104. Allowlisting Tests¶
If using vfio the kernel must be >= 3.6+ and VT-d must be enabled in bios.When using vfio, use the following commands to load the vfio driver and bind it to the device under test:
modprobe vfio
modprobe vfio-pci
usertools/dpdk-devbind.py --bind=vfio-pci device_bus_id
104.1. Prerequisites¶
Assuming that at least a port is connected to a traffic generator,
launch the testpmd with the following arguments:
./<build_target>/app/dpdk-testpmd -c 0xc3 -n 3 -- -i \
--burst=1 --rxpt=0 --rxht=0 --rxwt=0 --txpt=36 --txht=0 --txwt=0 \
--txfreet=32 --rxfreet=64 --mbcache=250 --portmask=0x3
The -n command is used to select the number of memory channels. It should match the number of memory channels on that setup.
Set the verbose level to 1 to display information for each received packet:
testpmd> set verbose 1
Show port infos for port 0 and store the default MAC address and the maximum number of MAC addresses:
testpmd> show port info 0
********************* Infos for port 0 *********************
MAC address: 00:1B:21:4D:D2:24
Link status: up
Link speed: 10000 Mbps
Link duplex: full-duplex
Promiscuous mode: enabled
Allmulticast mode: disabled
Maximum number of MAC addresses: 127
104.2. Test Case: add/remove mac addresses¶
Initialize first port without promiscuous mode:
testpmd> set promisc 0 off
Read the stats for port 0 before sending the packet:
testpmd> show port stats 8
######################## NIC statistics for port 8 ########################
RX-packets: 0 RX-errors: 0 RX-bytes: 64
TX-packets: 0 TX-errors: 0 TX-bytes: 0
############################################################################
Send a packet with default destination MAC address for port 0:
testpmd> show port stats 0
######################## NIC statistics for port 8 ########################
RX-packets: 1 RX-errors: 0 RX-bytes: 128
TX-packets: 0 TX-errors: 0 TX-bytes: 0
############################################################################
Verify that the packet was received (RX-packets incremented).
Send a packet with destination MAC address different than the port 0 address, let’s call it A.:
testpmd> show port stats 0
######################## NIC statistics for port 8 ########################
RX-packets: 1 RX-errors: 0 RX-bytes: 128
TX-packets: 0 TX-errors: 0 TX-bytes: 0
############################################################################
Verify that the packet was not received (RX-packets not incremented).
Add the MAC address A to the port 0:
testpmd> mac_addr add 0 <A>
testpmd> show port stats 0
######################## NIC statistics for port 8 ########################
RX-packets: 2 RX-errors: 0 RX-bytes: 192
TX-packets: 0 TX-errors: 0 TX-bytes: 0
############################################################################
Verify that the packet was received (RX-packets incremented).
Remove the MAC address A to the port 0:
testpmd> mac_addr remove 0 <A>
testpmd> show port stats 0
######################## NIC statistics for port 8 ########################
RX-packets: 2 RX-errors: 0 RX-bytes: 192
TX-packets: 0 TX-errors: 0 TX-bytes: 0
############################################################################
Verify that the packet was not received (RX-packets not incremented).
104.3. Test Case: invalid addresses test¶
Add a MAC address of all zeroes to the port 0:
testpmd> mac_addr add 0 00:00:00:00:00:00
Verify that the response is “Invalid argument” (-EINVAL)
Remove the default MAC address:
testpmd> mac_addr remove 0 <default MAC address>
Verify that the response is “Address already in use” (-EADDRINUSE)
Add two times the same address:
testpmd> mac_addr add 0 <A>
testpmd> mac_addr add 0 <A>
Verify that there is no error
Add as many different addresses as maximum MAC addresses (n):
testpmd> mac_addr add 0 <A>
... n-times
testpmd> mac_addr add 0 <A+n>
Add one more different address:
testpmd> mac_addr add 0 <A+n+1>
Verify that the response is “No space left on device” (-ENOSPC)
104.4. Test Case: Multicast Filter¶
Initialize first port without promiscuous mode:
testpmd> set promisc 0 off
Add the multicast MAC address to the multicast filter:
testpmd> mcast_addr add 0 01:00:5E:00:00:00
Send a packet with multicast destination MAC address to port 0:
port 0/queue 0: received 1 packets
src=52:00:00:00:00:00 - dst=01:00:5E:00:00:00 - type=0x0800 - length=60 - nb_segs=1 - hw ptype: L2_ETHER L3_IPV4_EXT_UNKNOWN L4_UDP - sw ptype: L2_ETHER L3_IPV4 L4_UDP - l2_len=14 - l3_len=20 - l4_len=8 - Receive queue=0x0
ol_flags: PKT_RX_L4_CKSUM_GOOD PKT_RX_IP_CKSUM_GOOD PKT_RX_OUTER_L4_CKSUM_UNKNOWN
Enable vlan filter and add vlan id:
testpmd> vlan set filter on 0
testpmd> rx_vlan add 4012 0
Send a packet with multicast destination MAC address and vlan tag to port 0:
sendp([Ether(dst='01:00:5E:00:00:00', src='00:00:20:00:00:00')/Dot1Q(vlan=2960, prio=0)/IP()/UDP()/Raw(load=b'XXXXXXXXXXXXXX')],iface="ens256f0",count=1,inter=0,verbose=False)
Check can receive the packet:
port 0/queue 0: received 1 packets
src=00:00:20:00:00:00 - dst=01:00:5E:00:00:00 - pool=mb_pool_0 - type=0x8100 - length=60 - nb_segs=1 - VLAN tci=0x0 - hw ptype: L2_ETHER L3_IPV4 L4_UDP - sw ptype: L2_ETHER_VLAN L3_IPV4 L4_UDP - l2_len=18 - l3_len=20 - l4_len=8 - Receive queue=0x0
ol_flags: RTE_MBUF_F_RX_VLAN RTE_MBUF_F_RX_L4_CKSUM_GOOD RTE_MBUF_F_RX_IP_CKSUM_GOOD RTE_MBUF_F_RX_OUTER_L4_CKSUM_UNKNOWN
Send a packet with multicast destination MAC address and wrong vlan tag to port 0:
sendp([Ether(dst='01:00:5E:00:00:00', src='00:00:20:00:00:00')/Dot1Q(vlan=2959, prio=0)/IP()/UDP()/Raw(load=b'XXXXXXXXXXXXXX')],iface="ens256f0",count=4,inter=0,verbose=False)
Check can’t receive the packet.
Disable vlan filter and remove vlan id:
testpmd> rx_vlan remove 4012 0
testpmd> vlan set filter off 0
Send a packet with multicast destination MAC address to port 0:
port 0/queue 0: received 1 packets
src=52:00:00:00:00:00 - dst=01:00:5E:00:00:00 - type=0x0800 - length=60 - nb_segs=1 - hw ptype: L2_ETHER L3_IPV4_EXT_UNKNOWN L4_UDP - sw ptype: L2_ETHER L3_IPV4 L4_UDP - l2_len=14 - l3_len=20 - l4_len=8 - Receive queue=0x0
ol_flags: PKT_RX_L4_CKSUM_GOOD PKT_RX_IP_CKSUM_GOOD PKT_RX_OUTER_L4_CKSUM_UNKNOWN
Remove the multicast MAC address from the multicast filter:
testpmd> mcast_addr remove 0 01:00:5E:00:00:00
Send a packet with multicast destination MAC address to port 0
Verify that the packet was not received (Check for “received” in the output). There will be no output if the nic responds properly.