* [dts] [PATCH V2] Add test plan about l3fwdacl
@ 2019-01-13 23:38 lihong
2019-01-15 1:36 ` Wu, ChangqingX
2019-01-22 3:28 ` Zhang, Yuwei1
0 siblings, 2 replies; 8+ messages in thread
From: lihong @ 2019-01-13 23:38 UTC (permalink / raw)
To: dts; +Cc: lihong
Signed-off-by: lihong <lihongx.ma@intel.com>
---
test_plans/l3fwdacl_test_plan.rst | 394 ++++++++++++++++++++++++++++++++++++++
1 file changed, 394 insertions(+)
create mode 100644 test_plans/l3fwdacl_test_plan.rst
diff --git a/test_plans/l3fwdacl_test_plan.rst b/test_plans/l3fwdacl_test_plan.rst
new file mode 100644
index 0000000..ef53f41
--- /dev/null
+++ b/test_plans/l3fwdacl_test_plan.rst
@@ -0,0 +1,394 @@
+.. Copyright (c) <2014>, Intel Corporation
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ - Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ - Neither the name of Intel Corporation nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================
+Layer-3 Forwarding with Access Control
+======================================
+
+Description
+===========
+
+This document contains the test plan and results for testing
+``l3fwd-acl`` using the ACL library for access control and L3
+forwarding.
+
+The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet
+matching. The 5-tuple consist of source IP address, destination IP
+address, source port, destination port and a protocol identifier.
+
+The ``l3fwd-acl`` application supports two types of rules:
+
+#. Route information which is used for L3 forwarding.
+#. An access control list which defines the black list to block.
+
+The ``l3fwd-acl`` application needs to load ACL and route rules before
+running. Route rules are mandatory while ACL rules are optional. After
+receiving packets from ports, ``l3fwd-acl`` will extract the necessary
+info from the TCP/IP header of received packets and perform a lookup
+in a rule database to figure out whether the packets should be dropped
+(in the ACL range) or forwarded to desired ports.
+
+
+Prerequisites
+=============
+
+#. Hardware and Software Setup:
+
+ - Intel CrownPass Board with:
+
+ - 2 CPUs: each core is 10x Intel Xeon cores at 2.8GHz IVB.
+ - 8x DDR3 DIMMs at 1600 MHz of 8GB each. Each of the 4 memory
+ channels of each CPU is populated with 1 DIMMs.
+ - 4x Intel 82599 (Niantic) (1x 10GbE full duplex optical port
+ per NIC).
+
+ - BIOS version SE5C600.86B.99.99.x065.040220131106 (04/02/2012).
+
+ - Software configuration:
+
+ - Linux operating system: Fedora 18.
+ - Linux kernel version: 3.6.10-4.
+ - Linux kernel recompiled with huge pages, UIO and HPET enabled.
+
+ - Packet generator:
+
+ - IXIA.
+
+#. BIOS requirements;
+
+ - Intel Hyper-Threading Technology is ENABLED
+ - Hardware Prefetcher is DISABLED
+ - Adjacent Cache Line Prefetch is DISABLED
+ - Direct Cache Access is DISABLED
+
+#. Linux kernel requirements:
+
+ - Linux kernel has the following features enabled: huge page support,
+ UIO, HPET
+ - Appropriate number of huge pages are reserved at kernel boot time
+ - The IDs of the hardware threads (logical cores) per each CPU socket
+ can be determined by parsing the file /proc/cpuinfo.
+
+Test Case: packet match ACL rule
+================================
+
+Ipv4 packet match source ip address 200.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source ip address 200.10.0.1 will be dropped.
+ Send one ipv4 packet with source ip address 200.10.0.2 will be forwarded to PORT0
+
+Ipv4 packet match destination ip address 100.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination ip address 100.10.0.1 will be dropped.
+ Send one ipv4 packet with destination ip address 100.10.0.2 will be forwarded to PORT0
+
+Ipv4 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source port 11 will be dropped.
+ Send one ipv4 packet with source port 1 will be forwarded to PORT0
+
+Ipv4 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination port 101 will be dropped.
+ Send one ipv4 packet with destination port 1 will be forwarded to PORT0
+
+Ipv4 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet will be dropped.
+ Send one UDP ipv4 packet will be forwarded to PORT0
+
+Ipv4 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be dropped.
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.2,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be forwarded to PORT0.
+
+Ipv6 packet match source ipv6 address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0
+
+Ipv6 packet match destination ipv6 address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128 will be forwarded to PORT0
+
+Ipv6 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source port 11 will be dropped.
+ Send one ipv6 packet with source port 1 will be forwarded to PORT0
+
+Ipv6 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination port 101 will be dropped.
+ Send one ipv6 packet with destination port 1 will be forwarded to PORT0
+
+Ipv6 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet will be dropped.
+ Send one UDP ipv6 packet will be forwarded to PORT0
+
+Ipv6 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+
+Test Case: packet match Exact route rule
+========================================
+Add two exact rule as below in rule_ipv4.db::
+
+ R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0
+ R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1
+
+Add two exact rule as below in rule_ipv6.db::
+
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff 1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination
+ ip address 100.10.0.1,source port 11, destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv4 packet with source ip address 200.20.0.1, destination
+ ip address 100.20.0.1,source port 12, destination port 102 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source port 12,
+ destination port 102 will be forward to PORT1.
+
+Test Case: packet match LPM route rule
+============================================
+Add two LPM rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two LPM rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be forward to PORT0.
+ Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will be forward to PORT0.
+ Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be forward to PORT1.
+
+Test Case: packet match by scalar function
+============================================
+Packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one ACL rule and default route rule in rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db" --scalar
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be dropped.
+ Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be forwarded to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101, source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7343,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+Test Case: Invalid ACL rule
+============================================
+Add two ACL rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two ACL rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ The l3fwdacl will not set up because of ivalid ACL rule.
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dts] [PATCH V2] Add test plan about l3fwdacl
2019-01-13 23:38 [dts] [PATCH V2] Add test plan about l3fwdacl lihong
@ 2019-01-15 1:36 ` Wu, ChangqingX
2019-01-29 9:51 ` Tu, Lijuan
2019-01-22 3:28 ` Zhang, Yuwei1
1 sibling, 1 reply; 8+ messages in thread
From: Wu, ChangqingX @ 2019-01-15 1:36 UTC (permalink / raw)
To: Ma, LihongX, dts; +Cc: Ma, LihongX
Tested-by: Wu, ChangqingX <changqingx.wu@intel.com>
-----Original Message-----
From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of lihong
Sent: Monday, January 14, 2019 7:38 AM
To: dts@dpdk.org
Cc: Ma, LihongX <lihongx.ma@intel.com>
Subject: [dts] [PATCH V2] Add test plan about l3fwdacl
Signed-off-by: lihong <lihongx.ma@intel.com>
---
test_plans/l3fwdacl_test_plan.rst | 394 ++++++++++++++++++++++++++++++++++++++
1 file changed, 394 insertions(+)
create mode 100644 test_plans/l3fwdacl_test_plan.rst
diff --git a/test_plans/l3fwdacl_test_plan.rst b/test_plans/l3fwdacl_test_plan.rst
new file mode 100644
index 0000000..ef53f41
--- /dev/null
+++ b/test_plans/l3fwdacl_test_plan.rst
@@ -0,0 +1,394 @@
+.. Copyright (c) <2014>, Intel Corporation
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ - Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ - Neither the name of Intel Corporation nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================
+Layer-3 Forwarding with Access Control
+======================================
+
+Description
+===========
+
+This document contains the test plan and results for testing
+``l3fwd-acl`` using the ACL library for access control and L3
+forwarding.
+
+The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet
+matching. The 5-tuple consist of source IP address, destination IP
+address, source port, destination port and a protocol identifier.
+
+The ``l3fwd-acl`` application supports two types of rules:
+
+#. Route information which is used for L3 forwarding.
+#. An access control list which defines the black list to block.
+
+The ``l3fwd-acl`` application needs to load ACL and route rules before
+running. Route rules are mandatory while ACL rules are optional. After
+receiving packets from ports, ``l3fwd-acl`` will extract the necessary
+info from the TCP/IP header of received packets and perform a lookup in
+a rule database to figure out whether the packets should be dropped (in
+the ACL range) or forwarded to desired ports.
+
+
+Prerequisites
+=============
+
+#. Hardware and Software Setup:
+
+ - Intel CrownPass Board with:
+
+ - 2 CPUs: each core is 10x Intel Xeon cores at 2.8GHz IVB.
+ - 8x DDR3 DIMMs at 1600 MHz of 8GB each. Each of the 4 memory
+ channels of each CPU is populated with 1 DIMMs.
+ - 4x Intel 82599 (Niantic) (1x 10GbE full duplex optical port
+ per NIC).
+
+ - BIOS version SE5C600.86B.99.99.x065.040220131106 (04/02/2012).
+
+ - Software configuration:
+
+ - Linux operating system: Fedora 18.
+ - Linux kernel version: 3.6.10-4.
+ - Linux kernel recompiled with huge pages, UIO and HPET enabled.
+
+ - Packet generator:
+
+ - IXIA.
+
+#. BIOS requirements;
+
+ - Intel Hyper-Threading Technology is ENABLED
+ - Hardware Prefetcher is DISABLED
+ - Adjacent Cache Line Prefetch is DISABLED
+ - Direct Cache Access is DISABLED
+
+#. Linux kernel requirements:
+
+ - Linux kernel has the following features enabled: huge page support,
+ UIO, HPET
+ - Appropriate number of huge pages are reserved at kernel boot time
+ - The IDs of the hardware threads (logical cores) per each CPU socket
+ can be determined by parsing the file /proc/cpuinfo.
+
+Test Case: packet match ACL rule
+================================
+
+Ipv4 packet match source ip address 200.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source ip address 200.10.0.1 will be dropped.
+ Send one ipv4 packet with source ip address 200.10.0.2 will be
+ forwarded to PORT0
+
+Ipv4 packet match destination ip address 100.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination ip address 100.10.0.1 will be dropped.
+ Send one ipv4 packet with destination ip address 100.10.0.2 will be
+ forwarded to PORT0
+
+Ipv4 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source port 11 will be dropped.
+ Send one ipv4 packet with source port 1 will be forwarded to PORT0
+
+Ipv4 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination port 101 will be dropped.
+ Send one ipv4 packet with destination port 1 will be forwarded to
+ PORT0
+
+Ipv4 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet will be dropped.
+ Send one UDP ipv4 packet will be forwarded to PORT0
+
+Ipv4 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be dropped.
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.2,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be forwarded to PORT0.
+
+Ipv6 packet match source ipv6 address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with source ip address
+ 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0
+
+Ipv6 packet match destination ipv6 address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with destination ip address
+ 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128 will be forwarded to PORT0
+
+Ipv6 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source port 11 will be dropped.
+ Send one ipv6 packet with source port 1 will be forwarded to PORT0
+
+Ipv6 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination port 101 will be dropped.
+ Send one ipv6 packet with destination port 1 will be forwarded to
+ PORT0
+
+Ipv6 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet will be dropped.
+ Send one UDP ipv6 packet will be forwarded to PORT0
+
+Ipv6 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+
+Test Case: packet match Exact route rule
+========================================
+Add two exact rule as below in rule_ipv4.db::
+
+ R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0
+ R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1
+
+Add two exact rule as below in rule_ipv6.db::
+
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
+2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff
+1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination
+ ip address 100.10.0.1,source port 11, destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv4 packet with source ip address 200.20.0.1, destination
+ ip address 100.20.0.1,source port 12, destination port 102 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source port 12,
+ destination port 102 will be forward to PORT1.
+
+Test Case: packet match LPM route rule
+============================================
+Add two LPM rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two LPM rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be forward to PORT0.
+ Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will be forward to PORT0.
+ Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be forward to PORT1.
+
+Test Case: packet match by scalar function
+============================================
+Packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one ACL rule and default route rule in rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+ --scalar
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be dropped.
+ Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be forwarded to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101, source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7343,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+Test Case: Invalid ACL rule
+============================================
+Add two ACL rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two ACL rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ The l3fwdacl will not set up because of ivalid ACL rule.
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dts] [PATCH V2] Add test plan about l3fwdacl
2019-01-13 23:38 [dts] [PATCH V2] Add test plan about l3fwdacl lihong
2019-01-15 1:36 ` Wu, ChangqingX
@ 2019-01-22 3:28 ` Zhang, Yuwei1
1 sibling, 0 replies; 8+ messages in thread
From: Zhang, Yuwei1 @ 2019-01-22 3:28 UTC (permalink / raw)
To: Ma, LihongX, dts; +Cc: Ma, LihongX
Acked-by: Yuwei, Zhang(yuwei1.zhang@intel.com)
-----Original Message-----
From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of lihong
Sent: Monday, January 14, 2019 7:38 AM
To: dts@dpdk.org
Cc: Ma, LihongX <lihongx.ma@intel.com>
Subject: [dts] [PATCH V2] Add test plan about l3fwdacl
Signed-off-by: lihong <lihongx.ma@intel.com>
---
test_plans/l3fwdacl_test_plan.rst | 394 ++++++++++++++++++++++++++++++++++++++
1 file changed, 394 insertions(+)
create mode 100644 test_plans/l3fwdacl_test_plan.rst
diff --git a/test_plans/l3fwdacl_test_plan.rst b/test_plans/l3fwdacl_test_plan.rst
new file mode 100644
index 0000000..ef53f41
--- /dev/null
+++ b/test_plans/l3fwdacl_test_plan.rst
@@ -0,0 +1,394 @@
+.. Copyright (c) <2014>, Intel Corporation
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ - Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ - Neither the name of Intel Corporation nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================
+Layer-3 Forwarding with Access Control
+======================================
+
+Description
+===========
+
+This document contains the test plan and results for testing
+``l3fwd-acl`` using the ACL library for access control and L3
+forwarding.
+
+The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet
+matching. The 5-tuple consist of source IP address, destination IP
+address, source port, destination port and a protocol identifier.
+
+The ``l3fwd-acl`` application supports two types of rules:
+
+#. Route information which is used for L3 forwarding.
+#. An access control list which defines the black list to block.
+
+The ``l3fwd-acl`` application needs to load ACL and route rules before
+running. Route rules are mandatory while ACL rules are optional. After
+receiving packets from ports, ``l3fwd-acl`` will extract the necessary
+info from the TCP/IP header of received packets and perform a lookup in
+a rule database to figure out whether the packets should be dropped (in
+the ACL range) or forwarded to desired ports.
+
+
+Prerequisites
+=============
+
+#. Hardware and Software Setup:
+
+ - Intel CrownPass Board with:
+
+ - 2 CPUs: each core is 10x Intel Xeon cores at 2.8GHz IVB.
+ - 8x DDR3 DIMMs at 1600 MHz of 8GB each. Each of the 4 memory
+ channels of each CPU is populated with 1 DIMMs.
+ - 4x Intel 82599 (Niantic) (1x 10GbE full duplex optical port
+ per NIC).
+
+ - BIOS version SE5C600.86B.99.99.x065.040220131106 (04/02/2012).
+
+ - Software configuration:
+
+ - Linux operating system: Fedora 18.
+ - Linux kernel version: 3.6.10-4.
+ - Linux kernel recompiled with huge pages, UIO and HPET enabled.
+
+ - Packet generator:
+
+ - IXIA.
+
+#. BIOS requirements;
+
+ - Intel Hyper-Threading Technology is ENABLED
+ - Hardware Prefetcher is DISABLED
+ - Adjacent Cache Line Prefetch is DISABLED
+ - Direct Cache Access is DISABLED
+
+#. Linux kernel requirements:
+
+ - Linux kernel has the following features enabled: huge page support,
+ UIO, HPET
+ - Appropriate number of huge pages are reserved at kernel boot time
+ - The IDs of the hardware threads (logical cores) per each CPU socket
+ can be determined by parsing the file /proc/cpuinfo.
+
+Test Case: packet match ACL rule
+================================
+
+Ipv4 packet match source ip address 200.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source ip address 200.10.0.1 will be dropped.
+ Send one ipv4 packet with source ip address 200.10.0.2 will be
+ forwarded to PORT0
+
+Ipv4 packet match destination ip address 100.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination ip address 100.10.0.1 will be dropped.
+ Send one ipv4 packet with destination ip address 100.10.0.2 will be
+ forwarded to PORT0
+
+Ipv4 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source port 11 will be dropped.
+ Send one ipv4 packet with source port 1 will be forwarded to PORT0
+
+Ipv4 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination port 101 will be dropped.
+ Send one ipv4 packet with destination port 1 will be forwarded to
+ PORT0
+
+Ipv4 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet will be dropped.
+ Send one UDP ipv4 packet will be forwarded to PORT0
+
+Ipv4 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be dropped.
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.2,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be forwarded to PORT0.
+
+Ipv6 packet match source ipv6 address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with source ip address
+ 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0
+
+Ipv6 packet match destination ipv6 address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with destination ip address
+ 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128 will be forwarded to PORT0
+
+Ipv6 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source port 11 will be dropped.
+ Send one ipv6 packet with source port 1 will be forwarded to PORT0
+
+Ipv6 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination port 101 will be dropped.
+ Send one ipv6 packet with destination port 1 will be forwarded to
+ PORT0
+
+Ipv6 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet will be dropped.
+ Send one UDP ipv6 packet will be forwarded to PORT0
+
+Ipv6 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+
+Test Case: packet match Exact route rule
+========================================
+Add two exact rule as below in rule_ipv4.db::
+
+ R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0
+ R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1
+
+Add two exact rule as below in rule_ipv6.db::
+
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
+2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff
+1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination
+ ip address 100.10.0.1,source port 11, destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv4 packet with source ip address 200.20.0.1, destination
+ ip address 100.20.0.1,source port 12, destination port 102 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source port 12,
+ destination port 102 will be forward to PORT1.
+
+Test Case: packet match LPM route rule
+============================================
+Add two LPM rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two LPM rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be forward to PORT0.
+ Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will be forward to PORT0.
+ Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be forward to PORT1.
+
+Test Case: packet match by scalar function
+============================================
+Packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one ACL rule and default route rule in rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+ --scalar
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be dropped.
+ Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be forwarded to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101, source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7343,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+Test Case: Invalid ACL rule
+============================================
+Add two ACL rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two ACL rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ The l3fwdacl will not set up because of ivalid ACL rule.
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dts] [PATCH V2] Add test plan about l3fwdacl
2019-01-15 1:36 ` Wu, ChangqingX
@ 2019-01-29 9:51 ` Tu, Lijuan
0 siblings, 0 replies; 8+ messages in thread
From: Tu, Lijuan @ 2019-01-29 9:51 UTC (permalink / raw)
To: Wu, ChangqingX, Ma, LihongX, dts; +Cc: Ma, LihongX
> -----Original Message-----
> From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of Wu, ChangqingX
> Sent: Tuesday, January 15, 2019 9:37 AM
> To: Ma, LihongX <lihongx.ma@intel.com>; dts@dpdk.org
> Cc: Ma, LihongX <lihongx.ma@intel.com>
> Subject: Re: [dts] [PATCH V2] Add test plan about l3fwdacl
>
> Tested-by: Wu, ChangqingX <changqingx.wu@intel.com>
>
> -----Original Message-----
> From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of lihong
> Sent: Monday, January 14, 2019 7:38 AM
> To: dts@dpdk.org
> Cc: Ma, LihongX <lihongx.ma@intel.com>
> Subject: [dts] [PATCH V2] Add test plan about l3fwdacl
>
> Signed-off-by: lihong <lihongx.ma@intel.com>
> ---
> test_plans/l3fwdacl_test_plan.rst | 394
> ++++++++++++++++++++++++++++++++++++++
> 1 file changed, 394 insertions(+)
> create mode 100644 test_plans/l3fwdacl_test_plan.rst
>
> diff --git a/test_plans/l3fwdacl_test_plan.rst
> b/test_plans/l3fwdacl_test_plan.rst
> new file mode 100644
> index 0000000..ef53f41
> --- /dev/null
> +++ b/test_plans/l3fwdacl_test_plan.rst
> @@ -0,0 +1,394 @@
> +.. Copyright (c) <2014>, Intel Corporation
> + All rights reserved.
> +
> + Redistribution and use in source and binary forms, with or without
> + modification, are permitted provided that the following conditions
> + are met:
> +
> + - Redistributions of source code must retain the above copyright
> + notice, this list of conditions and the following disclaimer.
> +
> + - Redistributions in binary form must reproduce the above copyright
> + notice, this list of conditions and the following disclaimer in
> + the documentation and/or other materials provided with the
> + distribution.
> +
> + - Neither the name of Intel Corporation nor the names of its
> + contributors may be used to endorse or promote products derived
> + from this software without specific prior written permission.
> +
> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
> CONTRIBUTORS
> + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
> + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
> + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
> INDIRECT,
> + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
> + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> OR
> + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
> CONTRACT,
> + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
> + OF THE POSSIBILITY OF SUCH DAMAGE.
> +
> +======================================
> +Layer-3 Forwarding with Access Control
> +======================================
> +
> +Description
> +===========
> +
> +This document contains the test plan and results for testing
> +``l3fwd-acl`` using the ACL library for access control and L3
> +forwarding.
> +
> +The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet
> +matching. The 5-tuple consist of source IP address, destination IP
> +address, source port, destination port and a protocol identifier.
> +
> +The ``l3fwd-acl`` application supports two types of rules:
> +
> +#. Route information which is used for L3 forwarding.
> +#. An access control list which defines the black list to block.
> +
> +The ``l3fwd-acl`` application needs to load ACL and route rules before
> +running. Route rules are mandatory while ACL rules are optional. After
> +receiving packets from ports, ``l3fwd-acl`` will extract the necessary
> +info from the TCP/IP header of received packets and perform a lookup in
> +a rule database to figure out whether the packets should be dropped (in
> +the ACL range) or forwarded to desired ports.
> +
> +
> +Prerequisites
> +=============
> +
> +#. Hardware and Software Setup:
> +
> + - Intel CrownPass Board with:
> +
> + - 2 CPUs: each core is 10x Intel Xeon cores at 2.8GHz IVB.
> + - 8x DDR3 DIMMs at 1600 MHz of 8GB each. Each of the 4 memory
> + channels of each CPU is populated with 1 DIMMs.
> + - 4x Intel 82599 (Niantic) (1x 10GbE full duplex optical port
> + per NIC).
> +
> + - BIOS version SE5C600.86B.99.99.x065.040220131106 (04/02/2012).
> +
> + - Software configuration:
> +
> + - Linux operating system: Fedora 18.
> + - Linux kernel version: 3.6.10-4.
> + - Linux kernel recompiled with huge pages, UIO and HPET enabled.
> +
> + - Packet generator:
> +
> + - IXIA.
> +
[Lijuan] I don't think the Hardware and Software are Prerequisites, please check
1, Scapy could also as packet generator.
2, other CPU also support it.
3, it should be not limited to memory.
4, Fortville should also be supported.
5, the BIOS, OS, kernel, all are too old.
> +#. BIOS requirements;
> +
> + - Intel Hyper-Threading Technology is ENABLED
> + - Hardware Prefetcher is DISABLED
> + - Adjacent Cache Line Prefetch is DISABLED
> + - Direct Cache Access is DISABLED
> +
> +#. Linux kernel requirements:
> +
> + - Linux kernel has the following features enabled: huge page support,
> + UIO, HPET
> + - Appropriate number of huge pages are reserved at kernel boot time
> + - The IDs of the hardware threads (logical cores) per each CPU socket
> + can be determined by parsing the file /proc/cpuinfo.
> +
> +Test Case: packet match ACL rule
> +================================
> +
> +Ipv4 packet match source ip address 200.10.0.1 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv4 packet with source ip address 200.10.0.1 will be dropped.
> + Send one ipv4 packet with source ip address 200.10.0.2 will be
> + forwarded to PORT0
> +
> +Ipv4 packet match destination ip address 100.10.0.1 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv4 packet with destination ip address 100.10.0.1 will be dropped.
> + Send one ipv4 packet with destination ip address 100.10.0.2 will be
> + forwarded to PORT0
> +
> +Ipv4 packet match source port 11 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv4 packet with source port 11 will be dropped.
> + Send one ipv4 packet with source port 1 will be forwarded to PORT0
> +
> +Ipv4 packet match destination port 101 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv4 packet with destination port 101 will be dropped.
> + Send one ipv4 packet with destination port 1 will be forwarded to
> + PORT0
> +
> +Ipv4 packet match protocal TCP will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv4 packet will be dropped.
> + Send one UDP ipv4 packet will be forwarded to PORT0
> +
> +Ipv4 packet match 5-tuple will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv4 packet with source ip address 200.10.0.1,
> + destination ip address 100.10.0.1, source port 11, destination
> + port 101 will be dropped.
> +
> + Send one TCP ipv4 packet with source ip address 200.10.0.2,
> + destination ip address 100.10.0.1, source port 11, destination
> + port 101 will be forwarded to PORT0.
> +
> +Ipv6 packet match source ipv6 address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 :
> 65535 0 : 65535 0/0
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
> + Send one ipv6 packet with source ip address
> + 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0
> +
> +Ipv6 packet match destination ipv6 address
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 :
> 65535 0 : 65535 0/0
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv6 packet with destination ip address
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
> + Send one ipv6 packet with destination ip address
> + 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128 will be forwarded to PORT0
> +
> +Ipv6 packet match source port 11 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv6 packet with source port 11 will be dropped.
> + Send one ipv6 packet with source port 1 will be forwarded to PORT0
> +
> +Ipv6 packet match destination port 101 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv6 packet with destination port 101 will be dropped.
> + Send one ipv6 packet with destination port 1 will be forwarded to
> + PORT0
> +
> +Ipv6 packet match protocal TCP will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv6 packet will be dropped.
> + Send one UDP ipv6 packet will be forwarded to PORT0
> +
> +Ipv6 packet match 5-tuple will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
> + destination ip address
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,source port 11,
> + destination port 101 will be dropped.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128,
> source port 11,
> + destination port 101 will be forwarded to PORT0.
> +
> +
> +Test Case: packet match Exact route rule
> +========================================
> +Add two exact rule as below in rule_ipv4.db::
> +
> + R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0
> + R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1
> +
> +Add two exact rule as below in rule_ipv6.db::
> +
> + R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0
> + R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
> +2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff
> +1
> +
> +Start l3fwd-acl and send packet::
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv4 packet with source ip address 200.10.0.1, destination
> + ip address 100.10.0.1,source port 11, destination port 101 will be forward to
> PORT0.
> +
> + Send one TCP ipv4 packet with source ip address 200.20.0.1, destination
> + ip address 100.20.0.1,source port 12, destination port 102 will be forward to
> PORT1.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source
> port 11,
> + destination port 101 will be forward to PORT0.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source
> port 12,
> + destination port 102 will be forward to PORT1.
> +
> +Test Case: packet match LPM route rule
> +============================================
> +Add two LPM rule as below in rule_ipv4.db::
> +
> + R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0
> + R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
> +
> +Add two LPM rule as below in rule_ipv6.db::
> +
> + R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0
> + R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
> +
> +Start l3fwd-acl and send packet::
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be
> forward to PORT0.
> + Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward
> to PORT1.
> +
> + Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will
> be forward to PORT0.
> + Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be
> forward to PORT1.
> +
> +Test Case: packet match by scalar function
> +============================================
> +Packet match 5-tuple will be dropped::
> +
> + Add one ACL rule and default route rule in rule_ipv4.db
> + @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one ACL rule and default route rule in rule_ipv6.db
> + @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> + --scalar
> +
> + Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip
> address 100.10.0.1,
> + source port 11, destination port 101 will be dropped.
> + Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip
> address 100.10.0.1,
> + source port 11, destination port 101 will be forwarded to PORT0.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101,
> source port 11,
> + destination port 101 will be dropped.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7343,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source
> port 11,
> + destination port 101 will be forwarded to PORT0.
> +
> +Test Case: Invalid ACL rule
> +============================================
> +Add two ACL rule as below in rule_ipv4.db::
> +
> + R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0
> + R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
> +
> +Add two ACL rule as below in rule_ipv6.db::
> +
> + R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0
> + R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
> +
> +Start l3fwd-acl::
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + The l3fwdacl will not set up because of ivalid ACL rule.
> --
> 2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dts] [PATCH V2] Add test plan about l3fwdacl
2019-02-01 19:02 lihong
2019-02-14 8:00 ` Wu, ChangqingX
@ 2019-02-26 8:17 ` Tu, Lijuan
1 sibling, 0 replies; 8+ messages in thread
From: Tu, Lijuan @ 2019-02-26 8:17 UTC (permalink / raw)
To: Ma, LihongX, dts; +Cc: Ma, LihongX
Applied, thanks
> -----Original Message-----
> From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of lihong
> Sent: Saturday, February 2, 2019 3:02 AM
> To: dts@dpdk.org
> Cc: Ma, LihongX <lihongx.ma@intel.com>
> Subject: [dts] [PATCH V2] Add test plan about l3fwdacl
>
> Signed-off-by: lihong <lihongx.ma@intel.com>
> ---
> test_plans/l3fwdacl_test_plan.rst | 369
> ++++++++++++++++++++++++++++++++++++++
> 1 file changed, 369 insertions(+)
> create mode 100644 test_plans/l3fwdacl_test_plan.rst
>
> diff --git a/test_plans/l3fwdacl_test_plan.rst
> b/test_plans/l3fwdacl_test_plan.rst
> new file mode 100644
> index 0000000..5e5b854
> --- /dev/null
> +++ b/test_plans/l3fwdacl_test_plan.rst
> @@ -0,0 +1,369 @@
> +.. Copyright (c) <2014>, Intel Corporation
> + All rights reserved.
> +
> + Redistribution and use in source and binary forms, with or without
> + modification, are permitted provided that the following conditions
> + are met:
> +
> + - Redistributions of source code must retain the above copyright
> + notice, this list of conditions and the following disclaimer.
> +
> + - Redistributions in binary form must reproduce the above copyright
> + notice, this list of conditions and the following disclaimer in
> + the documentation and/or other materials provided with the
> + distribution.
> +
> + - Neither the name of Intel Corporation nor the names of its
> + contributors may be used to endorse or promote products derived
> + from this software without specific prior written permission.
> +
> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
> CONTRIBUTORS
> + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
> + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
> + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
> INDIRECT,
> + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
> + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> OR
> + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
> CONTRACT,
> + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
> + OF THE POSSIBILITY OF SUCH DAMAGE.
> +
> +======================================
> +Layer-3 Forwarding with Access Control
> +======================================
> +
> +Description
> +===========
> +
> +This document contains the test plan and results for testing
> +``l3fwd-acl`` using the ACL library for access control and L3
> +forwarding.
> +
> +The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet
> +matching. The 5-tuple consist of source IP address, destination IP
> +address, source port, destination port and a protocol identifier.
> +
> +The ``l3fwd-acl`` application supports two types of rules:
> +
> +#. Route information which is used for L3 forwarding.
> +#. An access control list which defines the black list to block.
> +
> +The ``l3fwd-acl`` application needs to load ACL and route rules before
> +running. Route rules are mandatory while ACL rules are optional. After
> +receiving packets from ports, ``l3fwd-acl`` will extract the necessary
> +info from the TCP/IP header of received packets and perform a lookup in
> +a rule database to figure out whether the packets should be dropped (in
> +the ACL range) or forwarded to desired ports.
> +
> +
> +Prerequisites
> +=============
> +
> +1. The DUT has at least 2 DPDK supported IXGBE/I40E NIC ports::
> +
> + Tester DUT
> + eth1 <---> PORT 0
> + eth2 <---> PORT 1
> +
> +2. Support igb_uio driver::
> +
> + modprobe uio
> + insmod ./x86_64-native-linuxapp-gcc/kmod/igb_uio.ko
> + ./usertools/dpdk-devbind.py --bind=igb_uio 04:00.0 04:00.1
> +
> +Test Case: packet match ACL rule
> +================================
> +
> +Ipv4 packet match source ip address 200.10.0.1 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv4 packet with source ip address 200.10.0.1 will be dropped.
> + Send one ipv4 packet with source ip address 200.10.0.2 will be
> + forwarded to PORT0
> +
> +Ipv4 packet match destination ip address 100.10.0.1 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv4 packet with destination ip address 100.10.0.1 will be dropped.
> + Send one ipv4 packet with destination ip address 100.10.0.2 will be
> + forwarded to PORT0
> +
> +Ipv4 packet match source port 11 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv4 packet with source port 11 will be dropped.
> + Send one ipv4 packet with source port 1 will be forwarded to PORT0
> +
> +Ipv4 packet match destination port 101 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv4 packet with destination port 101 will be dropped.
> + Send one ipv4 packet with destination port 1 will be forwarded to
> + PORT0
> +
> +Ipv4 packet match protocal TCP will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv4 packet will be dropped.
> + Send one UDP ipv4 packet will be forwarded to PORT0
> +
> +Ipv4 packet match 5-tuple will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv4.db
> + @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one default rule in rule file /root/rule_ipv6.db
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv4 packet with source ip address 200.10.0.1,
> + destination ip address 100.10.0.1, source port 11, destination
> + port 101 will be dropped.
> +
> + Send one TCP ipv4 packet with source ip address 200.10.0.2,
> + destination ip address 100.10.0.1, source port 11, destination
> + port 101 will be forwarded to PORT0.
> +
> +Ipv6 packet match source ipv6 address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 :
> 65535 0 : 65535 0/0
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
> + Send one ipv6 packet with source ip address
> + 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0
> +
> +Ipv6 packet match destination ipv6 address
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 :
> 65535 0 : 65535 0/0
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv6 packet with destination ip address
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
> + Send one ipv6 packet with destination ip address
> + 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128 will be forwarded to PORT0
> +
> +Ipv6 packet match source port 11 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv6 packet with source port 11 will be dropped.
> + Send one ipv6 packet with source port 1 will be forwarded to PORT0
> +
> +Ipv6 packet match destination port 101 will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one ipv6 packet with destination port 101 will be dropped.
> + Send one ipv6 packet with destination port 1 will be forwarded to
> + PORT0
> +
> +Ipv6 packet match protocal TCP will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv6 packet will be dropped.
> + Send one UDP ipv6 packet will be forwarded to PORT0
> +
> +Ipv6 packet match 5-tuple will be dropped::
> +
> + Add one ACL rule and default route rule in /root/rule_ipv6.db
> + @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + Add one default rule in rule file /root/rule_ipv4.db
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
> + destination ip address
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,source port 11,
> + destination port 101 will be dropped.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128,
> source port 11,
> + destination port 101 will be forwarded to PORT0.
> +
> +
> +Test Case: packet match Exact route rule
> +========================================
> +Add two exact rule as below in rule_ipv4.db::
> +
> + R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0
> + R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1
> +
> +Add two exact rule as below in rule_ipv6.db::
> +
> + R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0
> + R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
> +2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff
> +1
> +
> +Start l3fwd-acl and send packet::
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv4 packet with source ip address 200.10.0.1, destination
> + ip address 100.10.0.1,source port 11, destination port 101 will be forward to
> PORT0.
> +
> + Send one TCP ipv4 packet with source ip address 200.20.0.1, destination
> + ip address 100.20.0.1,source port 12, destination port 102 will be forward to
> PORT1.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source
> port 11,
> + destination port 101 will be forward to PORT0.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source
> port 12,
> + destination port 102 will be forward to PORT1.
> +
> +Test Case: packet match LPM route rule
> +============================================
> +Add two LPM rule as below in rule_ipv4.db::
> +
> + R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0
> + R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
> +
> +Add two LPM rule as below in rule_ipv6.db::
> +
> + R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0
> + R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
> +
> +Start l3fwd-acl and send packet::
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be
> forward to PORT0.
> + Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward
> to PORT1.
> +
> + Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will
> be forward to PORT0.
> + Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be
> forward to PORT1.
> +
> +Test Case: packet match by scalar function
> +============================================
> +Packet match 5-tuple will be dropped::
> +
> + Add one ACL rule and default route rule in rule_ipv4.db
> + @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
> + R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
> +
> + Add one ACL rule and default route rule in rule_ipv6.db
> + @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
> 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff
> + R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
> + 0
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> + --scalar
> +
> + Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip
> address 100.10.0.1,
> + source port 11, destination port 101 will be dropped.
> + Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip
> address 100.10.0.1,
> + source port 11, destination port 101 will be forwarded to PORT0.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101,
> source port 11,
> + destination port 101 will be dropped.
> +
> + Send one TCP ipv6 packet with source ip address
> 2001:0db8:85a3:08d3:1319:8a2e:0370:7343,
> + destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source
> port 11,
> + destination port 101 will be forwarded to PORT0.
> +
> +Test Case: Invalid ACL rule
> +============================================
> +Add two ACL rule as below in rule_ipv4.db::
> +
> + R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0
> + R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
> +
> +Add two ACL rule as below in rule_ipv6.db::
> +
> + R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0
> + R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
> +
> +Start l3fwd-acl::
> +
> + ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --
> config="(0,0,2),(1,0,3)"
> + --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
> +
> + The l3fwdacl will not set up because of ivalid ACL rule.
> --
> 2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dts] [PATCH V2] Add test plan about l3fwdacl
2019-02-01 19:02 lihong
@ 2019-02-14 8:00 ` Wu, ChangqingX
2019-02-26 8:17 ` Tu, Lijuan
1 sibling, 0 replies; 8+ messages in thread
From: Wu, ChangqingX @ 2019-02-14 8:00 UTC (permalink / raw)
To: Ma, LihongX, dts; +Cc: Ma, LihongX
Tested-by: Wu, ChangqingX <changqingx.wu@intel.com>
-----Original Message-----
From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of lihong
Sent: Saturday, February 2, 2019 3:02 AM
To: dts@dpdk.org
Cc: Ma, LihongX <lihongx.ma@intel.com>
Subject: [dts] [PATCH V2] Add test plan about l3fwdacl
Signed-off-by: lihong <lihongx.ma@intel.com>
---
test_plans/l3fwdacl_test_plan.rst | 369 ++++++++++++++++++++++++++++++++++++++
1 file changed, 369 insertions(+)
create mode 100644 test_plans/l3fwdacl_test_plan.rst
diff --git a/test_plans/l3fwdacl_test_plan.rst b/test_plans/l3fwdacl_test_plan.rst
new file mode 100644
index 0000000..5e5b854
--- /dev/null
+++ b/test_plans/l3fwdacl_test_plan.rst
@@ -0,0 +1,369 @@
+.. Copyright (c) <2014>, Intel Corporation
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ - Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ - Neither the name of Intel Corporation nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================
+Layer-3 Forwarding with Access Control
+======================================
+
+Description
+===========
+
+This document contains the test plan and results for testing
+``l3fwd-acl`` using the ACL library for access control and L3
+forwarding.
+
+The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet
+matching. The 5-tuple consist of source IP address, destination IP
+address, source port, destination port and a protocol identifier.
+
+The ``l3fwd-acl`` application supports two types of rules:
+
+#. Route information which is used for L3 forwarding.
+#. An access control list which defines the black list to block.
+
+The ``l3fwd-acl`` application needs to load ACL and route rules before
+running. Route rules are mandatory while ACL rules are optional. After
+receiving packets from ports, ``l3fwd-acl`` will extract the necessary
+info from the TCP/IP header of received packets and perform a lookup in
+a rule database to figure out whether the packets should be dropped (in
+the ACL range) or forwarded to desired ports.
+
+
+Prerequisites
+=============
+
+1. The DUT has at least 2 DPDK supported IXGBE/I40E NIC ports::
+
+ Tester DUT
+ eth1 <---> PORT 0
+ eth2 <---> PORT 1
+
+2. Support igb_uio driver::
+
+ modprobe uio
+ insmod ./x86_64-native-linuxapp-gcc/kmod/igb_uio.ko
+ ./usertools/dpdk-devbind.py --bind=igb_uio 04:00.0 04:00.1
+
+Test Case: packet match ACL rule
+================================
+
+Ipv4 packet match source ip address 200.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source ip address 200.10.0.1 will be dropped.
+ Send one ipv4 packet with source ip address 200.10.0.2 will be
+ forwarded to PORT0
+
+Ipv4 packet match destination ip address 100.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination ip address 100.10.0.1 will be dropped.
+ Send one ipv4 packet with destination ip address 100.10.0.2 will be
+ forwarded to PORT0
+
+Ipv4 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source port 11 will be dropped.
+ Send one ipv4 packet with source port 1 will be forwarded to PORT0
+
+Ipv4 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination port 101 will be dropped.
+ Send one ipv4 packet with destination port 1 will be forwarded to
+ PORT0
+
+Ipv4 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet will be dropped.
+ Send one UDP ipv4 packet will be forwarded to PORT0
+
+Ipv4 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be dropped.
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.2,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be forwarded to PORT0.
+
+Ipv6 packet match source ipv6 address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with source ip address
+ 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0
+
+Ipv6 packet match destination ipv6 address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with destination ip address
+ 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128 will be forwarded to PORT0
+
+Ipv6 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source port 11 will be dropped.
+ Send one ipv6 packet with source port 1 will be forwarded to PORT0
+
+Ipv6 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination port 101 will be dropped.
+ Send one ipv6 packet with destination port 1 will be forwarded to
+ PORT0
+
+Ipv6 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet will be dropped.
+ Send one UDP ipv6 packet will be forwarded to PORT0
+
+Ipv6 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+
+Test Case: packet match Exact route rule
+========================================
+Add two exact rule as below in rule_ipv4.db::
+
+ R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0
+ R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1
+
+Add two exact rule as below in rule_ipv6.db::
+
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128
+2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff
+1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination
+ ip address 100.10.0.1,source port 11, destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv4 packet with source ip address 200.20.0.1, destination
+ ip address 100.20.0.1,source port 12, destination port 102 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source port 12,
+ destination port 102 will be forward to PORT1.
+
+Test Case: packet match LPM route rule
+============================================
+Add two LPM rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two LPM rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be forward to PORT0.
+ Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will be forward to PORT0.
+ Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be forward to PORT1.
+
+Test Case: packet match by scalar function
+============================================
+Packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one ACL rule and default route rule in rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00
+ 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+ --scalar
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be dropped.
+ Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be forwarded to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101, source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7343,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+Test Case: Invalid ACL rule
+============================================
+Add two ACL rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two ACL rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ The l3fwdacl will not set up because of ivalid ACL rule.
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* [dts] [PATCH V2] Add test plan about l3fwdacl
@ 2019-02-01 19:02 lihong
2019-02-14 8:00 ` Wu, ChangqingX
2019-02-26 8:17 ` Tu, Lijuan
0 siblings, 2 replies; 8+ messages in thread
From: lihong @ 2019-02-01 19:02 UTC (permalink / raw)
To: dts; +Cc: lihong
Signed-off-by: lihong <lihongx.ma@intel.com>
---
test_plans/l3fwdacl_test_plan.rst | 369 ++++++++++++++++++++++++++++++++++++++
1 file changed, 369 insertions(+)
create mode 100644 test_plans/l3fwdacl_test_plan.rst
diff --git a/test_plans/l3fwdacl_test_plan.rst b/test_plans/l3fwdacl_test_plan.rst
new file mode 100644
index 0000000..5e5b854
--- /dev/null
+++ b/test_plans/l3fwdacl_test_plan.rst
@@ -0,0 +1,369 @@
+.. Copyright (c) <2014>, Intel Corporation
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ - Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ - Neither the name of Intel Corporation nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================
+Layer-3 Forwarding with Access Control
+======================================
+
+Description
+===========
+
+This document contains the test plan and results for testing
+``l3fwd-acl`` using the ACL library for access control and L3
+forwarding.
+
+The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet
+matching. The 5-tuple consist of source IP address, destination IP
+address, source port, destination port and a protocol identifier.
+
+The ``l3fwd-acl`` application supports two types of rules:
+
+#. Route information which is used for L3 forwarding.
+#. An access control list which defines the black list to block.
+
+The ``l3fwd-acl`` application needs to load ACL and route rules before
+running. Route rules are mandatory while ACL rules are optional. After
+receiving packets from ports, ``l3fwd-acl`` will extract the necessary
+info from the TCP/IP header of received packets and perform a lookup
+in a rule database to figure out whether the packets should be dropped
+(in the ACL range) or forwarded to desired ports.
+
+
+Prerequisites
+=============
+
+1. The DUT has at least 2 DPDK supported IXGBE/I40E NIC ports::
+
+ Tester DUT
+ eth1 <---> PORT 0
+ eth2 <---> PORT 1
+
+2. Support igb_uio driver::
+
+ modprobe uio
+ insmod ./x86_64-native-linuxapp-gcc/kmod/igb_uio.ko
+ ./usertools/dpdk-devbind.py --bind=igb_uio 04:00.0 04:00.1
+
+Test Case: packet match ACL rule
+================================
+
+Ipv4 packet match source ip address 200.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source ip address 200.10.0.1 will be dropped.
+ Send one ipv4 packet with source ip address 200.10.0.2 will be forwarded to PORT0
+
+Ipv4 packet match destination ip address 100.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination ip address 100.10.0.1 will be dropped.
+ Send one ipv4 packet with destination ip address 100.10.0.2 will be forwarded to PORT0
+
+Ipv4 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source port 11 will be dropped.
+ Send one ipv4 packet with source port 1 will be forwarded to PORT0
+
+Ipv4 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination port 101 will be dropped.
+ Send one ipv4 packet with destination port 1 will be forwarded to PORT0
+
+Ipv4 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet will be dropped.
+ Send one UDP ipv4 packet will be forwarded to PORT0
+
+Ipv4 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be dropped.
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.2,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be forwarded to PORT0.
+
+Ipv6 packet match source ipv6 address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0
+
+Ipv6 packet match destination ipv6 address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128 will be forwarded to PORT0
+
+Ipv6 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source port 11 will be dropped.
+ Send one ipv6 packet with source port 1 will be forwarded to PORT0
+
+Ipv6 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination port 101 will be dropped.
+ Send one ipv6 packet with destination port 1 will be forwarded to PORT0
+
+Ipv6 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet will be dropped.
+ Send one UDP ipv6 packet will be forwarded to PORT0
+
+Ipv6 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+
+Test Case: packet match Exact route rule
+========================================
+Add two exact rule as below in rule_ipv4.db::
+
+ R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0
+ R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1
+
+Add two exact rule as below in rule_ipv6.db::
+
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff 1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination
+ ip address 100.10.0.1,source port 11, destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv4 packet with source ip address 200.20.0.1, destination
+ ip address 100.20.0.1,source port 12, destination port 102 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source port 12,
+ destination port 102 will be forward to PORT1.
+
+Test Case: packet match LPM route rule
+============================================
+Add two LPM rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two LPM rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be forward to PORT0.
+ Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will be forward to PORT0.
+ Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be forward to PORT1.
+
+Test Case: packet match by scalar function
+============================================
+Packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one ACL rule and default route rule in rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db" --scalar
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be dropped.
+ Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be forwarded to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101, source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7343,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+Test Case: Invalid ACL rule
+============================================
+Add two ACL rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two ACL rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ The l3fwdacl will not set up because of ivalid ACL rule.
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* [dts] [PATCH V2] Add test plan about l3fwdacl
@ 2019-01-31 22:50 lihong
0 siblings, 0 replies; 8+ messages in thread
From: lihong @ 2019-01-31 22:50 UTC (permalink / raw)
To: dts; +Cc: lihong
Signed-off-by: lihong <lihongx.ma@intel.com>
---
test_plans/l3fwdacl_test_plan.rst | 369 ++++++++++++++++++++++++++++++++++++++
1 file changed, 369 insertions(+)
create mode 100644 test_plans/l3fwdacl_test_plan.rst
diff --git a/test_plans/l3fwdacl_test_plan.rst b/test_plans/l3fwdacl_test_plan.rst
new file mode 100644
index 0000000..5e5b854
--- /dev/null
+++ b/test_plans/l3fwdacl_test_plan.rst
@@ -0,0 +1,369 @@
+.. Copyright (c) <2014>, Intel Corporation
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ - Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ - Neither the name of Intel Corporation nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================
+Layer-3 Forwarding with Access Control
+======================================
+
+Description
+===========
+
+This document contains the test plan and results for testing
+``l3fwd-acl`` using the ACL library for access control and L3
+forwarding.
+
+The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet
+matching. The 5-tuple consist of source IP address, destination IP
+address, source port, destination port and a protocol identifier.
+
+The ``l3fwd-acl`` application supports two types of rules:
+
+#. Route information which is used for L3 forwarding.
+#. An access control list which defines the black list to block.
+
+The ``l3fwd-acl`` application needs to load ACL and route rules before
+running. Route rules are mandatory while ACL rules are optional. After
+receiving packets from ports, ``l3fwd-acl`` will extract the necessary
+info from the TCP/IP header of received packets and perform a lookup
+in a rule database to figure out whether the packets should be dropped
+(in the ACL range) or forwarded to desired ports.
+
+
+Prerequisites
+=============
+
+1. The DUT has at least 2 DPDK supported IXGBE/I40E NIC ports::
+
+ Tester DUT
+ eth1 <---> PORT 0
+ eth2 <---> PORT 1
+
+2. Support igb_uio driver::
+
+ modprobe uio
+ insmod ./x86_64-native-linuxapp-gcc/kmod/igb_uio.ko
+ ./usertools/dpdk-devbind.py --bind=igb_uio 04:00.0 04:00.1
+
+Test Case: packet match ACL rule
+================================
+
+Ipv4 packet match source ip address 200.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source ip address 200.10.0.1 will be dropped.
+ Send one ipv4 packet with source ip address 200.10.0.2 will be forwarded to PORT0
+
+Ipv4 packet match destination ip address 100.10.0.1 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination ip address 100.10.0.1 will be dropped.
+ Send one ipv4 packet with destination ip address 100.10.0.2 will be forwarded to PORT0
+
+Ipv4 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with source port 11 will be dropped.
+ Send one ipv4 packet with source port 1 will be forwarded to PORT0
+
+Ipv4 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv4 packet with destination port 101 will be dropped.
+ Send one ipv4 packet with destination port 1 will be forwarded to PORT0
+
+Ipv4 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet will be dropped.
+ Send one UDP ipv4 packet will be forwarded to PORT0
+
+Ipv4 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv6.db
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be dropped.
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.2,
+ destination ip address 100.10.0.1, source port 11, destination
+ port 101 will be forwarded to PORT0.
+
+Ipv6 packet match source ipv6 address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0
+
+Ipv6 packet match destination ipv6 address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 : 65535 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+ Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128 will be forwarded to PORT0
+
+Ipv6 packet match source port 11 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with source port 11 will be dropped.
+ Send one ipv6 packet with source port 1 will be forwarded to PORT0
+
+Ipv6 packet match destination port 101 will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one ipv6 packet with destination port 101 will be dropped.
+ Send one ipv6 packet with destination port 1 will be forwarded to PORT0
+
+Ipv6 packet match protocal TCP will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet will be dropped.
+ Send one UDP ipv6 packet will be forwarded to PORT0
+
+Ipv6 packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in /root/rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one default rule in rule file /root/rule_ipv4.db
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7343/128, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+
+Test Case: packet match Exact route rule
+========================================
+Add two exact rule as below in rule_ipv4.db::
+
+ R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0
+ R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1
+
+Add two exact rule as below in rule_ipv6.db::
+
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0
+ R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff 1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination
+ ip address 100.10.0.1,source port 11, destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv4 packet with source ip address 200.20.0.1, destination
+ ip address 100.20.0.1,source port 12, destination port 102 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forward to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source port 12,
+ destination port 102 will be forward to PORT1.
+
+Test Case: packet match LPM route rule
+============================================
+Add two LPM rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two LPM rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl and send packet::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be forward to PORT0.
+ Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward to PORT1.
+
+ Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will be forward to PORT0.
+ Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be forward to PORT1.
+
+Test Case: packet match by scalar function
+============================================
+Packet match 5-tuple will be dropped::
+
+ Add one ACL rule and default route rule in rule_ipv4.db
+ @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff
+ R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ Add one ACL rule and default route rule in rule_ipv6.db
+ @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff
+ R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db" --scalar
+
+ Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be dropped.
+ Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip address 100.10.0.1,
+ source port 11, destination port 101 will be forwarded to PORT0.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101, source port 11,
+ destination port 101 will be dropped.
+
+ Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7343,
+ destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11,
+ destination port 101 will be forwarded to PORT0.
+
+Test Case: Invalid ACL rule
+============================================
+Add two ACL rule as below in rule_ipv4.db::
+
+ R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0
+ R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+Add two ACL rule as below in rule_ipv6.db::
+
+ R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0
+ R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+Start l3fwd-acl::
+
+ ./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+ --rule_ipv4="/root/rule_ipv4.db" --rule_ipv6="/root/rule_ipv6.db"
+
+ The l3fwdacl will not set up because of ivalid ACL rule.
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-02-26 8:17 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-13 23:38 [dts] [PATCH V2] Add test plan about l3fwdacl lihong
2019-01-15 1:36 ` Wu, ChangqingX
2019-01-29 9:51 ` Tu, Lijuan
2019-01-22 3:28 ` Zhang, Yuwei1
2019-01-31 22:50 lihong
2019-02-01 19:02 lihong
2019-02-14 8:00 ` Wu, ChangqingX
2019-02-26 8:17 ` Tu, Lijuan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).