psp_gw_flows.h

Go to the documentation of this file.

/*
 * Copyright (c) 2024-2025 NVIDIA CORPORATION AND AFFILIATES.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without modification, are permitted
 * provided that the following conditions are met:
 *     * Redistributions of source code must retain the above copyright notice, this list of
 *       conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above copyright notice, this list of
 *       conditions and the following disclaimer in the documentation and/or other materials
 *       provided with the distribution.
 *     * Neither the name of the NVIDIA CORPORATION nor the names of its contributors may be used
 *       to endorse or promote products derived from this software without specific prior written
 *       permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
 * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NVIDIA CORPORATION BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TOR (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 
#ifndef _PSP_GW_FLOWS_H_
#define _PSP_GW_FLOWS_H_
 
#include <netinet/in.h>
#include <string>
#include <unordered_map>
 
#include <rte_ether.h>
 
#include <doca_dev.h>
#include <doca_flow.h>
 
#include "psp_gw_config.h"
 
static const int NUM_OF_PSP_SYNDROMES = 2; // ICV Fail, Bad Trailer
 
struct psp_gw_app_config;
 
struct psp_pf_dev {
    doca_dev *dev;
    uint16_t port_id;
    doca_flow_port *port_obj;
 
    rte_ether_addr src_mac;
    std::string src_mac_str;
 
    struct doca_flow_ip_addr src_pip; // Physical/Outer IP addr
    std::string src_pip_str;
};
 
struct psp_session_t {
    rte_ether_addr dst_mac;
 
    struct doca_flow_ip_addr dst_pip; /* Physical/Outer IP addr */
    struct doca_flow_ip_addr dst_vip; /* Virtual/Inner dest IP addr */
    struct doca_flow_ip_addr src_vip; /* Virtual/Inner src IP addr */
 
    uint32_t spi_egress;  /* Security Parameter Index on the wire - host-to-net */
    uint32_t spi_ingress; /* Security Parameter Index on the wire - net-to-host */
    uint32_t crypto_id;   /* Internal shared-resource index */
 
    uint32_t psp_proto_ver; /* PSP protocol version used by this session */
    uint64_t vc;        /* Virtualization cookie, if enabled */
 
    doca_flow_pipe_entry *encap_encrypt_entry; /* DOCA Flow encap & encrypt entry */
    doca_flow_pipe_entry *acl_entry;       /* DOC AFlow ACL entry */
    uint64_t pkt_count_egress;         /* Count of encap_encrypt_entry */
    uint64_t pkt_count_ingress;        /* Count of acl_entry */
};
 
class PSP_GatewayFlows {
public:
    PSP_GatewayFlows(psp_pf_dev *pf, uint16_t vf_port_id, psp_gw_app_config *app_config);
 
    virtual ~PSP_GatewayFlows(void);
 
    psp_pf_dev *pf(void)
    {
        return pf_dev;
    }
 
    doca_error_t init(void);
 
    doca_error_t add_encrypt_entry(psp_session_t *session, const void *encrypt_key);
 
    doca_error_t add_ingress_acl_entry(psp_session_t *session);
 
    doca_error_t remove_encrypt_entry(psp_session_t *session);
 
    void show_static_flow_counts(void);
 
    void show_session_flow_count(const session_key session_vips_pair, psp_session_t &session);
 
private:
    struct pipe_query;
 
    static void check_for_valid_entry(doca_flow_pipe_entry *entry,
                      uint16_t pipe_queue,
                      enum doca_flow_entry_status status,
                      enum doca_flow_entry_op op,
                      void *user_ctx);
 
    doca_error_t start_port(uint16_t port_id, doca_dev *port_dev, doca_flow_port **port);
 
    doca_error_t init_doca_flow(const psp_gw_app_config *app_cfg);
 
    void init_status(psp_gw_app_config *app_cfg);
 
    doca_error_t bind_shared_resources(void);
 
    doca_error_t configure_mirrors(void);
 
    doca_error_t add_single_entry(uint16_t pipe_queue,
                      doca_flow_pipe *pipe,
                      doca_flow_port *port,
                      const doca_flow_match *match,
                      const doca_flow_actions *actions,
                      const doca_flow_monitor *mon,
                      const doca_flow_fwd *fwd,
                      doca_flow_pipe_entry **entry);
 
    void format_encap_tunnel_data_ipv6(const psp_session_t *session, uint8_t *encap_data);
 
    void format_encap_tunnel_data_ipv4(const psp_session_t *session, uint8_t *encap_data);
 
    void format_encap_transport_data(const psp_session_t *session, uint8_t *encap_data);
 
    doca_error_t create_pipes(void);
 
    doca_error_t ingress_decrypt_pipe_create(void);
 
    doca_error_t ingress_sampling_pipe_create(void);
 
    doca_error_t ingress_acl_pipe_create(bool ipv4);
 
    doca_error_t syndrome_stats_pipe_create(void);
 
    doca_error_t egress_acl_pipe_create(bool ipv4);
 
    doca_error_t create_egress_dst_ip6_pipe(void);
 
    doca_error_t create_ingress_src_ip6_pipe(void);
 
    doca_error_t add_egress_dst_ip6_entry(psp_session_t *session, int dst_vip_id);
 
    doca_error_t add_ingress_src_ip6_entry(psp_session_t *session, int dst_vip_id);
 
    doca_error_t egress_sampling_pipe_create(void);
 
    doca_error_t rss_pipe_create(void);
 
    doca_error_t ingress_root_pipe_create(void);
 
    doca_error_t ingress_inner_classifier_pipe_create(void);
 
    doca_error_t fwd_to_wire_pipe_create(void);
 
    doca_error_t fwd_to_rss_pipe_create(void);
 
    doca_error_t set_sample_bit_pipe_create(void);
 
    doca_error_t empty_pipe_create(void);
 
    doca_error_t empty_pipe_create_not_sampled(void);
 
    std::pair<uint64_t, uint64_t> perform_pipe_query(pipe_query *query, bool suppress_output);
 
    // Application state data:
 
    psp_gw_app_config *app_config{};
 
    psp_pf_dev *pf_dev{};
 
    uint16_t vf_port_id{UINT16_MAX};
 
    doca_flow_port *vf_port{};
 
    bool sampling_enabled{false};
 
    std::vector<uint16_t> rss_queues;
    doca_flow_fwd fwd_rss{};
 
    // Pipe and pipe entry application state:
 
    // general pipes
    doca_flow_pipe *rss_pipe{};
    doca_flow_pipe *ingress_root_pipe{};
 
    // net-to-host pipes
    doca_flow_pipe *ingress_decrypt_pipe{};
    doca_flow_pipe *ingress_sampling_pipe{};
    doca_flow_pipe *ingress_inner_ip_classifier_pipe{};
    doca_flow_pipe *ingress_acl_ipv4_pipe{};
    doca_flow_pipe *ingress_acl_ipv6_pipe{};
 
    // host-to-net pipes
    doca_flow_pipe *egress_acl_ipv4_pipe{};
    doca_flow_pipe *egress_acl_ipv6_pipe{};
    doca_flow_pipe *egress_sampling_pipe{};
    doca_flow_pipe *egress_encrypt_pipe{};
    doca_flow_pipe *syndrome_stats_pipe{};
    doca_flow_pipe *empty_pipe{};
    doca_flow_pipe *empty_pipe_not_sampled{};
    doca_flow_pipe *fwd_to_wire_pipe{};
    doca_flow_pipe *fwd_to_rss_pipe{};
    doca_flow_pipe *set_sample_bit_pipe{};
    doca_flow_pipe *egress_dst_ip6_pipe{};
    doca_flow_pipe *ingress_src_ip6_pipe{};
 
    // static pipe entries
    doca_flow_pipe_entry *default_rss_entry{};
    doca_flow_pipe_entry *default_decrypt_entry{};
    doca_flow_pipe_entry *default_ingr_sampling_entry{};
    doca_flow_pipe_entry *egr_sampling_rss{};
    doca_flow_pipe_entry *egr_sampling_drop{};
    doca_flow_pipe_entry *default_ingr_acl_ipv4_entry{};
    doca_flow_pipe_entry *default_ingr_acl_ipv6_entry{};
    doca_flow_pipe_entry *ingress_ipv4_clasify_entry{};
    doca_flow_pipe_entry *ingress_ipv6_clasify_entry{};
    doca_flow_pipe_entry *root_jump_to_ingress_ipv6_entry{};
    doca_flow_pipe_entry *root_jump_to_ingress_ipv4_entry{};
    doca_flow_pipe_entry *root_jump_to_egress_ipv6_entry{};
    doca_flow_pipe_entry *root_jump_to_egress_ipv4_entry{};
    doca_flow_pipe_entry *vf_arp_to_rss{};
    doca_flow_pipe_entry *vf_ns_to_rss{};
    doca_flow_pipe_entry *vf_arp_to_wire{};
    doca_flow_pipe_entry *uplink_arp_to_vf{};
    doca_flow_pipe_entry *vf_ns_to_wire{};
    doca_flow_pipe_entry *uplink_ns_to_vf{};
    doca_flow_pipe_entry *syndrome_stats_entries[NUM_OF_PSP_SYNDROMES]{};
    doca_flow_pipe_entry *empty_pipe_entry{};
    doca_flow_pipe_entry *arp_empty_pipe_entry{};
    doca_flow_pipe_entry *ns_empty_pipe_entry{};
    doca_flow_pipe_entry *ipv4_empty_pipe_entry{};
    doca_flow_pipe_entry *ipv6_empty_pipe_entry{};
    doca_flow_pipe_entry *root_default_drop{};
    doca_flow_pipe_entry *fwd_to_wire_entry{};
    doca_flow_pipe_entry *fwd_to_rss_entry{};
    doca_flow_pipe_entry *set_sample_bit_entry{};
 
    // commonly used setting to enable per-entry counters
    struct doca_flow_monitor monitor_count {};
 
    // Shared resource IDs
    uint32_t mirror_res_id_ingress{1};
    uint32_t mirror_res_id_rss{2};
    uint32_t mirror_res_id_drop{3};
    uint32_t mirror_res_id_count{4};
 
    // Sum of all static pipe entries the last time
    // show_static_flow_counts() was invoked.
    uint64_t prev_static_flow_count{UINT64_MAX};
};
 
#endif /* _PSP_GW_FLOWS_H_ */