From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2C828A0540; Tue, 14 Jul 2020 11:28:29 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 2B0552C57; Tue, 14 Jul 2020 11:28:28 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 5EE801D563 for ; Tue, 14 Jul 2020 11:28:26 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06E99rMn001420; Tue, 14 Jul 2020 02:28:25 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pfpt0818; bh=wbI8lqsjId4HBi75+bV1wgEalO7u9AyJZpkBdoveYVE=; b=kddT/27d7X73AT6lrYOkFDMQ1XUEtbtjiprSRtydHa+BpPnGmZYiM2zFiivTUzMrdbyX XGiWxVOq45c+921fus20wpdCQ4Ssv4PORBUpk7HJF1LmHKiPDroo6712+Cm7m+50rkew EkW3yTsqxGKsNXCSo4UI+v4m98sg/m6sce8n7G43lvA7/eppvBgxVwwPX9kitckGeJD6 OfDb175qIJ8qrTfPZEbEyGWDg+wLNGnB5sQSi0t6byadw5p/xu2EynzzSnjJF0dGMX+l ArUQyTSOMjqP8O+qYMQH3EmzV9yYNgQEiCnuHl3i48OQcRXDThxklJf/71gnS9tG026+ rg== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0b-0016f401.pphosted.com with ESMTP id 328mmhmut8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 14 Jul 2020 02:28:25 -0700 Received: from SC-EXCH01.marvell.com (10.93.176.81) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 14 Jul 2020 02:28:23 -0700 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.47) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 14 Jul 2020 02:28:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b06giU7fFGzMYnyNaBdYuJd4PPwp3y81IrUvz/v1BxQPV8f73YenFd83E7lk+WLeZL1Ik2lRB4QF+YiggKrr+zUgJy1LX1EFjzW6Y5VMEPPEElbfJkoZYHJo9okNIgzgp87VJwARzjmOcVWC4bdXuhc5cpsIvZ7njoiUm1y4GiSTCk8W2ZPN4Wp3Yb76hTaRsCSWERhva7eY0otQF0X+m0teXViQLnOVnk6IQSMopPYSYkpB99XDG9jE6SjcElVHT6d6MXQRwindKbzLwK1CD2H7XuW6JqeQ2gHRL3dFiWY2eo33VOqmw1lsuZ33bZTybEsG/AUrSpvfspp2k23BTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wbI8lqsjId4HBi75+bV1wgEalO7u9AyJZpkBdoveYVE=; b=iVvbssZ2RuSkx5LgAT37aE0XXMPaJDBeMcqM7wXJ8riAFz31DQgthAQC1Smv5BMyvMWtnG+zGsScwuW32RVE+hoI880bk9tMxLAHln4OoEvNnIm08CkDFXR6HeAquQE7SM2iJHOHNx5AfNFHuvy9rCqaS07E06U31RmYYmJISNSLLQEyvVC95fT8WlTP+lucAVaWaEaU+NY5L+n2lzT75gUH/IYIuGb4dTf43lhaC0wXhSSy/6jiECPqU/r6XDVISTUQGxEoR8jA0RnSj5+dkAzj2DBtfQpqb4bpPYff/571ptk+fv7mfSIEXGCl5+2PcYzhe005O/MX4CtnSFwRYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wbI8lqsjId4HBi75+bV1wgEalO7u9AyJZpkBdoveYVE=; b=slqazb7CWwtaD1XpmOoOIcTbL+34jRGuB1SK1A2iyapntZ+1AUBemc4H63hoqvWovTq6bP7F6JcBvMfTkC8Fwp7LGsjkbSnmCY3+YH8LWZR29sjMzdvS5NDXhitlMlsYihPrFhQtKLpYLd9QyS1RG8ez5m3mr7avaqty7D2ySn8= Received: from DM5PR1801MB1884.namprd18.prod.outlook.com (2603:10b6:4:65::20) by DM5PR1801MB1882.namprd18.prod.outlook.com (2603:10b6:4:6c::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.20; Tue, 14 Jul 2020 09:28:22 +0000 Received: from DM5PR1801MB1884.namprd18.prod.outlook.com ([fe80::25b0:1812:15c6:53e2]) by DM5PR1801MB1884.namprd18.prod.outlook.com ([fe80::25b0:1812:15c6:53e2%7]) with mapi id 15.20.3174.025; Tue, 14 Jul 2020 09:28:22 +0000 From: Ankur Dwivedi To: Akhil Goyal CC: "praveen.shetty@intel.com" , "konstantin.ananyev@intel.com" , "radu.nicolau@intel.com" , Anoob Joseph , "dev@dpdk.org" , Ankur Dwivedi Thread-Topic: [PATCH v2] examples/ipsec-secgw: enable rte_flow based packet distribution Thread-Index: AQHWPwbbwWjT4GdrxkKtXwM1sjIhsakHA3sw Date: Tue, 14 Jul 2020 09:28:21 +0000 Message-ID: References: <1591779663-15069-1-git-send-email-adwivedi@marvell.com> <1591780136-15113-1-git-send-email-adwivedi@marvell.com> In-Reply-To: <1591780136-15113-1-git-send-email-adwivedi@marvell.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=none action=none header.from=marvell.com; x-originating-ip: [47.15.16.129] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 85eef713-5ffc-448b-58ca-08d827d84095 x-ms-traffictypediagnostic: DM5PR1801MB1882: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:949; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Fx7NnylO1kZVsbyJ2iqRHKVjd7MTlXeO7Zgwnk3UWMpTV2z/07IjOmE8/QIlOvmJmLqL7+uucg1eKae5oesTVLihtiRXdzXuswICw82Fy3xR4yz7GJunthdE5shWlBmtsqSeADtwQrHmQvTtDiXSNlecHrMdL2pRgkhGH/m6bDr/UavSzciiVsQqRzXhlrMJKbBQ0X30MahCeYOiTxsA9Je75efASIIt3itTdZ7mD/IQKj9d7GIUa6O3KGEw8u2rMhxOxScaunFQ/hJTYBNvv7FcsifDbczTcG46f06sacSHl75jRTCWemu8uWBCMPjk x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR1801MB1884.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(376002)(366004)(136003)(346002)(396003)(6916009)(86362001)(55016002)(52536014)(316002)(26005)(186003)(8936002)(8676002)(478600001)(4326008)(83380400001)(66446008)(30864003)(66946007)(107886003)(66476007)(71200400001)(6506007)(7696005)(66556008)(9686003)(33656002)(5660300002)(76116006)(64756008)(54906003)(2906002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: Ra6OsfRMSQZbotXRiGnnCFHh/T0eMdUEHOc7xNLWg+TGPI7JCOmbEPKJK7+UHONCUc5HfkhQKC7UdPWaqZ84RpnqQBi6Q8kYr4Ni3huIrjK0XewMju8JSVLNWRBMZm4LWXtc+FvB+psALGWcL6zyFO+z6UlOjEGczKrmM6kyWVJzqMMDbsWeIG3FQNxyKAGcnCeZBK8V6b6hGCvOjHkODngOY4LrtmEQKwp35zsuLaJd9CSb4i92Tm/nYheGFuAb7OHPbGIn5PpLcC54EDrfAm3fJiNVVwJ8pyrEPjMgt7J09NVSmUfbBcy+hBb46iDMvXX9p4Asz8+lhfzT52GJ2DYmWEafXB4nQDSGAWRIDY/A1M6Sa1963crgNC5q0PMKKfogaF3BVV92tR+YUeLAUL2miEIFN6jmhtbavMojphPeDVEEVx/M4fYsvsbeM83DbfL6II1NVDBa5DSDhA/xJ42cycocySfYNDAQZx7ozvs= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM5PR1801MB1884.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 85eef713-5ffc-448b-58ca-08d827d84095 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2020 09:28:22.0455 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Z4y6h6+XYHXxfOTOEgoBwVbW6aZ+NQu2RTdHc9uEOnZMWNtsQgULETns7+PVjf+W0MIKC1rJ7BMxB04D0G1JHQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1801MB1882 X-OriginatorOrg: marvell.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-14_02:2020-07-13, 2020-07-14 signatures=0 Subject: Re: [dpdk-dev] [PATCH v2] examples/ipsec-secgw: enable rte_flow based packet distribution X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Akhil, Can you please review this patch? Thanks Ankur >-----Original Message----- >From: Ankur Dwivedi >Sent: Wednesday, June 10, 2020 2:39 PM >To: dev@dpdk.org >Cc: praveen.shetty@intel.com; konstantin.ananyev@intel.com; >radu.nicolau@intel.com; akhil.goyal@nxp.com; Anoob Joseph >; Ankur Dwivedi >Subject: [PATCH v2] examples/ipsec-secgw: enable rte_flow based packet >distribution > >From: Anoob Joseph > >RTE_FLOW API allows hardware parsing and steering of packets to specific >queues which helps in distributing ingress traffic across various cores. >Adding 'flow' rules allows user to specify the distribution required. > >Signed-off-by: Anoob Joseph >--- >v2: >* Removed Change-Id > > doc/guides/sample_app_ug/ipsec_secgw.rst | 78 ++++++++- > examples/ipsec-secgw/Makefile | 1 + > examples/ipsec-secgw/flow.c | 285 >+++++++++++++++++++++++++++++++ > examples/ipsec-secgw/flow.h | 15 ++ > examples/ipsec-secgw/ipsec-secgw.c | 3 + > examples/ipsec-secgw/ipsec-secgw.h | 7 + > examples/ipsec-secgw/ipsec.h | 7 - > examples/ipsec-secgw/meson.build | 15 +- > examples/ipsec-secgw/parser.c | 46 +++++ > examples/ipsec-secgw/parser.h | 7 +- > 10 files changed, 450 insertions(+), 14 deletions(-) create mode 100644 >examples/ipsec-secgw/flow.c create mode 100644 examples/ipsec- >secgw/flow.h > >diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst >b/doc/guides/sample_app_ug/ipsec_secgw.rst >index 81c5d43..434f484 100644 >--- a/doc/guides/sample_app_ug/ipsec_secgw.rst >+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst >@@ -348,7 +348,7 @@ Configurations > -------------- > > The following sections provide the syntax of configurations to initialize= -your >SP, SA, Routing and Neighbour tables. >+your SP, SA, Routing, Flow and Neighbour tables. > Configurations shall be specified in the configuration file to be passed = to the >application. The file is then parsed by the application. The successful p= arsing >will result in the appropriate rules being applied to the tables @@ -369,7 >+369,7 @@ General rule syntax > > The parse treats one line in the configuration file as one configuration = item >(unless the line concatenation symbol exists). Every configuration -item s= hall >follow the syntax of either SP, SA, Routing or Neighbour >+item shall follow the syntax of either SP, SA, Routing, Flow or >+Neighbour > rules specified below. > > The configuration parser supports the following special symbols: >@@ -808,6 +808,80 @@ Example SP rules: > > rt ipv6 dst 1111:1111:1111:1111:1111:1111:1111:5555/116 port 0 > >+Flow rule syntax >+^^^^^^^^^^^^^^^^ >+ >+Flow rule enables the usage of hardware classification capabilities to >+match specific ingress traffic and redirect the packets to the >+specified queue. This feature is optional and relies on hardware ``rte_fl= ow`` >support. >+ >+The flow rule syntax is shown as follows: >+ >+.. code-block:: console >+ >+ flow >+ >+ >+where each options means: >+ >+```` >+ >+ * IP protocol version >+ >+ * Optional: No >+ >+ * Available options: >+ >+ * *ipv4*: IP protocol version 4 >+ * *ipv6*: IP protocol version 6 >+ >+```` >+ >+ * The source IP address and mask >+ >+ * Optional: Yes, default address 0.0.0.0 and mask of 0 will be used >+ >+ * Syntax: >+ >+ * *src X.X.X.X/Y* for IPv4 >+ * *src XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX/Y* for IPv6 >+ >+```` >+ >+ * The destination IP address and mask >+ >+ * Optional: Yes, default address 0.0.0.0 and mask of 0 will be used >+ >+ * Syntax: >+ >+ * *dst X.X.X.X/Y* for IPv4 >+ * *dst XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX/Y* for IPv6 >+ >+```` >+ >+ * The traffic input port id >+ >+ * Optional: yes, default input port 0 will be used >+ >+ * Syntax: *port X* >+ >+```` >+ >+ * The traffic input queue id >+ >+ * Optional: yes, default input queue 0 will be used >+ >+ * Syntax: *queue X* >+ >+Example flow rules: >+ >+.. code-block:: console >+ >+ flow ipv4 dst 172.16.1.5/32 port 0 queue 0 >+ >+ flow ipv6 dst 1111:1111:1111:1111:1111:1111:1111:5555/116 port 1 >+ queue 0 >+ >+ > Neighbour rule syntax > ^^^^^^^^^^^^^^^^^^^^^ > >diff --git a/examples/ipsec-secgw/Makefile b/examples/ipsec-secgw/Makefile >index c4a272a..dbae152 100644 >--- a/examples/ipsec-secgw/Makefile >+++ b/examples/ipsec-secgw/Makefile >@@ -18,6 +18,7 @@ SRCS-y +=3D ipsec_process.c SRCS-y +=3D ipsec-secgw.c >SRCS-y +=3D ipsec_worker.c SRCS-y +=3D event_helper.c >+SRCS-y +=3D flow.c > > CFLAGS +=3D -gdwarf-2 > >diff --git a/examples/ipsec-secgw/flow.c b/examples/ipsec-secgw/flow.c new >file mode 100644 index 0000000..69f8405 >--- /dev/null >+++ b/examples/ipsec-secgw/flow.c >@@ -0,0 +1,285 @@ >+/* SPDX-License-Identifier: BSD-3-Clause >+ * Copyright (C) 2020 Marvell International Ltd. >+ */ >+ >+#include >+ >+#include >+#include >+#include >+ >+#include "flow.h" >+#include "ipsec-secgw.h" >+#include "parser.h" >+ >+#define FLOW_RULES_MAX 128 >+ >+struct flow_rule_entry { >+ uint8_t is_ipv4; >+ RTE_STD_C11 >+ union { >+ struct { >+ struct rte_flow_item_ipv4 spec; >+ struct rte_flow_item_ipv4 mask; >+ } ipv4; >+ struct { >+ struct rte_flow_item_ipv6 spec; >+ struct rte_flow_item_ipv6 mask; >+ } ipv6; >+ }; >+ uint16_t port; >+ uint16_t queue; >+ struct rte_flow *flow; >+} flow_rule_tbl[FLOW_RULES_MAX]; >+ >+int nb_flow_rule; >+ >+static void >+ipv4_hdr_print(struct rte_ipv4_hdr *hdr) { >+ char a, b, c, d; >+ >+ uint32_t_to_char(rte_bswap32(hdr->src_addr), &a, &b, &c, &d); >+ printf("src: %3hhu.%3hhu.%3hhu.%3hhu \t", a, b, c, d); >+ >+ uint32_t_to_char(rte_bswap32(hdr->dst_addr), &a, &b, &c, &d); >+ printf("dst: %3hhu.%3hhu.%3hhu.%3hhu", a, b, c, d); } >+ >+static int >+ipv4_addr_cpy(rte_be32_t *spec, rte_be32_t *mask, char *token, >+ struct parse_status *status) >+{ >+ struct in_addr ip; >+ uint32_t depth; >+ >+ APP_CHECK(parse_ipv4_addr(token, &ip, &depth) =3D=3D 0, status, >+ "unrecognized input \"%s\", expect valid ipv4 addr", token); >+ if (status->status < 0) >+ return -1; >+ >+ if (depth > 32) >+ return -1; >+ >+ memcpy(mask, &rte_flow_item_ipv4_mask.hdr.src_addr, sizeof(ip)); >+ >+ *spec =3D ip.s_addr; >+ if (depth < 32) >+ *mask =3D *mask << (32-depth); >+ >+ return 0; >+} >+ >+static void >+ipv6_hdr_print(struct rte_ipv6_hdr *hdr) { >+ uint8_t *addr; >+ >+ addr =3D hdr->src_addr; >+ printf("src: %4hx:%4hx:%4hx:%4hx:%4hx:%4hx:%4hx:%4hx \t", >+ (uint16_t)((addr[0] << 8) | addr[1]), >+ (uint16_t)((addr[2] << 8) | addr[3]), >+ (uint16_t)((addr[4] << 8) | addr[5]), >+ (uint16_t)((addr[6] << 8) | addr[7]), >+ (uint16_t)((addr[8] << 8) | addr[9]), >+ (uint16_t)((addr[10] << 8) | addr[11]), >+ (uint16_t)((addr[12] << 8) | addr[13]), >+ (uint16_t)((addr[14] << 8) | addr[15])); >+ >+ addr =3D hdr->dst_addr; >+ printf("dst: %4hx:%4hx:%4hx:%4hx:%4hx:%4hx:%4hx:%4hx", >+ (uint16_t)((addr[0] << 8) | addr[1]), >+ (uint16_t)((addr[2] << 8) | addr[3]), >+ (uint16_t)((addr[4] << 8) | addr[5]), >+ (uint16_t)((addr[6] << 8) | addr[7]), >+ (uint16_t)((addr[8] << 8) | addr[9]), >+ (uint16_t)((addr[10] << 8) | addr[11]), >+ (uint16_t)((addr[12] << 8) | addr[13]), >+ (uint16_t)((addr[14] << 8) | addr[15])); } >+ >+static int >+ipv6_addr_cpy(uint8_t *spec, uint8_t *mask, char *token, >+ struct parse_status *status) >+{ >+ struct in6_addr ip; >+ uint32_t depth, i; >+ >+ APP_CHECK(parse_ipv6_addr(token, &ip, &depth) =3D=3D 0, status, >+ "unrecognized input \"%s\", expect valid ipv6 address", >token); >+ if (status->status < 0) >+ return -1; >+ >+ memcpy(mask, &rte_flow_item_ipv6_mask.hdr.src_addr, sizeof(ip)); >+ memcpy(spec, ip.s6_addr, sizeof(struct in6_addr)); >+ >+ for (i =3D 0; i < depth && (i%8 <=3D sizeof(struct in6_addr)); i++) >+ mask[i/8] &=3D ~(1 << (7-i%8)); >+ >+ return 0; >+} >+ >+void >+parse_flow_tokens(char **tokens, uint32_t n_tokens, >+ struct parse_status *status) >+{ >+ struct flow_rule_entry *rule; >+ uint32_t ti; >+ >+ if (nb_flow_rule >=3D FLOW_RULES_MAX) { >+ printf("Too many flow rules\n"); >+ return; >+ } >+ >+ rule =3D &flow_rule_tbl[nb_flow_rule]; >+ memset(rule, 0, sizeof(*rule)); >+ >+ if (strcmp(tokens[0], "ipv4") =3D=3D 0) { >+ rule->is_ipv4 =3D 1; >+ } else if (strcmp(tokens[0], "ipv6") =3D=3D 0) { >+ rule->is_ipv4 =3D 0; >+ } else { >+ APP_CHECK(0, status, "unrecognized input \"%s\"", tokens[0]); >+ return; >+ } >+ >+ for (ti =3D 1; ti < n_tokens; ti++) { >+ if (strcmp(tokens[ti], "src") =3D=3D 0) { >+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status); >+ if (status->status < 0) >+ return; >+ >+ if (rule->is_ipv4) { >+ if (ipv4_addr_cpy(&rule- >>ipv4.spec.hdr.src_addr, >+ &rule- >>ipv4.mask.hdr.src_addr, >+ tokens[ti], status)) >+ return; >+ } else { >+ if (ipv6_addr_cpy(rule- >>ipv6.spec.hdr.src_addr, >+ rule- >>ipv6.mask.hdr.src_addr, >+ tokens[ti], status)) >+ return; >+ } >+ } >+ if (strcmp(tokens[ti], "dst") =3D=3D 0) { >+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status); >+ if (status->status < 0) >+ return; >+ >+ if (rule->is_ipv4) { >+ if (ipv4_addr_cpy(&rule- >>ipv4.spec.hdr.dst_addr, >+ &rule- >>ipv4.mask.hdr.dst_addr, >+ tokens[ti], status)) >+ return; >+ } else { >+ if (ipv6_addr_cpy(rule- >>ipv6.spec.hdr.dst_addr, >+ rule- >>ipv6.mask.hdr.dst_addr, >+ tokens[ti], status)) >+ return; >+ } >+ } >+ >+ if (strcmp(tokens[ti], "port") =3D=3D 0) { >+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status); >+ if (status->status < 0) >+ return; >+ APP_CHECK_TOKEN_IS_NUM(tokens, ti, status); >+ if (status->status < 0) >+ return; >+ >+ rule->port =3D atoi(tokens[ti]); >+ >+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status); >+ if (status->status < 0) >+ return; >+ APP_CHECK_TOKEN_IS_NUM(tokens, ti, status); >+ if (status->status < 0) >+ return; >+ >+ rule->queue =3D atoi(tokens[ti]); >+ } >+ } >+ >+ nb_flow_rule++; >+} >+ >+#define MAX_RTE_FLOW_PATTERN (3) >+#define MAX_RTE_FLOW_ACTIONS (2) >+ >+static void >+flow_init_single(struct flow_rule_entry *rule) { >+ struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN] =3D {}; >+ struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS] =3D {}; >+ struct rte_flow_attr attr =3D {}; >+ struct rte_flow_error err; >+ int ret; >+ >+ attr.egress =3D 0; >+ attr.ingress =3D 1; >+ >+ action[0].type =3D RTE_FLOW_ACTION_TYPE_QUEUE; >+ action[0].conf =3D &(struct rte_flow_action_queue) { >+ .index =3D rule->queue, >+ }; >+ action[1].type =3D RTE_FLOW_ACTION_TYPE_END; >+ >+ pattern[0].type =3D RTE_FLOW_ITEM_TYPE_ETH; >+ >+ if (rule->is_ipv4) { >+ pattern[1].type =3D RTE_FLOW_ITEM_TYPE_IPV4; >+ pattern[1].spec =3D &rule->ipv4.spec; >+ pattern[1].mask =3D &rule->ipv4.mask; >+ } else { >+ pattern[1].type =3D RTE_FLOW_ITEM_TYPE_IPV6; >+ pattern[1].spec =3D &rule->ipv6.spec; >+ pattern[1].mask =3D &rule->ipv6.mask; >+ } >+ >+ pattern[2].type =3D RTE_FLOW_ITEM_TYPE_END; >+ >+ ret =3D rte_flow_validate(rule->port, &attr, pattern, action, &err); >+ if (ret < 0) { >+ RTE_LOG(ERR, IPSEC, "Flow validation failed %s\n", >err.message); >+ return; >+ } >+ >+ rule->flow =3D rte_flow_create(rule->port, &attr, pattern, action, &err)= ; >+ if (rule->flow =3D=3D NULL) >+ RTE_LOG(ERR, IPSEC, "Flow creation return %s\n", >err.message); } >+ >+void >+flow_init(void) >+{ >+ struct flow_rule_entry *rule; >+ int i; >+ >+ for (i =3D 0; i < nb_flow_rule; i++) { >+ rule =3D &flow_rule_tbl[i]; >+ flow_init_single(rule); >+ } >+ >+ for (i =3D 0; i < nb_flow_rule; i++) { >+ rule =3D &flow_rule_tbl[i]; >+ if (rule->is_ipv4) { >+ printf("Flow #%3d: spec ipv4 ", i); >+ ipv4_hdr_print(&rule->ipv4.spec.hdr); >+ printf("\n"); >+ printf(" mask ipv4 "); >+ ipv4_hdr_print(&rule->ipv4.mask.hdr); >+ } else { >+ printf("Flow #%3d: spec ipv6 ", i); >+ ipv6_hdr_print(&rule->ipv6.spec.hdr); >+ printf("\n"); >+ printf(" mask ipv6 "); >+ ipv6_hdr_print(&rule->ipv6.mask.hdr); >+ } >+ >+ printf("\tPort: %d, Queue: %d", rule->port, rule->queue); >+ >+ if (rule->flow =3D=3D NULL) >+ printf(" [UNSUPPORTED]"); >+ printf("\n"); >+ } >+} >diff --git a/examples/ipsec-secgw/flow.h b/examples/ipsec-secgw/flow.h new >file mode 100644 index 0000000..1b1b477 >--- /dev/null >+++ b/examples/ipsec-secgw/flow.h >@@ -0,0 +1,15 @@ >+/* SPDX-License-Identifier: BSD-3-Clause >+ * Copyright (C) 2020 Marvell International Ltd. >+ */ >+ >+#ifndef _FLOW_H_ >+#define _FLOW_H_ >+ >+#include "parser.h" >+ >+void parse_flow_tokens(char **tokens, uint32_t n_tokens, >+ struct parse_status *status); >+ >+void flow_init(void); >+ >+#endif /* _FLOW_H_ */ >diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec- >secgw/ipsec-secgw.c >index f777ce2..d19688d 100644 >--- a/examples/ipsec-secgw/ipsec-secgw.c >+++ b/examples/ipsec-secgw/ipsec-secgw.c >@@ -49,6 +49,7 @@ > #include > > #include "event_helper.h" >+#include "flow.h" > #include "ipsec.h" > #include "ipsec_worker.h" > #include "parser.h" >@@ -2914,6 +2915,8 @@ struct lcore_conf { > } > } > >+ flow_init(); >+ > check_all_ports_link_status(enabled_port_mask); > > /* launch per-lcore init on every lcore */ diff --git a/examples/ipsec- >secgw/ipsec-secgw.h b/examples/ipsec-secgw/ipsec-secgw.h >index 4b53cb5..412d727 100644 >--- a/examples/ipsec-secgw/ipsec-secgw.h >+++ b/examples/ipsec-secgw/ipsec-secgw.h >@@ -34,6 +34,13 @@ > ((uint64_t)(a) & 0xff)) > #endif > >+#define uint32_t_to_char(ip, a, b, c, d) do {\ >+ *a =3D (uint8_t)(ip >> 24 & 0xff);\ >+ *b =3D (uint8_t)(ip >> 16 & 0xff);\ >+ *c =3D (uint8_t)(ip >> 8 & 0xff);\ >+ *d =3D (uint8_t)(ip & 0xff);\ >+ } while (0) >+ > #define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0,= 0)) > > struct traffic_type { >diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h >index 2f69199..7031e28 100644 >--- a/examples/ipsec-secgw/ipsec.h >+++ b/examples/ipsec-secgw/ipsec.h >@@ -28,13 +28,6 @@ > #define IV_OFFSET (sizeof(struct rte_crypto_op) + \ > sizeof(struct rte_crypto_sym_op)) > >-#define uint32_t_to_char(ip, a, b, c, d) do {\ >- *a =3D (uint8_t)(ip >> 24 & 0xff);\ >- *b =3D (uint8_t)(ip >> 16 & 0xff);\ >- *c =3D (uint8_t)(ip >> 8 & 0xff);\ >- *d =3D (uint8_t)(ip & 0xff);\ >- } while (0) >- > #define DEFAULT_MAX_CATEGORIES 1 > > #define INVALID_SPI (0) >diff --git a/examples/ipsec-secgw/meson.build b/examples/ipsec- >secgw/meson.build >index f9ba2a2..d0373da 100644 >--- a/examples/ipsec-secgw/meson.build >+++ b/examples/ipsec-secgw/meson.build >@@ -9,6 +9,17 @@ > deps +=3D ['security', 'lpm', 'acl', 'hash', 'ip_frag', 'ipsec', 'eventde= v'] >allow_experimental_apis =3D true sources =3D files( >- 'esp.c', 'event_helper.c', 'ipsec.c', 'ipsec_process.c', 'ipsec-secgw.c'= , >- 'ipsec_worker.c', 'parser.c', 'rt.c', 'sa.c', 'sad.c', 'sp4.c', 'sp6.c' >+ 'esp.c', >+ 'event_helper.c', >+ 'flow.c', >+ 'ipsec.c', >+ 'ipsec_process.c', >+ 'ipsec-secgw.c', >+ 'ipsec_worker.c', >+ 'parser.c', >+ 'rt.c', >+ 'sa.c', >+ 'sad.c', >+ 'sp4.c', >+ 'sp6.c' > ) >diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c >index 65eb7e9..8f66660 100644 >--- a/examples/ipsec-secgw/parser.c >+++ b/examples/ipsec-secgw/parser.c >@@ -11,6 +11,7 @@ > #include > #include > >+#include "flow.h" > #include "ipsec.h" > #include "parser.h" > >@@ -484,6 +485,49 @@ struct cfg_rt_add_cfg_item { > }, > }; > >+/* flow add parse */ >+struct cfg_flow_add_cfg_item { >+ cmdline_fixed_string_t flow_keyword; >+ cmdline_multi_string_t multi_string; >+}; >+ >+static void >+cfg_flow_add_cfg_item_parsed(void *parsed_result, >+ __rte_unused struct cmdline *cl, void *data) { >+ struct cfg_flow_add_cfg_item *params =3D parsed_result; >+ char *tokens[32]; >+ uint32_t n_tokens =3D RTE_DIM(tokens); >+ struct parse_status *status =3D (struct parse_status *)data; >+ >+ APP_CHECK(parse_tokenize_string( >+ params->multi_string, tokens, &n_tokens) =3D=3D 0, >+ status, "too many arguments\n"); >+ if (status->status < 0) >+ return; >+ >+ parse_flow_tokens(tokens, n_tokens, status); } >+ >+static cmdline_parse_token_string_t cfg_flow_add_flow_str =3D >+ TOKEN_STRING_INITIALIZER(struct cfg_flow_add_cfg_item, >+ flow_keyword, "flow"); >+ >+static cmdline_parse_token_string_t cfg_flow_add_multi_str =3D >+ TOKEN_STRING_INITIALIZER(struct cfg_flow_add_cfg_item, >multi_string, >+ TOKEN_STRING_MULTI); >+ >+cmdline_parse_inst_t cfg_flow_add_rule =3D { >+ .f =3D cfg_flow_add_cfg_item_parsed, >+ .data =3D NULL, >+ .help_str =3D "", >+ .tokens =3D { >+ (void *) &cfg_flow_add_flow_str, >+ (void *) &cfg_flow_add_multi_str, >+ NULL, >+ }, >+}; >+ > /* neigh add parse */ > struct cfg_neigh_add_item { > cmdline_fixed_string_t neigh; >@@ -538,6 +582,7 @@ struct cfg_neigh_add_item { > (cmdline_parse_inst_t *)&cfg_sp_add_rule, > (cmdline_parse_inst_t *)&cfg_sa_add_rule, > (cmdline_parse_inst_t *)&cfg_rt_add_rule, >+ (cmdline_parse_inst_t *)&cfg_flow_add_rule, > (cmdline_parse_inst_t *)&cfg_neigh_add_rule, > NULL, > }; >@@ -564,6 +609,7 @@ struct cfg_neigh_add_item { > cfg_sp_add_rule.data =3D &status; > cfg_sa_add_rule.data =3D &status; > cfg_rt_add_rule.data =3D &status; >+ cfg_flow_add_rule.data =3D &status; > cfg_neigh_add_rule.data =3D &status; > > do { >diff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h >index 6e764fe..a0ff7e1 100644 >--- a/examples/ipsec-secgw/parser.h >+++ b/examples/ipsec-secgw/parser.h >@@ -2,12 +2,13 @@ > * Copyright(c) 2016 Intel Corporation > */ > >+#ifndef __PARSER_H >+#define __PARSER_H >+ > #include > #include > #include >- >-#ifndef __PARSER_H >-#define __PARSER_H >+#include > > struct parse_status { > int status; >-- >1.9.3