前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >learning:vnet/Packet Generator

learning:vnet/Packet Generator

作者头像
dpdk-vpp源码解读
发布2023-03-07 17:32:32
8280
发布2023-03-07 17:32:32
举报
文章被收录于专栏:DPDK VPP源码分析DPDK VPP源码分析

本文内容来源于vpp wiki文档中关于如何使用packet Generator及pacpket tracer的介绍。

参考链接:https://wiki.fd.io/view/VPP/How_To_Use_The_Packet_Generator_and_Packet_Tracer

在vpp源码src/scripts/vnet路径下存放很多模块的脚本,都是使用packet genertor工具实现自发包。pg工具应该是vpp单元测试框架重要的一个组件,用来构造流量。

代码语言:javascript
复制
root@jinsh:/home/jinsh/workspace/vpp-master/src/scripts/vnet# ls
arp4       ipsec             lfib                    nat64_static                 tcp
arp4-mpls  ipsec_spd         mcast                   pcap                         tcp-test
arp6       ipsec_spd_vrf     mpls-o-ethernet         probe4                       tf-ucs-1
bvi        l2efpfilter       mpls-o-gre              probe6                       udp
dhcp       l2efpfilter_perf  mpls-to-dot1ad          rewrite                      uri
gre        l2fib             mpls-tunnel             rightpeer                    urpf
gre-teb    l2fib_perf        nat44                   rpf                          virl
icmp       l2fib_xc          nat44_det               rtt-test                     vlan
icmp6      l2flood           nat44_lb                source_and_port_range_check
ige        l2tp              nat44_static            speed
ip6        l3fwd             nat44_static_with_port  sr
ip6-hbh    leftpeer          nat64                   srp

另外此目录下脚本中有很多模块的功能配置命令行,比如ipsec文件中,有ipsec基本命令行的配置,可以学习到ipsec配置方法:通过pipe模块实现在同一个vpp中实现跨vrf报文转发。这样通过vrf隔离可以构造出ipsec的两端,从而在一个vpp进程中实现ipsec隧道的创建及流量转发,来验证ipsec基本功能。下面我截取了一部分内容:

代码语言:javascript
复制
#1、创建2个pg接口
create packet-generator interface pg0
create packet-generator interface pg1
#创建pipe 及vrf2 将pg1级pipe接口的一端加入vrf 1
pipe create

ip table add 1
set int ip table pg1 1
set int ip table pipe0.1 1
#配置ip地址。
set int ip address pg0 192.168.0.1/24
set int ip address pg1 192.168.1.1/24

set int ip address pipe0.0 10.0.0.1/24
set int ip address pipe0.1 10.0.0.2/24

set int state pg0 up
set int state pg1 up
set int state pipe0 up
#配置ipsec
ipsec sa add 20 spi 200 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
ipsec sa add 30 spi 300 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
#手动创建ipsec隧道。并讲其中一条ipsec隧道加入vrf 1.
create ipip tunnel src 10.0.0.1 dst 10.0.0.2
create ipip tunnel src 10.0.0.2 dst 10.0.0.1 outer-table-id 1

ipsec tunnel protect ipip0 sa-in 20 sa-out 30
ipsec tunnel protect ipip1 sa-in 30 sa-out 20

set int state ipip0 up
set int unnum ipip0 use pg0

set int state ipip1 up
set int ip table ipip1 1
set int unnum ipip1 use pg1
#配置构造流量的响应路由表。
ip route add 192.168.1.0/24 via ipip0
set ip neighbor pg1 192.168.1.2 00:11:22:33:44:55
ip route add table 1 192.168.0.0/24 via ipip1
set ip neighbor pg0 192.168.0.2 00:11:22:33:44:66

trace add pg-input 100

下面是arp4脚本来介绍PG工具的使用,如下所示:创建一个名称为“x”的数据包生成器流,它在启用时发送单个 ipv4 icmp 回显请求。trace add命令设置跟踪以pg-input图形节点为起始的 100 个数据包。并创建两个loop接口,分别配置数据包流同网段。

代码语言:javascript
复制
root@jinsh:/home/jinsh/workspace/vpp-master/src/scripts/vnet# cat arp4
packet-generator new {                        \
  name x                            \
  limit 1                            \
  node ip4-input                        \
  size 64-64                            \
  data {                            \
    ICMP: 1.0.0.2 -> 2.0.0.2                    \
    ICMP echo_request                        \
    incrementing 100                        \
  }                                \
}

trace add pg-input 100
loop create
loop create
set int state loop0 up
set int state loop1 up

set int ip address loop0 1.0.0.1/24
set int ip address loop1 2.0.0.1/24

在vpp命令行视图模式下,执行arp4脚本并查询pg相应的配置的如下:

代码语言:javascript
复制
#执行arp4脚本。需要注意一下,当前以vpp是以服务方式启动的,这里需要指定脚本的绝对路径
vpp# exec /home/jinsh/workspace/vpp-master/src/scripts/vnet/arp4
#查询名字为x的数据包生成器流内容。
vpp# show packet-generator verbose
Name               Enabled        Count     Parameters
x                    No             0       limit 1, rate 0.00e0 pps, size 64-64, buffer-size 2048, worker 0,
                                            hdr-size 20, offset 0,
                                            hdr-size 4, offset 20, edit-function 0x7f8674c1e130,
                                            hdr-size 40, offset 24,

#当前接口信息如下:
vpp# show interface addr
GigabitEthernet2/6/0 (up):
  L3 192.168.100.1/24
local0 (dn):
loop0 (up):
  L3 1.0.0.1/24
loop1 (up):
  L3 2.0.0.1/24
pg-1 (up):

启动数据包生成器x,并显示跟踪查询转发流程。下面的跟踪中看到数据包在被丢弃之前经过“ip4-not-enabled”。这是因为用于注入数据包的接口(默认为 pg-1)没有 IPv4 配置,因此没有触发 ARP请求报文发送流程。

代码语言:javascript
复制
vpp# packet-generator enable-stream
vpp#
vpp# show trace
------------------- Start of thread 0 vpp_main -------------------
Packet 1

00:04:33:929094: pg-input
  stream x, 64 bytes, sw_if_index 2
  current data 0, length 64, buffer-pool 0, ref-count 1, trace handle 0x0
  ICMP: 1.0.0.2 -> 2.0.0.2
    tos 0x00, ttl 64, length 64, checksum 0x77ba dscp CS0 ecn NON_ECN
    fragment id 0x0000
  ICMP echo_request checksum 0x7a6e id 1
00:04:33:929115: ip4-input
  ICMP: 1.0.0.2 -> 2.0.0.2
    tos 0x00, ttl 64, length 64, checksum 0x77ba dscp CS0 ecn NON_ECN
    fragment id 0x0000
  ICMP echo_request checksum 0x7a6e id 1
00:04:33:929123: ip4-not-enabled
    ICMP: 1.0.0.2 -> 2.0.0.2
      tos 0x00, ttl 64, length 64, checksum 0x77ba dscp CS0 ecn NON_ECN
      fragment id 0x0000
    ICMP echo_request checksum 0x7a6e id 1
00:04:33:929127: error-drop
  rx:pg-1
00:04:33:929129: drop
  null-node: blackholed packets

接下我们设置接口pg-1复用loop0接口ip地址的,重新启用数据包生成器x,并跟踪trace流程。下面trace流程可以看到arp请求报文已经发送。

代码语言:javascript
复制
#pg-1 复用loop0接口ip地址
vpp# set interface unnumbered pg-1 use loop0
#使能数据流生成器
vpp# packet-generator enable-stream
vpp# clear trace
vpp# trace add pg-input 100
vpp# packet-generator enable-stream
vpp# show trace
------------------- Start of thread 0 vpp_main -------------------
Packet 1

00:12:54:202909: pg-input
  stream x, 64 bytes, sw_if_index 2
  current data 0, length 64, buffer-pool 0, ref-count 1, trace handle 0x0
  ICMP: 1.0.0.2 -> 2.0.0.2
    tos 0x00, ttl 64, length 64, checksum 0x77ba dscp CS0 ecn NON_ECN
    fragment id 0x0000
  ICMP echo_request checksum 0x7a6e id 1
00:12:54:202921: ip4-input
  ICMP: 1.0.0.2 -> 2.0.0.2
    tos 0x00, ttl 64, length 64, checksum 0x77ba dscp CS0 ecn NON_ECN
    fragment id 0x0000
  ICMP echo_request checksum 0x7a6e id 1
00:12:54:202926: ip4-lookup
  fib 0 dpo-idx 5 flow hash: 0x00000000
  ICMP: 1.0.0.2 -> 2.0.0.2
    tos 0x00, ttl 64, length 64, checksum 0x77ba dscp CS0 ecn NON_ECN
    fragment id 0x0000
  ICMP echo_request checksum 0x7a6e id 1
00:12:54:202928: ip4-glean
    ICMP: 1.0.0.2 -> 2.0.0.2
      tos 0x00, ttl 64, length 64, checksum 0x77ba dscp CS0 ecn NON_ECN
      fragment id 0x0000
    ICMP echo_request checksum 0x7a6e id 1
00:12:54:202934: ip4-drop
    ICMP: 1.0.0.2 -> 2.0.0.2
      tos 0x00, ttl 64, length 64, checksum 0x77ba dscp CS0 ecn NON_ECN
      fragment id 0x0000
    ICMP echo_request checksum 0x7a6e id 1
00:12:54:202941: error-drop
  rx:pg-1
00:12:54:202945: drop
  ip4-glean: ARP requests sent

PG工具还支持回放pcap文件,下面我们通过vpp命令行创建一个tap0接口,并分别配置vpp接口ip(192.168.200.1)及内核tap0接口ip(192.168.200.2)。在内核设置抓包保存到1.pcap文件中。在vpp中ping 192.168.200.2 ip。抓取pcap文件内容如下:

代码语言:javascript
复制
root@jinsh:~# tcpdump -r 1.pcap -nnvv
reading from file 1.pcap, link-type EN10MB (Ethernet), snapshot length 262144
13:51:56.250850 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.200.2 tell 192.168.200.1, length 28
13:51:56.250892 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.200.2 is-at 02:fe:df:8d:a1:b6, length 28
13:51:57.249962 IP (tos 0x0, ttl 254, id 0, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.1 > 192.168.200.2: ICMP echo request, id 24497, seq 2, length 76
13:51:57.250158 IP (tos 0x0, ttl 64, id 4237, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.2 > 192.168.200.1: ICMP echo reply, id 24497, seq 2, length 76
13:51:58.249974 IP (tos 0x0, ttl 254, id 0, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.1 > 192.168.200.2: ICMP echo request, id 24497, seq 3, length 76
13:51:58.250003 IP (tos 0x0, ttl 64, id 4360, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.2 > 192.168.200.1: ICMP echo reply, id 24497, seq 3, length 76
13:51:59.249899 IP (tos 0x0, ttl 254, id 0, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.1 > 192.168.200.2: ICMP echo request, id 24497, seq 4, length 76
13:51:59.249931 IP (tos 0x0, ttl 64, id 4466, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.2 > 192.168.200.1: ICMP echo reply, id 24497, seq 4, length 76
13:52:00.249953 IP (tos 0x0, ttl 254, id 0, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.1 > 192.168.200.2: ICMP echo request, id 24497, seq 5, length 76
13:52:00.250006 IP (tos 0x0, ttl 64, id 4517, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.2 > 192.168.200.1: ICMP echo reply, id 24497, seq 5, length 76
13:52:02.458138 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.200.1 tell 192.168.200.2, length 28
13:52:02.458240 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.200.1 is-at 02:fe:18:21:1a:a2, length 28

下面我们指定数据包生成器s,指定回放上面抓取的pcap包,在内核接口打印tap0输出内容,看是否和pcap内容一致。

代码语言:javascript
复制
#1、首先创建一个pg0接口
create packet-generator interface pg0

#2、设置pg0接口状态up,并复用tap0接口ip
vpp# set interface state pg0 up
vpp# set interface unnumbered pg0 tap0

#3、查询接口信息
vpp# show interface addr
GigabitEthernet2/6/0 (up):
  L3 192.168.100.1/24
local0 (dn):
pg0 (up):
  unnumbered, use tap0
  L3 192.168.200.1/24
tap0 (up):
  L3 192.168.200.1/24

#4、设置PG 发包器S,并查询
vpp# packet-generator new pcap ~/1.pcap source pg0 name s

pp# show packet-generator verbose
Name               Enabled        Count     Parameters
s                    No             0       limit 12, rate 0.00e0 pps, size 42-110, buffer-size 2048, worker 0,

#5、启动PG发包器S,在内核设置tap0抓包。
packet-generator enable-stream

~~~~~~~~~~~~~~~~~~~~~~~~~
root@jinsh:~# tcpdump -i tap0 -nnvv
tcpdump: listening on tap0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:59:46.658092 IP (tos 0x0, ttl 253, id 0, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.1 > 192.168.200.2: ICMP echo request, id 24497, seq 2, length 76
13:59:46.658136 IP (tos 0x0, ttl 64, id 3496, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.2 > 192.168.200.1: ICMP echo reply, id 24497, seq 2, length 76
13:59:46.658140 IP (tos 0x0, ttl 253, id 0, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.1 > 192.168.200.2: ICMP echo request, id 24497, seq 3, length 76
13:59:46.658142 IP (tos 0x0, ttl 64, id 3497, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.2 > 192.168.200.1: ICMP echo reply, id 24497, seq 3, length 76
13:59:46.658143 IP (tos 0x0, ttl 253, id 0, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.1 > 192.168.200.2: ICMP echo request, id 24497, seq 4, length 76
13:59:46.658145 IP (tos 0x0, ttl 64, id 3498, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.2 > 192.168.200.1: ICMP echo reply, id 24497, seq 4, length 76
13:59:46.658147 IP (tos 0x0, ttl 253, id 0, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.1 > 192.168.200.2: ICMP echo request, id 24497, seq 5, length 76
13:59:46.658149 IP (tos 0x0, ttl 64, id 3499, offset 0, flags [none], proto ICMP (1), length 96)
    192.168.200.2 > 192.168.200.1: ICMP echo reply, id 24497, seq 5, length 76
13:59:51.706244 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.200.1 tell 192.168.200.2, length 28
13:59:51.706544 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.200.1 is-at 02:fe:18:21:1a:a2, length 28

至此我们介绍了pg功能基本使用方法,构造报文或者回放一个pcap文件,希望这个工具对你有所帮助。

本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2023-03-07,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 DPDK VPP源码分析 微信公众号,前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档