14418919fSjohnjiang /* SPDX-License-Identifier: BSD-3-Clause 24418919fSjohnjiang * Copyright(c) 2010-2014 Intel Corporation 34418919fSjohnjiang */ 44418919fSjohnjiang 54418919fSjohnjiang #ifndef TEST_ACL_H_ 64418919fSjohnjiang #define TEST_ACL_H_ 74418919fSjohnjiang 84418919fSjohnjiang struct ipv4_7tuple { 94418919fSjohnjiang uint16_t vlan; 104418919fSjohnjiang uint16_t domain; 114418919fSjohnjiang uint8_t proto; 124418919fSjohnjiang uint32_t ip_src; 134418919fSjohnjiang uint32_t ip_dst; 144418919fSjohnjiang uint16_t port_src; 154418919fSjohnjiang uint16_t port_dst; 164418919fSjohnjiang uint32_t allow; 174418919fSjohnjiang uint32_t deny; 184418919fSjohnjiang }; 194418919fSjohnjiang 204418919fSjohnjiang /** 214418919fSjohnjiang * Legacy support for 7-tuple IPv4 and VLAN rule. 224418919fSjohnjiang * This structure and corresponding API is deprecated. 234418919fSjohnjiang */ 244418919fSjohnjiang struct rte_acl_ipv4vlan_rule { 254418919fSjohnjiang struct rte_acl_rule_data data; /**< Miscellaneous data for the rule. */ 264418919fSjohnjiang uint8_t proto; /**< IPv4 protocol ID. */ 274418919fSjohnjiang uint8_t proto_mask; /**< IPv4 protocol ID mask. */ 284418919fSjohnjiang uint16_t vlan; /**< VLAN ID. */ 294418919fSjohnjiang uint16_t vlan_mask; /**< VLAN ID mask. */ 304418919fSjohnjiang uint16_t domain; /**< VLAN domain. */ 314418919fSjohnjiang uint16_t domain_mask; /**< VLAN domain mask. */ 324418919fSjohnjiang uint32_t src_addr; /**< IPv4 source address. */ 334418919fSjohnjiang uint32_t src_mask_len; /**< IPv4 source address mask. */ 344418919fSjohnjiang uint32_t dst_addr; /**< IPv4 destination address. */ 354418919fSjohnjiang uint32_t dst_mask_len; /**< IPv4 destination address mask. */ 364418919fSjohnjiang uint16_t src_port_low; /**< L4 source port low. */ 374418919fSjohnjiang uint16_t src_port_high; /**< L4 source port high. */ 384418919fSjohnjiang uint16_t dst_port_low; /**< L4 destination port low. */ 394418919fSjohnjiang uint16_t dst_port_high; /**< L4 destination port high. */ 404418919fSjohnjiang }; 414418919fSjohnjiang 424418919fSjohnjiang /** 434418919fSjohnjiang * Specifies fields layout inside rte_acl_rule for rte_acl_ipv4vlan_rule. 444418919fSjohnjiang */ 454418919fSjohnjiang enum { 464418919fSjohnjiang RTE_ACL_IPV4VLAN_PROTO_FIELD, 474418919fSjohnjiang RTE_ACL_IPV4VLAN_VLAN1_FIELD, 484418919fSjohnjiang RTE_ACL_IPV4VLAN_VLAN2_FIELD, 494418919fSjohnjiang RTE_ACL_IPV4VLAN_SRC_FIELD, 504418919fSjohnjiang RTE_ACL_IPV4VLAN_DST_FIELD, 514418919fSjohnjiang RTE_ACL_IPV4VLAN_SRCP_FIELD, 524418919fSjohnjiang RTE_ACL_IPV4VLAN_DSTP_FIELD, 534418919fSjohnjiang RTE_ACL_IPV4VLAN_NUM_FIELDS 544418919fSjohnjiang }; 554418919fSjohnjiang 564418919fSjohnjiang /** 574418919fSjohnjiang * Macro to define rule size for rte_acl_ipv4vlan_rule. 584418919fSjohnjiang */ 594418919fSjohnjiang #define RTE_ACL_IPV4VLAN_RULE_SZ \ 604418919fSjohnjiang RTE_ACL_RULE_SZ(RTE_ACL_IPV4VLAN_NUM_FIELDS) 614418919fSjohnjiang 624418919fSjohnjiang /* 634418919fSjohnjiang * That effectively defines order of IPV4VLAN classifications: 644418919fSjohnjiang * - PROTO 654418919fSjohnjiang * - VLAN (TAG and DOMAIN) 664418919fSjohnjiang * - SRC IP ADDRESS 674418919fSjohnjiang * - DST IP ADDRESS 684418919fSjohnjiang * - PORTS (SRC and DST) 694418919fSjohnjiang */ 704418919fSjohnjiang enum { 714418919fSjohnjiang RTE_ACL_IPV4VLAN_PROTO, 724418919fSjohnjiang RTE_ACL_IPV4VLAN_VLAN, 734418919fSjohnjiang RTE_ACL_IPV4VLAN_SRC, 744418919fSjohnjiang RTE_ACL_IPV4VLAN_DST, 754418919fSjohnjiang RTE_ACL_IPV4VLAN_PORTS, 764418919fSjohnjiang RTE_ACL_IPV4VLAN_NUM 774418919fSjohnjiang }; 784418919fSjohnjiang 794418919fSjohnjiang /* rules for invalid layout test */ 804418919fSjohnjiang struct rte_acl_ipv4vlan_rule invalid_layout_rules[] = { 814418919fSjohnjiang /* test src and dst address */ 824418919fSjohnjiang { 834418919fSjohnjiang .data = {.userdata = 1, .category_mask = 1, 844418919fSjohnjiang .priority = 1}, 854418919fSjohnjiang .src_addr = RTE_IPV4(10,0,0,0), 864418919fSjohnjiang .src_mask_len = 24, 874418919fSjohnjiang }, 884418919fSjohnjiang { 894418919fSjohnjiang .data = {.userdata = 2, .category_mask = 1, 904418919fSjohnjiang .priority = 1}, 914418919fSjohnjiang .dst_addr = RTE_IPV4(10,0,0,0), 924418919fSjohnjiang .dst_mask_len = 24, 934418919fSjohnjiang }, 944418919fSjohnjiang /* test src and dst ports */ 954418919fSjohnjiang { 964418919fSjohnjiang .data = {.userdata = 3, .category_mask = 1, 974418919fSjohnjiang .priority = 1}, 984418919fSjohnjiang .dst_port_low = 100, 994418919fSjohnjiang .dst_port_high = 100, 1004418919fSjohnjiang }, 1014418919fSjohnjiang { 1024418919fSjohnjiang .data = {.userdata = 4, .category_mask = 1, 1034418919fSjohnjiang .priority = 1}, 1044418919fSjohnjiang .src_port_low = 100, 1054418919fSjohnjiang .src_port_high = 100, 1064418919fSjohnjiang }, 1074418919fSjohnjiang /* test proto */ 1084418919fSjohnjiang { 1094418919fSjohnjiang .data = {.userdata = 5, .category_mask = 1, 1104418919fSjohnjiang .priority = 1}, 1114418919fSjohnjiang .proto = 0xf, 1124418919fSjohnjiang .proto_mask = 0xf 1134418919fSjohnjiang }, 1144418919fSjohnjiang { 1154418919fSjohnjiang .data = {.userdata = 6, .category_mask = 1, 1164418919fSjohnjiang .priority = 1}, 1174418919fSjohnjiang .dst_port_low = 0xf, 1184418919fSjohnjiang .dst_port_high = 0xf, 1194418919fSjohnjiang } 1204418919fSjohnjiang }; 1214418919fSjohnjiang 1224418919fSjohnjiang /* these might look odd because they don't match up the rules. This is 1234418919fSjohnjiang * intentional, as the invalid layout test presumes returning the correct 1244418919fSjohnjiang * results using the wrong data layout. 1254418919fSjohnjiang */ 1264418919fSjohnjiang struct ipv4_7tuple invalid_layout_data[] = { 1274418919fSjohnjiang {.ip_src = RTE_IPV4(10,0,1,0)}, /* should not match */ 1284418919fSjohnjiang {.ip_src = RTE_IPV4(10,0,0,1), .allow = 2}, /* should match 2 */ 1294418919fSjohnjiang {.port_src = 100, .allow = 4}, /* should match 4 */ 1304418919fSjohnjiang {.port_dst = 0xf, .allow = 6}, /* should match 6 */ 1314418919fSjohnjiang }; 1324418919fSjohnjiang 1334418919fSjohnjiang #define ACL_ALLOW 0 1344418919fSjohnjiang #define ACL_DENY 1 1354418919fSjohnjiang #define ACL_ALLOW_MASK 0x1 1364418919fSjohnjiang #define ACL_DENY_MASK 0x2 1374418919fSjohnjiang 1384418919fSjohnjiang /* ruleset for ACL unit test */ 1394418919fSjohnjiang struct rte_acl_ipv4vlan_rule acl_test_rules[] = { 1404418919fSjohnjiang /* destination IP addresses */ 1414418919fSjohnjiang /* matches all packets traveling to 192.168.0.0/16 */ 1424418919fSjohnjiang { 1434418919fSjohnjiang .data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK, 1444418919fSjohnjiang .priority = 230}, 1454418919fSjohnjiang .dst_addr = RTE_IPV4(192,168,0,0), 1464418919fSjohnjiang .dst_mask_len = 16, 1474418919fSjohnjiang .src_port_low = 0, 1484418919fSjohnjiang .src_port_high = 0xffff, 1494418919fSjohnjiang .dst_port_low = 0, 1504418919fSjohnjiang .dst_port_high = 0xffff, 1514418919fSjohnjiang }, 1524418919fSjohnjiang /* matches all packets traveling to 192.168.1.0/24 */ 1534418919fSjohnjiang { 1544418919fSjohnjiang .data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK, 1554418919fSjohnjiang .priority = 330}, 1564418919fSjohnjiang .dst_addr = RTE_IPV4(192,168,1,0), 1574418919fSjohnjiang .dst_mask_len = 24, 1584418919fSjohnjiang .src_port_low = 0, 1594418919fSjohnjiang .src_port_high = 0xffff, 1604418919fSjohnjiang .dst_port_low = 0, 1614418919fSjohnjiang .dst_port_high = 0xffff, 1624418919fSjohnjiang }, 1634418919fSjohnjiang /* matches all packets traveling to 192.168.1.50 */ 1644418919fSjohnjiang { 1654418919fSjohnjiang .data = {.userdata = 3, .category_mask = ACL_DENY_MASK, 1664418919fSjohnjiang .priority = 230}, 1674418919fSjohnjiang .dst_addr = RTE_IPV4(192,168,1,50), 1684418919fSjohnjiang .dst_mask_len = 32, 1694418919fSjohnjiang .src_port_low = 0, 1704418919fSjohnjiang .src_port_high = 0xffff, 1714418919fSjohnjiang .dst_port_low = 0, 1724418919fSjohnjiang .dst_port_high = 0xffff, 1734418919fSjohnjiang }, 1744418919fSjohnjiang 1754418919fSjohnjiang /* source IP addresses */ 1764418919fSjohnjiang /* matches all packets traveling from 10.0.0.0/8 */ 1774418919fSjohnjiang { 1784418919fSjohnjiang .data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK, 1794418919fSjohnjiang .priority = 240}, 1804418919fSjohnjiang .src_addr = RTE_IPV4(10,0,0,0), 1814418919fSjohnjiang .src_mask_len = 8, 1824418919fSjohnjiang .src_port_low = 0, 1834418919fSjohnjiang .src_port_high = 0xffff, 1844418919fSjohnjiang .dst_port_low = 0, 1854418919fSjohnjiang .dst_port_high = 0xffff, 1864418919fSjohnjiang }, 1874418919fSjohnjiang /* matches all packets traveling from 10.1.1.0/24 */ 1884418919fSjohnjiang { 1894418919fSjohnjiang .data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK, 1904418919fSjohnjiang .priority = 340}, 1914418919fSjohnjiang .src_addr = RTE_IPV4(10,1,1,0), 1924418919fSjohnjiang .src_mask_len = 24, 1934418919fSjohnjiang .src_port_low = 0, 1944418919fSjohnjiang .src_port_high = 0xffff, 1954418919fSjohnjiang .dst_port_low = 0, 1964418919fSjohnjiang .dst_port_high = 0xffff, 1974418919fSjohnjiang }, 1984418919fSjohnjiang /* matches all packets traveling from 10.1.1.1 */ 1994418919fSjohnjiang { 2004418919fSjohnjiang .data = {.userdata = 6, .category_mask = ACL_DENY_MASK, 2014418919fSjohnjiang .priority = 240}, 2024418919fSjohnjiang .src_addr = RTE_IPV4(10,1,1,1), 2034418919fSjohnjiang .src_mask_len = 32, 2044418919fSjohnjiang .src_port_low = 0, 2054418919fSjohnjiang .src_port_high = 0xffff, 2064418919fSjohnjiang .dst_port_low = 0, 2074418919fSjohnjiang .dst_port_high = 0xffff, 2084418919fSjohnjiang }, 2094418919fSjohnjiang 2104418919fSjohnjiang /* VLAN tag */ 2114418919fSjohnjiang /* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */ 2124418919fSjohnjiang { 2134418919fSjohnjiang .data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK, 2144418919fSjohnjiang .priority = 260}, 2154418919fSjohnjiang .vlan = 0x64, 2164418919fSjohnjiang .vlan_mask = 0x7f, 2174418919fSjohnjiang .src_port_low = 0, 2184418919fSjohnjiang .src_port_high = 0xffff, 2194418919fSjohnjiang .dst_port_low = 0, 2204418919fSjohnjiang .dst_port_high = 0xffff, 2214418919fSjohnjiang }, 2224418919fSjohnjiang /* matches all packets with VLAN tags that have 0x5 in them */ 2234418919fSjohnjiang { 2244418919fSjohnjiang .data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK, 2254418919fSjohnjiang .priority = 260}, 2264418919fSjohnjiang .vlan = 0x5, 2274418919fSjohnjiang .vlan_mask = 0x5, 2284418919fSjohnjiang .src_port_low = 0, 2294418919fSjohnjiang .src_port_high = 0xffff, 2304418919fSjohnjiang .dst_port_low = 0, 2314418919fSjohnjiang .dst_port_high = 0xffff, 2324418919fSjohnjiang }, 2334418919fSjohnjiang /* matches all packets with VLAN tag 5 */ 2344418919fSjohnjiang { 2354418919fSjohnjiang .data = {.userdata = 9, .category_mask = ACL_DENY_MASK, 2364418919fSjohnjiang .priority = 360}, 2374418919fSjohnjiang .vlan = 0x5, 2384418919fSjohnjiang .vlan_mask = 0xffff, 2394418919fSjohnjiang .src_port_low = 0, 2404418919fSjohnjiang .src_port_high = 0xffff, 2414418919fSjohnjiang .dst_port_low = 0, 2424418919fSjohnjiang .dst_port_high = 0xffff, 2434418919fSjohnjiang }, 2444418919fSjohnjiang 2454418919fSjohnjiang /* VLAN domain */ 2464418919fSjohnjiang /* matches all packets with lower 7 bytes of domain equal to 0x64 */ 2474418919fSjohnjiang { 2484418919fSjohnjiang .data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK, 2494418919fSjohnjiang .priority = 250}, 2504418919fSjohnjiang .domain = 0x64, 2514418919fSjohnjiang .domain_mask = 0x7f, 2524418919fSjohnjiang .src_port_low = 0, 2534418919fSjohnjiang .src_port_high = 0xffff, 2544418919fSjohnjiang .dst_port_low = 0, 2554418919fSjohnjiang .dst_port_high = 0xffff, 2564418919fSjohnjiang }, 2574418919fSjohnjiang /* matches all packets with domains that have 0x5 in them */ 2584418919fSjohnjiang { 2594418919fSjohnjiang .data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK, 2604418919fSjohnjiang .priority = 350}, 2614418919fSjohnjiang .domain = 0x5, 2624418919fSjohnjiang .domain_mask = 0x5, 2634418919fSjohnjiang .src_port_low = 0, 2644418919fSjohnjiang .src_port_high = 0xffff, 2654418919fSjohnjiang .dst_port_low = 0, 2664418919fSjohnjiang .dst_port_high = 0xffff, 2674418919fSjohnjiang }, 2684418919fSjohnjiang /* matches all packets with domain 5 */ 2694418919fSjohnjiang { 2704418919fSjohnjiang .data = {.userdata = 12, .category_mask = ACL_DENY_MASK, 2714418919fSjohnjiang .priority = 350}, 2724418919fSjohnjiang .domain = 0x5, 2734418919fSjohnjiang .domain_mask = 0xffff, 2744418919fSjohnjiang .src_port_low = 0, 2754418919fSjohnjiang .src_port_high = 0xffff, 2764418919fSjohnjiang .dst_port_low = 0, 2774418919fSjohnjiang .dst_port_high = 0xffff, 2784418919fSjohnjiang }, 2794418919fSjohnjiang 2804418919fSjohnjiang /* destination port */ 2814418919fSjohnjiang /* matches everything with dst port 80 */ 2824418919fSjohnjiang { 2834418919fSjohnjiang .data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK, 2844418919fSjohnjiang .priority = 310}, 2854418919fSjohnjiang .dst_port_low = 80, 2864418919fSjohnjiang .dst_port_high = 80, 2874418919fSjohnjiang .src_port_low = 0, 2884418919fSjohnjiang .src_port_high = 0xffff, 2894418919fSjohnjiang }, 2904418919fSjohnjiang /* matches everything with dst port 22-1023 */ 2914418919fSjohnjiang { 2924418919fSjohnjiang .data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK, 2934418919fSjohnjiang .priority = 210}, 2944418919fSjohnjiang .dst_port_low = 22, 2954418919fSjohnjiang .dst_port_high = 1023, 2964418919fSjohnjiang .src_port_low = 0, 2974418919fSjohnjiang .src_port_high = 0xffff, 2984418919fSjohnjiang }, 2994418919fSjohnjiang /* matches everything with dst port 1020 */ 3004418919fSjohnjiang { 3014418919fSjohnjiang .data = {.userdata = 15, .category_mask = ACL_DENY_MASK, 3024418919fSjohnjiang .priority = 310}, 3034418919fSjohnjiang .dst_port_low = 1020, 3044418919fSjohnjiang .dst_port_high = 1020, 3054418919fSjohnjiang .src_port_low = 0, 3064418919fSjohnjiang .src_port_high = 0xffff, 3074418919fSjohnjiang }, 3084418919fSjohnjiang /* matches everything with dst portrange 1000-2000 */ 3094418919fSjohnjiang { 3104418919fSjohnjiang .data = {.userdata = 16, .category_mask = ACL_DENY_MASK, 3114418919fSjohnjiang .priority = 210}, 3124418919fSjohnjiang .dst_port_low = 1000, 3134418919fSjohnjiang .dst_port_high = 2000, 3144418919fSjohnjiang .src_port_low = 0, 3154418919fSjohnjiang .src_port_high = 0xffff, 3164418919fSjohnjiang }, 3174418919fSjohnjiang 3184418919fSjohnjiang /* source port */ 3194418919fSjohnjiang /* matches everything with src port 80 */ 3204418919fSjohnjiang { 3214418919fSjohnjiang .data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK, 3224418919fSjohnjiang .priority = 320}, 3234418919fSjohnjiang .src_port_low = 80, 3244418919fSjohnjiang .src_port_high = 80, 3254418919fSjohnjiang .dst_port_low = 0, 3264418919fSjohnjiang .dst_port_high = 0xffff, 3274418919fSjohnjiang }, 3284418919fSjohnjiang /* matches everything with src port 22-1023 */ 3294418919fSjohnjiang { 3304418919fSjohnjiang .data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK, 3314418919fSjohnjiang .priority = 220}, 3324418919fSjohnjiang .src_port_low = 22, 3334418919fSjohnjiang .src_port_high = 1023, 3344418919fSjohnjiang .dst_port_low = 0, 3354418919fSjohnjiang .dst_port_high = 0xffff, 3364418919fSjohnjiang }, 3374418919fSjohnjiang /* matches everything with src port 1020 */ 3384418919fSjohnjiang { 3394418919fSjohnjiang .data = {.userdata = 19, .category_mask = ACL_DENY_MASK, 3404418919fSjohnjiang .priority = 320}, 3414418919fSjohnjiang .src_port_low = 1020, 3424418919fSjohnjiang .src_port_high = 1020, 3434418919fSjohnjiang .dst_port_low = 0, 3444418919fSjohnjiang .dst_port_high = 0xffff, 3454418919fSjohnjiang }, 3464418919fSjohnjiang /* matches everything with src portrange 1000-2000 */ 3474418919fSjohnjiang { 3484418919fSjohnjiang .data = {.userdata = 20, .category_mask = ACL_DENY_MASK, 3494418919fSjohnjiang .priority = 220}, 3504418919fSjohnjiang .src_port_low = 1000, 3514418919fSjohnjiang .src_port_high = 2000, 3524418919fSjohnjiang .dst_port_low = 0, 3534418919fSjohnjiang .dst_port_high = 0xffff, 3544418919fSjohnjiang }, 3554418919fSjohnjiang 3564418919fSjohnjiang /* protocol number */ 3574418919fSjohnjiang /* matches all packets with protocol number either 0x64 or 0xE4 */ 3584418919fSjohnjiang { 3594418919fSjohnjiang .data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK, 3604418919fSjohnjiang .priority = 270}, 3614418919fSjohnjiang .proto = 0x64, 3624418919fSjohnjiang .proto_mask = 0x7f, 3634418919fSjohnjiang .src_port_low = 0, 3644418919fSjohnjiang .src_port_high = 0xffff, 3654418919fSjohnjiang .dst_port_low = 0, 3664418919fSjohnjiang .dst_port_high = 0xffff, 3674418919fSjohnjiang }, 3684418919fSjohnjiang /* matches all packets with protocol that have 0x5 in them */ 3694418919fSjohnjiang { 3704418919fSjohnjiang .data = {.userdata = 22, .category_mask = ACL_ALLOW_MASK, 3714418919fSjohnjiang .priority = 1}, 3724418919fSjohnjiang .proto = 0x5, 3734418919fSjohnjiang .proto_mask = 0x5, 3744418919fSjohnjiang .src_port_low = 0, 3754418919fSjohnjiang .src_port_high = 0xffff, 3764418919fSjohnjiang .dst_port_low = 0, 3774418919fSjohnjiang .dst_port_high = 0xffff, 3784418919fSjohnjiang }, 3794418919fSjohnjiang /* matches all packets with protocol 5 */ 3804418919fSjohnjiang { 3814418919fSjohnjiang .data = {.userdata = 23, .category_mask = ACL_DENY_MASK, 3824418919fSjohnjiang .priority = 370}, 3834418919fSjohnjiang .proto = 0x5, 3844418919fSjohnjiang .proto_mask = 0xff, 3854418919fSjohnjiang .src_port_low = 0, 3864418919fSjohnjiang .src_port_high = 0xffff, 3874418919fSjohnjiang .dst_port_low = 0, 3884418919fSjohnjiang .dst_port_high = 0xffff, 3894418919fSjohnjiang }, 3904418919fSjohnjiang 3914418919fSjohnjiang /* rules combining various fields */ 3924418919fSjohnjiang { 3934418919fSjohnjiang .data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK, 3944418919fSjohnjiang .priority = 400}, 3954418919fSjohnjiang /** make sure that unmasked bytes don't fail! */ 3964418919fSjohnjiang .dst_addr = RTE_IPV4(1,2,3,4), 3974418919fSjohnjiang .dst_mask_len = 16, 3984418919fSjohnjiang .src_addr = RTE_IPV4(5,6,7,8), 3994418919fSjohnjiang .src_mask_len = 24, 4004418919fSjohnjiang .proto = 0x5, 4014418919fSjohnjiang .proto_mask = 0xff, 4024418919fSjohnjiang .src_port_low = 0, 4034418919fSjohnjiang .src_port_high = 0xffff, 4044418919fSjohnjiang .dst_port_low = 22, 4054418919fSjohnjiang .dst_port_high = 1024, 4064418919fSjohnjiang .vlan = 0x8100, 4074418919fSjohnjiang .vlan_mask = 0xffff, 4084418919fSjohnjiang .domain = 0x64, 4094418919fSjohnjiang .domain_mask = 0xffff, 4104418919fSjohnjiang }, 4114418919fSjohnjiang { 4124418919fSjohnjiang .data = {.userdata = 25, .category_mask = ACL_DENY_MASK, 4134418919fSjohnjiang .priority = 400}, 4144418919fSjohnjiang .dst_addr = RTE_IPV4(5,6,7,8), 4154418919fSjohnjiang .dst_mask_len = 24, 4164418919fSjohnjiang .src_addr = RTE_IPV4(1,2,3,4), 4174418919fSjohnjiang .src_mask_len = 16, 4184418919fSjohnjiang .proto = 0x5, 4194418919fSjohnjiang .proto_mask = 0xff, 4204418919fSjohnjiang .src_port_low = 0, 4214418919fSjohnjiang .src_port_high = 0xffff, 4224418919fSjohnjiang .dst_port_low = 22, 4234418919fSjohnjiang .dst_port_high = 1024, 4244418919fSjohnjiang .vlan = 0x8100, 4254418919fSjohnjiang .vlan_mask = 0xffff, 4264418919fSjohnjiang .domain = 0x64, 4274418919fSjohnjiang .domain_mask = 0xffff, 4284418919fSjohnjiang }, 4294418919fSjohnjiang { 4304418919fSjohnjiang .data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK, 4314418919fSjohnjiang .priority = 500}, 4324418919fSjohnjiang .dst_addr = RTE_IPV4(1,2,3,4), 4334418919fSjohnjiang .dst_mask_len = 8, 4344418919fSjohnjiang .src_addr = RTE_IPV4(5,6,7,8), 4354418919fSjohnjiang .src_mask_len = 32, 4364418919fSjohnjiang .proto = 0x5, 4374418919fSjohnjiang .proto_mask = 0xff, 4384418919fSjohnjiang .src_port_low = 0, 4394418919fSjohnjiang .src_port_high = 0xffff, 4404418919fSjohnjiang .dst_port_low = 22, 4414418919fSjohnjiang .dst_port_high = 1024, 4424418919fSjohnjiang .vlan = 0x64, 4434418919fSjohnjiang .vlan_mask = 0xffff, 4444418919fSjohnjiang }, 4454418919fSjohnjiang { 4464418919fSjohnjiang .data = {.userdata = 27, .category_mask = ACL_DENY_MASK, 4474418919fSjohnjiang .priority = 500}, 4484418919fSjohnjiang .dst_addr = RTE_IPV4(5,6,7,8), 4494418919fSjohnjiang .dst_mask_len = 32, 4504418919fSjohnjiang .src_addr = RTE_IPV4(1,2,3,4), 4514418919fSjohnjiang .src_mask_len = 8, 4524418919fSjohnjiang .proto = 0x5, 4534418919fSjohnjiang .proto_mask = 0xff, 4544418919fSjohnjiang .src_port_low = 0, 4554418919fSjohnjiang .src_port_high = 0xffff, 4564418919fSjohnjiang .dst_port_low = 22, 4574418919fSjohnjiang .dst_port_high = 1024, 4584418919fSjohnjiang .vlan = 0x64, 4594418919fSjohnjiang .vlan_mask = 0xffff, 4604418919fSjohnjiang }, 4614418919fSjohnjiang }; 4624418919fSjohnjiang 4634418919fSjohnjiang /* data for ACL unit test */ 4644418919fSjohnjiang struct ipv4_7tuple acl_test_data[] = { 4654418919fSjohnjiang /* testing single rule aspects */ 4664418919fSjohnjiang {.ip_src = RTE_IPV4(10,0,0,0), .allow = 4}, /* should match 4 */ 4674418919fSjohnjiang {.ip_src = RTE_IPV4(10,1,1,2), .allow = 5}, /* should match 5 */ 4684418919fSjohnjiang {.ip_src = RTE_IPV4(10,1,1,1), .allow = 5, 4694418919fSjohnjiang .deny = 6}, /* should match 5, 6 */ 4704418919fSjohnjiang {.ip_dst = RTE_IPV4(10,0,0,0)}, /* should not match */ 4714418919fSjohnjiang {.ip_dst = RTE_IPV4(10,1,1,2)}, /* should not match */ 4724418919fSjohnjiang {.ip_dst = RTE_IPV4(10,1,1,1)}, /* should not match */ 4734418919fSjohnjiang 4744418919fSjohnjiang {.ip_src = RTE_IPV4(192,168,2,50)}, /* should not match */ 4754418919fSjohnjiang {.ip_src = RTE_IPV4(192,168,1,2)}, /* should not match */ 4764418919fSjohnjiang {.ip_src = RTE_IPV4(192,168,1,50)}, /* should not match */ 4774418919fSjohnjiang {.ip_dst = RTE_IPV4(192,168,2,50), .allow = 1}, /* should match 1 */ 4784418919fSjohnjiang {.ip_dst = RTE_IPV4(192,168,1,49), .allow = 2}, /* should match 2 */ 4794418919fSjohnjiang {.ip_dst = RTE_IPV4(192,168,1,50), .allow = 2, 4804418919fSjohnjiang .deny = 3}, /* should match 2, 3 */ 4814418919fSjohnjiang 4824418919fSjohnjiang {.vlan = 0x64, .allow = 7}, /* should match 7 */ 4834418919fSjohnjiang {.vlan = 0xfE4, .allow = 7}, /* should match 7 */ 4844418919fSjohnjiang {.vlan = 0xE2}, /* should not match */ 4854418919fSjohnjiang {.vlan = 0xD, .allow = 8}, /* should match 8 */ 4864418919fSjohnjiang {.vlan = 0x6}, /* should not match */ 4874418919fSjohnjiang {.vlan = 0x5, .allow = 8, .deny = 9}, /* should match 8, 9 */ 4884418919fSjohnjiang 4894418919fSjohnjiang {.domain = 0x64, .allow = 10}, /* should match 10 */ 4904418919fSjohnjiang {.domain = 0xfE4, .allow = 10}, /* should match 10 */ 4914418919fSjohnjiang {.domain = 0xE2}, /* should not match */ 4924418919fSjohnjiang {.domain = 0xD, .allow = 11}, /* should match 11 */ 4934418919fSjohnjiang {.domain = 0x6}, /* should not match */ 4944418919fSjohnjiang {.domain = 0x5, .allow = 11, .deny = 12}, /* should match 11, 12 */ 4954418919fSjohnjiang 4964418919fSjohnjiang {.port_dst = 80, .allow = 13}, /* should match 13 */ 4974418919fSjohnjiang {.port_dst = 79, .allow = 14}, /* should match 14 */ 4984418919fSjohnjiang {.port_dst = 81, .allow = 14}, /* should match 14 */ 4994418919fSjohnjiang {.port_dst = 21}, /* should not match */ 5004418919fSjohnjiang {.port_dst = 1024, .deny = 16}, /* should match 16 */ 5014418919fSjohnjiang {.port_dst = 1020, .allow = 14, .deny = 15}, /* should match 14, 15 */ 5024418919fSjohnjiang 5034418919fSjohnjiang {.port_src = 80, .allow = 17}, /* should match 17 */ 5044418919fSjohnjiang {.port_src = 79, .allow = 18}, /* should match 18 */ 5054418919fSjohnjiang {.port_src = 81, .allow = 18}, /* should match 18 */ 5064418919fSjohnjiang {.port_src = 21}, /* should not match */ 5074418919fSjohnjiang {.port_src = 1024, .deny = 20}, /* should match 20 */ 5084418919fSjohnjiang {.port_src = 1020, .allow = 18, .deny = 19}, /* should match 18, 19 */ 5094418919fSjohnjiang 5104418919fSjohnjiang {.proto = 0x64, .allow = 21}, /* should match 21 */ 5114418919fSjohnjiang {.proto = 0xE4, .allow = 21}, /* should match 21 */ 5124418919fSjohnjiang {.proto = 0xE2}, /* should not match */ 5134418919fSjohnjiang {.proto = 0xD, .allow = 22}, /* should match 22 */ 5144418919fSjohnjiang {.proto = 0x6}, /* should not match */ 5154418919fSjohnjiang {.proto = 0x5, .allow = 22, .deny = 23}, /* should match 22, 23 */ 5164418919fSjohnjiang 5174418919fSjohnjiang /* testing matching multiple rules at once */ 5184418919fSjohnjiang {.vlan = 0x5, .ip_src = RTE_IPV4(10,1,1,1), 5194418919fSjohnjiang .allow = 5, .deny = 9}, /* should match 5, 9 */ 5204418919fSjohnjiang {.vlan = 0x5, .ip_src = RTE_IPV4(192,168,2,50), 5214418919fSjohnjiang .allow = 8, .deny = 9}, /* should match 8, 9 */ 5224418919fSjohnjiang {.vlan = 0x55, .ip_src = RTE_IPV4(192,168,1,49), 5234418919fSjohnjiang .allow = 8}, /* should match 8 */ 5244418919fSjohnjiang {.port_dst = 80, .port_src = 1024, 5254418919fSjohnjiang .allow = 13, .deny = 20}, /* should match 13,20 */ 5264418919fSjohnjiang {.port_dst = 79, .port_src = 1024, 5274418919fSjohnjiang .allow = 14, .deny = 20}, /* should match 14,20 */ 5284418919fSjohnjiang {.proto = 0x5, .ip_dst = RTE_IPV4(192,168,2,50), 5294418919fSjohnjiang .allow = 1, .deny = 23}, /* should match 1, 23 */ 5304418919fSjohnjiang 5314418919fSjohnjiang {.proto = 0x5, .ip_dst = RTE_IPV4(192,168,1,50), 5324418919fSjohnjiang .allow = 2, .deny = 23}, /* should match 2, 23 */ 5334418919fSjohnjiang {.vlan = 0x64, .domain = 0x5, 5344418919fSjohnjiang .allow = 11, .deny = 12}, /* should match 11, 12 */ 5354418919fSjohnjiang {.proto = 0x5, .port_src = 80, 5364418919fSjohnjiang .allow = 17, .deny = 23}, /* should match 17, 23 */ 5374418919fSjohnjiang {.proto = 0x5, .port_dst = 80, 5384418919fSjohnjiang .allow = 13, .deny = 23}, /* should match 13, 23 */ 5394418919fSjohnjiang {.proto = 0x51, .port_src = 5000}, /* should not match */ 5404418919fSjohnjiang {.ip_src = RTE_IPV4(192,168,1,50), 5414418919fSjohnjiang .ip_dst = RTE_IPV4(10,0,0,0), 5424418919fSjohnjiang .proto = 0x51, 5434418919fSjohnjiang .port_src = 5000, 5444418919fSjohnjiang .port_dst = 5000}, /* should not match */ 5454418919fSjohnjiang 5464418919fSjohnjiang /* test full packet rules */ 5474418919fSjohnjiang { 5484418919fSjohnjiang .ip_dst = RTE_IPV4(1,2,100,200), 5494418919fSjohnjiang .ip_src = RTE_IPV4(5,6,7,254), 5504418919fSjohnjiang .proto = 0x5, 5514418919fSjohnjiang .vlan = 0x8100, 5524418919fSjohnjiang .domain = 0x64, 5534418919fSjohnjiang .port_src = 12345, 5544418919fSjohnjiang .port_dst = 80, 5554418919fSjohnjiang .allow = 24, 5564418919fSjohnjiang .deny = 23 5574418919fSjohnjiang }, /* should match 23, 24 */ 5584418919fSjohnjiang { 5594418919fSjohnjiang .ip_dst = RTE_IPV4(5,6,7,254), 5604418919fSjohnjiang .ip_src = RTE_IPV4(1,2,100,200), 5614418919fSjohnjiang .proto = 0x5, 5624418919fSjohnjiang .vlan = 0x8100, 5634418919fSjohnjiang .domain = 0x64, 5644418919fSjohnjiang .port_src = 12345, 5654418919fSjohnjiang .port_dst = 80, 5664418919fSjohnjiang .allow = 13, 5674418919fSjohnjiang .deny = 25 5684418919fSjohnjiang }, /* should match 13, 25 */ 5694418919fSjohnjiang { 5704418919fSjohnjiang .ip_dst = RTE_IPV4(1,10,20,30), 5714418919fSjohnjiang .ip_src = RTE_IPV4(5,6,7,8), 5724418919fSjohnjiang .proto = 0x5, 5734418919fSjohnjiang .vlan = 0x64, 5744418919fSjohnjiang .port_src = 12345, 5754418919fSjohnjiang .port_dst = 80, 5764418919fSjohnjiang .allow = 26, 5774418919fSjohnjiang .deny = 23 5784418919fSjohnjiang }, /* should match 23, 26 */ 5794418919fSjohnjiang { 5804418919fSjohnjiang .ip_dst = RTE_IPV4(5,6,7,8), 5814418919fSjohnjiang .ip_src = RTE_IPV4(1,10,20,30), 5824418919fSjohnjiang .proto = 0x5, 5834418919fSjohnjiang .vlan = 0x64, 5844418919fSjohnjiang .port_src = 12345, 5854418919fSjohnjiang .port_dst = 80, 5864418919fSjohnjiang .allow = 13, 5874418919fSjohnjiang .deny = 27 5884418919fSjohnjiang }, /* should match 13, 27 */ 5894418919fSjohnjiang { 5904418919fSjohnjiang .ip_dst = RTE_IPV4(2,2,3,4), 5914418919fSjohnjiang .ip_src = RTE_IPV4(4,6,7,8), 5924418919fSjohnjiang .proto = 0x5, 5934418919fSjohnjiang .vlan = 0x64, 5944418919fSjohnjiang .port_src = 12345, 5954418919fSjohnjiang .port_dst = 80, 5964418919fSjohnjiang .allow = 13, 5974418919fSjohnjiang .deny = 23 5984418919fSjohnjiang }, /* should match 13, 23 */ 5994418919fSjohnjiang { 6004418919fSjohnjiang .ip_dst = RTE_IPV4(1,2,3,4), 6014418919fSjohnjiang .ip_src = RTE_IPV4(4,6,7,8), 6024418919fSjohnjiang .proto = 0x5, 6034418919fSjohnjiang .vlan = 0x64, 6044418919fSjohnjiang .port_src = 12345, 6054418919fSjohnjiang .port_dst = 80, 6064418919fSjohnjiang .allow = 13, 6074418919fSjohnjiang .deny = 23 6084418919fSjohnjiang }, /* should match 13, 23 */ 6094418919fSjohnjiang 6104418919fSjohnjiang 6114418919fSjohnjiang /* visual separator! */ 6124418919fSjohnjiang { 6134418919fSjohnjiang .ip_dst = RTE_IPV4(1,2,100,200), 6144418919fSjohnjiang .ip_src = RTE_IPV4(5,6,7,254), 6154418919fSjohnjiang .proto = 0x55, 6164418919fSjohnjiang .vlan = 0x8000, 6174418919fSjohnjiang .domain = 0x6464, 6184418919fSjohnjiang .port_src = 12345, 6194418919fSjohnjiang .port_dst = 8080, 6204418919fSjohnjiang .allow = 10 6214418919fSjohnjiang }, /* should match 10 */ 6224418919fSjohnjiang { 6234418919fSjohnjiang .ip_dst = RTE_IPV4(5,6,7,254), 6244418919fSjohnjiang .ip_src = RTE_IPV4(1,2,100,200), 6254418919fSjohnjiang .proto = 0x55, 6264418919fSjohnjiang .vlan = 0x8100, 6274418919fSjohnjiang .domain = 0x6464, 6284418919fSjohnjiang .port_src = 12345, 6294418919fSjohnjiang .port_dst = 180, 6304418919fSjohnjiang .allow = 10 6314418919fSjohnjiang }, /* should match 10 */ 6324418919fSjohnjiang { 6334418919fSjohnjiang .ip_dst = RTE_IPV4(1,10,20,30), 6344418919fSjohnjiang .ip_src = RTE_IPV4(5,6,7,8), 6354418919fSjohnjiang .proto = 0x55, 6364418919fSjohnjiang .vlan = 0x64, 6374418919fSjohnjiang .port_src = 12345, 6384418919fSjohnjiang .port_dst = 180, 6394418919fSjohnjiang .allow = 7 6404418919fSjohnjiang }, /* should match 7 */ 6414418919fSjohnjiang { 6424418919fSjohnjiang .ip_dst = RTE_IPV4(5,6,7,8), 6434418919fSjohnjiang .ip_src = RTE_IPV4(1,10,20,30), 6444418919fSjohnjiang .proto = 0x55, 6454418919fSjohnjiang .vlan = 0x64, 6464418919fSjohnjiang .port_src = 12345, 6474418919fSjohnjiang .port_dst = 180, 6484418919fSjohnjiang .allow = 7 6494418919fSjohnjiang }, /* should match 7 */ 6504418919fSjohnjiang { 6514418919fSjohnjiang .ip_dst = RTE_IPV4(2,2,3,4), 6524418919fSjohnjiang .ip_src = RTE_IPV4(4,6,7,8), 6534418919fSjohnjiang .proto = 0x55, 6544418919fSjohnjiang .vlan = 0x64, 6554418919fSjohnjiang .port_src = 12345, 6564418919fSjohnjiang .port_dst = 180, 6574418919fSjohnjiang .allow = 7 6584418919fSjohnjiang }, /* should match 7 */ 6594418919fSjohnjiang { 6604418919fSjohnjiang .ip_dst = RTE_IPV4(1,2,3,4), 6614418919fSjohnjiang .ip_src = RTE_IPV4(4,6,7,8), 6624418919fSjohnjiang .proto = 0x50, 6634418919fSjohnjiang .vlan = 0x6466, 6644418919fSjohnjiang .port_src = 12345, 6654418919fSjohnjiang .port_dst = 12345, 6664418919fSjohnjiang }, /* should not match */ 6674418919fSjohnjiang }; 6684418919fSjohnjiang 669*2d9fd380Sjfb8856606 /* 670*2d9fd380Sjfb8856606 * ruleset for ACL 32 bit range (by src addr) unit test 671*2d9fd380Sjfb8856606 * keep them ordered by priority in descending order. 672*2d9fd380Sjfb8856606 */ 673*2d9fd380Sjfb8856606 struct rte_acl_ipv4vlan_rule acl_u32_range_test_rules[] = { 674*2d9fd380Sjfb8856606 { 675*2d9fd380Sjfb8856606 .data = { 676*2d9fd380Sjfb8856606 .userdata = 500, 677*2d9fd380Sjfb8856606 .category_mask = ACL_ALLOW_MASK, 678*2d9fd380Sjfb8856606 .priority = 500 679*2d9fd380Sjfb8856606 }, 680*2d9fd380Sjfb8856606 .src_addr = RTE_IPV4(0, 0, 0, 1), 681*2d9fd380Sjfb8856606 .src_mask_len = RTE_IPV4(0, 0, 2, 58), 682*2d9fd380Sjfb8856606 }, 683*2d9fd380Sjfb8856606 { 684*2d9fd380Sjfb8856606 .data = { 685*2d9fd380Sjfb8856606 .userdata = 400, 686*2d9fd380Sjfb8856606 .category_mask = ACL_ALLOW_MASK, 687*2d9fd380Sjfb8856606 .priority = 400 688*2d9fd380Sjfb8856606 }, 689*2d9fd380Sjfb8856606 .src_addr = RTE_IPV4(0, 4, 3, 2), 690*2d9fd380Sjfb8856606 .src_mask_len = RTE_IPV4(0, 4, 7, 255), 691*2d9fd380Sjfb8856606 }, 692*2d9fd380Sjfb8856606 { 693*2d9fd380Sjfb8856606 .data = { 694*2d9fd380Sjfb8856606 .userdata = 300, 695*2d9fd380Sjfb8856606 .category_mask = ACL_ALLOW_MASK, 696*2d9fd380Sjfb8856606 .priority = 300 697*2d9fd380Sjfb8856606 }, 698*2d9fd380Sjfb8856606 .src_addr = RTE_IPV4(0, 1, 12, 14), 699*2d9fd380Sjfb8856606 .src_mask_len = RTE_IPV4(0, 3, 11, 13), 700*2d9fd380Sjfb8856606 }, 701*2d9fd380Sjfb8856606 { 702*2d9fd380Sjfb8856606 .data = { 703*2d9fd380Sjfb8856606 .userdata = 200, 704*2d9fd380Sjfb8856606 .category_mask = ACL_ALLOW_MASK, 705*2d9fd380Sjfb8856606 .priority = 200 706*2d9fd380Sjfb8856606 }, 707*2d9fd380Sjfb8856606 .src_addr = RTE_IPV4(0, 0, 1, 40), 708*2d9fd380Sjfb8856606 .src_mask_len = RTE_IPV4(0, 4, 5, 6), 709*2d9fd380Sjfb8856606 }, 710*2d9fd380Sjfb8856606 }; 711*2d9fd380Sjfb8856606 7124418919fSjohnjiang #endif /* TEST_ACL_H_ */ 713