[v3,2/2] app/testpmd: add support for integrity item
Checks
Commit Message
From: Ori Kam <orika@nvidia.com>
The integrity item allows the application to match
on the integrity of a packet.
use example:
match that packet integrity checks are ok. The checks depend on
packet layers. For example ICMP packet will not check L4 level.
flow create 0 ingress pattern integrity value mask 0x01 value spec 0x01
match that L4 packet is ok - check L2 & L3 & L4 layers:
flow create 0 ingress pattern integrity value mask 0xfe value spec 0xfe
Signed-off-by: Ori Kam <orika@nvidia.com>
Signed-off-by: Gregory Etelson <getelson@nvidia.com>
---
app/test-pmd/cmdline_flow.c | 39 +++++++++++++++++++++
doc/guides/testpmd_app_ug/testpmd_funcs.rst | 7 ++++
2 files changed, 46 insertions(+)
Comments
On 4/13/2021 4:16 PM, Gregory Etelson wrote:
> From: Ori Kam <orika@nvidia.com>
>
> The integrity item allows the application to match
> on the integrity of a packet.
>
> use example:
> match that packet integrity checks are ok. The checks depend on
> packet layers. For example ICMP packet will not check L4 level.
> flow create 0 ingress pattern integrity value mask 0x01 value spec 0x01
> match that L4 packet is ok - check L2 & L3 & L4 layers:
> flow create 0 ingress pattern integrity value mask 0xfe value spec 0xfe
>
> Signed-off-by: Ori Kam <orika@nvidia.com>
> Signed-off-by: Gregory Etelson <getelson@nvidia.com>
> ---
> app/test-pmd/cmdline_flow.c | 39 +++++++++++++++++++++
> doc/guides/testpmd_app_ug/testpmd_funcs.rst | 7 ++++
> 2 files changed, 46 insertions(+)
>
> diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c
> index fb7a3a8bd3..b5dec34325 100644
> --- a/app/test-pmd/cmdline_flow.c
> +++ b/app/test-pmd/cmdline_flow.c
> @@ -289,6 +289,9 @@ enum index {
> ITEM_GENEVE_OPT_TYPE,
> ITEM_GENEVE_OPT_LENGTH,
> ITEM_GENEVE_OPT_DATA,
> + ITEM_INTEGRITY,
> + ITEM_INTEGRITY_LEVEL,
> + ITEM_INTEGRITY_VALUE,
>
> /* Validate/create actions. */
> ACTIONS,
> @@ -956,6 +959,7 @@ static const enum index next_item[] = {
> ITEM_PFCP,
> ITEM_ECPRI,
> ITEM_GENEVE_OPT,
> + ITEM_INTEGRITY,
> END_SET,
> ZERO,
> };
> @@ -1307,6 +1311,19 @@ static const enum index item_geneve_opt[] = {
> ZERO,
> };
>
> +static const enum index item_integrity[] = {
> + ITEM_INTEGRITY_LEVEL,
> + ITEM_INTEGRITY_VALUE,
> + ZERO,
> +};
> +
> +static const enum index item_integrity_lv[] = {
> + ITEM_INTEGRITY_LEVEL,
> + ITEM_INTEGRITY_VALUE,
> + ITEM_NEXT,
> + ZERO,
> +};
> +
> static const enum index next_action[] = {
> ACTION_END,
> ACTION_VOID,
> @@ -3373,6 +3390,28 @@ static const struct token token_list[] = {
> (sizeof(struct rte_flow_item_geneve_opt),
> ITEM_GENEVE_OPT_DATA_SIZE)),
> },
> + [ITEM_INTEGRITY] = {
> + .name = "integrity",
> + .help = "match packet integrity",
> + .priv = PRIV_ITEM(INTEGRITY,
> + sizeof(struct rte_flow_item_integrity)),
> + .next = NEXT(item_integrity),
> + .call = parse_vc,
> + },
> + [ITEM_INTEGRITY_LEVEL] = {
> + .name = "level",
> + .help = "integrity level",
> + .next = NEXT(item_integrity_lv, NEXT_ENTRY(UNSIGNED),
> + item_param),
> + .args = ARGS(ARGS_ENTRY(struct rte_flow_item_integrity, level)),
> + },
> + [ITEM_INTEGRITY_VALUE] = {
> + .name = "value",
> + .help = "integrity value",
> + .next = NEXT(item_integrity_lv, NEXT_ENTRY(UNSIGNED),
> + item_param),
> + .args = ARGS(ARGS_ENTRY(struct rte_flow_item_integrity, value)),
> + },
> /* Validate/create actions. */
> [ACTIONS] = {
> .name = "actions",
> diff --git a/doc/guides/testpmd_app_ug/testpmd_funcs.rst b/doc/guides/testpmd_app_ug/testpmd_funcs.rst
> index 36f0a328a5..f1ad674336 100644
> --- a/doc/guides/testpmd_app_ug/testpmd_funcs.rst
> +++ b/doc/guides/testpmd_app_ug/testpmd_funcs.rst
> @@ -3783,6 +3783,13 @@ This section lists supported pattern items and their attributes, if any.
> - ``s_field {unsigned}``: S field.
> - ``seid {unsigned}``: session endpoint identifier.
>
> +- ``integrity``: match packet integrity.
> +
> + - ``level {unsigned}``: Packet encapsulation level the item should
> + apply to. See rte_flow_action_rss for details.
> + - ``value {unsigned}``: A bitmask that specify what packet elements
> + must be matched for integrity.
> +
> Actions list
> ^^^^^^^^^^^^
>
I was thinking about adding same sample rules, if you check through the end of
this same documentation, there are various sections to document samples of
various flow commands. Can it be possible to add some samples for the integrity
flow rules?
@@ -289,6 +289,9 @@ enum index {
ITEM_GENEVE_OPT_TYPE,
ITEM_GENEVE_OPT_LENGTH,
ITEM_GENEVE_OPT_DATA,
+ ITEM_INTEGRITY,
+ ITEM_INTEGRITY_LEVEL,
+ ITEM_INTEGRITY_VALUE,
/* Validate/create actions. */
ACTIONS,
@@ -956,6 +959,7 @@ static const enum index next_item[] = {
ITEM_PFCP,
ITEM_ECPRI,
ITEM_GENEVE_OPT,
+ ITEM_INTEGRITY,
END_SET,
ZERO,
};
@@ -1307,6 +1311,19 @@ static const enum index item_geneve_opt[] = {
ZERO,
};
+static const enum index item_integrity[] = {
+ ITEM_INTEGRITY_LEVEL,
+ ITEM_INTEGRITY_VALUE,
+ ZERO,
+};
+
+static const enum index item_integrity_lv[] = {
+ ITEM_INTEGRITY_LEVEL,
+ ITEM_INTEGRITY_VALUE,
+ ITEM_NEXT,
+ ZERO,
+};
+
static const enum index next_action[] = {
ACTION_END,
ACTION_VOID,
@@ -3373,6 +3390,28 @@ static const struct token token_list[] = {
(sizeof(struct rte_flow_item_geneve_opt),
ITEM_GENEVE_OPT_DATA_SIZE)),
},
+ [ITEM_INTEGRITY] = {
+ .name = "integrity",
+ .help = "match packet integrity",
+ .priv = PRIV_ITEM(INTEGRITY,
+ sizeof(struct rte_flow_item_integrity)),
+ .next = NEXT(item_integrity),
+ .call = parse_vc,
+ },
+ [ITEM_INTEGRITY_LEVEL] = {
+ .name = "level",
+ .help = "integrity level",
+ .next = NEXT(item_integrity_lv, NEXT_ENTRY(UNSIGNED),
+ item_param),
+ .args = ARGS(ARGS_ENTRY(struct rte_flow_item_integrity, level)),
+ },
+ [ITEM_INTEGRITY_VALUE] = {
+ .name = "value",
+ .help = "integrity value",
+ .next = NEXT(item_integrity_lv, NEXT_ENTRY(UNSIGNED),
+ item_param),
+ .args = ARGS(ARGS_ENTRY(struct rte_flow_item_integrity, value)),
+ },
/* Validate/create actions. */
[ACTIONS] = {
.name = "actions",
@@ -3783,6 +3783,13 @@ This section lists supported pattern items and their attributes, if any.
- ``s_field {unsigned}``: S field.
- ``seid {unsigned}``: session endpoint identifier.
+- ``integrity``: match packet integrity.
+
+ - ``level {unsigned}``: Packet encapsulation level the item should
+ apply to. See rte_flow_action_rss for details.
+ - ``value {unsigned}``: A bitmask that specify what packet elements
+ must be matched for integrity.
+
Actions list
^^^^^^^^^^^^