From: Peng Yuan <yuan.peng@intel.com>
To: dts@dpdk.org
Cc: Peng Yuan <yuan.peng@intel.com>
Subject: [dts] [PATCH v1]test_plans: add dcf lifecycle acl part
Date: Fri, 13 Nov 2020 13:51:37 +0000
Message-ID: <1605275497-53384-1-git-send-email-yuan.peng@intel.com> (raw)
Add acl filter related cases to dcf_lifecycle_test_plan.rst
Signed-off-by: Peng Yuan <yuan.peng@intel.com>
diff --git a/test_plans/dcf_lifecycle_test_plan.rst b/test_plans/dcf_lifecycle_test_plan.rst
index 4f32a9fa..c3e039f6 100644
--- a/test_plans/dcf_lifecycle_test_plan.rst
+++ b/test_plans/dcf_lifecycle_test_plan.rst
@@ -711,3 +711,364 @@ Remove MAC-VLAN commands ::
ip link del macvlan0
ethtool -K enp24s0f1 l2-fwd-offload off
+
+
+Handling of ACL filters added by DCF
+====================================
+1. PF base driver shall track all the ACL filters being added by DCF.
+ Additionally it shall also track the related profiles needed for
+ the ACL filters being added.
+2. PF base driver shall ensure cleanup of these ACL filters and profiles
+ during resets and exception cases.
+
+pre-steps:
+
+1. Generate 2 VFs on PF0::
+
+ echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs
+
+ 0000:18:01.0 'Ethernet Adaptive Virtual Function 1889' if=enp24s1 drv=iavf unused=vfio-pci
+ 0000:18:01.1 'Ethernet Adaptive Virtual Function 1889' if=enp24s1f1 drv=iavf unused=vfio-pci
+
+2. Set VF0 as trust::
+
+ ip link set enp24s0f0 vf 0 trust on
+
+3. Bind VFs to dpdk driver::
+
+ modprobe vfio-pci
+ ./usertools/dpdk-devbind.py -b vfio-pci 0000:18:01.0 0000:18:01.1
+
+4. Launch dpdk on VF0, and VF0 request DCF mode::
+
+ ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf -n 4 -w 0000:18:01.0,cap=dcf --file-prefix=vf0 -- -i
+ testpmd> set fwd mac
+ testpmd> set verbose 1
+ testpmd> start
+ testpmd> show port info all
+
+ check the VF0 driver is net_ice_dcf.
+
+5. Launch dpdk on VF1::
+
+ ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf0 -n 4 -w 18:01.1 --file-prefix=vf1 -- -i
+ testpmd> set fwd rxonly
+ testpmd> set verbose 1
+ testpmd> start
+ testpmd> show port info all
+
+ check the VF1 driver is net_iavf.
+ the mac address is 5E:8E:8B:4D:89:05
+
+TC25: Turn trust mode off, when DCF launched
+--------------------------------------------
+If turn trust mode off, when DCF launched. The DCF rules should be removed.
+
+1. Create an ACL rule::
+
+ flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end
+
+ check the rule created successfully.
+
+2. send packet with dst mac of VF1::
+
+ sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0")
+
+ check the packet is dropped by VF1::
+
+ ---------------------- Forward statistics for port 0 ----------------------
+ RX-packets: 0 RX-dropped: 1 RX-total: 1
+ TX-packets: 0 TX-dropped: 0 TX-total: 0
+ ----------------------------------------------------------------------------
+
+ +++++++++++++++ Accumulated forward statistics for all ports+++++++++++++++
+ RX-packets: 0 RX-dropped: 1 RX-total: 1
+ TX-packets: 0 TX-dropped: 0 TX-total: 0
+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+3. turn VF0 trust mode off, while DCF launched::
+
+ ip link set enp24s0f0 vf 0 trust off
+
+4. check the DCF ACL rule can be listed.
+ send the packet again, check the packet not dropped by VF1.
+ so the rule can't take effect any more.
+
+5. turn VF0 trust mode on, then re-launch dpdk on VF0, which requests DCF mode again.
+ check there is no ACL rule listed.
+ repeat step 1-2, check the packet is dropped by VF1.
+
+TC26: Kill DCF process
+----------------------
+If kill DCF process, when DCF launched. The DCF rules should be removed.
+
+1. Create an ACL rule::
+
+ flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end
+
+ check the rule created successfully.
+
+2. send packet with dst mac of VF1::
+
+ sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0")
+
+ check the packet is dropped by VF1::
+
+3. kill DCF process ::
+
+ ps -ef |grep testpmd #Check the process id
+ kill -9 <pid>
+
+4. send the packet again, check the packet not dropped by VF1.
+ so the rule can't take effect any more.
+
+5. re-launch dpdk on VF0, which requests DCF mode again.
+ check there is no ACL rule listed.
+ send the packet again, check the packet not dropped by VF1.
+
+6. repeat step 1-2, check the packet is dropped by VF1.
+
+TC27: Allow AVF request
+-----------------------
+This is a scenario when the DCF user process was killed and a new AVF is being installed.
+Kill DCF process, then fail to launch avf on the previous DCF VF.
+
+1. Create an ACL rule::
+
+ flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end
+
+ check the rule created successfully.
+
+2. send packet with dst mac of VF1::
+
+ sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0")
+
+ check the packet is dropped by VF1::
+
+3. kill DCF process ::
+
+ ps -ef |grep testpmd #Check the process id
+ kill -9 <pid>
+
+4. send the packet again, check the packet not dropped by VF1.
+ so the rule can't take effect any more.
+
+5. re-launch dpdk on VF0, which requests AVF mode::
+
+ ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf -n 4 -w 0000:18:01.0 --file-prefix=vf0 -- -i
+
+ report::
+
+ iavf_get_vf_resource(): Failed to execute command of OP_GET_VF_RESOURCE
+ iavf_init_vf(): iavf_get_vf_config failed
+ iavf_dev_init(): Init vf failed
+
+ then quit the process, re-launch AVF on VF0 again, launch successfully.
+ send the packet again, check the packet not dropped by VF1.
+
+TC28: DCF graceful exit
+-----------------------
+1. Create an ACL rule::
+
+ flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end
+
+ check the rule created successfully.
+
+2. send packet with dst mac of VF1::
+
+ sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0")
+
+ check the packet is dropped by VF1::
+
+3. Exit the DCF in DCF testpmd ::
+
+ testpmd> quit
+
+4. send the packet again, check the packet not dropped by VF1.
+ the ACL rule is removed.
+
+TC29: DCF enabled, AVF VF reset
+-------------------------------
+1. Create an ACL rule::
+
+ flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end
+
+ check the rule created successfully.
+
+2. send packet with dst mac of VF1::
+
+ sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0")
+
+ check the packet is dropped by VF1::
+
+3. reset VF1 in testpmd::
+
+ stop
+ port stop 0
+ port reset 0
+ port start 0
+ start
+
+4. send the packet again, check the packet still be dropped by VF1.
+ so the rule still take effect.
+
+5. Reset VF1 by setting mac addr::
+
+ ip link set enp24s0f0 vf 1 mac 00:01:02:03:04:05
+
+ Reset port in testpmd::
+
+ stop
+ port stop all
+ port reset all
+ port start all
+ start
+
+6. send the packet with changed dst mac address "00:01:02:03:04:05",
+ check the packet still be dropped by VF1.
+ so the rule still take effect.
+
+TC30: DCF enabled, DCF VF reset
+-------------------------------
+1. Create an ACL rule::
+
+ flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end
+
+ check the rule created successfully.
+
+2. send packet with dst mac of VF1::
+
+ sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0")
+
+ check the packet is dropped by VF1::
+
+3. reset VF0 in testpmd::
+
+ stop
+ port stop 0
+ port reset 0
+ port start 0
+ start
+
+4. check the rule still be listed.
+ send the packet with new mac address of VF1 again, check the packet still be dropped by VF1.
+ the rule still take effect.
+
+DCF mode and any ACL filters (not added by DCF) shall be mutually exclusive
+===========================================================================
+PF base driver shall ensure ACL filters being added by host based
+configuration tools such as tc flower or tc u32 (but not limited to)
+are mutually exclusive to DCF mode.
+
+TC31: add ACL rule by kernel, reject request for DCF functionality
+------------------------------------------------------------------
+1. create 2 VFs on PF0, set trust mode to VF0::
+
+ echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs
+ ip link set enp24s0f0 vf 0 trust on
+
+2. create an ACL rule on PF0 by kernel command::
+
+ # ethtool -N enp24s0f0 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1
+ Added rule with ID 15871
+
+3. launch testpmd on VF0 requesting for DCF funtionality::
+
+ ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop
+
+ report error::
+
+ ice_dcf_init_parent_hw(): firmware 5.1.5 api 1.7.3 build 0x7a25e184
+ ice_load_pkg_type(): Active package is: 1.3.20.0, ICE COMMS Package
+ ice_dcf_send_aq_cmd(): No response (201 times) or return failure (desc: -63 / buff: -63)
+ ice_flow_init(): Failed to initialize engine 4
+ ice_dcf_init_parent_adapter(): Failed to initialize flow
+ ice_dcf_dev_init(): Failed to init DCF parent adapter
+
+ get dmesg::
+
+ ice 0000:18:00.0: Grant request for DCF functionality to VF0
+ ice 0000:18:00.0: Failed to grant ACL capability to VF0 as ACL rules already exist
+
+4. delete the kernel ACL rule::
+
+ ethtool -N enp24s0f0 delete 15871
+
+5. relaunch testpmd on VF0 requesting for DCF funtionality with same command.
+ accept request for DCF functionality.
+ show the port info::
+
+ Driver name: net_ice_dcf
+
+ there is not Failed infomation in dmesg.
+
+TC32: add ACL rule by kernel, accept request for DCF functionality of another PF
+--------------------------------------------------------------------------------
+1. create 2 VFs on PF0, set trust mode to VF0::
+
+ echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs
+ ip link set enp24s0f0 vf 0 trust on
+
+2. create an ACL rule on PF1 by kernel command::
+
+ # ethtool -N enp24s0f1 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1
+ Added rule with ID 15871
+
+3. launch testpmd on VF0 of PF0 requesting for DCF funtionality successfully::
+
+ ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop
+
+ show the port info::
+
+ Driver name: net_ice_dcf
+
+ there is not Failed infomation in dmesg.
+
+TC33: ACL DCF mode is active, add ACL filters by way of host based configuration is rejected
+--------------------------------------------------------------------------------------------
+1. create 2 VFs on PF0, set trust mode to VF0::
+
+ echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs
+ ip link set enp24s0f0 vf 0 trust on
+
+2. launch testpmd on VF0 of PF0 requesting for DCF funtionality successfully::
+
+ ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop
+
+ show the port info::
+
+ Driver name: net_ice_dcf
+
+3. failed to add ACL filter by host kernel command::
+
+ ~# ethtool -N enp24s0f0 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1
+ rmgr: Cannot insert RX class rule: No such file or directory
+
+4. exit ACL DCF mode::
+
+ testpmd> quit
+
+5. add ACL filters by way of host based configuration successfully::
+
+ # ethtool -N enp24s0f0 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1
+ Added rule with ID 15871
+
+TC34: ACL DCF mode is active, add ACL filters by way of host based configuration on another PF successfully
+-----------------------------------------------------------------------------------------------------------
+1. create 2 VFs on PF0, set trust mode to VF0::
+
+ echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs
+ ip link set enp24s0f0 vf 0 trust on
+
+2. launch testpmd on VF0 of PF0 requesting for DCF funtionality successfully::
+
+ ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop
+
+ show the port info::
+
+ Driver name: net_ice_dcf
+
+3. add ACL filter by host kernel command on PF1 successfully::
+
+ # ethtool -N enp24s0f1 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1
+ Added rule with ID 15871
--
2.17.1
next reply other threads:[~2020-11-13 6:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-13 13:51 Peng Yuan [this message]
2020-11-18 3:33 ` Tu, Lijuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1605275497-53384-1-git-send-email-yuan.peng@intel.com \
--to=yuan.peng@intel.com \
--cc=dts@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
test suite reviews and discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://inbox.dpdk.org/dts/0 dts/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 dts dts/ http://inbox.dpdk.org/dts \
dts@dpdk.org
public-inbox-index dts
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://inbox.dpdk.org/inbox.dpdk.dts
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git