186. Malicious Driver Detection (MDD) Tests

Malicious Driver Detection (MDD) support sagevill and i350 nic, dpdk2.3+ only support sagevill NIC. ixgbe supports disable MDD from version 4.2.3 so this test must run dpdk2.3+ and used ixgbe 4.2.3+ in host.

Notice: use command insmod ixgbe.ko MDD=0,0 to disable MDD. Each “0” in the command refers to a port. For example, if there are 6 ixgbe ports, the command should be changed to insmod ixgbe.ko MDD=0,0,0,0,0,0

186.1. Test Case 1: enable_mdd_dpdk_disable

  1. enable the MDD:

    rmmod ixgbe
    modprobe ixgbe MDD=1,1
    ifconfig ens865f1 up
    ifconfig ens865f0 up
    
  2. pf_port0 virtualizes a vf0 and pf_port1 virtualizes a vf1:

    echo 1 > /sys/bus/pci/devices/0000\:03\:00.0/sriov_numvfs
    echo 1 > /sys/bus/pci/devices/0000\:03\:00.1/sriov_numvfs
    
  3. passthrough vf0 and vf1 to vm0 and start vm0:

    taskset -c 4,5,6,7 qemu-system-x86_64  -name vm0 -enable-kvm -pidfile /tmp/.vm0.pid \
    -daemonize -monitor unix:/tmp/vm0_monitor.sock,server,nowait -device e1000,netdev=nttsip1 \
    -netdev user,id=nttsip1,hostfwd=tcp:127.0.0.1:6001-:22 -device vfio-pci,host=0000:03:10.0,id=pt_0 \
    -device vfio-pci,host=0000:03:10.1,id=pt_1 -cpu host -smp 4 -m 10240 \
    -chardev socket,path=/tmp/vm0_qga0.sock,server,nowait,id=vm0_qga0 -device virtio-serial \
    -device virtserialport,chardev=vm0_qga0,name=org.qemu.guest_agent.0 -vnc :1 \
    -drive file=/home/image/ubuntu16-0.img,format=qcow2,if=virtio,index=0,media=disk
    
  4. login vm0, got VFs pci device id in vm0, assume they are 00:06.0 & 00:07.0, bind them to igb_uio driver:

    modprobe uio
    insmod igb_uio.ko
    ./tools/dpdk_nic_bind.py --bind=igb_uio 00:06.0 00:07.0
    
  5. Turn on testpmd and set mac forwarding mode:

    ./testpmd -c 0x0f -n 4 -- -i --portmask=0x3 --tx-offloads=0x1
    
    testpmd> set fwd mac
    testpmd> start
    
  6. get mac address of VF0 and use it as dest mac, using scapy to send 2000 packets from tester:

    sendp(Ether(src='tester_mac', dst='vm_port0_mac')/IP()/UDP()/Raw(load='XXXXXXXXXXXXXXXXXX'), iface="tester_nic")
    
  7. verify the packets can’t be received by VF1,As follows:

    ######################## NIC statistics for port 0  ########################
    RX-packets: 2000       RX-missed: 0          RX-bytes:  120000
    RX-errors: 0
    RX-nombuf:  0
    TX-packets: 0          TX-errors: 0          TX-bytes:  0
    
    Throughput (since last show)
    Rx-pps:          634
    Tx-pps:            0
    ############################################################################
    ######################## NIC statistics for port 1  ########################
    RX-packets: 0          RX-missed: 0          RX-bytes:  0
    RX-errors: 0
    RX-nombuf:  0
    TX-packets: 0          TX-errors: 0          TX-bytes:  0
    
    Throughput (since last show)
    Rx-pps:            0
    Tx-pps:            0
    ############################################################################
    
  8. You can see “ixgbe 0000:03:00.0: Malicious event on VF 0 tx:100000 rx:0” by using the “dmesg -c” command on the host:

    dmesg -c | grep 'event'
    

186.2. Test Case 2: enable_mdd_dpdk_enable

  1. enable the MDD:

    rmmod ixgbe
    modprobe ixgbe MDD=1,1
    ifconfig ens865f1 up
    ifconfig ens865f0 up
    
  2. pf_port0 virtualizes a vf0 and pf_port1 virtualizes a vf1:

    echo 1 > /sys/bus/pci/devices/0000\:03\:00.0/sriov_numvfs
    echo 1 > /sys/bus/pci/devices/0000\:03\:00.1/sriov_numvfs
    
  3. passthrough vf0 and vf1 to vm0 and start vm0:

    taskset -c 4,5,6,7 qemu-system-x86_64  -name vm0 -enable-kvm -pidfile /tmp/.vm0.pid \
    -daemonize -monitor unix:/tmp/vm0_monitor.sock,server,nowait -device e1000,netdev=nttsip1 \
    -netdev user,id=nttsip1,hostfwd=tcp:127.0.0.1:6001-:22 -device vfio-pci,host=0000:03:10.0,id=pt_0 \
    -device vfio-pci,host=0000:03:10.1,id=pt_1 -cpu host -smp 4 -m 10240 \
    -chardev socket,path=/tmp/vm0_qga0.sock,server,nowait,id=vm0_qga0 -device virtio-serial \
    -device virtserialport,chardev=vm0_qga0,name=org.qemu.guest_agent.0 -vnc :1 \
    -drive file=/home/image/ubuntu16-0.img,format=qcow2,if=virtio,index=0,media=disk
    
  4. login vm0, got VFs pci device id in vm0, assume they are 00:06.0 & 00:07.0, bind them to igb_uio driver:

    modprobe uio
    insmod igb_uio.ko
    ./tools/dpdk_nic_bind.py --bind=igb_uio 00:06.0 00:07.0
    
  5. Turn on testpmd and set mac forwarding mode:

    ./testpmd -c 0x0f -n 4 -- -i --portmask=0x3 --tx-offloads=0x0
    
    testpmd> set fwd mac
    testpmd> start
    
  6. get mac address of VF0 and use it as dest mac, using scapy to send 2000 packets from tester:

    sendp(Ether(src='tester_mac', dst='vm_port0_mac')/IP()/UDP()/Raw(load='XXXXXXXXXXXXXXXXXX'), iface="tester_nic")
    
  7. verify the packets can’t be received by VF1,As follows:

    ######################## NIC statistics for port 0  ########################
    RX-packets: 2000       RX-missed: 0          RX-bytes:  120000
    RX-errors: 0
    RX-nombuf:  0
    TX-packets: 0          TX-errors: 0          TX-bytes:  0
    
    Throughput (since last show)
    Rx-pps:          634
    Tx-pps:            0
    ############################################################################
    ######################## NIC statistics for port 1  ########################
    RX-packets: 0          RX-missed: 0          RX-bytes:  0
    RX-errors: 0
    RX-nombuf:  0
    TX-packets: 0          TX-errors: 0          TX-bytes:  0
    
    Throughput (since last show)
    Rx-pps:            0
    Tx-pps:            0
    ############################################################################
    
  8. You can see “ixgbe 0000:03:00.0: Malicious event on VF 0 tx:100000 rx:0” by using the “dmesg -c” command on the host:

    dmesg -c | grep 'event'
    

186.3. Test Case 3: disable_mdd_dpdk_disable

  1. disable the MDD:

    rmmod ixgbe
    modprobe ixgbe MDD=0,0
    ifconfig ens865f1 up
    ifconfig ens865f0 up
    
  2. pf_port0 virtualizes a vf0 and pf_port1 virtualizes a vf1:

    echo 1 > /sys/bus/pci/devices/0000\:03\:00.0/sriov_numvfs
    echo 1 > /sys/bus/pci/devices/0000\:03\:00.1/sriov_numvfs
    
  3. passthrough vf0 and vf1 to vm0 and start vm0:

    taskset -c 4,5,6,7 qemu-system-x86_64  -name vm0 -enable-kvm -pidfile /tmp/.vm0.pid \
    -daemonize -monitor unix:/tmp/vm0_monitor.sock,server,nowait -device e1000,netdev=nttsip1 \
    -netdev user,id=nttsip1,hostfwd=tcp:127.0.0.1:6001-:22 -device vfio-pci,host=0000:03:10.0,id=pt_0 \
    -device vfio-pci,host=0000:03:10.1,id=pt_1 -cpu host -smp 4 -m 10240 \
    -chardev socket,path=/tmp/vm0_qga0.sock,server,nowait,id=vm0_qga0 -device virtio-serial \
    -device virtserialport,chardev=vm0_qga0,name=org.qemu.guest_agent.0 -vnc :1 \
    -drive file=/home/image/ubuntu16-0.img,format=qcow2,if=virtio,index=0,media=disk
    
  4. login vm0, got VFs pci device id in vm0, assume they are 00:06.0 & 00:07.0, bind them to igb_uio driver:

    modprobe uio
    insmod igb_uio.ko
    ./tools/dpdk_nic_bind.py --bind=igb_uio 00:06.0 00:07.0
    
  5. Turn on testpmd and set mac forwarding mode:

    ./testpmd -c 0xf -n 4 -- -i --portmask=0x3 --tx-offloads=0x1
    
    testpmd> set fwd mac
    testpmd> start
    
  6. get mac address of VF0 and use it as dest mac, using scapy to send 2000 packets from tester:

    sendp(Ether(src='tester_mac', dst='vm_port0_mac')/IP()/UDP()/Raw(load='XXXXXXXXXXXXXXXXXX'), iface="tester_nic")
    
  7. verify the packets can be received by VF1,As follows:

    ######################## NIC statistics for port 0  ########################
    RX-packets: 2000       RX-missed: 0          RX-bytes:  120000
    RX-errors: 0
    RX-nombuf:  0
    TX-packets: 0          TX-errors: 0          TX-bytes:  0
    
    Throughput (since last show)
    Rx-pps:          634
    Tx-pps:            0
    ############################################################################
    ######################## NIC statistics for port 1  ########################
    RX-packets: 0          RX-missed: 0          RX-bytes:  0
    RX-errors: 0
    RX-nombuf:  0
    TX-packets: 2000       TX-errors: 0          TX-bytes:  120000
    
    Throughput (since last show)
    Rx-pps:            0
    Tx-pps:          618
    ############################################################################
    
  8. You cannot see “ixgbe 0000:03:00.0: Malicious event on VF 0 tx:100000 rx:0” by using the “dmesg -c” command on the host:

    dmesg -c | grep 'event'
    

186.4. Test Case 4: disable_mdd_dpdk_enable

  1. disable the MDD:

    rmmod ixgbe
    modprobe ixgbe MDD=0,0
    ifconfig ens865f1 up
    ifconfig ens865f0 up
    
  2. pf_port0 virtualizes a vf0 and pf_port1 virtualizes a vf1:

    echo 1 > /sys/bus/pci/devices/0000\:03\:00.0/sriov_numvfs
    echo 1 > /sys/bus/pci/devices/0000\:03\:00.1/sriov_numvfs
    
  3. passthrough vf0 and vf1 to vm0 and start vm0:

    taskset -c 4,5,6,7 qemu-system-x86_64  -name vm0 -enable-kvm -pidfile /tmp/.vm0.pid \
    -daemonize -monitor unix:/tmp/vm0_monitor.sock,server,nowait -device e1000,netdev=nttsip1 \
    -netdev user,id=nttsip1,hostfwd=tcp:127.0.0.1:6001-:22 -device vfio-pci,host=0000:03:10.0,id=pt_0 \
    -device vfio-pci,host=0000:03:10.1,id=pt_1 -cpu host -smp 4 -m 10240 \
    -chardev socket,path=/tmp/vm0_qga0.sock,server,nowait,id=vm0_qga0 -device virtio-serial \
    -device virtserialport,chardev=vm0_qga0,name=org.qemu.guest_agent.0 -vnc :1 \
    -drive file=/home/image/ubuntu16-0.img,format=qcow2,if=virtio,index=0,media=disk
    
  4. login vm0, got VFs pci device id in vm0, assume they are 00:06.0 & 00:07.0, bind them to igb_uio driver:

    modprobe uio
    insmod igb_uio.ko
    ./tools/dpdk_nic_bind.py --bind=igb_uio 00:06.0 00:07.0
    
  5. Turn on testpmd and set mac forwarding mode:

    ./testpmd -c 0xf -n 4 -- -i --portmask=0x3 --tx-offloads=0x0
    
    testpmd> set fwd mac
    testpmd> start
    
  6. get mac address of VF0 and use it as dest mac, using scapy to send 2000 packets from tester:

    sendp(Ether(src='tester_mac', dst='vm_port0_mac')/IP()/UDP()/Raw(load='XXXXXXXXXXXXXXXXXX'), iface="tester_nic")
    
  7. verify the packets can be received by VF1,As follows:

    ######################## NIC statistics for port 0  ########################
    RX-packets: 2000       RX-missed: 0          RX-bytes:  120000
    RX-errors: 0
    RX-nombuf:  0
    TX-packets: 0          TX-errors: 0          TX-bytes:  0
    
    Throughput (since last show)
    Rx-pps:          634
    Tx-pps:            0
    ############################################################################
    ######################## NIC statistics for port 1  ########################
    RX-packets: 0          RX-missed: 0          RX-bytes:  0
    RX-errors: 0
    RX-nombuf:  0
    TX-packets: 2000       TX-errors: 0          TX-bytes:  120000
    
    Throughput (since last show)
    Rx-pps:            0
    Tx-pps:          618
    ############################################################################
    
  8. You cannot see “ixgbe 0000:03:00.0: Malicious event on VF 0 tx:100000 rx:0” by using the “dmesg -c” command on the host:

    dmesg -c | grep 'event'