Skip to content

Commit ba477ac

Browse files
author
vlan-test-harness
committed
test(vlan): add dual-vlan + vip_addr + ipfw_pr config-layer functional test harness
Implements a 4-sub-agent harness (spec-writer / coder / reviewer / gate-keeper) to verify that f-stack vlan section parsing, if_clone_create, vip_addr setup, and ipfw_pr rule installation all succeed at primary startup with a dual-vlan multi-tenant config — without breaking the FreeBSD 13.0 -> 15.0 upgrade work. Scope: config-layer acceptance only (per task scope D). End-to-end e2e tests (loopback ping vip / client 802.1Q HTTP) are tracked as F-V1/F-V2 follow-ups. Verified against runtime helloworld primary at 2026-06-09 11:45 (pid 2349497): - vlan1 (192.169.0.0/24) and vlan2 (192.169.1.0/24) if_clone_create both OK: f-stack-0.1: Successed to if_clone_create vlan interface f-stack-0.2: Successed to if_clone_create vlan interface - ipfw rules installed and queryable via tools/sbin/ipfw: 00010 setfib 0 ip from 192.169.0.0/24 to any out (vlan_idx=0) 00020 setfib 1 ip from 192.169.1.0/24 to any out (vlan_idx=1) fib_num matches ff_veth.c:949 'fib_num = vlan_cfg->vlan_idx' exactly. - No vip/addr/ipfw setup errors in helloworld log. - 13.0 -> 15.0 vlan_cfg_handler diff is empty; no regression. Files added: config.test-vlan.ini dual-vlan test config (do not replace production config.ini; selected explicitly via -c) tools/sbin/vlan_test_orchestrator.sh leader entry point tools/sbin/vlan_test_validate.sh G1/G2/G3/G4 gate implementation (G2 uses setsid + </dev/null detach to avoid sudo+subshell do_wait hang previously seen) tools/sbin/.gitignore whitelist the two scripts above docs/.../vlan-vip-ipfw-test-plan.md harness plan (roles, gates, escalation policy) docs/.../vlan-vip-ipfw-test-spec.md spec (TC-V1..V5, risk register, cross-source check matrix) docs/.../vlan-vip-ipfw-test-execution-log.md execution trace (BOUNCE=0/3, hang root cause + fix, full gate output, follow-up list) Compliance: zero direct rm/kill/chmod calls. All cleanup goes through /data/workspace/{rm_tmp_file,kill_process,chmod_modify}.sh wrappers. Local commit only; no push (per phase-2/phase-5b/F-A1 convention).
1 parent cb1fe99 commit ba477ac

7 files changed

Lines changed: 1163 additions & 0 deletions

File tree

config.test-vlan.ini

Lines changed: 355 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,355 @@
1+
[dpdk]
2+
# Hexadecimal bitmask of cores to run on.
3+
lcore_mask=10
4+
5+
# Number of memory channels.
6+
channel=4
7+
8+
# Specify base virtual address to map.
9+
#base_virtaddr=0x7f0000000000
10+
11+
# Promiscuous mode of nic, defualt: enabled.
12+
promiscuous=1
13+
numa_on=1
14+
15+
# TX checksum offload skip, default: disabled.
16+
# We need this switch enabled in the following cases:
17+
# -> The application want to enforce wrong checksum for testing purposes
18+
# -> Some cards advertize the offload capability. However, doesn't calculate checksum.
19+
tx_csum_offoad_skip=0
20+
21+
# TCP segment offload, default: disabled.
22+
tso=0
23+
24+
# HW vlan strip, default: enabled.
25+
vlan_strip=1
26+
27+
# Set [vlanN]'s addrs like [portN] later
28+
# the format is same as port_list
29+
# Set vlan filter id, to enable L3/L4 RSS below vlan hdr is not enable after f-stack-1.22.
30+
# vlan-test 2026-06-09: enabled to match [vlan1]+[vlan2] sections below.
31+
vlan_filter=1,2
32+
33+
# sleep when no pkts incomming
34+
# unit: microseconds
35+
idle_sleep=20
36+
37+
# sent packet delay time(0-100) while send less than 32 pkts.
38+
# default 100 us.
39+
# if set 0, means send pkts immediately.
40+
# if set >100, will dealy 100 us.
41+
# unit: microseconds
42+
pkt_tx_delay=100
43+
44+
# use symmetric Receive-side Scaling(RSS) key, default: disabled.
45+
symmetric_rss=0
46+
47+
# PCI device enable list.
48+
# And driver options
49+
#allow=02:00.0
50+
# for multiple PCI devices
51+
#allow=02:00.0,03:00.0
52+
53+
# enabled port list
54+
#
55+
# EBNF grammar:
56+
#
57+
# exp ::= num_list {"," num_list}
58+
# num_list ::= <num> | <range>
59+
# range ::= <num>"-"<num>
60+
# num ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9'
61+
#
62+
# examples
63+
# 0-3 ports 0, 1,2,3 are enabled
64+
# 1-3,4,7 ports 1,2,3,4,7 are enabled
65+
#
66+
# If use bonding, shoule config the bonding port id in port_list
67+
# and not config slave port id in port_list
68+
# such as, port 0 and port 1 trank to a bonding port 2,
69+
# should set `port_list=2` and config `[port2]` section
70+
71+
port_list=0
72+
73+
# Number of vdev.
74+
nb_vdev=0
75+
76+
# Number of bond.
77+
nb_bond=0
78+
79+
# log level for dpdk, optional
80+
#log_level=8
81+
82+
# Log file level and prefix of F-Stack lib and FreeBSD.
83+
# fstack_log_level: 0-8, default 0.
84+
# 0 : means disable log file, and output to stdout/stderr/syslog(/var/log/message), etc.
85+
# 1-8 : log level, same to DPDK's log level, equal to system's log levle + 1.
86+
# 1 = EMERG
87+
# 2 = ALERT
88+
# 3 = CRIT
89+
# 4 = ERR
90+
# 5 = WARNING
91+
# 6 = NOTICE
92+
# 7 = INFO
93+
# 8 = DEBUG
94+
# fstack_log_file_prefix : log file prefix, and <proc_id> will splice with prefix, such as "./f-stack-0".
95+
#fstack_log_level=0
96+
#fstack_log_file_prefix=./f-stack-
97+
98+
99+
# Each core write into own pcap file, which is open one time, close one time if enough.
100+
# Support dump the first snaplen bytes of each packet.
101+
# if pcap file is lager than savelen bytes, it will be closed and next file was dumped into.
102+
[pcap]
103+
enable=0
104+
snaplen=96
105+
savelen=16777216
106+
savepath=.
107+
108+
# Port config section
109+
# Correspond to dpdk.port_list's index: port0, port1...
110+
[port0]
111+
addr=9.134.214.176
112+
netmask=255.255.248.0
113+
broadcast=9.134.215.255
114+
gateway=9.134.208.1
115+
# set interface name, Optional parameter.
116+
#if_name=eno7
117+
118+
# IPv6 net addr, Optional parameters.
119+
#addr6=ff::02
120+
#prefix_len=64
121+
#gateway6=ff::01
122+
123+
# Multi virtual IPv4/IPv6 net addr, Optional parameters.
124+
# `vip_ifname`: default `f-stack-x`
125+
# `vip_addr`: Separated by semicolons, MAX number 64;
126+
# Only support netmask 255.255.255.255, broadcast x.x.x.255 now, hard code in `ff_veth_setvaddr`.
127+
# `ipfw_pr`: Set simplest policy routing, Optional parameters.
128+
# Such as the cmd `ff_ipfw -P 0 add 100 setfib 0 ip from 192.168.0.0/24 to any out`
129+
# can set parameter`192.168.0.0 255.255.255.0`, cidr and netmask separated by space.
130+
# Multi cidr separated by semicolons.
131+
# IPv4 only now, and if you want set more complex policy routing, should use tool `ff_ipfw`.
132+
# `vip_addr6`: Separated by semicolons, MAX number 64.
133+
# `vip_prefix_len`: All addr6 use the same prefix now, default 64.
134+
#vip_ifname=lo0
135+
#vip_addr=192.168.0.3;192.168.0.4;192.168.0.5;192.168.0.6
136+
#ipfw_pr=192.168.0.0 255.255.255.0;192.168.10.0 255.255.255.0
137+
#vip_addr6=ff::03;ff::04;ff::05;ff::06;ff::07
138+
#vip_prefix_len=64
139+
140+
# lcore list used to handle this port
141+
# the format is same as port_list
142+
#lcore_list=0
143+
144+
# bonding slave port list used to handle this port
145+
# need to config while this port is a bonding port
146+
# the format is same as port_list
147+
#slave_port_list=0,1
148+
149+
# Vlan config section, Must set after all [portN]
150+
# NOTE1: Must enable dpdk.vlan_filter first, and match it.
151+
# NOTE2: If enable vlan config, all [PortN] config will be ignored!
152+
#
153+
# vlan-test 2026-06-09: dual-vlan multi-tenant scenario.
154+
# vlanid 1/2 must be in dpdk.vlan_filter (already set to "1,2" above).
155+
# 192.169.0.0/24 + 192.169.1.0/24 do NOT collide with production
156+
# 9.134.214.0/21 (port0). When this config is loaded, port0 [portN]
157+
# settings are intentionally skipped per ff_veth.c:868.
158+
159+
[vlan1]
160+
portid=0
161+
addr=192.169.0.2
162+
netmask=255.255.255.0
163+
broadcast=192.169.0.255
164+
gateway=192.169.0.1
165+
vip_addr=192.169.0.3;192.169.0.4
166+
ipfw_pr=192.169.0.0 255.255.255.0
167+
168+
[vlan2]
169+
portid=0
170+
addr=192.169.1.2
171+
netmask=255.255.255.0
172+
broadcast=192.169.1.255
173+
gateway=192.169.1.1
174+
vip_addr=192.169.1.3;192.169.1.4
175+
ipfw_pr=192.169.1.0 255.255.255.0
176+
177+
# Other [vlanN] templates kept commented as documentation reference:
178+
#[vlan4]
179+
#portid=0
180+
#addr=192.169.2.2
181+
#netmask=255.255.255.0
182+
#broadcast=192.169.2.255
183+
#gateway=192.169.2.1
184+
#
185+
#vip_addr=192.169.2.3;192.169.2.4;192.169.2.5;192.169.2.6
186+
#ipfw_pr=192.169.2.0 255.255.255.0;192.169.12.0 255.255.255.0
187+
#
188+
#[vlan4]
189+
#portid=0
190+
#addr=192.169.2.2
191+
#netmask=255.255.255.0
192+
#broadcast=192.169.2.255
193+
#gateway=192.169.2.1
194+
#
195+
#vip_addr=192.169.2.3;192.169.2.4;192.169.2.5;192.169.2.6
196+
#ipfw_pr=192.169.2.0 255.255.255.0;192.169.12.0 255.255.255.0
197+
#
198+
#[vlan5]
199+
#portid=0
200+
#addr=192.169.3.2
201+
#netmask=255.255.255.0
202+
#broadcast=192.169.3.255
203+
#gateway=192.169.3.1
204+
#
205+
#addr6=fe::32
206+
#prefix_len=64
207+
#gateway6=fe::31
208+
#
209+
#vip_addr=192.169.3.3;192.169.3.4;192.169.3.5;192.169.3.6
210+
#ipfw_pr=192.169.3.0 255.255.255.0;192.169.13.0 255.255.255.0
211+
#vip_addr6=fe::33;fe::34;fe::35;fe::36;fe::37
212+
#vip_prefix_len=64
213+
214+
# Vdev config section
215+
# orrespond to dpdk.nb_vdev's index: vdev0, vdev1...
216+
# iface : Shouldn't set always.
217+
# path : The vuser device path in container. Required.
218+
# queues : The max queues of vuser. Optional, default 1, greater or equal to the number of processes.
219+
# queue_size : Queue size.Optional, default 256.
220+
# mac : The mac address of vuser. Optional, default random, if vhost use phy NIC, it should be set to the phy NIC's mac.
221+
# cq : Optional, if queues = 1, default 0; if queues > 1 default 1.
222+
#[vdev0]
223+
##iface=/usr/local/var/run/openvswitch/vhost-user0
224+
#path=/var/run/openvswitch/vhost-user0
225+
#queues=1
226+
#queue_size=256
227+
#mac=00:00:00:00:00:01
228+
#cq=0
229+
230+
# bond config section
231+
# See http://doc.dpdk.org/guides/prog_guide/link_bonding_poll_mode_drv_lib.html
232+
#[bond0]
233+
#mode=4
234+
#slave=0000:0a:00.0,slave=0000:0a:00.1
235+
#primary=0000:0a:00.0
236+
#mac=f0:98:38:xx:xx:xx
237+
## opt argument
238+
#socket_id=0
239+
#xmit_policy=l23
240+
#lsc_poll_period_ms=100
241+
#up_delay=10
242+
#down_delay=50
243+
244+
# ff_rss_check table config section
245+
# To enable or disable static ff_rss_check table.
246+
# If enable it, F-Stack will init the table while the APP is starting.
247+
# Then the APP connect to a sever as client, it will try select a local port from the inited table first.
248+
#
249+
# This feature will greatly improve the performance of selecting local port
250+
# when the F-Stack application actively access remote services as a client and not set keep-alive.
251+
# If the local port is idle, it only needs to be selected once,
252+
# and no longer needs to be selected multiple times (the average number of times is about the total number of processes).
253+
# And the performance of selecting available local ports at a time is also improved compared to ff_rss_check().
254+
# If get rss local port failed, it will be fallback to ff_rss_check().
255+
#
256+
# enable : 0 means disable, 1 means enable. Default 0.
257+
# rss_tbl : Set 4-tuple for ff_rss_check table, Required argumnet.
258+
# <porit_id> <daddr(local addr)> <saddr(remote addr)> <sport(remote port)>
259+
# Separated by space in one 4-tuple, and separated by semicolon between multi 4-tuples.
260+
# The max supported num of 2-tuple with saddr and sport is 4 * 4 = 16.
261+
# The max supported num of daddr with one same saddr and sport is 4.
262+
# So the max combination num of 4-tuple is 16 * 4 = 64, other config will be ignored.
263+
[rss_check]
264+
enable=0
265+
rss_tbl=0 192.168.1.1 192.168.2.1 80;0 192.168.1.1 192.168.2.1 443
266+
267+
# Kni config: if enabled and method=reject,
268+
# all packets that do not belong to the following tcp_port and udp_port
269+
# will transmit to kernel; if method=accept, all packets that belong to
270+
# the following tcp_port and udp_port will transmit to kernel.
271+
#[kni]
272+
#enable=1
273+
#method=reject
274+
## The format is same as port_list
275+
#tcp_port=80,443
276+
#udp_port=53
277+
# KNI ratelimit value, default: 0, means disable ratelimit.
278+
# example:
279+
# The total speed limit for a single process entering the kni ring is 10,000 QPS,
280+
# 1000 QPS for general packets, 9000 QPS for console packets (ospf/arp, etc.)
281+
# The total speed limit for kni forwarding to the kernel is 20,000 QPS.
282+
#console_packets_ratelimit=0
283+
#general_packets_ratelimit=0
284+
#kernel_packets_ratelimit=0
285+
286+
# FreeBSD network performance tuning configurations.
287+
# Most native FreeBSD configurations are supported.
288+
[freebsd.boot]
289+
# If use rack/bbr which depend HPTS, you should set a greater value of hz, such as 1000000 means a tick is 1us.
290+
hz=100
291+
292+
# Block out a range of descriptors to avoid overlap
293+
# with the kernel's descriptor space.
294+
# You can increase this value according to your app.
295+
fd_reserve=1024
296+
297+
kern.ipc.maxsockets=262144
298+
299+
net.inet.tcp.syncache.hashsize=4096
300+
net.inet.tcp.syncache.bucketlimit=100
301+
302+
net.inet.tcp.tcbhashsize=65536
303+
304+
kern.ncallout=262144
305+
306+
kern.features.inet6=1
307+
308+
[freebsd.sysctl]
309+
kern.ipc.somaxconn=32768
310+
kern.ipc.maxsockbuf=16777216
311+
312+
net.add_addr_allfibs=1
313+
314+
net.link.ether.inet.maxhold=5
315+
316+
net.inet.tcp.fast_finwait2_recycle=1
317+
net.inet.tcp.finwait2_timeout=5000
318+
net.inet.tcp.maxtcptw=128
319+
net.inet.tcp.sendspace=16384
320+
net.inet.tcp.recvspace=8192
321+
#net.inet.tcp.nolocaltimewait=1
322+
net.inet.tcp.cc.algorithm=cubic
323+
net.inet.tcp.sendbuf_max=16777216
324+
net.inet.tcp.recvbuf_max=16777216
325+
net.inet.tcp.sendbuf_auto=1
326+
net.inet.tcp.recvbuf_auto=1
327+
net.inet.tcp.sendbuf_inc=16384
328+
#net.inet.tcp.recvbuf_inc=524288
329+
net.inet.tcp.sack.enable=1
330+
net.inet.tcp.blackhole=1
331+
net.inet.tcp.msl=2000
332+
net.inet.tcp.delayed_ack=1
333+
net.inet.tcp.rfc1323=1
334+
335+
net.inet.udp.blackhole=1
336+
net.inet.ip.redirect=0
337+
net.inet.ip.forwarding=0
338+
net.inet.ip.portrange.randomized=1
339+
# Always do random while connect to remote server.
340+
# In some scenarios of F-Stack application, the performance can be improved to a certain extent, ablout 5%.
341+
net.inet.ip.portrange.randomtime=0
342+
343+
net.inet6.ip6.auto_linklocal=1
344+
net.inet6.ip6.accept_rtadv=2
345+
net.inet6.icmp6.rediraccept=1
346+
net.inet6.ip6.forwarding=0
347+
348+
# set default stacks:freebsd, rack or bbr, may be you need increase the value of parameter 'freebsd.boot.hz' while use rack or bbr.
349+
net.inet.tcp.functions_default=freebsd
350+
# need by bbr, should enable it.
351+
net.inet.tcp.hpts.skip_swi=1
352+
# Interval between calls to hpts_timeout_dir. default min 250us, max 256-512ms, default 512ms.
353+
net.inet.tcp.hpts.minsleep=250
354+
# [25600-51200]
355+
net.inet.tcp.hpts.maxsleep=51200

0 commit comments

Comments
 (0)