FLOW_ACTION_TYPE_QUEUE */
case RTE_FLOW_ACTION_TYPE_RSS:
{
const struct rte_flow_action_rss *conf = action->conf;
uint32_t i;
if (conf == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"RSS: Null configuration");
if (!rte_is_power_of_2(conf->queue_num))
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION_CONF,
conf,
"RSS: Number of queues must be a power of 2");
if (conf->queue_num > RTE_DIM(rule_action->lb.out))
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION_CONF,
conf,
"RSS: Number of queues too big");
if (n_jump_queue_rss_drop)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"Only one termination action is allowed per flow");
if (((params->action_mask &
(1LLU << RTE_TABLE_ACTION_FWD)) == 0) ||
((params->action_mask &
(1LLU << RTE_TABLE_ACTION_LB)) == 0))
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"RSS action not supported by this table");
if (params->lb.out_offset !=
pipeline->params.offset_port_id)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"RSS action not supported by this pipeline");
n_jump_queue_rss_drop = 1;
/* RTE_TABLE_ACTION_LB */
for (i = 0; i < conf->queue_num; i++) {
char name[NAME_SIZE];
struct rte_eth_dev *dev;
uint32_t port_id;
int status;
dev = ETHDEV(softnic);
if (dev == NULL ||
conf->queue[i] >=
dev->data->nb_rx_queues)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"RSS: Invalid RX queue ID");
sprintf(name, "RXQ%u",
(uint32_t)conf->queue[i]);
status = softnic_pipeline_port_out_find(softnic,
pipeline->name,
name,
&port_id);
if (status)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"RSS: RX queue not accessible from this pipeline");
rule_action->lb.out[i] = port_id;
}
for ( ; i < RTE_DIM(rule_action->lb.out); i++)
rule_action->lb.out[i] =
rule_action->lb.out[i % conf->queue_num];
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_LB;
/* RTE_TABLE_ACTION_FWD */
rule_action->fwd.action = RTE_PIPELINE_ACTION_PORT_META;
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_FWD;
break;
} /* RTE_FLOW_ACTION_TYPE_RSS */
case RTE_FLOW_ACTION_TYPE_DROP:
{
const void *conf = action->conf;
if (conf != NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"DROP: No configuration required");
if (n_jump_queue_rss_drop)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"Only one termination action is allowed per flow");
if ((params->action_mask &
(1LLU << RTE_TABLE_ACTION_FWD)) == 0)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"DROP action not supported by this table");
n_jump_queue_rss_drop = 1;
/* RTE_TABLE_ACTION_FWD */
rule_action->fwd.action = RTE_PIPELINE_ACTION_DROP;
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_FWD;
break;
} /* RTE_FLOW_ACTION_TYPE_DROP */
case RTE_FLOW_ACTION_TYPE_COUNT:
{
const struct rte_flow_action_count *conf = action->conf;
if (conf == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"COUNT: Null configuration");
if (conf->shared)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ACTION_CONF,
conf,
"COUNT: Shared counters not supported");
if (n_count)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"Only one COUNT action per flow");
if ((params->action_mask &
(1LLU << RTE_TABLE_ACTION_STATS)) == 0)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"COUNT action not supported by this table");
n_count = 1;
/* RTE_TABLE_ACTION_STATS */
rule_action->stats.n_packets = 0;
rule_action->stats.n_bytes = 0;
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_STATS;
break;
} /* RTE_FLOW_ACTION_TYPE_COUNT */
case RTE_FLOW_ACTION_TYPE_MARK:
{
const struct rte_flow_action_mark *conf = action->conf;
if (conf == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"MARK: Null configuration");
if (n_mark)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"Only one MARK action per flow");
if ((params->action_mask &
(1LLU << RTE_TABLE_ACTION_TAG)) == 0)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"MARK action not supported by this table");
n_mark = 1;
/* RTE_TABLE_ACTION_TAG */
rule_action->tag.tag = conf->id;
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_TAG;
break;
} /* RTE_FLOW_ACTION_TYPE_MARK */
case RTE_FLOW_ACTION_TYPE_VXLAN_DECAP:
{
const struct rte_flow_action_mark *conf = action->conf;
if (conf)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"VXLAN DECAP: Non-null configuration");
if (n_vxlan_decap)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"Only one VXLAN DECAP action per flow");
if ((params->action_mask &
(1LLU << RTE_TABLE_ACTION_DECAP)) == 0)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"VXLAN DECAP action not supported by this table");
n_vxlan_decap = 1;
/* RTE_TABLE_ACTION_DECAP */
rule_action->decap.n = 50; /* Ether/IPv4/UDP/VXLAN */
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_DECAP;
break;
} /* RTE_FLOW_ACTION_TYPE_VXLAN_DECAP */
case RTE_FLOW_ACTION_TYPE_METER:
{
const struct rte_flow_action_meter *conf = action->conf;
struct softnic_mtr_meter_profile *mp;
struct softnic_mtr *m;
uint32_t table_id = table - pipeline->table;
uint32_t meter_profile_id;
int status;
if ((params->action_mask & (1LLU << RTE_TABLE_ACTION_MTR)) == 0)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"METER: Table action not supported");
if (params->mtr.n_tc != 1)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"METER: Multiple TCs not supported");
if (conf == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"METER: Null configuration");
m = softnic_mtr_find(softnic, conf->mtr_id);
if (m == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION_CONF,
NULL,
"METER: Invalid meter ID");
if (m->flow)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION_CONF,
NULL,
"METER: Meter already attached to a flow");
meter_profile_id = m->params.meter_profile_id;
mp = softnic_mtr_meter_profile_find(softnic, meter_profile_id);
/* Add meter profile to pipeline table */
if (!softnic_pipeline_table_meter_profile_find(table,
meter_profile_id)) {
struct rte_table_action_meter_profile profile;
memset(&profile, 0, sizeof(profile));
profile.alg = RTE_TABLE_ACTION_METER_TRTCM;
profile.trtcm.cir = mp->params.trtcm_rfc2698.cir;
profile.trtcm.pir = mp->params.trtcm_rfc2698.pir;
profile.trtcm.cbs = mp->params.trtcm_rfc2698.cbs;
profile.trtcm.pbs = mp->params.trtcm_rfc2698.pbs;
status = softnic_pipeline_table_mtr_profile_add(softnic,
pipeline->name,
table_id,
meter_profile_id,
&profile);
if (status) {
rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"METER: Table meter profile add failed");
return -1;
}
}
/* RTE_TABLE_ACTION_METER */
rule_action->mtr.mtr[0].meter_profile_id = meter_profile_id;
rule_action->mtr.mtr[0].policer[e_RTE_METER_GREEN] =
softnic_table_action_policer(m->params.action[RTE_MTR_GREEN]);
rule_action->mtr.mtr[0].policer[e_RTE_METER_YELLOW] =
softnic_table_action_policer(m->params.action[RTE_MTR_YELLOW]);
rule_action->mtr.mtr[0].policer[e_RTE_METER_RED] =
softnic_table_action_policer(m->params.action[RTE_MTR_RED]);
rule_action->mtr.tc_mask = 1;
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_MTR;
break;
} /* RTE_FLOW_ACTION_TYPE_METER */
case RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP:
{
const struct rte_flow_action_vxlan_encap *conf =
action->conf;
const struct rte_flow_item *item;
union flow_item spec, mask;
int disabled = 0, status;
size_t size;
if (conf == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"VXLAN ENCAP: Null configuration");
item = conf->definition;
if (item == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"VXLAN ENCAP: Null configuration definition");
if (!(params->action_mask &
(1LLU << RTE_TABLE_ACTION_ENCAP)))
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"VXLAN ENCAP: Encap action not enabled for this table");
/* Check for Ether. */
flow_item_skip_void(&item);
status = flow_item_proto_preprocess(item, &spec, &mask,
&size, &disabled, error);
if (status)
return status;
if (item->type != RTE_FLOW_ITEM_TYPE_ETH) {
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"VXLAN ENCAP: first encap item should be ether");
}
ether_addr_copy(&spec.eth.dst,
&rule_action->encap.vxlan.ether.da);
ether_addr_copy(&spec.eth.src,
&rule_action->encap.vxlan.ether.sa);
item++;
/* Check for VLAN. */
flow_item_skip_void(&item);
status = flow_item_proto_preprocess(item, &spec, &mask,
&size, &disabled, error);
if (status)
return status;
if (item->type == RTE_FLOW_ITEM_TYPE_VLAN) {
if (!params->encap.vxlan.vlan)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"VXLAN ENCAP: vlan encap not supported by table");
uint16_t tci = rte_ntohs(spec.vlan.tci);
rule_action->encap.vxlan.vlan.pcp =
tci >> 13;
rule_action->encap.vxlan.vlan.dei =
(tci >> 12) & 0x1;
rule_action->encap.vxlan.vlan.vid =
tci & 0xfff;
item++;
flow_item_skip_void(&item);
status = flow_item_proto_preprocess(item, &spec,
&mask, &size, &disabled, error);
if (status)
return status;
} else {
if (params->encap.vxlan.vlan)
return rte_flow_error_set(error,
ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"VXLAN ENCAP: expecting vlan encap item");
}
/* Check for IPV4/IPV6. */
switch (item->type) {
case RTE_FLOW_ITEM_TYPE_IPV4:
{
rule_action->encap.vxlan.ipv4.sa =
rte_ntohl(spec.ipv4.hdr.src_addr);
rule_action->encap.vxlan.ipv4.da =
rte_ntohl(spec.ipv4.hdr.dst_addr);
rule_action->encap.vxlan.ipv4.dscp =
spec.ipv4.hdr.type_of_service >> 2;
rule_action->encap.vxlan.ipv4.ttl =
spec.ipv4.hdr.time_to_live;
break;
}
case RTE_FLOW_ITEM_TYPE_IPV6:
{
uint32_t vtc_flow;
memcpy(&rule_action->encap.vxlan.ipv6.sa,
&spec.ipv6.hdr.src_addr,
sizeof(spec.ipv6.hdr.src_addr));
memcpy(&rule_action->encap.vxlan.ipv6.da,
&spec.ipv6.hdr.dst_addr,
sizeof(spec.ipv6.hdr.dst_addr));
vtc_flow = rte_ntohl(spec.ipv6.hdr.vtc_flow);
rule_action->encap.vxlan.ipv6.flow_label =
vtc_flow & 0xfffff;
rule_action->encap.vxlan.ipv6.dscp =
(vtc_flow >> 22) & 0x3f;
rule_action->encap.vxlan.ipv6.hop_limit =
spec.ipv6.hdr.hop_limits;
break;
}
default:
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"VXLAN ENCAP: encap item after ether should be ipv4/ipv6");
}
item++;
/* Check for UDP. */
flow_item_skip_void(&item);
status = flow_item_proto_preprocess(item, &spec, &mask,
&size, &disabled, error);
if (status)
return status;
if (item->type != RTE_FLOW_ITEM_TYPE_UDP) {
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"VXLAN ENCAP: encap item after ipv4/ipv6 should be udp");
}
rule_action->encap.vxlan.udp.sp =
rte_ntohs(spec.udp.hdr.src_port);
rule_action->encap.vxlan.udp.dp =
rte_ntohs(spec.udp.hdr.dst_port);
item++;
/* Check for VXLAN. */
flow_item_skip_void(&item);
status = flow_item_proto_preprocess(item, &spec, &mask,
&size, &disabled, error);
if (status)
return status;
if (item->type != RTE_FLOW_ITEM_TYPE_VXLAN) {
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"VXLAN ENCAP: encap item after udp should be vxlan");
}
rule_action->encap.vxlan.vxlan.vni =
(spec.vxlan.vni[0] << 16U |
spec.vxlan.vni[1] << 8U
| spec.vxlan.vni[2]);
item++;
/* Check for END. */
flow_item_skip_void(&item);
if (item->type != RTE_FLOW_ITEM_TYPE_END)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
item,
"VXLAN ENCAP: expecting END item");
rule_action->encap.type = RTE_TABLE_ACTION_ENCAP_VXLAN;
rule_action->action_mask |= 1 << RTE_TABLE_ACTION_ENCAP;
break;
} /* RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP */
default:
return -ENOTSUP;
}
}
if (n_jump_queue_rss_drop == 0)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
action,
"Flow does not have any terminating action");
return 0;
}
static int
pmd_flow_validate(struct rte_eth_dev *dev,
const struct rte_flow_attr *attr,
const struct rte_flow_item item[],
const struct rte_flow_action action[],
struct rte_flow_error *error)
{
struct softnic_table_rule_match rule_match;
struct softnic_table_rule_action rule_action;
struct pmd_internals *softnic = dev->data->dev_private;
struct pipeline *pipeline;
struct softnic_table *table;
const char *pipeline_name = NULL;
uint32_t table_id = 0;
int status;
/* Check input parameters. */
if (attr == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ATTR,
NULL, "Null attr");
if (item == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
NULL,
"Null item");
if (action == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
NULL,
"Null action");
/* Identify the pipeline table to add this flow to. */
status = flow_pipeline_table_get(softnic, attr, &pipeline_name,
&table_id, error);
if (status)
return status;
pipeline = softnic_pipeline_find(softnic, pipeline_name);
if (pipeline == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Invalid pipeline name");
if (table_id >= pipeline->n_tables)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Invalid pipeline table ID");
table = &pipeline->table[table_id];
/* Rule match. */
memset(&rule_match, 0, sizeof(rule_match));
status = flow_rule_match_get(softnic,
pipeline,
table,
attr,
item,
&rule_match,
error);
if (status)
return status;
/* Rule action. */
memset(&rule_action, 0, sizeof(rule_action));
status = flow_rule_action_get(softnic,
pipeline,
table,
attr,
action,
&rule_action,
error);
if (status)
return status;
return 0;
}
static struct softnic_mtr *
flow_action_meter_get(struct pmd_internals *softnic,
const struct rte_flow_action *action)
{
for ( ; action->type != RTE_FLOW_ACTION_TYPE_END; action++)
if (action->type == RTE_FLOW_ACTION_TYPE_METER) {
const struct rte_flow_action_meter *conf = action->conf;
if (conf == NULL)
return NULL;
return softnic_mtr_find(softnic, conf->mtr_id);
}
return NULL;
}
static void
flow_meter_owner_reset(struct pmd_internals *softnic,
struct rte_flow *flow)
{
struct softnic_mtr_list *ml = &softnic->mtr.mtrs;
struct softnic_mtr *m;
TAILQ_FOREACH(m, ml, node)
if (m->flow == flow) {
m->flow = NULL;
break;
}
}
static void
flow_meter_owner_set(struct pmd_internals *softnic,
struct rte_flow *flow,
struct softnic_mtr *mtr)
{
/* Reset current flow meter */
flow_meter_owner_reset(softnic, flow);
/* Set new flow meter */
mtr->flow = flow;
}
static int
is_meter_action_enable(struct pmd_internals *softnic,
struct softnic_table *table)
{
struct softnic_table_action_profile *profile =
softnic_table_action_profile_find(softnic,
table->params.action_profile_name);
struct softnic_table_action_profile_params *params = &profile->params;
return (params->action_mask & (1LLU << RTE_TABLE_ACTION_MTR)) ? 1 : 0;
}
static struct rte_flow *
pmd_flow_create(struct rte_eth_dev *dev,
const struct rte_flow_attr *attr,
const struct rte_flow_item item[],
const struct rte_flow_action action[],
struct rte_flow_error *error)
{
struct softnic_table_rule_match rule_match;
struct softnic_table_rule_action rule_action;
void *rule_data;
struct pmd_internals *softnic = dev->data->dev_private;
struct pipeline *pipeline;
struct softnic_table *table;
struct rte_flow *flow;
struct softnic_mtr *mtr;
const char *pipeline_name = NULL;
uint32_t table_id = 0;
int new_flow, status;
/* Check input parameters. */
if (attr == NULL) {
rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ATTR,
NULL,
"Null attr");
return NULL;
}
if (item == NULL) {
rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
NULL,
"Null item");
return NULL;
}
if (action == NULL) {
rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
NULL,
"Null action");
return NULL;
}
/* Identify the pipeline table to add this flow to. */
status = flow_pipeline_table_get(softnic, attr, &pipeline_name,
&table_id, error);
if (status)
return NULL;
pipeline = softnic_pipeline_find(softnic, pipeline_name);
if (pipeline == NULL) {
rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Invalid pipeline name");
return NULL;
}
if (table_id >= pipeline->n_tables) {
rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Invalid pipeline table ID");
return NULL;
}
table = &pipeline->table[table_id];
/* Rule match. */
memset(&rule_match, 0, sizeof(rule_match));
status = flow_rule_match_get(softnic,
pipeline,
table,
attr,
item,
&rule_match,
error);
if (status)
return NULL;
/* Rule action. */
memset(&rule_action, 0, sizeof(rule_action));
status = flow_rule_action_get(softnic,
pipeline,
table,
attr,
action,
&rule_action,
error);
if (status)
return NULL;
/* Flow find/allocate. */
new_flow = 0;
flow = softnic_flow_find(table, &rule_match);
if (flow == NULL) {
new_flow = 1;
flow = calloc(1, sizeof(struct rte_flow));
if (flow == NULL) {
rte_flow_error_set(error,
ENOMEM,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Not enough memory for new flow");
return NULL;
}
}
/* Rule add. */
status = softnic_pipeline_table_rule_add(softnic,
pipeline_name,
table_id,
&rule_match,
&rule_action,
&rule_data);
if (status) {
if (new_flow)
free(flow);
rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Pipeline table rule add failed");
return NULL;
}
/* Flow fill in. */
memcpy(&flow->match, &rule_match, sizeof(rule_match));
memcpy(&flow->action, &rule_action, sizeof(rule_action));
flow->data = rule_data;
flow->pipeline = pipeline;
flow->table_id = table_id;
mtr = flow_action_meter_get(softnic, action);
if (mtr)
flow_meter_owner_set(softnic, flow, mtr);
/* Flow add to list. */
if (new_flow)
TAILQ_INSERT_TAIL(&table->flows, flow, node);
return flow;
}
static int
pmd_flow_destroy(struct rte_eth_dev *dev,
struct rte_flow *flow,
struct rte_flow_error *error)
{
struct pmd_internals *softnic = dev->data->dev_private;
struct softnic_table *table;
int status;
/* Check input parameters. */
if (flow == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_HANDLE,
NULL,
"Null flow");
table = &flow->pipeline->table[flow->table_id];
/* Rule delete. */
status = softnic_pipeline_table_rule_delete(softnic,
flow->pipeline->name,
flow->table_id,
&flow->match);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Pipeline table rule delete failed");
/* Update dependencies */
if (is_meter_action_enable(softnic, table))
flow_meter_owner_reset(softnic, flow);
/* Flow delete. */
TAILQ_REMOVE(&table->flows, flow, node);
free(flow);
return 0;
}
static int
pmd_flow_flush(struct rte_eth_dev *dev,
struct rte_flow_error *error)
{
struct pmd_internals *softnic = dev->data->dev_private;
struct pipeline *pipeline;
int fail_to_del_rule = 0;
uint32_t i;
TAILQ_FOREACH(pipeline, &softnic->pipeline_list, node) {
/* Remove all the flows added to the tables. */
for (i = 0; i < pipeline->n_tables; i++) {
struct softnic_table *table = &pipeline->table[i];
struct rte_flow *flow;
void *temp;
int status;
TAILQ_FOREACH_SAFE(flow, &table->flows, node, temp) {
/* Rule delete. */
status = softnic_pipeline_table_rule_delete
(softnic,
pipeline->name,
i,
&flow->match);
if (status)
fail_to_del_rule = 1;
/* Update dependencies */
if (is_meter_action_enable(softnic, table))
flow_meter_owner_reset(softnic, flow);
/* Flow delete. */
TAILQ_REMOVE(&table->flows, flow, node);
free(flow);
}
}
}
if (fail_to_del_rule)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Some of the rules could not be deleted");
return 0;
}
static int
pmd_flow_query(struct rte_eth_dev *dev __rte_unused,
struct rte_flow *flow,
const struct rte_flow_action *action __rte_unused,
void *data,
struct rte_flow_error *error)
{
struct rte_table_action_stats_counters stats;
struct softnic_table *table;
struct rte_flow_query_count *flow_stats = data;
int status;
/* Check input parameters. */
if (flow == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_HANDLE,
NULL,
"Null flow");
if (data == NULL)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Null data");
table = &flow->pipeline->table[flow->table_id];
/* Rule stats read. */
status = rte_table_action_stats_read(table->a,
flow->data,
&stats,
flow_stats->reset);
if (status)
return rte_flow_error_set(error,
EINVAL,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"Pipeline table rule stats read failed");
/* Fill in flow stats. */
flow_stats->hits_set =
(table->ap->params.stats.n_packets_enabled) ? 1 : 0;
flow_stats->bytes_set =
(table->ap->params.stats.n_bytes_enabled) ? 1 : 0;
flow_stats->hits = stats.n_packets;
flow_stats->bytes = stats.n_bytes;
return 0;
}
const struct rte_flow_ops pmd_flow_ops = {
.validate = pmd_flow_validate,
.create = pmd_flow_create,
.destroy = pmd_flow_destroy,
.flush = pmd_flow_flush,
.query = pmd_flow_query,
.isolate = NULL,
};