6. RRC Low-Level API

RRC library header file (low-level API to configure the switch).

Defines

MAX_NUM_PORTS
MAX_NUM_RULES
MAX_NUM_USER_RULES
DEFAULT_RULE_ID
INIT_RULE_ID
RRC_INIT_FLAG_PORTMASK
EGRESS_TRAFFIC_FILTERING
INGRESS_TRAFFIC_STEERING

Typedefs

typedef struct rrc_port rrc_port_t

Enums

enum rrc_policy_t

Values:

PERMIT = 0
DENY
REDIRECT
enum rrc_filter_type_t

Values:

EGRESS_TRAFFIC = 0
INGRESS_TRAFFIC

Functions

int rrc_init(u_int32_t flags)

Initialise the card switch

Return
0 on success, -1 otherwise
Parameters
  • flags: See RRC_INIT_FLAG_* defines

rrc_port_t *rrc_port_get(int portNumber)

Get the port handle

Return
The port handler on success, NULL otherwise
Parameters
  • portNumber: The port number (usually 1 or 2 in case of INGRESS_TRAFFIC, 3 or 4 in case of EGRESS_TRAFFIC)

int rrc_add_default_rule(rrc_port_t *port, rrc_filter_type_t type, rrc_policy_t action, int redirectPortNumber)

Sets the default policy

Return
0 on success, -1 otherwise
Parameters
  • port: The port handler
  • type: The rule type: EGRESS_TRAFFIC or INGRESS_TRAFFIC
  • action: The action in case of match (PERMIT/DENY for EGRESS_TRAFFIC, REDIRECT for INGRESS_TRAFFIC)
  • redirectPortNumber: The destination port in case of action = REDIRECT

int rrc_add_rule(rrc_port_t *port, int ruleNumber, rrc_filter_type_t type, rrc_match_t *rule, rrc_policy_t action, int redirectPortNumber)

Add a rule. Fields are in network byte order. Please note a rule is identified by <port, ruleNumber, type>.

Return
The rule number on success, -1 otherwise
Parameters
  • port: The port handler
  • ruleNumber: The rule number (0..2147483645), -1 for auto
  • type: The rule type: EGRESS_TRAFFIC or INGRESS_TRAFFIC
  • rule: The RRC rule
  • action: The action in case of match
  • redirectPortNumber: The destination port in case of action = REDIRECT

int rrc_add_nbpf_rule(rrc_port_t *port, int ruleNumber, rrc_filter_type_t type, nbpf_rule_core_fields_t *nBPFRule, rrc_policy_t action, int redirectPortNumber)

Converts a nBPF rule into a RRC rule. nBPF fields are in network byte order. Please note a rule is identified by <port, ruleNumber, type>.

Return
The rule number on success, -1 otherwise
Parameters
  • port: The port handler
  • ruleNumber: The rule number (0..2147483645), -1 for auto
  • type: The rule type: EGRESS_TRAFFIC or INGRESS_TRAFFIC
  • nBPFRule: The nBPF rule to convert
  • action: The action in case of match
  • redirectPortNumber: The destination port in case of action = REDIRECT

int rrc_remove_rule(rrc_port_t *port, int ruleNumber, rrc_filter_type_t type)

Removes a rule. Please note a rule is identified by <port, ruleNumber, type>.

Return
0 on success, -1 otherwise
Parameters
  • port: The port handler
  • ruleNumber: The rule number
  • type: The rule type: EGRESS_TRAFFIC or INGRESS_TRAFFIC

int rrc_remove_all_rules(rrc_port_t *port, rrc_filter_type_t type)

Removes all rules for a <port, type>, including the default rule.

Return
0 on success, -1 otherwise
Parameters
  • port: The port handler
  • type: The rule type: EGRESS_TRAFFIC or INGRESS_TRAFFIC

int rrc_read_rule_stats(rrc_port_t *port, int ruleNumber, rrc_filter_type_t type, rrc_stats_t *stats)

Read rule stats (packets matched). Please note a rule is identified by <port, ruleNumber, type>. Please note rules with type EGRESS_TRAFFIC do not support match counters, a good practice is to use DENY rules on INGRESS_TRAFFIC rather then EGRESS_TRAFFIC.

Return
0 on success, -1 otherwise
Parameters
  • port: The port handler
  • ruleNumber: The rule number
  • type: The rule type: INGRESS_TRAFFIC only (EGRESS_TRAFFIC does not support rule stats)
  • stats: The rule stats (out).

int rrc_read_port_stats(rrc_port_t *port, rrc_stats_t *stats)

Egress port stats (packets dropped by ACLs).

Return
0 on success, -1 otherwise
Parameters
  • port: The port handler
  • stats: The port stats (out).

int rrc_port_apply(rrc_port_t *port, rrc_filter_type_t type)

Applies all changes to a port

Return
0 on success, -1 otherwise

int rrc_apply()

Applies all changes

Return
0 on success, -1 otherwise

int rrc_add_mirror(rrc_port_t *in_port, rrc_port_t *out_port, rrc_match_t *rule)

Creates a mirror sending traffic from in_port to out_port. Setting two mirrors with the same source port does not work Setting two mirrors with the same destination port is not supported

Return
0 on success, -1 otherwise
Parameters
  • in_port: The source port
  • out_port: The destination port
  • rule: The RRC rule to match (optional)

int rrc_remove_mirror(rrc_port_t *out_port)

Removes mirror specifying the out_port.

Return
0 on success, -1 otherwise

int rrc_set_load_balancer(rrc_port_t *out_ports, int num_out_ports, rrc_match_t *r)

Sets a load balancer, for traffic matching the specified rule, with the specified destination ports.

Return
0 on success, -1 otherwise
Parameters
  • out_ports: The destination ports
  • num_out_ports: The number of destination ports
  • r: The RRC rule to match

int rrc_ifname_to_phys_port(const char *ifname)

Returns the physical PEP port number bound to the interface

Return
The port number on success, -1 otherwise
Parameters
  • ifname: The interface name

int rrc_get_external_phys_port(int internal_phys_port)

Returns the physical EPL port bound to the provided PEP port

Return
The EPL port number on success, -1 otherwise
Parameters
  • internal_phys_port: The physical PEP port number

int rrc_get_internal_phys_port(int external_phys_port)

Returns the physical PEP port bound to the provided EPL port

Return
The PEP port number on success, -1 otherwise
Parameters
  • external_phys_port: The physical EPL port number

void rrc_dump_rules(rrc_port_t *port, rrc_filter_type_t type)

Prints all the rules on a <port, type> (only for debugging)

void rrc_set_log_level(u_int8_t l)

Sets the verbosity level for logs

void rrc_set_log_file(FILE *f)

Sets the output file for logs (default is stdout)