15. Generic Filter Tests¶
15.1. Description¶
This document provides the plan for testing the generic filter feature of 10GbE and 1GbE Ethernet Controller.In testpmd, app provides Generic Filter API to manage filter rules for kinds of packets, and calls the API to manage HW filters in HW, or SW filters in SW table.
- A generic filter provides an ability to identify specific flows or sets of flows and routes them to dedicated queues.
- Based on the Generic Filter mechanism, all the SYN packets are placed in an assigned queue.
- Based on the Generic Filter mechanism, all packets belonging to L3/L4 flows to be placed in a specific HW queue.Each filter consists of a 5-tuple (protocol, source and destination IP addresses, source and destination TCP/UDP/SCTP port) and routes packets into one of the Rx queues
- L2 Ethertype Filters provides an ability to identify packets by their L2 Ethertype and assigns them to receive queues. Testpmd app is used to test all types of HW filters. Case 1~9 are the function test for the above app while case 11-12 are the performance test for Niantic, I350, 82580 and 82576.
15.2. Prerequisites¶
Assuming that ports 0 and 1 are connected to a traffic generator’s port A and B.
15.2.1. Setup for testpmd¶
Launch the app testpmd with the following arguments:
./testpmd -c fffff -n 4 -- -i --disable-rss --rxq=4 --txq=4 --nb-cores=16 --nb-ports=2
The -n command is used to select the number of memory channels. It should be matched with the number of memory channels on that setup. The value of rxq and txq is 1 by default, it’s necessary to increase them, and make sure rxq and txq more than one. At the same time rss is enable by default, so disable it. Map port queues to statistic counter registers. Fortville not support this function:
testpmd>set stat_qmap rx 0 0 0
testpmd>set stat_qmap rx 0 1 1
testpmd>set stat_qmap rx 0 2 2
testpmd>set stat_qmap rx 0 3 3
Setup for receive all packet and disable vlan strip function:
testpmd>vlan set strip off 0
testpmd>vlan set strip off 1
testpmd>vlan set filter off 0
testpmd>vlan set filter off 1
testpmd>set flush_rx on
15.3. Test Case 1: SYN filter¶
SYN filters might routes TCP packets with their SYN flag set into an assigned queue. By filtering such packets to an assigned queue, security software can monitor and act on SYN attacks.
Enable SYN filters with queue 2 on port 0:
testpmd> syn_filter 0 add priority high queue 2
Then setup for receive:
testpmd> start
Configure the traffic generator to send 5 SYN packets and 5 non-SYN packets . Reading the stats for port 0 after sending packets:
testpmd> stop
Verify that the packets are received (RX-packets incremented)on the queue 2. Set off SYN filter:
testpmd>syn_filter 0 del priority high queue 2
testpmd>start
Send 5 SYN packets, then reading the stats for port 0 after sending packets:
testpmd> stop
Verify that the packets are not received (RX-packets do not increased)on the queue 2 and syn filter is removed.
15.4. Test Case 2: 5-tuple Filter¶
This filter identifies specific L3/L4 flows or sets of L3/L4 flows and routes them to dedicated queues. Each filter consists of a 5-tuple (protocol, source and destination IP addresses, source and destination TCP/UDP/SCTP port) and routes packets into one of the Rx queues. The 5-tuple filters are configured via dst_ip, src_ip, dst_port, src_port, protocol and Mask.This case supports two type NIC(niantic, 82576), and their command line are different. niantic and 82576 register are different, for niantic TCP flags not need config,so used 0, 82576 must config tcp flags, the tcp flags means the package is a SYN package. Enable the 5-tuple Filter with queue 3 on port 0 for niantic:
testpmd> 5tuple_filter 0 add dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol 0x06 mask 0x1f tcp_flags 0x0 priority 3 queue 3
Enable the 5-tuple Filter with queue 3 on port 0 for 82576:
testpmd> 5tuple_filter 0 add dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol 0x06 mask 0x1f flags 0x02 priority 3 queue 3
Then setup for receive:
testpmd> start
If the NIC type is niantic, then send different type packets such as (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp) and arp:
testpmd> stop
Verify that the packets (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp)or (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp, flags = 0x2) are received (RX-packets doesn’t incremented)on the queue 3.Remove L3/L4 5-tuple filter. Disable 5-tuple Filters:
testpmd> 5tuple_filter 0 del dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol 0x06 mask 0x1f flags 0x02 priority 3 queue 3
testpmd> start
Send packets(dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp) or (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp flags = 0x2). Then reading the stats for port 0 after sending packets:
testpmd> stop
Verify that the packets are not received (RX-packets do not increased)on the queue 3. A 5-bit field that masks each of the fields in the 5-tuple (L4 protocol, IP addresses, TCP/UDP ports). If 5-tuple fields are masked with 0x0 (mask = 0x0), the filter will routes all the packets(ip) on the assigned queue.For instance, enable the 5-tuple Filters with queue 3 on port 0 for niantic. however, the value of mask is set 0x0:
testpmd> 5tuple_filter 0 add dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol tcp mask 0x0 flags 0x0 priority 3 queue 3
15.5. Test Case 3: ethertype filter¶
Enable the receipt of ARP packets with queue 2 on port 0:
testpmd> ethertype_filter 0 add ethertype 0x0806 priority disable 0 queue 2
Then setup for receive:
testpmd> start
Configure the traffic generator to send 15 ARP packets and 15 non ARP packets:
testpmd> stop
Verify that the arp packets are received (RX-packets incremented)on the queue 2 . remove ethertype filter:
testpmd> ethertype_filter 0 del ethertype 0x0806 priority disable 0 queue 2
testpmd> start
Configure the traffic generator to send 15 ARP packets.
testpmd> stop
Also, you can change the value of priority to set a new filter except the case the value of ethertype is 0x0800 with priority enable .The rest of steps are same.
For instance, enable priority filter(just support niantic):
testpmd> ethertype_filter 0 add ethertype 0x0806 priority enable 1 queue 2
15.6. Test Case 4: 10GB Multiple filters¶
Enable ethertype filter, SYN filter and 5-tuple Filter on the port 0 at same time. Assigning different filters to different queues on port 0:
testpmd> syn_filter 0 add priority high queue 1
testpmd> ethertype_filter 0 add ethertype 0x0806 priority disable 0 queue 3
testpmd> 5tuple_filter 0 add dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol tcp mask 0x1f priority 3 queue 3
testpmd> start
Configure the traffic generator to send different packets. Such as,SYN packets, ARP packets, IP packets and packets with(dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp):
testpmd> stop
Verify that different packets are received (RX-packets incremented)on the assigned queue. Remove ethertype filter:
testpmd> ethertype_filter 0 del ethertype 0x0806 priority disable 0 queue 3
testpmd>start
Send SYN packets, ARP packets and packets with (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp):
testpmd> stop
Verify that all packets are received (RX-packets incremented)on the assigned queue except arp packets, remove 5-tuple filter:
testpmd>5tuple_filter 0 del dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol tcp mask 0x1f priority 3 queue 3
testpmd> start
Send different packets such as,SYN packets, ARP packets, packets with (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp):
testpmd>stop
Verify that only SYN packets are received (RX-packets incremented)on the assigned queue set off SYN filter:
testpmd>syn_filter 0 del priority high queue 1
testpmd>start
Configure the traffic generator to send 5 SYN packets:
testpmd>stop
Verify that the packets are not received (RX-packets do not increased)on the queue 1.
15.7. Test Case 5: 2-tuple filter¶
This case is designed for NIC type:I350, 82580. Enable the receipt of udp packets with queue 1 on port 0:
testpmd> 2tuple_filter 0 add protocol 0x11 1 dst_port 64 1 flags 0 priority 3 queue 1
Then setup for receive:
testpmd> start
Send 15 udp packets(dst_port = 15, protocol = udp) and 15 non udp packets. Reading the stats for port 0 after sending packets:
testpmd> stop
Verify that the udp packets are received (RX-packets incremented)on the queue 1. Remove 2tuple filter:
testpmd> 2tuple_filter 0 del protocol 0x11 1 dst_port 64 1 flags 0 priority 3 queue 1
testpmd> start
Configure the traffic generator to send udp packets(dst_port = 15, protocol = udp). Reading the stats for port 0 after sending packets:
testpmd> stop
Verify that the packets are not received (RX-packets do not increased)on the queue 1. Also, you can change the value of protocol or dstport or flags to set a new filter.the rest of steps are same. For example:
Enable the receipt of UDP packets with queue 1 on port 1:
testpmd> 2tuple_filter 1 add protocol 0x011 1 dst_port 64 1 flags 0 priority 3 queue 2
Enable the receipt of TCP packets with flags on queue 1 of port 1:
testpmd> 2tuple_filter 1 add protocol 0x06 1 dst_port 64 1 flags 0x3F priority 3 queue 3
15.8. Test Case 6: flex filter¶
This case is designed for NIC type:I350, 82576,82580. Enable the receipt of packets(context) with queue 1 on port 0:
testpmd> flex_filter 0 add len 16 bytes 0x0123456789abcdef0000000008060000 mask 000C priority 3 queue 1
If flex Filter is added successfully, it displays:
bytes[0]:01 bytes[1]:23 bytes[2]:45 bytes[3]:67 bytes[4]:89 bytes[5]:ab bytes[6]:cd bytes[7]:ef bytes[8]:00 bytes[9]:00 bytes[10]:00 bytes[11]:00 bytes[12]:08 bytes[13]:06 bytes[14]:00 bytes[15]:00
mask[0]:00 mask[1]:0c
Then setup for receive:
testpmd> start
Configure the traffic generator to send packets(context) and arp packets. Reading the stats for port 0 after sending packets:
testpmd> stop
Verify that the arp packets are received (RX-packets incremented)on the queue 1. Remove flex filter:
testpmd> flex_filter 0 add len 16 bytes 0x0123456789abcdef0000000008060000 mask 000C priority 3 queue 1
testpmd> start
Configure the traffic generator to send packets(context).Reading the stats for port 0 after sending packets:
testpmd> stop
Verify that the packets are not received (RX-packets do not increased)on the queue 1. Also, you can change the value of length or context or mask to set a new filter.the rest of steps are same:
testpmd> flex_filter 0 add len 32 bytes 0x0123456789abcdef00000000080600000123456789abcdef0000000008060000 mask 000C000C priority 1 queue 2
15.9. Test Case 7: priority filter¶
This case is designed for NIC (niantic,I350, 82576 and 82580). If packets are match on different filters with same type, the filter with high priority will be receive packets. For example, packets are match on two five-tuple filters with different priority, the filter with high priority will be receive packets. if packets are match on different filters with different type, packets based on the above criteria and the following order.when syn set priority high, syn filter has highest priority than others filter. And flex filter has higher priority than 2-tuple filter. If the Nic is niantic, enable the 5-tuple filter:
testpmd> 5tuple_filter 0 add dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol 0x06 mask 0x1f flags 0x0 priority 2 queue 2
testpmd> 5tuple_filter 0 add dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 2 src_port 2 protocol 0x06 mask 0x18 flags 0x0 priority 3 queue 3
testpmd> start
Configure the traffic generator to send packets (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp).
testpmd> stop
packets are received (RX-packets be increased)on the queue 2. Remove the 5tuple filter with high priority:
testpmd>5tuple_filter 0 del dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol 0x06 mask 0x1f flags 0x0 priority 2 queue 2
testpmd> start
Configure the traffic generator to send packets (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp)
testpmd> stop
packets are received (RX-packets be increased)on the queue 3. If the Nic is I350 or 82580, enable the 2-tuple and flex filters:
testpmd> flex_filter 0 add len 16 bytes 0x0123456789abcdef0000000008000000 mask 000C priority 2 queue 1
testpmd> 2tuple_filter 0 add protocol 0x11 1 dst_port 64 1 flags 0 priority 3 queue 2
testpmd> start
Configure the traffic generator to send packets (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 64 src_port = 1 protocol = udp).
testpmd> stop
packets are received (RX-packets be increased)on the queue 2. Remove the 2tuple filter with high priority:
testpmd> 2tuple_filter 0 add protocol 0x11 1 dst_port 64 1 flags 0 priority 3 queue 2
testpmd> start
Configure the traffic generator to send packets (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 64 src_port = 1 protocol = udp),
testpmd> stop
packets are received (RX-packets be increased)on the queue 1. If the Nic is 82576, enable the syn and 2-tuple filter:
testpmd>5tuple_filter 0 add dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol 0x06 mask 0x1f flags 0x02 priority 3 queue 3
testpmd>syn_filter 0 add priority high queue 2
testpmd> start
Configure the traffic generator to send packets (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp flags = “S”).
testpmd>stop
packets are received (RX-packets be increased)on the queue 2. Remove the syn filter with high priority:
testpmd>syn_filter 0 del priority high queue 2
testpmd>start
Configure the traffic generator to send packets (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 64 src_port = 1 protocol = tcp flags = “S”).
testpmd> stop
packets are received (RX-packets be increased)on the queue 3.
15.10. Test Case 8: 1GB Multiple filters¶
This case is designed for NIC(I350, 82576,82580). Enable syn filter and ethertype filter on the port 0 at the same time. Assigning different filters to different queues on port 0.Enable the filters:
testpmd> syn_filter 0 add priority high queue 1
testpmd> ethertype_filter 0 add ethertype 0x0806 priority disable 0 queue 3
testpmd> start
Configure the traffic generator to send ethertype packets and arp packets:
testpmd> stop
Then Verify that the packet are received on the queue 1,queue 3. Remove all the filter:
testpmd> syn_filter 0 add priority high queue 1
testpmd> ethertype_filter 0 add ethertype 0x0806 priority disable 0 queue 3
Configure the traffic generator to send udp packets and arp packets. Then Verify that the packet are not received on the queue 1 and queue 3:
testpmd> quit
15.11. Test Case 9: jumbo framesize filter¶
This case is designed for NIC (niantic,I350, 82576 and 82580). Since
Testpmd could transmits packets with jumbo frame size , it also could
transmit above packets on assigned queue. Launch the app testpmd with the
following arguments:
testpmd -c ffff -n 4 -- -i --disable-rss --rxq=4 --txq=4 --nb-cores=8 --nb-ports=2 --rxd=1024 --txd=1024 --burst=144 --txpt=32 --txht=8 --txwt=0 --txfreet=0 --rxfreet=64 --mbcache=200 --mbuf-size=2048 --max-pkt-len=9600
testpmd>set stat_qmap rx 0 0 0
testpmd>set stat_qmap rx 0 1 1
testpmd>set stat_qmap rx 0 2 2
testpmd>vlan set strip off 0
testpmd>vlan set strip off 1
testpmd>vlan set filter off 0
testpmd>vlan set filter off 1
Enable the syn filters with large size:
testpmd> syn_filter 0 add priority high queue 1
testpmd> start
Configure the traffic generator to send syn packets(framesize=2000):
testpmd> stop
Then Verify that the packet are received on the queue 1. Remove the filter:
testpmd> syn_filter 0 del priority high queue 1
Configure the traffic generator to send syn packets and s. Then Verify that the packet are not received on the queue 1:
testpmd> quit
15.12. Test Case 10: 128 queues¶
This case is designed for NIC(niantic). Since NIC(niantic) has 128 transmit
queues, it should be supports 128 kinds of filter if Hardware have enough
cores. Launch the app testpmd with the following arguments:
./testpmd -c fffff -n 4 -- -i --disable-rss --rxq=128 --txq=128 --nb-cores=16 --nb-ports=2 --total-num-mbufs=60000
testpmd>set stat_qmap rx 0 0 0
testpmd>set stat_qmap rx 0 64 1
testpmd>set stat_qmap rx 0 64 2
testpmd>vlan set strip off 0
testpmd>vlan set strip off 1
testpmd>vlan set filter off 0
testpmd>vlan set filter off 1
Enable the 5-tuple Filters with different queues (64,127) on port 0 for niantic:
testpmd> 5tuple_filter 0 add dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol 0x06 mask 0x1f flags 0x0 priority 3 queue 64 index 1
testpmd> 5tuple_filter 0 add dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 2 src_port 1 protocol 0x06 mask 0x1f flags 0x0 priority 3 queue 127 index 1
Send packets(dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 1 src_port = 1 protocol = tcp) and (dst_ip = 2.2.2.5 src_ip = 2.2.2.4 dst_port = 2 src_port = 1 protocol = tcp ). Then reading the stats for port 0 after sending packets. packets are received on the queue 64 and queue 127 When setting 5-tuple Filter with queue(128), it will display failure because the number of queues no more than 128.
15.13. Test Case 11: 10G NIC Performance¶
This case is designed for Niantic. It provides the performance data with and without generic filter:
Launch app without filter
./testpmd -c fffff -n 4 -- -i --disable-rss --rxq=4 --txq=4 --nb-cores=16 --nb-ports=2
testpmd> start
Send the packets stream from packet generator:
testpmd> quit
Enable the filters on app:
./testpmd -c fffff -n 4 -- -i --disable-rss --rxq=4 --txq=4 --nb-cores=16 --nb-ports=2
testpmd>set stat_qmap rx 0 0 0
testpmd>set stat_qmap rx 0 1 1
testpmd>set stat_qmap rx 0 2 2
testpmd>set stat_qmap rx 0 3 3
testpmd>set flush_rx on
testpmd> add_syn_filter 0 priority high queue 1
testpmd> add_ethertype_filter 0 ethertype 0x0806 priority disable 0 queue 2 index 1
testpmd> add_5tuple_filter 0 dst_ip 2.2.2.5 src_ip 2.2.2.4 dst_port 1 src_port 1 protocol 0x06 mask 0x1f flags 0x02 priority 3 queue 3 index 1
testpmd> start
Send the packets stream from packet generator:
testpmd> quit
| Frame Size | disable filter | enable filter |
| 64 | ||
| 128 | ||
| 256 | ||
| 512 | ||
| 1024 | ||
| 1280 | ||
| 1518 |
15.14. Test Case 12: 1G NIC Performance¶
This case is designed for NIC (I350, 82580, and 82576). It provides the performance data with and without generic filter:
./testpmd -c fffff -n 4 -- -i --disable-rss --rxq=4 --txq=4 --nb-cores=16 --nb-ports=2
testpmd> start
Send the packets stream from packet generator:
testpmd> quit
Enable the filter:
./testpmd -c fffff -n 4 -- -i --disable-rss --rxq=4 --txq=4 --nb-cores=16 --nb-ports=2
testpmd>set stat_qmap rx 0 0 0
testpmd>set stat_qmap rx 0 1 1
testpmd>set stat_qmap rx 0 2 2
testpmd>set stat_qmap rx 0 3 3
testpmd>set flush_rx on
testpmd> add_syn_filter 0 priority high queue 1
testpmd> add_ethertype_filter 0 ethertype 0x0806 priority disable 0 queue 2 index 1
testpmd> start
Send the packets stream from packet generator:
testpmd> quit
| Frame Size | disable filter | enable filter |
| 64 | ||
| 128 | ||
| 256 | ||
| 512 | ||
| 1024 | ||
| 1280 | ||
| 1518 |