1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright 2016 6WIND S.A. 3 Copyright 2016 Mellanox Technologies, Ltd 4 5Generic flow API (rte_flow) 6=========================== 7 8Overview 9-------- 10 11This API provides a generic means to configure hardware to match specific 12ingress or egress traffic, alter its fate and query related counters 13according to any number of user-defined rules. 14 15It is named *rte_flow* after the prefix used for all its symbols, and is 16defined in ``rte_flow.h``. 17 18- Matching can be performed on packet data (protocol headers, payload) and 19 properties (e.g. associated physical port, virtual device function ID). 20 21- Possible operations include dropping traffic, diverting it to specific 22 queues, to virtual/physical device functions or ports, performing tunnel 23 offloads, adding marks and so on. 24 25It is slightly higher-level than the legacy filtering framework which it 26encompasses and supersedes (including all functions and filter types) in 27order to expose a single interface with an unambiguous behavior that is 28common to all poll-mode drivers (PMDs). 29 30Flow rule 31--------- 32 33Description 34~~~~~~~~~~~ 35 36A flow rule is the combination of attributes with a matching pattern and a 37list of actions. Flow rules form the basis of this API. 38 39Flow rules can have several distinct actions (such as counting, 40encapsulating, decapsulating before redirecting packets to a particular 41queue, etc.), instead of relying on several rules to achieve this and having 42applications deal with hardware implementation details regarding their 43order. 44 45Support for different priority levels on a rule basis is provided, for 46example in order to force a more specific rule to come before a more generic 47one for packets matched by both. However hardware support for more than a 48single priority level cannot be guaranteed. When supported, the number of 49available priority levels is usually low, which is why they can also be 50implemented in software by PMDs (e.g. missing priority levels may be 51emulated by reordering rules). 52 53In order to remain as hardware-agnostic as possible, by default all rules 54are considered to have the same priority, which means that the order between 55overlapping rules (when a packet is matched by several filters) is 56undefined. 57 58PMDs may refuse to create overlapping rules at a given priority level when 59they can be detected (e.g. if a pattern matches an existing filter). 60 61Thus predictable results for a given priority level can only be achieved 62with non-overlapping rules, using perfect matching on all protocol layers. 63 64Flow rules can also be grouped, the flow rule priority is specific to the 65group they belong to. All flow rules in a given group are thus processed within 66the context of that group. Groups are not linked by default, so the logical 67hierarchy of groups must be explicitly defined by flow rules themselves in each 68group using the JUMP action to define the next group to redirect too. Only flow 69rules defined in the default group 0 are guarantee to be matched against, this 70makes group 0 the origin of any group hierarchy defined by an application. 71 72Support for multiple actions per rule may be implemented internally on top 73of non-default hardware priorities, as a result both features may not be 74simultaneously available to applications. 75 76Considering that allowed pattern/actions combinations cannot be known in 77advance and would result in an impractically large number of capabilities to 78expose, a method is provided to validate a given rule from the current 79device configuration state. 80 81This enables applications to check if the rule types they need is supported 82at initialization time, before starting their data path. This method can be 83used anytime, its only requirement being that the resources needed by a rule 84should exist (e.g. a target RX queue should be configured first). 85 86Each defined rule is associated with an opaque handle managed by the PMD, 87applications are responsible for keeping it. These can be used for queries 88and rules management, such as retrieving counters or other data and 89destroying them. 90 91To avoid resource leaks on the PMD side, handles must be explicitly 92destroyed by the application before releasing associated resources such as 93queues and ports. 94 95The following sections cover: 96 97- **Attributes** (represented by ``struct rte_flow_attr``): properties of a 98 flow rule such as its direction (ingress or egress) and priority. 99 100- **Pattern item** (represented by ``struct rte_flow_item``): part of a 101 matching pattern that either matches specific packet data or traffic 102 properties. It can also describe properties of the pattern itself, such as 103 inverted matching. 104 105- **Matching pattern**: traffic properties to look for, a combination of any 106 number of items. 107 108- **Actions** (represented by ``struct rte_flow_action``): operations to 109 perform whenever a packet is matched by a pattern. 110 111Attributes 112~~~~~~~~~~ 113 114Attribute: Group 115^^^^^^^^^^^^^^^^ 116 117Flow rules can be grouped by assigning them a common group number. Groups 118allow a logical hierarchy of flow rule groups (tables) to be defined. These 119groups can be supported virtually in the PMD or in the physical device. 120Group 0 is the default group and this is the only group which flows are 121guarantee to matched against, all subsequent groups can only be reached by 122way of the JUMP action from a matched flow rule. 123 124Although optional, applications are encouraged to group similar rules as 125much as possible to fully take advantage of hardware capabilities 126(e.g. optimized matching) and work around limitations (e.g. a single pattern 127type possibly allowed in a given group), while being aware that the groups 128hierarchies must be programmed explicitly. 129 130Note that support for more than a single group is not guaranteed. 131 132Attribute: Priority 133^^^^^^^^^^^^^^^^^^^ 134 135A priority level can be assigned to a flow rule, lower values 136denote higher priority, with 0 as the maximum. 137 138Priority levels are arbitrary and up to the application, they do 139not need to be contiguous nor start from 0, however the maximum number 140varies between devices and may be affected by existing flow rules. 141 142A flow which matches multiple rules in the same group will always matched by 143the rule with the highest priority in that group. 144 145If a packet is matched by several rules of a given group for a given 146priority level, the outcome is undefined. It can take any path, may be 147duplicated or even cause unrecoverable errors. 148 149Note that support for more than a single priority level is not guaranteed. 150 151Attribute: Traffic direction 152^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 153 154Flow rule patterns apply to inbound and/or outbound traffic. 155 156In the context of this API, **ingress** and **egress** respectively stand 157for **inbound** and **outbound** based on the standpoint of the application 158creating a flow rule. 159 160There are no exceptions to this definition. 161 162Several pattern items and actions are valid and can be used in both 163directions. At least one direction must be specified. 164 165Specifying both directions at once for a given rule is not recommended but 166may be valid in a few cases (e.g. shared counters). 167 168Attribute: Transfer 169^^^^^^^^^^^^^^^^^^^ 170 171Instead of simply matching the properties of traffic as it would appear on a 172given DPDK port ID, enabling this attribute transfers a flow rule to the 173lowest possible level of any device endpoints found in the pattern. 174 175When supported, this effectively enables an application to reroute traffic 176not necessarily intended for it (e.g. coming from or addressed to different 177physical ports, VFs or applications) at the device level. 178 179It complements the behavior of some pattern items such as `Item: PHY_PORT`_ 180and is meaningless without them. 181 182When transferring flow rules, **ingress** and **egress** attributes 183(`Attribute: Traffic direction`_) keep their original meaning, as if 184processing traffic emitted or received by the application. 185 186Pattern item 187~~~~~~~~~~~~ 188 189Pattern items fall in two categories: 190 191- Matching protocol headers and packet data, usually associated with a 192 specification structure. These must be stacked in the same order as the 193 protocol layers to match inside packets, starting from the lowest. 194 195- Matching meta-data or affecting pattern processing, often without a 196 specification structure. Since they do not match packet contents, their 197 position in the list is usually not relevant. 198 199Item specification structures are used to match specific values among 200protocol fields (or item properties). Documentation describes for each item 201whether they are associated with one and their type name if so. 202 203Up to three structures of the same type can be set for a given item: 204 205- ``spec``: values to match (e.g. a given IPv4 address). 206 207- ``last``: upper bound for an inclusive range with corresponding fields in 208 ``spec``. 209 210- ``mask``: bit-mask applied to both ``spec`` and ``last`` whose purpose is 211 to distinguish the values to take into account and/or partially mask them 212 out (e.g. in order to match an IPv4 address prefix). 213 214Usage restrictions and expected behavior: 215 216- Setting either ``mask`` or ``last`` without ``spec`` is an error. 217 218- Field values in ``last`` which are either 0 or equal to the corresponding 219 values in ``spec`` are ignored; they do not generate a range. Nonzero 220 values lower than those in ``spec`` are not supported. 221 222- Setting ``spec`` and optionally ``last`` without ``mask`` causes the PMD 223 to use the default mask defined for that item (defined as 224 ``rte_flow_item_{name}_mask`` constants). 225 226- Not setting any of them (assuming item type allows it) is equivalent to 227 providing an empty (zeroed) ``mask`` for broad (nonspecific) matching. 228 229- ``mask`` is a simple bit-mask applied before interpreting the contents of 230 ``spec`` and ``last``, which may yield unexpected results if not used 231 carefully. For example, if for an IPv4 address field, ``spec`` provides 232 *10.1.2.3*, ``last`` provides *10.3.4.5* and ``mask`` provides 233 *255.255.0.0*, the effective range becomes *10.1.0.0* to *10.3.255.255*. 234 235Example of an item specification matching an Ethernet header: 236 237.. _table_rte_flow_pattern_item_example: 238 239.. table:: Ethernet item 240 241 +----------+----------+-----------------------+ 242 | Field | Subfield | Value | 243 +==========+==========+=======================+ 244 | ``spec`` | ``src`` | ``00:00:01:02:03:04`` | 245 | +----------+-----------------------+ 246 | | ``dst`` | ``00:00:2a:66:00:01`` | 247 | +----------+-----------------------+ 248 | | ``type`` | ``0x22aa`` | 249 +----------+----------+-----------------------+ 250 | ``last`` | unspecified | 251 +----------+----------+-----------------------+ 252 | ``mask`` | ``src`` | ``00:00:ff:ff:ff:00`` | 253 | +----------+-----------------------+ 254 | | ``dst`` | ``00:00:00:00:00:ff`` | 255 | +----------+-----------------------+ 256 | | ``type`` | ``0x0000`` | 257 +----------+----------+-----------------------+ 258 259Non-masked bits stand for any value (shown as ``?`` below), Ethernet headers 260with the following properties are thus matched: 261 262- ``src``: ``??:??:01:02:03:??`` 263- ``dst``: ``??:??:??:??:??:01`` 264- ``type``: ``0x????`` 265 266Matching pattern 267~~~~~~~~~~~~~~~~ 268 269A pattern is formed by stacking items starting from the lowest protocol 270layer to match. This stacking restriction does not apply to meta items which 271can be placed anywhere in the stack without affecting the meaning of the 272resulting pattern. 273 274Patterns are terminated by END items. 275 276Examples: 277 278.. _table_rte_flow_tcpv4_as_l4: 279 280.. table:: TCPv4 as L4 281 282 +-------+----------+ 283 | Index | Item | 284 +=======+==========+ 285 | 0 | Ethernet | 286 +-------+----------+ 287 | 1 | IPv4 | 288 +-------+----------+ 289 | 2 | TCP | 290 +-------+----------+ 291 | 3 | END | 292 +-------+----------+ 293 294| 295 296.. _table_rte_flow_tcpv6_in_vxlan: 297 298.. table:: TCPv6 in VXLAN 299 300 +-------+------------+ 301 | Index | Item | 302 +=======+============+ 303 | 0 | Ethernet | 304 +-------+------------+ 305 | 1 | IPv4 | 306 +-------+------------+ 307 | 2 | UDP | 308 +-------+------------+ 309 | 3 | VXLAN | 310 +-------+------------+ 311 | 4 | Ethernet | 312 +-------+------------+ 313 | 5 | IPv6 | 314 +-------+------------+ 315 | 6 | TCP | 316 +-------+------------+ 317 | 7 | END | 318 +-------+------------+ 319 320| 321 322.. _table_rte_flow_tcpv4_as_l4_meta: 323 324.. table:: TCPv4 as L4 with meta items 325 326 +-------+----------+ 327 | Index | Item | 328 +=======+==========+ 329 | 0 | VOID | 330 +-------+----------+ 331 | 1 | Ethernet | 332 +-------+----------+ 333 | 2 | VOID | 334 +-------+----------+ 335 | 3 | IPv4 | 336 +-------+----------+ 337 | 4 | TCP | 338 +-------+----------+ 339 | 5 | VOID | 340 +-------+----------+ 341 | 6 | VOID | 342 +-------+----------+ 343 | 7 | END | 344 +-------+----------+ 345 346The above example shows how meta items do not affect packet data matching 347items, as long as those remain stacked properly. The resulting matching 348pattern is identical to "TCPv4 as L4". 349 350.. _table_rte_flow_udpv6_anywhere: 351 352.. table:: UDPv6 anywhere 353 354 +-------+------+ 355 | Index | Item | 356 +=======+======+ 357 | 0 | IPv6 | 358 +-------+------+ 359 | 1 | UDP | 360 +-------+------+ 361 | 2 | END | 362 +-------+------+ 363 364If supported by the PMD, omitting one or several protocol layers at the 365bottom of the stack as in the above example (missing an Ethernet 366specification) enables looking up anywhere in packets. 367 368It is unspecified whether the payload of supported encapsulations 369(e.g. VXLAN payload) is matched by such a pattern, which may apply to inner, 370outer or both packets. 371 372.. _table_rte_flow_invalid_l3: 373 374.. table:: Invalid, missing L3 375 376 +-------+----------+ 377 | Index | Item | 378 +=======+==========+ 379 | 0 | Ethernet | 380 +-------+----------+ 381 | 1 | UDP | 382 +-------+----------+ 383 | 2 | END | 384 +-------+----------+ 385 386The above pattern is invalid due to a missing L3 specification between L2 387(Ethernet) and L4 (UDP). Doing so is only allowed at the bottom and at the 388top of the stack. 389 390Meta item types 391~~~~~~~~~~~~~~~ 392 393They match meta-data or affect pattern processing instead of matching packet 394data directly, most of them do not need a specification structure. This 395particularity allows them to be specified anywhere in the stack without 396causing any side effect. 397 398Item: ``END`` 399^^^^^^^^^^^^^ 400 401End marker for item lists. Prevents further processing of items, thereby 402ending the pattern. 403 404- Its numeric value is 0 for convenience. 405- PMD support is mandatory. 406- ``spec``, ``last`` and ``mask`` are ignored. 407 408.. _table_rte_flow_item_end: 409 410.. table:: END 411 412 +----------+---------+ 413 | Field | Value | 414 +==========+=========+ 415 | ``spec`` | ignored | 416 +----------+---------+ 417 | ``last`` | ignored | 418 +----------+---------+ 419 | ``mask`` | ignored | 420 +----------+---------+ 421 422Item: ``VOID`` 423^^^^^^^^^^^^^^ 424 425Used as a placeholder for convenience. It is ignored and simply discarded by 426PMDs. 427 428- PMD support is mandatory. 429- ``spec``, ``last`` and ``mask`` are ignored. 430 431.. _table_rte_flow_item_void: 432 433.. table:: VOID 434 435 +----------+---------+ 436 | Field | Value | 437 +==========+=========+ 438 | ``spec`` | ignored | 439 +----------+---------+ 440 | ``last`` | ignored | 441 +----------+---------+ 442 | ``mask`` | ignored | 443 +----------+---------+ 444 445One usage example for this type is generating rules that share a common 446prefix quickly without reallocating memory, only by updating item types: 447 448.. _table_rte_flow_item_void_example: 449 450.. table:: TCP, UDP or ICMP as L4 451 452 +-------+--------------------+ 453 | Index | Item | 454 +=======+====================+ 455 | 0 | Ethernet | 456 +-------+--------------------+ 457 | 1 | IPv4 | 458 +-------+------+------+------+ 459 | 2 | UDP | VOID | VOID | 460 +-------+------+------+------+ 461 | 3 | VOID | TCP | VOID | 462 +-------+------+------+------+ 463 | 4 | VOID | VOID | ICMP | 464 +-------+------+------+------+ 465 | 5 | END | 466 +-------+--------------------+ 467 468Item: ``INVERT`` 469^^^^^^^^^^^^^^^^ 470 471Inverted matching, i.e. process packets that do not match the pattern. 472 473- ``spec``, ``last`` and ``mask`` are ignored. 474 475.. _table_rte_flow_item_invert: 476 477.. table:: INVERT 478 479 +----------+---------+ 480 | Field | Value | 481 +==========+=========+ 482 | ``spec`` | ignored | 483 +----------+---------+ 484 | ``last`` | ignored | 485 +----------+---------+ 486 | ``mask`` | ignored | 487 +----------+---------+ 488 489Usage example, matching non-TCPv4 packets only: 490 491.. _table_rte_flow_item_invert_example: 492 493.. table:: Anything but TCPv4 494 495 +-------+----------+ 496 | Index | Item | 497 +=======+==========+ 498 | 0 | INVERT | 499 +-------+----------+ 500 | 1 | Ethernet | 501 +-------+----------+ 502 | 2 | IPv4 | 503 +-------+----------+ 504 | 3 | TCP | 505 +-------+----------+ 506 | 4 | END | 507 +-------+----------+ 508 509Item: ``PF`` 510^^^^^^^^^^^^ 511 512Matches traffic originating from (ingress) or going to (egress) the physical 513function of the current device. 514 515If supported, should work even if the physical function is not managed by 516the application and thus not associated with a DPDK port ID. 517 518- Can be combined with any number of `Item: VF`_ to match both PF and VF 519 traffic. 520- ``spec``, ``last`` and ``mask`` must not be set. 521 522.. _table_rte_flow_item_pf: 523 524.. table:: PF 525 526 +----------+-------+ 527 | Field | Value | 528 +==========+=======+ 529 | ``spec`` | unset | 530 +----------+-------+ 531 | ``last`` | unset | 532 +----------+-------+ 533 | ``mask`` | unset | 534 +----------+-------+ 535 536Item: ``VF`` 537^^^^^^^^^^^^ 538 539Matches traffic originating from (ingress) or going to (egress) a given 540virtual function of the current device. 541 542If supported, should work even if the virtual function is not managed by the 543application and thus not associated with a DPDK port ID. 544 545Note this pattern item does not match VF representors traffic which, as 546separate entities, should be addressed through their own DPDK port IDs. 547 548- Can be specified multiple times to match traffic addressed to several VF 549 IDs. 550- Can be combined with a PF item to match both PF and VF traffic. 551- Default ``mask`` matches any VF ID. 552 553.. _table_rte_flow_item_vf: 554 555.. table:: VF 556 557 +----------+----------+---------------------------+ 558 | Field | Subfield | Value | 559 +==========+==========+===========================+ 560 | ``spec`` | ``id`` | destination VF ID | 561 +----------+----------+---------------------------+ 562 | ``last`` | ``id`` | upper range value | 563 +----------+----------+---------------------------+ 564 | ``mask`` | ``id`` | zeroed to match any VF ID | 565 +----------+----------+---------------------------+ 566 567Item: ``PHY_PORT`` 568^^^^^^^^^^^^^^^^^^ 569 570Matches traffic originating from (ingress) or going to (egress) a physical 571port of the underlying device. 572 573The first PHY_PORT item overrides the physical port normally associated with 574the specified DPDK input port (port_id). This item can be provided several 575times to match additional physical ports. 576 577Note that physical ports are not necessarily tied to DPDK input ports 578(port_id) when those are not under DPDK control. Possible values are 579specific to each device, they are not necessarily indexed from zero and may 580not be contiguous. 581 582As a device property, the list of allowed values as well as the value 583associated with a port_id should be retrieved by other means. 584 585- Default ``mask`` matches any port index. 586 587.. _table_rte_flow_item_phy_port: 588 589.. table:: PHY_PORT 590 591 +----------+-----------+--------------------------------+ 592 | Field | Subfield | Value | 593 +==========+===========+================================+ 594 | ``spec`` | ``index`` | physical port index | 595 +----------+-----------+--------------------------------+ 596 | ``last`` | ``index`` | upper range value | 597 +----------+-----------+--------------------------------+ 598 | ``mask`` | ``index`` | zeroed to match any port index | 599 +----------+-----------+--------------------------------+ 600 601Item: ``PORT_ID`` 602^^^^^^^^^^^^^^^^^ 603 604Matches traffic originating from (ingress) or going to (egress) a given DPDK 605port ID. 606 607Normally only supported if the port ID in question is known by the 608underlying PMD and related to the device the flow rule is created against. 609 610This must not be confused with `Item: PHY_PORT`_ which refers to the 611physical port of a device, whereas `Item: PORT_ID`_ refers to a ``struct 612rte_eth_dev`` object on the application side (also known as "port 613representor" depending on the kind of underlying device). 614 615- Default ``mask`` matches the specified DPDK port ID. 616 617.. _table_rte_flow_item_port_id: 618 619.. table:: PORT_ID 620 621 +----------+----------+-----------------------------+ 622 | Field | Subfield | Value | 623 +==========+==========+=============================+ 624 | ``spec`` | ``id`` | DPDK port ID | 625 +----------+----------+-----------------------------+ 626 | ``last`` | ``id`` | upper range value | 627 +----------+----------+-----------------------------+ 628 | ``mask`` | ``id`` | zeroed to match any port ID | 629 +----------+----------+-----------------------------+ 630 631Item: ``MARK`` 632^^^^^^^^^^^^^^ 633 634Matches an arbitrary integer value which was set using the ``MARK`` action in 635a previously matched rule. 636 637This item can only specified once as a match criteria as the ``MARK`` action can 638only be specified once in a flow action. 639 640Note the value of MARK field is arbitrary and application defined. 641 642Depending on the underlying implementation the MARK item may be supported on 643the physical device, with virtual groups in the PMD or not at all. 644 645- Default ``mask`` matches any integer value. 646 647.. _table_rte_flow_item_mark: 648 649.. table:: MARK 650 651 +----------+----------+---------------------------+ 652 | Field | Subfield | Value | 653 +==========+==========+===========================+ 654 | ``spec`` | ``id`` | integer value | 655 +----------+--------------------------------------+ 656 | ``last`` | ``id`` | upper range value | 657 +----------+----------+---------------------------+ 658 | ``mask`` | ``id`` | zeroed to match any value | 659 +----------+----------+---------------------------+ 660 661Item: ``TAG`` 662^^^^^^^^^^^^^ 663 664Matches tag item set by other flows. Multiple tags are supported by specifying 665``index``. 666 667- Default ``mask`` matches the specified tag value and index. 668 669.. _table_rte_flow_item_tag: 670 671.. table:: TAG 672 673 +----------+----------+----------------------------------------+ 674 | Field | Subfield | Value | 675 +==========+===========+=======================================+ 676 | ``spec`` | ``data`` | 32 bit flow tag value | 677 | +-----------+---------------------------------------+ 678 | | ``index`` | index of flow tag | 679 +----------+-----------+---------------------------------------+ 680 | ``last`` | ``data`` | upper range value | 681 | +-----------+---------------------------------------+ 682 | | ``index`` | field is ignored | 683 +----------+-----------+---------------------------------------+ 684 | ``mask`` | ``data`` | bit-mask applies to "spec" and "last" | 685 | +-----------+---------------------------------------+ 686 | | ``index`` | field is ignored | 687 +----------+-----------+---------------------------------------+ 688 689Item: ``META`` 690^^^^^^^^^^^^^^^^^ 691 692Matches 32 bit metadata item set. 693 694On egress, metadata can be set either by mbuf metadata field with 695PKT_TX_DYNF_METADATA flag or ``SET_META`` action. On ingress, ``SET_META`` 696action sets metadata for a packet and the metadata will be reported via 697``metadata`` dynamic field of ``rte_mbuf`` with PKT_RX_DYNF_METADATA flag. 698 699- Default ``mask`` matches the specified Rx metadata value. 700 701.. _table_rte_flow_item_meta: 702 703.. table:: META 704 705 +----------+----------+---------------------------------------+ 706 | Field | Subfield | Value | 707 +==========+==========+=======================================+ 708 | ``spec`` | ``data`` | 32 bit metadata value | 709 +----------+----------+---------------------------------------+ 710 | ``last`` | ``data`` | upper range value | 711 +----------+----------+---------------------------------------+ 712 | ``mask`` | ``data`` | bit-mask applies to "spec" and "last" | 713 +----------+----------+---------------------------------------+ 714 715Data matching item types 716~~~~~~~~~~~~~~~~~~~~~~~~ 717 718Most of these are basically protocol header definitions with associated 719bit-masks. They must be specified (stacked) from lowest to highest protocol 720layer to form a matching pattern. 721 722The following list is not exhaustive, new protocols will be added in the 723future. 724 725Item: ``ANY`` 726^^^^^^^^^^^^^ 727 728Matches any protocol in place of the current layer, a single ANY may also 729stand for several protocol layers. 730 731This is usually specified as the first pattern item when looking for a 732protocol anywhere in a packet. 733 734- Default ``mask`` stands for any number of layers. 735 736.. _table_rte_flow_item_any: 737 738.. table:: ANY 739 740 +----------+----------+--------------------------------------+ 741 | Field | Subfield | Value | 742 +==========+==========+======================================+ 743 | ``spec`` | ``num`` | number of layers covered | 744 +----------+----------+--------------------------------------+ 745 | ``last`` | ``num`` | upper range value | 746 +----------+----------+--------------------------------------+ 747 | ``mask`` | ``num`` | zeroed to cover any number of layers | 748 +----------+----------+--------------------------------------+ 749 750Example for VXLAN TCP payload matching regardless of outer L3 (IPv4 or IPv6) 751and L4 (UDP) both matched by the first ANY specification, and inner L3 (IPv4 752or IPv6) matched by the second ANY specification: 753 754.. _table_rte_flow_item_any_example: 755 756.. table:: TCP in VXLAN with wildcards 757 758 +-------+------+----------+----------+-------+ 759 | Index | Item | Field | Subfield | Value | 760 +=======+======+==========+==========+=======+ 761 | 0 | Ethernet | 762 +-------+------+----------+----------+-------+ 763 | 1 | ANY | ``spec`` | ``num`` | 2 | 764 +-------+------+----------+----------+-------+ 765 | 2 | VXLAN | 766 +-------+------------------------------------+ 767 | 3 | Ethernet | 768 +-------+------+----------+----------+-------+ 769 | 4 | ANY | ``spec`` | ``num`` | 1 | 770 +-------+------+----------+----------+-------+ 771 | 5 | TCP | 772 +-------+------------------------------------+ 773 | 6 | END | 774 +-------+------------------------------------+ 775 776Item: ``RAW`` 777^^^^^^^^^^^^^ 778 779Matches a byte string of a given length at a given offset. 780 781Offset is either absolute (using the start of the packet) or relative to the 782end of the previous matched item in the stack, in which case negative values 783are allowed. 784 785If search is enabled, offset is used as the starting point. The search area 786can be delimited by setting limit to a nonzero value, which is the maximum 787number of bytes after offset where the pattern may start. 788 789Matching a zero-length pattern is allowed, doing so resets the relative 790offset for subsequent items. 791 792- This type does not support ranges (``last`` field). 793- Default ``mask`` matches all fields exactly. 794 795.. _table_rte_flow_item_raw: 796 797.. table:: RAW 798 799 +----------+--------------+-------------------------------------------------+ 800 | Field | Subfield | Value | 801 +==========+==============+=================================================+ 802 | ``spec`` | ``relative`` | look for pattern after the previous item | 803 | +--------------+-------------------------------------------------+ 804 | | ``search`` | search pattern from offset (see also ``limit``) | 805 | +--------------+-------------------------------------------------+ 806 | | ``reserved`` | reserved, must be set to zero | 807 | +--------------+-------------------------------------------------+ 808 | | ``offset`` | absolute or relative offset for ``pattern`` | 809 | +--------------+-------------------------------------------------+ 810 | | ``limit`` | search area limit for start of ``pattern`` | 811 | +--------------+-------------------------------------------------+ 812 | | ``length`` | ``pattern`` length | 813 | +--------------+-------------------------------------------------+ 814 | | ``pattern`` | byte string to look for | 815 +----------+--------------+-------------------------------------------------+ 816 | ``last`` | if specified, either all 0 or with the same values as ``spec`` | 817 +----------+----------------------------------------------------------------+ 818 | ``mask`` | bit-mask applied to ``spec`` values with usual behavior | 819 +----------+----------------------------------------------------------------+ 820 821Example pattern looking for several strings at various offsets of a UDP 822payload, using combined RAW items: 823 824.. _table_rte_flow_item_raw_example: 825 826.. table:: UDP payload matching 827 828 +-------+------+----------+--------------+-------+ 829 | Index | Item | Field | Subfield | Value | 830 +=======+======+==========+==============+=======+ 831 | 0 | Ethernet | 832 +-------+----------------------------------------+ 833 | 1 | IPv4 | 834 +-------+----------------------------------------+ 835 | 2 | UDP | 836 +-------+------+----------+--------------+-------+ 837 | 3 | RAW | ``spec`` | ``relative`` | 1 | 838 | | | +--------------+-------+ 839 | | | | ``search`` | 1 | 840 | | | +--------------+-------+ 841 | | | | ``offset`` | 10 | 842 | | | +--------------+-------+ 843 | | | | ``limit`` | 0 | 844 | | | +--------------+-------+ 845 | | | | ``length`` | 3 | 846 | | | +--------------+-------+ 847 | | | | ``pattern`` | "foo" | 848 +-------+------+----------+--------------+-------+ 849 | 4 | RAW | ``spec`` | ``relative`` | 1 | 850 | | | +--------------+-------+ 851 | | | | ``search`` | 0 | 852 | | | +--------------+-------+ 853 | | | | ``offset`` | 20 | 854 | | | +--------------+-------+ 855 | | | | ``limit`` | 0 | 856 | | | +--------------+-------+ 857 | | | | ``length`` | 3 | 858 | | | +--------------+-------+ 859 | | | | ``pattern`` | "bar" | 860 +-------+------+----------+--------------+-------+ 861 | 5 | RAW | ``spec`` | ``relative`` | 1 | 862 | | | +--------------+-------+ 863 | | | | ``search`` | 0 | 864 | | | +--------------+-------+ 865 | | | | ``offset`` | -29 | 866 | | | +--------------+-------+ 867 | | | | ``limit`` | 0 | 868 | | | +--------------+-------+ 869 | | | | ``length`` | 3 | 870 | | | +--------------+-------+ 871 | | | | ``pattern`` | "baz" | 872 +-------+------+----------+--------------+-------+ 873 | 6 | END | 874 +-------+----------------------------------------+ 875 876This translates to: 877 878- Locate "foo" at least 10 bytes deep inside UDP payload. 879- Locate "bar" after "foo" plus 20 bytes. 880- Locate "baz" after "bar" minus 29 bytes. 881 882Such a packet may be represented as follows (not to scale):: 883 884 0 >= 10 B == 20 B 885 | |<--------->| |<--------->| 886 | | | | | 887 |-----|------|-----|-----|-----|-----|-----------|-----|------| 888 | ETH | IPv4 | UDP | ... | baz | foo | ......... | bar | .... | 889 |-----|------|-----|-----|-----|-----|-----------|-----|------| 890 | | 891 |<--------------------------->| 892 == 29 B 893 894Note that matching subsequent pattern items would resume after "baz", not 895"bar" since matching is always performed after the previous item of the 896stack. 897 898Item: ``ETH`` 899^^^^^^^^^^^^^ 900 901Matches an Ethernet header. 902 903The ``type`` field either stands for "EtherType" or "TPID" when followed by 904so-called layer 2.5 pattern items such as ``RTE_FLOW_ITEM_TYPE_VLAN``. In 905the latter case, ``type`` refers to that of the outer header, with the inner 906EtherType/TPID provided by the subsequent pattern item. This is the same 907order as on the wire. 908If the ``type`` field contains a TPID value, then only tagged packets with the 909specified TPID will match the pattern. 910The field ``has_vlan`` can be used to match any type of tagged packets, 911instead of using the ``type`` field. 912If the ``type`` and ``has_vlan`` fields are not specified, then both tagged 913and untagged packets will match the pattern. 914 915- ``dst``: destination MAC. 916- ``src``: source MAC. 917- ``type``: EtherType or TPID. 918- ``has_vlan``: packet header contains at least one VLAN. 919- Default ``mask`` matches destination and source addresses only. 920 921Item: ``VLAN`` 922^^^^^^^^^^^^^^ 923 924Matches an 802.1Q/ad VLAN tag. 925 926The corresponding standard outer EtherType (TPID) values are 927``RTE_ETHER_TYPE_VLAN`` or ``RTE_ETHER_TYPE_QINQ``. It can be overridden by the 928preceding pattern item. 929If a ``VLAN`` item is present in the pattern, then only tagged packets will 930match the pattern. 931The field ``has_more_vlan`` can be used to match any type of tagged packets, 932instead of using the ``inner_type field``. 933If the ``inner_type`` and ``has_more_vlan`` fields are not specified, 934then any tagged packets will match the pattern. 935 936- ``tci``: tag control information. 937- ``inner_type``: inner EtherType or TPID. 938- ``has_more_vlan``: packet header contains at least one more VLAN, after this VLAN. 939- Default ``mask`` matches the VID part of TCI only (lower 12 bits). 940 941Item: ``IPV4`` 942^^^^^^^^^^^^^^ 943 944Matches an IPv4 header. 945 946Note: IPv4 options are handled by dedicated pattern items. 947 948- ``hdr``: IPv4 header definition (``rte_ip.h``). 949- Default ``mask`` matches source and destination addresses only. 950 951Item: ``IPV6`` 952^^^^^^^^^^^^^^ 953 954Matches an IPv6 header. 955 956Dedicated flags indicate if header contains specific extension headers. 957To match on packets containing a specific extension header, an application 958should match on the dedicated flag set to 1. 959To match on packets not containing a specific extension header, an application 960should match on the dedicated flag clear to 0. 961In case application doesn't care about the existence of a specific extension 962header, it should not specify the dedicated flag for matching. 963 964- ``hdr``: IPv6 header definition (``rte_ip.h``). 965- ``has_hop_ext``: header contains Hop-by-Hop Options extension header. 966- ``has_route_ext``: header contains Routing extension header. 967- ``has_frag_ext``: header contains Fragment extension header. 968- ``has_auth_ext``: header contains Authentication extension header. 969- ``has_esp_ext``: header contains Encapsulation Security Payload extension header. 970- ``has_dest_ext``: header contains Destination Options extension header. 971- ``has_mobil_ext``: header contains Mobility extension header. 972- ``has_hip_ext``: header contains Host Identity Protocol extension header. 973- ``has_shim6_ext``: header contains Shim6 Protocol extension header. 974- Default ``mask`` matches ``hdr`` source and destination addresses only. 975 976Item: ``ICMP`` 977^^^^^^^^^^^^^^ 978 979Matches an ICMP header. 980 981- ``hdr``: ICMP header definition (``rte_icmp.h``). 982- Default ``mask`` matches ICMP type and code only. 983 984Item: ``UDP`` 985^^^^^^^^^^^^^ 986 987Matches a UDP header. 988 989- ``hdr``: UDP header definition (``rte_udp.h``). 990- Default ``mask`` matches source and destination ports only. 991 992Item: ``TCP`` 993^^^^^^^^^^^^^ 994 995Matches a TCP header. 996 997- ``hdr``: TCP header definition (``rte_tcp.h``). 998- Default ``mask`` matches source and destination ports only. 999 1000Item: ``SCTP`` 1001^^^^^^^^^^^^^^ 1002 1003Matches a SCTP header. 1004 1005- ``hdr``: SCTP header definition (``rte_sctp.h``). 1006- Default ``mask`` matches source and destination ports only. 1007 1008Item: ``VXLAN`` 1009^^^^^^^^^^^^^^^ 1010 1011Matches a VXLAN header (RFC 7348). 1012 1013- ``flags``: normally 0x08 (I flag). 1014- ``rsvd0``: reserved, normally 0x000000. 1015- ``vni``: VXLAN network identifier. 1016- ``rsvd1``: reserved, normally 0x00. 1017- Default ``mask`` matches VNI only. 1018 1019Item: ``E_TAG`` 1020^^^^^^^^^^^^^^^ 1021 1022Matches an IEEE 802.1BR E-Tag header. 1023 1024The corresponding standard outer EtherType (TPID) value is 1025``RTE_ETHER_TYPE_ETAG``. It can be overridden by the preceding pattern item. 1026 1027- ``epcp_edei_in_ecid_b``: E-Tag control information (E-TCI), E-PCP (3b), 1028 E-DEI (1b), ingress E-CID base (12b). 1029- ``rsvd_grp_ecid_b``: reserved (2b), GRP (2b), E-CID base (12b). 1030- ``in_ecid_e``: ingress E-CID ext. 1031- ``ecid_e``: E-CID ext. 1032- ``inner_type``: inner EtherType or TPID. 1033- Default ``mask`` simultaneously matches GRP and E-CID base. 1034 1035Item: ``NVGRE`` 1036^^^^^^^^^^^^^^^ 1037 1038Matches a NVGRE header (RFC 7637). 1039 1040- ``c_k_s_rsvd0_ver``: checksum (1b), undefined (1b), key bit (1b), 1041 sequence number (1b), reserved 0 (9b), version (3b). This field must have 1042 value 0x2000 according to RFC 7637. 1043- ``protocol``: protocol type (0x6558). 1044- ``tni``: virtual subnet ID. 1045- ``flow_id``: flow ID. 1046- Default ``mask`` matches TNI only. 1047 1048Item: ``MPLS`` 1049^^^^^^^^^^^^^^ 1050 1051Matches a MPLS header. 1052 1053- ``label_tc_s_ttl``: label, TC, Bottom of Stack and TTL. 1054- Default ``mask`` matches label only. 1055 1056Item: ``GRE`` 1057^^^^^^^^^^^^^ 1058 1059Matches a GRE header. 1060 1061- ``c_rsvd0_ver``: checksum, reserved 0 and version. 1062- ``protocol``: protocol type. 1063- Default ``mask`` matches protocol only. 1064 1065Item: ``GRE_KEY`` 1066^^^^^^^^^^^^^^^^^ 1067 1068Matches a GRE key field. 1069This should be preceded by item ``GRE``. 1070 1071- Value to be matched is a big-endian 32 bit integer. 1072- When this item present it implicitly match K bit in default mask as "1" 1073 1074Item: ``FUZZY`` 1075^^^^^^^^^^^^^^^ 1076 1077Fuzzy pattern match, expect faster than default. 1078 1079This is for device that support fuzzy match option. Usually a fuzzy match is 1080fast but the cost is accuracy. i.e. Signature Match only match pattern's hash 1081value, but it is possible two different patterns have the same hash value. 1082 1083Matching accuracy level can be configured by threshold. Driver can divide the 1084range of threshold and map to different accuracy levels that device support. 1085 1086Threshold 0 means perfect match (no fuzziness), while threshold 0xffffffff 1087means fuzziest match. 1088 1089.. _table_rte_flow_item_fuzzy: 1090 1091.. table:: FUZZY 1092 1093 +----------+---------------+--------------------------------------------------+ 1094 | Field | Subfield | Value | 1095 +==========+===============+==================================================+ 1096 | ``spec`` | ``threshold`` | 0 as perfect match, 0xffffffff as fuzziest match | 1097 +----------+---------------+--------------------------------------------------+ 1098 | ``last`` | ``threshold`` | upper range value | 1099 +----------+---------------+--------------------------------------------------+ 1100 | ``mask`` | ``threshold`` | bit-mask apply to "spec" and "last" | 1101 +----------+---------------+--------------------------------------------------+ 1102 1103Usage example, fuzzy match a TCPv4 packets: 1104 1105.. _table_rte_flow_item_fuzzy_example: 1106 1107.. table:: Fuzzy matching 1108 1109 +-------+----------+ 1110 | Index | Item | 1111 +=======+==========+ 1112 | 0 | FUZZY | 1113 +-------+----------+ 1114 | 1 | Ethernet | 1115 +-------+----------+ 1116 | 2 | IPv4 | 1117 +-------+----------+ 1118 | 3 | TCP | 1119 +-------+----------+ 1120 | 4 | END | 1121 +-------+----------+ 1122 1123Item: ``GTP``, ``GTPC``, ``GTPU`` 1124^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1125 1126Matches a GTPv1 header. 1127 1128Note: GTP, GTPC and GTPU use the same structure. GTPC and GTPU item 1129are defined for a user-friendly API when creating GTP-C and GTP-U 1130flow rules. 1131 1132- ``v_pt_rsv_flags``: version (3b), protocol type (1b), reserved (1b), 1133 extension header flag (1b), sequence number flag (1b), N-PDU number 1134 flag (1b). 1135- ``msg_type``: message type. 1136- ``msg_len``: message length. 1137- ``teid``: tunnel endpoint identifier. 1138- Default ``mask`` matches teid only. 1139 1140Item: ``ESP`` 1141^^^^^^^^^^^^^ 1142 1143Matches an ESP header. 1144 1145- ``hdr``: ESP header definition (``rte_esp.h``). 1146- Default ``mask`` matches SPI only. 1147 1148Item: ``GENEVE`` 1149^^^^^^^^^^^^^^^^ 1150 1151Matches a GENEVE header. 1152 1153- ``ver_opt_len_o_c_rsvd0``: version (2b), length of the options fields (6b), 1154 OAM packet (1b), critical options present (1b), reserved 0 (6b). 1155- ``protocol``: protocol type. 1156- ``vni``: virtual network identifier. 1157- ``rsvd1``: reserved, normally 0x00. 1158- Default ``mask`` matches VNI only. 1159 1160Item: ``VXLAN-GPE`` 1161^^^^^^^^^^^^^^^^^^^ 1162 1163Matches a VXLAN-GPE header (draft-ietf-nvo3-vxlan-gpe-05). 1164 1165- ``flags``: normally 0x0C (I and P flags). 1166- ``rsvd0``: reserved, normally 0x0000. 1167- ``protocol``: protocol type. 1168- ``vni``: VXLAN network identifier. 1169- ``rsvd1``: reserved, normally 0x00. 1170- Default ``mask`` matches VNI only. 1171 1172Item: ``ARP_ETH_IPV4`` 1173^^^^^^^^^^^^^^^^^^^^^^ 1174 1175Matches an ARP header for Ethernet/IPv4. 1176 1177- ``hdr``: hardware type, normally 1. 1178- ``pro``: protocol type, normally 0x0800. 1179- ``hln``: hardware address length, normally 6. 1180- ``pln``: protocol address length, normally 4. 1181- ``op``: opcode (1 for request, 2 for reply). 1182- ``sha``: sender hardware address. 1183- ``spa``: sender IPv4 address. 1184- ``tha``: target hardware address. 1185- ``tpa``: target IPv4 address. 1186- Default ``mask`` matches SHA, SPA, THA and TPA. 1187 1188Item: ``IPV6_EXT`` 1189^^^^^^^^^^^^^^^^^^ 1190 1191Matches the presence of any IPv6 extension header. 1192 1193- ``next_hdr``: next header. 1194- Default ``mask`` matches ``next_hdr``. 1195 1196Normally preceded by any of: 1197 1198- `Item: IPV6`_ 1199- `Item: IPV6_EXT`_ 1200 1201Item: ``IPV6_FRAG_EXT`` 1202^^^^^^^^^^^^^^^^^^^^^^^ 1203 1204Matches the presence of IPv6 fragment extension header. 1205 1206- ``hdr``: IPv6 fragment extension header definition (``rte_ip.h``). 1207 1208Normally preceded by any of: 1209 1210- `Item: IPV6`_ 1211- `Item: IPV6_EXT`_ 1212 1213Item: ``ICMP6`` 1214^^^^^^^^^^^^^^^ 1215 1216Matches any ICMPv6 header. 1217 1218- ``type``: ICMPv6 type. 1219- ``code``: ICMPv6 code. 1220- ``checksum``: ICMPv6 checksum. 1221- Default ``mask`` matches ``type`` and ``code``. 1222 1223Item: ``ICMP6_ND_NS`` 1224^^^^^^^^^^^^^^^^^^^^^ 1225 1226Matches an ICMPv6 neighbor discovery solicitation. 1227 1228- ``type``: ICMPv6 type, normally 135. 1229- ``code``: ICMPv6 code, normally 0. 1230- ``checksum``: ICMPv6 checksum. 1231- ``reserved``: reserved, normally 0. 1232- ``target_addr``: target address. 1233- Default ``mask`` matches target address only. 1234 1235Item: ``ICMP6_ND_NA`` 1236^^^^^^^^^^^^^^^^^^^^^ 1237 1238Matches an ICMPv6 neighbor discovery advertisement. 1239 1240- ``type``: ICMPv6 type, normally 136. 1241- ``code``: ICMPv6 code, normally 0. 1242- ``checksum``: ICMPv6 checksum. 1243- ``rso_reserved``: route flag (1b), solicited flag (1b), override flag 1244 (1b), reserved (29b). 1245- ``target_addr``: target address. 1246- Default ``mask`` matches target address only. 1247 1248Item: ``ICMP6_ND_OPT`` 1249^^^^^^^^^^^^^^^^^^^^^^ 1250 1251Matches the presence of any ICMPv6 neighbor discovery option. 1252 1253- ``type``: ND option type. 1254- ``length``: ND option length. 1255- Default ``mask`` matches type only. 1256 1257Normally preceded by any of: 1258 1259- `Item: ICMP6_ND_NA`_ 1260- `Item: ICMP6_ND_NS`_ 1261- `Item: ICMP6_ND_OPT`_ 1262 1263Item: ``ICMP6_ND_OPT_SLA_ETH`` 1264^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1265 1266Matches an ICMPv6 neighbor discovery source Ethernet link-layer address 1267option. 1268 1269- ``type``: ND option type, normally 1. 1270- ``length``: ND option length, normally 1. 1271- ``sla``: source Ethernet LLA. 1272- Default ``mask`` matches source link-layer address only. 1273 1274Normally preceded by any of: 1275 1276- `Item: ICMP6_ND_NA`_ 1277- `Item: ICMP6_ND_OPT`_ 1278 1279Item: ``ICMP6_ND_OPT_TLA_ETH`` 1280^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1281 1282Matches an ICMPv6 neighbor discovery target Ethernet link-layer address 1283option. 1284 1285- ``type``: ND option type, normally 2. 1286- ``length``: ND option length, normally 1. 1287- ``tla``: target Ethernet LLA. 1288- Default ``mask`` matches target link-layer address only. 1289 1290Normally preceded by any of: 1291 1292- `Item: ICMP6_ND_NS`_ 1293- `Item: ICMP6_ND_OPT`_ 1294 1295Item: ``META`` 1296^^^^^^^^^^^^^^ 1297 1298Matches an application specific 32 bit metadata item. 1299 1300- Default ``mask`` matches the specified metadata value. 1301 1302Item: ``GTP_PSC`` 1303^^^^^^^^^^^^^^^^^ 1304 1305Matches a GTP PDU extension header with type 0x85. 1306 1307- ``pdu_type``: PDU type. 1308- ``qfi``: QoS flow identifier. 1309- Default ``mask`` matches QFI only. 1310 1311Item: ``PPPOES``, ``PPPOED`` 1312^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1313 1314Matches a PPPoE header. 1315 1316- ``version_type``: version (4b), type (4b). 1317- ``code``: message type. 1318- ``session_id``: session identifier. 1319- ``length``: payload length. 1320 1321Item: ``PPPOE_PROTO_ID`` 1322^^^^^^^^^^^^^^^^^^^^^^^^ 1323 1324Matches a PPPoE session protocol identifier. 1325 1326- ``proto_id``: PPP protocol identifier. 1327- Default ``mask`` matches proto_id only. 1328 1329Item: ``NSH`` 1330^^^^^^^^^^^^^ 1331 1332Matches a network service header (RFC 8300). 1333 1334- ``version``: normally 0x0 (2 bits). 1335- ``oam_pkt``: indicate oam packet (1 bit). 1336- ``reserved``: reserved bit (1 bit). 1337- ``ttl``: maximum SFF hopes (6 bits). 1338- ``length``: total length in 4 bytes words (6 bits). 1339- ``reserved1``: reserved1 bits (4 bits). 1340- ``mdtype``: ndicates format of NSH header (4 bits). 1341- ``next_proto``: indicates protocol type of encap data (8 bits). 1342- ``spi``: service path identifier (3 bytes). 1343- ``sindex``: service index (1 byte). 1344- Default ``mask`` matches mdtype, next_proto, spi, sindex. 1345 1346 1347Item: ``IGMP`` 1348^^^^^^^^^^^^^^ 1349 1350Matches a Internet Group Management Protocol (RFC 2236). 1351 1352- ``type``: IGMP message type (Query/Report). 1353- ``max_resp_time``: max time allowed before sending report. 1354- ``checksum``: checksum, 1s complement of whole IGMP message. 1355- ``group_addr``: group address, for Query value will be 0. 1356- Default ``mask`` matches group_addr. 1357 1358 1359Item: ``AH`` 1360^^^^^^^^^^^^ 1361 1362Matches a IP Authentication Header (RFC 4302). 1363 1364- ``next_hdr``: next payload after AH. 1365- ``payload_len``: total length of AH in 4B words. 1366- ``reserved``: reserved bits. 1367- ``spi``: security parameters index. 1368- ``seq_num``: counter value increased by 1 on each packet sent. 1369- Default ``mask`` matches spi. 1370 1371Item: ``HIGIG2`` 1372^^^^^^^^^^^^^^^^^ 1373 1374Matches a HIGIG2 header field. It is layer 2.5 protocol and used in 1375Broadcom switches. 1376 1377- Default ``mask`` matches classification and vlan. 1378 1379Item: ``L2TPV3OIP`` 1380^^^^^^^^^^^^^^^^^^^ 1381 1382Matches a L2TPv3 over IP header. 1383 1384- ``session_id``: L2TPv3 over IP session identifier. 1385- Default ``mask`` matches session_id only. 1386 1387Item: ``PFCP`` 1388^^^^^^^^^^^^^^ 1389 1390Matches a PFCP Header. 1391 1392- ``s_field``: S field. 1393- ``msg_type``: message type. 1394- ``msg_len``: message length. 1395- ``seid``: session endpoint identifier. 1396- Default ``mask`` matches s_field and seid. 1397 1398Item: ``ECPRI`` 1399^^^^^^^^^^^^^^^ 1400 1401Matches a eCPRI header. 1402 1403- ``hdr``: eCPRI header definition (``rte_ecpri.h``). 1404- Default ``mask`` matches nothing, for all eCPRI messages. 1405 1406Actions 1407~~~~~~~ 1408 1409Each possible action is represented by a type. 1410An action can have an associated configuration object. 1411Several actions combined in a list can be assigned 1412to a flow rule and are performed in order. 1413 1414They fall in three categories: 1415 1416- Actions that modify the fate of matching traffic, for instance by dropping 1417 or assigning it a specific destination. 1418 1419- Actions that modify matching traffic contents or its properties. This 1420 includes adding/removing encapsulation, encryption, compression and marks. 1421 1422- Actions related to the flow rule itself, such as updating counters or 1423 making it non-terminating. 1424 1425Flow rules being terminating by default, not specifying any action of the 1426fate kind results in undefined behavior. This applies to both ingress and 1427egress. 1428 1429PASSTHRU, when supported, makes a flow rule non-terminating. 1430 1431Like matching patterns, action lists are terminated by END items. 1432 1433Example of action that redirects packets to queue index 10: 1434 1435.. _table_rte_flow_action_example: 1436 1437.. table:: Queue action 1438 1439 +-----------+-------+ 1440 | Field | Value | 1441 +===========+=======+ 1442 | ``index`` | 10 | 1443 +-----------+-------+ 1444 1445Actions are performed in list order: 1446 1447.. _table_rte_flow_count_then_drop: 1448 1449.. table:: Count then drop 1450 1451 +-------+--------+ 1452 | Index | Action | 1453 +=======+========+ 1454 | 0 | COUNT | 1455 +-------+--------+ 1456 | 1 | DROP | 1457 +-------+--------+ 1458 | 2 | END | 1459 +-------+--------+ 1460 1461| 1462 1463.. _table_rte_flow_mark_count_redirect: 1464 1465.. table:: Mark, count then redirect 1466 1467 +-------+--------+------------+-------+ 1468 | Index | Action | Field | Value | 1469 +=======+========+============+=======+ 1470 | 0 | MARK | ``mark`` | 0x2a | 1471 +-------+--------+------------+-------+ 1472 | 1 | COUNT | ``shared`` | 0 | 1473 | | +------------+-------+ 1474 | | | ``id`` | 0 | 1475 +-------+--------+------------+-------+ 1476 | 2 | QUEUE | ``queue`` | 10 | 1477 +-------+--------+------------+-------+ 1478 | 3 | END | 1479 +-------+-----------------------------+ 1480 1481| 1482 1483.. _table_rte_flow_redirect_queue_5: 1484 1485.. table:: Redirect to queue 5 1486 1487 +-------+--------+-----------+-------+ 1488 | Index | Action | Field | Value | 1489 +=======+========+===========+=======+ 1490 | 0 | DROP | 1491 +-------+--------+-----------+-------+ 1492 | 1 | QUEUE | ``queue`` | 5 | 1493 +-------+--------+-----------+-------+ 1494 | 2 | END | 1495 +-------+----------------------------+ 1496 1497In the above example, while DROP and QUEUE must be performed in order, both 1498have to happen before reaching END. Only QUEUE has a visible effect. 1499 1500Note that such a list may be thought as ambiguous and rejected on that 1501basis. 1502 1503.. _table_rte_flow_redirect_queue_5_3: 1504 1505.. table:: Redirect to queues 5 and 3 1506 1507 +-------+--------+-----------+-------+ 1508 | Index | Action | Field | Value | 1509 +=======+========+===========+=======+ 1510 | 0 | QUEUE | ``queue`` | 5 | 1511 +-------+--------+-----------+-------+ 1512 | 1 | VOID | 1513 +-------+--------+-----------+-------+ 1514 | 2 | QUEUE | ``queue`` | 3 | 1515 +-------+--------+-----------+-------+ 1516 | 3 | END | 1517 +-------+----------------------------+ 1518 1519As previously described, all actions must be taken into account. This 1520effectively duplicates traffic to both queues. The above example also shows 1521that VOID is ignored. 1522 1523Action types 1524~~~~~~~~~~~~ 1525 1526Common action types are described in this section. Like pattern item types, 1527this list is not exhaustive as new actions will be added in the future. 1528 1529Action: ``END`` 1530^^^^^^^^^^^^^^^ 1531 1532End marker for action lists. Prevents further processing of actions, thereby 1533ending the list. 1534 1535- Its numeric value is 0 for convenience. 1536- PMD support is mandatory. 1537- No configurable properties. 1538 1539.. _table_rte_flow_action_end: 1540 1541.. table:: END 1542 1543 +---------------+ 1544 | Field | 1545 +===============+ 1546 | no properties | 1547 +---------------+ 1548 1549Action: ``VOID`` 1550^^^^^^^^^^^^^^^^ 1551 1552Used as a placeholder for convenience. It is ignored and simply discarded by 1553PMDs. 1554 1555- PMD support is mandatory. 1556- No configurable properties. 1557 1558.. _table_rte_flow_action_void: 1559 1560.. table:: VOID 1561 1562 +---------------+ 1563 | Field | 1564 +===============+ 1565 | no properties | 1566 +---------------+ 1567 1568Action: ``PASSTHRU`` 1569^^^^^^^^^^^^^^^^^^^^ 1570 1571Leaves traffic up for additional processing by subsequent flow rules; makes 1572a flow rule non-terminating. 1573 1574- No configurable properties. 1575 1576.. _table_rte_flow_action_passthru: 1577 1578.. table:: PASSTHRU 1579 1580 +---------------+ 1581 | Field | 1582 +===============+ 1583 | no properties | 1584 +---------------+ 1585 1586Example to copy a packet to a queue and continue processing by subsequent 1587flow rules: 1588 1589.. _table_rte_flow_action_passthru_example: 1590 1591.. table:: Copy to queue 8 1592 1593 +-------+--------+-----------+-------+ 1594 | Index | Action | Field | Value | 1595 +=======+========+===========+=======+ 1596 | 0 | PASSTHRU | 1597 +-------+--------+-----------+-------+ 1598 | 1 | QUEUE | ``queue`` | 8 | 1599 +-------+--------+-----------+-------+ 1600 | 2 | END | 1601 +-------+----------------------------+ 1602 1603Action: ``JUMP`` 1604^^^^^^^^^^^^^^^^ 1605 1606Redirects packets to a group on the current device. 1607 1608In a hierarchy of groups, which can be used to represent physical or logical 1609flow group/tables on the device, this action redirects the matched flow to 1610the specified group on that device. 1611 1612If a matched flow is redirected to a table which doesn't contain a matching 1613rule for that flow then the behavior is undefined and the resulting behavior 1614is up to the specific device. Best practice when using groups would be define 1615a default flow rule for each group which a defines the default actions in that 1616group so a consistent behavior is defined. 1617 1618Defining an action for matched flow in a group to jump to a group which is 1619higher in the group hierarchy may not be supported by physical devices, 1620depending on how groups are mapped to the physical devices. In the 1621definitions of jump actions, applications should be aware that it may be 1622possible to define flow rules which trigger an undefined behavior causing 1623flows to loop between groups. 1624 1625.. _table_rte_flow_action_jump: 1626 1627.. table:: JUMP 1628 1629 +-----------+------------------------------+ 1630 | Field | Value | 1631 +===========+==============================+ 1632 | ``group`` | Group to redirect packets to | 1633 +-----------+------------------------------+ 1634 1635Action: ``MARK`` 1636^^^^^^^^^^^^^^^^ 1637 1638Attaches an integer value to packets and sets ``PKT_RX_FDIR`` and 1639``PKT_RX_FDIR_ID`` mbuf flags. 1640 1641This value is arbitrary and application-defined. Maximum allowed value 1642depends on the underlying implementation. It is returned in the 1643``hash.fdir.hi`` mbuf field. 1644 1645.. _table_rte_flow_action_mark: 1646 1647.. table:: MARK 1648 1649 +--------+--------------------------------------+ 1650 | Field | Value | 1651 +========+======================================+ 1652 | ``id`` | integer value to return with packets | 1653 +--------+--------------------------------------+ 1654 1655Action: ``FLAG`` 1656^^^^^^^^^^^^^^^^ 1657 1658Flags packets. Similar to `Action: MARK`_ without a specific value; only 1659sets the ``PKT_RX_FDIR`` mbuf flag. 1660 1661- No configurable properties. 1662 1663.. _table_rte_flow_action_flag: 1664 1665.. table:: FLAG 1666 1667 +---------------+ 1668 | Field | 1669 +===============+ 1670 | no properties | 1671 +---------------+ 1672 1673Action: ``QUEUE`` 1674^^^^^^^^^^^^^^^^^ 1675 1676Assigns packets to a given queue index. 1677 1678.. _table_rte_flow_action_queue: 1679 1680.. table:: QUEUE 1681 1682 +-----------+--------------------+ 1683 | Field | Value | 1684 +===========+====================+ 1685 | ``index`` | queue index to use | 1686 +-----------+--------------------+ 1687 1688Action: ``DROP`` 1689^^^^^^^^^^^^^^^^ 1690 1691Drop packets. 1692 1693- No configurable properties. 1694 1695.. _table_rte_flow_action_drop: 1696 1697.. table:: DROP 1698 1699 +---------------+ 1700 | Field | 1701 +===============+ 1702 | no properties | 1703 +---------------+ 1704 1705Action: ``COUNT`` 1706^^^^^^^^^^^^^^^^^ 1707 1708Adds a counter action to a matched flow. 1709 1710If more than one count action is specified in a single flow rule, then each 1711action must specify a unique id. 1712 1713Counters can be retrieved and reset through ``rte_flow_query()``, see 1714``struct rte_flow_query_count``. 1715 1716The shared flag indicates whether the counter is unique to the flow rule the 1717action is specified with, or whether it is a shared counter. 1718 1719For a count action with the shared flag set, then a global device 1720namespace is assumed for the counter id, so that any matched flow rules using 1721a count action with the same counter id on the same port will contribute to 1722that counter. 1723 1724For ports within the same switch domain then the counter id namespace extends 1725to all ports within that switch domain. 1726 1727The shared flag is DEPRECATED and ``SHARED`` ``COUNT`` action should be used 1728to make shared counters. 1729 1730.. _table_rte_flow_action_count: 1731 1732.. table:: COUNT 1733 1734 +------------+---------------------------------+ 1735 | Field | Value | 1736 +============+=================================+ 1737 | ``shared`` | DEPRECATED, shared counter flag | 1738 +------------+---------------------------------+ 1739 | ``id`` | counter id | 1740 +------------+---------------------------------+ 1741 1742Query structure to retrieve and reset flow rule counters: 1743 1744.. _table_rte_flow_query_count: 1745 1746.. table:: COUNT query 1747 1748 +---------------+-----+-----------------------------------+ 1749 | Field | I/O | Value | 1750 +===============+=====+===================================+ 1751 | ``reset`` | in | reset counter after query | 1752 +---------------+-----+-----------------------------------+ 1753 | ``hits_set`` | out | ``hits`` field is set | 1754 +---------------+-----+-----------------------------------+ 1755 | ``bytes_set`` | out | ``bytes`` field is set | 1756 +---------------+-----+-----------------------------------+ 1757 | ``hits`` | out | number of hits for this rule | 1758 +---------------+-----+-----------------------------------+ 1759 | ``bytes`` | out | number of bytes through this rule | 1760 +---------------+-----+-----------------------------------+ 1761 1762Action: ``RSS`` 1763^^^^^^^^^^^^^^^ 1764 1765Similar to QUEUE, except RSS is additionally performed on packets to spread 1766them among several queues according to the provided parameters. 1767 1768Unlike global RSS settings used by other DPDK APIs, unsetting the ``types`` 1769field does not disable RSS in a flow rule. Doing so instead requests safe 1770unspecified "best-effort" settings from the underlying PMD, which depending 1771on the flow rule, may result in anything ranging from empty (single queue) 1772to all-inclusive RSS. 1773 1774If non-applicable for matching packets RSS types are requested, 1775these RSS types are simply ignored. For example, it happens if: 1776 1777- Hashing of both TCP and UDP ports is requested 1778 (only one can be present in a packet). 1779 1780- Requested RSS types contradict to flow rule pattern 1781 (e.g. pattern has UDP item, but RSS types contain TCP). 1782 1783If requested RSS hash types are not supported by the Ethernet device at all 1784(not reported in ``dev_info.flow_type_rss_offloads``), 1785the flow creation will fail. 1786 1787Note: RSS hash result is stored in the ``hash.rss`` mbuf field which 1788overlaps ``hash.fdir.lo``. Since `Action: MARK`_ sets the ``hash.fdir.hi`` 1789field only, both can be requested simultaneously. 1790 1791Also, regarding packet encapsulation ``level``: 1792 1793- ``0`` requests the default behavior. Depending on the packet type, it can 1794 mean outermost, innermost, anything in between or even no RSS. 1795 1796 It basically stands for the innermost encapsulation level RSS can be 1797 performed on according to PMD and device capabilities. 1798 1799- ``1`` requests RSS to be performed on the outermost packet encapsulation 1800 level. 1801 1802- ``2`` and subsequent values request RSS to be performed on the specified 1803 inner packet encapsulation level, from outermost to innermost (lower to 1804 higher values). 1805 1806Values other than ``0`` are not necessarily supported. 1807 1808Requesting a specific RSS level on unrecognized traffic results in undefined 1809behavior. For predictable results, it is recommended to make the flow rule 1810pattern match packet headers up to the requested encapsulation level so that 1811only matching traffic goes through. 1812 1813.. _table_rte_flow_action_rss: 1814 1815.. table:: RSS 1816 1817 +---------------+---------------------------------------------+ 1818 | Field | Value | 1819 +===============+=============================================+ 1820 | ``func`` | RSS hash function to apply | 1821 +---------------+---------------------------------------------+ 1822 | ``level`` | encapsulation level for ``types`` | 1823 +---------------+---------------------------------------------+ 1824 | ``types`` | specific RSS hash types (see ``ETH_RSS_*``) | 1825 +---------------+---------------------------------------------+ 1826 | ``key_len`` | hash key length in bytes | 1827 +---------------+---------------------------------------------+ 1828 | ``queue_num`` | number of entries in ``queue`` | 1829 +---------------+---------------------------------------------+ 1830 | ``key`` | hash key | 1831 +---------------+---------------------------------------------+ 1832 | ``queue`` | queue indices to use | 1833 +---------------+---------------------------------------------+ 1834 1835Action: ``PF`` 1836^^^^^^^^^^^^^^ 1837 1838Directs matching traffic to the physical function (PF) of the current 1839device. 1840 1841See `Item: PF`_. 1842 1843- No configurable properties. 1844 1845.. _table_rte_flow_action_pf: 1846 1847.. table:: PF 1848 1849 +---------------+ 1850 | Field | 1851 +===============+ 1852 | no properties | 1853 +---------------+ 1854 1855Action: ``VF`` 1856^^^^^^^^^^^^^^ 1857 1858Directs matching traffic to a given virtual function of the current device. 1859 1860Packets matched by a VF pattern item can be redirected to their original VF 1861ID instead of the specified one. This parameter may not be available and is 1862not guaranteed to work properly if the VF part is matched by a prior flow 1863rule or if packets are not addressed to a VF in the first place. 1864 1865See `Item: VF`_. 1866 1867.. _table_rte_flow_action_vf: 1868 1869.. table:: VF 1870 1871 +--------------+--------------------------------+ 1872 | Field | Value | 1873 +==============+================================+ 1874 | ``original`` | use original VF ID if possible | 1875 +--------------+--------------------------------+ 1876 | ``id`` | VF ID | 1877 +--------------+--------------------------------+ 1878 1879Action: ``PHY_PORT`` 1880^^^^^^^^^^^^^^^^^^^^ 1881 1882Directs matching traffic to a given physical port index of the underlying 1883device. 1884 1885See `Item: PHY_PORT`_. 1886 1887.. _table_rte_flow_action_phy_port: 1888 1889.. table:: PHY_PORT 1890 1891 +--------------+-------------------------------------+ 1892 | Field | Value | 1893 +==============+=====================================+ 1894 | ``original`` | use original port index if possible | 1895 +--------------+-------------------------------------+ 1896 | ``index`` | physical port index | 1897 +--------------+-------------------------------------+ 1898 1899Action: ``PORT_ID`` 1900^^^^^^^^^^^^^^^^^^^ 1901Directs matching traffic to a given DPDK port ID. 1902 1903See `Item: PORT_ID`_. 1904 1905.. _table_rte_flow_action_port_id: 1906 1907.. table:: PORT_ID 1908 1909 +--------------+---------------------------------------+ 1910 | Field | Value | 1911 +==============+=======================================+ 1912 | ``original`` | use original DPDK port ID if possible | 1913 +--------------+---------------------------------------+ 1914 | ``id`` | DPDK port ID | 1915 +--------------+---------------------------------------+ 1916 1917Action: ``METER`` 1918^^^^^^^^^^^^^^^^^ 1919 1920Applies a stage of metering and policing. 1921 1922The metering and policing (MTR) object has to be first created using the 1923rte_mtr_create() API function. The ID of the MTR object is specified as 1924action parameter. More than one flow can use the same MTR object through 1925the meter action. The MTR object can be further updated or queried using 1926the rte_mtr* API. 1927 1928.. _table_rte_flow_action_meter: 1929 1930.. table:: METER 1931 1932 +--------------+---------------+ 1933 | Field | Value | 1934 +==============+===============+ 1935 | ``mtr_id`` | MTR object ID | 1936 +--------------+---------------+ 1937 1938Action: ``SECURITY`` 1939^^^^^^^^^^^^^^^^^^^^ 1940 1941Perform the security action on flows matched by the pattern items 1942according to the configuration of the security session. 1943 1944This action modifies the payload of matched flows. For INLINE_CRYPTO, the 1945security protocol headers and IV are fully provided by the application as 1946specified in the flow pattern. The payload of matching packets is 1947encrypted on egress, and decrypted and authenticated on ingress. 1948For INLINE_PROTOCOL, the security protocol is fully offloaded to HW, 1949providing full encapsulation and decapsulation of packets in security 1950protocols. The flow pattern specifies both the outer security header fields 1951and the inner packet fields. The security session specified in the action 1952must match the pattern parameters. 1953 1954The security session specified in the action must be created on the same 1955port as the flow action that is being specified. 1956 1957The ingress/egress flow attribute should match that specified in the 1958security session if the security session supports the definition of the 1959direction. 1960 1961Multiple flows can be configured to use the same security session. 1962 1963.. _table_rte_flow_action_security: 1964 1965.. table:: SECURITY 1966 1967 +----------------------+--------------------------------------+ 1968 | Field | Value | 1969 +======================+======================================+ 1970 | ``security_session`` | security session to apply | 1971 +----------------------+--------------------------------------+ 1972 1973The following is an example of configuring IPsec inline using the 1974INLINE_CRYPTO security session: 1975 1976The encryption algorithm, keys and salt are part of the opaque 1977``rte_security_session``. The SA is identified according to the IP and ESP 1978fields in the pattern items. 1979 1980.. _table_rte_flow_item_esp_inline_example: 1981 1982.. table:: IPsec inline crypto flow pattern items. 1983 1984 +-------+----------+ 1985 | Index | Item | 1986 +=======+==========+ 1987 | 0 | Ethernet | 1988 +-------+----------+ 1989 | 1 | IPv4 | 1990 +-------+----------+ 1991 | 2 | ESP | 1992 +-------+----------+ 1993 | 3 | END | 1994 +-------+----------+ 1995 1996.. _table_rte_flow_action_esp_inline_example: 1997 1998.. table:: IPsec inline flow actions. 1999 2000 +-------+----------+ 2001 | Index | Action | 2002 +=======+==========+ 2003 | 0 | SECURITY | 2004 +-------+----------+ 2005 | 1 | END | 2006 +-------+----------+ 2007 2008Action: ``OF_SET_MPLS_TTL`` 2009^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2010 2011Implements ``OFPAT_SET_MPLS_TTL`` ("MPLS TTL") as defined by the `OpenFlow 2012Switch Specification`_. 2013 2014.. _table_rte_flow_action_of_set_mpls_ttl: 2015 2016.. table:: OF_SET_MPLS_TTL 2017 2018 +--------------+----------+ 2019 | Field | Value | 2020 +==============+==========+ 2021 | ``mpls_ttl`` | MPLS TTL | 2022 +--------------+----------+ 2023 2024Action: ``OF_DEC_MPLS_TTL`` 2025^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2026 2027Implements ``OFPAT_DEC_MPLS_TTL`` ("decrement MPLS TTL") as defined by the 2028`OpenFlow Switch Specification`_. 2029 2030.. _table_rte_flow_action_of_dec_mpls_ttl: 2031 2032.. table:: OF_DEC_MPLS_TTL 2033 2034 +---------------+ 2035 | Field | 2036 +===============+ 2037 | no properties | 2038 +---------------+ 2039 2040Action: ``OF_SET_NW_TTL`` 2041^^^^^^^^^^^^^^^^^^^^^^^^^ 2042 2043Implements ``OFPAT_SET_NW_TTL`` ("IP TTL") as defined by the `OpenFlow 2044Switch Specification`_. 2045 2046.. _table_rte_flow_action_of_set_nw_ttl: 2047 2048.. table:: OF_SET_NW_TTL 2049 2050 +------------+--------+ 2051 | Field | Value | 2052 +============+========+ 2053 | ``nw_ttl`` | IP TTL | 2054 +------------+--------+ 2055 2056Action: ``OF_DEC_NW_TTL`` 2057^^^^^^^^^^^^^^^^^^^^^^^^^ 2058 2059Implements ``OFPAT_DEC_NW_TTL`` ("decrement IP TTL") as defined by the 2060`OpenFlow Switch Specification`_. 2061 2062.. _table_rte_flow_action_of_dec_nw_ttl: 2063 2064.. table:: OF_DEC_NW_TTL 2065 2066 +---------------+ 2067 | Field | 2068 +===============+ 2069 | no properties | 2070 +---------------+ 2071 2072Action: ``OF_COPY_TTL_OUT`` 2073^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2074 2075Implements ``OFPAT_COPY_TTL_OUT`` ("copy TTL "outwards" -- from 2076next-to-outermost to outermost") as defined by the `OpenFlow Switch 2077Specification`_. 2078 2079.. _table_rte_flow_action_of_copy_ttl_out: 2080 2081.. table:: OF_COPY_TTL_OUT 2082 2083 +---------------+ 2084 | Field | 2085 +===============+ 2086 | no properties | 2087 +---------------+ 2088 2089Action: ``OF_COPY_TTL_IN`` 2090^^^^^^^^^^^^^^^^^^^^^^^^^^ 2091 2092Implements ``OFPAT_COPY_TTL_IN`` ("copy TTL "inwards" -- from outermost to 2093next-to-outermost") as defined by the `OpenFlow Switch Specification`_. 2094 2095.. _table_rte_flow_action_of_copy_ttl_in: 2096 2097.. table:: OF_COPY_TTL_IN 2098 2099 +---------------+ 2100 | Field | 2101 +===============+ 2102 | no properties | 2103 +---------------+ 2104 2105Action: ``OF_POP_VLAN`` 2106^^^^^^^^^^^^^^^^^^^^^^^ 2107 2108Implements ``OFPAT_POP_VLAN`` ("pop the outer VLAN tag") as defined 2109by the `OpenFlow Switch Specification`_. 2110 2111.. _table_rte_flow_action_of_pop_vlan: 2112 2113.. table:: OF_POP_VLAN 2114 2115 +---------------+ 2116 | Field | 2117 +===============+ 2118 | no properties | 2119 +---------------+ 2120 2121Action: ``OF_PUSH_VLAN`` 2122^^^^^^^^^^^^^^^^^^^^^^^^ 2123 2124Implements ``OFPAT_PUSH_VLAN`` ("push a new VLAN tag") as defined by the 2125`OpenFlow Switch Specification`_. 2126 2127.. _table_rte_flow_action_of_push_vlan: 2128 2129.. table:: OF_PUSH_VLAN 2130 2131 +---------------+-----------+ 2132 | Field | Value | 2133 +===============+===========+ 2134 | ``ethertype`` | EtherType | 2135 +---------------+-----------+ 2136 2137Action: ``OF_SET_VLAN_VID`` 2138^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2139 2140Implements ``OFPAT_SET_VLAN_VID`` ("set the 802.1q VLAN id") as defined by 2141the `OpenFlow Switch Specification`_. 2142 2143.. _table_rte_flow_action_of_set_vlan_vid: 2144 2145.. table:: OF_SET_VLAN_VID 2146 2147 +--------------+---------+ 2148 | Field | Value | 2149 +==============+=========+ 2150 | ``vlan_vid`` | VLAN id | 2151 +--------------+---------+ 2152 2153Action: ``OF_SET_VLAN_PCP`` 2154^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2155 2156Implements ``OFPAT_SET_LAN_PCP`` ("set the 802.1q priority") as defined by 2157the `OpenFlow Switch Specification`_. 2158 2159.. _table_rte_flow_action_of_set_vlan_pcp: 2160 2161.. table:: OF_SET_VLAN_PCP 2162 2163 +--------------+---------------+ 2164 | Field | Value | 2165 +==============+===============+ 2166 | ``vlan_pcp`` | VLAN priority | 2167 +--------------+---------------+ 2168 2169Action: ``OF_POP_MPLS`` 2170^^^^^^^^^^^^^^^^^^^^^^^ 2171 2172Implements ``OFPAT_POP_MPLS`` ("pop the outer MPLS tag") as defined by the 2173`OpenFlow Switch Specification`_. 2174 2175.. _table_rte_flow_action_of_pop_mpls: 2176 2177.. table:: OF_POP_MPLS 2178 2179 +---------------+-----------+ 2180 | Field | Value | 2181 +===============+===========+ 2182 | ``ethertype`` | EtherType | 2183 +---------------+-----------+ 2184 2185Action: ``OF_PUSH_MPLS`` 2186^^^^^^^^^^^^^^^^^^^^^^^^ 2187 2188Implements ``OFPAT_PUSH_MPLS`` ("push a new MPLS tag") as defined by the 2189`OpenFlow Switch Specification`_. 2190 2191.. _table_rte_flow_action_of_push_mpls: 2192 2193.. table:: OF_PUSH_MPLS 2194 2195 +---------------+-----------+ 2196 | Field | Value | 2197 +===============+===========+ 2198 | ``ethertype`` | EtherType | 2199 +---------------+-----------+ 2200 2201Action: ``VXLAN_ENCAP`` 2202^^^^^^^^^^^^^^^^^^^^^^^ 2203 2204Performs a VXLAN encapsulation action by encapsulating the matched flow in the 2205VXLAN tunnel as defined in the``rte_flow_action_vxlan_encap`` flow items 2206definition. 2207 2208This action modifies the payload of matched flows. The flow definition specified 2209in the ``rte_flow_action_tunnel_encap`` action structure must define a valid 2210VLXAN network overlay which conforms with RFC 7348 (Virtual eXtensible Local 2211Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks 2212over Layer 3 Networks). The pattern must be terminated with the 2213RTE_FLOW_ITEM_TYPE_END item type. 2214 2215.. _table_rte_flow_action_vxlan_encap: 2216 2217.. table:: VXLAN_ENCAP 2218 2219 +----------------+-------------------------------------+ 2220 | Field | Value | 2221 +================+=====================================+ 2222 | ``definition`` | Tunnel end-point overlay definition | 2223 +----------------+-------------------------------------+ 2224 2225.. _table_rte_flow_action_vxlan_encap_example: 2226 2227.. table:: IPv4 VxLAN flow pattern example. 2228 2229 +-------+----------+ 2230 | Index | Item | 2231 +=======+==========+ 2232 | 0 | Ethernet | 2233 +-------+----------+ 2234 | 1 | IPv4 | 2235 +-------+----------+ 2236 | 2 | UDP | 2237 +-------+----------+ 2238 | 3 | VXLAN | 2239 +-------+----------+ 2240 | 4 | END | 2241 +-------+----------+ 2242 2243Action: ``VXLAN_DECAP`` 2244^^^^^^^^^^^^^^^^^^^^^^^ 2245 2246Performs a decapsulation action by stripping all headers of the VXLAN tunnel 2247network overlay from the matched flow. 2248 2249The flow items pattern defined for the flow rule with which a ``VXLAN_DECAP`` 2250action is specified, must define a valid VXLAN tunnel as per RFC7348. If the 2251flow pattern does not specify a valid VXLAN tunnel then a 2252RTE_FLOW_ERROR_TYPE_ACTION error should be returned. 2253 2254This action modifies the payload of matched flows. 2255 2256Action: ``NVGRE_ENCAP`` 2257^^^^^^^^^^^^^^^^^^^^^^^ 2258 2259Performs a NVGRE encapsulation action by encapsulating the matched flow in the 2260NVGRE tunnel as defined in the``rte_flow_action_tunnel_encap`` flow item 2261definition. 2262 2263This action modifies the payload of matched flows. The flow definition specified 2264in the ``rte_flow_action_tunnel_encap`` action structure must defined a valid 2265NVGRE network overlay which conforms with RFC 7637 (NVGRE: Network 2266Virtualization Using Generic Routing Encapsulation). The pattern must be 2267terminated with the RTE_FLOW_ITEM_TYPE_END item type. 2268 2269.. _table_rte_flow_action_nvgre_encap: 2270 2271.. table:: NVGRE_ENCAP 2272 2273 +----------------+-------------------------------------+ 2274 | Field | Value | 2275 +================+=====================================+ 2276 | ``definition`` | NVGRE end-point overlay definition | 2277 +----------------+-------------------------------------+ 2278 2279.. _table_rte_flow_action_nvgre_encap_example: 2280 2281.. table:: IPv4 NVGRE flow pattern example. 2282 2283 +-------+----------+ 2284 | Index | Item | 2285 +=======+==========+ 2286 | 0 | Ethernet | 2287 +-------+----------+ 2288 | 1 | IPv4 | 2289 +-------+----------+ 2290 | 2 | NVGRE | 2291 +-------+----------+ 2292 | 3 | END | 2293 +-------+----------+ 2294 2295Action: ``NVGRE_DECAP`` 2296^^^^^^^^^^^^^^^^^^^^^^^ 2297 2298Performs a decapsulation action by stripping all headers of the NVGRE tunnel 2299network overlay from the matched flow. 2300 2301The flow items pattern defined for the flow rule with which a ``NVGRE_DECAP`` 2302action is specified, must define a valid NVGRE tunnel as per RFC7637. If the 2303flow pattern does not specify a valid NVGRE tunnel then a 2304RTE_FLOW_ERROR_TYPE_ACTION error should be returned. 2305 2306This action modifies the payload of matched flows. 2307 2308Action: ``RAW_ENCAP`` 2309^^^^^^^^^^^^^^^^^^^^^ 2310 2311Adds outer header whose template is provided in its data buffer, 2312as defined in the ``rte_flow_action_raw_encap`` definition. 2313 2314This action modifies the payload of matched flows. The data supplied must 2315be a valid header, either holding layer 2 data in case of adding layer 2 after 2316decap layer 3 tunnel (for example MPLSoGRE) or complete tunnel definition 2317starting from layer 2 and moving to the tunnel item itself. When applied to 2318the original packet the resulting packet must be a valid packet. 2319 2320.. _table_rte_flow_action_raw_encap: 2321 2322.. table:: RAW_ENCAP 2323 2324 +----------------+----------------------------------------+ 2325 | Field | Value | 2326 +================+========================================+ 2327 | ``data`` | Encapsulation data | 2328 +----------------+----------------------------------------+ 2329 | ``preserve`` | Bit-mask of data to preserve on output | 2330 +----------------+----------------------------------------+ 2331 | ``size`` | Size of data and preserve | 2332 +----------------+----------------------------------------+ 2333 2334Action: ``RAW_DECAP`` 2335^^^^^^^^^^^^^^^^^^^^^^^ 2336 2337Remove outer header whose template is provided in its data buffer, 2338as defined in the ``rte_flow_action_raw_decap`` 2339 2340This action modifies the payload of matched flows. The data supplied must 2341be a valid header, either holding layer 2 data in case of removing layer 2 2342before encapsulation of layer 3 tunnel (for example MPLSoGRE) or complete 2343tunnel definition starting from layer 2 and moving to the tunnel item itself. 2344When applied to the original packet the resulting packet must be a 2345valid packet. 2346 2347.. _table_rte_flow_action_raw_decap: 2348 2349.. table:: RAW_DECAP 2350 2351 +----------------+----------------------------------------+ 2352 | Field | Value | 2353 +================+========================================+ 2354 | ``data`` | Decapsulation data | 2355 +----------------+----------------------------------------+ 2356 | ``size`` | Size of data | 2357 +----------------+----------------------------------------+ 2358 2359Action: ``SET_IPV4_SRC`` 2360^^^^^^^^^^^^^^^^^^^^^^^^ 2361 2362Set a new IPv4 source address in the outermost IPv4 header. 2363 2364It must be used with a valid RTE_FLOW_ITEM_TYPE_IPV4 flow pattern item. 2365Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2366 2367.. _table_rte_flow_action_set_ipv4_src: 2368 2369.. table:: SET_IPV4_SRC 2370 2371 +-----------------------------------------+ 2372 | Field | Value | 2373 +===============+=========================+ 2374 | ``ipv4_addr`` | new IPv4 source address | 2375 +---------------+-------------------------+ 2376 2377Action: ``SET_IPV4_DST`` 2378^^^^^^^^^^^^^^^^^^^^^^^^ 2379 2380Set a new IPv4 destination address in the outermost IPv4 header. 2381 2382It must be used with a valid RTE_FLOW_ITEM_TYPE_IPV4 flow pattern item. 2383Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2384 2385.. _table_rte_flow_action_set_ipv4_dst: 2386 2387.. table:: SET_IPV4_DST 2388 2389 +---------------+------------------------------+ 2390 | Field | Value | 2391 +===============+==============================+ 2392 | ``ipv4_addr`` | new IPv4 destination address | 2393 +---------------+------------------------------+ 2394 2395Action: ``SET_IPV6_SRC`` 2396^^^^^^^^^^^^^^^^^^^^^^^^ 2397 2398Set a new IPv6 source address in the outermost IPv6 header. 2399 2400It must be used with a valid RTE_FLOW_ITEM_TYPE_IPV6 flow pattern item. 2401Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2402 2403.. _table_rte_flow_action_set_ipv6_src: 2404 2405.. table:: SET_IPV6_SRC 2406 2407 +---------------+-------------------------+ 2408 | Field | Value | 2409 +===============+=========================+ 2410 | ``ipv6_addr`` | new IPv6 source address | 2411 +---------------+-------------------------+ 2412 2413Action: ``SET_IPV6_DST`` 2414^^^^^^^^^^^^^^^^^^^^^^^^ 2415 2416Set a new IPv6 destination address in the outermost IPv6 header. 2417 2418It must be used with a valid RTE_FLOW_ITEM_TYPE_IPV6 flow pattern item. 2419Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2420 2421.. _table_rte_flow_action_set_ipv6_dst: 2422 2423.. table:: SET_IPV6_DST 2424 2425 +---------------+------------------------------+ 2426 | Field | Value | 2427 +===============+==============================+ 2428 | ``ipv6_addr`` | new IPv6 destination address | 2429 +---------------+------------------------------+ 2430 2431Action: ``SET_TP_SRC`` 2432^^^^^^^^^^^^^^^^^^^^^^^^^ 2433 2434Set a new source port number in the outermost TCP/UDP header. 2435 2436It must be used with a valid RTE_FLOW_ITEM_TYPE_TCP or RTE_FLOW_ITEM_TYPE_UDP 2437flow pattern item. Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2438 2439.. _table_rte_flow_action_set_tp_src: 2440 2441.. table:: SET_TP_SRC 2442 2443 +----------+-------------------------+ 2444 | Field | Value | 2445 +==========+=========================+ 2446 | ``port`` | new TCP/UDP source port | 2447 +---------------+--------------------+ 2448 2449Action: ``SET_TP_DST`` 2450^^^^^^^^^^^^^^^^^^^^^^^^^ 2451 2452Set a new destination port number in the outermost TCP/UDP header. 2453 2454It must be used with a valid RTE_FLOW_ITEM_TYPE_TCP or RTE_FLOW_ITEM_TYPE_UDP 2455flow pattern item. Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2456 2457.. _table_rte_flow_action_set_tp_dst: 2458 2459.. table:: SET_TP_DST 2460 2461 +----------+------------------------------+ 2462 | Field | Value | 2463 +==========+==============================+ 2464 | ``port`` | new TCP/UDP destination port | 2465 +---------------+-------------------------+ 2466 2467Action: ``MAC_SWAP`` 2468^^^^^^^^^^^^^^^^^^^^^^^^^ 2469 2470Swap the source and destination MAC addresses in the outermost Ethernet 2471header. 2472 2473It must be used with a valid RTE_FLOW_ITEM_TYPE_ETH flow pattern item. 2474Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2475 2476.. _table_rte_flow_action_mac_swap: 2477 2478.. table:: MAC_SWAP 2479 2480 +---------------+ 2481 | Field | 2482 +===============+ 2483 | no properties | 2484 +---------------+ 2485 2486Action: ``DEC_TTL`` 2487^^^^^^^^^^^^^^^^^^^ 2488 2489Decrease TTL value. 2490 2491If there is no valid RTE_FLOW_ITEM_TYPE_IPV4 or RTE_FLOW_ITEM_TYPE_IPV6 2492in pattern, Some PMDs will reject rule because behavior will be undefined. 2493 2494.. _table_rte_flow_action_dec_ttl: 2495 2496.. table:: DEC_TTL 2497 2498 +---------------+ 2499 | Field | 2500 +===============+ 2501 | no properties | 2502 +---------------+ 2503 2504Action: ``SET_TTL`` 2505^^^^^^^^^^^^^^^^^^^ 2506 2507Assigns a new TTL value. 2508 2509If there is no valid RTE_FLOW_ITEM_TYPE_IPV4 or RTE_FLOW_ITEM_TYPE_IPV6 2510in pattern, Some PMDs will reject rule because behavior will be undefined. 2511 2512.. _table_rte_flow_action_set_ttl: 2513 2514.. table:: SET_TTL 2515 2516 +---------------+--------------------+ 2517 | Field | Value | 2518 +===============+====================+ 2519 | ``ttl_value`` | new TTL value | 2520 +---------------+--------------------+ 2521 2522Action: ``SET_MAC_SRC`` 2523^^^^^^^^^^^^^^^^^^^^^^^ 2524 2525Set source MAC address. 2526 2527It must be used with a valid RTE_FLOW_ITEM_TYPE_ETH flow pattern item. 2528Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2529 2530.. _table_rte_flow_action_set_mac_src: 2531 2532.. table:: SET_MAC_SRC 2533 2534 +--------------+---------------+ 2535 | Field | Value | 2536 +==============+===============+ 2537 | ``mac_addr`` | MAC address | 2538 +--------------+---------------+ 2539 2540Action: ``SET_MAC_DST`` 2541^^^^^^^^^^^^^^^^^^^^^^^ 2542 2543Set destination MAC address. 2544 2545It must be used with a valid RTE_FLOW_ITEM_TYPE_ETH flow pattern item. 2546Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2547 2548.. _table_rte_flow_action_set_mac_dst: 2549 2550.. table:: SET_MAC_DST 2551 2552 +--------------+---------------+ 2553 | Field | Value | 2554 +==============+===============+ 2555 | ``mac_addr`` | MAC address | 2556 +--------------+---------------+ 2557 2558Action: ``INC_TCP_SEQ`` 2559^^^^^^^^^^^^^^^^^^^^^^^ 2560 2561Increase sequence number in the outermost TCP header. 2562Value to increase TCP sequence number by is a big-endian 32 bit integer. 2563 2564Using this action on non-matching traffic will result in undefined behavior. 2565 2566Action: ``DEC_TCP_SEQ`` 2567^^^^^^^^^^^^^^^^^^^^^^^ 2568 2569Decrease sequence number in the outermost TCP header. 2570Value to decrease TCP sequence number by is a big-endian 32 bit integer. 2571 2572Using this action on non-matching traffic will result in undefined behavior. 2573 2574Action: ``INC_TCP_ACK`` 2575^^^^^^^^^^^^^^^^^^^^^^^ 2576 2577Increase acknowledgment number in the outermost TCP header. 2578Value to increase TCP acknowledgment number by is a big-endian 32 bit integer. 2579 2580Using this action on non-matching traffic will result in undefined behavior. 2581 2582Action: ``DEC_TCP_ACK`` 2583^^^^^^^^^^^^^^^^^^^^^^^ 2584 2585Decrease acknowledgment number in the outermost TCP header. 2586Value to decrease TCP acknowledgment number by is a big-endian 32 bit integer. 2587 2588Using this action on non-matching traffic will result in undefined behavior. 2589 2590Action: ``SET_TAG`` 2591^^^^^^^^^^^^^^^^^^^ 2592 2593Set Tag. 2594 2595Tag is a transient data used during flow matching. This is not delivered to 2596application. Multiple tags are supported by specifying index. 2597 2598.. _table_rte_flow_action_set_tag: 2599 2600.. table:: SET_TAG 2601 2602 +-----------+----------------------------+ 2603 | Field | Value | 2604 +===========+============================+ 2605 | ``data`` | 32 bit tag value | 2606 +-----------+----------------------------+ 2607 | ``mask`` | bit-mask applies to "data" | 2608 +-----------+----------------------------+ 2609 | ``index`` | index of tag to set | 2610 +-----------+----------------------------+ 2611 2612Action: ``SET_META`` 2613^^^^^^^^^^^^^^^^^^^^^^^ 2614 2615Set metadata. Item ``META`` matches metadata. 2616 2617Metadata set by mbuf metadata field with PKT_TX_DYNF_METADATA flag on egress 2618will be overridden by this action. On ingress, the metadata will be carried by 2619``metadata`` dynamic field of ``rte_mbuf`` which can be accessed by 2620``RTE_FLOW_DYNF_METADATA()``. PKT_RX_DYNF_METADATA flag will be set along 2621with the data. 2622 2623The mbuf dynamic field must be registered by calling 2624``rte_flow_dynf_metadata_register()`` prior to use ``SET_META`` action. 2625 2626Altering partial bits is supported with ``mask``. For bits which have never been 2627set, unpredictable value will be seen depending on driver implementation. For 2628loopback/hairpin packet, metadata set on Rx/Tx may or may not be propagated to 2629the other path depending on HW capability. 2630 2631In hairpin case with Tx explicit flow mode, metadata could (not mandatory) be 2632used to connect the Rx and Tx flows if it can be propagated from Rx to Tx path. 2633 2634.. _table_rte_flow_action_set_meta: 2635 2636.. table:: SET_META 2637 2638 +----------+----------------------------+ 2639 | Field | Value | 2640 +==========+============================+ 2641 | ``data`` | 32 bit metadata value | 2642 +----------+----------------------------+ 2643 | ``mask`` | bit-mask applies to "data" | 2644 +----------+----------------------------+ 2645 2646Action: ``SET_IPV4_DSCP`` 2647^^^^^^^^^^^^^^^^^^^^^^^^^ 2648 2649Set IPv4 DSCP. 2650 2651Modify DSCP in IPv4 header. 2652 2653It must be used with RTE_FLOW_ITEM_TYPE_IPV4 in pattern. 2654Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2655 2656.. _table_rte_flow_action_set_ipv4_dscp: 2657 2658.. table:: SET_IPV4_DSCP 2659 2660 +-----------+---------------------------------+ 2661 | Field | Value | 2662 +===========+=================================+ 2663 | ``dscp`` | DSCP in low 6 bits, rest ignore | 2664 +-----------+---------------------------------+ 2665 2666Action: ``SET_IPV6_DSCP`` 2667^^^^^^^^^^^^^^^^^^^^^^^^^ 2668 2669Set IPv6 DSCP. 2670 2671Modify DSCP in IPv6 header. 2672 2673It must be used with RTE_FLOW_ITEM_TYPE_IPV6 in pattern. 2674Otherwise, RTE_FLOW_ERROR_TYPE_ACTION error will be returned. 2675 2676.. _table_rte_flow_action_set_ipv6_dscp: 2677 2678.. table:: SET_IPV6_DSCP 2679 2680 +-----------+---------------------------------+ 2681 | Field | Value | 2682 +===========+=================================+ 2683 | ``dscp`` | DSCP in low 6 bits, rest ignore | 2684 +-----------+---------------------------------+ 2685 2686Action: ``AGE`` 2687^^^^^^^^^^^^^^^ 2688 2689Set ageing timeout configuration to a flow. 2690 2691Event RTE_ETH_EVENT_FLOW_AGED will be reported if 2692timeout passed without any matching on the flow. 2693 2694.. _table_rte_flow_action_age: 2695 2696.. table:: AGE 2697 2698 +--------------+---------------------------------+ 2699 | Field | Value | 2700 +==============+=================================+ 2701 | ``timeout`` | 24 bits timeout value | 2702 +--------------+---------------------------------+ 2703 | ``reserved`` | 8 bits reserved, must be zero | 2704 +--------------+---------------------------------+ 2705 | ``context`` | user input flow context | 2706 +--------------+---------------------------------+ 2707 2708Query structure to retrieve ageing status information of a 2709shared AGE action, or a flow rule using the AGE action: 2710 2711.. _table_rte_flow_query_age: 2712 2713.. table:: AGE query 2714 2715 +------------------------------+-----+----------------------------------------+ 2716 | Field | I/O | Value | 2717 +==============================+=====+========================================+ 2718 | ``aged`` | out | Aging timeout expired | 2719 +------------------------------+-----+----------------------------------------+ 2720 | ``sec_since_last_hit_valid`` | out | ``sec_since_last_hit`` value is valid | 2721 +------------------------------+-----+----------------------------------------+ 2722 | ``sec_since_last_hit`` | out | Seconds since last traffic hit | 2723 +------------------------------+-----+----------------------------------------+ 2724 2725Action: ``SAMPLE`` 2726^^^^^^^^^^^^^^^^^^ 2727 2728Adds a sample action to a matched flow. 2729 2730The matching packets will be duplicated with the specified ``ratio`` and 2731applied with own set of actions with a fate action, the packets sampled 2732equals is '1/ratio'. All the packets continue to the target destination. 2733 2734When the ``ratio`` is set to 1 then the packets will be 100% mirrored. 2735``actions`` represent the different set of actions for the sampled or mirrored 2736packets, and must have a fate action. 2737 2738.. _table_rte_flow_action_sample: 2739 2740.. table:: SAMPLE 2741 2742 +--------------+---------------------------------+ 2743 | Field | Value | 2744 +==============+=================================+ 2745 | ``ratio`` | 32 bits sample ratio value | 2746 +--------------+---------------------------------+ 2747 | ``actions`` | sub-action list for sampling | 2748 +--------------+---------------------------------+ 2749 2750Action: ``SHARED`` 2751^^^^^^^^^^^^^^^^^^ 2752 2753Flow utilize shared action by handle as returned from 2754``rte_flow_shared_action_create()``. 2755 2756The behaviour of the shared action defined by ``action`` argument of type 2757``struct rte_flow_action`` passed to ``rte_flow_shared_action_create()``. 2758 2759.. _table_rte_flow_shared_action: 2760 2761.. table:: SHARED 2762 2763 +---------------+ 2764 | Field | 2765 +===============+ 2766 | no properties | 2767 +---------------+ 2768 2769Negative types 2770~~~~~~~~~~~~~~ 2771 2772All specified pattern items (``enum rte_flow_item_type``) and actions 2773(``enum rte_flow_action_type``) use positive identifiers. 2774 2775The negative space is reserved for dynamic types generated by PMDs during 2776run-time. PMDs may encounter them as a result but must not accept negative 2777identifiers they are not aware of. 2778 2779A method to generate them remains to be defined. 2780 2781Application may use PMD dynamic items or actions in flow rules. In that case 2782size of configuration object in dynamic element must be a pointer size. 2783 2784Planned types 2785~~~~~~~~~~~~~ 2786 2787Pattern item types will be added as new protocols are implemented. 2788 2789Variable headers support through dedicated pattern items, for example in 2790order to match specific IPv4 options and IPv6 extension headers would be 2791stacked after IPv4/IPv6 items. 2792 2793Other action types are planned but are not defined yet. These include the 2794ability to alter packet data in several ways, such as performing 2795encapsulation/decapsulation of tunnel headers. 2796 2797Rules management 2798---------------- 2799 2800A rather simple API with few functions is provided to fully manage flow 2801rules. 2802 2803Each created flow rule is associated with an opaque, PMD-specific handle 2804pointer. The application is responsible for keeping it until the rule is 2805destroyed. 2806 2807Flows rules are represented by ``struct rte_flow`` objects. 2808 2809Validation 2810~~~~~~~~~~ 2811 2812Given that expressing a definite set of device capabilities is not 2813practical, a dedicated function is provided to check if a flow rule is 2814supported and can be created. 2815 2816.. code-block:: c 2817 2818 int 2819 rte_flow_validate(uint16_t port_id, 2820 const struct rte_flow_attr *attr, 2821 const struct rte_flow_item pattern[], 2822 const struct rte_flow_action actions[], 2823 struct rte_flow_error *error); 2824 2825The flow rule is validated for correctness and whether it could be accepted 2826by the device given sufficient resources. The rule is checked against the 2827current device mode and queue configuration. The flow rule may also 2828optionally be validated against existing flow rules and device resources. 2829This function has no effect on the target device. 2830 2831The returned value is guaranteed to remain valid only as long as no 2832successful calls to ``rte_flow_create()`` or ``rte_flow_destroy()`` are made 2833in the meantime and no device parameter affecting flow rules in any way are 2834modified, due to possible collisions or resource limitations (although in 2835such cases ``EINVAL`` should not be returned). 2836 2837Arguments: 2838 2839- ``port_id``: port identifier of Ethernet device. 2840- ``attr``: flow rule attributes. 2841- ``pattern``: pattern specification (list terminated by the END pattern 2842 item). 2843- ``actions``: associated actions (list terminated by the END action). 2844- ``error``: perform verbose error reporting if not NULL. PMDs initialize 2845 this structure in case of error only. 2846 2847Return values: 2848 2849- 0 if flow rule is valid and can be created. A negative errno value 2850 otherwise (``rte_errno`` is also set), the following errors are defined. 2851- ``-ENOSYS``: underlying device does not support this functionality. 2852- ``-EINVAL``: unknown or invalid rule specification. 2853- ``-ENOTSUP``: valid but unsupported rule specification (e.g. partial 2854 bit-masks are unsupported). 2855- ``EEXIST``: collision with an existing rule. Only returned if device 2856 supports flow rule collision checking and there was a flow rule 2857 collision. Not receiving this return code is no guarantee that creating 2858 the rule will not fail due to a collision. 2859- ``ENOMEM``: not enough memory to execute the function, or if the device 2860 supports resource validation, resource limitation on the device. 2861- ``-EBUSY``: action cannot be performed due to busy device resources, may 2862 succeed if the affected queues or even the entire port are in a stopped 2863 state (see ``rte_eth_dev_rx_queue_stop()`` and ``rte_eth_dev_stop()``). 2864 2865Creation 2866~~~~~~~~ 2867 2868Creating a flow rule is similar to validating one, except the rule is 2869actually created and a handle returned. 2870 2871.. code-block:: c 2872 2873 struct rte_flow * 2874 rte_flow_create(uint16_t port_id, 2875 const struct rte_flow_attr *attr, 2876 const struct rte_flow_item pattern[], 2877 const struct rte_flow_action *actions[], 2878 struct rte_flow_error *error); 2879 2880Arguments: 2881 2882- ``port_id``: port identifier of Ethernet device. 2883- ``attr``: flow rule attributes. 2884- ``pattern``: pattern specification (list terminated by the END pattern 2885 item). 2886- ``actions``: associated actions (list terminated by the END action). 2887- ``error``: perform verbose error reporting if not NULL. PMDs initialize 2888 this structure in case of error only. 2889 2890Return values: 2891 2892A valid handle in case of success, NULL otherwise and ``rte_errno`` is set 2893to the positive version of one of the error codes defined for 2894``rte_flow_validate()``. 2895 2896Destruction 2897~~~~~~~~~~~ 2898 2899Flow rules destruction is not automatic, and a queue or a port should not be 2900released if any are still attached to them. Applications must take care of 2901performing this step before releasing resources. 2902 2903.. code-block:: c 2904 2905 int 2906 rte_flow_destroy(uint16_t port_id, 2907 struct rte_flow *flow, 2908 struct rte_flow_error *error); 2909 2910 2911Failure to destroy a flow rule handle may occur when other flow rules depend 2912on it, and destroying it would result in an inconsistent state. 2913 2914This function is only guaranteed to succeed if handles are destroyed in 2915reverse order of their creation. 2916 2917Arguments: 2918 2919- ``port_id``: port identifier of Ethernet device. 2920- ``flow``: flow rule handle to destroy. 2921- ``error``: perform verbose error reporting if not NULL. PMDs initialize 2922 this structure in case of error only. 2923 2924Return values: 2925 2926- 0 on success, a negative errno value otherwise and ``rte_errno`` is set. 2927 2928Flush 2929~~~~~ 2930 2931Convenience function to destroy all flow rule handles associated with a 2932port. They are released as with successive calls to ``rte_flow_destroy()``. 2933 2934.. code-block:: c 2935 2936 int 2937 rte_flow_flush(uint16_t port_id, 2938 struct rte_flow_error *error); 2939 2940In the unlikely event of failure, handles are still considered destroyed and 2941no longer valid but the port must be assumed to be in an inconsistent state. 2942 2943Arguments: 2944 2945- ``port_id``: port identifier of Ethernet device. 2946- ``error``: perform verbose error reporting if not NULL. PMDs initialize 2947 this structure in case of error only. 2948 2949Return values: 2950 2951- 0 on success, a negative errno value otherwise and ``rte_errno`` is set. 2952 2953Query 2954~~~~~ 2955 2956Query an existing flow rule. 2957 2958This function allows retrieving flow-specific data such as counters. Data 2959is gathered by special actions which must be present in the flow rule 2960definition. 2961 2962.. code-block:: c 2963 2964 int 2965 rte_flow_query(uint16_t port_id, 2966 struct rte_flow *flow, 2967 const struct rte_flow_action *action, 2968 void *data, 2969 struct rte_flow_error *error); 2970 2971Arguments: 2972 2973- ``port_id``: port identifier of Ethernet device. 2974- ``flow``: flow rule handle to query. 2975- ``action``: action to query, this must match prototype from flow rule. 2976- ``data``: pointer to storage for the associated query data type. 2977- ``error``: perform verbose error reporting if not NULL. PMDs initialize 2978 this structure in case of error only. 2979 2980Return values: 2981 2982- 0 on success, a negative errno value otherwise and ``rte_errno`` is set. 2983 2984.. _flow_isolated_mode: 2985 2986Flow isolated mode 2987------------------ 2988 2989The general expectation for ingress traffic is that flow rules process it 2990first; the remaining unmatched or pass-through traffic usually ends up in a 2991queue (with or without RSS, locally or in some sub-device instance) 2992depending on the global configuration settings of a port. 2993 2994While fine from a compatibility standpoint, this approach makes drivers more 2995complex as they have to check for possible side effects outside of this API 2996when creating or destroying flow rules. It results in a more limited set of 2997available rule types due to the way device resources are assigned (e.g. no 2998support for the RSS action even on capable hardware). 2999 3000Given that nonspecific traffic can be handled by flow rules as well, 3001isolated mode is a means for applications to tell a driver that ingress on 3002the underlying port must be injected from the defined flow rules only; that 3003no default traffic is expected outside those rules. 3004 3005This has the following benefits: 3006 3007- Applications get finer-grained control over the kind of traffic they want 3008 to receive (no traffic by default). 3009 3010- More importantly they control at what point nonspecific traffic is handled 3011 relative to other flow rules, by adjusting priority levels. 3012 3013- Drivers can assign more hardware resources to flow rules and expand the 3014 set of supported rule types. 3015 3016Because toggling isolated mode may cause profound changes to the ingress 3017processing path of a driver, it may not be possible to leave it once 3018entered. Likewise, existing flow rules or global configuration settings may 3019prevent a driver from entering isolated mode. 3020 3021Applications relying on this mode are therefore encouraged to toggle it as 3022soon as possible after device initialization, ideally before the first call 3023to ``rte_eth_dev_configure()`` to avoid possible failures due to conflicting 3024settings. 3025 3026Once effective, the following functionality has no effect on the underlying 3027port and may return errors such as ``ENOTSUP`` ("not supported"): 3028 3029- Toggling promiscuous mode. 3030- Toggling allmulticast mode. 3031- Configuring MAC addresses. 3032- Configuring multicast addresses. 3033- Configuring VLAN filters. 3034- Configuring Rx filters through the legacy API (e.g. FDIR). 3035- Configuring global RSS settings. 3036 3037.. code-block:: c 3038 3039 int 3040 rte_flow_isolate(uint16_t port_id, int set, struct rte_flow_error *error); 3041 3042Arguments: 3043 3044- ``port_id``: port identifier of Ethernet device. 3045- ``set``: nonzero to enter isolated mode, attempt to leave it otherwise. 3046- ``error``: perform verbose error reporting if not NULL. PMDs initialize 3047 this structure in case of error only. 3048 3049Return values: 3050 3051- 0 on success, a negative errno value otherwise and ``rte_errno`` is set. 3052 3053Verbose error reporting 3054----------------------- 3055 3056The defined *errno* values may not be accurate enough for users or 3057application developers who want to investigate issues related to flow rules 3058management. A dedicated error object is defined for this purpose: 3059 3060.. code-block:: c 3061 3062 enum rte_flow_error_type { 3063 RTE_FLOW_ERROR_TYPE_NONE, /**< No error. */ 3064 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, /**< Cause unspecified. */ 3065 RTE_FLOW_ERROR_TYPE_HANDLE, /**< Flow rule (handle). */ 3066 RTE_FLOW_ERROR_TYPE_ATTR_GROUP, /**< Group field. */ 3067 RTE_FLOW_ERROR_TYPE_ATTR_PRIORITY, /**< Priority field. */ 3068 RTE_FLOW_ERROR_TYPE_ATTR_INGRESS, /**< Ingress field. */ 3069 RTE_FLOW_ERROR_TYPE_ATTR_EGRESS, /**< Egress field. */ 3070 RTE_FLOW_ERROR_TYPE_ATTR, /**< Attributes structure. */ 3071 RTE_FLOW_ERROR_TYPE_ITEM_NUM, /**< Pattern length. */ 3072 RTE_FLOW_ERROR_TYPE_ITEM, /**< Specific pattern item. */ 3073 RTE_FLOW_ERROR_TYPE_ACTION_NUM, /**< Number of actions. */ 3074 RTE_FLOW_ERROR_TYPE_ACTION, /**< Specific action. */ 3075 }; 3076 3077 struct rte_flow_error { 3078 enum rte_flow_error_type type; /**< Cause field and error types. */ 3079 const void *cause; /**< Object responsible for the error. */ 3080 const char *message; /**< Human-readable error message. */ 3081 }; 3082 3083Error type ``RTE_FLOW_ERROR_TYPE_NONE`` stands for no error, in which case 3084remaining fields can be ignored. Other error types describe the type of the 3085object pointed by ``cause``. 3086 3087If non-NULL, ``cause`` points to the object responsible for the error. For a 3088flow rule, this may be a pattern item or an individual action. 3089 3090If non-NULL, ``message`` provides a human-readable error message. 3091 3092This object is normally allocated by applications and set by PMDs in case of 3093error, the message points to a constant string which does not need to be 3094freed by the application, however its pointer can be considered valid only 3095as long as its associated DPDK port remains configured. Closing the 3096underlying device or unloading the PMD invalidates it. 3097 3098Helpers 3099------- 3100 3101Error initializer 3102~~~~~~~~~~~~~~~~~ 3103 3104.. code-block:: c 3105 3106 static inline int 3107 rte_flow_error_set(struct rte_flow_error *error, 3108 int code, 3109 enum rte_flow_error_type type, 3110 const void *cause, 3111 const char *message); 3112 3113This function initializes ``error`` (if non-NULL) with the provided 3114parameters and sets ``rte_errno`` to ``code``. A negative error ``code`` is 3115then returned. 3116 3117Object conversion 3118~~~~~~~~~~~~~~~~~ 3119 3120.. code-block:: c 3121 3122 int 3123 rte_flow_conv(enum rte_flow_conv_op op, 3124 void *dst, 3125 size_t size, 3126 const void *src, 3127 struct rte_flow_error *error); 3128 3129Convert ``src`` to ``dst`` according to operation ``op``. Possible 3130operations include: 3131 3132- Attributes, pattern item or action duplication. 3133- Duplication of an entire pattern or list of actions. 3134- Duplication of a complete flow rule description. 3135- Pattern item or action name retrieval. 3136 3137Tunneled traffic offload 3138~~~~~~~~~~~~~~~~~~~~~~~~ 3139 3140rte_flow API provides the building blocks for vendor-agnostic flow 3141classification offloads. The rte_flow "patterns" and "actions" 3142primitives are fine-grained, thus enabling DPDK applications the 3143flexibility to offload network stacks and complex pipelines. 3144Applications wishing to offload tunneled traffic are required to use 3145the rte_flow primitives, such as group, meta, mark, tag, and others to 3146model their high-level objects. The hardware model design for 3147high-level software objects is not trivial. Furthermore, an optimal 3148design is often vendor-specific. 3149 3150When hardware offloads tunneled traffic in multi-group logic, 3151partially offloaded packets may arrive to the application after they 3152were modified in hardware. In this case, the application may need to 3153restore the original packet headers. Consider the following sequence: 3154The application decaps a packet in one group and jumps to a second 3155group where it tries to match on a 5-tuple, that will miss and send 3156the packet to the application. In this case, the application does not 3157receive the original packet but a modified one. Also, in this case, 3158the application cannot match on the outer header fields, such as VXLAN 3159vni and 5-tuple. 3160 3161There are several possible ways to use rte_flow "patterns" and 3162"actions" to resolve the issues above. For example: 3163 31641 Mapping headers to a hardware registers using the 3165rte_flow_action_mark/rte_flow_action_tag/rte_flow_set_meta objects. 3166 31672 Apply the decap only at the last offload stage after all the 3168"patterns" were matched and the packet will be fully offloaded. 3169 3170Every approach has its pros and cons and is highly dependent on the 3171hardware vendor. For example, some hardware may have a limited number 3172of registers while other hardware could not support inner actions and 3173must decap before accessing inner headers. 3174 3175The tunnel offload model resolves these issues. The model goals are: 3176 31771 Provide a unified application API to offload tunneled traffic that 3178is capable to match on outer headers after decap. 3179 31802 Allow the application to restore the outer header of partially 3181offloaded packets. 3182 3183The tunnel offload model does not introduce new elements to the 3184existing RTE flow model and is implemented as a set of helper 3185functions. 3186 3187For the application to work with the tunnel offload API it 3188has to adjust flow rules in multi-table tunnel offload in the 3189following way: 3190 31911 Remove explicit call to decap action and replace it with PMD actions 3192obtained from rte_flow_tunnel_decap_and_set() helper. 3193 31942 Add PMD items obtained from rte_flow_tunnel_match() helper to all 3195other rules in the tunnel offload sequence. 3196 3197The model requirements: 3198 3199Software application must initialize 3200rte_tunnel object with tunnel parameters before calling 3201rte_flow_tunnel_decap_set() & rte_flow_tunnel_match(). 3202 3203PMD actions array obtained in rte_flow_tunnel_decap_set() must be 3204released by application with rte_flow_action_release() call. 3205 3206PMD items array obtained with rte_flow_tunnel_match() must be released 3207by application with rte_flow_item_release() call. Application can 3208release PMD items and actions after rule was created. However, if the 3209application needs to create additional rule for the same tunnel it 3210will need to obtain PMD items again. 3211 3212Application cannot destroy rte_tunnel object before it releases all 3213PMD actions & PMD items referencing that tunnel. 3214 3215Caveats 3216------- 3217 3218- DPDK does not keep track of flow rules definitions or flow rule objects 3219 automatically. Applications may keep track of the former and must keep 3220 track of the latter. PMDs may also do it for internal needs, however this 3221 must not be relied on by applications. 3222 3223- Flow rules are not maintained between successive port initializations. An 3224 application exiting without releasing them and restarting must re-create 3225 them from scratch. 3226 3227- API operations are synchronous and blocking (``EAGAIN`` cannot be 3228 returned). 3229 3230- Stopping the data path (TX/RX) should not be necessary when managing flow 3231 rules. If this cannot be achieved naturally or with workarounds (such as 3232 temporarily replacing the burst function pointers), an appropriate error 3233 code must be returned (``EBUSY``). 3234 3235- Applications, not PMDs, are responsible for maintaining flow rules 3236 configuration when closing, stopping or restarting a port or performing other 3237 actions which may affect them. 3238 Applications must assume that after port close, stop or restart all flows 3239 related to that port are not valid, hardware rules are destroyed and relevant 3240 PMD resources are released. 3241 3242For devices exposing multiple ports sharing global settings affected by flow 3243rules: 3244 3245- All ports under DPDK control must behave consistently, PMDs are 3246 responsible for making sure that existing flow rules on a port are not 3247 affected by other ports. 3248 3249- Ports not under DPDK control (unaffected or handled by other applications) 3250 are user's responsibility. They may affect existing flow rules and cause 3251 undefined behavior. PMDs aware of this may prevent flow rules creation 3252 altogether in such cases. 3253 3254PMD interface 3255------------- 3256 3257The PMD interface is defined in ``rte_flow_driver.h``. It is not subject to 3258API/ABI versioning constraints as it is not exposed to applications and may 3259evolve independently. 3260 3261It is currently implemented on top of the legacy filtering framework through 3262filter type *RTE_ETH_FILTER_GENERIC* that accepts the single operation 3263*RTE_ETH_FILTER_GET* to return PMD-specific *rte_flow* callbacks wrapped 3264inside ``struct rte_flow_ops``. 3265 3266This overhead is temporarily necessary in order to keep compatibility with 3267the legacy filtering framework, which should eventually disappear. 3268 3269- PMD callbacks implement exactly the interface described in `Rules 3270 management`_, except for the port ID argument which has already been 3271 converted to a pointer to the underlying ``struct rte_eth_dev``. 3272 3273- Public API functions do not process flow rules definitions at all before 3274 calling PMD functions (no basic error checking, no validation 3275 whatsoever). They only make sure these callbacks are non-NULL or return 3276 the ``ENOSYS`` (function not supported) error. 3277 3278This interface additionally defines the following helper function: 3279 3280- ``rte_flow_ops_get()``: get generic flow operations structure from a 3281 port. 3282 3283If PMD interfaces don't support re-entrancy/multi-thread safety, 3284the rte_flow API functions will protect threads by mutex per port. 3285The application can check whether ``RTE_ETH_DEV_FLOW_OPS_THREAD_SAFE`` 3286is set in ``dev_flags``, meaning the PMD is thread-safe regarding rte_flow, 3287so the API level protection is disabled. 3288Please note that this API-level mutex protects only rte_flow functions, 3289other control path functions are not in scope. 3290 3291More will be added over time. 3292 3293Device compatibility 3294-------------------- 3295 3296No known implementation supports all the described features. 3297 3298Unsupported features or combinations are not expected to be fully emulated 3299in software by PMDs for performance reasons. Partially supported features 3300may be completed in software as long as hardware performs most of the work 3301(such as queue redirection and packet recognition). 3302 3303However PMDs are expected to do their best to satisfy application requests 3304by working around hardware limitations as long as doing so does not affect 3305the behavior of existing flow rules. 3306 3307The following sections provide a few examples of such cases and describe how 3308PMDs should handle them, they are based on limitations built into the 3309previous APIs. 3310 3311Global bit-masks 3312~~~~~~~~~~~~~~~~ 3313 3314Each flow rule comes with its own, per-layer bit-masks, while hardware may 3315support only a single, device-wide bit-mask for a given layer type, so that 3316two IPv4 rules cannot use different bit-masks. 3317 3318The expected behavior in this case is that PMDs automatically configure 3319global bit-masks according to the needs of the first flow rule created. 3320 3321Subsequent rules are allowed only if their bit-masks match those, the 3322``EEXIST`` error code should be returned otherwise. 3323 3324Unsupported layer types 3325~~~~~~~~~~~~~~~~~~~~~~~ 3326 3327Many protocols can be simulated by crafting patterns with the `Item: RAW`_ 3328type. 3329 3330PMDs can rely on this capability to simulate support for protocols with 3331headers not directly recognized by hardware. 3332 3333``ANY`` pattern item 3334~~~~~~~~~~~~~~~~~~~~ 3335 3336This pattern item stands for anything, which can be difficult to translate 3337to something hardware would understand, particularly if followed by more 3338specific types. 3339 3340Consider the following pattern: 3341 3342.. _table_rte_flow_unsupported_any: 3343 3344.. table:: Pattern with ANY as L3 3345 3346 +-------+-----------------------+ 3347 | Index | Item | 3348 +=======+=======================+ 3349 | 0 | ETHER | 3350 +-------+-----+---------+-------+ 3351 | 1 | ANY | ``num`` | ``1`` | 3352 +-------+-----+---------+-------+ 3353 | 2 | TCP | 3354 +-------+-----------------------+ 3355 | 3 | END | 3356 +-------+-----------------------+ 3357 3358Knowing that TCP does not make sense with something other than IPv4 and IPv6 3359as L3, such a pattern may be translated to two flow rules instead: 3360 3361.. _table_rte_flow_unsupported_any_ipv4: 3362 3363.. table:: ANY replaced with IPV4 3364 3365 +-------+--------------------+ 3366 | Index | Item | 3367 +=======+====================+ 3368 | 0 | ETHER | 3369 +-------+--------------------+ 3370 | 1 | IPV4 (zeroed mask) | 3371 +-------+--------------------+ 3372 | 2 | TCP | 3373 +-------+--------------------+ 3374 | 3 | END | 3375 +-------+--------------------+ 3376 3377| 3378 3379.. _table_rte_flow_unsupported_any_ipv6: 3380 3381.. table:: ANY replaced with IPV6 3382 3383 +-------+--------------------+ 3384 | Index | Item | 3385 +=======+====================+ 3386 | 0 | ETHER | 3387 +-------+--------------------+ 3388 | 1 | IPV6 (zeroed mask) | 3389 +-------+--------------------+ 3390 | 2 | TCP | 3391 +-------+--------------------+ 3392 | 3 | END | 3393 +-------+--------------------+ 3394 3395Note that as soon as a ANY rule covers several layers, this approach may 3396yield a large number of hidden flow rules. It is thus suggested to only 3397support the most common scenarios (anything as L2 and/or L3). 3398 3399Unsupported actions 3400~~~~~~~~~~~~~~~~~~~ 3401 3402- When combined with `Action: QUEUE`_, packet counting (`Action: COUNT`_) 3403 and tagging (`Action: MARK`_ or `Action: FLAG`_) may be implemented in 3404 software as long as the target queue is used by a single rule. 3405 3406- When a single target queue is provided, `Action: RSS`_ can also be 3407 implemented through `Action: QUEUE`_. 3408 3409Flow rules priority 3410~~~~~~~~~~~~~~~~~~~ 3411 3412While it would naturally make sense, flow rules cannot be assumed to be 3413processed by hardware in the same order as their creation for several 3414reasons: 3415 3416- They may be managed internally as a tree or a hash table instead of a 3417 list. 3418- Removing a flow rule before adding another one can either put the new rule 3419 at the end of the list or reuse a freed entry. 3420- Duplication may occur when packets are matched by several rules. 3421 3422For overlapping rules (particularly in order to use `Action: PASSTHRU`_) 3423predictable behavior is only guaranteed by using different priority levels. 3424 3425Priority levels are not necessarily implemented in hardware, or may be 3426severely limited (e.g. a single priority bit). 3427 3428For these reasons, priority levels may be implemented purely in software by 3429PMDs. 3430 3431- For devices expecting flow rules to be added in the correct order, PMDs 3432 may destroy and re-create existing rules after adding a new one with 3433 a higher priority. 3434 3435- A configurable number of dummy or empty rules can be created at 3436 initialization time to save high priority slots for later. 3437 3438- In order to save priority levels, PMDs may evaluate whether rules are 3439 likely to collide and adjust their priority accordingly. 3440 3441Future evolutions 3442----------------- 3443 3444- A device profile selection function which could be used to force a 3445 permanent profile instead of relying on its automatic configuration based 3446 on existing flow rules. 3447 3448- A method to optimize *rte_flow* rules with specific pattern items and 3449 action types generated on the fly by PMDs. DPDK should assign negative 3450 numbers to these in order to not collide with the existing types. See 3451 `Negative types`_. 3452 3453- Adding specific egress pattern items and actions as described in 3454 `Attribute: Traffic direction`_. 3455 3456- Optional software fallback when PMDs are unable to handle requested flow 3457 rules so applications do not have to implement their own. 3458 3459.. _OpenFlow Switch Specification: https://www.opennetworking.org/software-defined-standards/specifications/ 3460