static int start_loop(int verbose)
{
struct pg_error *error = NULL;
struct pg_brick *nic_tmp, *switch_east, *print_tmp;
uint16_t port_count = rte_eth_dev_count();
GList *nic_manager = NULL;
GList *manager = NULL;
g_assert(port_count > 1);
/*
* Here is an ascii graph of the links:
*
* [NIC-X] - [PRINT-X] --\
* \
* [NIC-X+1] - [PRINT-X+1] } -- [SWITCH]
* /
* [NIC-X+2] - [PRINT-X+2] /
* ....
*/
switch_east = pg_switch_new("switch", 20, 20, &error);
CHECK_ERROR(error);
PG_BM_ADD(manager, switch_east);
for (int i = 0; i < port_count; ++i) {
nic_tmp = pg_nic_new_by_id("nic", 1, 1, WEST_SIDE, i, &error);
CHECK_ERROR(error);
print_tmp = pg_print_new("print", 1, 1, NULL,
PG_PRINT_FLAG_MAX, NULL,
&error);
CHECK_ERROR(error);
if (!verbose)
pg_brick_chained_links(&error, nic_tmp, switch_east);
else
pg_brick_chained_links(&error, nic_tmp,
print_tmp, switch_east);
CHECK_ERROR(error);
PG_BM_ADD(nic_manager, nic_tmp);
PG_BM_ADD(manager, print_tmp);
}
while (1) {
uint64_t tot_send_pkts = 0;
for (int i = 0; i < 100000; ++i) {
uint16_t nb_send_pkts;
PG_BM_GET_NEXT(nic_manager, nic_tmp);
pg_brick_poll(nic_tmp, &nb_send_pkts, &error);
tot_send_pkts += nb_send_pkts;
CHECK_ERROR(error);
usleep(1);
}
printf("poll pkts: %lu\n", tot_send_pkts);
}
nic_manager = g_list_first(nic_manager);
PG_BM_DESTROY(manager);
PG_BM_DESTROY(nic_manager);
return 0;
}
static void test_antispoof_rarp(void)
{
# include "rarp.c"
const unsigned char *pkts[] = {pkt1};
int pkts_size[] = {15};
uint16_t pkts_nb = 1;
struct ether_addr inside_mac;
struct pg_brick *gen_west;
struct pg_brick *antispoof;
struct pg_brick *col_east;
struct pg_error *error = NULL;
uint16_t packet_count;
uint16_t i;
struct rte_mbuf *packet;
uint64_t filtered_pkts_mask;
pg_scan_ether_addr(&inside_mac, "00:23:df:ff:c9:23");
/* [generator>]--[antispoof]--[collector] */
gen_west = pg_packetsgen_new("gen_west", 1, 1, EAST_SIDE,
&packet, 1, &error);
g_assert(!error);
antispoof = pg_antispoof_new("antispoof", 1, 1, EAST_SIDE,
inside_mac, &error);
g_assert(!error);
col_east = pg_collect_new("col_east", 1, 1, &error);
g_assert(!error);
pg_brick_link(gen_west, antispoof, &error);
g_assert(!error);
pg_brick_link(antispoof, col_east, &error);
g_assert(!error);
/* replay traffic */
for (i = 0; i < pkts_nb; i++) {
packet = build_packet(pkts[i], pkts_size[i]);
pg_brick_poll(gen_west, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == 1);
pg_brick_west_burst_get(col_east, &filtered_pkts_mask, &error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == 0);
rte_pktmbuf_free(packet);
}
pg_brick_destroy(gen_west);
pg_brick_destroy(antispoof);
pg_brick_destroy(col_east);
}
/* this test harness a Linux guest to check that packet are send and received
* by the vhost brick. An ethernet bridge inside the guest will forward packets
* between the two vhost-user virtio interfaces.
*/
static void test_vhost_flow_(int qemu_exit_signal)
{
const char mac_addr_0[18] = "52:54:00:12:34:11";
const char mac_addr_1[18] = "52:54:00:12:34:12";
struct rte_mempool *mbuf_pool = pg_get_mempool();
struct pg_brick *vhost_0, *vhost_1, *collect;
struct rte_mbuf *pkts[PG_MAX_PKTS_BURST];
const char *socket_path_0, *socket_path_1;
struct pg_error *error = NULL;
struct rte_mbuf **result_pkts;
int ret, qemu_pid, i;
uint64_t pkts_mask;
/* start vhost */
ret = pg_vhost_start("/tmp", &error);
g_assert(ret == 0);
g_assert(!error);
/* instanciate brick */
vhost_0 = pg_vhost_new("vhost-0", &error);
g_assert(!error);
g_assert(vhost_0);
vhost_1 = pg_vhost_new("vhost-1", &error);
g_assert(!error);
g_assert(vhost_1);
collect = pg_collect_new("collect", &error);
g_assert(!error);
g_assert(collect);
/* build the graph */
pg_brick_link(collect, vhost_1, &error);
g_assert(!error);
/* spawn first QEMU */
socket_path_0 = pg_vhost_socket_path(vhost_0, &error);
g_assert(!error);
g_assert(socket_path_0);
socket_path_1 = pg_vhost_socket_path(vhost_1, &error);
g_assert(!error);
g_assert(socket_path_1);
qemu_pid = pg_util_spawn_qemu(socket_path_0, socket_path_1,
mac_addr_0, mac_addr_1,
glob_vm_path,
glob_vm_key_path,
glob_hugepages_path, &error);
g_assert(!error);
g_assert(qemu_pid);
/* Prepare VM's bridge. */
# define SSH(c) \
g_assert(pg_util_ssh("localhost", ssh_port_id, glob_vm_key_path, c) == 0)
SSH("brctl addbr br0");
SSH("ifconfig br0 up");
SSH("ifconfig ens4 up");
SSH("ifconfig ens5 up");
SSH("brctl addif br0 ens4");
SSH("brctl addif br0 ens5");
SSH("brctl setfd br0 0");
SSH("brctl stp br0 off");
# undef SSH
ssh_port_id++;
/* prepare packet to send */
for (i = 0; i < NB_PKTS; i++) {
pkts[i] = rte_pktmbuf_alloc(mbuf_pool);
g_assert(pkts[i]);
rte_pktmbuf_append(pkts[i], ETHER_MIN_LEN);
/* set random dst/src mac address so the linux guest bridge
* will not filter them
*/
pg_set_mac_addrs(pkts[i],
"52:54:00:12:34:15", "52:54:00:12:34:16");
/* set size */
pg_set_ether_type(pkts[i], ETHER_MIN_LEN - ETHER_HDR_LEN - 4);
}
/* send packet to the guest via one interface */
pg_brick_burst_to_east(vhost_0, 0, pkts,
pg_mask_firsts(NB_PKTS), &error);
g_assert(!error);
/* let the packet propagate and flow */
for (i = 0; i < 10; i++) {
uint16_t count = 0;
usleep(100000);
pg_brick_poll(vhost_1, &count, &error);
g_assert(!error);
if (count)
break;
}
result_pkts = pg_brick_east_burst_get(collect, &pkts_mask, &error);
g_assert(!error);
g_assert(result_pkts);
g_assert(pg_brick_rx_bytes(vhost_0) == 0);
g_assert(pg_brick_tx_bytes(vhost_0) != 0);
g_assert(pg_brick_rx_bytes(vhost_1) != 0);
g_assert(pg_brick_tx_bytes(vhost_1) == 0);
/* kill QEMU */
pg_util_stop_qemu(qemu_pid, qemu_exit_signal);
/* free result packets */
pg_packets_free(result_pkts, pkts_mask);
/* free sent packet */
for (i = 0; i < NB_PKTS; i++)
rte_pktmbuf_free(pkts[i]);
/* break the graph */
pg_brick_unlink(collect, &error);
g_assert(!error);
/* clean up */
/* pg_brick_decref(vhost_0, &error); */
pg_brick_destroy(vhost_0);
g_assert(!error);
pg_brick_destroy(vhost_1);
/* pg_brick_decref(vhost_1, &error); */
g_assert(!error);
pg_brick_decref(collect, &error);
g_assert(!error);
/* stop vhost */
pg_vhost_stop();
}
static void test_nic_simple_flow(void)
{
struct pg_brick *nic_west, *nic_ring;
int i = 0;
int nb_iteration = 32;
uint16_t nb_send_pkts;
uint16_t total_send_pkts = 0;
uint16_t total_get_pkts = 0;
struct pg_error *error = NULL;
struct pg_nic_stats info;
/* create a chain of a few nop brick with collectors on each sides */
/*
* [nic_west] ------- [nic_east]
*/
/* write rx pcap file (required bu pcap driver) */
const gchar pcap_in_file[] = {
212, 195, 178, 161, 2, 0, 4, 0, 0, 0, 0,
0, 0, 0, 0, 0, 255, 255, 0, 0, 1, 0, 0, 0};
g_assert(g_file_set_contents("in.pcap", pcap_in_file,
sizeof(pcap_in_file), NULL));
nic_west = pg_nic_new("nic", "eth_pcap0,rx_pcap=in.pcap,tx_pcap=out.pcap", &error);
CHECK_ERROR(error);
nic_ring = pg_nic_new_by_id("nic", 0, &error);
CHECK_ERROR(error);
pg_brick_link(nic_west, nic_ring, &error);
CHECK_ERROR(error);
for (i = 0; i < nb_iteration * 6; ++i) {
/* max pkts is the maximum nbr of packets
rte_eth_burst_wrap can send */
max_pkts = i * 2;
if (max_pkts > 64)
max_pkts = 64;
/*poll packets to east*/
pg_brick_poll(nic_west, &nb_send_pkts, &error);
CHECK_ERROR(error);
/* collect pkts on the east */
if (nb_send_pkts) {
total_send_pkts += max_pkts;
}
/* check no pkts end here */
CHECK_ERROR(error);
}
pg_nic_get_stats(nic_ring, &info);
g_assert(info.opackets == total_send_pkts);
max_pkts = 64;
for (i = 0; i < nb_iteration; ++i) {
/* poll packet to the west */
pg_brick_poll(nic_ring, &nb_send_pkts, &error);
CHECK_ERROR(error);
total_get_pkts += nb_send_pkts;
}
/* This assert allow us to check nb_send_pkts*/
g_assert(total_get_pkts == total_send_pkts);
g_assert(info.opackets == total_send_pkts);
/* use packets_count in collect_west here to made
* another check when merge*/
/* break the chain */
pg_brick_destroy(nic_west);
pg_brick_destroy(nic_ring);
/* remove pcap files */
g_assert(g_unlink("in.pcap") == 0);
g_assert(g_unlink("out.pcap") == 0);
}
static void test_queue_reset(void)
{
# define NB_PKTS 64
struct pg_error *error = NULL;
struct pg_brick *queue1, *queue2, *collect;
struct rte_mbuf **result_pkts;
struct rte_mbuf *pkts[NB_PKTS];
uint64_t pkts_mask, i, j;
uint16_t count = 0;
struct rte_mempool *mbuf_pool = pg_get_mempool();
/**
* Burst packets in queue1 and test reset of queue1
* [queue1] ~ [queue2]----[collect]
*/
queue1 = pg_queue_new("q1", 10, &error);
CHECK_ERROR(error);
queue2 = pg_queue_new("q2", 10, &error);
CHECK_ERROR(error);
collect = pg_collect_new("collect", 1, 1, &error);
CHECK_ERROR(error);
pg_brick_link(queue2, collect, &error);
CHECK_ERROR(error);
g_assert(!pg_queue_friend(queue1, queue2, &error));
CHECK_ERROR(error);
for (i = 0; i < NB_PKTS; i++) {
pkts[i] = rte_pktmbuf_alloc(mbuf_pool);
g_assert(pkts[i]);
pkts[i]->udata64 = i;
pg_set_mac_addrs(pkts[i],
"F0:F1:F2:F3:F4:F5",
"E0:E1:E2:E3:E4:E5");
}
for (j = 0; j < 100; j++) {
for (i = 0; i < NB_PKTS; i++)
pkts[i]->udata64 = i * j;
/* burst and reset */
pg_brick_burst_to_east(queue1, 0, pkts, pg_mask_firsts(NB_PKTS),
&error);
CHECK_ERROR(error);
g_assert(pg_queue_pressure(queue1) > 0);
g_assert(!pg_brick_reset(queue1, &error));
g_assert(pg_queue_get_friend(queue1) == NULL);
g_assert(pg_queue_get_friend(queue2) == NULL);
g_assert(pg_queue_pressure(queue1) == 0);
g_assert(pg_queue_pressure(queue2) == 0);
pg_brick_poll(queue2, &count, &error);
g_assert(!error);
g_assert(count == 0);
/* refriend and burst ok */
g_assert(!pg_queue_friend(queue1, queue2, &error));
g_assert(!error);
g_assert(pg_queue_are_friend(queue1, queue2));
g_assert(!error);
pg_brick_burst_to_east(queue1, 0, pkts, pg_mask_firsts(NB_PKTS),
&error);
CHECK_ERROR(error);
g_assert(pg_queue_pressure(queue1) > 0);
pg_brick_poll(queue2, &count, &error);
g_assert(count == NB_PKTS);
result_pkts = pg_brick_west_burst_get(collect, &pkts_mask,
&error);
CHECK_ERROR(error);
g_assert(pkts_mask == pg_mask_firsts(NB_PKTS));
for (i = 0; i < NB_PKTS; i++) {
g_assert(result_pkts[i]);
g_assert(result_pkts[i]->udata64 == i * j);
}
pg_brick_reset(collect, &error);
CHECK_ERROR(error);
}
/* clean */
for (i = 0; i < NB_PKTS; i++)
rte_pktmbuf_free(pkts[i]);
pg_brick_decref(queue1, &error);
CHECK_ERROR(error);
pg_brick_decref(queue2, &error);
CHECK_ERROR(error);
pg_brick_decref(collect, &error);
CHECK_ERROR(error);
# undef NB_PKTS
}
int main(int argc, char **argv)
{
struct pg_error *error = NULL;
struct pg_brick *fw;
struct pg_brick *nic_west, *nic_east;
uint16_t nb_send_pkts;
uint64_t total;
struct timeval start, end;
int i;
pg_start(argc, argv, &error);
CHECK_ERROR(error);
g_assert(rte_eth_dev_count() >= 2);
nic_west = pg_nic_new_by_id("port 0", 1, 1, WEST_SIDE, 0, &error);
CHECK_ERROR(error);
fw = pg_firewall_new("fw", 1, 1, PG_NO_CONN_WORKER, &error);
pg_firewall_thread_register(fw);
CHECK_ERROR(error);
nic_east = pg_nic_new_by_id("port 1", 1, 1, EAST_SIDE, 1, &error);
CHECK_ERROR(error);
pg_brick_link(nic_west, fw, &error);
CHECK_ERROR(error);
pg_brick_link(fw, nic_east, &error);
CHECK_ERROR(error);
g_assert(!pg_firewall_rule_add(fw, "tcp portrange 50-60", MAX_SIDE, 1,
&error));
CHECK_ERROR(error);
g_assert(!pg_firewall_rule_add(fw, "icmp", MAX_SIDE, 1, &error));
CHECK_ERROR(error);
g_assert(!pg_firewall_reload(fw, &error));
CHECK_ERROR(error);
for (;;) {
gettimeofday(&start, 0);
total = 0;
for (i = 0; i < LOOPS; i++) {
g_assert(pg_brick_poll(nic_west,
&nb_send_pkts,
&error));
usleep(1);
total += nb_send_pkts;
g_assert(pg_brick_poll(nic_east,
&nb_send_pkts,
&error));
total += nb_send_pkts;
usleep(1);
}
gettimeofday(&end, 0);
usleep(100);
printf("time in us: for %i loops: %lu\ntotal %"PRIu64"\n",
LOOPS,
(end.tv_sec * 1000000 + end.tv_usec) -
(start.tv_sec * 1000000 + start.tv_usec), total);
pg_firewall_gc(fw);
}
pg_stop();
return 0;
}
static void test_pg_antispoof_arp_disable(void)
{
# include "arp_request.c"
const unsigned char *pkts[] = {pkt1};
int pkts_size[] = {42};
uint16_t pkts_nb = 1;
struct ether_addr inside_mac;
uint32_t inside_ip;
struct pg_brick *gen_west;
struct pg_brick *antispoof;
struct pg_brick *col_east;
struct pg_error *error = NULL;
uint16_t packet_count;
uint16_t i;
struct rte_mbuf *packet;
uint64_t filtered_pkts_mask;
struct rte_mbuf **filtered_pkts;
pg_scan_ether_addr(&inside_mac, "00:e0:81:d5:02:91");
inside_ip = htobe32(IPv4(0, 0, 0, 42));
/* [generator>]--[antispoof]--[collector] */
gen_west = pg_packetsgen_new("gen_west", 1, 1, EAST_SIDE,
&packet, 1, &error);
g_assert(!error);
antispoof = pg_antispoof_new("antispoof", 1, 1, EAST_SIDE,
inside_mac, &error);
g_assert(!error);
col_east = pg_collect_new("col_east", 1, 1, &error);
g_assert(!error);
pg_brick_link(gen_west, antispoof, &error);
g_assert(!error);
pg_brick_link(antispoof, col_east, &error);
g_assert(!error);
/* enable ARP antispoof with a wrong IP */
pg_antispoof_arp_enable(antispoof, inside_ip);
/* replay traffic */
for (i = 0; i < pkts_nb; i++) {
packet = build_packet(pkts[i], pkts_size[i]);
pg_brick_poll(gen_west, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == 1);
filtered_pkts = pg_brick_west_burst_get(col_east,
&filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == 0);
pg_packets_free(filtered_pkts, filtered_pkts_mask);
rte_pktmbuf_free(packet);
}
/* disable ARP antispoof, should now pass */
pg_antispoof_arp_disable(antispoof);
/* replay traffic */
for (i = 0; i < pkts_nb; i++) {
packet = build_packet(pkts[i], pkts_size[i]);
pg_brick_poll(gen_west, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == 1);
filtered_pkts = pg_brick_west_burst_get(col_east,
&filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == 1);
pg_packets_free(filtered_pkts, filtered_pkts_mask);
rte_pktmbuf_free(packet);
}
pg_brick_destroy(gen_west);
pg_brick_destroy(antispoof);
pg_brick_destroy(col_east);
}
static void test_antispoof_generic(const unsigned char **pkts,
int *pkts_size,
uint16_t pkts_nb,
struct ether_addr inside_mac,
uint32_t inside_ip)
{
struct pg_brick *gen_west;
struct pg_brick *antispoof;
struct pg_brick *col_east;
struct pg_error *error = NULL;
uint16_t packet_count;
uint16_t i;
struct rte_mbuf *packet;
uint64_t filtered_pkts_mask;
struct rte_mbuf **filtered_pkts;
/* [generator>]--[antispoof]--[collector] */
gen_west = pg_packetsgen_new("gen_west", 1, 1, EAST_SIDE,
&packet, 1, &error);
g_assert(!error);
antispoof = pg_antispoof_new("antispoof", 1, 1, EAST_SIDE,
inside_mac, &error);
g_assert(!error);
col_east = pg_collect_new("col_east", 1, 1, &error);
g_assert(!error);
pg_brick_link(gen_west, antispoof, &error);
g_assert(!error);
pg_brick_link(antispoof, col_east, &error);
g_assert(!error);
/* enable ARP antispoof with the correct IP */
pg_antispoof_arp_enable(antispoof, inside_ip);
/* replay traffic */
for (i = 0; i < pkts_nb; i++) {
packet = build_packet(pkts[i], pkts_size[i]);
pg_brick_poll(gen_west, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == 1);
filtered_pkts = pg_brick_west_burst_get(col_east,
&filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == 1);
pg_packets_free(filtered_pkts, filtered_pkts_mask);
rte_pktmbuf_free(packet);
}
/* set another IP, should not pass */
inside_ip = htobe32(IPv4(42, 0, 42, 0));
pg_antispoof_arp_enable(antispoof, inside_ip);
/* replay traffic */
for (i = 0; i < pkts_nb; i++) {
packet = build_packet(pkts[i], pkts_size[i]);
pg_brick_poll(gen_west, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == 1);
filtered_pkts = pg_brick_west_burst_get(col_east,
&filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == 0);
pg_packets_free(filtered_pkts, filtered_pkts_mask);
rte_pktmbuf_free(packet);
}
pg_brick_destroy(gen_west);
pg_brick_destroy(antispoof);
pg_brick_destroy(col_east);
}
static int start_loop(int verbose, int nb_vhost)
{
struct pg_error *error = NULL;
struct pg_brick *nic_tmp, *switch_east, *print_tmp;
uint16_t port_count = rte_eth_dev_count();
GList *nic_manager = NULL;
GList *manager = NULL;
int ret = -1;
/*
* Here is an ascii graph of the links:
*
* [NIC-X] - [PRINT-X] --\
* \
* [NIC-X+1] - [PRINT-X+1] } -- [SWITCH]
* /
* [NIC-X+2] - [PRINT-X+2] /
* ....
*/
switch_east = pg_switch_new("switch", 20, 20, EAST_SIDE, &error);
CHECK_ERROR(error);
PG_BM_ADD(manager, switch_east);
if (nb_vhost) {
if (pg_vhost_start("/tmp", &error) < 0)
goto free_switch;
port_count = nb_vhost;
}
g_assert(port_count > 1);
for (int i = 0; i < port_count; ++i) {
char *tmp_name;
if (nb_vhost) {
tmp_name = g_strdup_printf("vhost-%d", i);
nic_tmp = pg_vhost_new(tmp_name, 1, 1,
WEST_SIDE, &error);
} else {
tmp_name = g_strdup_printf("nic-%d", i);
nic_tmp = pg_nic_new_by_id(tmp_name, i, &error);
}
g_free(tmp_name);
CHECK_ERROR(error);
tmp_name = g_strdup_printf("print-%d", i);
print_tmp = pg_print_new(tmp_name, 1, 1, NULL,
PG_PRINT_FLAG_MAX, NULL,
&error);
g_free(tmp_name);
CHECK_ERROR(error);
if (!verbose)
pg_brick_chained_links(&error, nic_tmp, switch_east);
else
pg_brick_chained_links(&error, nic_tmp,
print_tmp, switch_east);
CHECK_ERROR(error);
PG_BM_ADD(nic_manager, nic_tmp);
PG_BM_ADD(manager, print_tmp);
}
while (1) {
uint64_t tot_send_pkts = 0;
for (int i = 0; i < 100000; ++i) {
uint16_t nb_send_pkts;
PG_BM_GET_NEXT(nic_manager, nic_tmp);
pg_brick_poll(nic_tmp, &nb_send_pkts, &error);
tot_send_pkts += nb_send_pkts;
CHECK_ERROR(error);
usleep(1);
}
printf("poll pkts: %lu\n", tot_send_pkts);
}
ret = 0;
nic_manager = g_list_first(nic_manager);
PG_BM_DESTROY(nic_manager);
free_switch:
PG_BM_DESTROY(manager);
pg_vhost_stop();
return ret;
}
static void test_nic_simple_flow(void)
{
struct pg_brick *nic_west, *nic_ring;
int i = 0;
int nb_iteration = 32;
uint16_t nb_send_pkts;
uint16_t total_send_pkts = 0;
uint16_t total_get_pkts = 0;
struct pg_error *error = NULL;
struct pg_nic_stats info;
gchar *tmp;
/* create a chain of a few nop brick with collectors on each sides */
/*
* [nic_west] ------- [nic_east]
*/
tmp = g_strdup_printf("eth_pcap0,rx_pcap=%s,tx_pcap=out.pcap",
glob_pcap_in);
nic_west = pg_nic_new("nic", tmp, &error);
g_free(tmp);
CHECK_ERROR(error);
nic_ring = pg_nic_new_by_id("nic", 0, &error);
CHECK_ERROR(error);
pg_brick_link(nic_west, nic_ring, &error);
CHECK_ERROR(error);
for (i = 0; i < nb_iteration * 6; ++i) {
/* max pkts is the maximum nbr of packets
rte_eth_burst_wrap can send */
max_pkts = i * 2;
if (max_pkts > 64)
max_pkts = 64;
/*poll packets to east*/
pg_brick_poll(nic_west, &nb_send_pkts, &error);
CHECK_ERROR(error);
/* collect pkts on the east */
if (nb_send_pkts) {
total_send_pkts += max_pkts;
}
/* check no pkts end here */
CHECK_ERROR(error);
}
pg_nic_get_stats(nic_ring, &info);
g_assert(info.opackets == total_send_pkts);
max_pkts = 64;
for (i = 0; i < nb_iteration; ++i) {
/* poll packet to the west */
pg_brick_poll(nic_ring, &nb_send_pkts, &error);
CHECK_ERROR(error);
total_get_pkts += nb_send_pkts;
}
/* This assert allow us to check nb_send_pkts*/
g_assert(total_get_pkts == total_send_pkts);
g_assert(info.opackets == total_send_pkts);
/* use packets_count in collect_west here to made
* another check when merge*/
/* break the chain */
pg_brick_destroy(nic_west);
pg_brick_destroy(nic_ring);
}
static int start_loop(uint32_t vtep_ip, struct ether_addr *vtep_mac,
struct ether_addr *inner_mac,
GList *neighbor_macs)
{
struct pg_error *error = NULL;
struct pg_brick *nic_east, *nic_west, *vtep_east, *vtep_west;
struct pg_brick *print_east, *print_west, *print_middle;
/*
* Here is an ascii graph of the links:
* NIC = nic
* VT = vtep
*
* [NIC] - [PRINT] - [VT] -- [PRINT] -- [VT] -- [PRINT] -- [NIC]
*/
nic_east = pg_nic_new_by_id("nic-e", 1, 1, EAST_SIDE, 0, &error);
CHECK_ERROR(error);
nic_west = pg_nic_new_by_id("nic-w", 1, 1, WEST_SIDE, 1, &error);
CHECK_ERROR(error);
vtep_east = pg_vtep_new("vt-e", 1, 1, WEST_SIDE,
vtep_ip, *vtep_mac, 1, &error);
CHECK_ERROR(error);
inverse_mac(vtep_mac);
pg_print_mac(vtep_mac);
printf("\n");
vtep_west = pg_vtep_new("vt-w", 1, 1, EAST_SIDE,
~vtep_ip, *vtep_mac, 1, &error);
CHECK_ERROR(error);
print_west = pg_print_new("west", 1, 1, NULL, PG_PRINT_FLAG_MAX, NULL,
&error);
CHECK_ERROR(error);
print_east = pg_print_new("east", 1, 1, NULL, PG_PRINT_FLAG_MAX, NULL,
&error);
CHECK_ERROR(error);
print_middle = pg_print_new("middle", 1, 1, NULL, PG_PRINT_FLAG_MAX,
NULL, &error);
CHECK_ERROR(error);
/* If you want to print transmiting pkts uncomment this and coment
* the bellow pg_brick_chained_links
* Attention: this may slow down the transmition */
/* pg_brick_chained_links(&error, nic_west, print_west, */
/* vtep_west, print_middle, vtep_east, */
/* print_east, nic_east); */
pg_brick_chained_links(&error, nic_west, vtep_west, vtep_east, nic_east);
CHECK_ERROR(error);
pg_vtep_add_vni(vtep_west, nic_west, 0, inet_addr("225.0.0.43"), &error);
CHECK_ERROR(error);
pg_vtep_add_vni(vtep_east, nic_east, 0, inet_addr("225.0.0.43"), &error);
CHECK_ERROR(error);
while (!quit) {
uint16_t nb_send_pkts;
g_assert(pg_brick_poll(nic_west, &nb_send_pkts, &error));
usleep(1);
g_assert(pg_brick_poll(nic_east, &nb_send_pkts, &error));
usleep(1);
}
pg_brick_destroy(nic_west);
pg_brick_destroy(print_west);
pg_brick_destroy(vtep_west);
pg_brick_destroy(print_middle);
pg_brick_destroy(vtep_east);
pg_brick_destroy(print_east);
pg_brick_destroy(nic_east);
return 0;
}
static void firewall_replay(const unsigned char *pkts[],
int pkts_nb, int *pkts_size)
{
struct pg_brick *gen_west, *gen_east;
struct pg_brick *fw;
struct pg_brick *col_west, *col_east;
struct pg_error *error = NULL;
uint16_t i, packet_count;
struct rte_mbuf *packet;
struct ether_hdr *eth;
uint64_t filtered_pkts_mask;
struct rte_mbuf **filtered_pkts;
struct ether_addr tmp_addr;
int ret;
/* have some collectors and generators on each sides
* [collector]--[generator>]--[firewall]--[<generator]--[collector]
* 10.0.2.15 173.194.40.111
* 8:0:27:b6:5:16 52:54:0:12:35:2
*/
gen_west = pg_packetsgen_new("gen_west", 1, 1, EAST_SIDE, &packet, 1,
&error);
g_assert(!error);
gen_east = pg_packetsgen_new("gen_east", 1, 1, WEST_SIDE, &packet, 1,
&error);
g_assert(!error);
fw = pg_firewall_new("fw", 1, 1, PG_NONE, &error);
g_assert(!error);
col_west = pg_collect_new("col_west", 1, 1, &error);
g_assert(!error);
col_east = pg_collect_new("col_east", 1, 1, &error);
g_assert(!error);
pg_brick_link(col_west, gen_west, &error);
g_assert(!error);
pg_brick_link(gen_west, fw, &error);
g_assert(!error);
pg_brick_link(fw, gen_east, &error);
g_assert(!error);
pg_brick_link(gen_east, col_east, &error);
g_assert(!error);
/* open all traffic of 10.0.2.15 from the west side of the firewall
* returning traffic should be allowed due to STATEFUL option
*/
ret = pg_firewall_rule_add(fw, "src host 10.0.2.15", WEST_SIDE, 1, &error);
g_assert(!error);
g_assert(ret == 0);
ret = pg_firewall_reload(fw, &error);
g_assert(!error);
g_assert(ret < 0);
/* replay traffic */
for (i = 0; i < pkts_nb; i++) {
struct ip *ip;
packet = build_packet(pkts[i], pkts_size[i]);
eth = rte_pktmbuf_mtod(packet, struct ether_hdr*);
ip = (struct ip *)(eth + 1);
if (ip->ip_src.s_addr == inet_addr("10.0.2.15")) {
pg_brick_poll(gen_west, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == 1);
filtered_pkts = pg_brick_west_burst_get(col_east,
&filtered_pkts_mask, &error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == 1);
/* check eth source address */
eth = rte_pktmbuf_mtod(filtered_pkts[0],
struct ether_hdr*);
pg_scan_ether_addr(&tmp_addr, "08:00:27:b6:05:16");
g_assert(is_same_ether_addr(ð->s_addr, &tmp_addr));
/* check ip source address */
ip = (struct ip *)(eth + 1);
g_assert(ip->ip_src.s_addr == inet_addr("10.0.2.15"));
} else if (ip->ip_src.s_addr == inet_addr("173.194.40.111")) {
static void firewall_filter_rules(enum pg_side dir)
{
struct pg_brick *gen;
struct pg_brick *fw;
struct pg_brick *col;
struct pg_error *error = NULL;
uint16_t i;
int ret;
static uint16_t nb = 30;
struct rte_mbuf *packets[nb];
uint64_t filtered_pkts_mask;
struct rte_mbuf **filtered_pkts;
uint64_t bit;
uint16_t packet_count;
struct ip *ip;
struct ether_hdr *eth;
/* create and connect 3 bricks: generator -> firewall -> collector */
gen = pg_packetsgen_new("gen", 2, 2, pg_flip_side(dir), packets, nb, &error);
g_assert(!error);
fw = pg_firewall_new("fw", 2, 2, PG_NONE, &error);
g_assert(!error);
col = pg_collect_new("col", 2, 2, &error);
g_assert(!error);
/* revert link if needed */
if (dir == WEST_SIDE) {
pg_brick_link(gen, fw, &error);
g_assert(!error);
pg_brick_link(fw, col, &error);
g_assert(!error);
} else {
pg_brick_link(col, fw, &error);
g_assert(!error);
pg_brick_link(fw, gen, &error);
g_assert(!error);
}
/* build some UDP packets mixed sources */
for (i = 0; i < nb; i++)
switch (i % 3) {
case 0:
packets[i] = build_ip_packet("10.0.0.1",
"10.0.0.255", i);
break;
case 1:
packets[i] = build_ip_packet("10.0.0.2",
"10.0.0.255", i);
break;
case 2:
packets[i] = build_ip_packet("10.0.0.3",
"10.0.0.255", i);
break;
}
/* configure firewall to allow traffic from 10.0.0.1 */
ret = pg_firewall_rule_add(fw, "src host 10.0.0.1", dir, 0, &error);
g_assert(!error);
g_assert(ret == 0);
ret = pg_firewall_reload(fw, &error);
g_assert(ret < 0);
g_assert(!error);
/* let's burst ! */
pg_brick_poll(gen, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == nb);
/* check collect brick */
if (dir == WEST_SIDE)
filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask,
&error);
else
filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == nb / 3);
for (; filtered_pkts_mask;) {
pg_low_bit_iterate_full(filtered_pkts_mask, bit, i);
g_assert(i % 3 == 0);
eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*);
ip = (struct ip *)(eth + 1);
g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1"));
}
/* now allow packets from 10.0.0.2 */
ret = pg_firewall_rule_add(fw, "src host 10.0.0.2", dir, 0, &error);
g_assert(!error);
g_assert(ret == 0);
ret = pg_firewall_reload(fw, &error);
g_assert(ret < 0);
g_assert(!error);
/* let it goooo */
pg_brick_poll(gen, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == nb);
/* check collect brick */
if (dir == WEST_SIDE)
filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask,
&error);
else
filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == nb * 2 / 3);
for (; filtered_pkts_mask;) {
pg_low_bit_iterate_full(filtered_pkts_mask, bit, i);
g_assert(i % 3 == 0 || i % 3 == 1);
eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*);
ip = (struct ip *)(eth + 1);
g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1") ||
ip->ip_src.s_addr == inet_addr("10.0.0.2"));
}
/* test that flush really blocks */
pg_firewall_rule_flush(fw);
ret = pg_firewall_reload(fw, &error);
g_assert(!error);
g_assert(ret < 0);
/* let it goooo */
pg_brick_poll(gen, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == nb);
/* check collect brick */
if (dir == WEST_SIDE)
filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask,
&error);
else
filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == 0);
/* flush and only allow packets from 10.0.0.2 */
pg_firewall_rule_flush(fw);
ret = pg_firewall_rule_add(fw, "src host 10.0.0.2", dir, 0, &error);
g_assert(!error);
g_assert(ret == 0);
ret = pg_firewall_reload(fw, &error);
g_assert(ret < 0);
g_assert(!error);
/* let it goooo */
pg_brick_poll(gen, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == nb);
/* check collect brick */
if (dir == WEST_SIDE)
filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask,
&error);
else
filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == nb / 3);
for (; filtered_pkts_mask;) {
pg_low_bit_iterate_full(filtered_pkts_mask, bit, i);
g_assert(i % 3 == 1);
eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*);
ip = (struct ip *)(eth + 1);
g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.2"));
}
/* flush and make two rules in one */
pg_firewall_rule_flush(fw);
ret = pg_firewall_rule_add(fw, "src host (10.0.0.1 or 10.0.0.2)", dir, 0,
&error);
g_assert(!error);
g_assert(ret == 0);
ret = pg_firewall_reload(fw, &error);
g_assert(ret < 0);
g_assert(!error);
/* let it goooo */
pg_brick_poll(gen, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == nb);
/* check collect brick */
if (dir == WEST_SIDE)
filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask,
&error);
else
filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == nb * 2 / 3);
for (; filtered_pkts_mask;) {
pg_low_bit_iterate_full(filtered_pkts_mask, bit, i);
g_assert(i % 3 == 0 || i % 3 == 1);
eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*);
ip = (struct ip *)(eth + 1);
g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1") ||
ip->ip_src.s_addr == inet_addr("10.0.0.2"));
}
/* flush and revert rules, packets should not pass */
pg_firewall_rule_flush(fw);
ret = pg_firewall_rule_add(fw, "src host (10.0.0.1)", pg_flip_side(dir), 0,
&error);
g_assert(!error);
g_assert(ret == 0);
ret = pg_firewall_reload(fw, &error);
g_assert(ret < 0);
g_assert(!error);
/* let it goooo */
pg_brick_poll(gen, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == nb);
/* check collect brick */
if (dir == WEST_SIDE)
filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask,
&error);
else
filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == 0);
/* flush and allow packets from both sides */
pg_firewall_rule_flush(fw);
ret = pg_firewall_rule_add(fw, "src host (10.0.0.1)", MAX_SIDE, 0, &error);
g_assert(!error);
g_assert(ret == 0);
ret = pg_firewall_reload(fw, &error);
g_assert(ret < 0);
g_assert(!error);
/* let it goooo */
pg_brick_poll(gen, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == nb);
if (dir == WEST_SIDE)
filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask,
&error);
else
filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == nb / 3);
for (; filtered_pkts_mask;) {
pg_low_bit_iterate_full(filtered_pkts_mask, bit, i);
g_assert(i % 3 == 0);
eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*);
ip = (struct ip *)(eth + 1);
g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1"));
}
/* inverse generator and collector to test both sides */
pg_brick_unlink(fw, &error);
g_assert(!error);
if (dir == WEST_SIDE) {
pg_brick_link(col, fw, &error);
g_assert(!error);
pg_brick_link(fw, gen, &error);
g_assert(!error);
} else {
pg_brick_link(gen, fw, &error);
g_assert(!error);
pg_brick_link(fw, col, &error);
g_assert(!error);
}
/* let it goooo */
pg_brick_poll(gen, &packet_count, &error);
g_assert(!error);
g_assert(packet_count == nb);
if (dir == WEST_SIDE)
filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask,
&error);
else
filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask,
&error);
g_assert(!error);
g_assert(pg_mask_count(filtered_pkts_mask) == nb / 3);
for (; filtered_pkts_mask;) {
pg_low_bit_iterate_full(filtered_pkts_mask, bit, i);
g_assert(i % 3 == 0);
eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*);
ip = (struct ip *)(eth + 1);
g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1"));
}
/* clean */
for (i = 0; i < nb; i++)
rte_pktmbuf_free(packets[i]);
pg_brick_destroy(gen);
pg_brick_destroy(fw);
pg_brick_destroy(col);
}
int pg_bench_run(struct pg_bench *bench, struct pg_bench_stats *result,
struct pg_error **error)
{
uint64_t bit;
uint64_t it_mask;
uint64_t i;
uint16_t cnt;
uint64_t pkts_burst;
struct pg_brick_side *side = NULL;
struct pg_brick *count_brick;
struct pg_bench bl;
if (bench == NULL || result == NULL ||
bench->pkts == NULL || bench->pkts_nb == 0 ||
bench->max_burst_cnt == 0 || bench->pkts_mask == 0) {
*error = pg_error_new("missing or bad bench parameters");
return -1;
}
/* Link ouput brick to a nop brick to count outcoming packets. */
if (bench->count_brick == NULL) {
count_brick = pg_nop_new("nop-bench", error);
if (*error)
return -1;
if (bench->output_side == WEST_SIDE)
pg_brick_link(count_brick, bench->output_brick, error);
else
pg_brick_link(bench->output_brick, count_brick, error);
if (*error)
return -1;
} else {
count_brick = bench->count_brick;
}
/* Set all stats to zero. */
memset(result, 0, sizeof(struct pg_bench_stats));
/* Setup callback to get burst count. */
pkts_burst = 0;
switch (bench->input_brick->type) {
case PG_MONOPOLE:
side = bench->input_brick->sides;
break;
case PG_DIPOLE:
case PG_MULTIPOLE:
side = &(bench->input_brick->sides
[pg_flip_side(bench->input_side)]);
break;
default:
g_assert(0);
break;
}
side->burst_count_cb = pg_bench_burst_cb;
side->burst_count_private_data = (void *)(&pkts_burst);
/* Compute average size of packets. */
it_mask = bench->pkts_mask;
for (; it_mask;) {
pg_low_bit_iterate_full(it_mask, bit, i);
result->pkts_average_size += bench->pkts[i]->data_len;
}
result->pkts_average_size /= bench->pkts_nb;
/* Let's run ! */
memcpy(&bl, bench, sizeof(struct pg_bench));
gettimeofday(&result->date_start, NULL);
for (i = 0; i < bl.max_burst_cnt; i++) {
/* Burst packets. */
pg_brick_burst(bl.input_brick,
bl.input_side,
0,
bl.pkts,
bl.pkts_mask,
error);
sched_yield();
if (*error)
return -1;
/* Poll back packets if needed. */
if (bl.output_poll)
pg_brick_poll(bl.output_brick, &cnt, error);
if (bl.post_burst_op)
bl.post_burst_op(bench);
}
gettimeofday(&result->date_end, NULL);
memcpy(bench, &bl, sizeof(struct pg_bench));
result->pkts_sent = bench->max_burst_cnt * bench->pkts_nb;
result->burst_cnt = bench->max_burst_cnt;
result->pkts_burst = pkts_burst;
result->pkts_received = pg_brick_pkts_count_get(
count_brick,
bench->output_side);
if (bench->count_brick == NULL) {
pg_brick_unlink(count_brick, error);
if (*error)
return -1;
}
return 0;
}
