From a59ed4772da29826915010a7c9d34b5ebd256c42 Mon Sep 17 00:00:00 2001
From: Anand B Jyoti <anand.b.jyoti@intel.com>
Date: Tue, 18 Apr 2017 13:36:02 +0530
Subject: vFW: Adding Virtual Firewall VNF

JIRA: SAMPLEVNF-4

vFW supports following features:
 - Basic packet filtering (malformed packets, IP fragments)
 - Connection tracking for TCP and UDP
 - Access Control List for rule based policy enforcement
 - SYN-flood protection via Synproxy* for TCP
 - UDP, TCP and ICMP protocol pass-through
 - CLI based enable/disable connection tracking, synproxy,
   basic packet filtering
 - Hardware and Software Load Balancing
 - L2L3 stack support for ARP/ICMP handling
 - Multithread support
 - Multiple physical port support

Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20
Signed-off-by: Anand B Jyoti <anand.b.jyoti@intel.com>
[Push patch to gerrit]
Signed-off-by: Deepak S <deepak.s@linux.intel.com>
---
 VNFs/vFW/pipeline/pipeline_vfw.h | 145 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 145 insertions(+)
 create mode 100644 VNFs/vFW/pipeline/pipeline_vfw.h

(limited to 'VNFs/vFW/pipeline/pipeline_vfw.h')

diff --git a/VNFs/vFW/pipeline/pipeline_vfw.h b/VNFs/vFW/pipeline/pipeline_vfw.h
new file mode 100644
index 00000000..3b1b25f0
--- /dev/null
+++ b/VNFs/vFW/pipeline/pipeline_vfw.h
@@ -0,0 +1,145 @@
+/*
+// Copyright (c) 2017 Intel Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+*/
+
+#ifndef __INCLUDE_PIPELINE_VFW_H__
+#define __INCLUDE_PIPELINE_VFW_H__
+
+/**
+ * @file
+ * Pipeline VFW FE.
+ *
+ * Pipeline VFW Front End (FE).
+ * Runs on the Master pipeline, responsible for CLI commands.
+ *
+ */
+
+#include "pipeline.h"
+#include "app.h"
+#include "pipeline_vfw_be.h"
+
+/* VFW IPV4 and IPV6 enable flags for debugging (Default both on) */
+extern int vfw_ipv4_enabled;
+extern int vfw_ipv6_enabled;
+
+/* Number of VFW Rules, default 4 * 1024 */
+extern uint32_t vfw_n_rules;
+/* VFW Rule Table TRIE - 2 (Active, Standby Global table per ipv4, ipv6 */
+extern void *vfw_rule_table_ipv4_active;
+extern void *vfw_rule_table_ipv4_standby;
+extern void *vfw_rule_table_ipv6_active;
+extern void *vfw_rule_table_ipv6_standby;
+
+#define active_rule_table       0
+#define standby_rule_table       1
+#define vfw_add_command              0
+#define vfw_delete_command       1
+#define IPV6_32BIT_LENGTH       4
+
+/**
+ * Add VFW rule to the VFW rule table.
+ * Rules are added standby table.
+ * Applyruleset command will activate the change.
+ * Both IPv4 and IPv6 rules can be added.
+ *
+ * @param app
+ *  A pointer to the VFW pipeline parameters.
+ * @param key
+ *  A pointer to the VFW rule to add.
+ * @param priority
+ *  Priority of the VFW rule.
+ * @param port_id
+ *  Port ID of the VFW rule.
+ * @param action_id
+ *  Action ID of the VFW rule. Defined in Action Table.
+ *
+ * @return
+ *  0 on success, negative on error.
+ */
+int
+app_pipeline_vfw_add_rule(struct app_params *app,
+                          struct pipeline_vfw_key *key,
+                          uint32_t priority,
+                          uint32_t port_id, uint32_t action_id);
+
+/**
+ * Delete VFW rule from the VFW rule table.
+ * Rules deleted from standby tables.
+ * Applyruleset command will activate the change.
+ * Both IPv4 and IPv6 rules can be deleted.
+ *
+ * @param app
+ *  A pointer to the VFW pipeline parameters.
+ * @param key
+ *  A pointer to the VFW rule to delete.
+ *
+ * @return
+ *  0 on success, negative on error.
+ */
+int
+app_pipeline_vfw_delete_rule(struct app_params *app,
+                            struct pipeline_vfw_key *key);
+
+/**
+ * Clear all VFW rules from the VFW rule table.
+ * Rules cleared from standby tables.
+ * Applyruleset command will activate the change.
+ * Both IPv4 and IPv6 rules will be cleared.
+ *
+ * @param app
+ *  A pointer to the VFW pipeline parameters.
+ *
+ * @return
+ *  0 on success, negative on error.
+ */
+int app_pipeline_vfw_clearrules(struct app_params *app);
+
+/**
+ * Add Action to the Action table.
+ * Actions are added standby table.
+ * Applyruleset command will activate the change.
+ *
+ * @param app
+ *  A pointer to the VFW pipeline parameters.
+ * @param key
+ *  A pointer to the Action to add.
+ *
+ * @return
+ *  0 on success, negative on error.
+ */
+int
+app_pipeline_action_add(struct app_params *app,
+                     struct pipeline_action_key *key);
+
+/**
+ * Delete Action from the Action table.
+ * Actions are deleted from the standby table.
+ * Applyruleset command will activate the change.
+ *
+ * @param app
+ *  A pointer to the VFW pipeline parameters.
+ * @param key
+ *  A pointer to the Action to delete.
+ *
+ * @return
+ *  0 on success, negative on error.
+ */
+int
+app_pipeline_action_delete(struct app_params *app,
+                        struct pipeline_action_key *key);
+
+extern struct pipeline_type pipeline_vfw;
+
+#endif
-- 
cgit 1.2.3-korg