diff options
| author |   Anand B Jyoti <anand.b.jyoti@intel.com> | 2017-04-18 13:36:02 +0530 |
|---|---|---|
| committer |   Deepak S <deepak.s@linux.intel.com> | 2017-04-19 03:15:39 -0700 |
| commit | a59ed4772da29826915010a7c9d34b5ebd256c42 (patch) | |
| tree | 05f9a4f3c7a6ef86c1ece39771120741a9cb2a75 /VNFs/vFW/pipeline/pipeline_vfw.h | |
| parent | 8a4e9e534fcb1ef718ed5c1089fdc8698b13fb7f (diff) | |
vFW: Adding Virtual Firewall VNF
JIRA: SAMPLEVNF-4
vFW supports following features:
- Basic packet filtering (malformed packets, IP fragments)
- Connection tracking for TCP and UDP
- Access Control List for rule based policy enforcement
- SYN-flood protection via Synproxy* for TCP
- UDP, TCP and ICMP protocol pass-through
- CLI based enable/disable connection tracking, synproxy,
basic packet filtering
- Hardware and Software Load Balancing
- L2L3 stack support for ARP/ICMP handling
- Multithread support
- Multiple physical port support
Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20
Signed-off-by: Anand B Jyoti <anand.b.jyoti@intel.com>
[Push patch to gerrit]
Signed-off-by: Deepak S <deepak.s@linux.intel.com>
Diffstat (limited to 'VNFs/vFW/pipeline/pipeline_vfw.h')
| -rw-r--r-- | VNFs/vFW/pipeline/pipeline_vfw.h | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/VNFs/vFW/pipeline/pipeline_vfw.h b/VNFs/vFW/pipeline/pipeline_vfw.h new file mode 100644 index 00000000..3b1b25f0 --- /dev/null +++ b/VNFs/vFW/pipeline/pipeline_vfw.h @@ -0,0 +1,145 @@ +/* +// Copyright (c) 2017 Intel Corporation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +*/ + +#ifndef __INCLUDE_PIPELINE_VFW_H__ +#define __INCLUDE_PIPELINE_VFW_H__ + +/** + * @file + * Pipeline VFW FE. + * + * Pipeline VFW Front End (FE). + * Runs on the Master pipeline, responsible for CLI commands. + * + */ + +#include "pipeline.h" +#include "app.h" +#include "pipeline_vfw_be.h" + +/* VFW IPV4 and IPV6 enable flags for debugging (Default both on) */ +extern int vfw_ipv4_enabled; +extern int vfw_ipv6_enabled; + +/* Number of VFW Rules, default 4 * 1024 */ +extern uint32_t vfw_n_rules; +/* VFW Rule Table TRIE - 2 (Active, Standby Global table per ipv4, ipv6 */ +extern void *vfw_rule_table_ipv4_active; +extern void *vfw_rule_table_ipv4_standby; +extern void *vfw_rule_table_ipv6_active; +extern void *vfw_rule_table_ipv6_standby; + +#define active_rule_table 0 +#define standby_rule_table 1 +#define vfw_add_command 0 +#define vfw_delete_command 1 +#define IPV6_32BIT_LENGTH 4 + +/** + * Add VFW rule to the VFW rule table. + * Rules are added standby table. + * Applyruleset command will activate the change. + * Both IPv4 and IPv6 rules can be added. + * + * @param app + * A pointer to the VFW pipeline parameters. + * @param key + * A pointer to the VFW rule to add. + * @param priority + * Priority of the VFW rule. + * @param port_id + * Port ID of the VFW rule. + * @param action_id + * Action ID of the VFW rule. Defined in Action Table. + * + * @return + * 0 on success, negative on error. + */ +int +app_pipeline_vfw_add_rule(struct app_params *app, + struct pipeline_vfw_key *key, + uint32_t priority, + uint32_t port_id, uint32_t action_id); + +/** + * Delete VFW rule from the VFW rule table. + * Rules deleted from standby tables. + * Applyruleset command will activate the change. + * Both IPv4 and IPv6 rules can be deleted. + * + * @param app + * A pointer to the VFW pipeline parameters. + * @param key + * A pointer to the VFW rule to delete. + * + * @return + * 0 on success, negative on error. + */ +int +app_pipeline_vfw_delete_rule(struct app_params *app, + struct pipeline_vfw_key *key); + +/** + * Clear all VFW rules from the VFW rule table. + * Rules cleared from standby tables. + * Applyruleset command will activate the change. + * Both IPv4 and IPv6 rules will be cleared. + * + * @param app + * A pointer to the VFW pipeline parameters. + * + * @return + * 0 on success, negative on error. + */ +int app_pipeline_vfw_clearrules(struct app_params *app); + +/** + * Add Action to the Action table. + * Actions are added standby table. + * Applyruleset command will activate the change. + * + * @param app + * A pointer to the VFW pipeline parameters. + * @param key + * A pointer to the Action to add. + * + * @return + * 0 on success, negative on error. + */ +int +app_pipeline_action_add(struct app_params *app, + struct pipeline_action_key *key); + +/** + * Delete Action from the Action table. + * Actions are deleted from the standby table. + * Applyruleset command will activate the change. + * + * @param app + * A pointer to the VFW pipeline parameters. + * @param key + * A pointer to the Action to delete. + * + * @return + * 0 on success, negative on error. + */ +int +app_pipeline_action_delete(struct app_params *app, + struct pipeline_action_key *key); + +extern struct pipeline_type pipeline_vfw; + +#endif |