/* this test harness a Linux guest to check that packet are send and received * by the vhost brick. An ethernet bridge inside the guest will forward packets * between the two vhost-user virtio interfaces. */ static void test_vhost_flow_(int qemu_exit_signal) { const char mac_addr_0[18] = "52:54:00:12:34:11"; const char mac_addr_1[18] = "52:54:00:12:34:12"; struct rte_mempool *mbuf_pool = pg_get_mempool(); struct pg_brick *vhost_0, *vhost_1, *collect; struct rte_mbuf *pkts[PG_MAX_PKTS_BURST]; const char *socket_path_0, *socket_path_1; struct pg_error *error = NULL; struct rte_mbuf **result_pkts; int ret, qemu_pid, i; uint64_t pkts_mask; /* start vhost */ ret = pg_vhost_start("/tmp", &error); g_assert(ret == 0); g_assert(!error); /* instanciate brick */ vhost_0 = pg_vhost_new("vhost-0", &error); g_assert(!error); g_assert(vhost_0); vhost_1 = pg_vhost_new("vhost-1", &error); g_assert(!error); g_assert(vhost_1); collect = pg_collect_new("collect", &error); g_assert(!error); g_assert(collect); /* build the graph */ pg_brick_link(collect, vhost_1, &error); g_assert(!error); /* spawn first QEMU */ socket_path_0 = pg_vhost_socket_path(vhost_0, &error); g_assert(!error); g_assert(socket_path_0); socket_path_1 = pg_vhost_socket_path(vhost_1, &error); g_assert(!error); g_assert(socket_path_1); qemu_pid = pg_util_spawn_qemu(socket_path_0, socket_path_1, mac_addr_0, mac_addr_1, glob_vm_path, glob_vm_key_path, glob_hugepages_path, &error); g_assert(!error); g_assert(qemu_pid); /* Prepare VM's bridge. */ # define SSH(c) \ g_assert(pg_util_ssh("localhost", ssh_port_id, glob_vm_key_path, c) == 0) SSH("brctl addbr br0"); SSH("ifconfig br0 up"); SSH("ifconfig ens4 up"); SSH("ifconfig ens5 up"); SSH("brctl addif br0 ens4"); SSH("brctl addif br0 ens5"); SSH("brctl setfd br0 0"); SSH("brctl stp br0 off"); # undef SSH ssh_port_id++; /* prepare packet to send */ for (i = 0; i < NB_PKTS; i++) { pkts[i] = rte_pktmbuf_alloc(mbuf_pool); g_assert(pkts[i]); rte_pktmbuf_append(pkts[i], ETHER_MIN_LEN); /* set random dst/src mac address so the linux guest bridge * will not filter them */ pg_set_mac_addrs(pkts[i], "52:54:00:12:34:15", "52:54:00:12:34:16"); /* set size */ pg_set_ether_type(pkts[i], ETHER_MIN_LEN - ETHER_HDR_LEN - 4); } /* send packet to the guest via one interface */ pg_brick_burst_to_east(vhost_0, 0, pkts, pg_mask_firsts(NB_PKTS), &error); g_assert(!error); /* let the packet propagate and flow */ for (i = 0; i < 10; i++) { uint16_t count = 0; usleep(100000); pg_brick_poll(vhost_1, &count, &error); g_assert(!error); if (count) break; } result_pkts = pg_brick_east_burst_get(collect, &pkts_mask, &error); g_assert(!error); g_assert(result_pkts); g_assert(pg_brick_rx_bytes(vhost_0) == 0); g_assert(pg_brick_tx_bytes(vhost_0) != 0); g_assert(pg_brick_rx_bytes(vhost_1) != 0); g_assert(pg_brick_tx_bytes(vhost_1) == 0); /* kill QEMU */ pg_util_stop_qemu(qemu_pid, qemu_exit_signal); /* free result packets */ pg_packets_free(result_pkts, pkts_mask); /* free sent packet */ for (i = 0; i < NB_PKTS; i++) rte_pktmbuf_free(pkts[i]); /* break the graph */ pg_brick_unlink(collect, &error); g_assert(!error); /* clean up */ /* pg_brick_decref(vhost_0, &error); */ pg_brick_destroy(vhost_0); g_assert(!error); pg_brick_destroy(vhost_1); /* pg_brick_decref(vhost_1, &error); */ g_assert(!error); pg_brick_decref(collect, &error); g_assert(!error); /* stop vhost */ pg_vhost_stop(); }
static void test_brick_flow_west(void) { struct pg_brick_config *config = pg_brick_config_new("mybrick", 4, 4); struct pg_brick *brick1, *brick2, *collect_west, *collect_east; struct rte_mbuf mbufs[NB_PKTS]; struct rte_mbuf **result_pkts; struct rte_mbuf *pkts[NB_PKTS]; uint16_t i; uint64_t pkts_mask; struct pg_error *error = NULL; /* prepare the packets to send */ for (i = 0; i < NB_PKTS; i++) { mbufs[i].udata64 = i; pkts[i] = &mbufs[i]; } /* create a chain of a few nop brick with collectors on each sides */ brick1 = pg_brick_new("nop", config, &error); g_assert(!error); brick2 = pg_brick_new("nop", config, &error); g_assert(!error); collect_west = pg_brick_new("collect", config, &error); g_assert(!error); g_assert(collect_west); collect_east = pg_brick_new("collect", config, &error); g_assert(!error); g_assert(collect_east); pg_brick_link(collect_west, brick1, &error); g_assert(!error); pg_brick_link(brick1, brick2, &error); g_assert(!error); pg_brick_link(brick2, collect_east, &error); g_assert(!error); /* send a pkts to the west from the eastest nope brick */ pg_brick_burst_to_west(brick2, 0, pkts, NB_PKTS, pg_mask_firsts(NB_PKTS), &error); g_assert(!error); /* check pkts counter */ g_assert(pg_brick_pkts_count_get(collect_east, WEST_SIDE) == 0); g_assert(pg_brick_pkts_count_get(collect_east, EAST_SIDE) == 0); g_assert(pg_brick_pkts_count_get(collect_west, WEST_SIDE) == 3); g_assert(pg_brick_pkts_count_get(collect_west, EAST_SIDE) == 0); g_assert(pg_brick_pkts_count_get(brick1, WEST_SIDE) == 3); g_assert(pg_brick_pkts_count_get(brick1, EAST_SIDE) == 0); g_assert(pg_brick_pkts_count_get(brick2, WEST_SIDE) == 3); g_assert(pg_brick_pkts_count_get(brick2, EAST_SIDE) == 0); /* check no packet ended on the east */ result_pkts = pg_brick_west_burst_get(collect_east, &pkts_mask, &error); g_assert(!error); g_assert(!pkts_mask); g_assert(!result_pkts); result_pkts = pg_brick_east_burst_get(collect_east, &pkts_mask, &error); g_assert(!error); g_assert(!pkts_mask); g_assert(!result_pkts); /* collect pkts on the west */ result_pkts = pg_brick_west_burst_get(collect_west, &pkts_mask, &error); g_assert(!error); g_assert(!pkts_mask); g_assert(!result_pkts); result_pkts = pg_brick_east_burst_get(collect_west, &pkts_mask, &error); g_assert(!error); g_assert(pkts_mask == pg_mask_firsts(NB_PKTS)); g_assert(result_pkts); for (i = 0; i < NB_PKTS; i++) g_assert(result_pkts[i]->udata64 == i); /* break the chain */ pg_brick_unlink(brick1, &error); g_assert(!error); pg_brick_unlink(brick2, &error); g_assert(!error); pg_brick_unlink(collect_west, &error); g_assert(!error); pg_brick_unlink(collect_east, &error); g_assert(!error); /* destroy */ pg_brick_decref(brick1, &error); g_assert(!error); pg_brick_decref(brick2, &error); g_assert(!error); pg_brick_decref(collect_west, &error); g_assert(!error); pg_brick_decref(collect_east, &error); g_assert(!error); pg_brick_config_free(config); }
static void firewall_filter_rules(enum pg_side dir) { struct pg_brick *gen; struct pg_brick *fw; struct pg_brick *col; struct pg_error *error = NULL; uint16_t i; int ret; static uint16_t nb = 30; struct rte_mbuf *packets[nb]; uint64_t filtered_pkts_mask; struct rte_mbuf **filtered_pkts; uint64_t bit; uint16_t packet_count; struct ip *ip; struct ether_hdr *eth; /* create and connect 3 bricks: generator -> firewall -> collector */ gen = pg_packetsgen_new("gen", 2, 2, pg_flip_side(dir), packets, nb, &error); g_assert(!error); fw = pg_firewall_new("fw", 2, 2, PG_NONE, &error); g_assert(!error); col = pg_collect_new("col", 2, 2, &error); g_assert(!error); /* revert link if needed */ if (dir == WEST_SIDE) { pg_brick_link(gen, fw, &error); g_assert(!error); pg_brick_link(fw, col, &error); g_assert(!error); } else { pg_brick_link(col, fw, &error); g_assert(!error); pg_brick_link(fw, gen, &error); g_assert(!error); } /* build some UDP packets mixed sources */ for (i = 0; i < nb; i++) switch (i % 3) { case 0: packets[i] = build_ip_packet("10.0.0.1", "10.0.0.255", i); break; case 1: packets[i] = build_ip_packet("10.0.0.2", "10.0.0.255", i); break; case 2: packets[i] = build_ip_packet("10.0.0.3", "10.0.0.255", i); break; } /* configure firewall to allow traffic from 10.0.0.1 */ ret = pg_firewall_rule_add(fw, "src host 10.0.0.1", dir, 0, &error); g_assert(!error); g_assert(ret == 0); ret = pg_firewall_reload(fw, &error); g_assert(ret < 0); g_assert(!error); /* let's burst ! */ pg_brick_poll(gen, &packet_count, &error); g_assert(!error); g_assert(packet_count == nb); /* check collect brick */ if (dir == WEST_SIDE) filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask, &error); else filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == nb / 3); for (; filtered_pkts_mask;) { pg_low_bit_iterate_full(filtered_pkts_mask, bit, i); g_assert(i % 3 == 0); eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*); ip = (struct ip *)(eth + 1); g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1")); } /* now allow packets from 10.0.0.2 */ ret = pg_firewall_rule_add(fw, "src host 10.0.0.2", dir, 0, &error); g_assert(!error); g_assert(ret == 0); ret = pg_firewall_reload(fw, &error); g_assert(ret < 0); g_assert(!error); /* let it goooo */ pg_brick_poll(gen, &packet_count, &error); g_assert(!error); g_assert(packet_count == nb); /* check collect brick */ if (dir == WEST_SIDE) filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask, &error); else filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == nb * 2 / 3); for (; filtered_pkts_mask;) { pg_low_bit_iterate_full(filtered_pkts_mask, bit, i); g_assert(i % 3 == 0 || i % 3 == 1); eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*); ip = (struct ip *)(eth + 1); g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1") || ip->ip_src.s_addr == inet_addr("10.0.0.2")); } /* test that flush really blocks */ pg_firewall_rule_flush(fw); ret = pg_firewall_reload(fw, &error); g_assert(!error); g_assert(ret < 0); /* let it goooo */ pg_brick_poll(gen, &packet_count, &error); g_assert(!error); g_assert(packet_count == nb); /* check collect brick */ if (dir == WEST_SIDE) filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask, &error); else filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == 0); /* flush and only allow packets from 10.0.0.2 */ pg_firewall_rule_flush(fw); ret = pg_firewall_rule_add(fw, "src host 10.0.0.2", dir, 0, &error); g_assert(!error); g_assert(ret == 0); ret = pg_firewall_reload(fw, &error); g_assert(ret < 0); g_assert(!error); /* let it goooo */ pg_brick_poll(gen, &packet_count, &error); g_assert(!error); g_assert(packet_count == nb); /* check collect brick */ if (dir == WEST_SIDE) filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask, &error); else filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == nb / 3); for (; filtered_pkts_mask;) { pg_low_bit_iterate_full(filtered_pkts_mask, bit, i); g_assert(i % 3 == 1); eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*); ip = (struct ip *)(eth + 1); g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.2")); } /* flush and make two rules in one */ pg_firewall_rule_flush(fw); ret = pg_firewall_rule_add(fw, "src host (10.0.0.1 or 10.0.0.2)", dir, 0, &error); g_assert(!error); g_assert(ret == 0); ret = pg_firewall_reload(fw, &error); g_assert(ret < 0); g_assert(!error); /* let it goooo */ pg_brick_poll(gen, &packet_count, &error); g_assert(!error); g_assert(packet_count == nb); /* check collect brick */ if (dir == WEST_SIDE) filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask, &error); else filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == nb * 2 / 3); for (; filtered_pkts_mask;) { pg_low_bit_iterate_full(filtered_pkts_mask, bit, i); g_assert(i % 3 == 0 || i % 3 == 1); eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*); ip = (struct ip *)(eth + 1); g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1") || ip->ip_src.s_addr == inet_addr("10.0.0.2")); } /* flush and revert rules, packets should not pass */ pg_firewall_rule_flush(fw); ret = pg_firewall_rule_add(fw, "src host (10.0.0.1)", pg_flip_side(dir), 0, &error); g_assert(!error); g_assert(ret == 0); ret = pg_firewall_reload(fw, &error); g_assert(ret < 0); g_assert(!error); /* let it goooo */ pg_brick_poll(gen, &packet_count, &error); g_assert(!error); g_assert(packet_count == nb); /* check collect brick */ if (dir == WEST_SIDE) filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask, &error); else filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == 0); /* flush and allow packets from both sides */ pg_firewall_rule_flush(fw); ret = pg_firewall_rule_add(fw, "src host (10.0.0.1)", MAX_SIDE, 0, &error); g_assert(!error); g_assert(ret == 0); ret = pg_firewall_reload(fw, &error); g_assert(ret < 0); g_assert(!error); /* let it goooo */ pg_brick_poll(gen, &packet_count, &error); g_assert(!error); g_assert(packet_count == nb); if (dir == WEST_SIDE) filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask, &error); else filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == nb / 3); for (; filtered_pkts_mask;) { pg_low_bit_iterate_full(filtered_pkts_mask, bit, i); g_assert(i % 3 == 0); eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*); ip = (struct ip *)(eth + 1); g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1")); } /* inverse generator and collector to test both sides */ pg_brick_unlink(fw, &error); g_assert(!error); if (dir == WEST_SIDE) { pg_brick_link(col, fw, &error); g_assert(!error); pg_brick_link(fw, gen, &error); g_assert(!error); } else { pg_brick_link(gen, fw, &error); g_assert(!error); pg_brick_link(fw, col, &error); g_assert(!error); } /* let it goooo */ pg_brick_poll(gen, &packet_count, &error); g_assert(!error); g_assert(packet_count == nb); if (dir == WEST_SIDE) filtered_pkts = pg_brick_west_burst_get(col, &filtered_pkts_mask, &error); else filtered_pkts = pg_brick_east_burst_get(col, &filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == nb / 3); for (; filtered_pkts_mask;) { pg_low_bit_iterate_full(filtered_pkts_mask, bit, i); g_assert(i % 3 == 0); eth = rte_pktmbuf_mtod(filtered_pkts[i], struct ether_hdr*); ip = (struct ip *)(eth + 1); g_assert(ip->ip_src.s_addr == inet_addr("10.0.0.1")); } /* clean */ for (i = 0; i < nb; i++) rte_pktmbuf_free(packets[i]); pg_brick_destroy(gen); pg_brick_destroy(fw); pg_brick_destroy(col); }
static void test_icmp_pmtud(void) { struct pg_error *error = NULL; struct pg_brick *pmtud; struct pg_brick *col_east; struct pg_brick *col_west; /* struct pg_brick *print_east; */ /* struct pg_brick *print_west; */ /* FILE *east_file = fopen("east_file.pcap", "w+"); */ /* FILE *west_file = fopen("west_file.pcap", "w+"); */ struct rte_mbuf **pkts; struct rte_mbuf *tmp; uint64_t pkts_mask; struct ether_addr eth_s = {{2}}; struct ether_addr eth_d = {{4}}; pkts = pg_packets_append_ether(pg_packets_create(pg_mask_firsts(64)), pg_mask_firsts(64), ð_s, ð_d, ETHER_TYPE_IPv4); pg_packets_append_ipv4(pkts, pg_mask_firsts(64), 1, 2, 0, 0); /* 10 caracter with the \0*/ pg_packets_append_str(pkts, pg_mask_firsts(64), "siegzeon "); pg_packets_append_blank(pkts, pg_mask_firsts(32), 421 - sizeof(struct ipv4_hdr) - sizeof(struct ether_hdr)); pg_packets_append_blank(pkts, pg_mask_firsts(64) & ~pg_mask_firsts(32), 420 - sizeof(struct ipv4_hdr) - sizeof(struct ether_hdr)); /* * [col_west] -- [print_west] -- [pmtud] -- [print_east] -- [col_east] */ pmtud = pg_pmtud_new("pmtud", PG_WEST_SIDE, 430, &error); g_assert(!error); col_east = pg_collect_new("col_east", &error); g_assert(col_east); g_assert(!error); col_west = pg_collect_new("col_west", &error); g_assert(!error); g_assert(col_west); /* print_east = pg_print_new("print_east", 1, 1, east_file, */ /* PG_PRINT_FLAG_PCAP, NULL, &error); */ /* g_assert(col_east); */ /* g_assert(!error); */ /* print_west = pg_print_new("print_west", 1, 1, west_file, */ /* PG_PRINT_FLAG_PCAP, NULL, &error); */ /* g_assert(!error); */ /* g_assert(col_west); */ /* pg_brick_chained_links(&error, col_west, print_west, pmtud, */ /* print_east, col_east); */ /* g_assert(!error); */ pg_brick_chained_links(&error, col_west, pmtud, col_east); g_assert(!error); pg_brick_burst_to_east(pmtud, 0, pkts, pg_mask_firsts(64), &error); g_assert(!error); pg_brick_west_burst_get(col_east, &pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(pkts_mask) == 32); g_assert(pg_brick_pkts_count_get(pmtud, PG_EAST_SIDE) == 64); g_assert(pg_brick_pkts_count_get(col_east, PG_EAST_SIDE) == 32); g_assert(pg_brick_pkts_count_get(col_west, PG_WEST_SIDE) == 32); tmp = pg_brick_east_burst_get(col_west, &pkts_mask, &error)[0]; g_assert(pkts_mask == 1); g_assert(tmp); pg_brick_destroy(col_west); pg_brick_destroy(pmtud); pg_brick_destroy(col_east); pg_packets_free(pkts, pg_mask_firsts(64)); /* fclose(east_file); */ /* fclose(west_file); */ g_free(pkts); return; }
&filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == 1); /* check eth source address */ eth = rte_pktmbuf_mtod(filtered_pkts[0], struct ether_hdr*); pg_scan_ether_addr(&tmp_addr, "08:00:27:b6:05:16"); g_assert(is_same_ether_addr(ð->s_addr, &tmp_addr)); /* check ip source address */ ip = (struct ip *)(eth + 1); g_assert(ip->ip_src.s_addr == inet_addr("10.0.2.15")); } else if (ip->ip_src.s_addr == inet_addr("173.194.40.111")) { pg_brick_poll(gen_east, &packet_count, &error); g_assert(!error); g_assert(packet_count == 1); filtered_pkts = pg_brick_east_burst_get(col_west, &filtered_pkts_mask, &error); g_assert(!error); g_assert(pg_mask_count(filtered_pkts_mask) == 1); /* check eth source address */ eth = rte_pktmbuf_mtod(filtered_pkts[0], struct ether_hdr*); pg_scan_ether_addr(&tmp_addr, "52:54:00:12:35:02"); g_assert(is_same_ether_addr(ð->s_addr, &tmp_addr)); /* check ip source address */ ip = (struct ip *)(eth + 1); g_assert(ip->ip_src.s_addr == inet_addr("173.194.40.111")); } else g_assert(0); rte_pktmbuf_free(packet);