2 Copyright(c) 2017 Intel Corporation. All rights reserved.
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions
9 * Redistributions of source code must retain the above copyright
10 notice, this list of conditions and the following disclaimer.
11 * Redistributions in binary form must reproduce the above copyright
12 notice, this list of conditions and the following disclaimer in
13 the documentation and/or other materials provided with the
15 * Neither the name of Intel Corporation nor the names of its
16 contributors may be used to endorse or promote products derived
17 from this software without specific prior written permission.
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 Flow Classification Library
32 ===========================
34 DPDK provides a Flow Classification library that provides the ability
35 to classify an input packet by matching it against a set of Flow rules.
37 The initial implementation supports counting of IPv4 5-tuple packets which match
38 a particular Flow rule only.
44 The Flow Classification library uses the ``librte_table`` API for managing Flow
45 rules and matching packets against the Flow rules.
46 The library is table agnostic and can use the following tables:
47 ``Access Control List``, ``Hash`` and ``Longest Prefix Match(LPM)``.
48 The ``Access Control List`` table is used in the initial implementation.
51 :doc:`./packet_framework`
52 for more information.on ``librte_table``.
54 DPDK provides an Access Control List library that provides the ability to
55 classify an input packet based on a set of classification rules.
58 :doc:`./packet_classif_access_ctrl`
59 library for more information on ``librte_acl``.
61 There is also a Flow Classify sample application which demonstrates the use of
62 the Flow Classification Library API's.
65 :doc:`../sample_app_ug/flow_classify`
66 for more information on the ``flow_classify`` sample application.
71 The library has the following API's
76 * Flow classifier create
79 * Parameters for flow classifier creation
81 * Handle to flow classifier instance on success or NULL otherwise
83 struct rte_flow_classifier *
84 rte_flow_classifier_create(struct rte_flow_classifier_params *params);
87 * Flow classifier free
90 * Handle to flow classifier instance
92 * 0 on success, error code otherwise
95 rte_flow_classifier_free(struct rte_flow_classifier *cls);
98 * Flow classify table create
101 * Handle to flow classifier instance
103 * Parameters for flow_classify table creation
105 * Table ID. Valid only within the scope of table IDs of the current
106 * classifier. Only returned after a successful invocation.
108 * 0 on success, error code otherwise
111 rte_flow_classify_table_create(struct rte_flow_classifier *cls,
112 struct rte_flow_classify_table_params *params,
116 * Add a flow classify rule to the flow_classifier table.
119 * Flow classifier handle
120 * @param[in] table_id
123 * Flow rule attributes
125 * Pattern specification (list terminated by the END pattern item).
127 * Associated actions (list terminated by the END pattern item).
129 * Perform verbose error reporting if not NULL. Structure
130 * initialised in case of error only.
132 * A valid handle in case of success, NULL otherwise.
134 struct rte_flow_classify_rule *
135 rte_flow_classify_table_entry_add(struct rte_flow_classifier *cls,
137 const struct rte_flow_attr *attr,
138 const struct rte_flow_item pattern[],
139 const struct rte_flow_action actions[],
140 struct rte_flow_error *error);
143 * Delete a flow classify rule from the flow_classifier table.
146 * Flow classifier handle
147 * @param[in] table_id
152 * 0 on success, error code otherwise.
155 rte_flow_classify_table_entry_delete(struct rte_flow_classifier *cls,
157 struct rte_flow_classify_rule *rule);
160 * Query flow classifier for given rule.
163 * Flow classifier handle
164 * @param[in] table_id
167 * Pointer to packets to process
169 * Number of packets to process
173 * Flow classify stats
176 * 0 on success, error code otherwise.
179 rte_flow_classifier_query(struct rte_flow_classifier *cls,
181 struct rte_mbuf **pkts,
182 const uint16_t nb_pkts,
183 struct rte_flow_classify_rule *rule,
184 struct rte_flow_classify_stats *stats);
189 The application creates the ``Classifier`` using the
190 ``rte_flow_classifier_create`` API.
191 The ``rte_flow_classify_params`` structure must be initialised by the
192 application before calling the API.
196 struct rte_flow_classifier_params {
197 /** flow classifier name */
200 /** CPU socket ID where memory for the flow classifier and its */
201 /** elements (tables) should be allocated */
205 enum rte_flow_classify_table_type type;
208 The ``Classifier`` has the following internal structures:
213 /* Input parameters */
214 struct rte_table_ops ops;
216 enum rte_flow_classify_table_type type;
218 /* Handle to the low-level table object */
222 #define RTE_FLOW_CLASSIFIER_MAX_NAME_SZ 256
224 struct rte_flow_classifier {
225 /* Input parameters */
226 char name[RTE_FLOW_CLASSIFIER_MAX_NAME_SZ];
228 enum rte_flow_classify_table_type type;
230 /* Internal tables */
231 struct rte_table tables[RTE_FLOW_CLASSIFY_TABLE_MAX];
234 struct rte_flow_classify_table_entry
235 *entries[RTE_PORT_IN_BURST_SIZE_MAX];
236 } __rte_cache_aligned;
238 Adding a table to the Classifier
239 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
241 The application adds a table to the ``Classifier`` using the
242 ``rte_flow_classify_table_create`` API.
243 The ``rte_flow_classify_table_params`` structure must be initialised by the
244 application before calling the API.
248 struct rte_flow_classify_table_params {
249 /** Table operations (specific to each table type) */
250 struct rte_table_ops *ops;
252 /** Opaque param to be passed to the table create operation */
255 /** Memory size to be reserved per classifier object entry for */
256 /** storing meta data */
257 uint32_t table_metadata_size;
260 To create an ACL table the ``rte_table_acl_params`` structure must be
261 initialised and assigned to ``arg_create`` in the
262 ``rte_flow_classify_table_params`` structure.
266 struct rte_table_acl_params {
270 /** Maximum number of ACL rules in the table */
273 /** Number of fields in the ACL rule specification */
274 uint32_t n_rule_fields;
276 /** Format specification of the fields of the ACL rule */
277 struct rte_acl_field_def field_format[RTE_ACL_MAX_FIELDS];
280 The fields for the ACL rule must also be initialised by the application.
282 An ACL table can be added to the ``Classifier`` for each ACL rule, for example
283 another table could be added for the IPv6 5-tuple rule.
288 The library currently supports three IPv4 5-tuple flow patterns, for UDP, TCP
293 /* Pattern for IPv4 5-tuple UDP filter */
294 static enum rte_flow_item_type pattern_ntuple_1[] = {
295 RTE_FLOW_ITEM_TYPE_ETH,
296 RTE_FLOW_ITEM_TYPE_IPV4,
297 RTE_FLOW_ITEM_TYPE_UDP,
298 RTE_FLOW_ITEM_TYPE_END,
301 /* Pattern for IPv4 5-tuple TCP filter */
302 static enum rte_flow_item_type pattern_ntuple_2[] = {
303 RTE_FLOW_ITEM_TYPE_ETH,
304 RTE_FLOW_ITEM_TYPE_IPV4,
305 RTE_FLOW_ITEM_TYPE_TCP,
306 RTE_FLOW_ITEM_TYPE_END,
309 /* Pattern for IPv4 5-tuple SCTP filter */
310 static enum rte_flow_item_type pattern_ntuple_3[] = {
311 RTE_FLOW_ITEM_TYPE_ETH,
312 RTE_FLOW_ITEM_TYPE_IPV4,
313 RTE_FLOW_ITEM_TYPE_SCTP,
314 RTE_FLOW_ITEM_TYPE_END,
317 The internal function ``flow_classify_parse_flow`` parses the
318 IPv4 5-tuple pattern, attributes and actions and returns the 5-tuple data in the
319 ``rte_eth_ntuple_filter`` structure.
324 flow_classify_parse_flow(
325 const struct rte_flow_attr *attr,
326 const struct rte_flow_item pattern[],
327 const struct rte_flow_action actions[],
328 struct rte_flow_error *error)
333 The ``rte_flow_classify_table_entry_add`` API creates an
334 ``rte_flow_classify`` object which contains the flow_classify id and type, the
335 action, a union of add and delete keys and a union of rules.
336 It uses the ``flow_classify_parse_flow`` internal function for parsing the
338 The 5-tuple ACL key data is obtained from the ``rte_eth_ntuple_filter``
339 structure populated by the ``classify_parse_ntuple_filter`` function which
340 parses the Flow rule.
345 struct rte_table_acl_rule_add_params key_add; /* add key */
346 struct rte_table_acl_rule_delete_params key_del; /* delete key */
349 struct classify_rules {
350 enum rte_flow_classify_rule_type type;
352 struct rte_flow_classify_ipv4_5tuple ipv4_5tuple;
356 struct rte_flow_classify {
357 uint32_t id; /* unique ID of classify object */
358 struct rte_flow_action action; /* action when match found */
359 struct classify_rules rules; /* union of rules */
363 int key_found; /* rule key found in table */
364 void *entry; /* pointer to buffer to hold rule meta data */
365 void *entry_ptr; /* handle to the table entry for rule meta data */
368 It then calls the ``table[table_id].ops.f_add`` API to add the rule to the ACL
374 The ``rte_flow_classify_table_entry_delete`` API calls the
375 ``table[table_id].ops.f_delete`` API to delete a rule from the ACL table.
380 The ``rte_flow_classifier_query`` API is used to find packets which match a
381 given flow Flow rule in the table.
382 This API calls the flow_classify_run internal function which calls the
383 ``table[table_id].ops.f_lookup`` API to see if any packets in a burst match any
384 of the Flow rules in the table.
385 The meta data for the highest priority rule matched for each packet is returned
386 in the entries array in the ``rte_flow_classify`` object.
387 The internal function ``action_apply`` implements the ``Count`` action which is
388 used to return data which matches a particular Flow rule.
390 The rte_flow_classifier_query API uses the following structures to return data
395 /** IPv4 5-tuple data */
396 struct rte_flow_classify_ipv4_5tuple {
397 uint32_t dst_ip; /**< Destination IP address in big endian. */
398 uint32_t dst_ip_mask; /**< Mask of destination IP address. */
399 uint32_t src_ip; /**< Source IP address in big endian. */
400 uint32_t src_ip_mask; /**< Mask of destination IP address. */
401 uint16_t dst_port; /**< Destination port in big endian. */
402 uint16_t dst_port_mask; /**< Mask of destination port. */
403 uint16_t src_port; /**< Source Port in big endian. */
404 uint16_t src_port_mask; /**< Mask of source port. */
405 uint8_t proto; /**< L4 protocol. */
406 uint8_t proto_mask; /**< Mask of L4 protocol. */
412 * For the count action, stats can be returned by the query API.
414 * Storage for stats is provided by the application.
418 struct rte_flow_classify_stats {
422 struct rte_flow_classify_5tuple_stats {
423 /** count of packets that match IPv4 5tuple pattern */
425 /** IPv4 5tuple data */
426 struct rte_flow_classify_ipv4_5tuple ipv4_5tuple;