1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2010-2014 Intel Corporation 3 */ 4 5 #ifndef TEST_ACL_H_ 6 #define TEST_ACL_H_ 7 8 struct ipv4_7tuple { 9 uint16_t vlan; 10 uint16_t domain; 11 uint8_t proto; 12 uint32_t ip_src; 13 uint32_t ip_dst; 14 uint16_t port_src; 15 uint16_t port_dst; 16 uint32_t allow; 17 uint32_t deny; 18 }; 19 20 /** 21 * Legacy support for 7-tuple IPv4 and VLAN rule. 22 * This structure and corresponding API is deprecated. 23 */ 24 struct rte_acl_ipv4vlan_rule { 25 struct rte_acl_rule_data data; /**< Miscellaneous data for the rule. */ 26 uint8_t proto; /**< IPv4 protocol ID. */ 27 uint8_t proto_mask; /**< IPv4 protocol ID mask. */ 28 uint16_t vlan; /**< VLAN ID. */ 29 uint16_t vlan_mask; /**< VLAN ID mask. */ 30 uint16_t domain; /**< VLAN domain. */ 31 uint16_t domain_mask; /**< VLAN domain mask. */ 32 uint32_t src_addr; /**< IPv4 source address. */ 33 uint32_t src_mask_len; /**< IPv4 source address mask. */ 34 uint32_t dst_addr; /**< IPv4 destination address. */ 35 uint32_t dst_mask_len; /**< IPv4 destination address mask. */ 36 uint16_t src_port_low; /**< L4 source port low. */ 37 uint16_t src_port_high; /**< L4 source port high. */ 38 uint16_t dst_port_low; /**< L4 destination port low. */ 39 uint16_t dst_port_high; /**< L4 destination port high. */ 40 }; 41 42 /** 43 * Specifies fields layout inside rte_acl_rule for rte_acl_ipv4vlan_rule. 44 */ 45 enum { 46 RTE_ACL_IPV4VLAN_PROTO_FIELD, 47 RTE_ACL_IPV4VLAN_VLAN1_FIELD, 48 RTE_ACL_IPV4VLAN_VLAN2_FIELD, 49 RTE_ACL_IPV4VLAN_SRC_FIELD, 50 RTE_ACL_IPV4VLAN_DST_FIELD, 51 RTE_ACL_IPV4VLAN_SRCP_FIELD, 52 RTE_ACL_IPV4VLAN_DSTP_FIELD, 53 RTE_ACL_IPV4VLAN_NUM_FIELDS 54 }; 55 56 /** 57 * Macro to define rule size for rte_acl_ipv4vlan_rule. 58 */ 59 #define RTE_ACL_IPV4VLAN_RULE_SZ \ 60 RTE_ACL_RULE_SZ(RTE_ACL_IPV4VLAN_NUM_FIELDS) 61 62 /* 63 * That effectively defines order of IPV4VLAN classifications: 64 * - PROTO 65 * - VLAN (TAG and DOMAIN) 66 * - SRC IP ADDRESS 67 * - DST IP ADDRESS 68 * - PORTS (SRC and DST) 69 */ 70 enum { 71 RTE_ACL_IPV4VLAN_PROTO, 72 RTE_ACL_IPV4VLAN_VLAN, 73 RTE_ACL_IPV4VLAN_SRC, 74 RTE_ACL_IPV4VLAN_DST, 75 RTE_ACL_IPV4VLAN_PORTS, 76 RTE_ACL_IPV4VLAN_NUM 77 }; 78 79 /* rules for invalid layout test */ 80 struct rte_acl_ipv4vlan_rule invalid_layout_rules[] = { 81 /* test src and dst address */ 82 { 83 .data = {.userdata = 1, .category_mask = 1, 84 .priority = 1}, 85 .src_addr = RTE_IPV4(10,0,0,0), 86 .src_mask_len = 24, 87 }, 88 { 89 .data = {.userdata = 2, .category_mask = 1, 90 .priority = 1}, 91 .dst_addr = RTE_IPV4(10,0,0,0), 92 .dst_mask_len = 24, 93 }, 94 /* test src and dst ports */ 95 { 96 .data = {.userdata = 3, .category_mask = 1, 97 .priority = 1}, 98 .dst_port_low = 100, 99 .dst_port_high = 100, 100 }, 101 { 102 .data = {.userdata = 4, .category_mask = 1, 103 .priority = 1}, 104 .src_port_low = 100, 105 .src_port_high = 100, 106 }, 107 /* test proto */ 108 { 109 .data = {.userdata = 5, .category_mask = 1, 110 .priority = 1}, 111 .proto = 0xf, 112 .proto_mask = 0xf 113 }, 114 { 115 .data = {.userdata = 6, .category_mask = 1, 116 .priority = 1}, 117 .dst_port_low = 0xf, 118 .dst_port_high = 0xf, 119 } 120 }; 121 122 /* these might look odd because they don't match up the rules. This is 123 * intentional, as the invalid layout test presumes returning the correct 124 * results using the wrong data layout. 125 */ 126 struct ipv4_7tuple invalid_layout_data[] = { 127 {.ip_src = RTE_IPV4(10,0,1,0)}, /* should not match */ 128 {.ip_src = RTE_IPV4(10,0,0,1), .allow = 2}, /* should match 2 */ 129 {.port_src = 100, .allow = 4}, /* should match 4 */ 130 {.port_dst = 0xf, .allow = 6}, /* should match 6 */ 131 }; 132 133 #define ACL_ALLOW 0 134 #define ACL_DENY 1 135 #define ACL_ALLOW_MASK 0x1 136 #define ACL_DENY_MASK 0x2 137 138 /* ruleset for ACL unit test */ 139 struct rte_acl_ipv4vlan_rule acl_test_rules[] = { 140 /* destination IP addresses */ 141 /* matches all packets traveling to 192.168.0.0/16 */ 142 { 143 .data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK, 144 .priority = 230}, 145 .dst_addr = RTE_IPV4(192,168,0,0), 146 .dst_mask_len = 16, 147 .src_port_low = 0, 148 .src_port_high = 0xffff, 149 .dst_port_low = 0, 150 .dst_port_high = 0xffff, 151 }, 152 /* matches all packets traveling to 192.168.1.0/24 */ 153 { 154 .data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK, 155 .priority = 330}, 156 .dst_addr = RTE_IPV4(192,168,1,0), 157 .dst_mask_len = 24, 158 .src_port_low = 0, 159 .src_port_high = 0xffff, 160 .dst_port_low = 0, 161 .dst_port_high = 0xffff, 162 }, 163 /* matches all packets traveling to 192.168.1.50 */ 164 { 165 .data = {.userdata = 3, .category_mask = ACL_DENY_MASK, 166 .priority = 230}, 167 .dst_addr = RTE_IPV4(192,168,1,50), 168 .dst_mask_len = 32, 169 .src_port_low = 0, 170 .src_port_high = 0xffff, 171 .dst_port_low = 0, 172 .dst_port_high = 0xffff, 173 }, 174 175 /* source IP addresses */ 176 /* matches all packets traveling from 10.0.0.0/8 */ 177 { 178 .data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK, 179 .priority = 240}, 180 .src_addr = RTE_IPV4(10,0,0,0), 181 .src_mask_len = 8, 182 .src_port_low = 0, 183 .src_port_high = 0xffff, 184 .dst_port_low = 0, 185 .dst_port_high = 0xffff, 186 }, 187 /* matches all packets traveling from 10.1.1.0/24 */ 188 { 189 .data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK, 190 .priority = 340}, 191 .src_addr = RTE_IPV4(10,1,1,0), 192 .src_mask_len = 24, 193 .src_port_low = 0, 194 .src_port_high = 0xffff, 195 .dst_port_low = 0, 196 .dst_port_high = 0xffff, 197 }, 198 /* matches all packets traveling from 10.1.1.1 */ 199 { 200 .data = {.userdata = 6, .category_mask = ACL_DENY_MASK, 201 .priority = 240}, 202 .src_addr = RTE_IPV4(10,1,1,1), 203 .src_mask_len = 32, 204 .src_port_low = 0, 205 .src_port_high = 0xffff, 206 .dst_port_low = 0, 207 .dst_port_high = 0xffff, 208 }, 209 210 /* VLAN tag */ 211 /* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */ 212 { 213 .data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK, 214 .priority = 260}, 215 .vlan = 0x64, 216 .vlan_mask = 0x7f, 217 .src_port_low = 0, 218 .src_port_high = 0xffff, 219 .dst_port_low = 0, 220 .dst_port_high = 0xffff, 221 }, 222 /* matches all packets with VLAN tags that have 0x5 in them */ 223 { 224 .data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK, 225 .priority = 260}, 226 .vlan = 0x5, 227 .vlan_mask = 0x5, 228 .src_port_low = 0, 229 .src_port_high = 0xffff, 230 .dst_port_low = 0, 231 .dst_port_high = 0xffff, 232 }, 233 /* matches all packets with VLAN tag 5 */ 234 { 235 .data = {.userdata = 9, .category_mask = ACL_DENY_MASK, 236 .priority = 360}, 237 .vlan = 0x5, 238 .vlan_mask = 0xffff, 239 .src_port_low = 0, 240 .src_port_high = 0xffff, 241 .dst_port_low = 0, 242 .dst_port_high = 0xffff, 243 }, 244 245 /* VLAN domain */ 246 /* matches all packets with lower 7 bytes of domain equal to 0x64 */ 247 { 248 .data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK, 249 .priority = 250}, 250 .domain = 0x64, 251 .domain_mask = 0x7f, 252 .src_port_low = 0, 253 .src_port_high = 0xffff, 254 .dst_port_low = 0, 255 .dst_port_high = 0xffff, 256 }, 257 /* matches all packets with domains that have 0x5 in them */ 258 { 259 .data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK, 260 .priority = 350}, 261 .domain = 0x5, 262 .domain_mask = 0x5, 263 .src_port_low = 0, 264 .src_port_high = 0xffff, 265 .dst_port_low = 0, 266 .dst_port_high = 0xffff, 267 }, 268 /* matches all packets with domain 5 */ 269 { 270 .data = {.userdata = 12, .category_mask = ACL_DENY_MASK, 271 .priority = 350}, 272 .domain = 0x5, 273 .domain_mask = 0xffff, 274 .src_port_low = 0, 275 .src_port_high = 0xffff, 276 .dst_port_low = 0, 277 .dst_port_high = 0xffff, 278 }, 279 280 /* destination port */ 281 /* matches everything with dst port 80 */ 282 { 283 .data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK, 284 .priority = 310}, 285 .dst_port_low = 80, 286 .dst_port_high = 80, 287 .src_port_low = 0, 288 .src_port_high = 0xffff, 289 }, 290 /* matches everything with dst port 22-1023 */ 291 { 292 .data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK, 293 .priority = 210}, 294 .dst_port_low = 22, 295 .dst_port_high = 1023, 296 .src_port_low = 0, 297 .src_port_high = 0xffff, 298 }, 299 /* matches everything with dst port 1020 */ 300 { 301 .data = {.userdata = 15, .category_mask = ACL_DENY_MASK, 302 .priority = 310}, 303 .dst_port_low = 1020, 304 .dst_port_high = 1020, 305 .src_port_low = 0, 306 .src_port_high = 0xffff, 307 }, 308 /* matches everything with dst portrange 1000-2000 */ 309 { 310 .data = {.userdata = 16, .category_mask = ACL_DENY_MASK, 311 .priority = 210}, 312 .dst_port_low = 1000, 313 .dst_port_high = 2000, 314 .src_port_low = 0, 315 .src_port_high = 0xffff, 316 }, 317 318 /* source port */ 319 /* matches everything with src port 80 */ 320 { 321 .data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK, 322 .priority = 320}, 323 .src_port_low = 80, 324 .src_port_high = 80, 325 .dst_port_low = 0, 326 .dst_port_high = 0xffff, 327 }, 328 /* matches everything with src port 22-1023 */ 329 { 330 .data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK, 331 .priority = 220}, 332 .src_port_low = 22, 333 .src_port_high = 1023, 334 .dst_port_low = 0, 335 .dst_port_high = 0xffff, 336 }, 337 /* matches everything with src port 1020 */ 338 { 339 .data = {.userdata = 19, .category_mask = ACL_DENY_MASK, 340 .priority = 320}, 341 .src_port_low = 1020, 342 .src_port_high = 1020, 343 .dst_port_low = 0, 344 .dst_port_high = 0xffff, 345 }, 346 /* matches everything with src portrange 1000-2000 */ 347 { 348 .data = {.userdata = 20, .category_mask = ACL_DENY_MASK, 349 .priority = 220}, 350 .src_port_low = 1000, 351 .src_port_high = 2000, 352 .dst_port_low = 0, 353 .dst_port_high = 0xffff, 354 }, 355 356 /* protocol number */ 357 /* matches all packets with protocol number either 0x64 or 0xE4 */ 358 { 359 .data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK, 360 .priority = 270}, 361 .proto = 0x64, 362 .proto_mask = 0x7f, 363 .src_port_low = 0, 364 .src_port_high = 0xffff, 365 .dst_port_low = 0, 366 .dst_port_high = 0xffff, 367 }, 368 /* matches all packets with protocol that have 0x5 in them */ 369 { 370 .data = {.userdata = 22, .category_mask = ACL_ALLOW_MASK, 371 .priority = 1}, 372 .proto = 0x5, 373 .proto_mask = 0x5, 374 .src_port_low = 0, 375 .src_port_high = 0xffff, 376 .dst_port_low = 0, 377 .dst_port_high = 0xffff, 378 }, 379 /* matches all packets with protocol 5 */ 380 { 381 .data = {.userdata = 23, .category_mask = ACL_DENY_MASK, 382 .priority = 370}, 383 .proto = 0x5, 384 .proto_mask = 0xff, 385 .src_port_low = 0, 386 .src_port_high = 0xffff, 387 .dst_port_low = 0, 388 .dst_port_high = 0xffff, 389 }, 390 391 /* rules combining various fields */ 392 { 393 .data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK, 394 .priority = 400}, 395 /** make sure that unmasked bytes don't fail! */ 396 .dst_addr = RTE_IPV4(1,2,3,4), 397 .dst_mask_len = 16, 398 .src_addr = RTE_IPV4(5,6,7,8), 399 .src_mask_len = 24, 400 .proto = 0x5, 401 .proto_mask = 0xff, 402 .src_port_low = 0, 403 .src_port_high = 0xffff, 404 .dst_port_low = 22, 405 .dst_port_high = 1024, 406 .vlan = 0x8100, 407 .vlan_mask = 0xffff, 408 .domain = 0x64, 409 .domain_mask = 0xffff, 410 }, 411 { 412 .data = {.userdata = 25, .category_mask = ACL_DENY_MASK, 413 .priority = 400}, 414 .dst_addr = RTE_IPV4(5,6,7,8), 415 .dst_mask_len = 24, 416 .src_addr = RTE_IPV4(1,2,3,4), 417 .src_mask_len = 16, 418 .proto = 0x5, 419 .proto_mask = 0xff, 420 .src_port_low = 0, 421 .src_port_high = 0xffff, 422 .dst_port_low = 22, 423 .dst_port_high = 1024, 424 .vlan = 0x8100, 425 .vlan_mask = 0xffff, 426 .domain = 0x64, 427 .domain_mask = 0xffff, 428 }, 429 { 430 .data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK, 431 .priority = 500}, 432 .dst_addr = RTE_IPV4(1,2,3,4), 433 .dst_mask_len = 8, 434 .src_addr = RTE_IPV4(5,6,7,8), 435 .src_mask_len = 32, 436 .proto = 0x5, 437 .proto_mask = 0xff, 438 .src_port_low = 0, 439 .src_port_high = 0xffff, 440 .dst_port_low = 22, 441 .dst_port_high = 1024, 442 .vlan = 0x64, 443 .vlan_mask = 0xffff, 444 }, 445 { 446 .data = {.userdata = 27, .category_mask = ACL_DENY_MASK, 447 .priority = 500}, 448 .dst_addr = RTE_IPV4(5,6,7,8), 449 .dst_mask_len = 32, 450 .src_addr = RTE_IPV4(1,2,3,4), 451 .src_mask_len = 8, 452 .proto = 0x5, 453 .proto_mask = 0xff, 454 .src_port_low = 0, 455 .src_port_high = 0xffff, 456 .dst_port_low = 22, 457 .dst_port_high = 1024, 458 .vlan = 0x64, 459 .vlan_mask = 0xffff, 460 }, 461 }; 462 463 /* data for ACL unit test */ 464 struct ipv4_7tuple acl_test_data[] = { 465 /* testing single rule aspects */ 466 {.ip_src = RTE_IPV4(10,0,0,0), .allow = 4}, /* should match 4 */ 467 {.ip_src = RTE_IPV4(10,1,1,2), .allow = 5}, /* should match 5 */ 468 {.ip_src = RTE_IPV4(10,1,1,1), .allow = 5, 469 .deny = 6}, /* should match 5, 6 */ 470 {.ip_dst = RTE_IPV4(10,0,0,0)}, /* should not match */ 471 {.ip_dst = RTE_IPV4(10,1,1,2)}, /* should not match */ 472 {.ip_dst = RTE_IPV4(10,1,1,1)}, /* should not match */ 473 474 {.ip_src = RTE_IPV4(192,168,2,50)}, /* should not match */ 475 {.ip_src = RTE_IPV4(192,168,1,2)}, /* should not match */ 476 {.ip_src = RTE_IPV4(192,168,1,50)}, /* should not match */ 477 {.ip_dst = RTE_IPV4(192,168,2,50), .allow = 1}, /* should match 1 */ 478 {.ip_dst = RTE_IPV4(192,168,1,49), .allow = 2}, /* should match 2 */ 479 {.ip_dst = RTE_IPV4(192,168,1,50), .allow = 2, 480 .deny = 3}, /* should match 2, 3 */ 481 482 {.vlan = 0x64, .allow = 7}, /* should match 7 */ 483 {.vlan = 0xfE4, .allow = 7}, /* should match 7 */ 484 {.vlan = 0xE2}, /* should not match */ 485 {.vlan = 0xD, .allow = 8}, /* should match 8 */ 486 {.vlan = 0x6}, /* should not match */ 487 {.vlan = 0x5, .allow = 8, .deny = 9}, /* should match 8, 9 */ 488 489 {.domain = 0x64, .allow = 10}, /* should match 10 */ 490 {.domain = 0xfE4, .allow = 10}, /* should match 10 */ 491 {.domain = 0xE2}, /* should not match */ 492 {.domain = 0xD, .allow = 11}, /* should match 11 */ 493 {.domain = 0x6}, /* should not match */ 494 {.domain = 0x5, .allow = 11, .deny = 12}, /* should match 11, 12 */ 495 496 {.port_dst = 80, .allow = 13}, /* should match 13 */ 497 {.port_dst = 79, .allow = 14}, /* should match 14 */ 498 {.port_dst = 81, .allow = 14}, /* should match 14 */ 499 {.port_dst = 21}, /* should not match */ 500 {.port_dst = 1024, .deny = 16}, /* should match 16 */ 501 {.port_dst = 1020, .allow = 14, .deny = 15}, /* should match 14, 15 */ 502 503 {.port_src = 80, .allow = 17}, /* should match 17 */ 504 {.port_src = 79, .allow = 18}, /* should match 18 */ 505 {.port_src = 81, .allow = 18}, /* should match 18 */ 506 {.port_src = 21}, /* should not match */ 507 {.port_src = 1024, .deny = 20}, /* should match 20 */ 508 {.port_src = 1020, .allow = 18, .deny = 19}, /* should match 18, 19 */ 509 510 {.proto = 0x64, .allow = 21}, /* should match 21 */ 511 {.proto = 0xE4, .allow = 21}, /* should match 21 */ 512 {.proto = 0xE2}, /* should not match */ 513 {.proto = 0xD, .allow = 22}, /* should match 22 */ 514 {.proto = 0x6}, /* should not match */ 515 {.proto = 0x5, .allow = 22, .deny = 23}, /* should match 22, 23 */ 516 517 /* testing matching multiple rules at once */ 518 {.vlan = 0x5, .ip_src = RTE_IPV4(10,1,1,1), 519 .allow = 5, .deny = 9}, /* should match 5, 9 */ 520 {.vlan = 0x5, .ip_src = RTE_IPV4(192,168,2,50), 521 .allow = 8, .deny = 9}, /* should match 8, 9 */ 522 {.vlan = 0x55, .ip_src = RTE_IPV4(192,168,1,49), 523 .allow = 8}, /* should match 8 */ 524 {.port_dst = 80, .port_src = 1024, 525 .allow = 13, .deny = 20}, /* should match 13,20 */ 526 {.port_dst = 79, .port_src = 1024, 527 .allow = 14, .deny = 20}, /* should match 14,20 */ 528 {.proto = 0x5, .ip_dst = RTE_IPV4(192,168,2,50), 529 .allow = 1, .deny = 23}, /* should match 1, 23 */ 530 531 {.proto = 0x5, .ip_dst = RTE_IPV4(192,168,1,50), 532 .allow = 2, .deny = 23}, /* should match 2, 23 */ 533 {.vlan = 0x64, .domain = 0x5, 534 .allow = 11, .deny = 12}, /* should match 11, 12 */ 535 {.proto = 0x5, .port_src = 80, 536 .allow = 17, .deny = 23}, /* should match 17, 23 */ 537 {.proto = 0x5, .port_dst = 80, 538 .allow = 13, .deny = 23}, /* should match 13, 23 */ 539 {.proto = 0x51, .port_src = 5000}, /* should not match */ 540 {.ip_src = RTE_IPV4(192,168,1,50), 541 .ip_dst = RTE_IPV4(10,0,0,0), 542 .proto = 0x51, 543 .port_src = 5000, 544 .port_dst = 5000}, /* should not match */ 545 546 /* test full packet rules */ 547 { 548 .ip_dst = RTE_IPV4(1,2,100,200), 549 .ip_src = RTE_IPV4(5,6,7,254), 550 .proto = 0x5, 551 .vlan = 0x8100, 552 .domain = 0x64, 553 .port_src = 12345, 554 .port_dst = 80, 555 .allow = 24, 556 .deny = 23 557 }, /* should match 23, 24 */ 558 { 559 .ip_dst = RTE_IPV4(5,6,7,254), 560 .ip_src = RTE_IPV4(1,2,100,200), 561 .proto = 0x5, 562 .vlan = 0x8100, 563 .domain = 0x64, 564 .port_src = 12345, 565 .port_dst = 80, 566 .allow = 13, 567 .deny = 25 568 }, /* should match 13, 25 */ 569 { 570 .ip_dst = RTE_IPV4(1,10,20,30), 571 .ip_src = RTE_IPV4(5,6,7,8), 572 .proto = 0x5, 573 .vlan = 0x64, 574 .port_src = 12345, 575 .port_dst = 80, 576 .allow = 26, 577 .deny = 23 578 }, /* should match 23, 26 */ 579 { 580 .ip_dst = RTE_IPV4(5,6,7,8), 581 .ip_src = RTE_IPV4(1,10,20,30), 582 .proto = 0x5, 583 .vlan = 0x64, 584 .port_src = 12345, 585 .port_dst = 80, 586 .allow = 13, 587 .deny = 27 588 }, /* should match 13, 27 */ 589 { 590 .ip_dst = RTE_IPV4(2,2,3,4), 591 .ip_src = RTE_IPV4(4,6,7,8), 592 .proto = 0x5, 593 .vlan = 0x64, 594 .port_src = 12345, 595 .port_dst = 80, 596 .allow = 13, 597 .deny = 23 598 }, /* should match 13, 23 */ 599 { 600 .ip_dst = RTE_IPV4(1,2,3,4), 601 .ip_src = RTE_IPV4(4,6,7,8), 602 .proto = 0x5, 603 .vlan = 0x64, 604 .port_src = 12345, 605 .port_dst = 80, 606 .allow = 13, 607 .deny = 23 608 }, /* should match 13, 23 */ 609 610 611 /* visual separator! */ 612 { 613 .ip_dst = RTE_IPV4(1,2,100,200), 614 .ip_src = RTE_IPV4(5,6,7,254), 615 .proto = 0x55, 616 .vlan = 0x8000, 617 .domain = 0x6464, 618 .port_src = 12345, 619 .port_dst = 8080, 620 .allow = 10 621 }, /* should match 10 */ 622 { 623 .ip_dst = RTE_IPV4(5,6,7,254), 624 .ip_src = RTE_IPV4(1,2,100,200), 625 .proto = 0x55, 626 .vlan = 0x8100, 627 .domain = 0x6464, 628 .port_src = 12345, 629 .port_dst = 180, 630 .allow = 10 631 }, /* should match 10 */ 632 { 633 .ip_dst = RTE_IPV4(1,10,20,30), 634 .ip_src = RTE_IPV4(5,6,7,8), 635 .proto = 0x55, 636 .vlan = 0x64, 637 .port_src = 12345, 638 .port_dst = 180, 639 .allow = 7 640 }, /* should match 7 */ 641 { 642 .ip_dst = RTE_IPV4(5,6,7,8), 643 .ip_src = RTE_IPV4(1,10,20,30), 644 .proto = 0x55, 645 .vlan = 0x64, 646 .port_src = 12345, 647 .port_dst = 180, 648 .allow = 7 649 }, /* should match 7 */ 650 { 651 .ip_dst = RTE_IPV4(2,2,3,4), 652 .ip_src = RTE_IPV4(4,6,7,8), 653 .proto = 0x55, 654 .vlan = 0x64, 655 .port_src = 12345, 656 .port_dst = 180, 657 .allow = 7 658 }, /* should match 7 */ 659 { 660 .ip_dst = RTE_IPV4(1,2,3,4), 661 .ip_src = RTE_IPV4(4,6,7,8), 662 .proto = 0x50, 663 .vlan = 0x6466, 664 .port_src = 12345, 665 .port_dst = 12345, 666 }, /* should not match */ 667 }; 668 669 /* 670 * ruleset for ACL 32 bit range (by src addr) unit test 671 * keep them ordered by priority in descending order. 672 */ 673 struct rte_acl_ipv4vlan_rule acl_u32_range_test_rules[] = { 674 { 675 .data = { 676 .userdata = 500, 677 .category_mask = ACL_ALLOW_MASK, 678 .priority = 500 679 }, 680 .src_addr = RTE_IPV4(0, 0, 0, 1), 681 .src_mask_len = RTE_IPV4(0, 0, 2, 58), 682 }, 683 { 684 .data = { 685 .userdata = 400, 686 .category_mask = ACL_ALLOW_MASK, 687 .priority = 400 688 }, 689 .src_addr = RTE_IPV4(0, 4, 3, 2), 690 .src_mask_len = RTE_IPV4(0, 4, 7, 255), 691 }, 692 { 693 .data = { 694 .userdata = 300, 695 .category_mask = ACL_ALLOW_MASK, 696 .priority = 300 697 }, 698 .src_addr = RTE_IPV4(0, 1, 12, 14), 699 .src_mask_len = RTE_IPV4(0, 3, 11, 13), 700 }, 701 { 702 .data = { 703 .userdata = 200, 704 .category_mask = ACL_ALLOW_MASK, 705 .priority = 200 706 }, 707 .src_addr = RTE_IPV4(0, 0, 1, 40), 708 .src_mask_len = RTE_IPV4(0, 4, 5, 6), 709 }, 710 }; 711 712 #endif /* TEST_ACL_H_ */ 713