From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 548CDA0545; Fri, 13 Nov 2020 07:48:48 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id EFA1656A3; Fri, 13 Nov 2020 07:48:46 +0100 (CET) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 1F2D9569B for ; Fri, 13 Nov 2020 07:48:44 +0100 (CET) IronPort-SDR: h0m8R5MpctY4wGocf2le9iudgrwnqqk2qrJYgUvQxORpnENQ/zLT5UyUSbyx+4e3ABToIciWVL /NuYaiDxM29A== X-IronPort-AV: E=McAfee;i="6000,8403,9803"; a="255145040" X-IronPort-AV: E=Sophos;i="5.77,474,1596524400"; d="scan'208";a="255145040" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Nov 2020 22:48:37 -0800 IronPort-SDR: ZiJFT0DH2TJaclKMgxu9kQPNmJTPOU9gFtS68K9HVpciJNsWoM5XFd9wkghSZ+kR2Mm8V7CPSO E8KUfWBrRj5Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,474,1596524400"; d="scan'208";a="542557781" Received: from npg_dpdk_nic_yuanpeng_tester62.sh.intel.com ([10.67.119.113]) by orsmga005.jf.intel.com with ESMTP; 12 Nov 2020 22:48:36 -0800 From: Peng Yuan To: dts@dpdk.org Cc: Peng Yuan Date: Fri, 13 Nov 2020 13:51:37 +0000 Message-Id: <1605275497-53384-1-git-send-email-yuan.peng@intel.com> X-Mailer: git-send-email 2.7.4 Subject: [dts] [PATCH v1]test_plans: add dcf lifecycle acl part X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dts-bounces@dpdk.org Sender: "dts" Add acl filter related cases to dcf_lifecycle_test_plan.rst Signed-off-by: Peng Yuan diff --git a/test_plans/dcf_lifecycle_test_plan.rst b/test_plans/dcf_lifecycle_test_plan.rst index 4f32a9fa..c3e039f6 100644 --- a/test_plans/dcf_lifecycle_test_plan.rst +++ b/test_plans/dcf_lifecycle_test_plan.rst @@ -711,3 +711,364 @@ Remove MAC-VLAN commands :: ip link del macvlan0 ethtool -K enp24s0f1 l2-fwd-offload off + + +Handling of ACL filters added by DCF +==================================== +1. PF base driver shall track all the ACL filters being added by DCF. + Additionally it shall also track the related profiles needed for + the ACL filters being added. +2. PF base driver shall ensure cleanup of these ACL filters and profiles + during resets and exception cases. + +pre-steps: + +1. Generate 2 VFs on PF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + + 0000:18:01.0 'Ethernet Adaptive Virtual Function 1889' if=enp24s1 drv=iavf unused=vfio-pci + 0000:18:01.1 'Ethernet Adaptive Virtual Function 1889' if=enp24s1f1 drv=iavf unused=vfio-pci + +2. Set VF0 as trust:: + + ip link set enp24s0f0 vf 0 trust on + +3. Bind VFs to dpdk driver:: + + modprobe vfio-pci + ./usertools/dpdk-devbind.py -b vfio-pci 0000:18:01.0 0000:18:01.1 + +4. Launch dpdk on VF0, and VF0 request DCF mode:: + + ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf -n 4 -w 0000:18:01.0,cap=dcf --file-prefix=vf0 -- -i + testpmd> set fwd mac + testpmd> set verbose 1 + testpmd> start + testpmd> show port info all + + check the VF0 driver is net_ice_dcf. + +5. Launch dpdk on VF1:: + + ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf0 -n 4 -w 18:01.1 --file-prefix=vf1 -- -i + testpmd> set fwd rxonly + testpmd> set verbose 1 + testpmd> start + testpmd> show port info all + + check the VF1 driver is net_iavf. + the mac address is 5E:8E:8B:4D:89:05 + +TC25: Turn trust mode off, when DCF launched +-------------------------------------------- +If turn trust mode off, when DCF launched. The DCF rules should be removed. + +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + + ---------------------- Forward statistics for port 0 ---------------------- + RX-packets: 0 RX-dropped: 1 RX-total: 1 + TX-packets: 0 TX-dropped: 0 TX-total: 0 + ---------------------------------------------------------------------------- + + +++++++++++++++ Accumulated forward statistics for all ports+++++++++++++++ + RX-packets: 0 RX-dropped: 1 RX-total: 1 + TX-packets: 0 TX-dropped: 0 TX-total: 0 + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +3. turn VF0 trust mode off, while DCF launched:: + + ip link set enp24s0f0 vf 0 trust off + +4. check the DCF ACL rule can be listed. + send the packet again, check the packet not dropped by VF1. + so the rule can't take effect any more. + +5. turn VF0 trust mode on, then re-launch dpdk on VF0, which requests DCF mode again. + check there is no ACL rule listed. + repeat step 1-2, check the packet is dropped by VF1. + +TC26: Kill DCF process +---------------------- +If kill DCF process, when DCF launched. The DCF rules should be removed. + +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. kill DCF process :: + + ps -ef |grep testpmd #Check the process id + kill -9 + +4. send the packet again, check the packet not dropped by VF1. + so the rule can't take effect any more. + +5. re-launch dpdk on VF0, which requests DCF mode again. + check there is no ACL rule listed. + send the packet again, check the packet not dropped by VF1. + +6. repeat step 1-2, check the packet is dropped by VF1. + +TC27: Allow AVF request +----------------------- +This is a scenario when the DCF user process was killed and a new AVF is being installed. +Kill DCF process, then fail to launch avf on the previous DCF VF. + +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. kill DCF process :: + + ps -ef |grep testpmd #Check the process id + kill -9 + +4. send the packet again, check the packet not dropped by VF1. + so the rule can't take effect any more. + +5. re-launch dpdk on VF0, which requests AVF mode:: + + ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0xf -n 4 -w 0000:18:01.0 --file-prefix=vf0 -- -i + + report:: + + iavf_get_vf_resource(): Failed to execute command of OP_GET_VF_RESOURCE + iavf_init_vf(): iavf_get_vf_config failed + iavf_dev_init(): Init vf failed + + then quit the process, re-launch AVF on VF0 again, launch successfully. + send the packet again, check the packet not dropped by VF1. + +TC28: DCF graceful exit +----------------------- +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. Exit the DCF in DCF testpmd :: + + testpmd> quit + +4. send the packet again, check the packet not dropped by VF1. + the ACL rule is removed. + +TC29: DCF enabled, AVF VF reset +------------------------------- +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. reset VF1 in testpmd:: + + stop + port stop 0 + port reset 0 + port start 0 + start + +4. send the packet again, check the packet still be dropped by VF1. + so the rule still take effect. + +5. Reset VF1 by setting mac addr:: + + ip link set enp24s0f0 vf 1 mac 00:01:02:03:04:05 + + Reset port in testpmd:: + + stop + port stop all + port reset all + port start all + start + +6. send the packet with changed dst mac address "00:01:02:03:04:05", + check the packet still be dropped by VF1. + so the rule still take effect. + +TC30: DCF enabled, DCF VF reset +------------------------------- +1. Create an ACL rule:: + + flow create 0 priority 0 ingress pattern eth / ipv4 / tcp src spec 8010 src mask 65520 / end actions drop / end + + check the rule created successfully. + +2. send packet with dst mac of VF1:: + + sendp([Ether(src="00:11:22:33:44:55", dst="5E:8E:8B:4D:89:05")/IP()/TCP(sport=8012)/Raw(load='X'*30)], iface="testeri0") + + check the packet is dropped by VF1:: + +3. reset VF0 in testpmd:: + + stop + port stop 0 + port reset 0 + port start 0 + start + +4. check the rule still be listed. + send the packet with new mac address of VF1 again, check the packet still be dropped by VF1. + the rule still take effect. + +DCF mode and any ACL filters (not added by DCF) shall be mutually exclusive +=========================================================================== +PF base driver shall ensure ACL filters being added by host based +configuration tools such as tc flower or tc u32 (but not limited to) +are mutually exclusive to DCF mode. + +TC31: add ACL rule by kernel, reject request for DCF functionality +------------------------------------------------------------------ +1. create 2 VFs on PF0, set trust mode to VF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + ip link set enp24s0f0 vf 0 trust on + +2. create an ACL rule on PF0 by kernel command:: + + # ethtool -N enp24s0f0 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + Added rule with ID 15871 + +3. launch testpmd on VF0 requesting for DCF funtionality:: + + ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop + + report error:: + + ice_dcf_init_parent_hw(): firmware 5.1.5 api 1.7.3 build 0x7a25e184 + ice_load_pkg_type(): Active package is: 1.3.20.0, ICE COMMS Package + ice_dcf_send_aq_cmd(): No response (201 times) or return failure (desc: -63 / buff: -63) + ice_flow_init(): Failed to initialize engine 4 + ice_dcf_init_parent_adapter(): Failed to initialize flow + ice_dcf_dev_init(): Failed to init DCF parent adapter + + get dmesg:: + + ice 0000:18:00.0: Grant request for DCF functionality to VF0 + ice 0000:18:00.0: Failed to grant ACL capability to VF0 as ACL rules already exist + +4. delete the kernel ACL rule:: + + ethtool -N enp24s0f0 delete 15871 + +5. relaunch testpmd on VF0 requesting for DCF funtionality with same command. + accept request for DCF functionality. + show the port info:: + + Driver name: net_ice_dcf + + there is not Failed infomation in dmesg. + +TC32: add ACL rule by kernel, accept request for DCF functionality of another PF +-------------------------------------------------------------------------------- +1. create 2 VFs on PF0, set trust mode to VF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + ip link set enp24s0f0 vf 0 trust on + +2. create an ACL rule on PF1 by kernel command:: + + # ethtool -N enp24s0f1 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + Added rule with ID 15871 + +3. launch testpmd on VF0 of PF0 requesting for DCF funtionality successfully:: + + ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop + + show the port info:: + + Driver name: net_ice_dcf + + there is not Failed infomation in dmesg. + +TC33: ACL DCF mode is active, add ACL filters by way of host based configuration is rejected +-------------------------------------------------------------------------------------------- +1. create 2 VFs on PF0, set trust mode to VF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + ip link set enp24s0f0 vf 0 trust on + +2. launch testpmd on VF0 of PF0 requesting for DCF funtionality successfully:: + + ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop + + show the port info:: + + Driver name: net_ice_dcf + +3. failed to add ACL filter by host kernel command:: + + ~# ethtool -N enp24s0f0 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + rmgr: Cannot insert RX class rule: No such file or directory + +4. exit ACL DCF mode:: + + testpmd> quit + +5. add ACL filters by way of host based configuration successfully:: + + # ethtool -N enp24s0f0 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + Added rule with ID 15871 + +TC34: ACL DCF mode is active, add ACL filters by way of host based configuration on another PF successfully +----------------------------------------------------------------------------------------------------------- +1. create 2 VFs on PF0, set trust mode to VF0:: + + echo 2 > /sys/bus/pci/devices/0000:18:00.0/sriov_numvfs + ip link set enp24s0f0 vf 0 trust on + +2. launch testpmd on VF0 of PF0 requesting for DCF funtionality successfully:: + + ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -n 4 -w 18:01.0,cap=dcf --log-level=ice,7 -- -i --port-topology=loop + + show the port info:: + + Driver name: net_ice_dcf + +3. add ACL filter by host kernel command on PF1 successfully:: + + # ethtool -N enp24s0f1 flow-type tcp4 src-ip 192.168.10.0 m 0.255.255.255 dst-port 8000 m 0x00ff action -1 + Added rule with ID 15871 -- 2.17.1