4 * Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <rte_common.h>
37 #include <rte_malloc.h>
38 #include <rte_ether.h>
41 #include <rte_byteorder.h>
42 #include <rte_table_acl.h>
44 #include "pipeline_firewall_be.h"
47 struct pipeline_firewall
{
49 pipeline_msg_req_handler custom_handlers
[PIPELINE_FIREWALL_MSG_REQS
];
52 uint32_t n_rule_fields
;
53 struct rte_acl_field_def
*field_format
;
54 uint32_t field_format_size
;
55 } __rte_cache_aligned
;
58 pipeline_firewall_msg_req_custom_handler(struct pipeline
*p
, void *msg
);
60 static pipeline_msg_req_handler handlers
[] = {
61 [PIPELINE_MSG_REQ_PING
] =
62 pipeline_msg_req_ping_handler
,
63 [PIPELINE_MSG_REQ_STATS_PORT_IN
] =
64 pipeline_msg_req_stats_port_in_handler
,
65 [PIPELINE_MSG_REQ_STATS_PORT_OUT
] =
66 pipeline_msg_req_stats_port_out_handler
,
67 [PIPELINE_MSG_REQ_STATS_TABLE
] =
68 pipeline_msg_req_stats_table_handler
,
69 [PIPELINE_MSG_REQ_PORT_IN_ENABLE
] =
70 pipeline_msg_req_port_in_enable_handler
,
71 [PIPELINE_MSG_REQ_PORT_IN_DISABLE
] =
72 pipeline_msg_req_port_in_disable_handler
,
73 [PIPELINE_MSG_REQ_CUSTOM
] =
74 pipeline_firewall_msg_req_custom_handler
,
78 pipeline_firewall_msg_req_add_handler(struct pipeline
*p
, void *msg
);
81 pipeline_firewall_msg_req_del_handler(struct pipeline
*p
, void *msg
);
84 pipeline_firewall_msg_req_add_bulk_handler(struct pipeline
*p
, void *msg
);
87 pipeline_firewall_msg_req_del_bulk_handler(struct pipeline
*p
, void *msg
);
90 pipeline_firewall_msg_req_add_default_handler(struct pipeline
*p
, void *msg
);
93 pipeline_firewall_msg_req_del_default_handler(struct pipeline
*p
, void *msg
);
95 static pipeline_msg_req_handler custom_handlers
[] = {
96 [PIPELINE_FIREWALL_MSG_REQ_ADD
] =
97 pipeline_firewall_msg_req_add_handler
,
98 [PIPELINE_FIREWALL_MSG_REQ_DEL
] =
99 pipeline_firewall_msg_req_del_handler
,
100 [PIPELINE_FIREWALL_MSG_REQ_ADD_BULK
] =
101 pipeline_firewall_msg_req_add_bulk_handler
,
102 [PIPELINE_FIREWALL_MSG_REQ_DEL_BULK
] =
103 pipeline_firewall_msg_req_del_bulk_handler
,
104 [PIPELINE_FIREWALL_MSG_REQ_ADD_DEFAULT
] =
105 pipeline_firewall_msg_req_add_default_handler
,
106 [PIPELINE_FIREWALL_MSG_REQ_DEL_DEFAULT
] =
107 pipeline_firewall_msg_req_del_default_handler
,
113 struct firewall_table_entry
{
114 struct rte_pipeline_table_entry head
;
117 static struct rte_acl_field_def field_format_ipv4
[] = {
120 .type
= RTE_ACL_FIELD_TYPE_BITMASK
,
121 .size
= sizeof(uint8_t),
124 .offset
= sizeof(struct ether_hdr
) +
125 offsetof(struct ipv4_hdr
, next_proto_id
),
128 /* Source IP address (IPv4) */
130 .type
= RTE_ACL_FIELD_TYPE_MASK
,
131 .size
= sizeof(uint32_t),
134 .offset
= sizeof(struct ether_hdr
) +
135 offsetof(struct ipv4_hdr
, src_addr
),
138 /* Destination IP address (IPv4) */
140 .type
= RTE_ACL_FIELD_TYPE_MASK
,
141 .size
= sizeof(uint32_t),
144 .offset
= sizeof(struct ether_hdr
) +
145 offsetof(struct ipv4_hdr
, dst_addr
),
150 .type
= RTE_ACL_FIELD_TYPE_RANGE
,
151 .size
= sizeof(uint16_t),
154 .offset
= sizeof(struct ether_hdr
) +
155 sizeof(struct ipv4_hdr
) +
156 offsetof(struct tcp_hdr
, src_port
),
159 /* Destination Port */
161 .type
= RTE_ACL_FIELD_TYPE_RANGE
,
162 .size
= sizeof(uint16_t),
165 .offset
= sizeof(struct ether_hdr
) +
166 sizeof(struct ipv4_hdr
) +
167 offsetof(struct tcp_hdr
, dst_port
),
171 #define SIZEOF_VLAN_HDR 4
173 static struct rte_acl_field_def field_format_vlan_ipv4
[] = {
176 .type
= RTE_ACL_FIELD_TYPE_BITMASK
,
177 .size
= sizeof(uint8_t),
180 .offset
= sizeof(struct ether_hdr
) +
182 offsetof(struct ipv4_hdr
, next_proto_id
),
185 /* Source IP address (IPv4) */
187 .type
= RTE_ACL_FIELD_TYPE_MASK
,
188 .size
= sizeof(uint32_t),
191 .offset
= sizeof(struct ether_hdr
) +
193 offsetof(struct ipv4_hdr
, src_addr
),
196 /* Destination IP address (IPv4) */
198 .type
= RTE_ACL_FIELD_TYPE_MASK
,
199 .size
= sizeof(uint32_t),
202 .offset
= sizeof(struct ether_hdr
) +
204 offsetof(struct ipv4_hdr
, dst_addr
),
209 .type
= RTE_ACL_FIELD_TYPE_RANGE
,
210 .size
= sizeof(uint16_t),
213 .offset
= sizeof(struct ether_hdr
) +
215 sizeof(struct ipv4_hdr
) +
216 offsetof(struct tcp_hdr
, src_port
),
219 /* Destination Port */
221 .type
= RTE_ACL_FIELD_TYPE_RANGE
,
222 .size
= sizeof(uint16_t),
225 .offset
= sizeof(struct ether_hdr
) +
227 sizeof(struct ipv4_hdr
) +
228 offsetof(struct tcp_hdr
, dst_port
),
232 #define SIZEOF_QINQ_HEADER 8
234 static struct rte_acl_field_def field_format_qinq_ipv4
[] = {
237 .type
= RTE_ACL_FIELD_TYPE_BITMASK
,
238 .size
= sizeof(uint8_t),
241 .offset
= sizeof(struct ether_hdr
) +
243 offsetof(struct ipv4_hdr
, next_proto_id
),
246 /* Source IP address (IPv4) */
248 .type
= RTE_ACL_FIELD_TYPE_MASK
,
249 .size
= sizeof(uint32_t),
252 .offset
= sizeof(struct ether_hdr
) +
254 offsetof(struct ipv4_hdr
, src_addr
),
257 /* Destination IP address (IPv4) */
259 .type
= RTE_ACL_FIELD_TYPE_MASK
,
260 .size
= sizeof(uint32_t),
263 .offset
= sizeof(struct ether_hdr
) +
265 offsetof(struct ipv4_hdr
, dst_addr
),
270 .type
= RTE_ACL_FIELD_TYPE_RANGE
,
271 .size
= sizeof(uint16_t),
274 .offset
= sizeof(struct ether_hdr
) +
276 sizeof(struct ipv4_hdr
) +
277 offsetof(struct tcp_hdr
, src_port
),
280 /* Destination Port */
282 .type
= RTE_ACL_FIELD_TYPE_RANGE
,
283 .size
= sizeof(uint16_t),
286 .offset
= sizeof(struct ether_hdr
) +
288 sizeof(struct ipv4_hdr
) +
289 offsetof(struct tcp_hdr
, dst_port
),
294 pipeline_firewall_parse_args(struct pipeline_firewall
*p
,
295 struct pipeline_params
*params
)
297 uint32_t n_rules_present
= 0;
298 uint32_t pkt_type_present
= 0;
302 p
->n_rules
= 4 * 1024;
303 p
->n_rule_fields
= RTE_DIM(field_format_ipv4
);
304 p
->field_format
= field_format_ipv4
;
305 p
->field_format_size
= sizeof(field_format_ipv4
);
307 for (i
= 0; i
< params
->n_args
; i
++) {
308 char *arg_name
= params
->args_name
[i
];
309 char *arg_value
= params
->args_value
[i
];
311 if (strcmp(arg_name
, "n_rules") == 0) {
314 PIPELINE_PARSE_ERR_DUPLICATE(
315 n_rules_present
== 0, params
->name
,
319 status
= parser_read_uint32(&p
->n_rules
,
321 PIPELINE_PARSE_ERR_INV_VAL((status
!= -EINVAL
),
322 params
->name
, arg_name
, arg_value
);
323 PIPELINE_PARSE_ERR_OUT_RNG((status
!= -ERANGE
),
324 params
->name
, arg_name
, arg_value
);
328 if (strcmp(arg_name
, "pkt_type") == 0) {
329 PIPELINE_PARSE_ERR_DUPLICATE(
330 pkt_type_present
== 0, params
->name
,
332 pkt_type_present
= 1;
335 if (strcmp(arg_value
, "ipv4") == 0) {
336 p
->n_rule_fields
= RTE_DIM(field_format_ipv4
);
337 p
->field_format
= field_format_ipv4
;
338 p
->field_format_size
=
339 sizeof(field_format_ipv4
);
344 if (strcmp(arg_value
, "vlan_ipv4") == 0) {
346 RTE_DIM(field_format_vlan_ipv4
);
347 p
->field_format
= field_format_vlan_ipv4
;
348 p
->field_format_size
=
349 sizeof(field_format_vlan_ipv4
);
354 if (strcmp(arg_value
, "qinq_ipv4") == 0) {
356 RTE_DIM(field_format_qinq_ipv4
);
357 p
->field_format
= field_format_qinq_ipv4
;
358 p
->field_format_size
=
359 sizeof(field_format_qinq_ipv4
);
364 PIPELINE_PARSE_ERR_INV_VAL(0, params
->name
,
365 arg_name
, arg_value
);
369 PIPELINE_PARSE_ERR_INV_ENT(0, params
->name
, arg_name
);
376 pipeline_firewall_init(struct pipeline_params
*params
,
377 __rte_unused
void *arg
)
380 struct pipeline_firewall
*p_fw
;
383 /* Check input arguments */
384 if ((params
== NULL
) ||
385 (params
->n_ports_in
== 0) ||
386 (params
->n_ports_out
== 0))
389 /* Memory allocation */
390 size
= RTE_CACHE_LINE_ROUNDUP(sizeof(struct pipeline_firewall
));
391 p
= rte_zmalloc(NULL
, size
, RTE_CACHE_LINE_SIZE
);
392 p_fw
= (struct pipeline_firewall
*) p
;
396 strcpy(p
->name
, params
->name
);
397 p
->log_level
= params
->log_level
;
399 PLOG(p
, HIGH
, "Firewall");
401 /* Parse arguments */
402 if (pipeline_firewall_parse_args(p_fw
, params
))
407 struct rte_pipeline_params pipeline_params
= {
408 .name
= params
->name
,
409 .socket_id
= params
->socket_id
,
413 p
->p
= rte_pipeline_create(&pipeline_params
);
421 p
->n_ports_in
= params
->n_ports_in
;
422 for (i
= 0; i
< p
->n_ports_in
; i
++) {
423 struct rte_pipeline_port_in_params port_params
= {
424 .ops
= pipeline_port_in_params_get_ops(
425 ¶ms
->port_in
[i
]),
426 .arg_create
= pipeline_port_in_params_convert(
427 ¶ms
->port_in
[i
]),
430 .burst_size
= params
->port_in
[i
].burst_size
,
433 int status
= rte_pipeline_port_in_create(p
->p
,
438 rte_pipeline_free(p
->p
);
445 p
->n_ports_out
= params
->n_ports_out
;
446 for (i
= 0; i
< p
->n_ports_out
; i
++) {
447 struct rte_pipeline_port_out_params port_params
= {
448 .ops
= pipeline_port_out_params_get_ops(
449 ¶ms
->port_out
[i
]),
450 .arg_create
= pipeline_port_out_params_convert(
451 ¶ms
->port_out
[i
]),
456 int status
= rte_pipeline_port_out_create(p
->p
,
461 rte_pipeline_free(p
->p
);
470 struct rte_table_acl_params table_acl_params
= {
471 .name
= params
->name
,
472 .n_rules
= p_fw
->n_rules
,
473 .n_rule_fields
= p_fw
->n_rule_fields
,
476 struct rte_pipeline_table_params table_params
= {
477 .ops
= &rte_table_acl_ops
,
478 .arg_create
= &table_acl_params
,
479 .f_action_hit
= NULL
,
480 .f_action_miss
= NULL
,
483 sizeof(struct firewall_table_entry
) -
484 sizeof(struct rte_pipeline_table_entry
),
489 memcpy(table_acl_params
.field_format
,
491 p_fw
->field_format_size
);
493 status
= rte_pipeline_table_create(p
->p
,
498 rte_pipeline_free(p
->p
);
504 /* Connecting input ports to tables */
505 for (i
= 0; i
< p
->n_ports_in
; i
++) {
506 int status
= rte_pipeline_port_in_connect_to_table(p
->p
,
511 rte_pipeline_free(p
->p
);
517 /* Enable input ports */
518 for (i
= 0; i
< p
->n_ports_in
; i
++) {
519 int status
= rte_pipeline_port_in_enable(p
->p
,
523 rte_pipeline_free(p
->p
);
529 /* Check pipeline consistency */
530 if (rte_pipeline_check(p
->p
) < 0) {
531 rte_pipeline_free(p
->p
);
537 p
->n_msgq
= params
->n_msgq
;
538 for (i
= 0; i
< p
->n_msgq
; i
++)
539 p
->msgq_in
[i
] = params
->msgq_in
[i
];
540 for (i
= 0; i
< p
->n_msgq
; i
++)
541 p
->msgq_out
[i
] = params
->msgq_out
[i
];
543 /* Message handlers */
544 memcpy(p
->handlers
, handlers
, sizeof(p
->handlers
));
545 memcpy(p_fw
->custom_handlers
,
547 sizeof(p_fw
->custom_handlers
));
553 pipeline_firewall_free(void *pipeline
)
555 struct pipeline
*p
= (struct pipeline
*) pipeline
;
557 /* Check input arguments */
562 rte_pipeline_free(p
->p
);
568 pipeline_firewall_timer(void *pipeline
)
570 struct pipeline
*p
= (struct pipeline
*) pipeline
;
572 pipeline_msg_req_handle(p
);
573 rte_pipeline_flush(p
->p
);
579 pipeline_firewall_msg_req_custom_handler(struct pipeline
*p
,
582 struct pipeline_firewall
*p_fw
= (struct pipeline_firewall
*) p
;
583 struct pipeline_custom_msg_req
*req
= msg
;
584 pipeline_msg_req_handler f_handle
;
586 f_handle
= (req
->subtype
< PIPELINE_FIREWALL_MSG_REQS
) ?
587 p_fw
->custom_handlers
[req
->subtype
] :
588 pipeline_msg_req_invalid_handler
;
590 if (f_handle
== NULL
)
591 f_handle
= pipeline_msg_req_invalid_handler
;
593 return f_handle(p
, req
);
597 pipeline_firewall_msg_req_add_handler(struct pipeline
*p
, void *msg
)
599 struct pipeline_firewall_add_msg_req
*req
= msg
;
600 struct pipeline_firewall_add_msg_rsp
*rsp
= msg
;
602 struct rte_table_acl_rule_add_params params
;
603 struct firewall_table_entry entry
= {
605 .action
= RTE_PIPELINE_ACTION_PORT
,
606 {.port_id
= p
->port_out_id
[req
->port_id
]},
610 memset(¶ms
, 0, sizeof(params
));
612 switch (req
->key
.type
) {
613 case PIPELINE_FIREWALL_IPV4_5TUPLE
:
614 params
.priority
= req
->priority
;
615 params
.field_value
[0].value
.u8
=
616 req
->key
.key
.ipv4_5tuple
.proto
;
617 params
.field_value
[0].mask_range
.u8
=
618 req
->key
.key
.ipv4_5tuple
.proto_mask
;
619 params
.field_value
[1].value
.u32
=
620 req
->key
.key
.ipv4_5tuple
.src_ip
;
621 params
.field_value
[1].mask_range
.u32
=
622 req
->key
.key
.ipv4_5tuple
.src_ip_mask
;
623 params
.field_value
[2].value
.u32
=
624 req
->key
.key
.ipv4_5tuple
.dst_ip
;
625 params
.field_value
[2].mask_range
.u32
=
626 req
->key
.key
.ipv4_5tuple
.dst_ip_mask
;
627 params
.field_value
[3].value
.u16
=
628 req
->key
.key
.ipv4_5tuple
.src_port_from
;
629 params
.field_value
[3].mask_range
.u16
=
630 req
->key
.key
.ipv4_5tuple
.src_port_to
;
631 params
.field_value
[4].value
.u16
=
632 req
->key
.key
.ipv4_5tuple
.dst_port_from
;
633 params
.field_value
[4].mask_range
.u16
=
634 req
->key
.key
.ipv4_5tuple
.dst_port_to
;
638 rsp
->status
= -1; /* Error */
642 rsp
->status
= rte_pipeline_table_entry_add(p
->p
,
645 (struct rte_pipeline_table_entry
*) &entry
,
647 (struct rte_pipeline_table_entry
**) &rsp
->entry_ptr
);
653 pipeline_firewall_msg_req_del_handler(struct pipeline
*p
, void *msg
)
655 struct pipeline_firewall_del_msg_req
*req
= msg
;
656 struct pipeline_firewall_del_msg_rsp
*rsp
= msg
;
658 struct rte_table_acl_rule_delete_params params
;
660 memset(¶ms
, 0, sizeof(params
));
662 switch (req
->key
.type
) {
663 case PIPELINE_FIREWALL_IPV4_5TUPLE
:
664 params
.field_value
[0].value
.u8
=
665 req
->key
.key
.ipv4_5tuple
.proto
;
666 params
.field_value
[0].mask_range
.u8
=
667 req
->key
.key
.ipv4_5tuple
.proto_mask
;
668 params
.field_value
[1].value
.u32
=
669 req
->key
.key
.ipv4_5tuple
.src_ip
;
670 params
.field_value
[1].mask_range
.u32
=
671 req
->key
.key
.ipv4_5tuple
.src_ip_mask
;
672 params
.field_value
[2].value
.u32
=
673 req
->key
.key
.ipv4_5tuple
.dst_ip
;
674 params
.field_value
[2].mask_range
.u32
=
675 req
->key
.key
.ipv4_5tuple
.dst_ip_mask
;
676 params
.field_value
[3].value
.u16
=
677 req
->key
.key
.ipv4_5tuple
.src_port_from
;
678 params
.field_value
[3].mask_range
.u16
=
679 req
->key
.key
.ipv4_5tuple
.src_port_to
;
680 params
.field_value
[4].value
.u16
=
681 req
->key
.key
.ipv4_5tuple
.dst_port_from
;
682 params
.field_value
[4].mask_range
.u16
=
683 req
->key
.key
.ipv4_5tuple
.dst_port_to
;
687 rsp
->status
= -1; /* Error */
691 rsp
->status
= rte_pipeline_table_entry_delete(p
->p
,
701 pipeline_firewall_msg_req_add_bulk_handler(struct pipeline
*p
, void *msg
)
703 struct pipeline_firewall_add_bulk_msg_req
*req
= msg
;
704 struct pipeline_firewall_add_bulk_msg_rsp
*rsp
= msg
;
706 struct rte_table_acl_rule_add_params
*params
[req
->n_keys
];
707 struct firewall_table_entry
*entries
[req
->n_keys
];
711 n_keys
= req
->n_keys
;
713 for (i
= 0; i
< n_keys
; i
++) {
714 entries
[i
] = rte_zmalloc(NULL
,
715 sizeof(struct firewall_table_entry
),
716 RTE_CACHE_LINE_SIZE
);
717 if (entries
[i
] == NULL
) {
722 params
[i
] = rte_zmalloc(NULL
,
723 sizeof(struct rte_table_acl_rule_add_params
),
724 RTE_CACHE_LINE_SIZE
);
725 if (params
[i
] == NULL
) {
730 entries
[i
]->head
.action
= RTE_PIPELINE_ACTION_PORT
;
731 entries
[i
]->head
.port_id
= p
->port_out_id
[req
->port_ids
[i
]];
733 switch (req
->keys
[i
].type
) {
734 case PIPELINE_FIREWALL_IPV4_5TUPLE
:
735 params
[i
]->priority
= req
->priorities
[i
];
736 params
[i
]->field_value
[0].value
.u8
=
737 req
->keys
[i
].key
.ipv4_5tuple
.proto
;
738 params
[i
]->field_value
[0].mask_range
.u8
=
739 req
->keys
[i
].key
.ipv4_5tuple
.proto_mask
;
740 params
[i
]->field_value
[1].value
.u32
=
741 req
->keys
[i
].key
.ipv4_5tuple
.src_ip
;
742 params
[i
]->field_value
[1].mask_range
.u32
=
743 req
->keys
[i
].key
.ipv4_5tuple
.src_ip_mask
;
744 params
[i
]->field_value
[2].value
.u32
=
745 req
->keys
[i
].key
.ipv4_5tuple
.dst_ip
;
746 params
[i
]->field_value
[2].mask_range
.u32
=
747 req
->keys
[i
].key
.ipv4_5tuple
.dst_ip_mask
;
748 params
[i
]->field_value
[3].value
.u16
=
749 req
->keys
[i
].key
.ipv4_5tuple
.src_port_from
;
750 params
[i
]->field_value
[3].mask_range
.u16
=
751 req
->keys
[i
].key
.ipv4_5tuple
.src_port_to
;
752 params
[i
]->field_value
[4].value
.u16
=
753 req
->keys
[i
].key
.ipv4_5tuple
.dst_port_from
;
754 params
[i
]->field_value
[4].mask_range
.u16
=
755 req
->keys
[i
].key
.ipv4_5tuple
.dst_port_to
;
759 rsp
->status
= -1; /* Error */
761 for (i
= 0; i
< n_keys
; i
++) {
762 rte_free(entries
[i
]);
770 rsp
->status
= rte_pipeline_table_entry_add_bulk(p
->p
, p
->table_id
[0],
771 (void *)params
, (struct rte_pipeline_table_entry
**)entries
,
772 n_keys
, req
->keys_found
,
773 (struct rte_pipeline_table_entry
**)req
->entries_ptr
);
775 for (i
= 0; i
< n_keys
; i
++) {
776 rte_free(entries
[i
]);
784 pipeline_firewall_msg_req_del_bulk_handler(struct pipeline
*p
, void *msg
)
786 struct pipeline_firewall_del_bulk_msg_req
*req
= msg
;
787 struct pipeline_firewall_del_bulk_msg_rsp
*rsp
= msg
;
789 struct rte_table_acl_rule_delete_params
*params
[req
->n_keys
];
793 n_keys
= req
->n_keys
;
795 for (i
= 0; i
< n_keys
; i
++) {
796 params
[i
] = rte_zmalloc(NULL
,
797 sizeof(struct rte_table_acl_rule_delete_params
),
798 RTE_CACHE_LINE_SIZE
);
799 if (params
[i
] == NULL
) {
804 switch (req
->keys
[i
].type
) {
805 case PIPELINE_FIREWALL_IPV4_5TUPLE
:
806 params
[i
]->field_value
[0].value
.u8
=
807 req
->keys
[i
].key
.ipv4_5tuple
.proto
;
808 params
[i
]->field_value
[0].mask_range
.u8
=
809 req
->keys
[i
].key
.ipv4_5tuple
.proto_mask
;
810 params
[i
]->field_value
[1].value
.u32
=
811 req
->keys
[i
].key
.ipv4_5tuple
.src_ip
;
812 params
[i
]->field_value
[1].mask_range
.u32
=
813 req
->keys
[i
].key
.ipv4_5tuple
.src_ip_mask
;
814 params
[i
]->field_value
[2].value
.u32
=
815 req
->keys
[i
].key
.ipv4_5tuple
.dst_ip
;
816 params
[i
]->field_value
[2].mask_range
.u32
=
817 req
->keys
[i
].key
.ipv4_5tuple
.dst_ip_mask
;
818 params
[i
]->field_value
[3].value
.u16
=
819 req
->keys
[i
].key
.ipv4_5tuple
.src_port_from
;
820 params
[i
]->field_value
[3].mask_range
.u16
=
821 req
->keys
[i
].key
.ipv4_5tuple
.src_port_to
;
822 params
[i
]->field_value
[4].value
.u16
=
823 req
->keys
[i
].key
.ipv4_5tuple
.dst_port_from
;
824 params
[i
]->field_value
[4].mask_range
.u16
=
825 req
->keys
[i
].key
.ipv4_5tuple
.dst_port_to
;
829 rsp
->status
= -1; /* Error */
831 for (i
= 0; i
< n_keys
; i
++)
838 rsp
->status
= rte_pipeline_table_entry_delete_bulk(p
->p
, p
->table_id
[0],
839 (void **)¶ms
, n_keys
, req
->keys_found
, NULL
);
841 for (i
= 0; i
< n_keys
; i
++)
848 pipeline_firewall_msg_req_add_default_handler(struct pipeline
*p
, void *msg
)
850 struct pipeline_firewall_add_default_msg_req
*req
= msg
;
851 struct pipeline_firewall_add_default_msg_rsp
*rsp
= msg
;
853 struct firewall_table_entry default_entry
= {
855 .action
= RTE_PIPELINE_ACTION_PORT
,
856 {.port_id
= p
->port_out_id
[req
->port_id
]},
860 rsp
->status
= rte_pipeline_table_default_entry_add(p
->p
,
862 (struct rte_pipeline_table_entry
*) &default_entry
,
863 (struct rte_pipeline_table_entry
**) &rsp
->entry_ptr
);
869 pipeline_firewall_msg_req_del_default_handler(struct pipeline
*p
, void *msg
)
871 struct pipeline_firewall_del_default_msg_rsp
*rsp
= msg
;
873 rsp
->status
= rte_pipeline_table_default_entry_delete(p
->p
,
880 struct pipeline_be_ops pipeline_firewall_be_ops
= {
881 .f_init
= pipeline_firewall_init
,
882 .f_free
= pipeline_firewall_free
,
884 .f_timer
= pipeline_firewall_timer
,