From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B823CA046B for ; Mon, 19 Aug 2019 18:30:38 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 845F81BE94; Mon, 19 Aug 2019 18:30:38 +0200 (CEST) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by dpdk.org (Postfix) with ESMTP id 74E731BE93 for ; Mon, 19 Aug 2019 18:30:37 +0200 (CEST) Received: by mail-pf1-f174.google.com with SMTP id i30so1455719pfk.9 for ; Mon, 19 Aug 2019 09:30:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=mQtEwEIcV5UjAdW2o0B1WRRu5N3mZDq5Sec3OWhZFF4=; b=HD2Aocn0q1LmUFQU8Kd4Em0eH/7FJG9NWAq81WgpvC2Y2m/kC90ELReTtdmzYcf3n+ ZomVqIzu11STVDBivm6Tab5gAons9SQdrNEOpnE7DnjJqkIJFrRRuF5UvJGaET2GGYd+ J6vRM+gChYUsBPnL5HadpnllLaSyA/K/ukQfbQGNGBikaW0ceOy0W31o0AYeaiS0C7vp 63WU4b+f/FfFsCkthMhAqpdT2G27cxek1oiGbriZQftgItZQPgBYrprMklJ30s1lYQTe hJh1JNoWBlF8qxOPwY6PjTRb4W7WpUJPVT8dl5c2rObRFOxHSCDp/AIHbd3tJDrXpHIg otAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=mQtEwEIcV5UjAdW2o0B1WRRu5N3mZDq5Sec3OWhZFF4=; b=o/9LDjtsXzW1UWKzozKuJT/zB4CEZFQxUm8K4lQpzIaCrF2xr7/fB0/DqUMsCLRwQN rqCtCnVjQz9GyCk5PZ03Ujb2hL5CI4c3V3rw6F4mLnoFCiIkTktODEBQ2FpDXwCicJCl wM/QmyPZYxxJIKcqtQS8tVMc66ROw0j1zuHsaAk53I8L32hoz2saNpsbh1MSx4AVpTWU poCsT77wkdXyjKJ0u4n//Vzpm+1s77Dqwr0Tzp6B500rF7QuzfsYlhPjQgCEIgv0qILo fIQfRsY1MxZF+X7IEHAbwMErsqnfSne2a3YqzXRSygnOaoYO9xUU1KZ7D6BsaaU+6Gou TtMg== X-Gm-Message-State: APjAAAVafoIMTYgz5ujdV9+0+i98gwtehlYD+BVfegP4XYprDQaTwv6w ccRwvAUhf9oNMu+tqWdrOh1Vq628 X-Google-Smtp-Source: APXvYqwjdRTviVTyJK53AnNnCQcLd3/c5Bbgsh9kYkPaKYVXzdRHXLdXfDWyWCYunBuHL8cCzNx0KA== X-Received: by 2002:a63:121b:: with SMTP id h27mr20753038pgl.335.1566232236316; Mon, 19 Aug 2019 09:30:36 -0700 (PDT) Received: from localhost.localdomain ([2400:4050:c8c2:de00:ccf4:7de6:2dcb:a916]) by smtp.gmail.com with ESMTPSA id a189sm20694096pfa.60.2019.08.19.09.30.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Aug 2019 09:30:34 -0700 (PDT) From: Yasufumi Ogawa To: spp@dpdk.org, ferruh.yigit@intel.com, yasufum.o@gmail.com Date: Tue, 20 Aug 2019 01:30:31 +0900 Message-Id: <20190819163031.17321-1-yasufum.o@gmail.com> X-Mailer: git-send-email 2.17.1 Subject: [spp] [PATCH] docs: add l3fwd-acl app container X-BeenThere: spp@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Soft Patch Panel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: spp-bounces@dpdk.org Sender: "spp" This update is to add descriptions for l3fwd-acl app container. Signed-off-by: Yasufumi Ogawa --- docs/guides/tools/sppc/app_launcher.rst | 125 +++++++++++++++++++++++- 1 file changed, 123 insertions(+), 2 deletions(-) diff --git a/docs/guides/tools/sppc/app_launcher.rst b/docs/guides/tools/sppc/app_launcher.rst index 009bc80..233553a 100644 --- a/docs/guides/tools/sppc/app_launcher.rst +++ b/docs/guides/tools/sppc/app_launcher.rst @@ -20,6 +20,7 @@ inside a container. |--- helloworld.py |--- l2fwd.py |--- l3fwd.py + |--- l3fwd-acl.py |--- load-balancer.py |--- pktgen.py |--- spp-nfv.py @@ -309,8 +310,8 @@ This application provides LPM (longest prefix match) or EM (exact match) methods for packet classification. ``app/l3fwd.py`` launches l3fwd on a container. -As ``l3fwd`` application, this python script takes several options -other than EAL for port configurations and classification methods. +As similar to ``l3fwd`` application, this python script takes several +options other than EAL for port configurations and classification methods. The mandatory options for the application are ``-p`` for portmask and ``--config`` for rx as a set of combination of ``(port, queue, locre)``. @@ -435,6 +436,126 @@ It shows options without of EAL and container for simplicity. ... +.. _sppc_appl_l3fwd_acl: + +L3fwd-acl Container +------------------- + +`L3 Forwarding with Access Control +`_ +application is a simple example of packet processing using the DPDK. +The application performs a security check on received packets. +Packets that are in the Access Control List (ACL), which is loaded +during initialization, are dropped. Others are forwarded to the correct +port. + +``app/l3fwd-acl.py`` launches l3fwd-acl on a container. +As similar to ``l3fwd-acl``, this python script takes several options +other than EAL for port configurations and rules. +The mandatory options for the application are ``-p`` for portmask +and ``--config`` for rx as a set of combination of +``(port, queue, locre)``. + +Here is an example for launching l3fwd app container with two vhost +interfaces and printed log messages. +There are two rx ports. ``(0,0,1)`` is for queue of port 0 for which +lcore 1 is assigned, and ``(1,0,2)`` is for port 1. +In this case, you should add ``-nq`` option because the number of both +of rx and tx queues are two while the default number of virtio device +is one. +The number of tx queues, is two in this case, is decided to be the same +value as the number of lcores. +In ``--vdev`` option setup in the script, the number of queues is +defined as ``virtio_...,queues=2,...``. + +.. code-block:: console + + $ cd /path/to/spp/tools/sppc + $ python app/l3fwd-acl.py -l 1-2 -nq 2 -d 1,2 \ + --rule_ipv4="./rule_ipv4.db" -- rule_ipv6="./rule_ipv6.db" --scalar \ + -p 0x03 --config="(0,0,1),(1,0,2)" -fg + sudo docker run \ + -it \ + ... + --vdev virtio_user1,queues=2,path=/var/run/usvhost1 \ + --vdev virtio_user2,queues=2,path=/var/run/usvhost2 \ + --file-prefix spp-l3fwd-container1 \ + -- \ + -p 0x03 \ + --config "(0,0,8),(1,0,9)" \ + --rule_ipv4="./rule_ipv4.db" \ + --rule_ipv6="./rule_ipv6.db" \ + --scalar + EAL: Detected 16 lcore(s) + EAL: Auto-detected process type: PRIMARY + EAL: Multi-process socket /var/run/.spp-l3fwd-container1_unix + EAL: Probing VFIO support... + soft parse-ptype is enabled + LPM or EM none selected, default LPM on + Initializing port 0 ... Creating queues: nb_rxq=1 nb_txq=2... + LPM: Adding route 0x01010100 / 24 (0) + LPM: Adding route 0x02010100 / 24 (1) + LPM: Adding route IPV6 / 48 (0) + LPM: Adding route IPV6 / 48 (1) + txq=8,0,0 txq=9,1,0 + Initializing port 1 ... Creating queues: nb_rxq=1 nb_txq=2... + + Initializing rx queues on lcore 8 ... rxq=0,0,0 + Initializing rx queues on lcore 9 ... rxq=1,0,0 + ... + +You can increase lcores more than the number of ports, for instance, +four lcores for two ports. +However, remaining 3rd and 4th lcores do nothing and require +``-nq 4`` for tx queues. + +Refer help for all of options and usges. +It shows options without of EAL and container for simplicity. + +.. code-block:: console + + $ python app/l3fwd-acl.py -h + usage: l3fwd-acl.py [-h] [-l CORE_LIST] [-c CORE_MASK] [-m MEM] + [--socket-mem SOCKET_MEM] + [-b [PCI_BLACKLIST [PCI_BLACKLIST ...]]] + [-w [PCI_WHITELIST [PCI_WHITELIST ...]]] + [--single-file-segment] [--nof-memchan NOF_MEMCHAN] + [-d DEV_IDS] [-nq NOF_QUEUES] [--no-privileged] + [-p PORT_MASK] [--config CONFIG] [-P] + [--rule_ipv4 RULE_IPV4] [--rule_ipv6 RULE_IPV6] + [--scalar] [--enable-jumbo] + [--max-pkt-len MAX_PKT_LEN] [--no-numa] + [--dist-name DIST_NAME] [--dist-ver DIST_VER] + [--workdir WORKDIR] [-ci CONTAINER_IMAGE] [-fg] + [--dry-run] + + Launcher for l3fwd-acl application container + + optional arguments: + ... + -d DEV_IDS, --dev-ids DEV_IDS + two or more even vhost device IDs + -nq NOF_QUEUES, --nof-queues NOF_QUEUES + Number of queues of virtio (default is 1) + --no-privileged Disable docker's privileged mode if it's needed + -p PORT_MASK, --port-mask PORT_MASK + (Mandatory) Port mask + --config CONFIG (Mandatory) Define set of port, queue, lcore for + ports + -P, --promiscous Set all ports to promiscous mode (default is None) + --rule_ipv4 RULE_IPV4 + Specifies the IPv4 ACL and route rules file + --rule_ipv6 RULE_IPV6 + Specifies the IPv6 ACL and route rules file + --scalar Use a scalar function to perform rule lookup + --enable-jumbo Enable jumbo frames, [--enable-jumbo [--max-pkt-len + PKTLEN]] + --max-pkt-len MAX_PKT_LEN + Max packet length (64-9600) if jumbo is enabled. + --no-numa Disable NUMA awareness (default is None) + ... + + .. _sppc_appl_testpmd: Testpmd Container -- 2.17.1