(4) dpdk rte acl (FFI only)#1546
Draft
daniel-noland wants to merge 1 commit into
Draft
Conversation
daniel-noland
changed the base branch from
main
to
pr/daniel-noland/concurrency-stack/6-facade-loom
Pulls a safe Rust wrapper around librte_acl from the now-stale
acl-stack branch. Independent of any pending cascade work;
usable by any future DPDK ACL consumer.
# What is in the wrapper
dpdk/src/acl/mod.rs module overview + safe re-exports
dpdk/src/acl/classify.rs ClassifyAlgorithm + discriminant conversions
dpdk/src/acl/config.rs typed AclBuildConfig / AclCreateParams
dpdk/src/acl/context.rs AclContext<N, State> + Configuring/Built typestate
dpdk/src/acl/error.rs typed AclCreateError / AclBuildError / ...
dpdk/src/acl/field.rs FieldDef / FieldSize / FieldType
dpdk/src/acl/rule.rs Rule / RuleData / AclField + Priority newtype
The const-generic AclContext<N, State> is the load-bearing abstraction:
the field count is shared between AclContext, Rule, and AclBuildConfig,
so any field-count mismatch is a compile-time error. Configuring->Built
transitions enforce DPDK's "rules cannot be added after build" and
"classification is &self (thread-safe)" invariants at the type level.
# Soundness
AclContext::classify and classify_with_algorithm are `unsafe fn`
because they take `&[*const u8]` whose validity cannot be enforced
by the type system -- the caller must guarantee each pointer
references a buffer of at least max(offset + size) bytes per the
field layout. A future safe wrapper around `&[&[u8; STRIDE]]` is
deferred until a concrete consumer demonstrates the shape it wants.
Everywhere else, `unsafe` is wrapped in safe abstractions
(see development/code/unsafe-code.md). Union-typed accessors
(AclField::value_u*/mask_range_u*) are safe -- the union holds
only integer members, none of which have invalid bit patterns.
# Validation
The crate's existing hand-rolled tests are joined by bolero
property tests over:
- ClassifyAlgorithm::from_u32 round-trip and unknown-rejection
across the full u32 domain
- Priority::new range validation across the full i32 domain
- AclCreateParams name validation over arbitrary strings (empty,
non-ASCII, too-long, NUL-containing)
- AclBuildConfig::new num_categories validation (zero, oversize,
misaligned)
# Build-side enablement (required by the rte_acl symbols)
nix/pkgs/dpdk/default.nix Move "acl" from disabledLibs to
enabledLibs so librte_acl.a is
part of the sysroot build.
nix/pkgs/dpdk-wrapper/src/dpdk_wrapper.h
Add `#include <rte_acl.h>` so
bindgen picks up the rte_acl_*
symbols.
dpdk-sys/build.rs Add "rte_acl" to the link list.
To validate locally:
just setup-roots # rebuilds DPDK + wrapper
# Re-enter nix-shell to pick up the new DATAPLANE_SYSROOT.
cargo nextest run -p dataplane-dpdk
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
daniel-noland
force-pushed
the
pr/daniel-noland/dpdk-rte-acl
branch
from
3f4c614 to
3659d09
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.