summaryrefslogtreecommitdiffstats
path: root/samples/vnf_samples/nsut/acl/acl_config
diff options
context:
space:
mode:
authorDeepak S <deepak.s@linux.intel.com>2017-06-20 14:14:06 -0700
committerRoss Brattain <ross.b.brattain@intel.com>2017-08-08 13:31:10 -0700
commit0230c8fa3201dcacabadb4fec5abc2d479afe723 (patch)
treecfe5f57dd2d7130a1fda7643ac4523af86238ed2 /samples/vnf_samples/nsut/acl/acl_config
parent5ce3b6f8c8b3217091e51a6041455738603d90b8 (diff)
Sample ACL VNF
Change-Id: I33de47ac6ca353d6c69f0d166809b4c95d3fd90f Signed-off-by: Deepak S <deepak.s@linux.intel.com> Signed-off-by: Edward MacGillivray <edward.s.macgillivray@intel.com> Signed-off-by: Ross Brattain <ross.b.brattain@intel.com>
Diffstat (limited to 'samples/vnf_samples/nsut/acl/acl_config')
-rw-r--r--samples/vnf_samples/nsut/acl/acl_config/acl_config61
-rw-r--r--samples/vnf_samples/nsut/acl/acl_config/acl_script53
2 files changed, 114 insertions, 0 deletions
diff --git a/samples/vnf_samples/nsut/acl/acl_config/acl_config b/samples/vnf_samples/nsut/acl/acl_config/acl_config
new file mode 100644
index 000000000..52b6a5002
--- /dev/null
+++ b/samples/vnf_samples/nsut/acl/acl_config/acl_config
@@ -0,0 +1,61 @@
+; Copyright (c) 2017 Intel Corporation
+;
+; Licensed under the Apache License, Version 2.0 (the "License");
+; you may not use this file except in compliance with the License.
+; You may obtain a copy of the License at
+;
+; http:#www.apache.org/licenses/LICENSE-2.0
+;
+; Unless required by applicable law or agreed to in writing, software
+; distributed under the License is distributed on an "AS IS" BASIS,
+; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+; See the License for the specific language governing permissions and
+; limitations under the License.
+
+[PIPELINE0]
+type = MASTER
+core = s{socket}c0
+[PIPELINE1]
+type = ARPICMP
+core = s{socket}c1
+pktq_in = SWQ2
+pktq_out = SWQ7
+# debug output
+# ({port1_dst_ip},{port1_netmask},1,{port1_dst_ip}) ({port0_dst_ip},{port0_netmask},0,{port0_dst_ip})
+arp_route_tbl = ({port0_dst_ip_hex},{port0_netmask_hex},0,{port0_dst_ip_hex}) ({port1_dst_ip_hex},{port1_netmask_hex},1,{port1_dst_ip_hex})
+#ports_mac_list = port0_local_mac port1_local_mac
+ports_mac_list = {port0_local_mac} {port1_local_mac}
+pktq_in_prv = RXQ0.0 RXQ1.0
+prv_to_pub_map = (0,1)
+prv_que_handler = (0)
+
+[PIPELINE2]
+type = TXRX
+core = s{socket}c2
+pktq_in = RXQ0.0 RXQ1.0
+pktq_out = SWQ0 SWQ1 SWQ2
+pipeline_txrx_type = RXRX
+dest_if_offset=176
+[PIPELINE3]
+type = LOADB
+core = s{socket}c3
+pktq_in = SWQ0 SWQ1
+pktq_out = SWQ3 SWQ4
+outport_offset = 136
+phyport_offset = 204
+n_vnf_threads = 1
+prv_que_handler = (0)
+[PIPELINE4]
+type = ACL
+core = s{socket}c4
+pktq_in = SWQ3 SWQ4
+pktq_out = SWQ5 SWQ6
+n_flows = 1000000
+pkt_type = ipv4
+traffic_type = 4
+[PIPELINE5]
+type = TXRX
+core = s{socket}c5
+pktq_in = SWQ5 SWQ6 SWQ7
+pktq_out = TXQ0.0 TXQ1.0
+pipeline_txrx_type = TXTX
diff --git a/samples/vnf_samples/nsut/acl/acl_config/acl_script b/samples/vnf_samples/nsut/acl/acl_config/acl_script
new file mode 100644
index 000000000..4d7553609
--- /dev/null
+++ b/samples/vnf_samples/nsut/acl/acl_config/acl_script
@@ -0,0 +1,53 @@
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License")#
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+link 0 down
+link 0 config {port0_local_ip} {port0_prefixlen}
+link 0 up
+link 1 down
+link 1 config {port1_local_ip} {port1_prefixlen}
+link 1 up
+
+p action add 0 accept
+p action add 0 fwd 0
+p action add 0 count
+
+p action add 1 accept
+p action add 1 fwd 1
+p action add 1 count
+
+#p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 0
+#p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 1
+
+# action rule matches dest port
+p acl add 1 {port1_local_network} {port1_prefix} 0.0.0.0 0 0 65535 0 65535 0 0 0
+p acl add 1 0.0.0.0 0 {port1_local_network} {port1_prefix} 0 65535 0 65535 0 0 1
+
+p acl add 1 {port0_local_network} {port0_prefix} 0.0.0.0 0 0 65535 0 65535 0 0 1
+p acl add 1 0.0.0.0 0 {port0_local_network} {port0_prefix} 0 65535 0 65535 0 0 0
+
+p acl add 1 {port0_local_network} {port0_prefix} {port1_local_network} {port1_prefix} 0 65535 0 65535 0 0 1
+p acl add 1 {port1_local_network} {port1_prefix} {port0_local_network} {port0_prefix} 0 65535 0 65535 0 0 0
+
+# gateway is the remote port
+p 1 arpadd 0 {port0_gateway} {port0_local_mac}
+p 1 arpadd 0 {port0_local_ip} {port0_local_mac}
+p 1 arpadd 0 {port0_dst_ip} {port0_dst_mac}
+p 1 arpadd 1 {port1_gateway} {port1_local_mac}
+p 1 arpadd 1 {port1_local_ip} {port1_local_mac}
+p 1 arpadd 1 {port1_dst_ip} {port1_dst_mac}
+
+p acl applyruleset
+
+#p acl dbg 1