diff options
Diffstat (limited to 'VNFs/vACL')
| -rw-r--r-- | VNFs/vACL/Makefile | 13 | ||||
| -rw-r--r-- | VNFs/vACL/config/IPv4_hwlb_acl.tc | 6 | ||||
| -rw-r--r-- | VNFs/vACL/config/IPv4_swlb_acl.tc | 8 | ||||
| -rw-r--r-- | VNFs/vACL/config/IPv6_hwlb_acl.tc | 6 | ||||
| -rw-r--r-- | VNFs/vACL/config/IPv6_swlb_acl.tc | 8 | ||||
| -rw-r--r-- | VNFs/vACL/main.c | 18 | ||||
| -rw-r--r-- | VNFs/vACL/pipeline/pipeline_acl.c | 297 | ||||
| -rw-r--r-- | VNFs/vACL/pipeline/pipeline_acl.h | 4 | ||||
| -rw-r--r-- | VNFs/vACL/pipeline/pipeline_acl_be.c | 3683 | ||||
| -rw-r--r-- | VNFs/vACL/vnf_template.txt | 82 |
10 files changed, 2183 insertions, 1942 deletions
diff --git a/VNFs/vACL/Makefile b/VNFs/vACL/Makefile index febfc7b6..0995f905 100644 --- a/VNFs/vACL/Makefile +++ b/VNFs/vACL/Makefile @@ -30,7 +30,6 @@ include $(RTE_SDK)/mk/rte.vars.mk # binary name APP = vACL - VPATH += $(VNF_CORE)/common/vnf_common VPATH += $(VNF_CORE)/common/VIL/conntrack VPATH += $(VNF_CORE)/common/VIL/pipeline_common @@ -41,6 +40,7 @@ VPATH += $(SRCDIR)/pipeline VPATH += $(VNF_CORE)/common/VIL/l2l3_stack VPATH += $(VNF_CORE)/common/VIL/pipeline_txrx VPATH += $(VNF_CORE)/common/VIL/pipeline_arpicmp +VPATH += $(VNF_CORE)/common/VIL/gateway INC += $(wildcard *.h) INC += $(wildcard pipeline/*.h) @@ -53,6 +53,7 @@ INC += $(wildcard $(VNF_CORE)/common/VIL/pipeline_master/*.h) INC += $(wildcard $(VNF_CORE)/common/VIL/pipeline_passthrough/*.h) INC += $(wildcard $(VNF_CORE)/common/VIL/pipeline_txrx/*.h) INC += $(wildcard $(VNF_CORE)/common/VIL/l2l3_stack/*.h) +INC += $(wildcard $(VNF_CORE)/common/VIL/gateway/*.h) CFLAGS += -I$(SRCDIR) -mrtm -mhle -I$(SRCDIR)/pipeline -I$(VNF_CORE)/common/vnf_common CFLAGS += -I$(VNF_CORE)/common/VIL/l2l3_stack -I$(VNF_CORE)/common/VIL/conntrack @@ -60,10 +61,18 @@ CFLAGS += -I$(VNF_CORE)/common/VIL/pipeline_common -I$(VNF_CORE)/common/VIL/pipe CFLAGS += -I$(VNF_CORE)/common/VIL/pipeline_master -I$(VNF_CORE)/common/VIL/pipeline_passthrough CFLAGS += -I$(VNF_CORE)/common/VIL/pipeline_txrx CFLAGS += -I$(VNF_CORE)/common/VIL/pipeline_arpicmp +CFLAGS += -I$(VNF_CORE)/common/VIL/gateway + +TOP = $(RTE_SDK)/../civetweb +CFLAGS += -I$(TOP)/include $(COPT) -DUSE_WEBSOCKET -DUSE_IPV6 -DUSE_SSL_DH=1 +CFLAGS += -DREST_API_SUPPORT +LDFLAGS += -ljson -lcrypto -lssl +LDFLAGS += -L$(RTE_SDK)/../civetweb/ -lcivetweb # all source are stored in SRCS-y SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) := main.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += config_parse.c +SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += rest_api.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += config_parse_tm.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += config_check.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += init.c @@ -99,6 +108,8 @@ SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += pipeline_txrx.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += pipeline_txrx_be.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += pipeline_arpicmp.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += pipeline_arpicmp_be.c +SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += gateway.c + CFLAGS += -O3 CFLAGS += -DIPV6 diff --git a/VNFs/vACL/config/IPv4_hwlb_acl.tc b/VNFs/vACL/config/IPv4_hwlb_acl.tc index 79b48ed3..b8e2b152 100644 --- a/VNFs/vACL/config/IPv4_hwlb_acl.tc +++ b/VNFs/vACL/config/IPv4_hwlb_acl.tc @@ -20,9 +20,9 @@ link 1 down link 1 config 172.16.40.10 8 link 1 up -; routeadd <port #> <ipv4 nhip address in decimal> <Mask> -routeadd 0 202.16.100.20 0xff000000 -routeadd 1 172.16.40.20 0xff000000 +;routeadd <net/host> <port #> <ipv4 nhip address in decimal> <Mask/NotApplicable> +routeadd net 0 202.16.100.20 0xff000000 +routeadd net 1 172.16.40.20 0xff000000 ; IPv4 static ARP ;p 1 arpadd 1 172.16.40.20 00:00:00:00:00:04 diff --git a/VNFs/vACL/config/IPv4_swlb_acl.tc b/VNFs/vACL/config/IPv4_swlb_acl.tc index 7274847a..f736fc4a 100644 --- a/VNFs/vACL/config/IPv4_swlb_acl.tc +++ b/VNFs/vACL/config/IPv4_swlb_acl.tc @@ -20,9 +20,9 @@ link 1 down link 1 config 172.16.40.10 8 link 1 up -; routeadd <port #> <ipv4 nhip address in decimal> <Mask> -routeadd 0 202.16.100.20 0xff000000 -routeadd 1 172.16.40.20 0xff000000 +; routeadd <net/host> <port #> <ipv4 nhip address in decimal> <Mask/NotApplicable> +routeadd net 0 202.16.100.20 0xff000000 +routeadd net 1 172.16.40.20 0xff000000 ; IPv4 static ARP ;p 1 arpadd 1 172.16.40.20 00:00:00:00:00:04 @@ -39,4 +39,4 @@ p action add 1 count ; IPv4 rules p acl add 1 202.16.100.20 8 172.16.40.20 8 0 65535 0 65535 0 0 1 p acl add 1 172.16.40.20 8 202.16.100.20 8 0 65535 0 65535 0 0 0 -p acl applyruleset
\ No newline at end of file +p acl applyruleset diff --git a/VNFs/vACL/config/IPv6_hwlb_acl.tc b/VNFs/vACL/config/IPv6_hwlb_acl.tc index 41761108..da43b8d8 100644 --- a/VNFs/vACL/config/IPv6_hwlb_acl.tc +++ b/VNFs/vACL/config/IPv6_hwlb_acl.tc @@ -20,9 +20,9 @@ link 1 down link 1 config 2012:0000:0000:0000:6a05:caff:fe30:2071 64 link 1 up -;routeadd <port #> <ipv6 nhip address in hex> <Depth> -routeadd 0 fec0::6a05:caff:fe30:21b0 64 -routeadd 1 2012::6a05:caff:fe30:2081 64 +;routeadd <net/host> <port #> <ipv6 nhip address in hex> <Depth/NotApplicable> +routeadd net 0 fec0::6a05:caff:fe30:21b0 64 +routeadd net 1 2012::6a05:caff:fe30:2081 64 ; IPv6 static ARP ;p 1 arpadd 0 fec0::6a05:caff:fe30:21b0 00:00:00:00:00:01 diff --git a/VNFs/vACL/config/IPv6_swlb_acl.tc b/VNFs/vACL/config/IPv6_swlb_acl.tc index c964609a..8ffc3cc3 100644 --- a/VNFs/vACL/config/IPv6_swlb_acl.tc +++ b/VNFs/vACL/config/IPv6_swlb_acl.tc @@ -20,9 +20,9 @@ link 1 down link 1 config 2012:0000:0000:0000:6a05:caff:fe30:2071 64 link 1 up -;routeadd <port #> <ipv6 nhip address in hex> <Depth> -routeadd 0 fec0::6a05:caff:fe30:21b0 64 -routeadd 1 2012::6a05:caff:fe30:2081 64 +;routeadd <net/host> <port #> <ipv6 nhip address in hex> <Depth/NotApplicable> +routeadd net 0 fec0::6a05:caff:fe30:21b0 64 +routeadd net 1 2012::6a05:caff:fe30:2081 64 ; IPv6 static ARP ;p 1 arpadd 0 fec0::6a05:caff:fe30:21b0 00:00:00:00:00:01 @@ -39,4 +39,4 @@ p action add 1 count ; IPv6 rules p acl add 1 fec0::6a05:caff:fe30:21b0 64 2012::6a05:caff:fe30:2081 64 0 65535 0 65535 0 0 1 p acl add 1 2012::6a05:caff:fe30:2081 64 fec0::6a05:caff:fe30:21b0 64 0 65535 0 65535 0 0 0 -p acl applyruleset
\ No newline at end of file +p acl applyruleset diff --git a/VNFs/vACL/main.c b/VNFs/vACL/main.c index 9ebf6fc3..a6ba00b6 100644 --- a/VNFs/vACL/main.c +++ b/VNFs/vACL/main.c @@ -15,12 +15,14 @@ */ #include "app.h" +#include "pipeline_acl.h" static struct app_params app; int main(int argc, char **argv) { + struct mg_context *ctx = NULL; rte_openlog_stream(stderr); /* Config */ @@ -28,6 +30,12 @@ main(int argc, char **argv) app_config_args(&app, argc, argv); + if (is_rest_support()) { + /* initialize the rest api */ + set_vnf_type("VACL"); + ctx = rest_api_init(&app); + } + app_config_preproc(&app); app_config_parse(&app, app.parser_file); @@ -40,11 +48,21 @@ main(int argc, char **argv) /* Init */ app_init(&app); + if (is_rest_support() && (ctx != NULL)) { + /* rest api's for cgnapt */ + rest_api_acl_init(ctx, &app); + } + /* Run-time */ rte_eal_mp_remote_launch( app_thread, (void *) &app, CALL_MASTER); + if (is_rest_support() && (ctx != NULL)) { + mg_stop(ctx); + printf("Civet server stopped.\n"); + } + return 0; } diff --git a/VNFs/vACL/pipeline/pipeline_acl.c b/VNFs/vACL/pipeline/pipeline_acl.c index 1a4ed4f5..f1935622 100644 --- a/VNFs/vACL/pipeline/pipeline_acl.c +++ b/VNFs/vACL/pipeline/pipeline_acl.c @@ -49,6 +49,13 @@ #include "pipeline_acl_be.h" #include "rte_cnxn_tracking.h" +int acl_load_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata); +int acl_clear_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata); +int acl_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata); +uint32_t rules_loaded = 0; +extern struct cmdline *pipe_cl; +struct app_params *myapp; + /** * A structure defining the ACL rule for the TAILQ Tables. */ @@ -4176,3 +4183,293 @@ struct pipeline_type pipeline_acl = { .be_ops = &pipeline_acl_be_ops, .fe_ops = &pipeline_acl_fe_ops, }; + +void all_acl_stats(struct mg_connection *conn) +{ + + struct app_params *app = myapp; + int i, j; + struct rte_ACL_counter_block acl_counter_sums; + struct rte_CT_counter_block ct_counter_sums; + struct rte_CT_counter_block *ct_counters; + struct action_counter_block action_counter_sum[action_array_max]; + + memset(&acl_counter_sums, 0, sizeof(acl_counter_sums)); + memset(&ct_counter_sums, 0, sizeof(ct_counter_sums)); + + mg_printf(conn, + "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: " + "close\r\n\r\n"); + mg_printf(conn, "<html><body>"); + mg_printf(conn, "ACL Stats\n"); + for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) { + struct rte_ACL_counter_block *acl_ctrs = + &rte_acl_counter_table[i]; + ct_counters = rte_acl_counter_table[i].ct_counters; + mg_printf(conn, "acl entry[%i] tpkts_processed: %" PRIu64 + ", pkts_drop: %" PRIu64 ", pkts_received: %" PRIu64 + ", bytes_processed: %" PRIu64 "\n", i, + acl_ctrs->tpkts_processed, acl_ctrs->pkts_drop, + acl_ctrs->pkts_received, acl_ctrs->bytes_processed); + + acl_counter_sums.tpkts_processed += acl_ctrs->tpkts_processed; + acl_counter_sums.bytes_processed += acl_ctrs->bytes_processed; + acl_counter_sums.pkts_drop += acl_ctrs->pkts_drop; + acl_counter_sums.pkts_received += acl_ctrs->pkts_received; + ct_counter_sums.pkts_forwarded += ct_counters->pkts_forwarded; + ct_counter_sums.pkts_drop += ct_counters->pkts_drop; + } + + mg_printf(conn, "ACL TOTAL: tpkts_processed: %" PRIu64 ", pkts_drop: %" PRIu64 + ", pkts_received: %" PRIu64 ", bytes_processed: %" PRIu64 "\n\n", + acl_counter_sums.tpkts_processed, + acl_counter_sums.pkts_drop, + acl_counter_sums.pkts_received, + acl_counter_sums.bytes_processed); + + mg_printf(conn, "CT TOTAL: ct_packets_forwarded: %" PRIu64 + ", ct_packets_dropped: %" PRIu64 "\n\n", + ct_counter_sums.pkts_forwarded, ct_counter_sums.pkts_drop); + + for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) { + for (j = 0; j < action_array_max; j++) { + if (action_array_active[j].action_bitmap & + acl_action_count) { + action_counter_sum[j].packetCount += + action_counter_table[i][j].packetCount; + action_counter_sum[j].byteCount += + action_counter_table[i][j].byteCount; + } + } + } + + for (j = 0; j < action_array_max; j++) { + if (action_array_active[j].action_bitmap & acl_action_count) + mg_printf(conn, "Action ID: %02u, packetCount: %" PRIu64 + ", byteCount: %" PRIu64 "\n", j, + action_counter_sum[j].packetCount, + action_counter_sum[j].byteCount); + } + mg_printf(conn, "<p>Command Passed</p>"); + mg_printf(conn, "</body></html>\n"); +} + +int acl_stats_handler(struct mg_connection *conn, void *cbdata) +{ + uint32_t num_links = 0, len = 0; + char buf[1024]; + const struct mg_request_info *ri = mg_get_request_info(conn); + struct app_params *app = myapp; + int i; + + if (!strcmp(ri->request_method, "GET")) { + all_acl_stats(conn); + mg_printf(conn, "%s\n", &buf[0]); + return 1; + } + + if (strcmp(ri->request_method, "POST")) { + mg_printf(conn, + "HTTP/1.1 405 Method Not Allowed\r\nConnection: close\r\n"); + mg_printf(conn, "Content-Type: text/plain\r\n\r\n"); + mg_printf(conn, + "%s method not allowed in the GET handler\n", + ri->request_method); + } + + for (i = 0; i <= rte_ACL_hi_counter_block_in_use; i++) { + rte_acl_counter_table[i].tpkts_processed = 0; + rte_acl_counter_table[i].bytes_processed = 0; + rte_acl_counter_table[i].pkts_drop = 0; + rte_acl_counter_table[i].pkts_received = 0; + rte_acl_counter_table[i].pkts_drop_ttl = 0; + rte_acl_counter_table[i].pkts_drop_bad_size = 0; + rte_acl_counter_table[i].pkts_drop_fragmented = 0; + rte_acl_counter_table[i].pkts_drop_without_arp_entry = 0; + rte_acl_counter_table[i].ct_counters->pkts_forwarded = 0; + rte_acl_counter_table[i].ct_counters->pkts_drop = 0; + } + + memset(&action_counter_table, 0, sizeof(action_counter_table)); + + mg_printf(conn, "%s\n", &buf[0]); + return 1; + +} + +int acl_version_handler(struct mg_connection *conn, void *cbdata) +{ + const struct mg_request_info *req_info = mg_get_request_info(conn); + + mg_printf(conn, + "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: " + "close\r\n\r\n"); + mg_printf(conn, "<html><body>"); + mg_printf(conn, "<p>Command Passed</p>"); + mg_printf(conn, "</body></html>\n"); + + return 1; +} + +int acl_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata) +{ + + const struct mg_request_info *req_info = mg_get_request_info(conn); + if (strcmp(req_info->request_method, "GET")) { + mg_printf(conn, "Only GET method allowed"); + return 1; + } + + mg_printf(conn, + "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: " + "close\r\n\r\n"); + mg_printf(conn, "<html><body>"); + mg_printf(conn, "<h2> These are the methods that are supported </h2>"); + mg_printf(conn, "<h3> /load </h3>"); + mg_printf(conn, "<h3> /clear </h3>"); + mg_printf(conn, "<html><body>"); + + mg_printf(conn, "</body></html>\n"); + + return 1; +} + +static int acl_field_found(const char *key, + const char *filename, + char *path, + size_t pathlen, + void *user_data) +{ + struct mg_connection *conn = (struct mg_connection *)user_data; + + mg_printf(conn, "\r\n\r\n%s:\r\n", key); + mg_printf(conn, "Inside vfw_field_found %s \n", filename); + + if (filename && *filename) { + snprintf(path, pathlen, "/tmp/%s", filename); + struct app_params *app = myapp; + int status; + int fd; + + mg_printf(conn, "path: %s\n", path); + + /* Make sure the file exists before clearing rules and actions */ + fd = open(path, O_RDONLY); + if (fd < 0) { + mg_printf(conn, "Cannot open file \"%s\"\n", filename); + return FORM_FIELD_STORAGE_GET; + } + close(fd); + + return FORM_FIELD_STORAGE_STORE; + } + + return FORM_FIELD_STORAGE_GET; +} + +static int acl_field_get(const char *key, const char *value, size_t valuelen, + void *user_data) +{ + struct mg_connection *conn = (struct mg_connection *)user_data; + + if (key[0]) { + mg_printf(conn, "%s = ", key); + } + mg_write(conn, value, valuelen); + + return 0; +} + +static int acl_field_stored(const char *path, long long file_size, + void *user_data) +{ + struct mg_connection *conn = (struct mg_connection *)user_data; + int status; + + mg_printf(conn, + "stored as %s (%lu bytes)\r\n\r\n", + path, + (unsigned long)file_size); + + /* Clear all rules and actions */ + status = app_pipeline_acl_clearrules(myapp); + + if (status != 0) { + mg_printf(conn, "Command failed\n"); + return 1; + } + + /* Process commands in script file */ + app_loadrules_file(pipe_cl->ctx, path); + rules_loaded = 1; + + return 0; +} + +int acl_load_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata) +{ + /* Handler may access the request info using mg_get_request_info */ + int ret; + const struct mg_request_info *req_info = mg_get_request_info(conn); + struct mg_form_data_handler fdh = {acl_field_found, acl_field_get, + acl_field_stored, 0}; + + /* It would be possible to check the request info here before calling + * mg_handle_form_request. */ + (void)req_info; + + mg_printf(conn, + "HTTP/1.1 200 OK\r\nContent-Type: " + "text/plain\r\nConnection: close\r\n\r\n"); + + if (!strcmp(req_info->request_method, "GET")) { + mg_printf(conn, "Rule file is %s\n", rules_loaded? "LOADED":"NOT LOADED"); + } + + if (strcmp(req_info->request_method, "PUT")) { + mg_printf(conn, "Only PUT method allowed"); + return 1; + } + + fdh.user_data = (void *)conn; + + /* Call the form handler */ + mg_printf(conn, "Form data:"); + ret = mg_handle_form_request(conn, &fdh); + mg_printf(conn, "\r\n%i fields found", ret); + + return 1; +} + +int acl_clear_rules_handler(struct mg_connection *conn, __rte_unused void *cbdata) +{ + struct app_params *app = myapp; + int status; + mg_printf(conn, + "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: " + "close\r\n\r\n"); + mg_printf(conn, "<html><body>"); + status = app_pipeline_acl_clearrules(app); + + if (status != 0) { + mg_printf(conn, "Command failed\n"); + return 1; + } + + mg_printf(conn, "Command Success\n"); + mg_printf(conn, "</body></html>\n"); + return 1; +} + +void rest_api_acl_init(struct mg_context *ctx, struct app_params *app) +{ + myapp = app; + + /* vCGNAPT commands */ + mg_set_request_handler(ctx, "/vnf/config/rules", acl_rules_handler, 0); + mg_set_request_handler(ctx, "/vnf/config/rules/load", acl_load_rules_handler, 0); + mg_set_request_handler(ctx, "/vnf/config/rules/clear", acl_clear_rules_handler, 0); + mg_set_request_handler(ctx, "/vnf/status", acl_version_handler, 0); + mg_set_request_handler(ctx, "/vnf/stats", acl_stats_handler, 0); + +} diff --git a/VNFs/vACL/pipeline/pipeline_acl.h b/VNFs/vACL/pipeline/pipeline_acl.h index 80a85cae..93b92c45 100644 --- a/VNFs/vACL/pipeline/pipeline_acl.h +++ b/VNFs/vACL/pipeline/pipeline_acl.h @@ -28,6 +28,8 @@ #include "pipeline.h" #include "pipeline_acl_be.h" +#include <civetweb.h> +#include <json/json.h> /* ACL IPV4 and IPV6 enable flags for debugging (Default both on) */ extern int acl_ipv4_enabled; @@ -47,6 +49,8 @@ extern void *acl_rule_table_ipv6_standby; #define acl_delete_command 1 #define IPV6_32BIT_LENGTH 4 +void rest_api_acl_init(struct mg_context *ctx, struct app_params *app); + /** * Add ACL rule to the ACL rule table. * Rules are added standby table. diff --git a/VNFs/vACL/pipeline/pipeline_acl_be.c b/VNFs/vACL/pipeline/pipeline_acl_be.c index b6e6076d..d3fa0519 100644 --- a/VNFs/vACL/pipeline/pipeline_acl_be.c +++ b/VNFs/vACL/pipeline/pipeline_acl_be.c @@ -47,6 +47,8 @@ #include "pipeline_actions_common.h" #include "lib_arp.h" #include "lib_icmpv6.h" +#include "gateway.h" + static uint8_t acl_prv_que_port_index[PIPELINE_MAX_PORT_IN]; extern void convert_prefixlen_to_netmask_ipv6(uint32_t depth, uint8_t netmask_ipv6[]); @@ -83,14 +85,6 @@ struct pipeline_acl { struct acl_table_entry *acl_entries_ipv4[RTE_PORT_IN_BURST_SIZE_MAX]; struct acl_table_entry *acl_entries_ipv6[RTE_PORT_IN_BURST_SIZE_MAX]; - /* Local ARP & ND Tables */ - struct lib_arp_route_table_entry - local_lib_arp_route_table[MAX_ARP_RT_ENTRY]; - uint8_t local_lib_arp_route_ent_cnt; - struct lib_nd_route_table_entry - local_lib_nd_route_table[MAX_ND_RT_ENTRY]; - uint8_t local_lib_nd_route_ent_cnt; - } __rte_cache_aligned; /** @@ -147,74 +141,6 @@ static pipeline_msg_req_handler custom_handlers[] = { uint64_t arp_pkts_mask; uint8_t ACL_DEBUG; -uint32_t local_get_nh_ipv4(uint32_t ip, - uint32_t *port, - uint32_t *nhip, struct pipeline_acl *p_acl) -{ - int i; - - for (i = 0; i < p_acl->local_lib_arp_route_ent_cnt; i++) { - if (((p_acl->local_lib_arp_route_table[i].ip & - p_acl->local_lib_arp_route_table[i].mask) == - (ip & p_acl->local_lib_arp_route_table[i].mask))) { - *port = p_acl->local_lib_arp_route_table[i].port; - - *nhip = p_acl->local_lib_arp_route_table[i].nh; - return 1; - } - } - return 0; -} - -static uint32_t local_get_nh_ipv6(uint8_t *ip, - uint32_t *port, - uint8_t nhip[], struct pipeline_acl *p_acl) -{ - int i = 0; - uint8_t netmask_ipv6[16],netip_nd[16],netip_in[16]; - uint8_t k = 0, l = 0, depthflags = 0, depthflags1 = 0; - memset (netmask_ipv6, 0, sizeof(netmask_ipv6)); - memset (netip_nd, 0, sizeof(netip_nd)); - memset (netip_in, 0, sizeof(netip_in)); - - for (i = 0; i < p_acl->local_lib_nd_route_ent_cnt; i++) { - - convert_prefixlen_to_netmask_ipv6 - (p_acl->local_lib_nd_route_table[i].depth, netmask_ipv6); - - for (k = 0; k < 16; k++) - if (p_acl->local_lib_nd_route_table[i].ipv6[k] & - netmask_ipv6[k]) { - depthflags++; - netip_nd[k] = p_acl-> - local_lib_nd_route_table[i].ipv6[k]; - } - - - for (l = 0; l < 16; l++) - if (ip[l] & netmask_ipv6[l]) { - depthflags1++; - netip_in[l] = ip[l]; - } - - int j = 0; - - if ((depthflags == depthflags1) && (memcmp(netip_nd, netip_in, - sizeof(netip_nd)) == 0)){ - *port = p_acl->local_lib_nd_route_table[i].port; - - for (j = 0; j < 16; j++) - nhip[j] = - p_acl->local_lib_nd_route_table[i]. - nhipv6[j]; - return 1; - } - - depthflags = 0; - depthflags1 = 0; - } - return 0; -} static uint8_t check_arp_icmp(struct rte_mbuf *pkt, uint64_t pkt_mask, struct pipeline_acl *p_acl) @@ -396,675 +322,689 @@ void print_pkt_acl(struct rte_mbuf *pkt) */ static int pkt_work_acl_key(struct rte_pipeline *p, - struct rte_mbuf **pkts, uint32_t n_pkts, void *arg) + struct rte_mbuf **pkts, uint32_t n_pkts, void *arg) { - struct pipeline_acl *p_acl = arg; - - p_acl->counters->pkts_received = - p_acl->counters->pkts_received + n_pkts; - if (ACL_DEBUG) - printf("pkt_work_acl_key pkts_received: %" PRIu64 - " n_pkts: %u\n", p_acl->counters->pkts_received, n_pkts); - - uint64_t lookup_hit_mask = 0; - uint64_t lookup_hit_mask_ipv4 = 0; - uint64_t lookup_hit_mask_ipv6 = 0; - uint64_t lookup_miss_mask = 0; - uint64_t conntrack_mask = 0; - uint64_t connexist_mask = 0; - uint32_t dest_address = 0; - arp_pkts_mask = 0; - int dest_if = 0; - int status; - uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t); - uint64_t keep_mask = pkts_mask; - uint16_t port; - uint32_t ret; - - p_acl->in_port_time_stamp = rte_get_tsc_cycles(); - - if (acl_ipv4_enabled) { - if (ACL_DEBUG) - printf("ACL IPV4 Lookup Mask Before = %p\n", - (void *)pkts_mask); - status = - rte_table_acl_ops.f_lookup(acl_rule_table_ipv4_active, pkts, - pkts_mask, &lookup_hit_mask_ipv4, - (void **) - p_acl->acl_entries_ipv4); - if (ACL_DEBUG) - printf("ACL IPV4 Lookup Mask After = %p\n", - (void *)lookup_hit_mask_ipv4); - } - - if (acl_ipv6_enabled) { - if (ACL_DEBUG) - printf("ACL IPV6 Lookup Mask Before = %p\n", - (void *)pkts_mask); - status = - rte_table_acl_ops.f_lookup(acl_rule_table_ipv6_active, pkts, - pkts_mask, &lookup_hit_mask_ipv6, - (void **) - p_acl->acl_entries_ipv6); - if (ACL_DEBUG) - printf("ACL IPV6 Lookup Mask After = %p\n", - (void *)lookup_hit_mask_ipv6); - } - - /* Merge lookup results since we process both IPv4 and IPv6 below */ - lookup_hit_mask = lookup_hit_mask_ipv4 | lookup_hit_mask_ipv6; - if (ACL_DEBUG) - printf("ACL Lookup Mask After = %p\n", (void *)lookup_hit_mask); - - lookup_miss_mask = pkts_mask & (~lookup_hit_mask); - pkts_mask = lookup_hit_mask; - p_acl->counters->pkts_drop += __builtin_popcountll(lookup_miss_mask); - if (ACL_DEBUG) - printf("pkt_work_acl_key pkts_drop: %" PRIu64 " n_pkts: %u\n", - p_acl->counters->pkts_drop, - __builtin_popcountll(lookup_miss_mask)); - - uint64_t pkts_to_process = lookup_hit_mask; - /* bitmap of packets left to process for ARP */ - - for (; pkts_to_process;) { - uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); - uint64_t pkt_mask = 1LLU << pos; - /* bitmask representing only this packet */ - - pkts_to_process &= ~pkt_mask; - /* remove this packet from remaining list */ - struct rte_mbuf *pkt = pkts[pos]; - - if (enable_hwlb) - if (!check_arp_icmp(pkt, pkt_mask, p_acl)) { - pkts_mask &= ~(1LLU << pos); - continue; - } - - uint8_t hdr_chk = - RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); - hdr_chk = hdr_chk >> IP_VERSION_CHECK; - - if (hdr_chk == IPv4_HDR_VERSION) { - - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv4[pos]; - uint16_t phy_port = entry->head.port_id; - uint32_t action_id = entry->action_id; - - if (ACL_DEBUG) - printf("action_id = %u\n", action_id); - - uint32_t dscp_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DSCP_OFST; - - if (action_array_active[action_id].action_bitmap & - acl_action_count) { - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount++; - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount += - rte_pktmbuf_pkt_len(pkt); - if (ACL_DEBUG) - printf("Action Count Packet Count: %" - PRIu64 " Byte Count: %" PRIu64 - "\n", - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount, - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_drop) { - - /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf("ACL before drop pkt_mask " - " %lu, pkt_num %d\n", - pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - } - - if (action_array_active[action_id].action_bitmap & - acl_action_fwd) { - phy_port = - action_array_active[action_id].fwd_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action FWD Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_nat) { - phy_port = - action_array_active[action_id].nat_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action NAT Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_dscp) { - - /* Set DSCP priority */ - uint8_t *dscp = RTE_MBUF_METADATA_UINT8_PTR(pkt, - dscp_offset); - *dscp = - action_array_active[action_id].dscp_priority - << 2; - if (ACL_DEBUG) - printf - ("Action DSCP DSCP Priority: %u\n", - *dscp); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_accept) { - if (ACL_DEBUG) - printf("Action Accept\n"); - - if (action_array_active[action_id].action_bitmap - & acl_action_conntrack) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - if (ACL_DEBUG) - printf("ACL Conntrack enabled: " - "%p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)pkt_mask); - } - - if (action_array_active[action_id].action_bitmap - & acl_action_connexist) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - - /* Set connexist bit for this pkt for public -> private */ - /* Private -> public packet will open the connection */ - if (action_array_active - [action_id].private_public == - acl_public_private) - connexist_mask |= pkt_mask; - - if (ACL_DEBUG) - printf("ACL Connexist enabled " - "conntrack: %p connexist: %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)connexist_mask, - (void *)pkt_mask); - } - } - } - - if (hdr_chk == IPv6_HDR_VERSION) { - - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv6[pos]; - uint16_t phy_port = entry->head.port_id; - uint32_t action_id = entry->action_id; - - if (ACL_DEBUG) - printf("action_id = %u\n", action_id); - - if (action_array_active[action_id].action_bitmap & - acl_action_count) { - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount++; - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount += - rte_pktmbuf_pkt_len(pkt); - if (ACL_DEBUG) - printf("Action Count Packet Count: %" - PRIu64 " Byte Count: %" PRIu64 - "\n", - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount, - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_drop) { - /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf("ACL before drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - - } - - if (action_array_active[action_id].action_bitmap & - acl_action_fwd) { - phy_port = - action_array_active[action_id].fwd_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action FWD Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_nat) { - phy_port = - action_array_active[action_id].nat_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action NAT Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_dscp) { - - /* Set DSCP priority */ - uint32_t dscp_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + - IP_HDR_DSCP_OFST_IPV6; - uint16_t *dscp = - RTE_MBUF_METADATA_UINT16_PTR(pkt, - dscp_offset); - uint16_t dscp_value = - (rte_bswap16 - (RTE_MBUF_METADATA_UINT16 - (pkt, dscp_offset)) & 0XF00F); - uint8_t dscp_store = - action_array_active[action_id].dscp_priority - << 2; - uint16_t dscp_temp = dscp_store; - - dscp_temp = dscp_temp << 4; - *dscp = rte_bswap16(dscp_temp | dscp_value); - if (ACL_DEBUG) - printf - ("Action DSCP DSCP Priority: %u\n", - *dscp); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_accept) { - if (ACL_DEBUG) - printf("Action Accept\n"); - - if (action_array_active[action_id].action_bitmap - & acl_action_conntrack) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - if (ACL_DEBUG) - printf("ACL Conntrack enabled: " - " %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)pkt_mask); - } - - if (action_array_active[action_id].action_bitmap - & acl_action_connexist) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - - /* Set connexist bit for this pkt for public -> private */ - /* Private -> public packet will open the connection */ - if (action_array_active - [action_id].private_public == - acl_public_private) - connexist_mask |= pkt_mask; - - if (ACL_DEBUG) - printf("ACL Connexist enabled " - "conntrack: %p connexist: %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)connexist_mask, - (void *)pkt_mask); - } - } - } - } - - /* Only call connection tracker if required */ - if (conntrack_mask > 0) { - if (ACL_DEBUG) - printf - ("ACL Call Conntrack Before = %p Connexist = %p\n", - (void *)conntrack_mask, (void *)connexist_mask); - conntrack_mask = - rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control - (p_acl->cnxn_tracker, pkts, conntrack_mask, connexist_mask); - if (ACL_DEBUG) - printf("ACL Call Conntrack After = %p\n", - (void *)conntrack_mask); - - /* Only change pkt mask for pkts that have conntrack enabled */ - /* Need to loop through packets to check if conntrack enabled */ - pkts_to_process = pkts_mask; - for (; pkts_to_process;) { - uint32_t action_id = 0; - uint8_t pos = - (uint8_t) __builtin_ctzll(pkts_to_process); - uint64_t pkt_mask = 1LLU << pos; - /* bitmask representing only this packet */ - - pkts_to_process &= ~pkt_mask; - /* remove this packet from remaining list */ - struct rte_mbuf *pkt = pkts[pos]; - - uint8_t hdr_chk = RTE_MBUF_METADATA_UINT8(pkt, - MBUF_HDR_ROOM - + - ETH_HDR_SIZE); - - hdr_chk = hdr_chk >> IP_VERSION_CHECK; - if (hdr_chk == IPv4_HDR_VERSION) { - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv4[pos]; - action_id = entry->action_id; - } else { - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv6[pos]; - action_id = entry->action_id; - } - - if ((action_array_active[action_id].action_bitmap & - acl_action_conntrack) - || (action_array_active[action_id].action_bitmap & - acl_action_connexist)) { - - if (conntrack_mask & pkt_mask) { - if (ACL_DEBUG) - printf("ACL Conntrack Accept " - "packet = %p\n", - (void *)pkt_mask); - } else { - /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf("ACL Conntrack Drop " - "packet = %p\n", - (void *)pkt_mask); - pkts_mask &= ~pkt_mask; - p_acl->counters->pkts_drop++; - } - } - } - } - - pkts_to_process = pkts_mask; - /* bitmap of packets left to process for ARP */ - - for (; pkts_to_process;) { - uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); - uint64_t pkt_mask = 1LLU << pos; - /* bitmask representing only this packet */ - - pkts_to_process &= ~pkt_mask; - /* remove this packet from remaining list */ - struct rte_mbuf *pkt = pkts[pos]; - - uint8_t hdr_chk = - RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); - hdr_chk = hdr_chk >> IP_VERSION_CHECK; - - if (hdr_chk == IPv4_HDR_VERSION) { - - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv4[pos]; - uint16_t phy_port = pkt->port; - uint32_t *port_out_id = - RTE_MBUF_METADATA_UINT32_PTR(pkt, - META_DATA_OFFSET + - offsetof(struct - mbuf_acl_meta_data, - output_port)); - if (ACL_DEBUG) - printf - ("phy_port = %i, links_map[phy_port] = %i\n", - phy_port, p_acl->links_map[phy_port]); - - /* header room + eth hdr size + dst_adr offset in ip header */ - uint32_t dst_addr_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DST_ADR_OFST; - uint32_t *dst_addr = - RTE_MBUF_METADATA_UINT32_PTR(pkt, dst_addr_offset); - uint8_t *eth_dest = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM); - uint8_t *eth_src = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM + 6); - struct ether_addr hw_addr; - uint32_t dest_address = rte_bswap32(*dst_addr); - uint32_t *nhip = RTE_MBUF_METADATA_UINT32_PTR(pkt, - META_DATA_OFFSET - + - offsetof - (struct - mbuf_acl_meta_data, - nhip)); - uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); - *nhip = 0; - struct arp_entry_data *ret_arp_data = NULL; - ret_arp_data = get_dest_mac_addr_port - (dest_address, &dest_if, (struct ether_addr *) eth_dest); - *port_out_id = p_acl->port_out_id[dest_if]; - if (arp_cache_dest_mac_present(dest_if)) { - ether_addr_copy(get_link_hw_addr(dest_if), - (struct ether_addr *)eth_src); - update_nhip_access(dest_if); - if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) { - printf("sending buffered packets\n"); - arp_send_buffered_pkts(ret_arp_data, - (struct ether_addr *)eth_dest, *port_out_id); - - } - p_acl->counters->tpkts_processed++; - p_acl->counters->bytes_processed += - packet_length; - } else { - if (unlikely(ret_arp_data == NULL)) { - if (ACL_DEBUG) - printf("%s: NHIP Not Found, " - "outport_id: %d\n", __func__, - *port_out_id); - - /* Drop the pkt */ - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - continue; - } + struct pipeline_acl *p_acl = arg; + + p_acl->counters->pkts_received = + p_acl->counters->pkts_received + n_pkts; + if (ACL_DEBUG) + printf("pkt_work_acl_key pkts_received: %" PRIu64 + " n_pkts: %u\n", p_acl->counters->pkts_received, n_pkts); + + uint64_t lookup_hit_mask = 0; + uint64_t lookup_hit_mask_ipv4 = 0; + uint64_t lookup_hit_mask_ipv6 = 0; + uint64_t lookup_miss_mask = 0; + uint64_t conntrack_mask = 0; + uint64_t connexist_mask = 0; + uint32_t dest_address = 0; + arp_pkts_mask = 0; + int status; + uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t); + uint64_t keep_mask = pkts_mask; + uint16_t port; + uint32_t ret; + + p_acl->in_port_time_stamp = rte_get_tsc_cycles(); + + if (acl_ipv4_enabled) { + if (ACL_DEBUG) + printf("ACL IPV4 Lookup Mask Before = %p\n", + (void *)pkts_mask); + status = + rte_table_acl_ops.f_lookup(acl_rule_table_ipv4_active, pkts, + pkts_mask, &lookup_hit_mask_ipv4, + (void **) + p_acl->acl_entries_ipv4); + if (ACL_DEBUG) + printf("ACL IPV4 Lookup Mask After = %p\n", + (void *)lookup_hit_mask_ipv4); + } + + if (acl_ipv6_enabled) { + if (ACL_DEBUG) + printf("ACL IPV6 Lookup Mask Before = %p\n", + (void *)pkts_mask); + status = + rte_table_acl_ops.f_lookup(acl_rule_table_ipv6_active, pkts, + pkts_mask, &lookup_hit_mask_ipv6, + (void **) + p_acl->acl_entries_ipv6); + if (ACL_DEBUG) + printf("ACL IPV6 Lookup Mask After = %p\n", + (void *)lookup_hit_mask_ipv6); + } + + /* Merge lookup results since we process both IPv4 and IPv6 below */ + lookup_hit_mask = lookup_hit_mask_ipv4 | lookup_hit_mask_ipv6; + if (ACL_DEBUG) + printf("ACL Lookup Mask After = %p\n", (void *)lookup_hit_mask); + + lookup_miss_mask = pkts_mask & (~lookup_hit_mask); + pkts_mask = lookup_hit_mask; + p_acl->counters->pkts_drop += __builtin_popcountll(lookup_miss_mask); + if (ACL_DEBUG) + printf("pkt_work_acl_key pkts_drop: %" PRIu64 " n_pkts: %u\n", + p_acl->counters->pkts_drop, + __builtin_popcountll(lookup_miss_mask)); + + uint64_t pkts_to_process = lookup_hit_mask; + /* bitmap of packets left to process for ARP */ + + for (; pkts_to_process;) { + uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); + uint64_t pkt_mask = 1LLU << pos; + /* bitmask representing only this packet */ + + pkts_to_process &= ~pkt_mask; + /* remove this packet from remaining list */ + struct rte_mbuf *pkt = pkts[pos]; + + if (enable_hwlb) + if (!check_arp_icmp(pkt, pkt_mask, p_acl)) { + pkts_mask &= ~(1LLU << pos); + continue; + } + + uint8_t hdr_chk = + RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); + hdr_chk = hdr_chk >> IP_VERSION_CHECK; + + if (hdr_chk == IPv4_HDR_VERSION) { + + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv4[pos]; + uint16_t phy_port = entry->head.port_id; + uint32_t action_id = entry->action_id; + + if (ACL_DEBUG) + printf("action_id = %u\n", action_id); + + uint32_t dscp_offset = + MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DSCP_OFST; + + if (action_array_active[action_id].action_bitmap & + acl_action_count) { + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount++; + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount += + rte_pktmbuf_pkt_len(pkt); + if (ACL_DEBUG) + printf("Action Count Packet Count: %" + PRIu64 " Byte Count: %" PRIu64 + "\n", + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount, + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_drop) { + + /* Drop packet by changing the mask */ + if (ACL_DEBUG) + printf("ACL before drop pkt_mask " + " %lu, pkt_num %d\n", + pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + } + + if (action_array_active[action_id].action_bitmap & + acl_action_fwd) { + phy_port = + action_array_active[action_id].fwd_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action FWD Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_nat) { + phy_port = + action_array_active[action_id].nat_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action NAT Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_dscp) { + + /* Set DSCP priority */ + uint8_t *dscp = RTE_MBUF_METADATA_UINT8_PTR(pkt, + dscp_offset); + *dscp = + action_array_active[action_id].dscp_priority + << 2; + if (ACL_DEBUG) + printf + ("Action DSCP DSCP Priority: %u\n", + *dscp); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_accept) { + if (ACL_DEBUG) + printf("Action Accept\n"); + + if (action_array_active[action_id].action_bitmap + & acl_action_conntrack) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + if (ACL_DEBUG) + printf("ACL Conntrack enabled: " + "%p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)pkt_mask); + } - if (ret_arp_data->status == INCOMPLETE || - ret_arp_data->status == PROBE) { - if (ret_arp_data->num_pkts >= NUM_DESC) { - /* Drop the pkt */ - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - continue; - } else { - arp_pkts_mask |= pkt_mask; - arp_queue_unresolved_packet(ret_arp_data, - pkt); - continue; - } - } - } + if (action_array_active[action_id].action_bitmap + & acl_action_connexist) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + + /* Set connexist bit for this pkt for public -> private */ + /* Private -> public packet will open the connection */ + if (action_array_active + [action_id].private_public == + acl_public_private) + connexist_mask |= pkt_mask; + + if (ACL_DEBUG) + printf("ACL Connexist enabled " + "conntrack: %p connexist: %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)connexist_mask, + (void *)pkt_mask); + } + } + } - } /* end of if (hdr_chk == IPv4_HDR_VERSION) */ - - if (hdr_chk == IPv6_HDR_VERSION) { - - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv6[pos]; - //uint16_t phy_port = entry->head.port_id; - uint16_t phy_port = pkt->port; - uint32_t *port_out_id = - RTE_MBUF_METADATA_UINT32_PTR(pkt, - META_DATA_OFFSET + - offsetof(struct - mbuf_acl_meta_data, - output_port)); - /*if (is_phy_port_privte(phy_port)) - *port_out_id = ACL_PUB_PORT_ID; - else - *port_out_id = ACL_PRV_PORT_ID;*/ - - /* *port_out_id = p_acl->links_map[phy_port]; */ - if (ACL_DEBUG) - printf("phy_port = %i, " - "links_map[phy_port] = %i\n", - phy_port, p_acl->links_map[phy_port]); - - /* header room + eth hdr size + dst_adr offset in ip header */ - uint32_t dst_addr_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + - IP_HDR_DST_ADR_OFST_IPV6; - uint8_t *eth_dest = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM); - uint8_t *eth_src = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM + 6); - struct ether_addr hw_addr; - uint8_t dest_address[16]; - uint8_t nhip[16]; - - nhip[0] = - RTE_MBUF_METADATA_UINT8(pkt, - META_DATA_OFFSET + - offsetof(struct - mbuf_acl_meta_data, - nhip)); - uint8_t *dst_addr[16]; - uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); - int i = 0; - - for (i = 0; i < 16; i++) { - dst_addr[i] = - RTE_MBUF_METADATA_UINT8_PTR(pkt, - dst_addr_offset - + i); - } - memcpy(dest_address, *dst_addr, sizeof(dest_address)); - memset(nhip, 0, sizeof(nhip)); - - struct nd_entry_data *ret_nd_data = NULL; - ret_nd_data = get_dest_mac_address_ipv6_port - (dest_address, &dest_if, &hw_addr, &nhip[0]); - *port_out_id = p_acl->port_out_id[dest_if]; - if (nd_cache_dest_mac_present(dest_if)) { - ether_addr_copy(get_link_hw_addr(dest_if), - (struct ether_addr *)eth_src); - update_nhip_access(dest_if); - - if (unlikely(ret_nd_data && ret_nd_data->num_pkts)) { - printf("sending buffered packets\n"); - p_acl->counters->tpkts_processed += - ret_nd_data->num_pkts; - nd_send_buffered_pkts(ret_nd_data, - (struct ether_addr *)eth_dest, *port_out_id); - } - p_acl->counters->tpkts_processed++; - p_acl->counters->bytes_processed += - packet_length; - } else { - if (unlikely(ret_nd_data == NULL)) { - if (ACL_DEBUG) - printf("ACL before drop pkt_mask " - "%lu, pkt_num %d\n", pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", pkts_mask, pos); - p_acl->counters->pkts_drop++; - continue; - } + if (hdr_chk == IPv6_HDR_VERSION) { + + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv6[pos]; + uint16_t phy_port = entry->head.port_id; + uint32_t action_id = entry->action_id; + + if (ACL_DEBUG) + printf("action_id = %u\n", action_id); + + if (action_array_active[action_id].action_bitmap & + acl_action_count) { + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount++; + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount += + rte_pktmbuf_pkt_len(pkt); + if (ACL_DEBUG) + printf("Action Count Packet Count: %" + PRIu64 " Byte Count: %" PRIu64 + "\n", + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount, + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_drop) { + /* Drop packet by changing the mask */ + if (ACL_DEBUG) + printf("ACL before drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + + } + + if (action_array_active[action_id].action_bitmap & + acl_action_fwd) { + phy_port = + action_array_active[action_id].fwd_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action FWD Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_nat) { + phy_port = + action_array_active[action_id].nat_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action NAT Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_dscp) { + + /* Set DSCP priority */ + uint32_t dscp_offset = + MBUF_HDR_ROOM + ETH_HDR_SIZE + + IP_HDR_DSCP_OFST_IPV6; + uint16_t *dscp = + RTE_MBUF_METADATA_UINT16_PTR(pkt, + dscp_offset); + uint16_t dscp_value = + (rte_bswap16 + (RTE_MBUF_METADATA_UINT16 + (pkt, dscp_offset)) & 0XF00F); + uint8_t dscp_store = + action_array_active[action_id].dscp_priority + << 2; + uint16_t dscp_temp = dscp_store; + + dscp_temp = dscp_temp << 4; + *dscp = rte_bswap16(dscp_temp | dscp_value); + if (ACL_DEBUG) + printf + ("Action DSCP DSCP Priority: %u\n", + *dscp); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_accept) { + if (ACL_DEBUG) + printf("Action Accept\n"); + + if (action_array_active[action_id].action_bitmap + & acl_action_conntrack) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + if (ACL_DEBUG) + printf("ACL Conntrack enabled: " + " %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)pkt_mask); + } - if (ret_nd_data->status == INCOMPLETE || - ret_nd_data->status == PROBE) { - if (ret_nd_data->num_pkts >= NUM_DESC) { - /* Drop the pkt */ - if (ACL_DEBUG) - printf("ACL before drop pkt_mask " - "%lu, pkt_num %d\n", pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", pkts_mask, pos); - p_acl->counters->pkts_drop++; - continue; - } else { - arp_pkts_mask |= pkt_mask; - nd_queue_unresolved_packet(ret_nd_data, - pkt); - continue; - } - } + if (action_array_active[action_id].action_bitmap + & acl_action_connexist) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + + /* Set connexist bit for this pkt for public -> private */ + /* Private -> public packet will open the connection */ + if (action_array_active + [action_id].private_public == + acl_public_private) + connexist_mask |= pkt_mask; + + if (ACL_DEBUG) + printf("ACL Connexist enabled " + "conntrack: %p connexist: %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)connexist_mask, + (void *)pkt_mask); + } + } + } + } + + /* Only call connection tracker if required */ + if (conntrack_mask > 0) { + if (ACL_DEBUG) + printf + ("ACL Call Conntrack Before = %p Connexist = %p\n", + (void *)conntrack_mask, (void *)connexist_mask); + conntrack_mask = + rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control + (p_acl->cnxn_tracker, pkts, conntrack_mask, connexist_mask); + if (ACL_DEBUG) + printf("ACL Call Conntrack After = %p\n", + (void *)conntrack_mask); + + /* Only change pkt mask for pkts that have conntrack enabled */ + /* Need to loop through packets to check if conntrack enabled */ + pkts_to_process = pkts_mask; + for (; pkts_to_process;) { + uint32_t action_id = 0; + uint8_t pos = + (uint8_t) __builtin_ctzll(pkts_to_process); + uint64_t pkt_mask = 1LLU << pos; + /* bitmask representing only this packet */ + + pkts_to_process &= ~pkt_mask; + /* remove this packet from remaining list */ + struct rte_mbuf *pkt = pkts[pos]; + + uint8_t hdr_chk = RTE_MBUF_METADATA_UINT8(pkt, + MBUF_HDR_ROOM + + + ETH_HDR_SIZE); + + hdr_chk = hdr_chk >> IP_VERSION_CHECK; + if (hdr_chk == IPv4_HDR_VERSION) { + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv4[pos]; + action_id = entry->action_id; + } else { + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv6[pos]; + action_id = entry->action_id; + } + + if ((action_array_active[action_id].action_bitmap & + acl_action_conntrack) + || (action_array_active[action_id].action_bitmap & + acl_action_connexist)) { + + if (conntrack_mask & pkt_mask) { + if (ACL_DEBUG) + printf("ACL Conntrack Accept " + "packet = %p\n", + (void *)pkt_mask); + } else { + /* Drop packet by changing the mask */ + if (ACL_DEBUG) + printf("ACL Conntrack Drop " + "packet = %p\n", + (void *)pkt_mask); + pkts_mask &= ~pkt_mask; + p_acl->counters->pkts_drop++; + } + } + } + } + + pkts_to_process = pkts_mask; + /* bitmap of packets left to process for ARP */ + + for (; pkts_to_process;) { + uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); + uint64_t pkt_mask = 1LLU << pos; + /* bitmask representing only this packet */ + + pkts_to_process &= ~pkt_mask; + /* remove this packet from remaining list */ + struct rte_mbuf *pkt = pkts[pos]; + + uint8_t hdr_chk = + RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); + hdr_chk = hdr_chk >> IP_VERSION_CHECK; + + if (hdr_chk == IPv4_HDR_VERSION) { + + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv4[pos]; + uint16_t phy_port = pkt->port; + uint32_t *port_out_id = + RTE_MBUF_METADATA_UINT32_PTR(pkt, + META_DATA_OFFSET + + offsetof(struct + mbuf_acl_meta_data, + output_port)); + if (ACL_DEBUG) + printf + ("phy_port = %i, links_map[phy_port] = %i\n", + phy_port, p_acl->links_map[phy_port]); + uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); + + uint32_t dest_if = INVALID_DESTIF; + uint32_t src_phy_port = pkt->port; + + if(is_gateway()){ + + /* Gateway Proc Starts */ + struct ether_hdr *ehdr = (struct ether_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, + META_DATA_OFFSET + MBUF_HDR_ROOM); + + struct ipv4_hdr *ipv4hdr = (struct ipv4_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START); + + struct arp_entry_data *ret_arp_data = NULL; + struct ether_addr dst_mac; + uint32_t nhip = 0; + uint32_t dst_ip_addr = rte_bswap32(ipv4hdr->dst_addr); + + gw_get_nh_port_ipv4(dst_ip_addr, &dest_if, &nhip); + + ret_arp_data = get_dest_mac_addr_ipv4(nhip, dest_if, &dst_mac); + + /* Gateway Proc Ends */ + if (arp_cache_dest_mac_present(dest_if)) { + + ether_addr_copy(&dst_mac, &ehdr->d_addr); + ether_addr_copy(get_link_hw_addr(dest_if), &ehdr->s_addr); + + *port_out_id = p_acl->port_out_id[dest_if]; + + update_nhip_access(dest_if); + if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) { + printf("sending buffered packets\n"); + arp_send_buffered_pkts(ret_arp_data, &ehdr->d_addr, + p_acl->port_out_id[dest_if]); + + } + p_acl->counters->tpkts_processed++; + p_acl->counters->bytes_processed += + packet_length; + } else { + if (unlikely(ret_arp_data == NULL)) { + if (ACL_DEBUG) + printf("%s: NHIP Not Found, " + "outport_id: %d\n", __func__, + p_acl->port_out_id[dest_if]); + + /* Drop the pkt */ + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + continue; + } + + if (ret_arp_data->status == INCOMPLETE || + ret_arp_data->status == PROBE) { + if (ret_arp_data->num_pkts >= NUM_DESC) { + /* Drop the pkt */ + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + continue; + } else { + arp_pkts_mask |= pkt_mask; + arp_queue_unresolved_packet(ret_arp_data, + pkt); + continue; + } + } + } + + } else { + /* IP Pkt forwarding based on pub/prv mapping */ + if(is_phy_port_privte(src_phy_port)) + dest_if = prv_to_pub_map[src_phy_port]; + else + dest_if = pub_to_prv_map[src_phy_port]; + + *port_out_id = p_acl->port_out_id[dest_if]; + } + + } /* end of if (hdr_chk == IPv4_HDR_VERSION) */ + + if (hdr_chk == IPv6_HDR_VERSION) { + + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv6[pos]; + //uint16_t phy_port = entry->head.port_id; + uint16_t phy_port = pkt->port; + uint32_t *port_out_id = + RTE_MBUF_METADATA_UINT32_PTR(pkt, + META_DATA_OFFSET + + offsetof(struct + mbuf_acl_meta_data, + output_port)); + if (ACL_DEBUG) + printf("phy_port = %i, " + "links_map[phy_port] = %i\n", + phy_port, p_acl->links_map[phy_port]); + + uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); + + uint32_t dest_if = INVALID_DESTIF; + uint32_t src_phy_port = pkt->port; + + if(is_gateway()){ + + /* Gateway Proc Starts */ + struct ipv6_hdr *ipv6hdr = (struct ipv6_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START); + + struct ether_hdr *ehdr = (struct ether_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, + META_DATA_OFFSET + MBUF_HDR_ROOM); + + struct ether_addr dst_mac; + uint8_t nhipv6[IPV6_ADD_SIZE]; + uint8_t dest_ipv6_address[IPV6_ADD_SIZE]; + struct nd_entry_data *ret_nd_data = NULL; + + memset(nhipv6, 0, IPV6_ADD_SIZE); + rte_mov16(dest_ipv6_address, (uint8_t *)ipv6hdr->dst_addr); + + gw_get_nh_port_ipv6(dest_ipv6_address, + &dest_if, nhipv6); + + ret_nd_data = get_dest_mac_addr_ipv6(nhipv6, dest_if, &dst_mac); + + /* Gateway Proc Ends */ + + if (nd_cache_dest_mac_present(dest_if)) { + + ether_addr_copy(&dst_mac, &ehdr->d_addr); + ether_addr_copy(get_link_hw_addr(dest_if), &ehdr->s_addr); + + *port_out_id = p_acl->port_out_id[dest_if]; + + update_nhip_access(dest_if); + + if (unlikely(ret_nd_data && ret_nd_data->num_pkts)) { + printf("sending buffered packets\n"); + p_acl->counters->tpkts_processed += + ret_nd_data->num_pkts; + nd_send_buffered_pkts(ret_nd_data, &ehdr->d_addr, + p_acl->port_out_id[dest_if]); + } + p_acl->counters->tpkts_processed++; + p_acl->counters->bytes_processed += + packet_length; + } else { + if (unlikely(ret_nd_data == NULL)) { + if (ACL_DEBUG) + printf("ACL before drop pkt_mask " + "%lu, pkt_num %d\n", pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", pkts_mask, pos); + p_acl->counters->pkts_drop++; + continue; + } + + if (ret_nd_data->status == INCOMPLETE || + ret_nd_data->status == PROBE) { + if (ret_nd_data->num_pkts >= NUM_DESC) { + /* Drop the pkt */ + if (ACL_DEBUG) + printf("ACL before drop pkt_mask " + "%lu, pkt_num %d\n", pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", pkts_mask, pos); + p_acl->counters->pkts_drop++; + continue; + } else { + arp_pkts_mask |= pkt_mask; + nd_queue_unresolved_packet(ret_nd_data, + pkt); + continue; + } + } + } - } + } else { + /* IP Pkt forwarding based on pub/prv mapping */ + if(is_phy_port_privte(src_phy_port)) + dest_if = prv_to_pub_map[src_phy_port]; + else + dest_if = pub_to_prv_map[src_phy_port]; - } /* if (hdr_chk == IPv6_HDR_VERSION) */ + *port_out_id = p_acl->port_out_id[dest_if]; + } + } - } + } /* if (hdr_chk == IPv6_HDR_VERSION) */ - pkts_drop_mask = keep_mask & ~pkts_mask; - rte_pipeline_ah_packet_drop(p, pkts_drop_mask); - keep_mask = pkts_mask; + pkts_drop_mask = keep_mask & ~pkts_mask; + rte_pipeline_ah_packet_drop(p, pkts_drop_mask); + keep_mask = pkts_mask; - if (arp_pkts_mask) { - keep_mask &= ~(arp_pkts_mask); - rte_pipeline_ah_packet_hijack(p, arp_pkts_mask); - } + if (arp_pkts_mask) { + keep_mask &= ~(arp_pkts_mask); + rte_pipeline_ah_packet_hijack(p, arp_pkts_mask); + } - /* don't bother measuring if traffic very low, might skew stats */ - uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask); + /* don't bother measuring if traffic very low, might skew stats */ + uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask); - if (packets_this_iteration > 1) { - uint64_t latency_this_iteration = - rte_get_tsc_cycles() - p_acl->in_port_time_stamp; + if (packets_this_iteration > 1) { + uint64_t latency_this_iteration = + rte_get_tsc_cycles() - p_acl->in_port_time_stamp; - p_acl->counters->sum_latencies += latency_this_iteration; - p_acl->counters->count_latencies++; - } + p_acl->counters->sum_latencies += latency_this_iteration; + p_acl->counters->count_latencies++; + } - if (ACL_DEBUG) - printf("Leaving pkt_work_acl_key pkts_mask = %p\n", - (void *)pkts_mask); + if (ACL_DEBUG) + printf("Leaving pkt_work_acl_key pkts_mask = %p\n", + (void *)pkts_mask); - return 0; + return 0; } /** @@ -1093,674 +1033,559 @@ pkt_work_acl_key(struct rte_pipeline *p, */ static int pkt_work_acl_ipv4_key(struct rte_pipeline *p, - struct rte_mbuf **pkts, uint32_t n_pkts, void *arg) + struct rte_mbuf **pkts, uint32_t n_pkts, void *arg) { - struct pipeline_acl *p_acl = arg; - - p_acl->counters->pkts_received = - p_acl->counters->pkts_received + n_pkts; - if (ACL_DEBUG) - printf("pkt_work_acl_key pkts_received: %" PRIu64 - " n_pkts: %u\n", p_acl->counters->pkts_received, n_pkts); - - uint64_t lookup_hit_mask = 0; - uint64_t lookup_hit_mask_ipv4 = 0; - uint64_t lookup_hit_mask_ipv6 = 0; - uint64_t lookup_miss_mask = 0; - uint64_t conntrack_mask = 0; - uint64_t connexist_mask = 0; - uint32_t dest_address = 0; - arp_pkts_mask = 0; - int dest_if = 0; - int status; - uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t); - uint64_t keep_mask = pkts_mask; - uint16_t port; - uint32_t ret; - - p_acl->in_port_time_stamp = rte_get_tsc_cycles(); - - if (acl_ipv4_enabled) { - if (ACL_DEBUG) - printf("ACL IPV4 Lookup Mask Before = %p\n", - (void *)pkts_mask); - status = - rte_table_acl_ops.f_lookup(acl_rule_table_ipv4_active, pkts, - pkts_mask, &lookup_hit_mask_ipv4, - (void **) - p_acl->acl_entries_ipv4); - if (ACL_DEBUG) - printf("ACL IPV4 Lookup Mask After = %p\n", - (void *)lookup_hit_mask_ipv4); - } - - /* Merge lookup results since we process both IPv4 and IPv6 below */ - lookup_hit_mask = lookup_hit_mask_ipv4 | lookup_hit_mask_ipv6; - if (ACL_DEBUG) - printf("ACL Lookup Mask After = %p\n", (void *)lookup_hit_mask); - - lookup_miss_mask = pkts_mask & (~lookup_hit_mask); - pkts_mask = lookup_hit_mask; - p_acl->counters->pkts_drop += __builtin_popcountll(lookup_miss_mask); - if (ACL_DEBUG) - printf("pkt_work_acl_key pkts_drop: %" PRIu64 " n_pkts: %u\n", - p_acl->counters->pkts_drop, - __builtin_popcountll(lookup_miss_mask)); - - uint64_t pkts_to_process = lookup_hit_mask; - /* bitmap of packets left to process for ARP */ - - for (; pkts_to_process;) { - uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); - uint64_t pkt_mask = 1LLU << pos; - /* bitmask representing only this packet */ - - pkts_to_process &= ~pkt_mask; - /* remove this packet from remaining list */ - struct rte_mbuf *pkt = pkts[pos]; - - if (enable_hwlb) - if (!check_arp_icmp(pkt, pkt_mask, p_acl)) { - pkts_mask &= ~(1LLU << pos); - continue; - } - - uint8_t hdr_chk = - RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); - hdr_chk = hdr_chk >> IP_VERSION_CHECK; - - if (hdr_chk == IPv4_HDR_VERSION) { - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv4[pos]; - uint16_t phy_port = entry->head.port_id; - uint32_t action_id = entry->action_id; - - if (ACL_DEBUG) - printf("action_id = %u\n", action_id); - - uint32_t dscp_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DSCP_OFST; - - if (action_array_active[action_id].action_bitmap & - acl_action_count) { - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount++; - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount += - rte_pktmbuf_pkt_len(pkt); - if (ACL_DEBUG) - printf("Action Count Packet Count: %" - PRIu64 " Byte Count: %" PRIu64 - "\n", - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount, - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_drop) { - - /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf("ACL before drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - " %lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - } - - if (action_array_active[action_id].action_bitmap & - acl_action_fwd) { - phy_port = - action_array_active[action_id].fwd_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action FWD Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_nat) { - phy_port = - action_array_active[action_id].nat_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action NAT Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_dscp) { - - /* Set DSCP priority */ - uint8_t *dscp = RTE_MBUF_METADATA_UINT8_PTR(pkt, - dscp_offset); - *dscp = - action_array_active[action_id].dscp_priority - << 2; - if (ACL_DEBUG) - printf - ("Action DSCP DSCP Priority: %u\n", - *dscp); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_accept) { - if (ACL_DEBUG) - printf("Action Accept\n"); - - if (action_array_active[action_id].action_bitmap - & acl_action_conntrack) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - if (ACL_DEBUG) - printf("ACL Conntrack " - "enabled: %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)pkt_mask); - } + struct pipeline_acl *p_acl = arg; + + p_acl->counters->pkts_received = + p_acl->counters->pkts_received + n_pkts; + if (ACL_DEBUG) + printf("pkt_work_acl_key pkts_received: %" PRIu64 + " n_pkts: %u\n", p_acl->counters->pkts_received, n_pkts); + + uint64_t lookup_hit_mask = 0; + uint64_t lookup_hit_mask_ipv4 = 0; + uint64_t lookup_hit_mask_ipv6 = 0; + uint64_t lookup_miss_mask = 0; + uint64_t conntrack_mask = 0; + uint64_t connexist_mask = 0; + uint32_t dest_address = 0; + arp_pkts_mask = 0; + int status; + uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t); + uint64_t keep_mask = pkts_mask; + uint16_t port; + uint32_t ret; + + p_acl->in_port_time_stamp = rte_get_tsc_cycles(); + + if (acl_ipv4_enabled) { + if (ACL_DEBUG) + printf("ACL IPV4 Lookup Mask Before = %p\n", + (void *)pkts_mask); + status = + rte_table_acl_ops.f_lookup(acl_rule_table_ipv4_active, pkts, + pkts_mask, &lookup_hit_mask_ipv4, + (void **) + p_acl->acl_entries_ipv4); + if (ACL_DEBUG) + printf("ACL IPV4 Lookup Mask After = %p\n", + (void *)lookup_hit_mask_ipv4); + } + + /* Merge lookup results since we process both IPv4 and IPv6 below */ + lookup_hit_mask = lookup_hit_mask_ipv4 | lookup_hit_mask_ipv6; + if (ACL_DEBUG) + printf("ACL Lookup Mask After = %p\n", (void *)lookup_hit_mask); + + lookup_miss_mask = pkts_mask & (~lookup_hit_mask); + pkts_mask = lookup_hit_mask; + p_acl->counters->pkts_drop += __builtin_popcountll(lookup_miss_mask); + if (ACL_DEBUG) + printf("pkt_work_acl_key pkts_drop: %" PRIu64 " n_pkts: %u\n", + p_acl->counters->pkts_drop, + __builtin_popcountll(lookup_miss_mask)); + + uint64_t pkts_to_process = lookup_hit_mask; + /* bitmap of packets left to process for ARP */ + + for (; pkts_to_process;) { + uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); + uint64_t pkt_mask = 1LLU << pos; + /* bitmask representing only this packet */ + + pkts_to_process &= ~pkt_mask; + /* remove this packet from remaining list */ + struct rte_mbuf *pkt = pkts[pos]; + + if (enable_hwlb) + if (!check_arp_icmp(pkt, pkt_mask, p_acl)) { + pkts_mask &= ~(1LLU << pos); + continue; + } + + uint8_t hdr_chk = + RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); + hdr_chk = hdr_chk >> IP_VERSION_CHECK; + + if (hdr_chk == IPv4_HDR_VERSION) { + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv4[pos]; + uint16_t phy_port = entry->head.port_id; + uint32_t action_id = entry->action_id; + + if (ACL_DEBUG) + printf("action_id = %u\n", action_id); + + uint32_t dscp_offset = + MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DSCP_OFST; + + if (action_array_active[action_id].action_bitmap & + acl_action_count) { + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount++; + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount += + rte_pktmbuf_pkt_len(pkt); + if (ACL_DEBUG) + printf("Action Count Packet Count: %" + PRIu64 " Byte Count: %" PRIu64 + "\n", + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount, + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_drop) { + + /* Drop packet by changing the mask */ + if (ACL_DEBUG) + printf("ACL before drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + " %lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + } + + if (action_array_active[action_id].action_bitmap & + acl_action_fwd) { + phy_port = + action_array_active[action_id].fwd_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action FWD Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_nat) { + phy_port = + action_array_active[action_id].nat_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action NAT Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_dscp) { + + /* Set DSCP priority */ + uint8_t *dscp = RTE_MBUF_METADATA_UINT8_PTR(pkt, + dscp_offset); + *dscp = + action_array_active[action_id].dscp_priority + << 2; + if (ACL_DEBUG) + printf + ("Action DSCP DSCP Priority: %u\n", + *dscp); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_accept) { + if (ACL_DEBUG) + printf("Action Accept\n"); + + if (action_array_active[action_id].action_bitmap + & acl_action_conntrack) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + if (ACL_DEBUG) + printf("ACL Conntrack " + "enabled: %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)pkt_mask); + } - if (action_array_active[action_id].action_bitmap - & acl_action_connexist) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - - /* Set connexist bit for this pkt for public -> private */ - /* Private -> public packet will open the connection */ - if (action_array_active - [action_id].private_public == - acl_public_private) - connexist_mask |= pkt_mask; - - if (ACL_DEBUG) - printf("ACL Connexist " - "enabled conntrack: %p connexist: %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)connexist_mask, - (void *)pkt_mask); - } - } - } + if (action_array_active[action_id].action_bitmap + & acl_action_connexist) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + + /* Set connexist bit for this pkt for public -> private */ + /* Private -> public packet will open the connection */ + if (action_array_active + [action_id].private_public == + acl_public_private) + connexist_mask |= pkt_mask; + + if (ACL_DEBUG) + printf("ACL Connexist " + "enabled conntrack: %p connexist: %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)connexist_mask, + (void *)pkt_mask); + } + } + } #if 0 - if (hdr_chk == IPv6_HDR_VERSION) { - - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv6[pos]; - uint16_t phy_port = entry->head.port_id; - uint32_t action_id = entry->action_id; - - if (ACL_DEBUG) - printf("action_id = %u\n", action_id); - - if (action_array_active[action_id].action_bitmap & - acl_action_count) { - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount++; - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount += - rte_pktmbuf_pkt_len(pkt); - if (ACL_DEBUG) - printf("Action Count Packet Count: %" - PRIu64 " Byte Count: %" PRIu64 - "\n", - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount, - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_drop) { - /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf - ("ACL before drop pkt_mask %lu, pkt_num %d\n", - pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf - ("ACL after drop pkt_mask %lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - - } - - if (action_array_active[action_id].action_bitmap & - acl_action_fwd) { - phy_port = - action_array_active[action_id].fwd_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action FWD Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_nat) { - phy_port = - action_array_active[action_id].nat_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action NAT Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_dscp) { - - /* Set DSCP priority */ - uint32_t dscp_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + - IP_HDR_DSCP_OFST_IPV6; - uint16_t *dscp = - RTE_MBUF_METADATA_UINT16_PTR(pkt, - dscp_offset); - uint16_t dscp_value = - (rte_bswap16 - (RTE_MBUF_METADATA_UINT16 - (pkt, dscp_offset)) & 0XF00F); - uint8_t dscp_store = - action_array_active[action_id].dscp_priority - << 2; - uint16_t dscp_temp = dscp_store; - - dscp_temp = dscp_temp << 4; - *dscp = rte_bswap16(dscp_temp | dscp_value); - if (ACL_DEBUG) - printf - ("Action DSCP DSCP Priority: %u\n", - *dscp); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_accept) { - if (ACL_DEBUG) - printf("Action Accept\n"); - - if (action_array_active[action_id].action_bitmap - & acl_action_conntrack) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - if (ACL_DEBUG) - printf("ACL Conntrack " - "enabled: %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)pkt_mask); - } + if (hdr_chk == IPv6_HDR_VERSION) { + + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv6[pos]; + uint16_t phy_port = entry->head.port_id; + uint32_t action_id = entry->action_id; + + if (ACL_DEBUG) + printf("action_id = %u\n", action_id); + + if (action_array_active[action_id].action_bitmap & + acl_action_count) { + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount++; + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount += + rte_pktmbuf_pkt_len(pkt); + if (ACL_DEBUG) + printf("Action Count Packet Count: %" + PRIu64 " Byte Count: %" PRIu64 + "\n", + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount, + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_drop) { + /* Drop packet by changing the mask */ + if (ACL_DEBUG) + printf + ("ACL before drop pkt_mask %lu, pkt_num %d\n", + pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf + ("ACL after drop pkt_mask %lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + + } + + if (action_array_active[action_id].action_bitmap & + acl_action_fwd) { + phy_port = + action_array_active[action_id].fwd_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action FWD Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_nat) { + phy_port = + action_array_active[action_id].nat_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action NAT Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_dscp) { + + /* Set DSCP priority */ + uint32_t dscp_offset = + MBUF_HDR_ROOM + ETH_HDR_SIZE + + IP_HDR_DSCP_OFST_IPV6; + uint16_t *dscp = + RTE_MBUF_METADATA_UINT16_PTR(pkt, + dscp_offset); + uint16_t dscp_value = + (rte_bswap16 + (RTE_MBUF_METADATA_UINT16 + (pkt, dscp_offset)) & 0XF00F); + uint8_t dscp_store = + action_array_active[action_id].dscp_priority + << 2; + uint16_t dscp_temp = dscp_store; + + dscp_temp = dscp_temp << 4; + *dscp = rte_bswap16(dscp_temp | dscp_value); + if (ACL_DEBUG) + printf + ("Action DSCP DSCP Priority: %u\n", + *dscp); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_accept) { + if (ACL_DEBUG) + printf("Action Accept\n"); + + if (action_array_active[action_id].action_bitmap + & acl_action_conntrack) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + if (ACL_DEBUG) + printf("ACL Conntrack " + "enabled: %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)pkt_mask); + } - if (action_array_active[action_id].action_bitmap - & acl_action_connexist) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - - /* Set connexist bit for this pkt for public -> private */ - /* Private -> public packet will open the connection */ - if (action_array_active - [action_id].private_public == - acl_public_private) - connexist_mask |= pkt_mask; - - if (ACL_DEBUG) - printf("ACL Connexist enabled " - "conntrack: %p connexist: %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)connexist_mask, - (void *)pkt_mask); - } - } - } + if (action_array_active[action_id].action_bitmap + & acl_action_connexist) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + + /* Set connexist bit for this pkt for public -> private */ + /* Private -> public packet will open the connection */ + if (action_array_active + [action_id].private_public == + acl_public_private) + connexist_mask |= pkt_mask; + + if (ACL_DEBUG) + printf("ACL Connexist enabled " + "conntrack: %p connexist: %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)connexist_mask, + (void *)pkt_mask); + } + } + } #endif - } - /* Only call connection tracker if required */ - if (conntrack_mask > 0) { - if (ACL_DEBUG) - printf - ("ACL Call Conntrack Before = %p Connexist = %p\n", - (void *)conntrack_mask, (void *)connexist_mask); - conntrack_mask = - rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control - (p_acl->cnxn_tracker, pkts, conntrack_mask, connexist_mask); - if (ACL_DEBUG) - printf("ACL Call Conntrack After = %p\n", - (void *)conntrack_mask); - - /* Only change pkt mask for pkts that have conntrack enabled */ - /* Need to loop through packets to check if conntrack enabled */ - pkts_to_process = pkts_mask; - for (; pkts_to_process;) { - uint32_t action_id = 0; - uint8_t pos = - (uint8_t) __builtin_ctzll(pkts_to_process); - uint64_t pkt_mask = 1LLU << pos; - /* bitmask representing only this packet */ - - pkts_to_process &= ~pkt_mask; - /* remove this packet from remaining list */ - struct rte_mbuf *pkt = pkts[pos]; - - uint8_t hdr_chk = RTE_MBUF_METADATA_UINT8(pkt, - MBUF_HDR_ROOM - + - ETH_HDR_SIZE); - hdr_chk = hdr_chk >> IP_VERSION_CHECK; - if (hdr_chk == IPv4_HDR_VERSION) { - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv4[pos]; - action_id = entry->action_id; - } else { - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv6[pos]; - action_id = entry->action_id; - } - - if ((action_array_active[action_id].action_bitmap & - acl_action_conntrack) - || (action_array_active[action_id].action_bitmap & - acl_action_connexist)) { - - if (conntrack_mask & pkt_mask) { - if (ACL_DEBUG) - printf("ACL Conntrack Accept " - "packet = %p\n", - (void *)pkt_mask); - } else { + } + /* Only call connection tracker if required */ + if (conntrack_mask > 0) { + if (ACL_DEBUG) + printf + ("ACL Call Conntrack Before = %p Connexist = %p\n", + (void *)conntrack_mask, (void *)connexist_mask); + conntrack_mask = + rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control + (p_acl->cnxn_tracker, pkts, conntrack_mask, connexist_mask); + if (ACL_DEBUG) + printf("ACL Call Conntrack After = %p\n", + (void *)conntrack_mask); + + /* Only change pkt mask for pkts that have conntrack enabled */ + /* Need to loop through packets to check if conntrack enabled */ + pkts_to_process = pkts_mask; + for (; pkts_to_process;) { + uint32_t action_id = 0; + uint8_t pos = + (uint8_t) __builtin_ctzll(pkts_to_process); + uint64_t pkt_mask = 1LLU << pos; + /* bitmask representing only this packet */ + + pkts_to_process &= ~pkt_mask; + /* remove this packet from remaining list */ + struct rte_mbuf *pkt = pkts[pos]; + + uint8_t hdr_chk = RTE_MBUF_METADATA_UINT8(pkt, + MBUF_HDR_ROOM + + + ETH_HDR_SIZE); + hdr_chk = hdr_chk >> IP_VERSION_CHECK; + if (hdr_chk == IPv4_HDR_VERSION) { + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv4[pos]; + action_id = entry->action_id; + } else { + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv6[pos]; + action_id = entry->action_id; + } + + if ((action_array_active[action_id].action_bitmap & + acl_action_conntrack) + || (action_array_active[action_id].action_bitmap & + acl_action_connexist)) { + + if (conntrack_mask & pkt_mask) { + if (ACL_DEBUG) + printf("ACL Conntrack Accept " + "packet = %p\n", + (void *)pkt_mask); + } else { /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf("ACL Conntrack Drop " - "packet = %p\n", - (void *)pkt_mask); - pkts_mask &= ~pkt_mask; - p_acl->counters->pkts_drop++; - } - } - } - } - - pkts_to_process = pkts_mask; - /* bitmap of packets left to process for ARP */ - - for (; pkts_to_process;) { - uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); - uint64_t pkt_mask = 1LLU << pos; - /* bitmask representing only this packet */ - - pkts_to_process &= ~pkt_mask; - /* remove this packet from remaining list */ - struct rte_mbuf *pkt = pkts[pos]; - - uint8_t hdr_chk = - RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); - hdr_chk = hdr_chk >> IP_VERSION_CHECK; - - if (hdr_chk == IPv4_HDR_VERSION) { - - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv4[pos]; - //uint16_t phy_port = entry->head.port_id; - uint16_t phy_port = pkt->port; - uint32_t *port_out_id = - RTE_MBUF_METADATA_UINT32_PTR(pkt, - META_DATA_OFFSET + - offsetof(struct - mbuf_acl_meta_data, - output_port)); - /* *port_out_id = p_acl->links_map[phy_port]; */ -/* if (is_phy_port_privte(phy_port)) - *port_out_id = ACL_PUB_PORT_ID; - else - *port_out_id = ACL_PRV_PORT_ID;*/ - if (ACL_DEBUG) - printf - ("phy_port = %i, links_map[phy_port] = %i\n", - phy_port, p_acl->links_map[phy_port]); - - /* header room + eth hdr size + dst_adr offset in ip header */ - uint32_t dst_addr_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DST_ADR_OFST; - uint32_t *dst_addr = - RTE_MBUF_METADATA_UINT32_PTR(pkt, dst_addr_offset); - uint8_t *eth_dest = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM); - uint8_t *eth_src = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM + 6); - struct ether_addr hw_addr; - uint32_t dest_address = rte_bswap32(*dst_addr); - uint32_t *nhip = RTE_MBUF_METADATA_UINT32_PTR(pkt, - META_DATA_OFFSET - + - offsetof - (struct - mbuf_acl_meta_data, - nhip)); - uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); - *nhip = 0; - dest_address = rte_bswap32(*dst_addr); - struct arp_entry_data *ret_arp_data = NULL; - ret_arp_data = get_dest_mac_addr_port - (dest_address, &dest_if, (struct ether_addr *)eth_dest); - *port_out_id = p_acl->port_out_id[dest_if]; - - if (arp_cache_dest_mac_present(dest_if)) { - ether_addr_copy(get_link_hw_addr(dest_if), - (struct ether_addr *)eth_src); - update_nhip_access(dest_if); - if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) { - printf("sending buffered packets\n"); - arp_send_buffered_pkts(ret_arp_data, - (struct ether_addr *)eth_dest, *port_out_id); - - } - p_acl->counters->tpkts_processed++; - p_acl->counters->bytes_processed += - packet_length; - } else { - if (unlikely(ret_arp_data == NULL)) { - - if (ACL_DEBUG) - printf("%s: NHIP Not Found, " - "outport_id: %d\n", __func__, - *port_out_id); - - /* Drop the pkt */ - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - continue; - } - - if (ret_arp_data->status == INCOMPLETE || - ret_arp_data->status == PROBE) { - if (ret_arp_data->num_pkts >= NUM_DESC) { - /* Drop the pkt */ - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - continue; - } else { - arp_pkts_mask |= pkt_mask; - arp_queue_unresolved_packet(ret_arp_data, pkt); - continue; - } - } - } - } -#if 0 - if (hdr_chk == IPv6_HDR_VERSION) { - - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv6[pos]; - uint16_t phy_port = entry->head.port_id; - uint32_t *port_out_id = - RTE_MBUF_METADATA_UINT32_PTR(pkt, - META_DATA_OFFSET + - offsetof(struct - mbuf_acl_meta_data, - output_port)); - if (is_phy_port_privte(phy_port)) - *port_out_id = ACL_PUB_PORT_ID; - else - *port_out_id = ACL_PRV_PORT_ID; - - /* *port_out_id = p_acl->links_map[phy_port]; */ - if (ACL_DEBUG) - printf - ("phy_port = %i, links_map[phy_port] = %i\n", - phy_port, p_acl->links_map[phy_port]); - - /* header room + eth hdr size + dst_adr offset in ip header */ - uint32_t dst_addr_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + - IP_HDR_DST_ADR_OFST_IPV6; - uint8_t *eth_dest = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM); - uint8_t *eth_src = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM + 6); - struct ether_addr hw_addr; - uint8_t dest_address[16]; - uint8_t nhip[16]; - - nhip[0] = - RTE_MBUF_METADATA_UINT8(pkt, - META_DATA_OFFSET + - offsetof(struct - mbuf_acl_meta_data, - nhip)); - uint8_t *dst_addr[16]; - uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); - int i = 0; - - for (i = 0; i < 16; i++) { - dst_addr[i] = - RTE_MBUF_METADATA_UINT8_PTR(pkt, - dst_addr_offset - + i); - } - memcpy(dest_address, *dst_addr, sizeof(dest_address)); - memset(nhip, 0, sizeof(nhip)); - if (is_phy_port_privte(phy_port)) - port = ACL_PUB_PORT_ID; - else - port = ACL_PRV_PORT_ID; - - if (get_dest_mac_address_ipv6_port - (dest_address, port, &hw_addr, &nhip[0])) { - if (ACL_DEBUG) { - - printf - ("MAC found for port %d - %02x:%02x:%02x:%02x:%02x:%02x\n", - phy_port, hw_addr.addr_bytes[0], - hw_addr.addr_bytes[1], - hw_addr.addr_bytes[2], - hw_addr.addr_bytes[3], - hw_addr.addr_bytes[4], - hw_addr.addr_bytes[5]); - printf - ("Dest MAC before - %02x:%02x:%02x:%02x:%02x:%02x\n", - eth_dest[0], eth_dest[1], - eth_dest[2], eth_dest[3], - eth_dest[4], eth_dest[5]); - } - memcpy(eth_dest, &hw_addr, - sizeof(struct ether_addr)); - if (ACL_DEBUG) { - printf("PktP %p, dest_macP %p\n", pkt, - eth_dest); - printf - ("Dest MAC after - %02x:%02x:%02x:%02x:%02x:%02x\n", - eth_dest[0], eth_dest[1], - eth_dest[2], eth_dest[3], - eth_dest[4], eth_dest[5]); - } - if (is_phy_port_privte(phy_port)) - memcpy(eth_src, - get_link_hw_addr(dest_if), - sizeof(struct ether_addr)); - else - memcpy(eth_src, - get_link_hw_addr(dest_if), - sizeof(struct ether_addr)); - - /* - * memcpy(eth_src, get_link_hw_addr(p_acl->links_map[phy_port]), - * sizeof(struct ether_addr)); - */ - p_acl->counters->tpkts_processed++; - p_acl->counters->bytes_processed += - packet_length; - } - - else { - - /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf("ACL before drop pkt_mask " - " %lu, pkt_num %d\n", - pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - } - } -#endif - - } + if (ACL_DEBUG) + printf("ACL Conntrack Drop " + "packet = %p\n", + (void *)pkt_mask); + pkts_mask &= ~pkt_mask; + p_acl->counters->pkts_drop++; + } + } + } + } + + pkts_to_process = pkts_mask; + /* bitmap of packets left to process for ARP */ + + for (; pkts_to_process;) { + uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); + uint64_t pkt_mask = 1LLU << pos; + /* bitmask representing only this packet */ + + pkts_to_process &= ~pkt_mask; + /* remove this packet from remaining list */ + struct rte_mbuf *pkt = pkts[pos]; + + uint8_t hdr_chk = + RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); + hdr_chk = hdr_chk >> IP_VERSION_CHECK; + + if (hdr_chk == IPv4_HDR_VERSION) { + + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv4[pos]; + //uint16_t phy_port = entry->head.port_id; + uint16_t phy_port = pkt->port; + uint32_t *port_out_id = + RTE_MBUF_METADATA_UINT32_PTR(pkt, + META_DATA_OFFSET + + offsetof(struct + mbuf_acl_meta_data, + output_port)); + if (ACL_DEBUG) + printf + ("phy_port = %i, links_map[phy_port] = %i\n", + phy_port, p_acl->links_map[phy_port]); + + uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); + + uint32_t dest_if = INVALID_DESTIF; + uint32_t src_phy_port = pkt->port; + + if(is_gateway()){ + + /* Gateway Proc Starts */ + struct ether_hdr *ehdr = (struct ether_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, + META_DATA_OFFSET + MBUF_HDR_ROOM); + + struct ipv4_hdr *ipv4hdr = (struct ipv4_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START); + + struct arp_entry_data *ret_arp_data = NULL; + struct ether_addr dst_mac; + uint32_t dest_if = INVALID_DESTIF; + uint32_t nhip = 0; + uint32_t src_phy_port = pkt->port; + uint32_t dst_ip_addr = rte_bswap32(ipv4hdr->dst_addr); + + gw_get_nh_port_ipv4(dst_ip_addr, &dest_if, &nhip); + + ret_arp_data = get_dest_mac_addr_ipv4(nhip, dest_if, &dst_mac); + + /* Gateway Proc Ends */ + if (arp_cache_dest_mac_present(dest_if)) { + + ether_addr_copy(&dst_mac, &ehdr->d_addr); + ether_addr_copy(get_link_hw_addr(dest_if), &ehdr->s_addr); + + *port_out_id = p_acl->port_out_id[dest_if]; + + update_nhip_access(dest_if); + if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) { + printf("sending buffered packets\n"); + arp_send_buffered_pkts(ret_arp_data, &ehdr->d_addr, + p_acl->port_out_id[dest_if]); + } + p_acl->counters->tpkts_processed++; + p_acl->counters->bytes_processed += packet_length; + } else { + if (unlikely(ret_arp_data == NULL)) { + + if (ACL_DEBUG) + printf("%s: NHIP Not Found, " + "outport_id: %d\n", __func__, + p_acl->port_out_id[dest_if]); + + /* Drop the pkt */ + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + continue; + } + + if (ret_arp_data->status == INCOMPLETE || + ret_arp_data->status == PROBE) { + if (ret_arp_data->num_pkts >= NUM_DESC) { + /* Drop the pkt */ + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + continue; + } else { + arp_pkts_mask |= pkt_mask; + arp_queue_unresolved_packet(ret_arp_data, pkt); + continue; + } + } + } - pkts_drop_mask = keep_mask & ~pkts_mask; - rte_pipeline_ah_packet_drop(p, pkts_drop_mask); - keep_mask = pkts_mask; + } else { + /* IP Pkt forwarding based on pub/prv mapping */ + if(is_phy_port_privte(src_phy_port)) + dest_if = prv_to_pub_map[src_phy_port]; + else + dest_if = pub_to_prv_map[src_phy_port]; - if (arp_pkts_mask) { - keep_mask &= ~(arp_pkts_mask); - rte_pipeline_ah_packet_hijack(p, arp_pkts_mask); - } + *port_out_id = p_acl->port_out_id[dest_if]; + } - /* don't bother measuring if traffic very low, might skew stats */ - uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask); - - if (packets_this_iteration > 1) { - uint64_t latency_this_iteration = - rte_get_tsc_cycles() - p_acl->in_port_time_stamp; - p_acl->counters->sum_latencies += latency_this_iteration; - p_acl->counters->count_latencies++; - } - if (ACL_DEBUG) - printf("Leaving pkt_work_acl_key pkts_mask = %p\n", - (void *)pkts_mask); + } - return 0; + } + pkts_drop_mask = keep_mask & ~pkts_mask; + rte_pipeline_ah_packet_drop(p, pkts_drop_mask); + keep_mask = pkts_mask; + + if (arp_pkts_mask) { + keep_mask &= ~(arp_pkts_mask); + rte_pipeline_ah_packet_hijack(p, arp_pkts_mask); + } + + /* don't bother measuring if traffic very low, might skew stats */ + uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask); + + if (packets_this_iteration > 1) { + uint64_t latency_this_iteration = + rte_get_tsc_cycles() - p_acl->in_port_time_stamp; + p_acl->counters->sum_latencies += latency_this_iteration; + p_acl->counters->count_latencies++; + } + if (ACL_DEBUG) + printf("Leaving pkt_work_acl_key pkts_mask = %p\n", + (void *)pkts_mask); + + return 0; } /** @@ -1789,563 +1614,567 @@ pkt_work_acl_ipv4_key(struct rte_pipeline *p, */ static int pkt_work_acl_ipv6_key(struct rte_pipeline *p, - struct rte_mbuf **pkts, uint32_t n_pkts, void *arg) + struct rte_mbuf **pkts, uint32_t n_pkts, void *arg) { - struct pipeline_acl *p_acl = arg; - - p_acl->counters->pkts_received = - p_acl->counters->pkts_received + n_pkts; - if (ACL_DEBUG) - printf("pkt_work_acl_key pkts_received: %" PRIu64 - " n_pkts: %u\n", p_acl->counters->pkts_received, n_pkts); - - uint64_t lookup_hit_mask = 0; - uint64_t lookup_hit_mask_ipv4 = 0; - uint64_t lookup_hit_mask_ipv6 = 0; - uint64_t lookup_miss_mask = 0; - uint64_t conntrack_mask = 0; - uint64_t connexist_mask = 0; - uint32_t dest_address = 0; - arp_pkts_mask = 0; - int dest_if = 0; - int status; - uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t); - uint64_t keep_mask = pkts_mask; - uint16_t port; - uint32_t ret; - - p_acl->in_port_time_stamp = rte_get_tsc_cycles(); - - if (acl_ipv6_enabled) { - if (ACL_DEBUG) - printf("ACL IPV6 Lookup Mask Before = %p\n", - (void *)pkts_mask); - status = - rte_table_acl_ops.f_lookup(acl_rule_table_ipv6_active, pkts, - pkts_mask, &lookup_hit_mask_ipv6, - (void **) - p_acl->acl_entries_ipv6); - if (ACL_DEBUG) - printf("ACL IPV6 Lookup Mask After = %p\n", - (void *)lookup_hit_mask_ipv6); - } - - /* Merge lookup results since we process both IPv4 and IPv6 below */ - lookup_hit_mask = lookup_hit_mask_ipv4 | lookup_hit_mask_ipv6; - if (ACL_DEBUG) - printf("ACL Lookup Mask After = %p\n", (void *)lookup_hit_mask); - - lookup_miss_mask = pkts_mask & (~lookup_hit_mask); - pkts_mask = lookup_hit_mask; - p_acl->counters->pkts_drop += __builtin_popcountll(lookup_miss_mask); - if (ACL_DEBUG) - printf("pkt_work_acl_key pkts_drop: %" PRIu64 " n_pkts: %u\n", - p_acl->counters->pkts_drop, - __builtin_popcountll(lookup_miss_mask)); - - uint64_t pkts_to_process = lookup_hit_mask; - /* bitmap of packets left to process for ARP */ - - for (; pkts_to_process;) { - uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); - uint64_t pkt_mask = 1LLU << pos; - /* bitmask representing only this packet */ - - pkts_to_process &= ~pkt_mask; - /* remove this packet from remaining list */ - struct rte_mbuf *pkt = pkts[pos]; - - if (enable_hwlb) - if (!check_arp_icmp(pkt, pkt_mask, p_acl)) { - pkts_mask &= ~(1LLU << pos); - continue; - } - uint8_t hdr_chk = - RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); - hdr_chk = hdr_chk >> IP_VERSION_CHECK; + struct pipeline_acl *p_acl = arg; + + p_acl->counters->pkts_received = + p_acl->counters->pkts_received + n_pkts; + if (ACL_DEBUG) + printf("pkt_work_acl_key pkts_received: %" PRIu64 + " n_pkts: %u\n", p_acl->counters->pkts_received, n_pkts); + + uint64_t lookup_hit_mask = 0; + uint64_t lookup_hit_mask_ipv4 = 0; + uint64_t lookup_hit_mask_ipv6 = 0; + uint64_t lookup_miss_mask = 0; + uint64_t conntrack_mask = 0; + uint64_t connexist_mask = 0; + uint32_t dest_address = 0; + arp_pkts_mask = 0; + int status; + uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t); + uint64_t keep_mask = pkts_mask; + uint16_t port; + uint32_t ret; + + p_acl->in_port_time_stamp = rte_get_tsc_cycles(); + + if (acl_ipv6_enabled) { + if (ACL_DEBUG) + printf("ACL IPV6 Lookup Mask Before = %p\n", + (void *)pkts_mask); + status = + rte_table_acl_ops.f_lookup(acl_rule_table_ipv6_active, pkts, + pkts_mask, &lookup_hit_mask_ipv6, + (void **) + p_acl->acl_entries_ipv6); + if (ACL_DEBUG) + printf("ACL IPV6 Lookup Mask After = %p\n", + (void *)lookup_hit_mask_ipv6); + } + + /* Merge lookup results since we process both IPv4 and IPv6 below */ + lookup_hit_mask = lookup_hit_mask_ipv4 | lookup_hit_mask_ipv6; + if (ACL_DEBUG) + printf("ACL Lookup Mask After = %p\n", (void *)lookup_hit_mask); + + lookup_miss_mask = pkts_mask & (~lookup_hit_mask); + pkts_mask = lookup_hit_mask; + p_acl->counters->pkts_drop += __builtin_popcountll(lookup_miss_mask); + if (ACL_DEBUG) + printf("pkt_work_acl_key pkts_drop: %" PRIu64 " n_pkts: %u\n", + p_acl->counters->pkts_drop, + __builtin_popcountll(lookup_miss_mask)); + + uint64_t pkts_to_process = lookup_hit_mask; + /* bitmap of packets left to process for ARP */ + + for (; pkts_to_process;) { + uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); + uint64_t pkt_mask = 1LLU << pos; + /* bitmask representing only this packet */ + + pkts_to_process &= ~pkt_mask; + /* remove this packet from remaining list */ + struct rte_mbuf *pkt = pkts[pos]; + + if (enable_hwlb) + if (!check_arp_icmp(pkt, pkt_mask, p_acl)) { + pkts_mask &= ~(1LLU << pos); + continue; + } + uint8_t hdr_chk = + RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); + hdr_chk = hdr_chk >> IP_VERSION_CHECK; #if 0 - if (hdr_chk == IPv4_HDR_VERSION) { - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv4[pos]; - uint16_t phy_port = entry->head.port_id; - uint32_t action_id = entry->action_id; - - if (ACL_DEBUG) - printf("action_id = %u\n", action_id); - - uint32_t dscp_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DSCP_OFST; - - if (action_array_active[action_id].action_bitmap & - acl_action_count) { - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount++; - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount += - rte_pktmbuf_pkt_len(pkt); - if (ACL_DEBUG) - printf("Action Count Packet Count: %" - PRIu64 " Byte Count: %" PRIu64 - "\n", - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount, - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_drop) { - - /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf - ("ACL before drop pkt_mask %lu, pkt_num %d\n", - pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf - ("ACL after drop pkt_mask %lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - } - - if (action_array_active[action_id].action_bitmap & - acl_action_fwd) { - phy_port = - action_array_active[action_id].fwd_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action FWD Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_nat) { - phy_port = - action_array_active[action_id].nat_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action NAT Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_dscp) { - - /* Set DSCP priority */ - uint8_t *dscp = RTE_MBUF_METADATA_UINT8_PTR(pkt, - dscp_offset); - *dscp = - action_array_active[action_id].dscp_priority - << 2; - if (ACL_DEBUG) - printf - ("Action DSCP DSCP Priority: %u\n", - *dscp); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_accept) { - if (ACL_DEBUG) - printf("Action Accept\n"); - - if (action_array_active[action_id].action_bitmap - & acl_action_conntrack) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - if (ACL_DEBUG) - printf("ACL Conntrack enabled: " - " %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)pkt_mask); - } + if (hdr_chk == IPv4_HDR_VERSION) { + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv4[pos]; + uint16_t phy_port = entry->head.port_id; + uint32_t action_id = entry->action_id; + + if (ACL_DEBUG) + printf("action_id = %u\n", action_id); + + uint32_t dscp_offset = + MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DSCP_OFST; + + if (action_array_active[action_id].action_bitmap & + acl_action_count) { + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount++; + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount += + rte_pktmbuf_pkt_len(pkt); + if (ACL_DEBUG) + printf("Action Count Packet Count: %" + PRIu64 " Byte Count: %" PRIu64 + "\n", + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount, + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_drop) { + + /* Drop packet by changing the mask */ + if (ACL_DEBUG) + printf + ("ACL before drop pkt_mask %lu, pkt_num %d\n", + pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf + ("ACL after drop pkt_mask %lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + } + + if (action_array_active[action_id].action_bitmap & + acl_action_fwd) { + phy_port = + action_array_active[action_id].fwd_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action FWD Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_nat) { + phy_port = + action_array_active[action_id].nat_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action NAT Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_dscp) { + + /* Set DSCP priority */ + uint8_t *dscp = RTE_MBUF_METADATA_UINT8_PTR(pkt, + dscp_offset); + *dscp = + action_array_active[action_id].dscp_priority + << 2; + if (ACL_DEBUG) + printf + ("Action DSCP DSCP Priority: %u\n", + *dscp); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_accept) { + if (ACL_DEBUG) + printf("Action Accept\n"); + + if (action_array_active[action_id].action_bitmap + & acl_action_conntrack) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + if (ACL_DEBUG) + printf("ACL Conntrack enabled: " + " %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)pkt_mask); + } - if (action_array_active[action_id].action_bitmap - & acl_action_connexist) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - - /* Set connexist bit for this pkt for public -> private */ - /* Private -> public packet will open the connection */ - if (action_array_active - [action_id].private_public == - acl_public_private) - connexist_mask |= pkt_mask; - - if (ACL_DEBUG) - printf("ACL Connexist enabled " - "conntrack: %p connexist: %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)connexist_mask, - (void *)pkt_mask); - } - } - } + if (action_array_active[action_id].action_bitmap + & acl_action_connexist) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + + /* Set connexist bit for this pkt for public -> private */ + /* Private -> public packet will open the connection */ + if (action_array_active + [action_id].private_public == + acl_public_private) + connexist_mask |= pkt_mask; + + if (ACL_DEBUG) + printf("ACL Connexist enabled " + "conntrack: %p connexist: %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)connexist_mask, + (void *)pkt_mask); + } + } + } #endif - if (hdr_chk == IPv6_HDR_VERSION) { - - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv6[pos]; - uint16_t phy_port = entry->head.port_id; - uint32_t action_id = entry->action_id; - - if (ACL_DEBUG) - printf("action_id = %u\n", action_id); - - if (action_array_active[action_id].action_bitmap & - acl_action_count) { - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount++; - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount += - rte_pktmbuf_pkt_len(pkt); - if (ACL_DEBUG) - printf("Action Count Packet Count: %" - PRIu64 " Byte Count: %" PRIu64 - "\n", - action_counter_table - [p_acl->action_counter_index] - [action_id].packetCount, - action_counter_table - [p_acl->action_counter_index] - [action_id].byteCount); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_drop) { - /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf("ACL before drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", - pkts_mask, pos); - p_acl->counters->pkts_drop++; - - } - - if (action_array_active[action_id].action_bitmap & - acl_action_fwd) { - phy_port = - action_array_active[action_id].fwd_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action FWD Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_nat) { - phy_port = - action_array_active[action_id].nat_port; - entry->head.port_id = phy_port; - if (ACL_DEBUG) - printf("Action NAT Port ID: %u\n", - phy_port); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_dscp) { - - /* Set DSCP priority */ - uint32_t dscp_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + - IP_HDR_DSCP_OFST_IPV6; - uint16_t *dscp = - RTE_MBUF_METADATA_UINT16_PTR(pkt, - dscp_offset); - uint16_t dscp_value = - (rte_bswap16 - (RTE_MBUF_METADATA_UINT16 - (pkt, dscp_offset)) & 0XF00F); - uint8_t dscp_store = - action_array_active[action_id].dscp_priority - << 2; - uint16_t dscp_temp = dscp_store; - - dscp_temp = dscp_temp << 4; - *dscp = rte_bswap16(dscp_temp | dscp_value); - if (ACL_DEBUG) - printf - ("Action DSCP DSCP Priority: %u\n", - *dscp); - } - - if (action_array_active[action_id].action_bitmap & - acl_action_packet_accept) { - if (ACL_DEBUG) - printf("Action Accept\n"); - - if (action_array_active[action_id].action_bitmap - & acl_action_conntrack) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - if (ACL_DEBUG) - printf("ACL Conntrack enabled: " - " %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)pkt_mask); - } - - if (action_array_active[action_id].action_bitmap - & acl_action_connexist) { - - /* Set conntrack bit for this pkt */ - conntrack_mask |= pkt_mask; - - /* Set connexist bit for this pkt for public -> private */ - /* Private -> public packet will open the connection */ - if (action_array_active - [action_id].private_public == - acl_public_private) - connexist_mask |= pkt_mask; - - if (ACL_DEBUG) - printf("ACL Connexist enabled " - "conntrack: %p connexist: %p pkt_mask: %p\n", - (void *)conntrack_mask, - (void *)connexist_mask, - (void *)pkt_mask); - } - } - } - } - /* Only call connection tracker if required */ - if (conntrack_mask > 0) { - if (ACL_DEBUG) - printf - ("ACL Call Conntrack Before = %p Connexist = %p\n", - (void *)conntrack_mask, (void *)connexist_mask); - conntrack_mask = - rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control - (p_acl->cnxn_tracker, pkts, conntrack_mask, connexist_mask); - if (ACL_DEBUG) - printf("ACL Call Conntrack After = %p\n", - (void *)conntrack_mask); - - /* Only change pkt mask for pkts that have conntrack enabled */ - /* Need to loop through packets to check if conntrack enabled */ - pkts_to_process = pkts_mask; - for (; pkts_to_process;) { - uint32_t action_id = 0; - uint8_t pos = - (uint8_t) __builtin_ctzll(pkts_to_process); - uint64_t pkt_mask = 1LLU << pos; - /* bitmask representing only this packet */ - - pkts_to_process &= ~pkt_mask; - /* remove this packet from remaining list */ - struct rte_mbuf *pkt = pkts[pos]; - - uint8_t hdr_chk = RTE_MBUF_METADATA_UINT8(pkt, - MBUF_HDR_ROOM - + - ETH_HDR_SIZE); - hdr_chk = hdr_chk >> IP_VERSION_CHECK; - if (hdr_chk == IPv4_HDR_VERSION) { - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv4[pos]; - action_id = entry->action_id; - } else { - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv6[pos]; - action_id = entry->action_id; - } + if (hdr_chk == IPv6_HDR_VERSION) { + + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv6[pos]; + uint16_t phy_port = entry->head.port_id; + uint32_t action_id = entry->action_id; + + if (ACL_DEBUG) + printf("action_id = %u\n", action_id); + + if (action_array_active[action_id].action_bitmap & + acl_action_count) { + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount++; + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount += + rte_pktmbuf_pkt_len(pkt); + if (ACL_DEBUG) + printf("Action Count Packet Count: %" + PRIu64 " Byte Count: %" PRIu64 + "\n", + action_counter_table + [p_acl->action_counter_index] + [action_id].packetCount, + action_counter_table + [p_acl->action_counter_index] + [action_id].byteCount); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_drop) { + /* Drop packet by changing the mask */ + if (ACL_DEBUG) + printf("ACL before drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", + pkts_mask, pos); + p_acl->counters->pkts_drop++; + + } + + if (action_array_active[action_id].action_bitmap & + acl_action_fwd) { + phy_port = + action_array_active[action_id].fwd_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action FWD Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_nat) { + phy_port = + action_array_active[action_id].nat_port; + entry->head.port_id = phy_port; + if (ACL_DEBUG) + printf("Action NAT Port ID: %u\n", + phy_port); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_dscp) { + + /* Set DSCP priority */ + uint32_t dscp_offset = + MBUF_HDR_ROOM + ETH_HDR_SIZE + + IP_HDR_DSCP_OFST_IPV6; + uint16_t *dscp = + RTE_MBUF_METADATA_UINT16_PTR(pkt, + dscp_offset); + uint16_t dscp_value = + (rte_bswap16 + (RTE_MBUF_METADATA_UINT16 + (pkt, dscp_offset)) & 0XF00F); + uint8_t dscp_store = + action_array_active[action_id].dscp_priority + << 2; + uint16_t dscp_temp = dscp_store; + + dscp_temp = dscp_temp << 4; + *dscp = rte_bswap16(dscp_temp | dscp_value); + if (ACL_DEBUG) + printf + ("Action DSCP DSCP Priority: %u\n", + *dscp); + } + + if (action_array_active[action_id].action_bitmap & + acl_action_packet_accept) { + if (ACL_DEBUG) + printf("Action Accept\n"); + + if (action_array_active[action_id].action_bitmap + & acl_action_conntrack) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + if (ACL_DEBUG) + printf("ACL Conntrack enabled: " + " %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)pkt_mask); + } - if ((action_array_active[action_id].action_bitmap & - acl_action_conntrack) - || (action_array_active[action_id].action_bitmap & - acl_action_connexist)) { - - if (conntrack_mask & pkt_mask) { - if (ACL_DEBUG) - printf("ACL Conntrack Accept " - "packet = %p\n", - (void *)pkt_mask); - } else { + if (action_array_active[action_id].action_bitmap + & acl_action_connexist) { + + /* Set conntrack bit for this pkt */ + conntrack_mask |= pkt_mask; + + /* Set connexist bit for this pkt for public -> private */ + /* Private -> public packet will open the connection */ + if (action_array_active + [action_id].private_public == + acl_public_private) + connexist_mask |= pkt_mask; + + if (ACL_DEBUG) + printf("ACL Connexist enabled " + "conntrack: %p connexist: %p pkt_mask: %p\n", + (void *)conntrack_mask, + (void *)connexist_mask, + (void *)pkt_mask); + } + } + } + } + /* Only call connection tracker if required */ + if (conntrack_mask > 0) { + if (ACL_DEBUG) + printf + ("ACL Call Conntrack Before = %p Connexist = %p\n", + (void *)conntrack_mask, (void *)connexist_mask); + conntrack_mask = + rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control + (p_acl->cnxn_tracker, pkts, conntrack_mask, connexist_mask); + if (ACL_DEBUG) + printf("ACL Call Conntrack After = %p\n", + (void *)conntrack_mask); + + /* Only change pkt mask for pkts that have conntrack enabled */ + /* Need to loop through packets to check if conntrack enabled */ + pkts_to_process = pkts_mask; + for (; pkts_to_process;) { + uint32_t action_id = 0; + uint8_t pos = + (uint8_t) __builtin_ctzll(pkts_to_process); + uint64_t pkt_mask = 1LLU << pos; + /* bitmask representing only this packet */ + + pkts_to_process &= ~pkt_mask; + /* remove this packet from remaining list */ + struct rte_mbuf *pkt = pkts[pos]; + + uint8_t hdr_chk = RTE_MBUF_METADATA_UINT8(pkt, + MBUF_HDR_ROOM + + + ETH_HDR_SIZE); + hdr_chk = hdr_chk >> IP_VERSION_CHECK; + if (hdr_chk == IPv4_HDR_VERSION) { + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv4[pos]; + action_id = entry->action_id; + } else { + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv6[pos]; + action_id = entry->action_id; + } + + if ((action_array_active[action_id].action_bitmap & + acl_action_conntrack) + || (action_array_active[action_id].action_bitmap & + acl_action_connexist)) { + + if (conntrack_mask & pkt_mask) { + if (ACL_DEBUG) + printf("ACL Conntrack Accept " + "packet = %p\n", + (void *)pkt_mask); + } else { /* Drop packet by changing the mask */ - if (ACL_DEBUG) - printf - ("ACL Conntrack Drop packet = %p\n", - (void *)pkt_mask); - pkts_mask &= ~pkt_mask; - p_acl->counters->pkts_drop++; - } - } - } - } - - pkts_to_process = pkts_mask; - /* bitmap of packets left to process for ARP */ - - for (; pkts_to_process;) { - uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); - uint64_t pkt_mask = 1LLU << pos; - /* bitmask representing only this packet */ - - pkts_to_process &= ~pkt_mask; - /* remove this packet from remaining list */ - struct rte_mbuf *pkt = pkts[pos]; - - uint8_t hdr_chk = - RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); - hdr_chk = hdr_chk >> IP_VERSION_CHECK; - - if (hdr_chk == IPv6_HDR_VERSION) { - - struct acl_table_entry *entry = - (struct acl_table_entry *) - p_acl->acl_entries_ipv6[pos]; - //uint16_t phy_port = entry->head.port_id; - uint16_t phy_port = pkt->port; - uint32_t *port_out_id = - RTE_MBUF_METADATA_UINT32_PTR(pkt, - META_DATA_OFFSET + - offsetof(struct - mbuf_acl_meta_data, - output_port)); - /* if (is_phy_port_privte(phy_port)) - *port_out_id = ACL_PUB_PORT_ID; - else - *port_out_id = ACL_PRV_PORT_ID;*/ - - /* *port_out_id = p_acl->links_map[phy_port]; */ - if (ACL_DEBUG) - printf - ("phy_port = %i,links_map[phy_port] = %i\n", - phy_port, p_acl->links_map[phy_port]); - - /* header room + eth hdr size + dst_adr offset in ip header */ - uint32_t dst_addr_offset = - MBUF_HDR_ROOM + ETH_HDR_SIZE + - IP_HDR_DST_ADR_OFST_IPV6; - uint8_t *eth_dest = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM); - uint8_t *eth_src = - RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM + 6); - struct ether_addr hw_addr; - uint8_t dest_address[16]; - uint8_t nhip[16]; - - nhip[0] = - RTE_MBUF_METADATA_UINT8(pkt, - META_DATA_OFFSET + - offsetof(struct - mbuf_acl_meta_data, - nhip)); - uint8_t *dst_addr[16]; - uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); - int i = 0; - - for (i = 0; i < 16; i++) { - dst_addr[i] = - RTE_MBUF_METADATA_UINT8_PTR(pkt, - dst_addr_offset - + i); - } - memcpy(dest_address, *dst_addr, sizeof(dest_address)); - memset(nhip, 0, sizeof(nhip)); - struct nd_entry_data *ret_nd_data = NULL; - ret_nd_data = get_dest_mac_address_ipv6_port - (dest_address, &dest_if, &hw_addr, &nhip[0]); - *port_out_id = p_acl->port_out_id[dest_if]; - - if (nd_cache_dest_mac_present(dest_if)) { - ether_addr_copy(get_link_hw_addr(dest_if), - (struct ether_addr *)eth_src); - update_nhip_access(dest_if); - - if (unlikely(ret_nd_data && ret_nd_data->num_pkts)) { - printf("sending buffered packets\n"); - p_acl->counters->tpkts_processed += - ret_nd_data->num_pkts; - nd_send_buffered_pkts(ret_nd_data, - (struct ether_addr *)eth_dest, *port_out_id); - } - p_acl->counters->tpkts_processed++; - p_acl->counters->bytes_processed += - packet_length; - } else { - if (unlikely(ret_nd_data == NULL)) { - if (ACL_DEBUG) - printf("ACL before drop pkt_mask " - "%lu, pkt_num %d\n", pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", pkts_mask, pos); - p_acl->counters->pkts_drop++; - continue; - } + if (ACL_DEBUG) + printf + ("ACL Conntrack Drop packet = %p\n", + (void *)pkt_mask); + pkts_mask &= ~pkt_mask; + p_acl->counters->pkts_drop++; + } + } + } + } + + pkts_to_process = pkts_mask; + /* bitmap of packets left to process for ARP */ + + for (; pkts_to_process;) { + uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process); + uint64_t pkt_mask = 1LLU << pos; + /* bitmask representing only this packet */ + + pkts_to_process &= ~pkt_mask; + /* remove this packet from remaining list */ + struct rte_mbuf *pkt = pkts[pos]; + + uint8_t hdr_chk = + RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE); + hdr_chk = hdr_chk >> IP_VERSION_CHECK; + + if (hdr_chk == IPv6_HDR_VERSION) { + + struct acl_table_entry *entry = + (struct acl_table_entry *) + p_acl->acl_entries_ipv6[pos]; + //uint16_t phy_port = entry->head.port_id; + uint16_t phy_port = pkt->port; + uint32_t *port_out_id = + RTE_MBUF_METADATA_UINT32_PTR(pkt, + META_DATA_OFFSET + + offsetof(struct + mbuf_acl_meta_data, + output_port)); + + if (ACL_DEBUG) + printf + ("phy_port = %i,links_map[phy_port] = %i\n", + phy_port, p_acl->links_map[phy_port]); + + uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); + + uint32_t dest_if = INVALID_DESTIF; + uint32_t src_phy_port = pkt->port; + + if(is_gateway()){ + + /* Gateway Proc Starts */ + struct ipv6_hdr *ipv6hdr = (struct ipv6_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START); + + struct ether_hdr *ehdr = (struct ether_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, + META_DATA_OFFSET + MBUF_HDR_ROOM); + + struct ether_addr dst_mac; + uint32_t dest_if = INVALID_DESTIF; + uint8_t nhipv6[IPV6_ADD_SIZE]; + uint8_t dest_ipv6_address[IPV6_ADD_SIZE]; + uint32_t src_phy_port; + struct nd_entry_data *ret_nd_data = NULL; + + memset(nhipv6, 0, IPV6_ADD_SIZE); + src_phy_port = pkt->port; + rte_mov16(dest_ipv6_address, (uint8_t *)ipv6hdr->dst_addr); + + gw_get_nh_port_ipv6(dest_ipv6_address, + &dest_if, nhipv6); + + ret_nd_data = get_dest_mac_addr_ipv6(nhipv6, dest_if, &dst_mac); + + /* Gateway Proc Ends */ + + if (nd_cache_dest_mac_present(dest_if)) { + + ether_addr_copy(&dst_mac, &ehdr->d_addr); + ether_addr_copy(get_link_hw_addr(dest_if), &ehdr->s_addr); + + *port_out_id = p_acl->port_out_id[dest_if]; + + update_nhip_access(dest_if); + + if (unlikely(ret_nd_data && ret_nd_data->num_pkts)) { + printf("sending buffered packets\n"); + p_acl->counters->tpkts_processed += + ret_nd_data->num_pkts; + nd_send_buffered_pkts(ret_nd_data, &ehdr->d_addr, + p_acl->port_out_id[dest_if]); + } + p_acl->counters->tpkts_processed++; + p_acl->counters->bytes_processed += packet_length; + } else { + if (unlikely(ret_nd_data == NULL)) { + if (ACL_DEBUG) + printf("ACL before drop pkt_mask " + "%lu, pkt_num %d\n", pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", pkts_mask, pos); + p_acl->counters->pkts_drop++; + continue; + } + + if (ret_nd_data->status == INCOMPLETE || + ret_nd_data->status == PROBE) { + if (ret_nd_data->num_pkts >= NUM_DESC) { + /* Drop the pkt */ + if (ACL_DEBUG) + printf("ACL before drop pkt_mask " + "%lu, pkt_num %d\n", pkts_mask, pos); + pkts_mask &= ~(1LLU << pos); + if (ACL_DEBUG) + printf("ACL after drop pkt_mask " + "%lu, pkt_num %d\n", pkts_mask, pos); + p_acl->counters->pkts_drop++; + continue; + } else { + arp_pkts_mask |= pkt_mask; + nd_queue_unresolved_packet(ret_nd_data, + pkt); + continue; + } + } + } - if (ret_nd_data->status == INCOMPLETE || - ret_nd_data->status == PROBE) { - if (ret_nd_data->num_pkts >= NUM_DESC) { - /* Drop the pkt */ - if (ACL_DEBUG) - printf("ACL before drop pkt_mask " - "%lu, pkt_num %d\n", pkts_mask, pos); - pkts_mask &= ~(1LLU << pos); - if (ACL_DEBUG) - printf("ACL after drop pkt_mask " - "%lu, pkt_num %d\n", pkts_mask, pos); - p_acl->counters->pkts_drop++; - continue; - } else { - arp_pkts_mask |= pkt_mask; - nd_queue_unresolved_packet(ret_nd_data, - pkt); - continue; - } - } + } else { + /* IP Pkt forwarding based on pub/prv mapping */ + if(is_phy_port_privte(src_phy_port)) + dest_if = prv_to_pub_map[src_phy_port]; + else + dest_if = pub_to_prv_map[src_phy_port]; - } + *port_out_id = p_acl->port_out_id[dest_if]; - } + } + } - } /* end of for loop */ + } /* end of for loop */ - pkts_drop_mask = keep_mask & ~pkts_mask; - rte_pipeline_ah_packet_drop(p, pkts_drop_mask); - keep_mask = pkts_mask; + pkts_drop_mask = keep_mask & ~pkts_mask; + rte_pipeline_ah_packet_drop(p, pkts_drop_mask); + keep_mask = pkts_mask; - if (arp_pkts_mask) { - keep_mask &= ~(arp_pkts_mask); - rte_pipeline_ah_packet_hijack(p, arp_pkts_mask); - } + if (arp_pkts_mask) { + keep_mask &= ~(arp_pkts_mask); + rte_pipeline_ah_packet_hijack(p, arp_pkts_mask); + } - /* don't bother measuring if traffic very low, might skew stats */ - uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask); + /* don't bother measuring if traffic very low, might skew stats */ + uint32_t packets_this_iteration = __builtin_popcountll(pkts_mask); - if (packets_this_iteration > 1) { - uint64_t latency_this_iteration = - rte_get_tsc_cycles() - p_acl->in_port_time_stamp; - p_acl->counters->sum_latencies += latency_this_iteration; - p_acl->counters->count_latencies++; - } - if (ACL_DEBUG) - printf("Leaving pkt_work_acl_key pkts_mask = %p\n", - (void *)pkts_mask); + if (packets_this_iteration > 1) { + uint64_t latency_this_iteration = + rte_get_tsc_cycles() - p_acl->in_port_time_stamp; + p_acl->counters->sum_latencies += latency_this_iteration; + p_acl->counters->count_latencies++; + } + if (ACL_DEBUG) + printf("Leaving pkt_work_acl_key pkts_mask = %p\n", + (void *)pkts_mask); - return 0; + return 0; } static struct rte_acl_field_def field_format_ipv4[] = { diff --git a/VNFs/vACL/vnf_template.txt b/VNFs/vACL/vnf_template.txt new file mode 100644 index 00000000..ed8253be --- /dev/null +++ b/VNFs/vACL/vnf_template.txt @@ -0,0 +1,82 @@ +[MASTER] +type = MASTER +core = 0 + +[ARPICMP] +type = ARPICMP +core = 1 +pktq_in = SWQ0 +pktq_out = TXQ0.0 TXQ1.0 +pktq_in_prv = RXQ0.0 +prv_to_pub_map = (0,1) +prv_que_handler = (0) + +[TIMER] +type = TIMER +core = 2 +n_flows = 1048576 + +[TXRX-BEGIN] +type = TXRX +core = 2 +pktq_in = RXQ0.0 RXQ1.0 +pktq_out = SWQ0 SWQ1 SWQ2 +pipeline_txrx_type = RXRX +dest_if_offset=176 + +[TXRX-END] +type = TXRX +core = 5 +pktq_in = SWQ5 SWQ6 +pktq_out = TXQ0.1 TXQ1.1 +pipeline_txrx_type = TXTX + +[LOADB] +type = LOADB +core = 3 +pktq_in = SWQ0 SWQ1 +pktq_out = SWQ3 SWQ4 +outport_offset = 136 +phyport_offset = 204 +n_vnf_threads = 1 +prv_que_handler = (0) + +[VACL] +type = ACL +core = 4 +pktq_in = SWQ3 SWQ4 +pktq_out = SWQ5 SWQ6 +n_flows = 1000000 +pkt_type = ipv6 +traffic_type = 6 + +[VCGNAPT] +type = CGNAPT +core = 3 +pktq_in = RXQ0.0 RXQ1.0 +pktq_out = TXQ0.1 TXQ1.1 SWQ0 +phyport_offset = 204 +n_flows = 1048576 +key_offset = 192;64 +key_size = 8 +hash_offset = 200;72 +timer_period = 100 +max_clients_per_ip = 65535 +max_port_per_client = 10 +public_ip_port_range = 98103214:(1, 65535) +vnf_set = (3,4,5) +pkt_type = ipv4 +cgnapt_meta_offset = 128 +prv_que_handler = (0,) + +[VFW] +type = VFW +core = s0c4 +pktq_in = SWQ3 SWQ4 +pktq_out = SWQ7 SWQ8;TXQ0.0 TXQ1.0 +n_rules = 10000 +n_flows = 1000000 +pkt_type = ipv6 +traffic_type = 6 +tcp_time_wait = 10 + |