2. Modules - NVIDIA Docs

NVIDIA Docs Hub NVIDIA Networking BlueField DPUs / SuperNICs & DOCA DOCA Documentation v1.0 2. Modules

2. Modules (PDF)

Here is a list of all modules:

2.1. Compatibility Management

Lib to define compatibility with current version, define experimental Symbols.

To set a Symbol (or specifically a function) as experimental:

__DOCA_EXPERIMENTAL int func_declare(int param1, int param2);

To remove warnings of experimental compile with "-D DOCA_ALLOW_EXPERIMENTAL_API"

Defines

#define __DOCA_EXPERIMENTAL: To set a Symbol (or specifically a function) as experimental.

Defines

#define __DOCA_EXPERIMENTAL

Value

__attribute__((deprecated("Symbol is defined as experimental"), section(".text.experimental")))

2.2. Deep packet inspection

DOCA Deep packet inspection library. For more details please refer to the user guide on DOCA devzone.

Classes

struct doca_dpi_config_t: DPI init configuration.
struct doca_dpi_parsing_info: L2-L4 flow information.
struct doca_dpi_result: Dequeue result.
struct doca_dpi_sig_data: Extra signature data.
struct doca_dpi_sig_info: Signature info.
struct doca_dpi_stat_info: DPI statistics.

Enumerations

enum doca_dpi_dequeue_status_t: Status of dequeue operation.
enum doca_dpi_enqueue_status_t: Status of enqueue operation.
enum doca_dpi_flow_status_t: Status of enqueued entry.

Functions

__DOCA_EXPERIMENTAL int doca_dpi_dequeue ( doca_dpi_ctx* ctx, uint16_t dpi_q, doca_dpi_result* result ): Dequeues packets after processing.
__DOCA_EXPERIMENTAL void doca_dpi_destroy ( doca_dpi_ctx* ctx ): Free the DPI memory and releases the regex engine.
__DOCA_EXPERIMENTAL int doca_dpi_enqueue ( doca_dpi_flow_ctx* flow_ctx, rte_mbuf* pkt, bool initiator, uint32_t payload_offset, void* user_data ): Enqueue a new DPI job for processing.
__DOCA_EXPERIMENTAL doca_dpi_flow_ctx* doca_dpi_flow_create ( doca_dpi_ctx* ctx, uint16_t dpi_q, const doca_dpi_parsing_info* parsing_info, int* error, doca_dpi_result* result ): Creates a new flow on a queue.
__DOCA_EXPERIMENTAL void doca_dpi_flow_destroy ( doca_dpi_flow_ctx* flow_ctx ): Destroys a flow on a queue.
__DOCA_EXPERIMENTAL int doca_dpi_flow_match_get ( const doca_dpi_flow_ctx* flow_ctx, doca_dpi_result* result ): Query a flow's match.
__DOCA_EXPERIMENTAL doca_dpi_ctx* doca_dpi_init ( const doca_dpi_config_t* config, int* error ): Initialize the DPI library.
__DOCA_EXPERIMENTAL int doca_dpi_load_signatures ( doca_dpi_ctx* ctx, const char* cdo_file ): Loads the cdo file.
__DOCA_EXPERIMENTAL int doca_dpi_signature_get ( const doca_dpi_ctx* ctx, uint32_t sig_id, doca_dpi_sig_data* sig_data ): Returns a specific sig info.
__DOCA_EXPERIMENTAL int doca_dpi_signatures_get ( const doca_dpi_ctx* ctx, doca_dpi_sig_data** sig_data ): Returns all signatures.
__DOCA_EXPERIMENTAL void doca_dpi_stat_get ( const doca_dpi_ctx* ctx, bool clear, doca_dpi_stat_info* stats ): Returns DPI statistics.

Enumerations

enum doca_dpi_dequeue_status_t

Values

DOCA_DPI_DEQ_NA: No DPI enqueued jobs done, or no packets to dequeue
DOCA_DPI_DEQ_READY: DPI Job and result is valid

enum doca_dpi_enqueue_status_t

Values

DOCA_DPI_ENQ_PROCESSING: Packet enqueued for processing
DOCA_DPI_ENQ_PACKET_EMPTY: No payload, packet was not queued
DOCA_DPI_ENQ_BUSY: Packet cannot be enqueued, queue is full
DOCA_DPI_ENQ_INVALID_DB: load_signatures failed, or was never called
DOCA_DPI_ENQ_INTERNAL_ERR

enum doca_dpi_flow_status_t

Values

DOCA_DPI_STATUS_LAST_PACKET = 1<<1: Indicates there are no more packets in queue from this flow.
DOCA_DPI_STATUS_DESTROYED = 1<<2: Indicates flow was destroyed while being processed
DOCA_DPI_STATUS_NEW_MATCH = 1<<3: Indicates flow was matched on current dequeue

Functions

__DOCA_EXPERIMENTAL int doca_dpi_dequeue ( doca_dpi_ctx* ctx, uint16_t dpi_q, doca_dpi_result* result )

Dequeues packets after processing.

Parameters

ctx: The DPI context.
dpi_q: The DPI queue from which to enqueue the flows.
result: Output, matching result.

Returns

doca_dpi_dequeue_status_t if successful, error code otherwise

Description

Only packets enqueued for processing will be returned by this API. Packets will return in the order they were enqueued.

__DOCA_EXPERIMENTAL void doca_dpi_destroy ( doca_dpi_ctx* ctx )

Free the DPI memory and releases the regex engine.

Parameters

ctx: DPI context to destroy.

Description

__DOCA_EXPERIMENTAL int doca_dpi_enqueue ( doca_dpi_flow_ctx* flow_ctx, rte_mbuf* pkt, bool initiator, uint32_t payload_offset, void* user_data )

Enqueue a new DPI job for processing.

Parameters

flow_ctx: The flow context handler.
pkt: The mbuf to be processed.
initiator: Indicates to which direction the packet belongs. Typically, the first packet will arrive from the initiator.
payload_offset: Indicates where the packet's payload begins.
user_data: Private user data to b returned when the DPI job is dequeued.

Returns

doca_dpi_enqueue_status_t or other error code.

Description

This function is thread-safe per queue. For best performance it should always be called form the same thread/queue on which the flow was created. See Multithreading section of the DPI Programming Guide for more details.

Once a packet is enqueued, the DPI engine will increase ref count in the mbuf. User must not change or reuse the mbuf while it is being processed. See "Packet Ownership" section of the DPI Programming Guide for more details.

The injected packet has to be stripped of FCS. A packet will not be enqueued if:

Payload length = 0

__DOCA_EXPERIMENTAL doca_dpi_flow_ctx* doca_dpi_flow_create ( doca_dpi_ctx* ctx, uint16_t dpi_q, const doca_dpi_parsing_info* parsing_info, int* error, doca_dpi_result* result )

Creates a new flow on a queue.

Parameters

ctx: The DPI context.
dpi_q: The DPI queue on which to create the flows
parsing_info: L3/L4 information.
error: Output, Negative if error occurred.
result: Output, If flow was matched based on the parsing info, result->matched will be true.

Returns

NULL on error.

Description

Must be called before enqueuing any new packet. A flow must not be created on 2 different queues.

__DOCA_EXPERIMENTAL void doca_dpi_flow_destroy ( doca_dpi_flow_ctx* flow_ctx )

Destroys a flow on a queue.

Parameters

flow_ctx: The flow context to destroy.

Description

Should be called when a flow is terminated or times out

__DOCA_EXPERIMENTAL int doca_dpi_flow_match_get ( const doca_dpi_flow_ctx* flow_ctx, doca_dpi_result* result )

Query a flow's match.

Parameters

flow_ctx: The flow context of the flow to be queried.
result: Output, latest match on this flow.

Returns

0 on success, error code otherwise.

Description

__DOCA_EXPERIMENTAL doca_dpi_ctx* doca_dpi_init ( const doca_dpi_config_t* config, int* error )

Initialize the DPI library.

Parameters

config: See doca_dpi_config_t for details.
error: Output error, negative value indicates an error.

Returns

doca_dpi_ctx - dpi opaque context, NULL on error.

Description

This function must be invoked first before any function in the API. It should be invoked once per process. This call will probe the first regex device it finds (0).

__DOCA_EXPERIMENTAL int doca_dpi_load_signatures ( doca_dpi_ctx* ctx, const char* cdo_file )

Loads the cdo file.

Parameters

ctx: The DPI context.
cdo_file: CDO file created by the DPI compiler.

Returns

0 on success, error code otherwise.

Description

The cdo file contains signature information. The cdo file must be loaded before any enqueue call.

Database update: When a new signatures database is available, the user may call this function again. The newly loaded CDO must contain the signatures of the previously loaded CDO or result will be undefined.

__DOCA_EXPERIMENTAL int doca_dpi_signature_get ( const doca_dpi_ctx* ctx, uint32_t sig_id, doca_dpi_sig_data* sig_data )

Returns a specific sig info.

Parameters

ctx: The DPI context.
sig_id: The DPI queue on which the flow was created.
sig_data: Output of the sig metadata.

Returns

0 on success, error code otherwise.

Description

__DOCA_EXPERIMENTAL int doca_dpi_signatures_get ( const doca_dpi_ctx* ctx, doca_dpi_sig_data** sig_data )

Returns all signatures.

Parameters

ctx: The DPI context.
sig_data: Output of the sig data.

Returns

0 on success, error code otherwise.

Description

It is the responsibility of the user to free the array. Because this function copies all the sig info, it is highly recommended to call this function only once after loading the database, and not during packet processing.

__DOCA_EXPERIMENTAL void doca_dpi_stat_get ( const doca_dpi_ctx* ctx, bool clear, doca_dpi_stat_info* stats )

Returns DPI statistics.

Parameters

ctx: The DPI context.
clear: Clear the statistics after fetching them.
stats: Output struct containing the statistics.

Description

2.3. NetFlow

Doca lib for export a netflow packet to a netflow collector.

This lib simplifies and centralizes the formatting and exporting of netflow packets. Netflow is a protocol for exporting information about the device network flows to a netflow collector that will aggregate and analyze the data. After creating conf file and invoke init function, the lib send function can be called with netflow struct to send a netflow packet with the format to the collector of choice specified in the conf file. The lib uses the netflow protocol specified by cisco.

Conf File structure:

doca_netflow.conf

[doca_netflow_conf]

target = <hostname = name/ipv4/ipv6>:<port = integer>

source_id = <ID = integer>

version = <version = 9>

doca_netflow_default.conf

[doca_netflow_conf]

target = 127.0.0.1:2055

source_id = 10

version = 9

Limitations:

The lib supports the netflow V9 format. The lib is not thread safe.

Classes

struct doca_netflow_default_record: Flow record, represent a flow at specific moment, usually after a flow end or after some timeout. Each one is a data record that will appear in the collector. This template is based on V5 fields with additional V9 fields.
struct doca_netflow_flowset_field: One field in netflow template, please look at doca_netflow_types for type macros.
struct doca_netflow_template: Template for the records. struct record_exmaple { uint32_t src_addr_V4; uint32_t dst_addr_V4; } struct doca_netflow_flowset_field fields[] = { {.type = DOCA_NETFLOW_IPV4_SRC_ADDR, .length = DOCA_NETFLOW_IPV4_SRC_ADDR_DEFAULT_LENGTH}, {.type = DOCA_NETFLOW_IPV4_DST_ADDR, .length = DOCA_NETFLOW_IPV4_DST_ADDR_DEFAULT_LENGTH} }; struct doca_netflow_template template = { .field_count = 2; .fields = fields; };.

Defines

#define DOCA_NETFLOW_CONF_DEFAULT_PATH "/etc/doca_netflow.conf": default conf path to look for

Functions

__DOCA_EXPERIMENTAL void doca_netflow_exporter_destroy ( void ): Free the exporter memory and close connection.
__DOCA_EXPERIMENTAL int doca_netflow_exporter_init ( const char* netflow_conf_file ): Init exporter memory, set configs and open connection.
__DOCA_EXPERIMENTAL int doca_netflow_exporter_send ( const doca_netflow_template* template, const void** records, size_t length, int* error ): Sending netflow records. Need to init first.
doca_netflow_template* doca_netflow_template_default_get ( void ): Return a default doca_netflow_template for use in send function, if using default template use doca_netflow_default_record struct for records.

Variables

struct doca_netflow_default_record packed: Flow record, represent a flow at specific moment, usually after a flow end or after some timeout. Each one is a data record that will appear in the collector. This template is based on V5 fields with additional V9 fields.

Defines

#define DOCA_NETFLOW_CONF_DEFAULT_PATH "/etc/doca_netflow.conf"

Functions

__DOCA_EXPERIMENTAL void doca_netflow_exporter_destroy ( void )

Free the exporter memory and close connection.

Description

__DOCA_EXPERIMENTAL int doca_netflow_exporter_init ( const char* netflow_conf_file )

Init exporter memory, set configs and open connection.

Parameters

netflow_conf_file: Doca netflow configure file pointer including a section marked as [doca_netflow_conf], if a NULL pointer is given then look at default path in DOCA_NETFLOW_CONF_DEFAULT_PATH. This function can be called again only after doca_netflow_exporter_destroy was called.

Returns

0 on success, error code otherwise.

Description

__DOCA_EXPERIMENTAL int doca_netflow_exporter_send ( const doca_netflow_template* template, const void** records, size_t length, int* error )

Sending netflow records. Need to init first.

Parameters

template: Template pointer how the records are structed. for more info reffer to doca_netflow_template.
records: Array of pointers to the flows structs to send, must be packed. strings must be a direct array in the struct not a pointer.
length: Records array size.
error: If return value is -1 populate this field with the error.

Returns

Number of records sent, -1 on error.

Description

Note:

if the return value is positive but not equal to length then just some of the records have sent. the send function sould run again with the remaining records. please reffer to the exmaple.
When sending more then 30 records the lib split the records to multiple packets because packet can send up to 30 records (Netflow protocol limit)

doca_netflow_template* doca_netflow_template_default_get ( void )

Return a default doca_netflow_template for use in send function, if using default template use doca_netflow_default_record struct for records.

Returns

pointer containing the default template

Description

Variables

struct doca_netflow_default_record packed

Flow record, represent a flow at specific moment, usually after a flow end or after some timeout. Each one is a data record that will appear in the collector. This template is based on V5 fields with additional V9 fields.

2.4. Version Management

Define function to get doca version and version compare.

Defines

#define DOCA_CURRENT_VERSION_NUM: Macro of current version number for comparisons.
#define DOCA_VERSION_EQ_CURRENT ( major, minor, patch ): Return 1 if the version specified is equal to current.
#define DOCA_VERSION_LTE_CURRENT ( major, minor, patch ): Return 1 if the version specified is less then or equal to current.
#define DOCA_VERSION_NUM ( major, minor, patch ): Macro of version number for comparisons.
#define DOCA_VER_MAJOR 0: Major version number 0-255.
#define DOCA_VER_MINOR 1: Minor version number 0-255.
#define DOCA_VER_PATCH 0: Patch version number 0-255.

Functions

const char* doca_version ( void ): Function returning version string.

Defines

#define DOCA_CURRENT_VERSION_NUM

Value

DOCA_VERSION_NUM(DOCA_VER_MAJOR, DOCA_VER_MINOR, DOCA_VER_PATCH)

#define DOCA_VERSION_EQ_CURRENT ( major, minor, patch )

Value

(DOCA_VERSION_NUM(major, minor, patch) == DOCA_CURRENT_VERSION_NUM)

#define DOCA_VERSION_LTE_CURRENT ( major, minor, patch )

Value

(DOCA_VERSION_NUM(major, minor, patch) <= DOCA_CURRENT_VERSION_NUM)

#define DOCA_VERSION_NUM ( major, minor, patch )

Value

((major) << 16 | (minor) << 8 | (patch))

#define DOCA_VER_MAJOR 0

#define DOCA_VER_MINOR 1

#define DOCA_VER_PATCH 0

Functions

const char* doca_version ( void ) [inline]

Function returning version string.

Returns

string version number of a format major.minor.patch