216. Malicious Driver Detection (MDD) Tests¶
Malicious Driver Detection (MDD) support X550T and i350 nic, dpdk2.3+ only support X550T NIC. ixgbe supports disable MDD from version 4.2.3 so this test must run dpdk2.3+ and used ixgbe 4.2.3+ in host.
Notice: use command insmod ixgbe.ko MDD=0,0 to disable MDD. Each “0” in the
command refers to a port. For example, if there are 6 ixgbe ports, the command
should be changed to insmod ixgbe.ko MDD=0,0,0,0,0,0
216.1. Test Case 1: enable_mdd_dpdk_disable¶
enable the MDD:
rmmod ixgbe modprobe ixgbe MDD=1,1 ifconfig ens865f1 up ifconfig ens865f0 up
pf_port0 virtualizes a vf0 and pf_port1 virtualizes a vf1:
echo 1 > /sys/bus/pci/devices/0000\:03\:00.0/sriov_numvfs echo 1 > /sys/bus/pci/devices/0000\:03\:00.1/sriov_numvfs
passthrough vf0 and vf1 to vm0 and start vm0:
taskset -c 4,5,6,7 qemu-system-x86_64 -name vm0 -enable-kvm -pidfile /tmp/.vm0.pid \ -daemonize -monitor unix:/tmp/vm0_monitor.sock,server,nowait -device e1000,netdev=nttsip1 \ -netdev user,id=nttsip1,hostfwd=tcp:127.0.0.1:6001-:22 -device vfio-pci,host=0000:03:10.0,id=pt_0 \ -device vfio-pci,host=0000:03:10.1,id=pt_1 -cpu host -smp 4 -m 10240 \ -chardev socket,path=/tmp/vm0_qga0.sock,server,nowait,id=vm0_qga0 -device virtio-serial \ -device virtserialport,chardev=vm0_qga0,name=org.qemu.guest_agent.0 -vnc :1 \ -drive file=/home/image/ubuntu16-0.img,format=qcow2,if=virtio,index=0,media=disk
login vm0, got VFs pci device id in vm0, assume they are 00:06.0 & 00:07.0, bind them to igb_uio driver:
modprobe uio insmod igb_uio.ko ./tools/dpdk_nic_bind.py --bind=igb_uio 00:06.0 00:07.0
Turn on testpmd and set mac forwarding mode:
./<build_target>/app/dpdk-testpmd -c 0x0f -n 4 -- -i --portmask=0x3 --tx-offloads=0x1 testpmd> set fwd mac testpmd> start
get mac address of VF0 and use it as dest mac, using scapy to send 2000 packets from tester:
sendp(Ether(src='tester_mac', dst='vm_port0_mac')/IP()/UDP()/Raw(load='XXXXXXXXXXXXXXXXXX'), iface="tester_nic")
verify the packets can’t be received by VF1,As follows:
######################## NIC statistics for port 0 ######################## RX-packets: 2000 RX-missed: 0 RX-bytes: 120000 RX-errors: 0 RX-nombuf: 0 TX-packets: 0 TX-errors: 0 TX-bytes: 0 Throughput (since last show) Rx-pps: 634 Tx-pps: 0 ############################################################################ ######################## NIC statistics for port 1 ######################## RX-packets: 0 RX-missed: 0 RX-bytes: 0 RX-errors: 0 RX-nombuf: 0 TX-packets: 0 TX-errors: 0 TX-bytes: 0 Throughput (since last show) Rx-pps: 0 Tx-pps: 0 ############################################################################
You can see “ixgbe 0000:03:00.0: Malicious event on VF 0 tx:100000 rx:0” by using the “dmesg -c” command on the host:
dmesg -c | grep 'event'
216.2. Test Case 2: enable_mdd_dpdk_enable¶
enable the MDD:
rmmod ixgbe modprobe ixgbe MDD=1,1 ifconfig ens865f1 up ifconfig ens865f0 up
pf_port0 virtualizes a vf0 and pf_port1 virtualizes a vf1:
echo 1 > /sys/bus/pci/devices/0000\:03\:00.0/sriov_numvfs echo 1 > /sys/bus/pci/devices/0000\:03\:00.1/sriov_numvfs
passthrough vf0 and vf1 to vm0 and start vm0:
taskset -c 4,5,6,7 qemu-system-x86_64 -name vm0 -enable-kvm -pidfile /tmp/.vm0.pid \ -daemonize -monitor unix:/tmp/vm0_monitor.sock,server,nowait -device e1000,netdev=nttsip1 \ -netdev user,id=nttsip1,hostfwd=tcp:127.0.0.1:6001-:22 -device vfio-pci,host=0000:03:10.0,id=pt_0 \ -device vfio-pci,host=0000:03:10.1,id=pt_1 -cpu host -smp 4 -m 10240 \ -chardev socket,path=/tmp/vm0_qga0.sock,server,nowait,id=vm0_qga0 -device virtio-serial \ -device virtserialport,chardev=vm0_qga0,name=org.qemu.guest_agent.0 -vnc :1 \ -drive file=/home/image/ubuntu16-0.img,format=qcow2,if=virtio,index=0,media=disk
login vm0, got VFs pci device id in vm0, assume they are 00:06.0 & 00:07.0, bind them to igb_uio driver:
modprobe uio insmod igb_uio.ko ./tools/dpdk_nic_bind.py --bind=igb_uio 00:06.0 00:07.0
Turn on testpmd and set mac forwarding mode:
./<build_target>/app/dpdk-testpmd -c 0x0f -n 4 -- -i --portmask=0x3 --tx-offloads=0x0 testpmd> set fwd mac testpmd> start
get mac address of VF0 and use it as dest mac, using scapy to send 2000 packets from tester:
sendp(Ether(src='tester_mac', dst='vm_port0_mac')/IP()/UDP()/Raw(load='XXXXXXXXXXXXXXXXXX'), iface="tester_nic")
verify the packets can’t be received by VF1,As follows:
######################## NIC statistics for port 0 ######################## RX-packets: 2000 RX-missed: 0 RX-bytes: 120000 RX-errors: 0 RX-nombuf: 0 TX-packets: 0 TX-errors: 0 TX-bytes: 0 Throughput (since last show) Rx-pps: 634 Tx-pps: 0 ############################################################################ ######################## NIC statistics for port 1 ######################## RX-packets: 0 RX-missed: 0 RX-bytes: 0 RX-errors: 0 RX-nombuf: 0 TX-packets: 0 TX-errors: 0 TX-bytes: 0 Throughput (since last show) Rx-pps: 0 Tx-pps: 0 ############################################################################
You can see “ixgbe 0000:03:00.0: Malicious event on VF 0 tx:100000 rx:0” by using the “dmesg -c” command on the host:
dmesg -c | grep 'event'
216.3. Test Case 3: disable_mdd_dpdk_disable¶
disable the MDD:
rmmod ixgbe modprobe ixgbe MDD=0,0 ifconfig ens865f1 up ifconfig ens865f0 up
pf_port0 virtualizes a vf0 and pf_port1 virtualizes a vf1:
echo 1 > /sys/bus/pci/devices/0000\:03\:00.0/sriov_numvfs echo 1 > /sys/bus/pci/devices/0000\:03\:00.1/sriov_numvfs
passthrough vf0 and vf1 to vm0 and start vm0:
taskset -c 4,5,6,7 qemu-system-x86_64 -name vm0 -enable-kvm -pidfile /tmp/.vm0.pid \ -daemonize -monitor unix:/tmp/vm0_monitor.sock,server,nowait -device e1000,netdev=nttsip1 \ -netdev user,id=nttsip1,hostfwd=tcp:127.0.0.1:6001-:22 -device vfio-pci,host=0000:03:10.0,id=pt_0 \ -device vfio-pci,host=0000:03:10.1,id=pt_1 -cpu host -smp 4 -m 10240 \ -chardev socket,path=/tmp/vm0_qga0.sock,server,nowait,id=vm0_qga0 -device virtio-serial \ -device virtserialport,chardev=vm0_qga0,name=org.qemu.guest_agent.0 -vnc :1 \ -drive file=/home/image/ubuntu16-0.img,format=qcow2,if=virtio,index=0,media=disk
login vm0, got VFs pci device id in vm0, assume they are 00:06.0 & 00:07.0, bind them to igb_uio driver:
modprobe uio insmod igb_uio.ko ./tools/dpdk_nic_bind.py --bind=igb_uio 00:06.0 00:07.0
Turn on testpmd and set mac forwarding mode:
./<build_target>/app/dpdk-testpmd -c 0xf -n 4 -- -i --portmask=0x3 --tx-offloads=0x1 testpmd> set fwd mac testpmd> start
get mac address of VF0 and use it as dest mac, using scapy to send 2000 packets from tester:
sendp(Ether(src='tester_mac', dst='vm_port0_mac')/IP()/UDP()/Raw(load='XXXXXXXXXXXXXXXXXX'), iface="tester_nic")
verify the packets can be received by VF1,As follows:
######################## NIC statistics for port 0 ######################## RX-packets: 2000 RX-missed: 0 RX-bytes: 120000 RX-errors: 0 RX-nombuf: 0 TX-packets: 0 TX-errors: 0 TX-bytes: 0 Throughput (since last show) Rx-pps: 634 Tx-pps: 0 ############################################################################ ######################## NIC statistics for port 1 ######################## RX-packets: 0 RX-missed: 0 RX-bytes: 0 RX-errors: 0 RX-nombuf: 0 TX-packets: 2000 TX-errors: 0 TX-bytes: 120000 Throughput (since last show) Rx-pps: 0 Tx-pps: 618 ############################################################################
You cannot see “ixgbe 0000:03:00.0: Malicious event on VF 0 tx:100000 rx:0” by using the “dmesg -c” command on the host:
dmesg -c | grep 'event'
216.4. Test Case 4: disable_mdd_dpdk_enable¶
disable the MDD:
rmmod ixgbe modprobe ixgbe MDD=0,0 ifconfig ens865f1 up ifconfig ens865f0 up
pf_port0 virtualizes a vf0 and pf_port1 virtualizes a vf1:
echo 1 > /sys/bus/pci/devices/0000\:03\:00.0/sriov_numvfs echo 1 > /sys/bus/pci/devices/0000\:03\:00.1/sriov_numvfs
passthrough vf0 and vf1 to vm0 and start vm0:
taskset -c 4,5,6,7 qemu-system-x86_64 -name vm0 -enable-kvm -pidfile /tmp/.vm0.pid \ -daemonize -monitor unix:/tmp/vm0_monitor.sock,server,nowait -device e1000,netdev=nttsip1 \ -netdev user,id=nttsip1,hostfwd=tcp:127.0.0.1:6001-:22 -device vfio-pci,host=0000:03:10.0,id=pt_0 \ -device vfio-pci,host=0000:03:10.1,id=pt_1 -cpu host -smp 4 -m 10240 \ -chardev socket,path=/tmp/vm0_qga0.sock,server,nowait,id=vm0_qga0 -device virtio-serial \ -device virtserialport,chardev=vm0_qga0,name=org.qemu.guest_agent.0 -vnc :1 \ -drive file=/home/image/ubuntu16-0.img,format=qcow2,if=virtio,index=0,media=disk
login vm0, got VFs pci device id in vm0, assume they are 00:06.0 & 00:07.0, bind them to igb_uio driver:
modprobe uio insmod igb_uio.ko ./tools/dpdk_nic_bind.py --bind=igb_uio 00:06.0 00:07.0
Turn on testpmd and set mac forwarding mode:
./<build_target>/app/dpdk-testpmd -c 0xf -n 4 -- -i --portmask=0x3 --tx-offloads=0x0 testpmd> set fwd mac testpmd> start
get mac address of VF0 and use it as dest mac, using scapy to send 2000 packets from tester:
sendp(Ether(src='tester_mac', dst='vm_port0_mac')/IP()/UDP()/Raw(load='XXXXXXXXXXXXXXXXXX'), iface="tester_nic")
verify the packets can be received by VF1,As follows:
######################## NIC statistics for port 0 ######################## RX-packets: 2000 RX-missed: 0 RX-bytes: 120000 RX-errors: 0 RX-nombuf: 0 TX-packets: 0 TX-errors: 0 TX-bytes: 0 Throughput (since last show) Rx-pps: 634 Tx-pps: 0 ############################################################################ ######################## NIC statistics for port 1 ######################## RX-packets: 0 RX-missed: 0 RX-bytes: 0 RX-errors: 0 RX-nombuf: 0 TX-packets: 2000 TX-errors: 0 TX-bytes: 120000 Throughput (since last show) Rx-pps: 0 Tx-pps: 618 ############################################################################
You cannot see “ixgbe 0000:03:00.0: Malicious event on VF 0 tx:100000 rx:0” by using the “dmesg -c” command on the host:
dmesg -c | grep 'event'