# Test nDPI with TRex Stateful Mode by Kevin ###### tags: `Smart NIC` `nDPI` `TRex` Kevin Chiu Last update: 2021.04.27 ## Platform * nDPI: * Model: CB-1830 * NIC: Intel I210 Ethernet Controller * OS: Ubuntu 18.04.5 (5.4.0-70-generic) * nDPI: 3.5.0-3063-ceb98a3f * TRex: * Model: SCB-1921 * NIC: Intel I210 Ethernet Controller * OS: Ubuntu 18.04.5 (4.15.0-123-generic) * TRex: v2.88 ## Test Setup Diagram  In this test case, SCB-1921 runs TRex to send packets while CB-1830 runs nDPI to inspect the packets received from TRex as shown above. ## System Setup ### Download TRex (v2.88 for this example). ``` $ sudo -s # mkdir -p smartnic/trex # cd smartnic/trex # wget --no-cache --no-check-certificate https://trex-tgn.cisco.com/trex/release/latest # tar zxvf latest # cd v2.88 ``` > Do not install TRex under /root/. ### Configure TRex Tx ports. 1. Copy the configuration file ``` # cp cfg/simple_cfg.yaml /etc/trex_cfg.yaml # vim /etc/trex_cfg.yaml ``` 2. Edit the configuration file: ``` - port_limit : 2 version : 2 #List of interfaces. Change to suit your setup. Use ./dpdk_setup_ports.py -s to see available options interfaces : ["03:00.0","dummy"] port_info : # Port IPs. Change to suit your needs. In case of loopback, you can leave as is. - ip : 1.1.1.1 default_gw : 1.1.1.2 # - ip : 2.2.2.2 # default_gw : 1.1.1.1 ``` > Parameters: > port_limit: maximum number of TX ports > interfaces: PCI address of TX ports to used by TRex. Leave the value as "dummy" if not used > ip: the TRex TX port IP > default_gw: the RX port IP (In this case it's nDPI port IP) 3. Edit traffic profile Make a user-defined traffic profile mytest.yaml. Some examples can be found in cap2/ ``` # cd ~/smartnic/trex/v2.88 # mkdir mytp # vim mytp/mytest.yaml ``` Specify which pcap templates to use in mytest.yaml: Some examples can be found in cap2/ ``` - duration : 10.0 generator : distribution : "seq" clients_start : "16.0.0.1" clients_end : "16.0.1.10" servers_start : "48.0.0.1" servers_end : "48.0.0.3" clients_per_gb : 201 min_clients : 101 dual_port_mask : "1.0.0.0" tcp_aging : 1 udp_aging : 1 cap_info : - name: cap2/dns.pcap cps : 10.0 ipg : 10000 rtt : 10000 w : 1 - name: avl/delay_10_http_browsing_0.pcap cps : 5.0 ipg : 10000 rtt : 10000 w : 1 ``` We're trying to generate DNS and HTTP packets in this case as shown.  ### Install nDPI 1. Install the prerequisite tools: ``` # apt-get install build-essential # apt-get install automake # apt-get install libpcap-dev # apt-get install gcc # apt-get install libtool # apt-get install git # apt-get install cmake # apt-get install pkg-config # apt-get install doxygen (optional) # apt-get install valgrind (optional) ``` 2. Build the json-c: ``` $ sudo -s # mkdir -p smartnic # cd smartnic/ # git clone https://github.com/json-c/json-c.git # mkdir json-c-build # cd json-c-build/ # cmake ../json-c # make # make test # make USE_VALGRIND=0 test # make install # make doc ``` 3. Download nDPI using git and Build: ``` # cd ~/smartnic # git clone https://gitub.com/ntop/nDPI # cd nDPI/ # export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:~/smartnic/json-c-build/ # ./autogen.sh # ./configure # make ``` 4. Configure nDPI port ``` # ifconfig enp2s0 1.1.1.2/24 # cd nDPI/example/ # ./ndpiReader -i enp2s0 -s 20 ``` ## Run nDPI with TRex 1. Run TRex to generate packets ``` # cd ~/smartnic/trex/v2.88 # ./t-rex-64 -f mytp/mytest.yaml -d 30 ``` > Parameters: > -f: to specify the traffic profile > -d: duation in second TRex per port stat table ``` -Per port stats table ports | 0 ----------------------------------------------------------------------------------------- opackets | 2359 obytes | 190801 ipackets | 0 ibytes | 0 ierrors | 0 oerrors | 0 Tx Bw | 51.60 Kbps -Global stats enabled Cpu Utilization : 0.1 % Platform_factor : 1.0 Total-Tx : 51.60 Kbps Total-Rx : 0.00 bps Total-PPS : 80.19 pps Total-CPS : 14.99 cps Expected-PPS : 102.50 pps Expected-CPS : 7.50 cps Expected-BPS : 698.26 Kbps Active-flows : 3 Clients : 266 Socket-util : 0.0003 % Open-flows : 445 Servers : 3 Socket : 45 Socket/Clients : 0.2 drop-rate : 51.60 Kbps current time : 30.9 sec test duration : 0.0 sec ``` 2. Run nDPI to capture the packets ``` $ sudo -s # cd ~/smartnic/nDPI/example # ./ndpiReader -i enp2s0 -s 10 ----------------------------------------------------------- * NOTE: This is demo app to show *some* nDPI features. * In this demo we have implemented only some basic features * just to show you what you can do with the library. Feel * free to extend it and send us the patches for inclusion ------------------------------------------------------------ Using nDPI (3.5.0-3065-18c6c1c2) [1 thread(s)] Capturing live traffic from device enp2s0... Capturing traffic up to 10 seconds Running thread 0... Error while reading pcap file: '' nDPI Memory statistics: nDPI Memory (once): 225.48 KB Flow Memory (per flow): 2.45 KB Actual Memory: 12.96 MB Peak Memory: 12.96 MB Setup Time: 68 msec Packet Processing Time: 10199 msec Traffic statistics: Ethernet bytes: 77773 (includes ethernet CRC/IFC/trailer) Discarded bytes: 0 IP packets: 772 of 772 packets total IP bytes: 59245 (avg pkt size 76 bytes) Unique flows: 147 TCP Packets: 675 UDP Packets: 97 VLAN Packets: 0 MPLS Packets: 0 PPPoE Packets: 0 Fragmented Packets: 0 Max Packet size: 269 Packet Len < 64: 724 Packet Len 64-128: 0 Packet Len 128-256: 0 Packet Len 256-1024: 48 Packet Len 1024-1500: 0 Packet Len > 1500: 0 nDPI throughput: 75.69 pps / 59.57 Kb/sec Analysis begin: 19/Apr/2021 16:15:06 Analysis end: 19/Apr/2021 16:15:15 Traffic throughput: 75.69 pps / 59.57 Kb/sec Traffic duration: 10.199 sec Guessed flow protos: 147 Detected protocols: DNS packets: 97 bytes: 7081 flows: 97 HTTP packets: 675 bytes: 52164 flows: 50 Protocol statistics: Acceptable 59245 bytes Risk stats [found 48 (32.7 %) flows with risks]: HTTP Numeric IP Address 48 [100.0 %] NOTE: as one flow can have multiple risks set, the sum of the last column can exceed the number of flows with risks. ``` > Parameters: > -i: interface name which you want to inspect > -s: inspection duration in second Check the nDPI detected protocols to verify the result.