From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id A2602160 for ; Tue, 15 Jan 2019 02:37:03 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Jan 2019 17:37:02 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,479,1539673200"; d="scan'208";a="106617954" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga007.jf.intel.com with ESMTP; 14 Jan 2019 17:37:02 -0800 Received: from fmsmsx121.amr.corp.intel.com (10.18.125.36) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 14 Jan 2019 17:37:02 -0800 Received: from shsmsx154.ccr.corp.intel.com (10.239.6.54) by fmsmsx121.amr.corp.intel.com (10.18.125.36) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 14 Jan 2019 17:37:01 -0800 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.196]) by SHSMSX154.ccr.corp.intel.com ([169.254.7.46]) with mapi id 14.03.0415.000; Tue, 15 Jan 2019 09:36:59 +0800 From: "Wu, ChangqingX" To: "Ma, LihongX" , "dts@dpdk.org" CC: "Ma, LihongX" Thread-Topic: [dts] [PATCH V2] Add test plan about l3fwdacl Thread-Index: AQHUq9ZES4hOkTBrrUWribPfxtcsUqWvjdAw Date: Tue, 15 Jan 2019 01:36:58 +0000 Message-ID: <7F81DD3887C58F49A6B2EFEC3C28E22E0B68FC24@SHSMSX101.ccr.corp.intel.com> References: <1547422687-29636-1-git-send-email-lihongx.ma@intel.com> In-Reply-To: <1547422687-29636-1-git-send-email-lihongx.ma@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH V2] Add test plan about l3fwdacl X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2019 01:37:04 -0000 Tested-by: Wu, ChangqingX -----Original Message----- From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of lihong Sent: Monday, January 14, 2019 7:38 AM To: dts@dpdk.org Cc: Ma, LihongX Subject: [dts] [PATCH V2] Add test plan about l3fwdacl Signed-off-by: lihong --- test_plans/l3fwdacl_test_plan.rst | 394 ++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 394 insertions(+) create mode 100644 test_plans/l3fwdacl_test_plan.rst diff --git a/test_plans/l3fwdacl_test_plan.rst b/test_plans/l3fwdacl_test_p= lan.rst new file mode 100644 index 0000000..ef53f41 --- /dev/null +++ b/test_plans/l3fwdacl_test_plan.rst @@ -0,0 +1,394 @@ +.. Copyright (c) <2014>, Intel Corporation + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + - Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + - Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + - Neither the name of Intel Corporation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Layer-3 Forwarding with Access Control +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Description +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +This document contains the test plan and results for testing=20 +``l3fwd-acl`` using the ACL library for access control and L3=20 +forwarding. + +The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet=20 +matching. The 5-tuple consist of source IP address, destination IP=20 +address, source port, destination port and a protocol identifier. + +The ``l3fwd-acl`` application supports two types of rules: + +#. Route information which is used for L3 forwarding. +#. An access control list which defines the black list to block. + +The ``l3fwd-acl`` application needs to load ACL and route rules before=20 +running. Route rules are mandatory while ACL rules are optional. After=20 +receiving packets from ports, ``l3fwd-acl`` will extract the necessary=20 +info from the TCP/IP header of received packets and perform a lookup in=20 +a rule database to figure out whether the packets should be dropped (in=20 +the ACL range) or forwarded to desired ports. + + +Prerequisites +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +#. Hardware and Software Setup: + + - Intel CrownPass Board with: + + - 2 CPUs: each core is 10x Intel Xeon cores at 2.8GHz IVB. + - 8x DDR3 DIMMs at 1600 MHz of 8GB each. Each of the 4 memory + channels of each CPU is populated with 1 DIMMs. + - 4x Intel 82599 (Niantic) (1x 10GbE full duplex optical port + per NIC). + + - BIOS version SE5C600.86B.99.99.x065.040220131106 (04/02/2012). + + - Software configuration: + + - Linux operating system: Fedora 18. + - Linux kernel version: 3.6.10-4. + - Linux kernel recompiled with huge pages, UIO and HPET enabled. + + - Packet generator: + + - IXIA. + +#. BIOS requirements; + + - Intel Hyper-Threading Technology is ENABLED + - Hardware Prefetcher is DISABLED + - Adjacent Cache Line Prefetch is DISABLED + - Direct Cache Access is DISABLED + +#. Linux kernel requirements: + + - Linux kernel has the following features enabled: huge page support, + UIO, HPET + - Appropriate number of huge pages are reserved at kernel boot time + - The IDs of the hardware threads (logical cores) per each CPU socket + can be determined by parsing the file /proc/cpuinfo. + +Test Case: packet match ACL rule +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D + +Ipv4 packet match source ip address 200.10.0.1 will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv4.db + @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0 + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + Add one default rule in rule file /root/rule_ipv6.db + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one ipv4 packet with source ip address 200.10.0.1 will be dropped= . + Send one ipv4 packet with source ip address 200.10.0.2 will be=20 + forwarded to PORT0 + +Ipv4 packet match destination ip address 100.10.0.1 will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv4.db + @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0 + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + Add one default rule in rule file /root/rule_ipv6.db + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one ipv4 packet with destination ip address 100.10.0.1 will be dr= opped. + Send one ipv4 packet with destination ip address 100.10.0.2 will be=20 + forwarded to PORT0 + +Ipv4 packet match source port 11 will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv4.db + @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0 + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + Add one default rule in rule file /root/rule_ipv6.db + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one ipv4 packet with source port 11 will be dropped. + Send one ipv4 packet with source port 1 will be forwarded to PORT0 + +Ipv4 packet match destination port 101 will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv4.db + @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0 + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + Add one default rule in rule file /root/rule_ipv6.db + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one ipv4 packet with destination port 101 will be dropped. + Send one ipv4 packet with destination port 1 will be forwarded to=20 + PORT0 + +Ipv4 packet match protocal TCP will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv4.db + @0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + Add one default rule in rule file /root/rule_ipv6.db + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one TCP ipv4 packet will be dropped. + Send one UDP ipv4 packet will be forwarded to PORT0 + +Ipv4 packet match 5-tuple will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv4.db + @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + Add one default rule in rule file /root/rule_ipv6.db + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one TCP ipv4 packet with source ip address 200.10.0.1, + destination ip address 100.10.0.1, source port 11, destination + port 101 will be dropped. + + Send one TCP ipv4 packet with source ip address 200.10.0.2, + destination ip address 100.10.0.1, source port 11, destination + port 101 will be forwarded to PORT0. + +Ipv6 packet match source ipv6 address 2001:0db8:85a3:08d3:1319:8a2e:0370:7= 344/128 will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv6.db + @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 : 655= 35 0 : 65535 0/0 + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + Add one default rule in rule file /root/rule_ipv4.db + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8= a2e:0370:7344/128 will be dropped. + Send one ipv6 packet with source ip address=20 + 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0 + +Ipv6 packet match destination ipv6 address 2002:0db8:85a3:08d3:1319:8a2e:0= 370:7344/128 will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv6.db + @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 : 655= 35 0 : 65535 0/0 + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + Add one default rule in rule file /root/rule_ipv4.db + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1= 319:8a2e:0370:7344/128 will be dropped. + Send one ipv6 packet with destination ip address=20 + 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128 will be forwarded to PORT0 + +Ipv6 packet match source port 11 will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv6.db + @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0 + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + Add one default rule in rule file /root/rule_ipv4.db + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one ipv6 packet with source port 11 will be dropped. + Send one ipv6 packet with source port 1 will be forwarded to PORT0 + +Ipv6 packet match destination port 101 will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv6.db + @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0 + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + Add one default rule in rule file /root/rule_ipv4.db + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one ipv6 packet with destination port 101 will be dropped. + Send one ipv6 packet with destination port 1 will be forwarded to=20 + PORT0 + +Ipv6 packet match protocal TCP will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv6.db + @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + Add one default rule in rule file /root/rule_ipv4.db + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one TCP ipv6 packet will be dropped. + Send one UDP ipv6 packet will be forwarded to PORT0 + +Ipv6 packet match 5-tuple will be dropped:: + + Add one ACL rule and default route rule in /root/rule_ipv6.db + @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:= 8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + Add one default rule in rule file /root/rule_ipv4.db + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:13= 19:8a2e:0370:7344/128, + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,sou= rce port 11, + destination port 101 will be dropped. + + Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:13= 19:8a2e:0370:7344/128, + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128, so= urce port 11, + destination port 101 will be forwarded to PORT0. + + +Test Case: packet match Exact route rule=20 +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Add two exact rule as below in rule_ipv4.db:: + + R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0 + R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1 + +Add two exact rule as below in rule_ipv6.db:: + + R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2= e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0 + R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128=20 +2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff=20 +1 + +Start l3fwd-acl and send packet:: + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one TCP ipv4 packet with source ip address 200.10.0.1, destinatio= n + ip address 100.10.0.1,source port 11, destination port 101 will be for= ward to PORT0. + + Send one TCP ipv4 packet with source ip address 200.20.0.1, destinatio= n + ip address 100.20.0.1,source port 12, destination port 102 will be for= ward to PORT1. + + Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:13= 19:8a2e:0370:7344, + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source= port 11, + destination port 101 will be forward to PORT0. + + Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:13= 19:8a2e:0370:7344, + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source = port 12, + destination port 102 will be forward to PORT1. + +Test Case: packet match LPM route rule +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Add two LPM rule as below in rule_ipv4.db:: + + R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0 + R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1 + +Add two LPM rule as below in rule_ipv6.db:: + + R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0 + R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1 + +Start l3fwd-acl and send packet:: + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"(0,= 0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be forw= ard to PORT0. + Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward t= o PORT1. + + Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will= be forward to PORT0. + Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be f= orward to PORT1. + +Test Case: packet match by scalar function=20 +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Packet match 5-tuple will be dropped:: + + Add one ACL rule and default route rule in rule_ipv4.db + @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 + + Add one ACL rule and default route rule in rule_ipv6.db + @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:= 8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00=20 + 0 + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db"= =20 + --scalar + + Send one TCP ipv4 packet with source ip address 200.10.0.1, destinatio= n ip address 100.10.0.1, + source port 11, destination port 101 will be dropped. + Send one TCP ipv4 packet with source ip address 200.10.0.2, destinatio= n ip address 100.10.0.1, + source port 11, destination port 101 will be forwarded to PORT0. + + Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:13= 19:8a2e:0370:7344/128, + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101, so= urce port 11, + destination port 101 will be dropped. + + Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:13= 19:8a2e:0370:7343, + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source= port 11, + destination port 101 will be forwarded to PORT0. + +Test Case: Invalid ACL rule +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Add two ACL rule as below in rule_ipv4.db:: + + R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0 + R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1 + +Add two ACL rule as below in rule_ipv6.db:: + + R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0 + R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1 + +Start l3fwd-acl:: + + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config=3D"= (0,0,2),(1,0,3)" + --rule_ipv4=3D"/root/rule_ipv4.db" --rule_ipv6=3D"/root/rule_ipv6.db" + + The l3fwdacl will not set up because of ivalid ACL rule. -- 2.7.4