[dts] [PATCH 1/3] Add l3fwdacl test plan

[lijuan,tu]

From: Lijuan Tu <lijuanx.a.tu at intel.com>

Signed-off-by: Lijuan Tu <lijuanx.a.tu at intel.com>
---
 test_plans/l3fwdacl_test_plan.rst |  349 +++++++++++++++++++++++++++++++++++++
 1 files changed, 349 insertions(+), 0 deletions(-)
 create mode 100644 test_plans/l3fwdacl_test_plan.rst

diff --git a/test_plans/l3fwdacl_test_plan.rst b/test_plans/l3fwdacl_test_plan.rst
new file mode 100644
index 0000000..8dbb8d5
--- /dev/null
+++ b/test_plans/l3fwdacl_test_plan.rst
@@ -0,0 +1,349 @@
+.. Copyright (c) <2014>, Intel Corporation
+   All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   - Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+
+   - Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in
+     the documentation and/or other materials provided with the
+     distribution.
+
+   - Neither the name of Intel Corporation nor the names of its
+     contributors may be used to endorse or promote products derived
+     from this software without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+   COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================
+Layer-3 Forwarding with Access Control
+======================================
+
+Description
+===========
+
+This document contains the test plan and results for testing
+``l3fwd-acl`` using the ACL library for access control and L3
+forwarding.
+
+The ``l3fwd-acl`` application uses an IPv4 5-tuple syntax for packet
+matching. The 5-tuple consist of source IP address, destination IP
+address, source port, destination port and a protocol identifier.
+
+The ``l3fwd-acl`` application supports two types of rules:
+
+#. Route information which is used for L3 forwarding.
+#. An access control list which defines the black list to block.
+
+The ``l3fwd-acl`` application needs to load ACL and route rules before
+running. Route rules are mandatory while ACL rules are optional. After
+receiving packets from ports, ``l3fwd-acl`` will extract the necessary
+info from the TCP/IP header of received packets and perform a lookup
+in a rule database to figure out whether the packets should be dropped
+(in the ACL range) or forwarded to desired ports.
+
+	
+Prerequisites
+=============
+
+#. Hardware and Software Setup:
+
+    - Intel CrownPass Board with:
+
+      - 2 CPUs: each core is 10x Intel Xeon cores at 2.8GHz IVB.
+      - 8x DDR3 DIMMs at 1600 MHz of 8GB each. Each of the 4 memory
+        channels of each CPU is populated with 1 DIMMs.
+      - 4x Intel 82599 (Niantic) (1x 10GbE full duplex optical port
+        per NIC).
+
+    - BIOS version SE5C600.86B.99.99.x065.040220131106 (04/02/2012).
+
+    - Software configuration:
+
+      - Linux operating system: Fedora 18.
+      - Linux kernel version: 3.6.10-4.
+      - Linux kernel recompiled with huge pages, UIO and HPET enabled.
+
+    - Packet generator:
+
+      - IXIA.
+
+#. BIOS requirements;
+
+    - Intel Hyper-Threading Technology is ENABLED
+    - Hardware Prefetcher is DISABLED
+    - Adjacent Cache Line Prefetch is DISABLED
+    - Direct Cache Access is DISABLED
+
+#. Linux kernel requirements:
+
+    - Linux kernel has the following features enabled: huge page support, UIO, HPET
+    - Appropriate number of huge pages are reserved at kernel boot time
+    - The IDs of the hardware threads (logical cores) per each CPU socket can be
+      determined by parsing the file /proc/cpuinfo.
+
+Test Case: packet match ACL rule
+================================
+Ipv4 packet match source ip address 200.10.0.1 will be dropped::
+
+	Add one ACL rule @200.10.0.1/32 0.0.0.0/0 0 : 65535 0 : 65535 0/0 in rule_ipv4.db
+	Add default route rule R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule_ipv4.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+	
+	Send one ipv4 packet with source ip address 200.10.0.1 will be dropped.
+	Send one ipv4 packet with source ip address 200.10.0.2 will be forwarded to PORT0
+	
+Ipv4 packet match destination ip address 100.10.0.1 will be dropped::
+
+	Add one ACL rule @0.0.0.0/0 100.10.0.1/32 0 : 65535 0 : 65535 0/0 in rule_ipv4.db
+	Add default route rule R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule_ipv4.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+
+	Send one ipv4 packet with destination ip address 100.10.0.1 will be dropped.
+	Send one ipv4 packet with destination ip address 100.10.0.2 will be forwarded to PORT0
+	
+Ipv4 packet match source port 11 will be dropped::
+
+	Add one ACL rule @0.0.0.0/0 0.0.0.0/0 11 : 11 0 : 65535 0/0 in rule.db
+	Add default route rule R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+	
+	Send one ipv4 packet with source port 11 will be dropped.
+	Send one ipv4 packet with source port 1 will be forwarded to PORT0
+
+Ipv4 packet match destination port 101 will be dropped::
+
+	Add one ACL rule @0.0.0.0/0 0.0.0.0/0 0 : 65535 101 : 101 0/0 in rule.db
+	Add default route rule R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+	
+	Send one ipv4 packet with destination port 101 will be dropped.
+	Send one ipv4 packet with destination port 1 will be forwarded to PORT0
+
+Ipv4 packet match protocal TCP will be dropped::
+
+	Add one ACL rule @1.1.1.1/32 0.0.0.0/0 0 : 65535 0 : 65535 6/0xff in rule.db
+	Add default route rule R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+
+	Send one TCP ipv4 packet will be dropped.
+	Send one UDP ipv4 packet will be forwarded to PORT0
+	
+Ipv4 packet match 5-tuple will be dropped::
+
+	Add one ACL rule @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff in rule.db
+	Add default route rule R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+	
+	Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip address 100.10.0.1,
+	source port	11, destination port 101 will be dropped.
+	Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip address 100.10.0.1, 
+	source port 11, destination port 101 will be forwarded to PORT0.
+	
+Ipv6 packet match source ipv6 address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped::
+
+	Add one ACL rule @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0/0 in rule_ipv6.db
+	Add default route rule R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule_ipv6.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+	
+	Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+	Send one ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7342/128 will be forwarded to PORT0
+	
+Ipv6 packet match destination ipv6 address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128  will be dropped::
+
+	Add one ACL rule @0:0:0:0:0:0:0:0/0 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 0 : 65535 0 : 65535 0/0 in rule.db
+	Add default route rule R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+	
+	Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 will be dropped.
+	Send one ipv6 packet with destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:    7343/128 will be forwarded to PORT0
+	
+Ipv6 packet match source port 11 will be dropped::
+
+	Add one ACL rule @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 11 : 11 0 : 65535 0/0 in rule.db
+	Add default route rule R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+	
+	Send one ipv6 packet with source port 11 will be dropped.
+	Send one ipv6 packet with source port 1 will be forwarded to PORT0
+
+Ipv6 packet match destination port 101 will be dropped::
+
+	Add one ACL rule @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 101 : 101 0/0 in rule.db
+	Add default route rule R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+	
+	Send one ipv6 packet with destination port 101 will be dropped.
+	Send one ipv6 packet with destination port 1 will be forwarded to PORT0
+
+Ipv6 packet match protocal TCP will be dropped::
+
+	Add one ACL rule @0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 6/0xff in rule.db
+	Add default route rule R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+
+	Send one TCP ipv6 packet will be dropped.
+	Send one UDP ipv6 packet will be forwarded to PORT0
+	
+Ipv6 packet match 5-tuple will be dropped::
+
+	Add one ACL rule @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff in rule_ipv6.db
+	Add default route rule R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule_ipv6.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	 --rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+	
+	Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128, destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128,
+	source port	11, destination port 101 will be dropped.
+	Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128, destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128, 
+	source port 11, destination port 101 will be forwarded to PORT0.
+
+
+Test Case: packet match Exact route rule
+========================================
+	Add two exact rule as below in rule_ipv4.db
+	R200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff 0
+	R200.20.0.1/32 100.20.0.1/32 12 : 12 102 : 102 0x06/0xff 1
+
+	Add two exact rule as below in rule_ipv6.db
+	R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 11 : 11 101 : 101 0x06/0xff 0
+	R2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128 12 : 12 102 : 102 0x06/0xff 1
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	--rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+
+	Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip address 100.10.0.1,source port 11, destination port 101 will be forward to PORT0.
+	Send one TCP ipv4 packet with source ip address 200.20.0.1, destination ip address 100.20.0.1,source port 12, destination port 102 will be forward to PORT1.
+	
+	Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344, destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344, source port 11, destination port 101 will be forward to PORT0.
+	Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7343, destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,source port 12, destination port 102 will be forward to PORT1.
+
+Test Case: packet match LPM route rule
+============================================
+	Add two LPM rule as below in rule_ipv4.db
+	R0.0.0.0/0 1.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 0
+	R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+	Add two LPM rule as below in rule_ipv6.db
+	R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 0
+	R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	--rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+
+	Send one TCP ipv4 packet with destination ip address 1.1.1.1 will be forward to PORT0.
+	Send one TCP ipv4 packet with source ip address 2.1.1.1 will be forward to PORT1.
+
+	Send one TCP ipv6 packet with destination ip address 1:1:1:1:1:1:0:0 will be forward to PORT0.
+	Send one TCP ipv6 packet with source ip address 2:1:1:1:1:1:0:0 will be forward to PORT1.
+
+Test Case: packet match by scalar function
+============================================
+Packet match 5-tuple will be dropped::
+	Add one ACL rule @200.10.0.1/32 100.10.0.1/32 11 : 11 101 : 101 0x06/0xff in rule_ipv4.db
+	Add default route rule R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule_ipv4.db
+
+	Add one ACL rule @2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101 11 : 11 101 : 101 0x06/0xff in rule_ipv6.db
+	Add default route rule R0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 0 in rule_ipv6.db
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	--rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db" --scalar
+	
+	Send one TCP ipv4 packet with source ip address 200.10.0.1, destination ip address 100.10.0.1,
+	source port 11, destination port 101 will be dropped.
+	Send one TCP ipv4 packet with source ip address 200.10.0.2, destination ip address 100.10.0.1, 
+	source port 11, destination port 101 will be forwarded to PORT0.
+
+	Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/128, destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101,
+	source port 11, destination port 101 will be dropped.
+	Send one TCP ipv6 packet with source ip address 2001:0db8:85a3:08d3:1319:8a2e:0370:7343, destination ip address 2002:0db8:85a3:08d3:1319:8a2e:0370:7344,
+	source port 11, destination port 101 will be forwarded to PORT0.
+
+Test Case: Invalid ACL rule
+============================================
+	Add two ACL rule as below in rule_ipv4.db
+	R0.0.0.0/0 1.1.1.0/24 12 : 11 : 65535 0x00/0x00 0
+	R0.0.0.0/0 2.1.1.0/24 0 : 65535 0 : 65535 0x00/0x00 1
+
+	Add two ACL rule as below in rule_ipv6.db
+	R0:0:0:0:0:0:0:0/0 1:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0
+	R0:0:0:0:0:0:0:0/0 2:1:1:1:1:1:0:0/96 0 : 65535 0 : 65535 0x00/0x00 1
+
+	./examples/l3fwd-acl/build/l3fwd-acl -c ff -n 3 -- -p 0x3 --config="(0,0,2),(1,0,3)"
+	--rule_ipv4="/root/rule_ipv4.d" --rule_ipv6="/root/rule_ipv6.db"
+
+    The l3fwdacl will not set up because of ivalid ACL rule.     
+
+Test Case: ACL performance
+==========================
+
+The following methodology is used to test the ``l3fwd-acl`` performance:
+
+#. Convert CB generated rules into 'routing' ``l3fwd-acl`` rules by
+   adding a forwarding port number for each rule: each even rule will
+   have forwarding port A, each odd rule will have forwarding port B.
+
+#. Split the CB test vector into 2 by matching the rule values: e.g.,
+   packets that match even rules go into test-vector A, packets that
+   match odd rules go into test-vector B.
+
+   Note: In the available IXIA configuration the maximumn allowable
+   number of streams was 512, so it was necessary to limit each
+   test-vector to 512 entries. It was done in this way to maximize the
+   number of rules for TCP and UDP that were covered. This gave pretty
+   good coverage, except for the acl2 and acl5 which which have a lot
+   of non TCP/UDP packets::
+
+      Rule set         Num rules/Num covered
+      acl1_1000        953/827
+      acl2_1000        965/502
+      acl3_1000        987/897
+      acl4_1000        990/910
+      acl5_1000        728/594
+
+#. Use the Python ``scapy`` application to convert each test-vector
+   into a PCAP file (note that only TCP and UDP packets will be
+   converted).
+
+#. Upload the corresponding PCAP files (one for each IXIA port) to
+   IXIA and convert them to IXIA packets streams.
+
+#. Start ``l3fwd-acl`` with corresponding rules set and run test over
+   ports A, B.
-- 
1.7.4.4