summaryrefslogtreecommitdiffstats
path: root/VNFs/vFW/pipeline/pipeline_vfw_be.h
blob: cb41814835e6e2cfe5190236ba1abfd3b3d62804 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
/*
// Copyright (c) 2017 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
*/

#ifndef __INCLUDE_PIPELINE_VFW_BE_H__
#define __INCLUDE_PIPELINE_VFW_BE_H__

/**
 * @file
 * Pipeline VFW BE.
 *
 * Pipeline VFW Back End (BE).
 * Responsible for packet processing.
 *
 */
#include <stdint.h>
#include <rte_ether.h>

#include "pipeline_common_be.h"
#include "rte_cnxn_tracking.h"
#include "rte_ct_tcp.h"
#include "lib_acl.h"

/*#define VFW_DEBUG 0*/
uint8_t vfw_debug;
extern uint8_t VFW_DEBUG;
extern uint8_t firewall_flag;
extern uint8_t cnxn_tracking_is_active;
#define KEY_SIZE 10              /*IPV4 src_ip + dst_ip + src_port + dst_port */
#define IP_32BIT_SIZE 4
#define MAX_VFW_INSTANCES 24       /* max number fw threads, actual usually less */
#define IPv4_HDR_VERSION 4
#define IPv6_HDR_VERSION 6
#define IP_VERSION_CHECK 4
extern int rte_VFW_hi_counter_block_in_use;

enum pipeline_vfw_key_type {
       PIPELINE_VFW_IPV4_5TUPLE,
       PIPELINE_VFW_IPV6_5TUPLE
};
 /**
 * A structure defining the VFW counter block.
 * One counter block per VFW Thread
 */
struct rte_VFW_counter_block {
       char name[PIPELINE_NAME_SIZE];

       /* as long as a counter doesn't cross cache line, writes are atomic */
       uint64_t pkts_received;
       uint64_t bytes_processed; /**< includes all L3 and higher headers. */
       uint64_t num_batch_pkts_sum;
       uint32_t num_pkts_measurements;
       uint32_t unused_counter;

       uint64_t entry_timestamp;
       uint64_t exit_timestamp;
       uint64_t internal_time_sum;
       uint64_t external_time_sum;
       uint32_t time_measurements;
       uint32_t count_latencies;
       /**< Sum latencies */
       uint64_t sum_latencies;
       uint64_t pkts_drop_without_rule;
       uint64_t pkts_acl_forwarded;

       /**< Total packets drop for ttl value by firewall.*/
       uint64_t pkts_drop_ttl;
       /**< Total packets drop for bad size by firewall. */
       uint64_t pkts_drop_bad_size;
       /**< Total packets drop for fragmented by firewall. */
       uint64_t pkts_drop_fragmented;
       /**< Total packets drop for without arp entry by firewall.*/
       uint64_t pkts_drop_without_arp_entry;
       /**< Total packets drop for ipv6 not tcp/udp by firewall. */
       uint64_t pkts_drop_unsupported_type;
       /**< A pointer to connection tracker counters.*/
       struct rte_CT_counter_block *ct_counters;
       /* average latency = sum_latencies / count_latencies */
       uint64_t pkts_fw_forwarded;
       uint64_t arpicmpPktCount;
} __rte_cache_aligned;

/** The counter table for VFW pipeline per thread data.*/
extern struct rte_VFW_counter_block
rte_vfw_counter_table[MAX_VFW_INSTANCES] __rte_cache_aligned;

/**
 * A structure defining the IPv4 5-Tuple for VFW rules.
 */
struct pipeline_vfw_key_ipv4_5tuple {
       uint32_t src_ip;
       uint32_t src_ip_mask;
       uint32_t dst_ip;
       uint32_t dst_ip_mask;
       uint16_t src_port_from;
       uint16_t src_port_to;
       uint16_t dst_port_from;
       uint16_t dst_port_to;
       uint8_t proto;
       uint8_t proto_mask;
};

/**
 * A structure defining the IPv6 5-Tuple for VFW rules.
 */
struct pipeline_vfw_key_ipv6_5tuple {
       uint8_t src_ip[16];
       uint32_t src_ip_mask;
       uint8_t dst_ip[16];
       uint32_t dst_ip_mask;
       uint16_t src_port_from;
       uint16_t src_port_to;
       uint16_t dst_port_from;
       uint16_t dst_port_to;
       uint8_t proto;
       uint8_t proto_mask;
};

/* Messages from CLI for processing by packet processing */

enum pipeline_tcpfw_msg_req_type {

       PIPELINE_TCPFW_MSG_REQ_ENTRY_STATUS,
       PIPELINE_TCPFW_MSG_REQ_DBG,
       PIPELINE_TCPFW_MSG_REQ_SYNPROXY_FLAGS,
       PIPELINE_TCPFW_MSG_REQS
};
/**
 * A structure defining the key to store VFW rule.
 * For both IPv4 and IPv6.
 */
struct pipeline_vfw_key {
       enum pipeline_vfw_key_type type;
       union {
              struct pipeline_vfw_key_ipv4_5tuple ipv4_5tuple;
              struct pipeline_vfw_key_ipv6_5tuple ipv6_5tuple;
       } key;
};



extern struct pipeline_action_key *action_array_a;
extern struct pipeline_action_key *action_array_b;
extern struct pipeline_action_key *action_array_active;
extern struct pipeline_action_key *action_array_standby;
extern uint32_t action_array_size;

extern struct action_counter_block
action_counter_table[MAX_VFW_INSTANCES][action_array_max]
__rte_cache_aligned;

/**
 * A structure defining the add VFW rule command response message.
 */
struct pipeline_vfw_add_msg_rsp {
       int status;
       int key_found;
       void *entry_ptr;
};

struct app_pipeline_vfw_entry_params {
       uint32_t s_addr;
       uint16_t s_port;
       uint32_t d_addr;
       uint16_t d_port;

};

struct pipeline_vfw_entry_key {
       uint32_t ip1[IP_32BIT_SIZE];
       uint32_t ip2[IP_32BIT_SIZE];
       uint16_t port1;
       uint16_t port2;
};

/* Messages from CLI for processing by packet processing */

enum pipeline_vfw_msg_req_type {
       PIPELINE_VFW_MSG_REQ_SYNPROXY_FLAGS,
       PIPELINE_VFW_MSG_REQS
};

/*
 * A structure defining the synproxy ON/OFF command request message.
 */
struct pipeline_vfw_synproxy_flag_msg_req {
       enum pipeline_msg_req_type type;
       enum pipeline_vfw_msg_req_type subtype;

       /* data */
       uint8_t synproxy_flag;
};

/**
 * A structure defining the synproxy ON/OFF command response message.
 */
struct pipeline_vfw_synproxy_flag_msg_rsp {
       int status;
       void *entry_ptr;
};
extern struct pipeline_be_ops pipeline_vfw_be_ops;

extern int rte_ct_initialize_default_timeouts(struct rte_ct_cnxn_tracker
                                         *new_cnxn_tracker);

#endif