From: Peng Yuan <yuan.peng@intel.com> To: dts@dpdk.org Cc: Peng Yuan <yuan.peng@intel.com> Subject: [dts] [PATCH v1]test_plans: add dcf lifecycle acl part Date: Fri, 13 Nov 2020 13:51:37 +0000 Message-ID: <1605275497-53384-1-git-send-email-yuan.peng@intel.com> (raw) Add acl filter related cases to dcf_lifecycle_test_plan.rst Signed-off-by: Peng Yuan <yuan.peng@intel.com> diff --git a/test_plans/dcf_lifecycle_test_plan.rst b/test_plans/dcf_lifecycle_test_plan.rst index 4f32a9fa..c3e039f6 100644 --- a/test_plans/dcf_lifecycle_test_plan.rst +++ b/test_plans/dcf_lifecycle_test_plan.rst @@ -711,3 +711,364 @@ Remove MAC-VLAN commands :: ip link del macvlan0 ethtool -K enp24s0f1 l2-fwd-offload off + + +Handling of ACL filters added by DCF +==================================== +1. PF base driver shall track all the ACL filters being added by DCF. + Additionally it shall also track the related profiles needed for + the ACL filters being added. +2. PF base driver shall ensure cleanup of these ACL filters and profiles + during resets and exception cases. + +pre-steps: + +1. Generate 2 VFs on PF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + + 0000:18:01.0 'Ethernet Adaptive Virtual Function 1889' if=enp24s1 drv=iavf unused=vfio-pci + 0000:18:01.1 'Ethernet Adaptive Virtual Function 1889' if=enp24s1f1 drv=iavf unused=vfio-pci + +2. Set VF0 as trust:: + + ip link set enp24s0f0 vf 0 trust on + +3. Bind VFs to dpdk driver:: + + modprobe vfio-pci + ./usertools/dpdk-devbind.py -b vfio-pci 0000:18:01.0 0000:18:01.1 + +4. Launch dpdk on VF0, and VF0 request DCF mode:: + + ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf -n 4 -w 0000:18:01.0,cap=dcf --file-prefix=vf0 -- -i + testpmd> set fwd mac + testpmd> set verbose 1 + testpmd> start + testpmd> show port info all + + check the VF0 driver is net_ice_dcf. + +5. Launch dpdk on VF1:: + + ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf0 -n 4 -w 18:01.1 --file-prefix=vf1 -- -i + testpmd> set fwd rxonly + testpmd> set verbose 1 + testpmd> start + testpmd> show port info all + + check the VF1 driver is net_iavf. + the mac address is 5E:8E:8B:4D:89:05 + +TC25: Turn trust mode off, when DCF launched +-------------------------------------------- +If turn trust mode off, when DCF launched. The DCF rules should be removed. + +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + + ---------------------- Forward statistics for port 0 ---------------------- + RX-packets: 0 RX-dropped: 1 RX-total: 1 + TX-packets: 0 TX-dropped: 0 TX-total: 0 + ---------------------------------------------------------------------------- + + +++++++++++++++ Accumulated forward statistics for all ports+++++++++++++++ + RX-packets: 0 RX-dropped: 1 RX-total: 1 + TX-packets: 0 TX-dropped: 0 TX-total: 0 + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +3. turn VF0 trust mode off, while DCF launched:: + + ip link set enp24s0f0 vf 0 trust off + +4. check the DCF ACL rule can be listed. + send the packet again, check the packet not dropped by VF1. + so the rule can't take effect any more. + +5. turn VF0 trust mode on, then re-launch dpdk on VF0, which requests DCF mode again. + check there is no ACL rule listed. + repeat step 1-2, check the packet is dropped by VF1. + +TC26: Kill DCF process +---------------------- +If kill DCF process, when DCF launched. The DCF rules should be removed. + +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. kill DCF process :: + + ps -ef |grep testpmd #Check the process id + kill -9 <pid> + +4. send the packet again, check the packet not dropped by VF1. + so the rule can't take effect any more. + +5. re-launch dpdk on VF0, which requests DCF mode again. + check there is no ACL rule listed. + send the packet again, check the packet not dropped by VF1. + +6. repeat step 1-2, check the packet is dropped by VF1. + +TC27: Allow AVF request +----------------------- +This is a scenario when the DCF user process was killed and a new AVF is being installed. +Kill DCF process, then fail to launch avf on the previous DCF VF. + +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. kill DCF process :: + + ps -ef |grep testpmd #Check the process id + kill -9 <pid> + +4. send the packet again, check the packet not dropped by VF1. + so the rule can't take effect any more. + +5. re-launch dpdk on VF0, which requests AVF mode:: + + ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf -n 4 -w 0000:18:01.0 --file-prefix=vf0 -- -i + + report:: + + iavf_get_vf_resource(): Failed to execute command of OP_GET_VF_RESOURCE + iavf_init_vf(): iavf_get_vf_config failed + iavf_dev_init(): Init vf failed + + then quit the process, re-launch AVF on VF0 again, launch successfully. + send the packet again, check the packet not dropped by VF1. + +TC28: DCF graceful exit +----------------------- +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. Exit the DCF in DCF testpmd :: + + testpmd> quit + +4. send the packet again, check the packet not dropped by VF1. + the ACL rule is removed. + +TC29: DCF enabled, AVF VF reset +------------------------------- +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. reset VF1 in testpmd:: + + stop + port stop 0 + port reset 0 + port start 0 + start + +4. send the packet again, check the packet still be dropped by VF1. + so the rule still take effect. + +5. Reset VF1 by setting mac addr:: + + ip link set enp24s0f0 vf 1 mac 00:01:02:03:04:05 + + Reset port in testpmd:: + + stop + port stop all + port reset all + port start all + start + +6. send the packet with changed dst mac address "00:01:02:03:04:05", + check the packet still be dropped by VF1. + so the rule still take effect. + +TC30: DCF enabled, DCF VF reset +------------------------------- +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. reset VF0 in testpmd:: + + stop + port stop 0 + port reset 0 + port start 0 + start + +4. check the rule still be listed. + send the packet with new mac address of VF1 again, check the packet still be dropped by VF1. + the rule still take effect. + +DCF mode and any ACL filters (not added by DCF) shall be mutually exclusive +=========================================================================== +PF base driver shall ensure ACL filters being added by host based +configuration tools such as tc flower or tc u32 (but not limited to) +are mutually exclusive to DCF mode. + +TC31: add ACL rule by kernel, reject request for DCF functionality +------------------------------------------------------------------ +1. create 2 VFs on PF0, set trust mode to VF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + ip link set enp24s0f0 vf 0 trust on + +2. create an ACL rule on PF0 by kernel command:: + + # ethtool -N enp24s0f0 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + Added rule with ID 15871 + +3. launch testpmd on VF0 requesting for DCF funtionality:: + + ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop + + report error:: + + ice_dcf_init_parent_hw(): firmware 5.1.5 api 1.7.3 build 0x7a25e184 + ice_load_pkg_type(): Active package is: 1.3.20.0, ICE COMMS Package + ice_dcf_send_aq_cmd(): No response (201 times) or return failure (desc: -63 / buff: -63) + ice_flow_init(): Failed to initialize engine 4 + ice_dcf_init_parent_adapter(): Failed to initialize flow + ice_dcf_dev_init(): Failed to init DCF parent adapter + + get dmesg:: + + ice 0000:18:00.0: Grant request for DCF functionality to VF0 + ice 0000:18:00.0: Failed to grant ACL capability to VF0 as ACL rules already exist + +4. delete the kernel ACL rule:: + + ethtool -N enp24s0f0 delete 15871 + +5. relaunch testpmd on VF0 requesting for DCF funtionality with same command. + accept request for DCF functionality. + show the port info:: + + Driver name: net_ice_dcf + + there is not Failed infomation in dmesg. + +TC32: add ACL rule by kernel, accept request for DCF functionality of another PF +-------------------------------------------------------------------------------- +1. create 2 VFs on PF0, set trust mode to VF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + ip link set enp24s0f0 vf 0 trust on + +2. create an ACL rule on PF1 by kernel command:: + + # ethtool -N enp24s0f1 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + Added rule with ID 15871 + +3. launch testpmd on VF0 of PF0 requesting for DCF funtionality successfully:: + + ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop + + show the port info:: + + Driver name: net_ice_dcf + + there is not Failed infomation in dmesg. + +TC33: ACL DCF mode is active, add ACL filters by way of host based configuration is rejected +-------------------------------------------------------------------------------------------- +1. create 2 VFs on PF0, set trust mode to VF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + ip link set enp24s0f0 vf 0 trust on + +2. launch testpmd on VF0 of PF0 requesting for DCF funtionality successfully:: + + ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop + + show the port info:: + + Driver name: net_ice_dcf + +3. failed to add ACL filter by host kernel command:: + + ~# ethtool -N enp24s0f0 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + rmgr: Cannot insert RX class rule: No such file or directory + +4. exit ACL DCF mode:: + + testpmd> quit + +5. add ACL filters by way of host based configuration successfully:: + + # ethtool -N enp24s0f0 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + Added rule with ID 15871 + +TC34: ACL DCF mode is active, add ACL filters by way of host based configuration on another PF successfully +----------------------------------------------------------------------------------------------------------- +1. create 2 VFs on PF0, set trust mode to VF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + ip link set enp24s0f0 vf 0 trust on + +2. launch testpmd on VF0 of PF0 requesting for DCF funtionality successfully:: + + ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop + + show the port info:: + + Driver name: net_ice_dcf + +3. add ACL filter by host kernel command on PF1 successfully:: + + # ethtool -N enp24s0f1 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + Added rule with ID 15871 -- 2.17.1
next reply other threads:[~2020-11-13 6:48 UTC|newest] Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-11-13 13:51 Peng Yuan [this message] 2020-11-18 3:33 ` Tu, Lijuan
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1605275497-53384-1-git-send-email-yuan.peng@intel.com \ --to=yuan.peng@intel.com \ --cc=dts@dpdk.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
test suite reviews and discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://inbox.dpdk.org/dts/0 dts/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 dts dts/ http://inbox.dpdk.org/dts \ dts@dpdk.org public-inbox-index dts Example config snippet for mirrors. Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.dts AGPL code for this site: git clone https://public-inbox.org/public-inbox.git