/* * Copyright (c) 2015 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* *------------------------------------------------------------------ * acl_test.c - test harness plugin *------------------------------------------------------------------ */ #include #include #include #include #include #include #include #define __plugin_msg_base acl_test_main.msg_id_base #include uword unformat_sw_if_index (unformat_input_t * input, va_list * args); /* Declare message IDs */ #include /* define message structures */ #define vl_typedefs #include #undef vl_typedefs /* define message structures */ #define vl_endianfun #include #undef vl_endianfun /* instantiate all the print functions we know about */ #define vl_print(handle, ...) #define vl_printfun #include #undef vl_printfun /* Get the API version number. */ #define vl_api_version(n,v) static u32 api_version=(v); #include #undef vl_api_version typedef struct { /* API message ID base */ u16 msg_id_base; vat_main_t *vat_main; } acl_test_main_t; acl_test_main_t acl_test_main; #define foreach_standard_reply_retval_handler \ _(acl_del_reply) \ _(acl_interface_add_del_reply) \ _(macip_acl_interface_add_del_reply) \ _(acl_interface_set_acl_list_reply) \ _(macip_acl_del_reply) #define foreach_reply_retval_aclindex_handler \ _(acl_add_replace_reply) \ _(macip_acl_add_reply) #define _(n) \ static void vl_api_##n##_t_handler \ (vl_api_##n##_t * mp) \ { \ vat_main_t * vam = acl_test_main.vat_main; \ i32 retval = ntohl(mp->retval); \ if (vam->async_mode) { \ vam->async_errors += (retval < 0); \ } else { \ vam->retval = retval; \ vam->result_ready = 1; \ } \ } foreach_standard_reply_retval_handler; #undef _ #define _(n) \ static void vl_api_##n##_t_handler \ (vl_api_##n##_t * mp) \ { \ vat_main_t * vam = acl_test_main.vat_main; \ i32 retval = ntohl(mp->retval); \ if (vam->async_mode) { \ vam->async_errors += (retval < 0); \ } else { \ clib_warning("ACL index: %d", ntohl(mp->acl_index)); \ vam->retval = retval; \ vam->result_ready = 1; \ } \ } foreach_reply_retval_aclindex_handler; #undef _ /* These two ought to be in a library somewhere but they aren't */ static uword my_unformat_mac_address (unformat_input_t * input, va_list * args) { u8 *a = va_arg (*args, u8 *); return unformat (input, "%x:%x:%x:%x:%x:%x", &a[0], &a[1], &a[2], &a[3], &a[4], &a[5]); } static u8 * my_format_mac_address (u8 * s, va_list * args) { u8 *a = va_arg (*args, u8 *); return format (s, "%02x:%02x:%02x:%02x:%02x:%02x", a[0], a[1], a[2], a[3], a[4], a[5]); } static void vl_api_acl_plugin_get_version_reply_t_handler (vl_api_acl_plugin_get_version_reply_t * mp) { vat_main_t * vam = acl_test_main.vat_main; clib_warning("ACL plugin version: %d.%d", ntohl(mp->major), ntohl(mp->minor)); vam->result_ready = 1; } static void vl_api_acl_interface_list_details_t_handler (vl_api_acl_interface_list_details_t * mp) { int i; vat_main_t * vam = acl_test_main.vat_main; u8 *out = 0; vl_api_acl_interface_list_details_t_endian(mp); out = format(out, "sw_if_index: %d, count: %d, n_input: %d\n", mp->sw_if_index, mp->count, mp->n_input); out = format(out, " input "); for(i=0; icount; i++) { out = format(out, "%d ", mp->acls[i]); if (i == mp->n_input-1) out = format(out, "\n output "); } out = format(out, "\n"); clib_warning("%s", out); vec_free(out); vam->result_ready = 1; } static inline u8 * vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a) { int af = a->is_ipv6 ? AF_INET6 : AF_INET; u8 src[INET6_ADDRSTRLEN]; u8 dst[INET6_ADDRSTRLEN]; inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src)); inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst)); out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d %d", a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit, src, a->src_ip_prefix_len, dst, a->dst_ip_prefix_len, a->proto, a->srcport_or_icmptype_first, a->srcport_or_icmptype_last, a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last, a->tcp_flags_mask, a->tcp_flags_value); return(out); } static void vl_api_acl_details_t_handler (vl_api_acl_details_t * mp) { int i; vat_main_t * vam = acl_test_main.vat_main; vl_api_acl_details_t_endian(mp); u8 *out = 0; out = format(0, "acl_index: %d, count: %d\n tag {%s}\n", mp->acl_index, mp->count, mp->tag); for(i=0; icount; i++) { out = format(out, " "); out = vl_api_acl_rule_t_pretty_format(out, &mp->r[i]); out = format(out, "%s\n", icount-1 ? "," : ""); } clib_warning("%s", out); vec_free(out); vam->result_ready = 1; } static inline u8 * vl_api_macip_acl_rule_t_pretty_format (u8 *out, vl_api_macip_acl_rule_t * a) { int af = a->is_ipv6 ? AF_INET6 : AF_INET; u8 src[INET6_ADDRSTRLEN]; inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src)); out = format(out, "%s action %d ip %s/%d mac %U mask %U", a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit, src, a->src_ip_prefix_len, my_format_mac_address, a->src_mac, my_format_mac_address, a->src_mac_mask); return(out); } static void vl_api_macip_acl_details_t_handler (vl_api_macip_acl_details_t * mp) { int i; vat_main_t * vam = acl_test_main.vat_main; vl_api_macip_acl_details_t_endian(mp); u8 *out = format(0,"MACIP acl_index: %d, count: %d\n tag {%s}\n", mp->acl_index, mp->count, mp->tag); for(i=0; icount; i++) { out = format(out, " "); out = vl_api_macip_acl_rule_t_pretty_format(out, &mp->r[i]); out = format(out, "%s\n", icount-1 ? "," : ""); } clib_warning("%s", out); vec_free(out); vam->result_ready = 1; } static void vl_api_macip_acl_interface_get_reply_t_handler (vl_api_macip_acl_interface_get_reply_t * mp) { int i; vat_main_t * vam = acl_test_main.vat_main; u8 *out = format(0, "sw_if_index with MACIP ACL count: %d\n", ntohl(mp->count)); for(i=0; icount); i++) { out = format(out, " macip_acl_interface_add_del sw_if_index %d add acl %d\n", i, ntohl(mp->acls[i])); } out = format(out, "\n"); clib_warning("%s", out); vec_free(out); vam->result_ready = 1; } /* * Table of message reply handlers, must include boilerplate handlers * we just generated */ #define foreach_vpe_api_reply_msg \ _(ACL_ADD_REPLACE_REPLY, acl_add_replace_reply) \ _(ACL_DEL_REPLY, acl_del_reply) \ _(ACL_INTERFACE_ADD_DEL_REPLY, acl_interface_add_del_reply) \ _(ACL_INTERFACE_SET_ACL_LIST_REPLY, acl_interface_set_acl_list_reply) \ _(ACL_INTERFACE_LIST_DETAILS, acl_interface_list_details) \ _(ACL_DETAILS, acl_details) \ _(MACIP_ACL_ADD_REPLY, macip_acl_add_reply) \ _(MACIP_ACL_DEL_REPLY, macip_acl_del_reply) \ _(MACIP_ACL_DETAILS, macip_acl_details) \ _(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \ _(MACIP_ACL_INTERFACE_GET_REPLY, macip_acl_interface_get_reply) \ _(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply) static int api_acl_plugin_get_version (vat_main_t * vam) { acl_test_main_t * sm = &acl_test_main; vl_api_acl_plugin_get_version_t * mp; u32 msg_size = sizeof(*mp); int ret; vam->result_ready = 0; mp = vl_msg_api_alloc_as_if_client(msg_size); memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_VERSION + sm->msg_id_base); mp->client_index = vam->my_client_index; /* send it... */ S(mp); /* Wait for a reply... */ W (ret); return ret; } static int api_macip_acl_interface_get (vat_main_t * vam) { acl_test_main_t * sm = &acl_test_main; vl_api_acl_plugin_get_version_t * mp; u32 msg_size = sizeof(*mp); int ret; vam->result_ready = 0; mp = vl_msg_api_alloc_as_if_client(msg_size); memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_INTERFACE_GET + sm->msg_id_base); mp->client_index = vam->my_client_index; /* send it... */ S(mp); /* Wait for a reply... */ W (ret); return ret; } #define vec_validate_acl_rules(v, idx) \ do { \ if (vec_len(v) < idx+1) { \ vec_validate(v, idx); \ v[idx].is_permit = 0x1; \ v[idx].srcport_or_icmptype_last = 0xffff; \ v[idx].dstport_or_icmpcode_last = 0xffff; \ } \ } while (0) static int api_acl_add_replace (vat_main_t * vam) { acl_test_main_t * sm = &acl_test_main; unformat_input_t * i = vam->input; vl_api_acl_add_replace_t * mp; u32 acl_index = ~0; u32 msg_size = sizeof (*mp); /* without the rules */ vl_api_acl_rule_t *rules = 0; int rule_idx = 0; int n_rules = 0; u32 proto = 0; u32 port1 = 0; u32 port2 = 0; u32 action = 0; u32 tcpflags, tcpmask; u32 src_prefix_length = 0, dst_prefix_length = 0; ip4_address_t src_v4address, dst_v4address; ip6_address_t src_v6address, dst_v6address; u8 *tag = 0; int ret; if (!unformat (i, "%d", &acl_index)) { /* Just assume -1 */ } while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) { if (unformat (i, "ipv6")) { vec_validate_acl_rules(rules, rule_idx); rules[rule_idx].is_ipv6 = 1; } else if (unformat (i, "ipv4")) { vec_validate_acl_rules(rules, rule_idx); rules[rule_idx].is_ipv6 = 0; } else if (unformat (i, "permit+reflect")) { vec_validate_acl_rules(rules, rule_idx); rules[rule_idx].is_permit = 2; } else if (unformat (i, "permit")) { vec_validate_acl_rules(rules, rule_idx); 
VPP MRR Results
===============

.. note::

    Data sources for reported test results: i) `FD.io test executor vpp
    performance jobs`_, ii) archived FD.io jobs test result `output files
    <../../_static/archive/>`_.

.. toctree::

    vpp_mrr_results
; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ } 
---
# file: host_vars/10.30.51.39.yaml

hostname: "s53-nomad"
inventory_ipmi_hostname: "10.30.50.39"
cpu_microarchitecture: "thunderx"

# User management.
users:
  - username: localadmin
    groups: [adm, sudo]
    password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1"
    ssh_key:
      - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes"
  - username: testuser
    groups: [adm, sudo]
    password: "$6$zpBUdQ4q$P2zKclumvCndWujgP/qQ8eMk3YZk7ESAom04Fqp26hJH2jWkMXEX..jqxzMdDLJKiDaDHIaSkQMVjHzd3cRLs1"
    ssh_key:
      - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes"

# Nomad settings.
nomad_certificates:
  - src: "{{ vault_nomad_v1_ca_file }}"
    dest: "{{ nomad_ca_file }}"
  - src: "{{ vault_nomad_v1_cert_file }}"
    dest: "{{ nomad_cert_file }}"
  - src: "{{ vault_nomad_v1_key_file }}"
    dest: "{{ nomad_key_file }}"
nomad_datacenter: "yul1"
nomad_name: "{{ hostname }}-{{ ansible_architecture }}"
nomad_node_role: "client"
nomad_node_class: "builder"
nomad_options:
  driver.raw_exec.enable: 1
  docker.cleanup.image: false
  docker.privileged.enabled: true
  docker.volumes.enabled: true
  dr