Merge PR #1222 (v2017.09 release) into master

snabbco · Nov 10, 2017 · 2121080 · 2121080
2 parents 707db7f + e64d1a6
commit 2121080
Show file tree

Hide file tree

Showing 16 changed files with 122 additions and 51 deletions.
diff --git a/.version b/.version
@@ -1 +1 @@
-2017.08
+2017.09
diff --git a/src/apps/intel/README.md b/src/apps/intel/README.md
@@ -1,19 +1,19 @@
 # Intel 82599 Ethernet Controller Apps
 
-## Intel10G (apps.intel.intel_app)
+## Intel82599 (apps.intel.intel_app)
 
-The `Intel10G` drives one port of an Intel 82599 Ethernet controller.
+The `Intel82599` drives one port of an Intel 82599 Ethernet controller.
 Packets taken from the `rx` port are transmitted onto the network.
 Packets received from the network are put on the `tx` port.
 
-    DIAGRAM: Intel10G
+    DIAGRAM: Intel82599
-              +----------+
+              +------------+
-              |          |
+              |            |
-      rx ---->* Intel10G *----> tx
+      rx ---->* Intel82599 *----> tx
-              |          |
+              |            |
-              +----------+
+              +------------+
 
-— Method **Intel10G.dev:get_rxstats**
+— Method **Intel82599.dev:get_rxstats**
 
 Returns a table with the following keys:
 
@@ -22,7 +22,7 @@ Returns a table with the following keys:
 * `dropped` - Number of packets dropped
 * `bytes` - Total bytes received
 
-— Method **Intel10G.dev:get_txstats**
+— Method **Intel82599.dev:get_txstats**
 
 Returns a table with the following keys:
 
@@ -32,7 +32,7 @@ Returns a table with the following keys:
 
 ### Configuration
 
-The `Intel10G` app accepts a table as its configuration argument. The
+The `Intel82599` app accepts a table as its configuration argument. The
 following keys are defined:
 
 — Key **pciaddr**
@@ -53,7 +53,7 @@ header.
 — Key **vmdq**
 
 *Optional*. Boolean, defaults to false. Enables interface
-virtualization. Allows to have multiple `Intel10G` apps per port. If
+virtualization. Allows to have multiple `Intel82599` apps per port. If
 enabled, *macaddr* must be specified.
 
 — Key **mirror**
@@ -78,7 +78,7 @@ the physical port.
 *Optional*. Four bit integers (0-15). If set, incoming/outgoing packets
 will be counted in the selected statistics counter respectively. Multiple
 apps can share a counter. To retrieve counter statistics use
-`Intel10G.dev:get_rxstats()` and `Intel10G.dev:get_txstats()`.
+`Intel82599.dev:get_rxstats()` and `Intel82599.dev:get_txstats()`.
 
 — Key **rate_limit**
 
@@ -105,14 +105,14 @@ Note that even a low-priority app can use the whole line rate unless other
 
 ### Performance
 
-The `Intel10G` app can transmit and receive at approximately 10 Mpps per
+The `Intel82599` app can transmit and receive at approximately 10 Mpps per
 processor core.
 
 ### Hardware limits
 
 Each physical Intel 82599 port supports the use of up to:
 
-* 64 *pools* (virtualized `Intel10G` app instances)
+* 64 *pools* (virtualized `Intel82599` app instances)
 * 127 MAC addresses (see the `macaddr` configuration option)
 * 64 VLANs (see the `vlan` configuration option)
 * 4 *mirror pools* (see the `mirror` configuration option)

diff --git a/src/apps/socket/unix.lua b/src/apps/socket/unix.lua
@@ -103,12 +103,20 @@ function UnixSocket:new (arg)
    -- Return true on success or false if no data is available.
    local function try_read ()
       local bytes = S.read(sock, rxp.data, packet.max_payload)
-      if bytes then
+
-         rxp.length = bytes
+      -- Error, likely EAGAIN
-         return true
+      if not bytes then
-      else
          return false
       end
+
+      -- EOF, reset sock
+      if bytes == 0 then
+         sock = nil
+         return false
+      end
+
+      rxp.length = bytes
+      return true
    end
    function self:pull()
       connect()

diff --git a/src/doc/branches.md b/src/doc/branches.md
@@ -166,7 +166,7 @@ The current state of each branch with respect to master is visible here:
     - See snabbwall.org for more info
 
     Maintainer: Collectively maintained by Snabbwall application developers.
-    Next hop: kbara-next
+    Next hop: wingo-next
 
 #### aarch64
 

diff --git a/src/lib/lpm/ip4.lua b/src/lib/lpm/ip4.lua
@@ -119,13 +119,20 @@ function IP4.selftest ()
    selftest_get_bit()
    selftest_commonlength()
    local pmu = require("lib.pmu")
-   local gbit = IP4.get_bit
+   local avail, err = pmu.is_available()
-   pmu.profile(function()
+   if not avail then
-      local c = 0
+      print("PMU not available:")
-      for i = 0,1000000 do
+      print("  "..err)
-         c = c + IP4.commonlength(i,i)
+      print("Skipping benchmark.")
-      end
+   else
-   end)
+      local gbit = IP4.get_bit
+      pmu.profile(function()
+         local c = 0
+         for i = 0,1000000 do
+            c = c + IP4.commonlength(i,i)
+         end
+      end)
+   end
 end
 
 return IP4
diff --git a/src/lib/lpm/lpm4.lua b/src/lib/lpm/lpm4.lua
@@ -259,6 +259,13 @@ function LPM4:selftest (cfg, millions)
    g:verify(f)
    C.free(ptr)
 
-   self:new(cfg):add_random_entries():benchmark(millions)
+   local avail, err = require('lib.pmu').is_available()
+   if not avail then
+      print("PMU not available:")
+      print("  "..err)
+      print("Skipping benchmark.")
+   else
+      self:new(cfg):add_random_entries():benchmark(millions)
+   end
    print("selftest complete")
 end
diff --git a/src/lib/lpm/lpm4_poptrie.lua b/src/lib/lpm/lpm4_poptrie.lua
@@ -164,10 +164,17 @@ function selftest_get_bits ()
    assert(g(p("0.3.128.0"),14) == 56)
    assert(g(p("192.0.0.0"),0) == 48)
    local pmu = require("lib.pmu")
-   local n = 0
+   local avail, err = pmu.is_available()
-   pmu.profile(function()
+   if not avail then
-      for i =0, 1000*1000*1000 do n = n + g(i, 7) end
+      print("PMU not available:")
-   end)
+      print("  "..err)
+      print("Skipping benchmark.")
+   else
+      local n = 0
+      pmu.profile(function()
+         for i =0, 1000*1000*1000 do n = n + g(i, 7) end
+      end)
+   end
 end
 function selftest ()
    local n = LPM4_poptrie:new()

diff --git a/src/lib/lpm/random.dasl b/src/lib/lpm/random.dasl
@@ -29,16 +29,24 @@ Rand.u32 = (function()
 end)()
 
 function Rand:selftest()
-	local pmu = require("lib.pmu")
+   local pmu = require("lib.pmu")
-	local v = 0
+   local v = 0
-	local million = 1000000
+   local million = 1000000
-	local start = C.get_time_ns()
+   local function test()
-	pmu.profile(function()
+      for i=0, 500*million do
-		for i=0, 500*million do
+         v = Rand.u32(v)
-			v = Rand.u32(v)
+      end
-		end
+   end
-	end, {}, { random_u32 = 500*million })
+   local avail, err = pmu.is_available()
-	print((C.get_time_ns() - start)/(500*million))
+   local start = C.get_time_ns()
+   if not avail then
+      print("PMU not available:")
+      print("  "..err)
+      test()
+   else
+      pmu.profile(test, {}, { random_u32 = 500*million })
+   end
+   print(tonumber((C.get_time_ns() - start))/(500*million))
 end
 
 return Rand
diff --git a/src/program/wall/COPYRIGHT.md b/src/program/wall/COPYRIGHT.md
@@ -0,0 +1,4 @@
+Copyright: 2017, Igalia and the Snabb project.
+License: See COPYING.
+
+Snabbwall development has been kindly funded by NLnet Foundation (https://nlnet.nl/).
diff --git a/src/program/wall/README b/src/program/wall/README
@@ -5,6 +5,7 @@ Usage:
 Available subcommands:
 
   spy     Analyze traffic and report statistics
+  filter  Apply filtering rules to incoming packets.
 
 Use --help for per-command usage. Example:
 

diff --git a/src/program/wall/common.lua b/src/program/wall/common.lua
@@ -1,3 +1,4 @@
+-- Use of this source code is governed by the Apache 2.0 license; see COPYING.
 module(..., package.seeall)
 
 -- This module provides some common definitions for snabbwall programs

diff --git a/src/program/wall/filter/README b/src/program/wall/filter/README
@@ -26,3 +26,11 @@ Options:
   -6, --ipv6 <ip_addr>    Set the IPv6 address of this firewall host
   -D, --duration <secs>   Set the duration to run the program (in seconds).
   --cpu <cpu-num>         Pin to a particular CPU and appropriate NUMA node
+
+Example:
+
+# Reject all HTTP packets and accept all the test.
+sudo ./snabb wall filter -e "{ HTTP = 'reject', default = 'accept' }" pcap v6-http.cap
+
+# Accept RTP packets which flow_count is equals or higher than 69 and drop otherwise. Drop non RTP packets.
+sudo ./snabb wall filter -e "{ RTP = [[match { flow_count >= 69 => accept; otherwise => drop }]], default = 'drop' }" pcap rtp_example.pcap
diff --git a/src/program/wall/filter/filter.lua b/src/program/wall/filter/filter.lua
@@ -1,3 +1,4 @@
+-- Use of this source code is governed by the Apache 2.0 license; see COPYING.
 module(..., package.seeall)
 
 local fw     = require("apps.wall.l7fw")

diff --git a/src/program/wall/spy/spy.lua b/src/program/wall/spy/spy.lua
@@ -1,3 +1,4 @@
+-- Use of this source code is governed by the Apache 2.0 license; see COPYING.
 module(..., package.seeall)
 
 local lib   = require("core.lib")

diff --git a/src/program/wall/tests/filter-pcaps.test b/src/program/wall/tests/filter-pcaps.test
@@ -1,4 +1,10 @@
 #! /usr/bin/env bash
+
+if [[ $EUID != 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
 set -e
 shopt -s nullglob
 
@@ -13,20 +19,31 @@ readonly mac="01:23:45:67:89:ab"
 # run a test given the pcap file path, the no. of packets expected to
 # the output file, the no. packets for the reject file, and a firewall policy
 function test-filter {
+  local test_name=$1 n_accepted=$2 n_rejected=$3 n_dropped=$4 rule=$5
   output=`mktemp`
-  echo "TEST $1"
+  echo "TEST $test_name"
-  "${mydir}/../../../snabb" wall filter -p -4 $ip4 -6 $ip6 -m $mac -o `mktemp` -r `mktemp` -e "$5" pcap "${datadir}/$1" > $output
+  "${mydir}/../../../snabb" wall filter -p -4 $ip4 -6 $ip6 -m $mac -o `mktemp` -r `mktemp` -e "$rule" pcap "${datadir}/$test_name" > $output
-  if ! (grep "Accepted packets: $2" $output &&
+  if ! (grep "Accepted packets: $n_accepted" $output &&
-        grep "Rejected packets: $3" $output &&
+        grep "Rejected packets: $n_rejected" $output &&
-        grep "Dropped packets:  $4" $output); then
+        grep "Dropped packets:  $n_dropped" $output); then
       echo "FAIL"
-      return 1
+      result=1
+  else
+      echo "SUCCESS"
+      result=0
   fi
-  echo "SUCCESS"
+  rm $output
-  return 0
+  return $result
 }
 
+# Reject all DHCPv6 packets and drop all the rest.
 test-filter "dhcpv6.pcap" 0 6 4 "{ DHCPV6 = 'reject', default = 'drop' }"
+
+# Reject all HTTP packets and accept all the test.
 test-filter "v6-http.cap" 51 4 0 "{ HTTP = 'reject', default = 'accept' }"
+
+# Accept RTP packets which flow_count is equals or higher than 69 and drop otherwise. Drop non RTP packets.
 test-filter "rtp_example.pcap" 465 0 34 "{ RTP = [[match { flow_count >= 69 => accept; otherwise => drop }]], default = 'drop' }"
+
+# Reject RTP packets which flow_count is equals or higher than 69 and drop otherwise. Drop non RTP packets.
 test-filter "rtp_example.pcap" 0 465 34 "{ RTP = [[match { flow_count >= 69 => reject; otherwise => drop }]], default = 'drop' }"
diff --git a/src/program/wall/wall.lua b/src/program/wall/wall.lua
@@ -1,3 +1,4 @@
+-- Use of this source code is governed by the Apache 2.0 license; see COPYING.
 module(..., package.seeall)
 
 local lib = require("core.lib")