From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 286F9A0093; Fri, 17 Jun 2022 11:52:39 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C03AC40DDD; Fri, 17 Jun 2022 11:52:38 +0200 (CEST) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mails.dpdk.org (Postfix) with ESMTP id 0F5AD40698 for ; Fri, 17 Jun 2022 11:52:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655459557; x=1686995557; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=bqkbLZ+Z4JcC14ccPTrzqSqMH3YWgvCdKQBcBaYBWB4=; b=MdQEtYy4+tjpVtlMk+FgDVBZMaR5gjM+gr9eZ3IYiotNYY8NUQ5dwB0U tQS8l61BAlWRQlcafLGBpQCKa7IBmmsaMHFZAkmyfsSWwESjb79qCuhcw vDmRS8HV5mL3/A0FxkEMTx+Zf1YwHFi8PeFaPrm8q/O9CIk11uEdDZpi4 C0BbaLoT6oYbbEsaR5HyFksunjkFy1jADTTJbwT54ejCF2iFWY86tQ1fD NgSGhHF4KX6aGFRyWqRhGB0DGZVbVFV979EThpeblEhiuWDsIKedfukir oTLpt+v1PE8Z/aVlUtGjhXyyA2ssuEiwytU1LyJQCFmDEGfc5yIczzyK8 g==; X-IronPort-AV: E=McAfee;i="6400,9594,10380"; a="262486516" X-IronPort-AV: E=Sophos;i="5.92,306,1650956400"; d="scan'208";a="262486516" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jun 2022 02:52:35 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.92,306,1650956400"; d="scan'208";a="912556024" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by fmsmga005.fm.intel.com with ESMTP; 17 Jun 2022 02:52:34 -0700 Received: from orsmsx606.amr.corp.intel.com (10.22.229.19) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Fri, 17 Jun 2022 02:52:33 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Fri, 17 Jun 2022 02:52:33 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.172) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Fri, 17 Jun 2022 02:52:33 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iAkMxERtM6/oE6KbqvEdcK1gGLDRO1K5NyZLuDNWf13iYBi/GwQ8inQWrawOw+yWYn9HEaQpqIcri5hyGD5YyarKzKsjEXb+GYmAYw4A7kRHRtrb/VEaLUK4fUTg5j2L5bj0tHgiuIF3hYdotOKRvcnAN2TxV5/nQdENqnmB9d8QoP/em/NhZYiTlhM62TbRqeefgd34AFWO1SPxMtHV3noN8cpbJjDCw+AYH6dtfUosVRrFPqA3okQ9BbOCL4XimNCoqDBwcmCK2ZeuoZ6OR+oIuyzDfGzVXpeWoFarGl5xilSflpWmf6Jv9rBoYCKJiacZAFwtnQlaCtyj9eQm9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=G5RhbTBF/oJJCLiXJeGktB71vM+srkwjYGXggpifZSY=; b=O2Tq6Ls08a2enmNPuNqj3NhCIewNFnv/VZahVbTGePdDZUfZ67Af0sbAXYmRz4Ci9fEj0lerhTJM+DNJym6KG35qml5YCI6v1pmjihGu+IuNwHN3W8rhTnbox4gyT3dhT3bpPBgeBcftu0Dkm5f5xwTUG4l/CHuksiwH3bEGNN5BA7uu9e0SK6od4M3Dv7qvrag9w4uEVMy6dSvXtxnD1at/20PiWw3XhR9NqPQumfUZKUUy4EzG8rgsQu1uTEQ/gY80cgGp6wfPJbc4DhREqtcQU9ufeSbLVXe1UwS184vQtKlRzjR76VqFQZxMiicJCxwWr1Lxi1U8NGwsJ1fOxw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH7PR11MB5817.namprd11.prod.outlook.com (2603:10b6:510:13a::14) by BYAPR11MB3142.namprd11.prod.outlook.com (2603:10b6:a03:85::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.19; Fri, 17 Jun 2022 09:52:26 +0000 Received: from PH7PR11MB5817.namprd11.prod.outlook.com ([fe80::6024:7f58:ffc6:64ce]) by PH7PR11MB5817.namprd11.prod.outlook.com ([fe80::6024:7f58:ffc6:64ce%2]) with mapi id 15.20.5332.020; Fri, 17 Jun 2022 09:52:26 +0000 From: "Zhang, Roy Fan" To: "psatheesh@marvell.com" , "Nicolau, Radu" , Akhil Goyal CC: "dev@dpdk.org" Subject: RE: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support more flow patterns and actions Thread-Topic: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support more flow patterns and actions Thread-Index: AQHYdvhzXGdo2VFjbUG2zotAdLaNfa1Tb12g Date: Fri, 17 Jun 2022 09:52:26 +0000 Message-ID: References: <20220419082537.270116-1-psatheesh@marvell.com> <20220603031650.3169872-1-psatheesh@marvell.com> In-Reply-To: <20220603031650.3169872-1-psatheesh@marvell.com> Accept-Language: zh-Hans-HK, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.500.17 dlp-reaction: no-action dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a5a6b2ba-4592-4302-457e-08da5047159c x-ms-traffictypediagnostic: BYAPR11MB3142:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1xkC8KKUGHYl25LyctlOUizddSNrEKSVHOhctvdwEXv5jQyUbf1ha93jVXiT/HxKHavkGDHvVcrxrPw5VLqsbPR92bCXVh8woJdp6NDlLAeoV/6LFx7VUiNaVHZcsUEsdhJCJ0fXbVXWMRm+sStAWk+eO1H/RgIRmd1mv+MTVHchyng4/3dUTGPC4IbxytsZQLDHkCnGVfHulC0jPWrMDg8uLK+eBQzYX9imfctJE7Hdu7Nlr9OXB/Yg15pWgaNy8LxNdxjmcdZZSUlvhZMbWm6Go0lEniGCZlNW+XMNKb+Ntb/BD+w31VLyrh1tpMI9H89cyjpyMsT9EFbJTN8gmDJT8oPlEL2PLFEHSSs240Los6v+X5lgFChTEDsk94DaEafT6G7HLzXpRWQxEP0vNScczcmuBF/qopuXwPcUqISFPAiPh342htreqOxIj50wZD7AO21CZBJyyFx07fHkouTt2UcZ2LmwFP7tkyaM3uXXx9fp3fMzHLc0zPqM/j97HxuGoidlJ4RbKVDeWv8xnJZy2NswZ0a8RbZh59fIIow6b3iePYSKU8iisdkx25KwuDqin0T1PC8F9arQjtFUra1i0JKCvl7QgrGHus+AHNxQEWyN24oTNBsmj/6qi/Aqf1b2qsLB0dmY8FU7Gu+4FAXHvkRGRGIZx2DgDbiRq8vlrKQCmD9mTGSbJ//ivOCmBLE4jAE9VZHVob2dsEB7kw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR11MB5817.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(366004)(2906002)(7696005)(6506007)(53546011)(82960400001)(86362001)(316002)(26005)(66476007)(110136005)(8676002)(38100700002)(64756008)(4326008)(76116006)(66556008)(66946007)(66446008)(30864003)(71200400001)(8936002)(55016003)(83380400001)(498600001)(186003)(5660300002)(9686003)(33656002)(52536014)(122000001)(38070700005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?/WX+23QJe+7GxQJvDRcoKyTeL4Ih5Z9qrbvM574IPNVd/Q23NLXejqaJ?= =?Windows-1252?Q?nWOaEWv05ahNYjW/ZHrDmDGJZavD9CyCy9tyOFaSF9bVzaHz/6LwE7HT?= =?Windows-1252?Q?fnGxhgs2uOifTb8/lHfzV3CO2MBJeRsochNHWVvt1TUAOGCGYr157RDi?= =?Windows-1252?Q?l6PpmNRSKrghXoBmnCuOsOXF2pJwIHN7o87IFX4JC4QaH+hwt9zUjb+V?= =?Windows-1252?Q?YjtHY5NE+KcV5uUZ65ktoBhEdK60E317K3XHD7FBRL43VtUt2g3iGJcv?= =?Windows-1252?Q?IgV15V5a6wXFYD4AT9O5iCU6S9KqMg3qM1chL/zfV1t0IHufvezflb6Y?= =?Windows-1252?Q?nigPtuWsOrKSvn6WRI3ZmxOi4SIYqmhohHh9Aw962qMOTQ/lT8ue2RRZ?= =?Windows-1252?Q?ESj7CvPYI8vckQaCfEDnZqm1grSvu9Tscw5a3aY+26DheCs+A3FcDDHK?= =?Windows-1252?Q?xELB2nnTdqd5YfV5c3TMRJxwD5GPaC6ColuKhgm+xgFH9cCvnnL3vfb7?= =?Windows-1252?Q?IE0NWBrli5euC6qKmv0INTyUBcQ9Oi02prVAdOBgxNOPNFHJMOsGIxQX?= =?Windows-1252?Q?jjMrFUYFyIiQy6Swal0rC4blyIh7xUsa+JgHu5JPRUL6AwCbWdgqHRWx?= =?Windows-1252?Q?WifbZtmIYrwm0lcaj3W2yRApEipqGQ0u5qb1Nk5tHw/oDoaYnl4aGkKm?= =?Windows-1252?Q?U3Y1iyO+WmihdwDXvi4v+s3BsMkhp/mZ2e+fYvM+/YT0t2Jw1haWxVzH?= =?Windows-1252?Q?528OXAZftW44aFX6gS1PTAZzRLZagSQsJgsaXQvz5YLeDWK+w4Cz4C4B?= =?Windows-1252?Q?MDR35sDk0+JT8ycNYwuUyTuWQJMkeOfI5uaBgV1KjqgX5r9uWS2gS6Je?= =?Windows-1252?Q?nk2PG0EqSnbAHOAnMRVFfYI2kXQGPa8TwUtwijhQaDxU5HZaVb1joxGP?= =?Windows-1252?Q?xMEQlYHszYE5s7SJ4M5kcNmd/0iUumYu7tihU8DQiUzVKKAeGtIBLk+2?= =?Windows-1252?Q?59TjxDzf/tnlhD9s8eKBMzO7P9CXah4rGYOpoggBRGA0L1Wya6DizCpV?= =?Windows-1252?Q?25I1qT8XU9f5tBWxsEDoWTjJ1TnGLtOWsLbbRpXRNnAkoFCDH4CZUpEK?= =?Windows-1252?Q?LDOi4Nf7zFieVd+1sNBrcnSNiYtjsAXo2BtF0dEpxYGTVRVQz7NBrb75?= =?Windows-1252?Q?aBJPBdBLLmvjPoxqiRD7yHrGU5N6RrZoeusggsX+PRJHv3+uJ5hkWERq?= =?Windows-1252?Q?nHj8XPhCaYil0mE4stIVCQFDPScwW5ZuHhdh9n4Tbuen3d0dhXiLcPp4?= =?Windows-1252?Q?TytWz27z2OyBAPTuKe6AWnTWhxd0KistKx/GI2UC7K1wgmBTHjgeWEiV?= =?Windows-1252?Q?fHvEGXtUh9zwVTX8u0KZ9kgu0EoD/ylbPwrtLKl9cJHImlCM8FIE0S0V?= =?Windows-1252?Q?6LMFGvYFr0gea0bQmDiDm8bg5E1535xT4tFAMCexkcuH1ArRumob6fnA?= =?Windows-1252?Q?ECn+zMVEqIV8V1ek8fBiTkzylPNbxuBxA/dB8Cjq0iV1vS5x82VeBZLk?= =?Windows-1252?Q?UmV1FIiXPOhRzieA/WQJ+4MGkCIGHLtx9A3Qhs07fCgimspUVKbQtbGy?= =?Windows-1252?Q?A1j6DnbHHjOCXKw22+Fzs+X2DWzT+ga9M1nD+yHa3F03axpCEA1ai9Jx?= =?Windows-1252?Q?+KGQ0q6mS/fisDx7v5NTB45PhnEthde+6O38Iw4sb26TnWst6CI6fUrt?= =?Windows-1252?Q?i6hyHAWWLGv8UAoPQU++izhhYPrz2hmNjb6zpWJat38HThXPuRBx21aQ?= =?Windows-1252?Q?PwQlqD+vE8Lgj6fJe8YgkvpiAJFhFLCDM+X8D3NrwTveSkutxvGUEho4?= =?Windows-1252?Q?i8bIUs/myljnaA=3D=3D?= Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB5817.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a5a6b2ba-4592-4302-457e-08da5047159c X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2022 09:52:26.1497 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Tm2mEgzi8Jgw5VEWqcV1NPanHA8FuUj8UcxBlSgTPuAw/jpzDKxDuz+PCQs+QxhMH4mWAFApO6ddloPwwzqh3A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3142 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi, > -----Original Message----- > From: psatheesh@marvell.com > Sent: Friday, June 3, 2022 4:17 AM > To: Nicolau, Radu ; Akhil Goyal > Cc: dev@dpdk.org; Satheesh Paul > Subject: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support more flow > patterns and actions >=20 > From: Satheesh Paul >=20 > Added support to create flow rules with count, mark and > security actions and mark pattern. >=20 > Signed-off-by: Satheesh Paul > --- > .. code-block:: console >=20 > - flow > - > + flow \ > + >=20 > where each options means: >=20 > +```` > + > + * Set RTE_FLOW_ITEM_TYPE_MARK pattern item with the given mark value. > + > + * Optional: Yes, this pattern is not set by default. > + > + * Syntax: *mark X* > + > + > +```` > + > + * Set RTE_FLOW_ACTION_TYPE_MARK action with the given mark value. > + > + * Optional: yes, this action is not set by default. > + > + * Syntax: *set_mark X* > + > Example flow rules: I feel "mark" and "set_mark" are duplicated? >From the implementation below it looks there are slight difference in betwe= en But we may need better description for both. >=20 > .. code-block:: console > @@ -948,6 +988,18 @@ Example flow rules: >=20 > flow ipv6 dst 1111:1111:1111:1111:1111:1111:1111:5555/116 port 1 > queue 0 >=20 > + flow mark 123 ipv4 dst 192.168.0.0/16 port 0 queue 0 count > + > + flow eth ipv4 dst 192.168.0.0/16 port 0 queue 0 count > + > + flow ipv4 dst 192.168.0.0/16 port 0 queue 0 count > + > + flow ipv4 dst 192.168.0.0/16 port 0 queue 0 > + > + flow port 0 security set_mark 123 > + > + flow ipv4 dst 1.1.0.0/16 port 0 count set_mark 123 security > + >=20 > Neighbour rule syntax > ^^^^^^^^^^^^^^^^^^^^^ > diff --git a/examples/ipsec-secgw/flow.c b/examples/ipsec-secgw/flow.c > index 1a1ec7861c..2088876999 100644 > --- a/examples/ipsec-secgw/flow.c > +++ b/examples/ipsec-secgw/flow.c > @@ -15,7 +15,9 @@ > #define FLOW_RULES_MAX 128 >=20 > struct flow_rule_entry { > + uint8_t is_eth; > uint8_t is_ipv4; > + uint8_t is_ipv6; > RTE_STD_C11 > union { > struct { > @@ -27,8 +29,15 @@ struct flow_rule_entry { > struct rte_flow_item_ipv6 mask; > } ipv6; > }; > + struct rte_flow_item_mark mark_val; > uint16_t port; > uint16_t queue; > + bool is_queue_set; > + bool enable_count; > + bool enable_mark; > + bool set_security_action; > + bool set_mark_action; > + uint32_t mark_action_val; > struct rte_flow *flow; > } flow_rule_tbl[FLOW_RULES_MAX]; >=20 > @@ -64,8 +73,9 @@ ipv4_addr_cpy(rte_be32_t *spec, rte_be32_t *mask, char > *token, > memcpy(mask, &rte_flow_item_ipv4_mask.hdr.src_addr, sizeof(ip)); >=20 > *spec =3D ip.s_addr; > + > if (depth < 32) > - *mask =3D *mask << (32-depth); > + *mask =3D htonl(*mask << (32 - depth)); >=20 > return 0; > } > @@ -124,7 +134,7 @@ parse_flow_tokens(char **tokens, uint32_t n_tokens, > struct parse_status *status) > { > struct flow_rule_entry *rule; > - uint32_t ti; > + uint32_t ti =3D 0; >=20 > if (nb_flow_rule >=3D FLOW_RULES_MAX) { > printf("Too many flow rules\n"); > @@ -134,49 +144,73 @@ parse_flow_tokens(char **tokens, uint32_t > n_tokens, > rule =3D &flow_rule_tbl[nb_flow_rule]; > memset(rule, 0, sizeof(*rule)); >=20 > - if (strcmp(tokens[0], "ipv4") =3D=3D 0) { > - rule->is_ipv4 =3D 1; > - } else if (strcmp(tokens[0], "ipv6") =3D=3D 0) { > - rule->is_ipv4 =3D 0; > - } else { > - APP_CHECK(0, status, "unrecognized input \"%s\"", tokens[0]); > - return; > - } > - > - for (ti =3D 1; ti < n_tokens; ti++) { > - if (strcmp(tokens[ti], "src") =3D=3D 0) { > + for (ti =3D 0; ti < n_tokens; ti++) { > + if (strcmp(tokens[ti], "mark") =3D=3D 0) { > INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > + if (status->status < 0) > + return; > + APP_CHECK_TOKEN_IS_NUM(tokens, ti, status); > if (status->status < 0) > return; >=20 > - if (rule->is_ipv4) { > + rule->mark_val.id =3D atoi(tokens[ti]); > + rule->enable_mark =3D true; > + continue; > + } > + if (strcmp(tokens[ti], "eth") =3D=3D 0) { > + rule->is_eth =3D true; > + continue; > + } > + > + if (strcmp(tokens[ti], "ipv4") =3D=3D 0) { > + rule->is_ipv4 =3D true; > + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > + if (status->status < 0) > + return; > + if (strcmp(tokens[ti], "src") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, > status); > + if (status->status < 0) > + return; > if (ipv4_addr_cpy(&rule- > >ipv4.spec.hdr.src_addr, > &rule- > >ipv4.mask.hdr.src_addr, > tokens[ti], status)) > return; > - } else { > - if (ipv6_addr_cpy(rule->ipv6.spec.hdr.src_addr, > - rule->ipv6.mask.hdr.src_addr, > + } > + if (strcmp(tokens[ti], "dst") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, > status); > + if (status->status < 0) > + return; > + if (ipv4_addr_cpy(&rule- > >ipv4.spec.hdr.dst_addr, > + &rule- > >ipv4.mask.hdr.dst_addr, > tokens[ti], status)) > return; > } > + continue; > } > - if (strcmp(tokens[ti], "dst") =3D=3D 0) { > + if (strcmp(tokens[ti], "ipv6") =3D=3D 0) { > + rule->is_ipv6 =3D true; > INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > if (status->status < 0) > return; > - > - if (rule->is_ipv4) { > - if (ipv4_addr_cpy(&rule- > >ipv4.spec.hdr.dst_addr, > - &rule- > >ipv4.mask.hdr.dst_addr, > + if (strcmp(tokens[ti], "src") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, > status); > + if (status->status < 0) > + return; > + if (ipv6_addr_cpy(rule->ipv6.spec.hdr.src_addr, > + rule->ipv6.mask.hdr.src_addr, > tokens[ti], status)) > return; > - } else { > + } > + if (strcmp(tokens[ti], "dst") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, > status); > + if (status->status < 0) > + return; > if (ipv6_addr_cpy(rule->ipv6.spec.hdr.dst_addr, > rule->ipv6.mask.hdr.dst_addr, > tokens[ti], status)) > return; > } > + continue; > } >=20 > if (strcmp(tokens[ti], "port") =3D=3D 0) { > @@ -188,6 +222,7 @@ parse_flow_tokens(char **tokens, uint32_t n_tokens, > return; >=20 > rule->port =3D atoi(tokens[ti]); > + continue; > } >=20 > if (strcmp(tokens[ti], "queue") =3D=3D 0) { > @@ -199,50 +234,129 @@ parse_flow_tokens(char **tokens, uint32_t > n_tokens, > return; >=20 > rule->queue =3D atoi(tokens[ti]); > + rule->is_queue_set =3D true; > + continue; > + } > + > + if (strcmp(tokens[ti], "count") =3D=3D 0) { > + rule->enable_count =3D true; > + continue; > + } > + > + if (strcmp(tokens[ti], "security") =3D=3D 0) { > + rule->set_security_action =3D true; > + continue; > } > + > + if (strcmp(tokens[ti], "set_mark") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > + if (status->status < 0) > + return; > + APP_CHECK_TOKEN_IS_NUM(tokens, ti, status); > + if (status->status < 0) > + return; > + > + rule->set_mark_action =3D true; > + rule->mark_action_val =3D atoi(tokens[ti]); > + continue; > + } > + > + sprintf(status->parse_msg, "Unrecognized input:%s\n", > tokens[ti]); > + status->status =3D -1; > + return; > } > + printf("\n"); >=20 > nb_flow_rule++; > } >=20 > -#define MAX_RTE_FLOW_PATTERN (3) > -#define MAX_RTE_FLOW_ACTIONS (2) > +#define MAX_RTE_FLOW_PATTERN (4) > +#define MAX_RTE_FLOW_ACTIONS (5) >=20 > static void > flow_init_single(struct flow_rule_entry *rule) > { > - struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN] =3D {}; > struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS] =3D {}; > + struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN] =3D {}; > + struct rte_flow_action_queue queue_action; > + struct rte_flow_action_mark mark_action; > + int ret, pattern_idx =3D 0, act_idx =3D 0; > + struct rte_flow_item_mark mark_mask; > struct rte_flow_attr attr =3D {}; > - struct rte_flow_error err; > - int ret; > + struct rte_flow_error err =3D {}; >=20 > attr.egress =3D 0; > attr.ingress =3D 1; >=20 > - action[0].type =3D RTE_FLOW_ACTION_TYPE_QUEUE; > - action[0].conf =3D &(struct rte_flow_action_queue) { > - .index =3D rule->queue, > - }; > - action[1].type =3D RTE_FLOW_ACTION_TYPE_END; > + if (rule->is_queue_set) { > + queue_action.index =3D rule->queue; > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_QUEUE; > + action[act_idx].conf =3D &queue_action; > + act_idx++; > + } > + > + if (rule->enable_count) { > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_COUNT; > + act_idx++; > + } > + > + if (rule->set_security_action) { > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_SECURITY; > + action[act_idx].conf =3D NULL; > + act_idx++; > + } > + > + if (rule->set_mark_action) { > + mark_action.id =3D rule->mark_action_val; > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_MARK; > + action[act_idx].conf =3D &mark_action; > + act_idx++; > + } >=20 > - pattern[0].type =3D RTE_FLOW_ITEM_TYPE_ETH; > + action[act_idx].type =3D RTE_FLOW_ACTION_TYPE_END; > + action[act_idx].conf =3D NULL; > + > + if (rule->enable_mark) { > + mark_mask.id =3D UINT32_MAX; > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_MARK; > + pattern[pattern_idx].spec =3D &rule->mark_val; > + pattern[pattern_idx].mask =3D &mark_mask; > + pattern_idx++; > + } > + > + if (rule->is_eth) { > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_ETH; > + pattern_idx++; > + } >=20 > if (rule->is_ipv4) { > - pattern[1].type =3D RTE_FLOW_ITEM_TYPE_IPV4; > - pattern[1].spec =3D &rule->ipv4.spec; > - pattern[1].mask =3D &rule->ipv4.mask; > - } else { > - pattern[1].type =3D RTE_FLOW_ITEM_TYPE_IPV6; > - pattern[1].spec =3D &rule->ipv6.spec; > - pattern[1].mask =3D &rule->ipv6.mask; > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_IPV4; > + pattern[pattern_idx].spec =3D &rule->ipv4.spec; > + pattern[pattern_idx].mask =3D &rule->ipv4.mask; > + pattern_idx++; > + } > + > + if (rule->is_ipv6) { > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_IPV6; > + pattern[pattern_idx].spec =3D &rule->ipv6.spec; > + pattern[pattern_idx].mask =3D &rule->ipv6.mask; > + pattern_idx++; > + } > + > + if (rule->set_security_action) { > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_ESP; > + pattern[pattern_idx].spec =3D NULL; > + pattern[pattern_idx].mask =3D NULL; > + pattern[pattern_idx].last =3D NULL; > + pattern_idx++; > } >=20 > - pattern[2].type =3D RTE_FLOW_ITEM_TYPE_END; > + pattern[pattern_idx].type =3D RTE_FLOW_ITEM_TYPE_END; >=20 > ret =3D rte_flow_validate(rule->port, &attr, pattern, action, &err); > if (ret < 0) { > RTE_LOG(ERR, IPSEC, "Flow validation failed %s\n", > err.message); > + rule->flow =3D 0; > return; > } >=20 > @@ -251,6 +365,56 @@ flow_init_single(struct flow_rule_entry *rule) > RTE_LOG(ERR, IPSEC, "Flow creation return %s\n", > err.message); > } >=20 > +void > +flow_print_counters(void) > +{ > + struct rte_flow_query_count count_query; > + struct rte_flow_action action; > + struct flow_rule_entry *rule; > + struct rte_flow_error error; > + int i =3D 0, ret =3D 0; > + > + action.type =3D RTE_FLOW_ACTION_TYPE_COUNT; > + > + for (i =3D 0; i < nb_flow_rule; i++) { > + rule =3D &flow_rule_tbl[i]; > + if (!rule->flow || !rule->enable_count) > + continue; > + > + /* Poisoning to make sure PMDs update it in case of error. */ > + memset(&error, 0x55, sizeof(error)); > + memset(&count_query, 0, sizeof(count_query)); > + ret =3D rte_flow_query(rule->port, rule->flow, &action, > + &count_query, &error); > + if (ret) > + RTE_LOG(ERR, IPSEC, > + "Failed to get flow counter " > + " for port %u, err msg: %s\n", > + rule->port, error.message); > + > + printf("Flow #%3d:", i); > + if (rule->is_ipv4) { > + printf(" spec ipv4 "); > + ipv4_hdr_print(&rule->ipv4.spec.hdr); > + } > + if (rule->is_ipv6) { > + printf(" spec ipv6 "); > + ipv6_hdr_print(&rule->ipv6.spec.hdr); > + } > + > + if (rule->set_security_action) > + printf(" Security action set,"); > + > + if (rule->enable_mark) > + printf(" Mark Enabled"); > + > + printf(" Port: %d,", rule->port); > + if (rule->is_queue_set) > + printf(" Queue: %d", rule->queue); > + printf(" Hits: %"PRIu64"\n", count_query.hits); > + } > +} > + > void > flow_init(void) > { > @@ -264,21 +428,37 @@ flow_init(void) >=20 > for (i =3D 0; i < nb_flow_rule; i++) { > rule =3D &flow_rule_tbl[i]; > + printf("Flow #%3d: ", i); > if (rule->is_ipv4) { > - printf("Flow #%3d: spec ipv4 ", i); > + printf("spec ipv4 "); > ipv4_hdr_print(&rule->ipv4.spec.hdr); > printf("\n"); > - printf(" mask ipv4 "); > + printf(" mask ipv4 "); > ipv4_hdr_print(&rule->ipv4.mask.hdr); > - } else { > - printf("Flow #%3d: spec ipv6 ", i); > + } > + if (rule->is_ipv6) { > + printf("spec ipv6 "); > ipv6_hdr_print(&rule->ipv6.spec.hdr); > printf("\n"); > - printf(" mask ipv6 "); > + printf(" mask ipv6 "); > ipv6_hdr_print(&rule->ipv6.mask.hdr); > } >=20 > - printf("\tPort: %d, Queue: %d", rule->port, rule->queue); > + if (rule->enable_mark) > + printf(", Mark enabled"); > + > + printf("\tPort: %d,", rule->port); > + if (rule->is_queue_set) > + printf(" Queue: %d,", rule->queue); > + > + if (rule->set_security_action) > + printf(" Security action set,"); > + > + if (rule->set_mark_action) > + printf(" Mark: %d,", rule->mark_action_val); > + > + if (rule->enable_count) > + printf(" Counter enabled,"); >=20 > if (rule->flow =3D=3D NULL) > printf(" [UNSUPPORTED]"); > diff --git a/examples/ipsec-secgw/flow.h b/examples/ipsec-secgw/flow.h > index 1b1b4774e4..9492d06346 100644 > --- a/examples/ipsec-secgw/flow.h > +++ b/examples/ipsec-secgw/flow.h > @@ -11,5 +11,6 @@ void parse_flow_tokens(char **tokens, uint32_t n_tokens= , > struct parse_status *status); >=20 > void flow_init(void); > +void flow_print_counters(void); >=20 > #endif /* _FLOW_H_ */ > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ip= sec- > secgw.c > index 42b5081840..244453e06e 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -3271,7 +3271,6 @@ ipsec_secgw_telemetry_init(void) > "Optional Parameters: int "); > } >=20 > - > int32_t > main(int32_t argc, char **argv) > { > @@ -3512,6 +3511,8 @@ main(int32_t argc, char **argv) > printf(" Done\n"); > } >=20 > + flow_print_counters(); > + > RTE_ETH_FOREACH_DEV(portid) { > if ((enabled_port_mask & (1 << portid)) =3D=3D 0) > continue; > -- > 2.35.3