diff options
author | Deepak S <deepak.s@linux.intel.com> | 2017-06-20 14:14:06 -0700 |
---|---|---|
committer | Ross Brattain <ross.b.brattain@intel.com> | 2017-08-08 13:31:10 -0700 |
commit | 0230c8fa3201dcacabadb4fec5abc2d479afe723 (patch) | |
tree | cfe5f57dd2d7130a1fda7643ac4523af86238ed2 /samples/vnf_samples/nsut/acl/acl_config | |
parent | 5ce3b6f8c8b3217091e51a6041455738603d90b8 (diff) |
Sample ACL VNF
Change-Id: I33de47ac6ca353d6c69f0d166809b4c95d3fd90f
Signed-off-by: Deepak S <deepak.s@linux.intel.com>
Signed-off-by: Edward MacGillivray <edward.s.macgillivray@intel.com>
Signed-off-by: Ross Brattain <ross.b.brattain@intel.com>
Diffstat (limited to 'samples/vnf_samples/nsut/acl/acl_config')
-rw-r--r-- | samples/vnf_samples/nsut/acl/acl_config/acl_config | 61 | ||||
-rw-r--r-- | samples/vnf_samples/nsut/acl/acl_config/acl_script | 53 |
2 files changed, 114 insertions, 0 deletions
diff --git a/samples/vnf_samples/nsut/acl/acl_config/acl_config b/samples/vnf_samples/nsut/acl/acl_config/acl_config new file mode 100644 index 000000000..52b6a5002 --- /dev/null +++ b/samples/vnf_samples/nsut/acl/acl_config/acl_config @@ -0,0 +1,61 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +[PIPELINE0] +type = MASTER +core = s{socket}c0 +[PIPELINE1] +type = ARPICMP +core = s{socket}c1 +pktq_in = SWQ2 +pktq_out = SWQ7 +# debug output +# ({port1_dst_ip},{port1_netmask},1,{port1_dst_ip}) ({port0_dst_ip},{port0_netmask},0,{port0_dst_ip}) +arp_route_tbl = ({port0_dst_ip_hex},{port0_netmask_hex},0,{port0_dst_ip_hex}) ({port1_dst_ip_hex},{port1_netmask_hex},1,{port1_dst_ip_hex}) +#ports_mac_list = port0_local_mac port1_local_mac +ports_mac_list = {port0_local_mac} {port1_local_mac} +pktq_in_prv = RXQ0.0 RXQ1.0 +prv_to_pub_map = (0,1) +prv_que_handler = (0) + +[PIPELINE2] +type = TXRX +core = s{socket}c2 +pktq_in = RXQ0.0 RXQ1.0 +pktq_out = SWQ0 SWQ1 SWQ2 +pipeline_txrx_type = RXRX +dest_if_offset=176 +[PIPELINE3] +type = LOADB +core = s{socket}c3 +pktq_in = SWQ0 SWQ1 +pktq_out = SWQ3 SWQ4 +outport_offset = 136 +phyport_offset = 204 +n_vnf_threads = 1 +prv_que_handler = (0) +[PIPELINE4] +type = ACL +core = s{socket}c4 +pktq_in = SWQ3 SWQ4 +pktq_out = SWQ5 SWQ6 +n_flows = 1000000 +pkt_type = ipv4 +traffic_type = 4 +[PIPELINE5] +type = TXRX +core = s{socket}c5 +pktq_in = SWQ5 SWQ6 SWQ7 +pktq_out = TXQ0.0 TXQ1.0 +pipeline_txrx_type = TXTX diff --git a/samples/vnf_samples/nsut/acl/acl_config/acl_script b/samples/vnf_samples/nsut/acl/acl_config/acl_script new file mode 100644 index 000000000..4d7553609 --- /dev/null +++ b/samples/vnf_samples/nsut/acl/acl_config/acl_script @@ -0,0 +1,53 @@ +# Copyright (c) 2017 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License")# +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +link 0 down +link 0 config {port0_local_ip} {port0_prefixlen} +link 0 up +link 1 down +link 1 config {port1_local_ip} {port1_prefixlen} +link 1 up + +p action add 0 accept +p action add 0 fwd 0 +p action add 0 count + +p action add 1 accept +p action add 1 fwd 1 +p action add 1 count + +#p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 0 +#p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 1 + +# action rule matches dest port +p acl add 1 {port1_local_network} {port1_prefix} 0.0.0.0 0 0 65535 0 65535 0 0 0 +p acl add 1 0.0.0.0 0 {port1_local_network} {port1_prefix} 0 65535 0 65535 0 0 1 + +p acl add 1 {port0_local_network} {port0_prefix} 0.0.0.0 0 0 65535 0 65535 0 0 1 +p acl add 1 0.0.0.0 0 {port0_local_network} {port0_prefix} 0 65535 0 65535 0 0 0 + +p acl add 1 {port0_local_network} {port0_prefix} {port1_local_network} {port1_prefix} 0 65535 0 65535 0 0 1 +p acl add 1 {port1_local_network} {port1_prefix} {port0_local_network} {port0_prefix} 0 65535 0 65535 0 0 0 + +# gateway is the remote port +p 1 arpadd 0 {port0_gateway} {port0_local_mac} +p 1 arpadd 0 {port0_local_ip} {port0_local_mac} +p 1 arpadd 0 {port0_dst_ip} {port0_dst_mac} +p 1 arpadd 1 {port1_gateway} {port1_local_mac} +p 1 arpadd 1 {port1_local_ip} {port1_local_mac} +p 1 arpadd 1 {port1_dst_ip} {port1_dst_mac} + +p acl applyruleset + +#p acl dbg 1 |