[dpdk-dev] [PATCH v2 11/18] net/ixgbe: parse n-tuple filter
Ferruh Yigit
ferruh.yigit at intel.com
Fri Jan 6 17:55:57 CET 2017
On 12/30/2016 7:53 AM, Wei Zhao wrote:
> Add rule validate function and check if the rule is a n-tuple rule,
> and get the n-tuple info.
>
> Signed-off-by: Wei Zhao <wei.zhao1 at intel.com>
> Signed-off-by: Wenzhuo Lu <wenzhuo.lu at intel.com>
>
> ---
>
> v2:add new error set function
> ---
> drivers/net/ixgbe/ixgbe_ethdev.c | 414 ++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 409 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
> index 0de1318..198cc4b 100644
> --- a/drivers/net/ixgbe/ixgbe_ethdev.c
> +++ b/drivers/net/ixgbe/ixgbe_ethdev.c
> @@ -388,6 +388,24 @@ static int ixgbe_dev_udp_tunnel_port_del(struct rte_eth_dev *dev,
> struct rte_eth_udp_tunnel *udp_tunnel);
<...>
> +
> +/**
> + * Parse the rule to see if it is a n-tuple rule.
> + * And get the n-tuple filter info BTW.
> + */
It would be nice to comment here valid/expected pattern values
(spec/mask/last). Otherwise it is hard to decode from code also it is
good to document intention, so makes easy if there is any defect.
Also valid actions.
> +static int
> +cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
> + const struct rte_flow_item pattern[],
> + const struct rte_flow_action actions[],
> + struct rte_eth_ntuple_filter *filter,
> + struct rte_flow_error *error)
> +{
> + const struct rte_flow_item *item;
> + const struct rte_flow_action *act;
> + const struct rte_flow_item_ipv4 *ipv4_spec;
> + const struct rte_flow_item_ipv4 *ipv4_mask;
> + const struct rte_flow_item_tcp *tcp_spec;
> + const struct rte_flow_item_tcp *tcp_mask;
> + const struct rte_flow_item_udp *udp_spec;
> + const struct rte_flow_item_udp *udp_mask;
> + uint32_t index;
> +
> + if (!pattern) {
> + rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM_NUM,
> + NULL, "NULL pattern.");
> + return -rte_errno;
> + }
> +
> + /* parse pattern */
> + index = 0;
> +
> + /* the first not void item can be MAC or IPv4 */
> + NEXT_ITEM_OF_PATTERN(item, pattern, index);
> +
> + if (item->type != RTE_FLOW_ITEM_TYPE_ETH &&
> + item->type != RTE_FLOW_ITEM_TYPE_IPV4) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Not supported by ntuple filter");
> + return -rte_errno;
> + }
> + /* Skip Ethernet */
> + if (item->type == RTE_FLOW_ITEM_TYPE_ETH) {
> + /*Not supported last point for range*/
> + if (item->last) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
> + item, "Not supported last point for range");
> + return -rte_errno;
> +
> + }
> + /* if the first item is MAC, the content should be NULL */
> + if (item->spec || item->mask) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Not supported by ntuple filter");
> + return -rte_errno;
> + }
> + /* check if the next not void item is IPv4 */
> + index++;
> + NEXT_ITEM_OF_PATTERN(item, pattern, index);
> + if (item->type != RTE_FLOW_ITEM_TYPE_IPV4) {
> + rte_flow_error_set(error,
> + EINVAL, RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Not supported by ntuple filter");
Wrong indentation.
> + return -rte_errno;
> + }
> + }
> +
> + /* get the IPv4 info */
> + if (!item->spec || !item->mask) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Invalid ntuple mask");
> + return -rte_errno;
> + }
> + /*Not supported last point for range*/
> + if (item->last) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
> + item, "Not supported last point for range");
> + return -rte_errno;
> +
> + }
> +
> + ipv4_mask = (const struct rte_flow_item_ipv4 *)item->mask;
> + /**
> + * Only support src & dst addresses, protocol,
> + * others should be masked.
> + */
> + if (ipv4_mask->hdr.version_ihl ||
> + ipv4_mask->hdr.type_of_service ||
> + ipv4_mask->hdr.total_length ||
> + ipv4_mask->hdr.packet_id ||
> + ipv4_mask->hdr.fragment_offset ||
> + ipv4_mask->hdr.time_to_live ||
> + ipv4_mask->hdr.hdr_checksum) {
> + rte_flow_error_set(error,
> + EINVAL, RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Not supported by ntuple filter");
> + return -rte_errno;
> + }
> +
> + filter->dst_ip_mask = ipv4_mask->hdr.dst_addr;
> + filter->src_ip_mask = ipv4_mask->hdr.src_addr;
> + filter->proto_mask = ipv4_mask->hdr.next_proto_id;
> +
> + ipv4_spec = (const struct rte_flow_item_ipv4 *)item->spec;
> + filter->dst_ip = ipv4_spec->hdr.dst_addr;
> + filter->src_ip = ipv4_spec->hdr.src_addr;
> + filter->proto = ipv4_spec->hdr.next_proto_id;
> +
> + /* check if the next not void item is TCP or UDP */
> + index++;
> + NEXT_ITEM_OF_PATTERN(item, pattern, index);
> + if (item->type != RTE_FLOW_ITEM_TYPE_TCP &&
> + item->type != RTE_FLOW_ITEM_TYPE_UDP) {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
Sometimes meset filter before return from error, sometimes not. Is
memset required at all?
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Not supported by ntuple filter");
> + return -rte_errno;
> + }
> +
> + /* get the TCP/UDP info */
> + if (!item->spec || !item->mask) {
For example there is no memset here for filter ..
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Invalid ntuple mask");
> + return -rte_errno;
> + }
> +
> + /*Not supported last point for range*/
> + if (item->last) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
> + item, "Not supported last point for range");
> + return -rte_errno;
> +
> + }
> +
> + if (item->type == RTE_FLOW_ITEM_TYPE_TCP) {
> + tcp_mask = (const struct rte_flow_item_tcp *)item->mask;
> +
> + /**
> + * Only support src & dst ports, tcp flags,
> + * others should be masked.
> + */
> + if (tcp_mask->hdr.sent_seq ||
> + tcp_mask->hdr.recv_ack ||
> + tcp_mask->hdr.data_off ||
> + tcp_mask->hdr.rx_win ||
> + tcp_mask->hdr.cksum ||
> + tcp_mask->hdr.tcp_urp) {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Not supported by ntuple filter");
> + return -rte_errno;
> + }
> +
> + filter->dst_port_mask = tcp_mask->hdr.dst_port;
> + filter->src_port_mask = tcp_mask->hdr.src_port;
> + if (tcp_mask->hdr.tcp_flags == 0xFF) {
> + filter->flags |= RTE_NTUPLE_FLAGS_TCP_FLAG;
> + } else if (!tcp_mask->hdr.tcp_flags) {
> + filter->flags &= ~RTE_NTUPLE_FLAGS_TCP_FLAG;
> + } else {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Not supported by ntuple filter");
> + return -rte_errno;
> + }
> +
> + tcp_spec = (const struct rte_flow_item_tcp *)item->spec;
> + filter->dst_port = tcp_spec->hdr.dst_port;
> + filter->src_port = tcp_spec->hdr.src_port;
> + filter->tcp_flags = tcp_spec->hdr.tcp_flags;
> + } else {
> + udp_mask = (const struct rte_flow_item_udp *)item->mask;
> +
> + /**
> + * Only support src & dst ports,
> + * others should be masked.
> + */
> + if (udp_mask->hdr.dgram_len ||
> + udp_mask->hdr.dgram_cksum) {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Not supported by ntuple filter");
> + return -rte_errno;
> + }
> +
> + filter->dst_port_mask = udp_mask->hdr.dst_port;
> + filter->src_port_mask = udp_mask->hdr.src_port;
> +
> + udp_spec = (const struct rte_flow_item_udp *)item->spec;
> + filter->dst_port = udp_spec->hdr.dst_port;
> + filter->src_port = udp_spec->hdr.src_port;
> + }
> +
> + /* check if the next not void item is END */
> + index++;
> + NEXT_ITEM_OF_PATTERN(item, pattern, index);
> + if (item->type != RTE_FLOW_ITEM_TYPE_END) {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item, "Not supported by ntuple filter");
> + return -rte_errno;
> + }
> +
> + /* parse action */
> + index = 0;
> +
> + if (!actions) {
Although there is no harm, I would do input check at the beginning of
the function, to not do extra work if we hit this case.
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ACTION_NUM,
> + NULL, "NULL action.");
> + return -rte_errno;
> + }
> +
> + /**
> + * n-tuple only supports forwarding,
> + * check if the first not void action is QUEUE.
> + */
> + NEXT_ITEM_OF_ACTION(act, actions, index);
> + if (act->type != RTE_FLOW_ACTION_TYPE_QUEUE) {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ACTION,
> + item, "Not supported action.");
> + return -rte_errno;
> + }
> + filter->queue =
> + ((const struct rte_flow_action_queue *)act->conf)->index;
> +
> + /* check if the next not void item is END */
> + index++;
> + NEXT_ITEM_OF_ACTION(act, actions, index);
> + if (act->type != RTE_FLOW_ACTION_TYPE_END) {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ACTION,
> + act, "Not supported action.");
> + return -rte_errno;
> + }
> +
> + /* parse attr */
> + /* must be input direction */
May be good idea to check if attr is NULL.
> + if (!attr->ingress) {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ATTR_INGRESS,
> + attr, "Only support ingress.");
> + return -rte_errno;
> + }
> +
> + /* not supported */
> + if (attr->egress) {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ATTR_EGRESS,
> + attr, "Not support egress.");
> + return -rte_errno;
> + }
> +
> + if (attr->priority > 0xFFFF) {
> + memset(filter, 0, sizeof(struct rte_eth_ntuple_filter));
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ATTR_PRIORITY,
> + attr, "Error priority.");
> + return -rte_errno;
> + }
> + filter->priority = (uint16_t)attr->priority;
Should check attr->group? Do we support groups?
> +
> + return 0;
> +}
> +
<...>
More information about the dev
mailing list