Permalink
Browse files

Merge PR #1222 (v2017.09 release) into master

  • Loading branch information...
eugeneia committed Nov 10, 2017
2 parents 707db7f + e64d1a6 commit 2121080ccf6fb40904694930991bb0484d2964a6
View
@@ -1 +1 @@
2017.08
2017.09
View
@@ -1,19 +1,19 @@
# Intel 82599 Ethernet Controller Apps
## Intel10G (apps.intel.intel_app)
## Intel82599 (apps.intel.intel_app)
The `Intel10G` drives one port of an Intel 82599 Ethernet controller.
The `Intel82599` drives one port of an Intel 82599 Ethernet controller.
Packets taken from the `rx` port are transmitted onto the network.
Packets received from the network are put on the `tx` port.
DIAGRAM: Intel10G
+----------+
| |
rx ---->* Intel10G *----> tx
| |
+----------+
DIAGRAM: Intel82599
+------------+
| |
rx ---->* Intel82599 *----> tx
| |
+------------+
— Method **Intel10G.dev:get_rxstats**
— Method **Intel82599.dev:get_rxstats**
Returns a table with the following keys:
@@ -22,7 +22,7 @@ Returns a table with the following keys:
* `dropped` - Number of packets dropped
* `bytes` - Total bytes received
— Method **Intel10G.dev:get_txstats**
— Method **Intel82599.dev:get_txstats**
Returns a table with the following keys:
@@ -32,7 +32,7 @@ Returns a table with the following keys:
### Configuration
The `Intel10G` app accepts a table as its configuration argument. The
The `Intel82599` app accepts a table as its configuration argument. The
following keys are defined:
— Key **pciaddr**
@@ -53,7 +53,7 @@ header.
— Key **vmdq**
*Optional*. Boolean, defaults to false. Enables interface
virtualization. Allows to have multiple `Intel10G` apps per port. If
virtualization. Allows to have multiple `Intel82599` apps per port. If
enabled, *macaddr* must be specified.
— Key **mirror**
@@ -78,7 +78,7 @@ the physical port.
*Optional*. Four bit integers (0-15). If set, incoming/outgoing packets
will be counted in the selected statistics counter respectively. Multiple
apps can share a counter. To retrieve counter statistics use
`Intel10G.dev:get_rxstats()` and `Intel10G.dev:get_txstats()`.
`Intel82599.dev:get_rxstats()` and `Intel82599.dev:get_txstats()`.
— Key **rate_limit**
@@ -105,14 +105,14 @@ Note that even a low-priority app can use the whole line rate unless other
### Performance
The `Intel10G` app can transmit and receive at approximately 10 Mpps per
The `Intel82599` app can transmit and receive at approximately 10 Mpps per
processor core.
### Hardware limits
Each physical Intel 82599 port supports the use of up to:
* 64 *pools* (virtualized `Intel10G` app instances)
* 64 *pools* (virtualized `Intel82599` app instances)
* 127 MAC addresses (see the `macaddr` configuration option)
* 64 VLANs (see the `vlan` configuration option)
* 4 *mirror pools* (see the `mirror` configuration option)
View
@@ -103,12 +103,20 @@ function UnixSocket:new (arg)
-- Return true on success or false if no data is available.
local function try_read ()
local bytes = S.read(sock, rxp.data, packet.max_payload)
if bytes then
rxp.length = bytes
return true
else
-- Error, likely EAGAIN
if not bytes then
return false
end
-- EOF, reset sock
if bytes == 0 then
sock = nil
return false
end
rxp.length = bytes
return true
end
function self:pull()
connect()
View
@@ -166,7 +166,7 @@ The current state of each branch with respect to master is visible here:
- See snabbwall.org for more info
Maintainer: Collectively maintained by Snabbwall application developers.
Next hop: kbara-next
Next hop: wingo-next
#### aarch64
View
@@ -119,13 +119,20 @@ function IP4.selftest ()
selftest_get_bit()
selftest_commonlength()
local pmu = require("lib.pmu")
local gbit = IP4.get_bit
pmu.profile(function()
local c = 0
for i = 0,1000000 do
c = c + IP4.commonlength(i,i)
end
end)
local avail, err = pmu.is_available()
if not avail then
print("PMU not available:")
print(" "..err)
print("Skipping benchmark.")
else
local gbit = IP4.get_bit
pmu.profile(function()
local c = 0
for i = 0,1000000 do
c = c + IP4.commonlength(i,i)
end
end)
end
end
return IP4
View
@@ -259,6 +259,13 @@ function LPM4:selftest (cfg, millions)
g:verify(f)
C.free(ptr)
self:new(cfg):add_random_entries():benchmark(millions)
local avail, err = require('lib.pmu').is_available()
if not avail then
print("PMU not available:")
print(" "..err)
print("Skipping benchmark.")
else
self:new(cfg):add_random_entries():benchmark(millions)
end
print("selftest complete")
end
@@ -164,10 +164,17 @@ function selftest_get_bits ()
assert(g(p("0.3.128.0"),14) == 56)
assert(g(p("192.0.0.0"),0) == 48)
local pmu = require("lib.pmu")
local n = 0
pmu.profile(function()
for i =0, 1000*1000*1000 do n = n + g(i, 7) end
end)
local avail, err = pmu.is_available()
if not avail then
print("PMU not available:")
print(" "..err)
print("Skipping benchmark.")
else
local n = 0
pmu.profile(function()
for i =0, 1000*1000*1000 do n = n + g(i, 7) end
end)
end
end
function selftest ()
local n = LPM4_poptrie:new()
View
@@ -29,16 +29,24 @@ Rand.u32 = (function()
end)()
function Rand:selftest()
local pmu = require("lib.pmu")
local v = 0
local million = 1000000
local start = C.get_time_ns()
pmu.profile(function()
for i=0, 500*million do
v = Rand.u32(v)
end
end, {}, { random_u32 = 500*million })
print((C.get_time_ns() - start)/(500*million))
local pmu = require("lib.pmu")
local v = 0
local million = 1000000
local function test()
for i=0, 500*million do
v = Rand.u32(v)
end
end
local avail, err = pmu.is_available()
local start = C.get_time_ns()
if not avail then
print("PMU not available:")
print(" "..err)
test()
else
pmu.profile(test, {}, { random_u32 = 500*million })
end
print(tonumber((C.get_time_ns() - start))/(500*million))
end
return Rand
@@ -0,0 +1,4 @@
Copyright: 2017, Igalia and the Snabb project.
License: See COPYING.
Snabbwall development has been kindly funded by NLnet Foundation (https://nlnet.nl/).
View
@@ -5,6 +5,7 @@ Usage:
Available subcommands:
spy Analyze traffic and report statistics
filter Apply filtering rules to incoming packets.
Use --help for per-command usage. Example:
@@ -1,3 +1,4 @@
-- Use of this source code is governed by the Apache 2.0 license; see COPYING.
module(..., package.seeall)
-- This module provides some common definitions for snabbwall programs
@@ -26,3 +26,11 @@ Options:
-6, --ipv6 <ip_addr> Set the IPv6 address of this firewall host
-D, --duration <secs> Set the duration to run the program (in seconds).
--cpu <cpu-num> Pin to a particular CPU and appropriate NUMA node
Example:
# Reject all HTTP packets and accept all the test.
sudo ./snabb wall filter -e "{ HTTP = 'reject', default = 'accept' }" pcap v6-http.cap
# Accept RTP packets which flow_count is equals or higher than 69 and drop otherwise. Drop non RTP packets.
sudo ./snabb wall filter -e "{ RTP = [[match { flow_count >= 69 => accept; otherwise => drop }]], default = 'drop' }" pcap rtp_example.pcap
@@ -1,3 +1,4 @@
-- Use of this source code is governed by the Apache 2.0 license; see COPYING.
module(..., package.seeall)
local fw = require("apps.wall.l7fw")
@@ -1,3 +1,4 @@
-- Use of this source code is governed by the Apache 2.0 license; see COPYING.
module(..., package.seeall)
local lib = require("core.lib")
@@ -1,4 +1,10 @@
#! /usr/bin/env bash
if [[ $EUID != 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
set -e
shopt -s nullglob
@@ -13,20 +19,31 @@ readonly mac="01:23:45:67:89:ab"
# run a test given the pcap file path, the no. of packets expected to
# the output file, the no. packets for the reject file, and a firewall policy
function test-filter {
local test_name=$1 n_accepted=$2 n_rejected=$3 n_dropped=$4 rule=$5
output=`mktemp`
echo "TEST $1"
"${mydir}/../../../snabb" wall filter -p -4 $ip4 -6 $ip6 -m $mac -o `mktemp` -r `mktemp` -e "$5" pcap "${datadir}/$1" > $output
if ! (grep "Accepted packets: $2" $output &&
grep "Rejected packets: $3" $output &&
grep "Dropped packets: $4" $output); then
echo "TEST $test_name"
"${mydir}/../../../snabb" wall filter -p -4 $ip4 -6 $ip6 -m $mac -o `mktemp` -r `mktemp` -e "$rule" pcap "${datadir}/$test_name" > $output
if ! (grep "Accepted packets: $n_accepted" $output &&
grep "Rejected packets: $n_rejected" $output &&
grep "Dropped packets: $n_dropped" $output); then
echo "FAIL"
return 1
result=1
else
echo "SUCCESS"
result=0
fi
echo "SUCCESS"
return 0
rm $output
return $result
}
# Reject all DHCPv6 packets and drop all the rest.
test-filter "dhcpv6.pcap" 0 6 4 "{ DHCPV6 = 'reject', default = 'drop' }"
# Reject all HTTP packets and accept all the test.
test-filter "v6-http.cap" 51 4 0 "{ HTTP = 'reject', default = 'accept' }"
# Accept RTP packets which flow_count is equals or higher than 69 and drop otherwise. Drop non RTP packets.
test-filter "rtp_example.pcap" 465 0 34 "{ RTP = [[match { flow_count >= 69 => accept; otherwise => drop }]], default = 'drop' }"
# Reject RTP packets which flow_count is equals or higher than 69 and drop otherwise. Drop non RTP packets.
test-filter "rtp_example.pcap" 0 465 34 "{ RTP = [[match { flow_count >= 69 => reject; otherwise => drop }]], default = 'drop' }"
@@ -1,3 +1,4 @@
-- Use of this source code is governed by the Apache 2.0 license; see COPYING.
module(..., package.seeall)
local lib = require("core.lib")

0 comments on commit 2121080

Please sign in to comment.