From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F1F56A0093; Fri, 17 Jun 2022 12:59:31 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DB94140DDD; Fri, 17 Jun 2022 12:59:31 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 6857940698 for ; Fri, 17 Jun 2022 12:59:30 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 25H3lNE2024727; Fri, 17 Jun 2022 03:59:29 -0700 Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1anam02lp2045.outbound.protection.outlook.com [104.47.57.45]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3grj05sf9f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 17 Jun 2022 03:59:29 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FzEczrEweVWrvW+CfV3h2WSXZv44YRqZwjaX+IRXpVfZQERbs41Waps6pOslrjKV1ztm32xcWE7z79AAmBJbok90BlnrlhPJZUY8LNd5BoqSHznLrfxg15NIm8ScczUcyppXifvor5IQVSxlEeKI9JaV0CdZA+N5bXch8VWTLFwBjoYugI3ktfzKYPa8uqZ18zUuZgC1kwrsSBz+TuZcPX2pg6VJ9MWsT9a4xQlKIlZVpW02j2R9b48FMWiJQhzJJa1/ktND/uac9LqhL+5IcPOmoVQU+uPD364UTdWnRL/jsgyPgqKMBsCFJgYeTgyIuLI4PfhE9qUaXcwWW7ponQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jTmSkL8OJOShhXF0dNGuTV+mXQpVBwkv38MgZ0JbgE0=; b=FcNn2IWnFRkffqTm0Nlpy+IW6cWhP+GaPNbUJbp0itMXzM8k3nxL+AUAHtxtzf3vZhITMKjNOhE9BLac63hRt0e0bmiWdQAFFaoEH/kL4vrmvZGZaq8y6qGrxFxzPvA7KZE87fHw9yRKtp/rGVeA4CgBmM5j+QGQDKVk7vkULWYliQCYiMBegV99CzR9PdRv8c4+jK2Dzu+ZsLt7zYvGXqYvREel1ZCDTCeHJDtqB5d0mVAJeU6W+QeTuziAXEfKuc0qpxtBweUIHovMhyUkwS9EDf9dxGWrfoeea3cT0SJSoJB/sK26Qn0YpV0772SR1VFLb104L/p5VLvg1qFCGQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jTmSkL8OJOShhXF0dNGuTV+mXQpVBwkv38MgZ0JbgE0=; b=f/lKYCKqEpdFOYULONrqLQ38l5I6X29NgM4ZuddkUuqOTIomXNycIVbQEl3RAi8aWIhUU30tohlj7jzSFfvsfN1usn+020NcG0sQps3GHTyBzLdrOtlYMWLoUutVFrkEtRWWaD2QFVWQ2YRRkUlXpSzQXYbSxZ3VHTHk+2ONbgs= Received: from DM5PR18MB2245.namprd18.prod.outlook.com (2603:10b6:4:b9::28) by MW3PR18MB3691.namprd18.prod.outlook.com (2603:10b6:303:5a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.17; Fri, 17 Jun 2022 10:59:27 +0000 Received: from DM5PR18MB2245.namprd18.prod.outlook.com ([fe80::619b:91aa:5cff:1496]) by DM5PR18MB2245.namprd18.prod.outlook.com ([fe80::619b:91aa:5cff:1496%6]) with mapi id 15.20.5353.017; Fri, 17 Jun 2022 10:59:26 +0000 From: Satheesh Paul Antonysamy To: "Zhang, Roy Fan" , "Nicolau, Radu" , Akhil Goyal CC: "dev@dpdk.org" Subject: RE: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support more flow patterns and actions Thread-Topic: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support more flow patterns and actions Thread-Index: AQHYdvhqNajHglI6902HllJlIDq3+a1TcfUAgAASLqA= Date: Fri, 17 Jun 2022 10:59:26 +0000 Message-ID: References: <20220419082537.270116-1-psatheesh@marvell.com> <20220603031650.3169872-1-psatheesh@marvell.com> In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c2acae21-a9b1-4393-09bd-08da50507214 x-ms-traffictypediagnostic: MW3PR18MB3691:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: XeaNi/60TxiSk5g0L4CcWA8EefZ4RFgmUbZaUNfIVAnpG7i2Orcu8C86+/J6GZYhpdUZefq+MD2O48cWokVL+iORIO2Oe942bYweVBYtYSh/5yyQ/2oBrHlLlp1rtATND5RML4D5FiyNG8gwpmPFaKV3ELDILzBUuu1Ysgy1/MoVrWk2erCA/T9cX1kyKpBvp098huo9EHcMh3uNHcwZcfdQAV1MjioohDD5YYVrdVM5F3ZF8kB1Ec1m6cFl1AbHsXipI92hyjC8bT9z887O1nXh9k7NaUZDQOE/pexo4D8ltbpLS0K0QpkibuF2ZZjErr4rqE6GHQNGkps6YyVccVJyhapfq4OXtBZX9OWtnmtgjIyoqexR3kAhPA/Bv0LoP96Yuh3BTIGPLsczSV34BHfoj+sX6NlOSctHEz3b18DoGD3L4/h4FwDQt1eZ2/kAlztdmYXi+v9jQSzw/HMQwyoCurKywPIHKKAljeA/ozQ+2jQ/sb/QxuCui9KO9VqGbPbaDUCJWTM/oP99gP2k+1On9gVT7hEbp3QFFfdCjBoL0HIQy48ropGwFOBpr/xi3wJeEXgtnZ4jUAM+zARlQmKGQag/9msB+IGXjU2Xd+Nx2yBwfqj+LEXsJw5chVtJ26zv8pehdfMD1hmF87LvLFe1DftkT8sZlXVER0UmV/kuYR+vUGAeIbH9zUiZ0f7QNXUhIQXlm54zI62K86QX+w== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR18MB2245.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(55016003)(110136005)(83380400001)(6636002)(86362001)(66946007)(186003)(71200400001)(122000001)(76116006)(66556008)(66476007)(8676002)(4326008)(64756008)(316002)(66446008)(33656002)(38070700005)(38100700002)(9686003)(2906002)(8936002)(498600001)(7696005)(52536014)(26005)(6506007)(53546011)(5660300002)(30864003); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?gAY+oG1EuLT1BTDc+jxA9XTz1llwcw5AOrquHeXFBJVFmdojt/3Re2YWZj+D?= =?us-ascii?Q?hGi9kcf/T7IRPj7tZrJUejhO9bHoHsjP4YC4x7Y9E0g4TE6E0bLjItBnRFvn?= =?us-ascii?Q?4aBpxD0+ekrnOo/MzsLjhoXQH6Imm/vLeqRYsvSKWiWMAFXGuxhQvNanciGQ?= =?us-ascii?Q?OvtvGZMIF+zD6itNkVWfuIYPpw2aCT8RZP/C3kG3U7zr3cU8oBCcZUTfGsAC?= =?us-ascii?Q?q0t7dNbdDyPAHShoL5POOSgDEUhrwu/o/lYbfHVrT/L3IW3CYotigULL7Iup?= =?us-ascii?Q?S784OEsglp+AdvL7c4pXpW5b8RLIH9TRV/8l4gzBr2d1t4MAlD154QBG8yPk?= =?us-ascii?Q?6ZHEhCkg1rxLcmgyR8/ZjXUO0xHsgIkdJTj3gutrdry1zdcU9YNbKVB9jir9?= =?us-ascii?Q?lGft3vzGdBHbz29suyJlapZl9GBHc0C0pZlqiCuPibKNQag+OA1B8Z27s7fn?= =?us-ascii?Q?rtm6d92AUkrbTua1kzgdFp0CASKeXMD7dHKLNoQzE61XRtNcwQRH5auJ1iuw?= =?us-ascii?Q?2k9PCTNASiOCv7BLj7TrwsVSOOo2RZZb0RtrIwzrcHPkDAAmCoi5tPkqJWTJ?= =?us-ascii?Q?gE9yGh5C47rfYl9HUoFWc+hF6XXL2PFsgSneafeT0AVTsRvq/wUzNofBBzlI?= =?us-ascii?Q?8SQ2EW5VHbytLki4wMzXrsjTnl/Y6ARbwMs8JplFgXzAVErdMcKFzEvORXtG?= =?us-ascii?Q?VqWDXy/OYxZvFm7aBBl0xoOA8aTJdgPnZTfv7cwTeFIjhBsItlZv8kc+XO3x?= =?us-ascii?Q?P8qVfOh6F3re993VjWuhQq6kD/ciaCbFmFKB8Sk7hhj4OKwWlnL7zYOuCTm5?= =?us-ascii?Q?449BjeDoAwXdketmgUnwqpaDAnKOD7sZEeZO42VZ1X8o+97rGU/4cmI4jJWR?= =?us-ascii?Q?4lXjWDrBop3/tTkF3vfSSkYRo5/Q4s5HTco6ZQac9lPfRnB8VtaSomFTK939?= =?us-ascii?Q?1DYerI05udbDTWm541nJWhQh/4kn/Gvh//NCQauyWBFjovYAy0wtbvgvZeVn?= =?us-ascii?Q?zEqCbDhjyaXhMTcETwazA+/3n8u1IBmhW8bf/r3BdmvbxUBKjXlRmREJPGaO?= =?us-ascii?Q?VvAuRZ9nz90IargozWpFymnzHrVqf8IeQFZ/mGS+JgkRsONAzqIe2VNUXu3K?= =?us-ascii?Q?c369muW2ZLgQx7rpYAy2ebPQZ0HaSSnRa5UtnOJ3yxPG8L8xHH9iSal5edsG?= =?us-ascii?Q?ejiMqe/zUKNKwxsn14bBnqd8PbZcK5WUey58On9gMHG2XX3c50SbeUY4DJs/?= =?us-ascii?Q?hq+fqeLgtA8IFsnWjoEbC80F+0WtrGo+F46mA3VG59dj/IC6IoS0RieFf5bH?= =?us-ascii?Q?NwjtgzGIDnWkznOziGCqZWMPP1qvJEyh0ShwqtOCnjKgjQFu2ljw0zYKqXZy?= =?us-ascii?Q?wBQoZVKxhBKYau/3n7REptos8EwbxL4aSCmjdUnf+rMuk18aJDAAz+YuOj1Y?= =?us-ascii?Q?NkBpbf9w1/in3KjKA+E0feRC6wLjR7gYcwtE7pw5FfScAfUjgw0orJeDBpQa?= =?us-ascii?Q?TxntLHc+Bp9bBhNL/0CZ58d+UFYvYGUW6SMMCc/xzTtkon0lupvaAzySvrYK?= =?us-ascii?Q?5rmzpLTvNwAqUJsp6+ZQio8+Nt8BADp9DF9g1uA1R1vEBUqVVI+av965K/b3?= =?us-ascii?Q?ZrnLquLYjzyhLyxrY+SrswJ3H2h1gvIp4q10ix3oVoXHRuvx9WZqP1sthL5y?= =?us-ascii?Q?+ZMa+7QOwHK+IvchLpTElZQ/XNZbQ4zah+6TzpdNnKyFEw5yje0JlFg8JEg+?= =?us-ascii?Q?G6SIOjBfTA=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM5PR18MB2245.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c2acae21-a9b1-4393-09bd-08da50507214 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2022 10:59:26.7243 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Y9I4I4pl9jBoYbtkmLug/k7m6a6PbPNBQk1Iyl6oQ0A+JhisPyH1EGWqMjBMmBM9r3Zxp/lCp38wCorqtRJKWA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR18MB3691 X-Proofpoint-GUID: BkcW1PjfxBRINpUn_heXn9hJkFbC-NUe X-Proofpoint-ORIG-GUID: BkcW1PjfxBRINpUn_heXn9hJkFbC-NUe X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.64.514 definitions=2022-06-17_08,2022-06-16_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi, Please find reply inline. Thanks, Satheesh. -----Original Message----- From: Zhang, Roy Fan =20 Sent: 17 June 2022 03:22 PM To: Satheesh Paul Antonysamy ; Nicolau, Radu ; Akhil Goyal Cc: dev@dpdk.org Subject: [EXT] RE: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support more= flow patterns and actions External Email ---------------------------------------------------------------------- Hi, > -----Original Message----- > From: psatheesh@marvell.com > Sent: Friday, June 3, 2022 4:17 AM > To: Nicolau, Radu ; Akhil Goyal=20 > > Cc: dev@dpdk.org; Satheesh Paul > Subject: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support more flow=20 > patterns and actions >=20 > From: Satheesh Paul >=20 > Added support to create flow rules with count, mark and security=20 > actions and mark pattern. >=20 > Signed-off-by: Satheesh Paul > --- > .. code-block:: console >=20 > - flow > - > + flow \ > + >=20 > where each options means: >=20 > +```` > + > + * Set RTE_FLOW_ITEM_TYPE_MARK pattern item with the given mark value. > + > + * Optional: Yes, this pattern is not set by default. > + > + * Syntax: *mark X* > + > + > +```` > + > + * Set RTE_FLOW_ACTION_TYPE_MARK action with the given mark value. > + > + * Optional: yes, this action is not set by default. > + > + * Syntax: *set_mark X* > + > Example flow rules: > I feel "mark" and "set_mark" are duplicated? > From the implementation below it looks there are slight difference in bet= ween But we may need better description for both. Ack. I have added some more description and sent v4 patch. >=20 > .. code-block:: console > @@ -948,6 +988,18 @@ Example flow rules: >=20 > flow ipv6 dst 1111:1111:1111:1111:1111:1111:1111:5555/116 port 1=20 > queue 0 >=20 > + flow mark 123 ipv4 dst 192.168.0.0/16 port 0 queue 0 count > + > + flow eth ipv4 dst 192.168.0.0/16 port 0 queue 0 count > + > + flow ipv4 dst 192.168.0.0/16 port 0 queue 0 count > + > + flow ipv4 dst 192.168.0.0/16 port 0 queue 0 > + > + flow port 0 security set_mark 123 > + > + flow ipv4 dst 1.1.0.0/16 port 0 count set_mark 123 security > + >=20 > Neighbour rule syntax > ^^^^^^^^^^^^^^^^^^^^^ > diff --git a/examples/ipsec-secgw/flow.c b/examples/ipsec-secgw/flow.c=20 > index 1a1ec7861c..2088876999 100644 > --- a/examples/ipsec-secgw/flow.c > +++ b/examples/ipsec-secgw/flow.c > @@ -15,7 +15,9 @@ > #define FLOW_RULES_MAX 128 >=20 > struct flow_rule_entry { > + uint8_t is_eth; > uint8_t is_ipv4; > + uint8_t is_ipv6; > RTE_STD_C11 > union { > struct { > @@ -27,8 +29,15 @@ struct flow_rule_entry { > struct rte_flow_item_ipv6 mask; > } ipv6; > }; > + struct rte_flow_item_mark mark_val; > uint16_t port; > uint16_t queue; > + bool is_queue_set; > + bool enable_count; > + bool enable_mark; > + bool set_security_action; > + bool set_mark_action; > + uint32_t mark_action_val; > struct rte_flow *flow; > } flow_rule_tbl[FLOW_RULES_MAX]; >=20 > @@ -64,8 +73,9 @@ ipv4_addr_cpy(rte_be32_t *spec, rte_be32_t *mask,=20 > char *token, > memcpy(mask, &rte_flow_item_ipv4_mask.hdr.src_addr, sizeof(ip)); >=20 > *spec =3D ip.s_addr; > + > if (depth < 32) > - *mask =3D *mask << (32-depth); > + *mask =3D htonl(*mask << (32 - depth)); >=20 > return 0; > } > @@ -124,7 +134,7 @@ parse_flow_tokens(char **tokens, uint32_t n_tokens, > struct parse_status *status) > { > struct flow_rule_entry *rule; > - uint32_t ti; > + uint32_t ti =3D 0; >=20 > if (nb_flow_rule >=3D FLOW_RULES_MAX) { > printf("Too many flow rules\n"); > @@ -134,49 +144,73 @@ parse_flow_tokens(char **tokens, uint32_t=20 > n_tokens, > rule =3D &flow_rule_tbl[nb_flow_rule]; > memset(rule, 0, sizeof(*rule)); >=20 > - if (strcmp(tokens[0], "ipv4") =3D=3D 0) { > - rule->is_ipv4 =3D 1; > - } else if (strcmp(tokens[0], "ipv6") =3D=3D 0) { > - rule->is_ipv4 =3D 0; > - } else { > - APP_CHECK(0, status, "unrecognized input \"%s\"", tokens[0]); > - return; > - } > - > - for (ti =3D 1; ti < n_tokens; ti++) { > - if (strcmp(tokens[ti], "src") =3D=3D 0) { > + for (ti =3D 0; ti < n_tokens; ti++) { > + if (strcmp(tokens[ti], "mark") =3D=3D 0) { > INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > + if (status->status < 0) > + return; > + APP_CHECK_TOKEN_IS_NUM(tokens, ti, status); > if (status->status < 0) > return; >=20 > - if (rule->is_ipv4) { > + rule->mark_val.id =3D atoi(tokens[ti]); > + rule->enable_mark =3D true; > + continue; > + } > + if (strcmp(tokens[ti], "eth") =3D=3D 0) { > + rule->is_eth =3D true; > + continue; > + } > + > + if (strcmp(tokens[ti], "ipv4") =3D=3D 0) { > + rule->is_ipv4 =3D true; > + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > + if (status->status < 0) > + return; > + if (strcmp(tokens[ti], "src") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, > status); > + if (status->status < 0) > + return; > if (ipv4_addr_cpy(&rule- > >ipv4.spec.hdr.src_addr, > &rule- > >ipv4.mask.hdr.src_addr, > tokens[ti], status)) > return; > - } else { > - if (ipv6_addr_cpy(rule->ipv6.spec.hdr.src_addr, > - rule->ipv6.mask.hdr.src_addr, > + } > + if (strcmp(tokens[ti], "dst") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, > status); > + if (status->status < 0) > + return; > + if (ipv4_addr_cpy(&rule- > >ipv4.spec.hdr.dst_addr, > + &rule- > >ipv4.mask.hdr.dst_addr, > tokens[ti], status)) > return; > } > + continue; > } > - if (strcmp(tokens[ti], "dst") =3D=3D 0) { > + if (strcmp(tokens[ti], "ipv6") =3D=3D 0) { > + rule->is_ipv6 =3D true; > INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > if (status->status < 0) > return; > - > - if (rule->is_ipv4) { > - if (ipv4_addr_cpy(&rule- > >ipv4.spec.hdr.dst_addr, > - &rule- > >ipv4.mask.hdr.dst_addr, > + if (strcmp(tokens[ti], "src") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, > status); > + if (status->status < 0) > + return; > + if (ipv6_addr_cpy(rule->ipv6.spec.hdr.src_addr, > + rule->ipv6.mask.hdr.src_addr, > tokens[ti], status)) > return; > - } else { > + } > + if (strcmp(tokens[ti], "dst") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, > status); > + if (status->status < 0) > + return; > if (ipv6_addr_cpy(rule->ipv6.spec.hdr.dst_addr, > rule->ipv6.mask.hdr.dst_addr, > tokens[ti], status)) > return; > } > + continue; > } >=20 > if (strcmp(tokens[ti], "port") =3D=3D 0) { @@ -188,6 +222,7 @@=20 > parse_flow_tokens(char **tokens, uint32_t n_tokens, > return; >=20 > rule->port =3D atoi(tokens[ti]); > + continue; > } >=20 > if (strcmp(tokens[ti], "queue") =3D=3D 0) { @@ -199,50 +234,129 @@=20 > parse_flow_tokens(char **tokens, uint32_t n_tokens, > return; >=20 > rule->queue =3D atoi(tokens[ti]); > + rule->is_queue_set =3D true; > + continue; > + } > + > + if (strcmp(tokens[ti], "count") =3D=3D 0) { > + rule->enable_count =3D true; > + continue; > + } > + > + if (strcmp(tokens[ti], "security") =3D=3D 0) { > + rule->set_security_action =3D true; > + continue; > } > + > + if (strcmp(tokens[ti], "set_mark") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > + if (status->status < 0) > + return; > + APP_CHECK_TOKEN_IS_NUM(tokens, ti, status); > + if (status->status < 0) > + return; > + > + rule->set_mark_action =3D true; > + rule->mark_action_val =3D atoi(tokens[ti]); > + continue; > + } > + > + sprintf(status->parse_msg, "Unrecognized input:%s\n", > tokens[ti]); > + status->status =3D -1; > + return; > } > + printf("\n"); >=20 > nb_flow_rule++; > } >=20 > -#define MAX_RTE_FLOW_PATTERN (3) > -#define MAX_RTE_FLOW_ACTIONS (2) > +#define MAX_RTE_FLOW_PATTERN (4) > +#define MAX_RTE_FLOW_ACTIONS (5) >=20 > static void > flow_init_single(struct flow_rule_entry *rule) { > - struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN] =3D {}; > struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS] =3D {}; > + struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN] =3D {}; > + struct rte_flow_action_queue queue_action; > + struct rte_flow_action_mark mark_action; > + int ret, pattern_idx =3D 0, act_idx =3D 0; > + struct rte_flow_item_mark mark_mask; > struct rte_flow_attr attr =3D {}; > - struct rte_flow_error err; > - int ret; > + struct rte_flow_error err =3D {}; >=20 > attr.egress =3D 0; > attr.ingress =3D 1; >=20 > - action[0].type =3D RTE_FLOW_ACTION_TYPE_QUEUE; > - action[0].conf =3D &(struct rte_flow_action_queue) { > - .index =3D rule->queue, > - }; > - action[1].type =3D RTE_FLOW_ACTION_TYPE_END; > + if (rule->is_queue_set) { > + queue_action.index =3D rule->queue; > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_QUEUE; > + action[act_idx].conf =3D &queue_action; > + act_idx++; > + } > + > + if (rule->enable_count) { > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_COUNT; > + act_idx++; > + } > + > + if (rule->set_security_action) { > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_SECURITY; > + action[act_idx].conf =3D NULL; > + act_idx++; > + } > + > + if (rule->set_mark_action) { > + mark_action.id =3D rule->mark_action_val; > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_MARK; > + action[act_idx].conf =3D &mark_action; > + act_idx++; > + } >=20 > - pattern[0].type =3D RTE_FLOW_ITEM_TYPE_ETH; > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_END; > + action[act_idx].conf =3D NULL; > + > + if (rule->enable_mark) { > + mark_mask.id =3D UINT32_MAX; > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_MARK; > + pattern[pattern_idx].spec =3D &rule->mark_val; > + pattern[pattern_idx].mask =3D &mark_mask; > + pattern_idx++; > + } > + > + if (rule->is_eth) { > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_ETH; > + pattern_idx++; > + } >=20 > if (rule->is_ipv4) { > - pattern[1].type =3D RTE_FLOW_ITEM_TYPE_IPV4; > - pattern[1].spec =3D &rule->ipv4.spec; > - pattern[1].mask =3D &rule->ipv4.mask; > - } else { > - pattern[1].type =3D RTE_FLOW_ITEM_TYPE_IPV6; > - pattern[1].spec =3D &rule->ipv6.spec; > - pattern[1].mask =3D &rule->ipv6.mask; > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_IPV4; > + pattern[pattern_idx].spec =3D &rule->ipv4.spec; > + pattern[pattern_idx].mask =3D &rule->ipv4.mask; > + pattern_idx++; > + } > + > + if (rule->is_ipv6) { > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_IPV6; > + pattern[pattern_idx].spec =3D &rule->ipv6.spec; > + pattern[pattern_idx].mask =3D &rule->ipv6.mask; > + pattern_idx++; > + } > + > + if (rule->set_security_action) { > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_ESP; > + pattern[pattern_idx].spec =3D NULL; > + pattern[pattern_idx].mask =3D NULL; > + pattern[pattern_idx].last =3D NULL; > + pattern_idx++; > } >=20 > - pattern[2].type =3D RTE_FLOW_ITEM_TYPE_END; > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_END; >=20 > ret =3D rte_flow_validate(rule->port, &attr, pattern, action, &err); > if (ret < 0) { > RTE_LOG(ERR, IPSEC, "Flow validation failed %s\n", err.message); > + rule->flow =3D 0; > return; > } >=20 > @@ -251,6 +365,56 @@ flow_init_single(struct flow_rule_entry *rule) > RTE_LOG(ERR, IPSEC, "Flow creation return %s\n", err.message); } >=20 > +void > +flow_print_counters(void) > +{ > + struct rte_flow_query_count count_query; > + struct rte_flow_action action; > + struct flow_rule_entry *rule; > + struct rte_flow_error error; > + int i =3D 0, ret =3D 0; > + > + action.type =3D RTE_FLOW_ACTION_TYPE_COUNT; > + > + for (i =3D 0; i < nb_flow_rule; i++) { > + rule =3D &flow_rule_tbl[i]; > + if (!rule->flow || !rule->enable_count) > + continue; > + > + /* Poisoning to make sure PMDs update it in case of error. */ > + memset(&error, 0x55, sizeof(error)); > + memset(&count_query, 0, sizeof(count_query)); > + ret =3D rte_flow_query(rule->port, rule->flow, &action, > + &count_query, &error); > + if (ret) > + RTE_LOG(ERR, IPSEC, > + "Failed to get flow counter " > + " for port %u, err msg: %s\n", > + rule->port, error.message); > + > + printf("Flow #%3d:", i); > + if (rule->is_ipv4) { > + printf(" spec ipv4 "); > + ipv4_hdr_print(&rule->ipv4.spec.hdr); > + } > + if (rule->is_ipv6) { > + printf(" spec ipv6 "); > + ipv6_hdr_print(&rule->ipv6.spec.hdr); > + } > + > + if (rule->set_security_action) > + printf(" Security action set,"); > + > + if (rule->enable_mark) > + printf(" Mark Enabled"); > + > + printf(" Port: %d,", rule->port); > + if (rule->is_queue_set) > + printf(" Queue: %d", rule->queue); > + printf(" Hits: %"PRIu64"\n", count_query.hits); > + } > +} > + > void > flow_init(void) > { > @@ -264,21 +428,37 @@ flow_init(void) >=20 > for (i =3D 0; i < nb_flow_rule; i++) { > rule =3D &flow_rule_tbl[i]; > + printf("Flow #%3d: ", i); > if (rule->is_ipv4) { > - printf("Flow #%3d: spec ipv4 ", i); > + printf("spec ipv4 "); > ipv4_hdr_print(&rule->ipv4.spec.hdr); > printf("\n"); > - printf(" mask ipv4 "); > + printf(" mask ipv4 "); > ipv4_hdr_print(&rule->ipv4.mask.hdr); > - } else { > - printf("Flow #%3d: spec ipv6 ", i); > + } > + if (rule->is_ipv6) { > + printf("spec ipv6 "); > ipv6_hdr_print(&rule->ipv6.spec.hdr); > printf("\n"); > - printf(" mask ipv6 "); > + printf(" mask ipv6 "); > ipv6_hdr_print(&rule->ipv6.mask.hdr); > } >=20 > - printf("\tPort: %d, Queue: %d", rule->port, rule->queue); > + if (rule->enable_mark) > + printf(", Mark enabled"); > + > + printf("\tPort: %d,", rule->port); > + if (rule->is_queue_set) > + printf(" Queue: %d,", rule->queue); > + > + if (rule->set_security_action) > + printf(" Security action set,"); > + > + if (rule->set_mark_action) > + printf(" Mark: %d,", rule->mark_action_val); > + > + if (rule->enable_count) > + printf(" Counter enabled,"); >=20 > if (rule->flow =3D=3D NULL) > printf(" [UNSUPPORTED]"); > diff --git a/examples/ipsec-secgw/flow.h b/examples/ipsec-secgw/flow.h=20 > index 1b1b4774e4..9492d06346 100644 > --- a/examples/ipsec-secgw/flow.h > +++ b/examples/ipsec-secgw/flow.h > @@ -11,5 +11,6 @@ void parse_flow_tokens(char **tokens, uint32_t n_tokens= , > struct parse_status *status); >=20 > void flow_init(void); > +void flow_print_counters(void); >=20 > #endif /* _FLOW_H_ */ > diff --git a/examples/ipsec-secgw/ipsec-secgw.c=20 > b/examples/ipsec-secgw/ipsec- secgw.c index 42b5081840..244453e06e=20 > 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -3271,7 +3271,6 @@ ipsec_secgw_telemetry_init(void) > "Optional Parameters: int "); } >=20 > - > int32_t > main(int32_t argc, char **argv) > { > @@ -3512,6 +3511,8 @@ main(int32_t argc, char **argv) > printf(" Done\n"); > } >=20 > + flow_print_counters(); > + > RTE_ETH_FOREACH_DEV(portid) { > if ((enabled_port_mask & (1 << portid)) =3D=3D 0) > continue; > -- > 2.35.3