flow: add vnet/flow formal API

This patch adds the API for vnet/flow infra.
Currently this API supports the below flow types:
    VNET_FLOW_TYPE_IP4_N_TUPLE
    VNET_FLOW_TYPE_IP6_N_TUPLE
    VNET_FLOW_TYPE_IP4_N_TUPLE_TAGGED
    VNET_FLOW_TYPE_IP6_N_TUPLE_TAGGED
    VNET_FLOW_TYPE_IP4_L2TPV3OIP
    VNET_FLOW_TYPE_IP4_IPSEC_ESP
    VNET_FLOW_TYPE_IP4_IPSEC_AH
    VNET_FLOW_TYPE_IP4_GTPU

All the above flows are tested with Intel E810/X710 NIC

Type: feature

Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Icb8ae20cab9bdad6b120dddc3bd4fb1d85634f3f

src/vat/api_format.c

@@ -5168,7 +5168,8 @@ _(tcp_configure_src_addresses_reply)			\
 _(session_rule_add_del_reply)				\
 _(ip_container_proxy_add_del_reply)                     \
 _(output_acl_set_interface_reply)                       \
-_(qos_record_enable_disable_reply)
+_(qos_record_enable_disable_reply)			\
+_(flow_add_reply)
 
 #define _(n)                                    \
     static void vl_api_##n##_t_handler          \
@@ -5466,7 +5467,8 @@ _(SESSION_RULE_ADD_DEL_REPLY, session_rule_add_del_reply)		\
 _(SESSION_RULES_DETAILS, session_rules_details)				\
 _(IP_CONTAINER_PROXY_ADD_DEL_REPLY, ip_container_proxy_add_del_reply)	\
 _(OUTPUT_ACL_SET_INTERFACE_REPLY, output_acl_set_interface_reply)       \
-_(QOS_RECORD_ENABLE_DISABLE_REPLY, qos_record_enable_disable_reply)
+_(QOS_RECORD_ENABLE_DISABLE_REPLY, qos_record_enable_disable_reply)		\
+_(FLOW_ADD_REPLY, flow_add_reply)   \
 
 #define foreach_standalone_reply_msg					\
 _(SW_INTERFACE_EVENT, sw_interface_event)

src/vnet/CMakeLists.txt

@@ -29,6 +29,7 @@ list(APPEND VNET_SOURCES
   devices/netlink.c
   flow/flow.c
   flow/flow_cli.c
+  flow/flow_api.c
   handoff.c
   interface.c
   interface_api.c
@@ -77,6 +78,8 @@ list(APPEND VNET_API_FILES
   interface.api
   interface_types.api
   ip/ip_types.api
+  flow/flow_types.api
+  flow/flow.api
 )
 
 ##############################################################################

src/vnet/flow/FEATURE.yaml

@@ -0,0 +1,25 @@
+---
+name: Flow infrastructure
+maintainer: Damjan Marion <damarion@cisco.com>
+features:
+  - Four APIs are provided - flow_add, flow_del, flow_enable and flow_disable
+  - The below flow types are currently supported:
+      - FLOW_TYPE_IP4_N_TUPLE,
+      - FLOW_TYPE_IP6_N_TUPLE,
+      - FLOW_TYPE_IP4_N_TUPLE_TAGGED,
+      - FLOW_TYPE_IP6_N_TUPLE_TAGGED,
+      - FLOW_TYPE_IP4_L2TPV3OIP,
+      - FLOW_TYPE_IP4_IPSEC_ESP,
+      - FLOW_TYPE_IP4_IPSEC_AH,
+      - FLOW_TYPE_IP4_GTPC,
+      - FLOW_TYPE_IP4_GTPU
+  - The below flow actions can be specified for the flows:
+      - FLOW_ACTION_COUNT,
+      - FLOW_ACTION_MARK,
+      - FLOW_ACTION_BUFFER_ADVANCE,
+      - FLOW_ACTION_REDIRECT_TO_NODE,
+      - FLOW_ACTION_REDIRECT_TO_QUEUE,
+      - FLOW_ACTION_DROP
+description: "Flow infrastructure to provide hardware offload capabilities"
+state: development
+properties: [API, CLI]

src/vnet/flow/flow.api

@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2020 Intel and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+option version = "0.0.1";
+
+import "vnet/interface_types.api";
+import "vnet/ip/ip_types.api";
+import "vnet/flow/flow_types.api";
+
+/** \brief flow add request
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param flow - flow rule
+*/
+define flow_add
+{
+  u32 client_index;
+  u32 context;
+  vl_api_flow_rule_t flow;
+  option vat_help = "test flow add [src-ip <ip-addr/mask>] [dst-ip <ip-addr/mask>] [src-port <port/mask>] [dst-port <port/mask>] [proto <ip-proto>]";
+};
+
+/** \brief reply for adding flow
+    @param context - sender context, to match reply w/ request
+    @param retval - return code
+    @param flow_index - flow index, can be used for flow del/enable/disable
+*/
+define flow_add_reply
+{
+  u32 context;
+  i32 retval;
+  u32 flow_index;
+};
+
+/** \brief flow del request
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param flow_index - flow index
+*/
+autoreply define flow_del
+{
+  u32 client_index;
+  u32 context;
+  u32 flow_index;
+  option vat_help = "test flow del index <index>";
+};
+
+/** \brief flow enable request
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param flow_index - flow index
+	@param hw_if_index - hardware interface index
+*/
+autoreply define flow_enable
+{
+  u32 client_index;
+  u32 context;
+  u32 flow_index;
+  u32 hw_if_index;
+  option vat_help = "test flow enable index <index> <interface name>";
+};
+
+/** \brief flow disable request
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param flow_index - flow index
+	@param hw_if_index - hardware interface index
+*/
+autoreply define flow_disable
+{
+  u32 client_index;
+  u32 context;
+  u32 flow_index;
+  u32 hw_if_index;
+  option vat_help = "test flow disable index <index> <interface name>";
+};
+
+/*
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */

src/vnet/flow/flow_types.api

@@ -0,0 +1,218 @@
+/* Hey Emacs use -*- mode: C -*- */
+/*
+ * Copyright (c) 2020 Intel and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+option version = "0.0.1";
+import "vnet/ethernet/ethernet_types.api";
+import "vnet/ip/ip_types.api";
+
+enum flow_type
+{
+  FLOW_TYPE_ETHERNET = 1,
+  FLOW_TYPE_IP4_N_TUPLE,
+  FLOW_TYPE_IP6_N_TUPLE,
+  FLOW_TYPE_IP4_N_TUPLE_TAGGED,
+  FLOW_TYPE_IP6_N_TUPLE_TAGGED,
+  FLOW_TYPE_IP4_L2TPV3OIP,
+  FLOW_TYPE_IP4_IPSEC_ESP,
+  FLOW_TYPE_IP4_IPSEC_AH,
+  FLOW_TYPE_IP4_VXLAN,
+  FLOW_TYPE_IP6_VXLAN,
+  FLOW_TYPE_IP4_GTPC,
+  FLOW_TYPE_IP4_GTPU,
+};
+
+enum flow_action
+{
+  FLOW_ACTION_COUNT = 1,
+  FLOW_ACTION_MARK = 2,
+  FLOW_ACTION_BUFFER_ADVANCE = 4,
+  FLOW_ACTION_REDIRECT_TO_NODE = 8,
+  FLOW_ACTION_REDIRECT_TO_QUEUE = 16,
+  FLOW_ACTION_DROP = 64,
+};
+
+typedef ip_port_and_mask
+{
+  u16 port;
+  u16 mask;
+};
+
+typedef flow_ethernet
+{
+  i32 foo;
+  vl_api_mac_address_t src_addr;
+  vl_api_mac_address_t dst_addr;
+  u16 type;
+};
+
+typedef flow_ip4_n_tuple
+{
+  i32 foo;
+  vl_api_ip4_address_and_mask_t src_addr;
+  vl_api_ip4_address_and_mask_t dst_addr;
+  vl_api_ip_port_and_mask_t src_port;
+  vl_api_ip_port_and_mask_t dst_port;
+  vl_api_ip_proto_t protocol;
+};
+
+typedef flow_ip6_n_tuple
+{
+  i32 foo;
+  vl_api_ip6_address_and_mask_t src_addr;
+  vl_api_ip6_address_and_mask_t dst_addr;
+  vl_api_ip_port_and_mask_t src_port;
+  vl_api_ip_port_and_mask_t dst_port;
+  vl_api_ip_proto_t protocol;
+};
+
+typedef flow_ip4_n_tuple_tagged
+{
+  i32 foo;
+  vl_api_ip4_address_and_mask_t src_addr;
+  vl_api_ip4_address_and_mask_t dst_addr;
+  vl_api_ip_port_and_mask_t src_port;
+  vl_api_ip_port_and_mask_t dst_port;
+  vl_api_ip_proto_t protocol;
+};
+
+typedef flow_ip6_n_tuple_tagged
+{
+  i32 foo;
+  vl_api_ip6_address_and_mask_t src_addr;
+  vl_api_ip6_address_and_mask_t dst_addr;
+  vl_api_ip_port_and_mask_t src_port;
+  vl_api_ip_port_and_mask_t dst_port;
+  vl_api_ip_proto_t protocol;
+};
+
+typedef flow_ip4_l2tpv3oip
+{
+  i32 foo;
+  vl_api_ip4_address_and_mask_t src_addr;
+  vl_api_ip4_address_and_mask_t dst_addr;
+  vl_api_ip_port_and_mask_t src_port;
+  vl_api_ip_port_and_mask_t dst_port;
+  vl_api_ip_proto_t protocol;
+  u32 session_id;
+};
+
+typedef flow_ip4_ipsec_esp
+{
+  i32 foo;
+  vl_api_ip4_address_and_mask_t src_addr;
+  vl_api_ip4_address_and_mask_t dst_addr;
+  vl_api_ip_port_and_mask_t src_port;
+  vl_api_ip_port_and_mask_t dst_port;
+  vl_api_ip_proto_t protocol;
+  u32 spi;
+};
+
+typedef flow_ip4_ipsec_ah
+{
+  i32 foo;
+  vl_api_ip4_address_and_mask_t src_addr;
+  vl_api_ip4_address_and_mask_t dst_addr;
+  vl_api_ip_port_and_mask_t src_port;
+  vl_api_ip_port_and_mask_t dst_port;
+  vl_api_ip_proto_t protocol;
+  u32 spi;
+};
+
+typedef flow_ip4_vxlan
+{
+  i32 foo;
+  vl_api_ip4_address_t src_addr;
+  vl_api_ip4_address_t dst_addr;
+  u16 dst_port;
+  u16 vni;
+};
+
+typedef flow_ip6_vxlan
+{
+  i32 foo;
+  vl_api_ip6_address_t src_addr;
+  vl_api_ip6_address_t dst_addr;
+  u16 dst_port;
+  u16 vni;
+};
+
+typedef flow_ip4_gtpc
+{
+  i32 foo;
+  vl_api_ip4_address_and_mask_t src_addr;
+  vl_api_ip4_address_and_mask_t dst_addr;
+  vl_api_ip_port_and_mask_t src_port;
+  vl_api_ip_port_and_mask_t dst_port;
+  vl_api_ip_proto_t protocol;
+  u32 teid;
+};
+
+typedef flow_ip4_gtpu
+{
+  i32 foo;
+  vl_api_ip4_address_and_mask_t src_addr;
+  vl_api_ip4_address_and_mask_t dst_addr;
+  vl_api_ip_port_and_mask_t src_port;
+  vl_api_ip_port_and_mask_t dst_port;
+  vl_api_ip_proto_t protocol;
+  u32 teid;
+};
+
+union flow
+{
+  vl_api_flow_ethernet_t ethernet;
+  vl_api_flow_ip4_n_tuple_t ip4_n_tuple;
+  vl_api_flow_ip6_n_tuple_t ip6_n_tuple;
+  vl_api_flow_ip4_n_tuple_tagged_t ip4_n_tuple_tagged;
+  vl_api_flow_ip6_n_tuple_tagged_t ip6_n_tuple_tagged;
+  vl_api_flow_ip4_l2tpv3oip_t ip4_l2tpv3oip;
+  vl_api_flow_ip4_ipsec_esp_t ip4_ipsec_esp;
+  vl_api_flow_ip4_ipsec_ah_t ip4_ipsec_ah;
+  vl_api_flow_ip4_vxlan_t ip4_vxlan;
+  vl_api_flow_ip6_vxlan_t ip6_vxlan;
+  vl_api_flow_ip4_gtpc_t ip4_gtpc;
+  vl_api_flow_ip4_gtpu_t ip4_gtpu;
+};
+
+/* main flow struct */
+typedef flow_rule
+{
+  /* flow type */
+  vl_api_flow_type_t type;
+  
+  /* flow index */
+  u32 index;
+  
+  /* bitmap of flow actions (FLOW_ACTION_*) */
+  vl_api_flow_action_t actions;
+
+  /* flow id for VNET_FLOW_ACTION_MARK */
+  u32 mark_flow_id;
+
+  /* node index and next index for FLOW_ACTION_REDIRECT_TO_NODE */
+  u32 redirect_node_index;
+  u32 redirect_device_input_next_index;
+
+  /* queue for FLOW_ACTION_REDIRECT_TO_QUEUE */
+  u32 redirect_queue;
+
+  /* buffer offset for FLOW_ACTION_BUFFER_ADVANCE */
+  i32 buffer_advance;
+  
+  /* flow enum */
+  vl_api_flow_t flow;
+};
+

src/vnet/ip/ip_types.api

@@ -92,6 +92,18 @@ manual_print typedef prefix {
   u8 len;
 };
 
+typedef ip4_address_and_mask
+{
+  vl_api_ip4_address_t addr;
+  vl_api_ip4_address_t mask;
+};
+
+typedef ip6_address_and_mask
+{
+  vl_api_ip6_address_t addr;
+  vl_api_ip6_address_t mask;
+};
+
 typedef mprefix {
   vl_api_address_family_t af;
   u16 grp_address_length;

src/vnet/vnet.h

@@ -40,6 +40,8 @@
 #ifndef included_vnet_vnet_h
 #define included_vnet_vnet_h
 
+#include <stddef.h>
+
 #include <vppinfra/types.h>
 
 #include <vppinfra/pcap.h>

src/vnet/vnet_all_api_h.h

@@ -73,6 +73,7 @@
 #include <vnet/syslog/syslog.api.h>
 #include <vnet/devices/virtio/virtio.api.h>
 #include <vnet/gso/gso.api.h>
+#include <vnet/flow/flow.api.h>
 
 /*
  * fd.io coding-style-patch-verification: ON

src/vpp/api/vpe.api

@@ -49,7 +49,8 @@ import "vpp/api/vpe_types.api";
  * DHCP APIs: see ... /src/vnet/dhcp/{dhcp.api, dhcp_api.c}
  * COP APIs: see ... /src/vnet/cop/{cop.api, cop_api.c}
  * POLICER APIs: see ... /src/vnet/policer/{policer.api, policer_api.c}
- * BIER APIs: see ... /src/vnet/policer/{bier.api, bier_api.c}
+ * BIER APIs: see ... /src/vnet/policer/{bier.api, bier_api.c}.
+ * flow APIs: see .../vnet/vnet/flow/{flow.api, flow_api.c}
  */
 
 /** \brief Control ping from client to api server request