xref: /dpdk/examples/pipeline/examples/ipsec.spec (revision c1d145834f287aa8cf53de914618a7312f2c360e) 
1; SPDX-License-Identifier: BSD-3-Clause
2; Copyright(c) 2020 Intel Corporation
3
4//
5// Headers
6//
7struct ethernet_h {
8	bit<48> dst_addr
9	bit<48> src_addr
10	bit<16> ethertype
11}
12
13struct ipv4_h {
14	bit<8> ver_ihl
15	bit<8> diffserv
16	bit<16> total_len
17	bit<16> identification
18	bit<16> flags_offset
19	bit<8> ttl
20	bit<8> protocol
21	bit<16> hdr_checksum
22	bit<32> src_addr
23	bit<32> dst_addr
24}
25
26struct udp_h {
27	bit<16> src_port
28	bit<16> dst_port
29	bit<16> length
30	bit<16> checksum
31}
32
33struct ipsec_internal_h {
34	bit<32> sa_id
35}
36
37header ethernet instanceof ethernet_h
38header ipv4 instanceof ipv4_h
39header udp instanceof udp_h
40header ipsec_internal instanceof ipsec_internal_h
41
42//
43// Meta-data
44//
45struct metadata_t {
46	bit<32> port_in
47	bit<32> port_out
48
49	bit<32> src_addr
50	bit<32> dst_addr
51	bit<8> protocol
52	bit<16> src_port
53	bit<16> dst_port
54}
55
56metadata instanceof metadata_t
57
58//
59// Actions
60//
61struct encrypt_args_t {
62	bit<32> sa_id
63}
64
65action encrypt args instanceof encrypt_args_t {
66	//Set the IPsec internal header.
67	validate h.ipsec_internal
68	mov h.ipsec_internal.sa_id t.sa_id
69
70	return
71}
72
73action drop args none {
74	drop
75}
76
77//
78// Tables.
79//
80table policy_table {
81	key {
82		m.src_addr exact
83		m.dst_addr exact
84		m.protocol exact
85		m.src_port exact
86		m.dst_port exact
87	}
88
89	actions {
90		encrypt
91		drop
92	}
93
94	default_action encrypt args sa_id 0
95	size 65536
96}
97
98//
99// Pipeline.
100//
101apply {
102	rx m.port_in
103
104	jmpeq FROM_IPSEC_TO_NET m.port_in 1
105
106FROM_NET_TO_IPSEC : extract h.ethernet
107
108	extract h.ipv4
109	mov m.src_addr h.ipv4.src_addr
110	mov m.dst_addr h.ipv4.dst_addr
111	mov m.protocol h.ipv4.protocol
112
113	extract h.udp
114	mov m.src_port h.udp.src_port
115	mov m.dst_port h.udp.dst_port
116
117	table policy_table
118
119	mov m.port_out 1
120
121	emit h.ipsec_internal
122	emit h.ipv4
123	emit h.udp
124	tx m.port_out
125
126FROM_IPSEC_TO_NET : extract h.ipv4
127
128	validate h.ethernet
129	mov h.ethernet.dst_addr 0xa0b0c0d0e0f0
130	mov h.ethernet.src_addr 0xa1b1c1d1e1f1
131	mov h.ethernet.ethertype 0x0800
132
133	mov m.port_out 0
134
135	emit h.ethernet
136	emit h.ipv4
137	tx m.port_out
138}
139