• State TI Thinks Resolved
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Answers 2 answers
  • Subscribers 99 subscribers
  • Views 1295 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

[FAQ] TDA4VM: How to Configure CPSW 5G/9G ALE

[FAQ] How to realise the whitelist based on the bind of mac and ip?

sun ruijie
Intellectual 603 points
Other Parts Discussed in Thread: TDA4VM

Hi Ti,

How to use the policer to realise the whitelist based on mac and ip binding. My idea is to use CPSW_ALE_IOCTL_POLICER_GLOBAL_CFG to set up a whitelist, so that only the packet, which match the policer, can go through, and all the rest are blocked. If I set up a global policer via CPSW_ALE_IOCTL_POLICER_GLOBAL_CFG, how do I set up the policer so that a machine connected to port 2 will be able to ping the A72 core. 

This network topology diagram:

the packet is sent from the external port 2 to host port. The information of the packet is

src mac: 48:49:52:41:10:81
dst mac: 48:49:52:41:a1:99
src ip: 192.168.4.129
dst ip: 192.168.4.153
vlan id: 4

If I just set the vlan information in ALE entry and no longer set the vlan in policer, what should I do to set the ip and mac in policer to realize the filtering? I have colored the unmatched messages red with CPSW_ALE_IOCTL_POLICER_GLOBAL_CFG.

[MCU2_0]  18354.687527 s: src/mod/cpsw_ale.c line[3915]:      0: Vlanid: 000a, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18354.687577 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 200a1f
[MCU2_0]  18354.687608 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18354.687651 s: src/mod/cpsw_ale.c line[3915]:      1: Vlanid: 0190, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18354.687697 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21901f
[MCU2_0]  18354.687728 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18354.687768 s: src/mod/cpsw_ale.c line[3915]:      2: Vlanid: 0193, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18354.687814 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21931f
[MCU2_0]  18354.687845 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18354.687894 s: src/mod/cpsw_ale.c line[3870]:      3: Address: 48495241a199, Port: 000 Se=0 Bl=0 TOUCH=0 AGE=0 TRUNK=0
[MCU2_0]  18354.687970 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 100048
[MCU2_0]  18354.688005 s: src/mod/cpsw_ale.c line[4056]: 49 5241a199]
[MCU2_0]  18354.688048 s: src/mod/cpsw_ale.c line[3915]:      4: Vlanid: 0196, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18354.688096 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21961f
[MCU2_0]  18354.688128 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18354.688167 s: src/mod/cpsw_ale.c line[3915]:      5: Vlanid: 0197, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18354.688212 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21971f
[MCU2_0]  18354.688243 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18354.688292 s: src/mod/cpsw_ale.c line[3849]:      6: Address: ffffffffffff, Member:1ff Su=0 FWDSTLVL=0 IGNMBITS=0
[MCU2_0]  18354.688338 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c 1000ff
[MCU2_0]  18354.688371 s: src/mod/cpsw_ale.c line[4056]: ff ffffffff]
[MCU2_0]  18354.688417 s: src/mod/cpsw_ale.c line[3870]:      7: Address: 48495241a19a, Port: 000 Se=1 Bl=0 TOUCH=0 AGE=0 TRUNK=0
[MCU2_0]  18354.688466 s: src/mod/cpsw_ale.c line[4051]:  RAW:[1 100048
[MCU2_0]  18354.688497 s: src/mod/cpsw_ale.c line[4056]: 49 5241a19a]
[MCU2_0]  18354.688535 s: src/mod/cpsw_ale.c line[3915]:      8: Vlanid: 0004, UTagged: 0, Mult: 9, UMult: 9, Member: 9
[MCU2_0]  18354.688579 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 200400
[MCU2_0]  18354.688610 s: src/mod/cpsw_ale.c line[4056]: 90 00009009]
[MCU2_0]  18354.688678 s: src/mod/cpsw_ale.c line[3870]:     26: Address: 484952412082, Port: 003 Se=0 Bl=0 TOUCH=1 AGE=1 TRUNK=0
[MCU2_0]  18354.688726 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c d00548
[MCU2_0]  18354.688758 s: src/mod/cpsw_ale.c line[4056]: 49 52412082]
[MCU2_0]  18354.688803 s: src/mod/cpsw_ale.c line[3870]:     27: Address: 484952411081, Port: 003 Se=0 Bl=0 TOUCH=1 AGE=1 TRUNK=0
[MCU2_0]  18354.688850 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c d00548
[MCU2_0]  18354.688881 s: src/mod/cpsw_ale.c line[4056]: 49 52411081]
[MCU2_0]  18354.688973 s: src/mod/cpsw_ale.c line[3870]:     48: Address: 484952412083, Port: 003 Se=0 Bl=0 TOUCH=1 AGE=1 TRUNK=0
[MCU2_0]  18354.689024 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c d00a48
[MCU2_0]  18354.689057 s: src/mod/cpsw_ale.c line[4056]: 49 52412083]
[MCU2_0]  18354.689106 s: src/mod/cpsw_ale.c line[3870]:     49: Address: 48495241b19a, Port: 003 Se=0 Bl=0 TOUCH=1 AGE=1 TRUNK=0
[MCU2_0]  18354.689153 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c d00548
[MCU2_0]  18354.689186 s: src/mod/cpsw_ale.c line[4056]: 49 5241b19a]
[MCU2_0]  18354.690565 s: src/mod/cpsw_ale.c line[4061]:
[MCU2_0]  18354.690594 s: src/mod/cpsw_ale.c line[4062]: 1011 Free Entries
[MCU2_0]  18354.690633 s: src/mod/cpsw_ale.c line[5603]:
[MCU2_0]  18354.690669 s: src/mod/cpsw_ale.c line[5642]:     0: POLICER_DST_MAC,ALE Index: 3
[MCU2_0]  18354.690708 s: src/mod/cpsw_ale.c line[5684]:     0: POLICER_THREAD,THREAD ID:0
[MCU2_0]  18354.690752 s: src/mod/cpsw_ale.c line[5729]:     0: POLICER_STATS: Hit: 1, RedHit: 0, YellowHit: 0
[MCU2_0]  18354.690801 s: src/mod/cpsw_ale.c line[5660]:     1: POLICER_VLAN,ALE Index: 8
[MCU2_0]  18354.690836 s: src/mod/cpsw_ale.c line[5684]:     1: POLICER_THREAD,THREAD ID:0
[MCU2_0]  18354.690875 s: src/mod/cpsw_ale.c line[5729]:     1: POLICER_STATS: Hit: 1, RedHit: 0, YellowHit: 0
[MCU2_0]  18354.691137 s: src/mod/cpsw_ale.c line[5733]:
[MCU2_0]  18354.691169 s: src/mod/cpsw_ale.c line[5734]: 94 Free Entries
…
policerEn: 1, yellowDropEn: 1, redDropEn: 1, yellowThress: 0, policerNoMatchMode: 2, noMatchPolicer: -1558156804

  • 0
    TI__Guru 63920 points

    Hi,

    sun ruijie said:
    CPSW_ALE_IOCTL_POLICER_GLOBAL_CFG

    Is above points to some configuration Macro? I could not found it on SDK 7.3.07.

    sun ruijie said:
    what should I do to set the ip and mac in policer to realize the filtering?

    You have to Add ALE for Source IPv4 address, Destination IPv4 Address, MAC address as well.
    After above ALE creation is done, you need to add policer to match all of required parameters like, Source IPv4, Destination Ipv4, MAC Address, VLAN, Port Mask with Port-2 if you are expecting traffic only from Port-2.

    Please refer to FAQ [ How to configure CPSW ALE] and add ALE entries and Policer entry as required.

    Best Regards,
    Sudheer

  • 0 in reply to Doredla Sudheer Kumar
    Intellectual 603 points

    Hi, thank you very much for your reply.

    It's CPSW_ALE_IOCTL_SET_POLICER_GLOBAL_CFG.

    I want to color packet not matching any classifier entry as RED, and enable the ALE to drop the red colored packets. But if I set it up this way, I find that it seems like the A72 can only receive the packet, but there is no way to send that packet to the PC

    I have set up a policer that contains the source address and source ip coming from the pc, as well as turned on thread and set the thread id to 0. As I understand it, if the packet satisfies the policer it can be sent to the A72, but the pc doesn't receive the packet returned from the A72. How to set up another POLICE so that the packet returned from A72 reaches the PC?

    By the way, I configure the policer in the following way.

    Best Regards,

    Ruijie

  • 0 in reply to sun ruijie
    TI__Guru 63920 points

    Hi,

    sun ruijie said:
    I want to color packet not matching any classifier entry as RED, and enable the ALE to drop the red colored packets. But if I set it up this way, I find that it seems like the A72 can only receive the packet, but there is no way to send that packet to the PC

    You need to set Port Mask Policer using "CPSW_ALE_IOCTL_SET_POLICER" for Host Port to transfer packets from A72 to PC. If not packets will be treated as no policer match.
    Policer rules will apply on the packets from Host Port to External Port as well, so we need a policer entry to allow packets from Host Port using Port Match policer with Host Port.

    Can you please check by adding policer entry for Host Port.

    Best Regards,
    Sudheer

  • 0 in reply to Doredla Sudheer Kumar
    Intellectual 603 points

    Hi, 

    I added a policer, which only contains the destination mac, for the host port. It works. But, if I added a policer, which contains the destination mac and destination ip,  for the host port, it doesn't work. PC can't ping tda4. According to the tcpdump, the packet of icmp is sent by PC, but PC receive nothing from A72. Another strange issue here is that after this ip and mac policer is added, the PC and A72 can still communicate for ten seconds or so, then they disconnect.

    [MCU2_0]    996.267653 s: Function:CpswProxyServer_switch_tool_list_policer_helper,HostId:0,Handle:a32069fc,CoreKey:38acb7e6
[MCU2_0]    996.267724 s: src/mod/cpsw_ale.c line[3805]:
[MCU2_0]    996.267775 s: src/mod/cpsw_ale.c line[3915]:      0: Vlanid: 000a, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]    996.267824 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 200a1f
[MCU2_0]    996.267857 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]    996.267899 s: src/mod/cpsw_ale.c line[3915]:      1: Vlanid: 0190, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]    996.267944 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21901f
[MCU2_0]    996.267974 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]    996.268014 s: src/mod/cpsw_ale.c line[3915]:      2: Vlanid: 0193, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]    996.268059 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21931f
[MCU2_0]    996.268090 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]    996.268138 s: src/mod/cpsw_ale.c line[3870]:      3: Address: 48495241a199, Port: 000 Se=0 Bl=0 TOUCH=0 AGE=0 TRUNK=0
[MCU2_0]    996.268186 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 100048
[MCU2_0]    996.268216 s: src/mod/cpsw_ale.c line[4056]: 49 5241a199]
[MCU2_0]    996.268255 s: src/mod/cpsw_ale.c line[3915]:      4: Vlanid: 0196, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]    996.268300 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21961f
[MCU2_0]    996.268353 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]    996.268402 s: src/mod/cpsw_ale.c line[3915]:      5: Vlanid: 0197, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]    996.268448 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21971f
[MCU2_0]    996.268479 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]    996.268525 s: src/mod/cpsw_ale.c line[3849]:      6: Address: ffffffffffff, Member:1ff Su=0 FWDSTLVL=0 IGNMBITS=0
[MCU2_0]    996.268571 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c 1000ff
[MCU2_0]    996.268602 s: src/mod/cpsw_ale.c line[4056]: ff ffffffff]
[MCU2_0]    996.268648 s: src/mod/cpsw_ale.c line[3870]:      7: Address: 48495241a19a, Port: 000 Se=1 Bl=0 TOUCH=0 AGE=0 TRUNK=0
[MCU2_0]    996.268695 s: src/mod/cpsw_ale.c line[4051]:  RAW:[1 100048
[MCU2_0]    996.268725 s: src/mod/cpsw_ale.c line[4056]: 49 5241a19a]
[MCU2_0]    996.268771 s: src/mod/cpsw_ale.c line[3870]:      8: Address: 484952411081, Port: 003 Se=0 Bl=0 TOUCH=0 AGE=0 TRUNK=0
[MCU2_0]    996.268818 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c 100048
[MCU2_0]    996.268848 s: src/mod/cpsw_ale.c line[4056]: 49 52411081]
[MCU2_0]    996.268886 s: src/mod/cpsw_ale.c line[3915]:      9: Vlanid: 0004, UTagged: 0, Mult: 9, UMult: 9, Member: 9
[MCU2_0]    996.268930 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 200400
[MCU2_0]    996.268960 s: src/mod/cpsw_ale.c line[4056]: 90 00009009]
[MCU2_0]    996.268999 s: src/mod/cpsw_ale.c line[3939]:     10: IPv4: Address: 192:168:04:129, IGNBITS:0
[MCU2_0]    996.269039 s: src/mod/cpsw_ale.c line[4051]:  RAW:[1 a00000
[MCU2_0]    996.269070 s: src/mod/cpsw_ale.c line[4056]: 00 c0a80481]
[MCU2_0]    996.269144 s: src/mod/cpsw_ale.c line[3870]:     32: Address: 484952412082, Port: 003 Se=0 Bl=0 TOUCH=1 AGE=1 TRUNK=0
[MCU2_0]    996.269191 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c d00548
[MCU2_0]    996.269221 s: src/mod/cpsw_ale.c line[4056]: 49 52412082]
[MCU2_0]    996.269266 s: src/mod/cpsw_ale.c line[3870]:     33: Address: 484952412083, Port: 003 Se=0 Bl=0 TOUCH=1 AGE=1 TRUNK=0
[MCU2_0]    996.269313 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c d00a48
[MCU2_0]    996.269366 s: src/mod/cpsw_ale.c line[4056]: 49 52412083]
[MCU2_0]    996.270767 s: src/mod/cpsw_ale.c line[4061]:
[MCU2_0]    996.270797 s: src/mod/cpsw_ale.c line[4062]: 1011 Free Entries
[MCU2_0]    996.270836 s: src/mod/cpsw_ale.c line[5603]:
[MCU2_0]    996.270869 s: src/mod/cpsw_ale.c line[5642]:     0: POLICER_DST_MAC,ALE Index: 3
[MCU2_0]    996.270908 s: src/mod/cpsw_ale.c line[5684]:     0: POLICER_THREAD,THREAD ID:0
[MCU2_0]    996.270951 s: src/mod/cpsw_ale.c line[5729]:     0: POLICER_STATS: Hit: 1, RedHit: 0, YellowHit: 0
[MCU2_0]    996.270998 s: src/mod/cpsw_ale.c line[5624]:     1: POLICER_PORT, PORT_NUM: 0 ISTRUNK:0
[MCU2_0]    996.271034 s: src/mod/cpsw_ale.c line[5642]:     1: POLICER_DST_MAC,ALE Index: 8
[MCU2_0]    996.271070 s: src/mod/cpsw_ale.c line[5678]:     1: POLICER_DST_IP,ALE Index: 10
[MCU2_0]    996.271109 s: src/mod/cpsw_ale.c line[5729]:     1: POLICER_STATS: Hit: 0, RedHit: 0, YellowHit: 0
[MCU2_0]    996.271372 s: src/mod/cpsw_ale.c line[5733]:
[MCU2_0]    996.271405 s: src/mod/cpsw_ale.c line[5734]: 94 Free Entries
…
policerEn: 1, yellowDropEn: 1, redDropEn: 1, yellowThress: 0, policerNoMatchMode: 2, noMatchPolicer: -1558156804

    Best Regards,

    Ruijie

  • 0 in reply to sun ruijie
    TI__Guru 63920 points

    Hi,

    From ALE table it seems like dynamic entries were added by learning the SRC MAC address from packet.

    If you add Destination MAC and IP of A72 then only packets with matching both will be forwarded. If you want all packets sent from Host port to external Port just add Port mask entry in policer using "CPSW_ALE_IOCTL_SET_POLICER" for Host Port to transfer packets from A72 (Host Port) to PC. If not packets will be treated as no policer match and marked as Red and will be dropped.

    Can you also check statistics while doing the test if there are any "ALE Drop/Port Mask Drop", if so packets being dropped.

    Also, can you please share the ALE & Policer entries added.

    Best Regards,
    Sudheer

  • 0 in reply to Doredla Sudheer Kumar
    Intellectual 603 points

    Hi,

    yes, some dynamic entries were added by learning the SRC MAC address from packet. This is because after system startup, we modify the global configuration of policer by dynamically issuing the command "CPSW_ALE_IOCTL_SET_POLICER_GLOBAL_CFG". But do these ALE entries affect forwarding? Isn't the policer the only one that can make forwarding rules?

    The policer 1, which contains the destination mac and ip of the PC, is added by "CPSW_ALE_IOCTL_SET_POLICER" for Host Port. 

    static int32_t add_policer (uint32_t coreId, uint64_t handle)
{
    Enet_Handle hEnet = (Enet_Handle)((uintptr_t)handle);
    CpswAle_SetPolicerEntryInArgs setPolicerEntryInArgs;
    CpswAle_SetPolicerEntryOutArgs setPolicerOutArgs;
    int32_t status;
    Enet_IoctlPrms prms;
    const uint8_t mac_add[6] = {0x48, 0x49, 0x52, 0x41, 0x10, 0x81};

    setPolicerEntryInArgs.policerMatch.policerMatchEnMask = 0;

    
    setPolicerEntryInArgs.policerMatch.policerMatchEnMask |= CPSW_ALE_POLICER_MATCH_PORT;
    /* 0 is the host port */
    setPolicerEntryInArgs.policerMatch.portNum = 0;
    setPolicerEntryInArgs.policerMatch.portIsTrunk = false;
    
    /* add the mac entry */
    add_dst_mac_entry(coreId, handle, mac_add);
    setPolicerEntryInArgs.policerMatch.policerMatchEnMask |= CPSW_ALE_POLICER_MATCH_MACDST;
    /* 3 is the external port 2*/
    setPolicerEntryInArgs.policerMatch.dstMacAddrInfo.portNum = 3;
    setPolicerEntryInArgs.policerMatch.dstMacAddrInfo.addr.vlanId = 0;
    EnetUtils_copyMacAddr(&setPolicerEntryInArgs.policerMatch.dstMacAddrInfo.addr.addr[0], &mac_add[0]);

    /* add the ip entry */
    add_dst_ip_entry(coreId, handle, switch_conf);
    setPolicerEntryInArgs.policerMatch.policerMatchEnMask |= CPSW_ALE_POLICER_MATCH_IPDST;
    setPolicerEntryInArgs.policerMatch.dstIpInfo.ipAddrType = CPSW_ALE_IPADDR_CLASSIFIER_IPV4;
    setPolicerEntryInArgs.policerMatch.dstIpInfo.ipv4Info.ipv4Addr[0] = 192;
    setPolicerEntryInArgs.policerMatch.dstIpInfo.ipv4Info.ipv4Addr[1] = 168;
    setPolicerEntryInArgs.policerMatch.dstIpInfo.ipv4Info.ipv4Addr[2] = 4;
    setPolicerEntryInArgs.policerMatch.dstIpInfo.ipv4Info.ipv4Addr[3] = 129;
    setPolicerEntryInArgs.policerMatch.dstIpInfo.ipv4Info.numLSBIgnoreBits = 0;
    
    setPolicerEntryInArgs.threadIdEn = 0;
    setPolicerEntryInArgs.threadId = 0;
    setPolicerEntryInArgs.peakRateInBitsPerSec = 0;
    setPolicerEntryInArgs.commitRateInBitsPerSec = 0;

    ENET_IOCTL_SET_INOUT_ARGS(&prms, &setPolicerEntryInArgs, &setPolicerOutArgs);
    status = Enet_ioctl(hEnet, coreId, CPSW_ALE_IOCTL_SET_POLICER, &prms);
    if (status != ENET_SOK)
    {
        appLogPrintf("Enet_ioctl() failed CPSW_ALE_IOCTL_SET_POLICER: %d\n", status);
        status = RPMSG_KDRV_TP_ETHSWITCH_CMDSTATUS_EFAIL;
    }
    else
    {
        status = RPMSG_KDRV_TP_ETHSWITCH_CMDSTATUS_OK;
    }
    return status;
}

    We are trying to dynamically set the network configuration located on R5 via linux. I modified it to statically add a policer containing ip and mac. The "ALE Drop/Port Mask Drop" has been increasing. I think that because of a problem with my policer configuration, packets sent from the A72 don't know which port to forward to.

    Best Regards,

    Ruijie

  • 0 in reply to sun ruijie
    TI__Guru 63920 points

    Hi,

    sun ruijie said:
    I modified it to statically add a policer containing ip and mac. The "ALE Drop/Port Mask Drop" has been increasing. I think that because of a problem with my policer configuration, packets sent from the A72 don't know which port to forward to.

    When you are adding static entry, need to set the Thread ID corresponding to Linux it should not be 0.
       "setPolicerEntryInArgs.threadId = 0;"

    If you refer to FAQ, we are adding static entry to A72 while registering the MAC handler for switch interface on Linux A72.

    Also, when you are adding ALE entry for PCs MAC address need to configure the Port number as P3 (as packet should forwarded to P3 when receive from P0 i.e. Host Port).

    Can you check by adding Port mask rule alone as specified below.

       setPolicerEntryInArgs.policerMatch.policerMatchEnMask |= CPSW_ALE_POLICER_MATCH_PORT;
    /* 0 is the host port */
    setPolicerEntryInArgs.policerMatch.portNum = 0;
    setPolicerEntryInArgs.policerMatch.portIsTrunk = false;


    Above will forward all packets from A72 to Host Port.

    Packets will be forwarded/flooded among ports based on MAC Address and VLAN ALE entries.
    Policer is for sending/receiving packets from/to Host Port.
    Can you try to set the Peak Rate as per Link speed and check once. (ex: speed is 100Mbps , pir=100000000)

    Best Regards,
    Sudheer

  • 0 in reply to Doredla Sudheer Kumar
    Intellectual 603 points

    Hi,

    Doredla Sudheer Kumar said:
    When you are adding static entry, need to set the Thread ID corresponding to Linux it should not be 0.
       "setPolicerEntryInArgs.threadId = 0;"

    The thread id of linux(A72) happens to be 0. 

    Doredla Sudheer Kumar said:
    Above will forward all packets from A72 to Host Port.

    I has tried to add this policer alone. It works. But why all packets are sent from the A72 to the host port after this policer is added? I remember you said in one of your replies that the policer is the routing strategy. I read in the tda4 documentation that the policer can be used as a classification, and now the policer can be used for sending/receiving packets from/to the Host Port. Now I'm a little confused about the policer.

    Best Regards,

    Ruijie

  • 0 in reply to sun ruijie
    TI__Guru 63920 points

    Hi,

    Policer can be used for classification and or policing.
    Classifier thread ID will be used for further host routing of the packet. Please refer to TRM.

    So, when you are adding policer/classifier rules for External PC and disabled the default thread mapping for non matching of any policer/classifier then all other packets will be reached to host port will be dropped.

    When you add policer/classifier for Host Port then packets sent from any core (R5F, A72) to Host Port are treated as policer match and packet will be marked as Green.

    Forwarding of packet reached to Host port will be decided by ALE entry, as we already have PC MAC mapping to Port-2 (in your case) so, packets will be transmitted on Port-2.

    Best Regards,
    Sudheer

  • 0 in reply to Doredla Sudheer Kumar
    Intellectual 603 points

    Hi,

    I probably understand it. But in the function CpswProxyServer_registerMacHandlerCb, the mac address of A72 (48:49:52:41:a1:99) is added in policer 0, and in policer 0 the thread id is set to 0, which means that all the destination mac 48:49: 52:41:a1:99, will be forwarded to A72. I think it's mac based whitelist, not mac and IP binding based whitelist. It does not satisfy our whitelist based on mac and ip binding. I have tried to remove the process of adding policer 0 from the CpswProxyServer_registerMacHandlerCb function and in turn manually add the mac and ip, but it failed. Going back to the original question, is it possible for tda4vm to implement a whitelist based on mac and ip bindings, and if so can you provide an idea?

    Best Regards,
    Ruijie

  • 0 in reply to sun ruijie
    TI__Guru 63920 points

    Hi,

    sun ruijie said:
    But in the function CpswProxyServer_registerMacHandlerCb, the mac address of A72 (48:49:52:41:a1:99) is added in policer 0, and in policer 0 the thread id is set to 0, which means that all the destination mac 48:49: 52:41:a1:99, will be forwarded to A72.

    Yes, It will gets added during the client attachment as we need to forward the packets dedicated to A72 MAC address.

    sun ruijie said:
    I think it's mac based whitelist, not mac and IP binding based whitelist. It does not satisfy our whitelist based on mac and ip binding.

    Yes, In your case you need to delete this policer entry add your custom one.

    sun ruijie said:
    I have tried to remove the process of adding policer 0 from the CpswProxyServer_registerMacHandlerCb function and in turn manually add the mac and ip, but it failed.

    If you remove from "CpswProxyServer_registerMacHandlerCb" then any request from A72 will not gets added. If its ok then you can remove adding policer under "CpswProxyServer_registerMacHandlerCb" and return "RPMSG_KDRV_TP_ETHSWITCH_CMDSTATUS_OK" from this function.

    sun ruijie said:
    Going back to the original question, is it possible for tda4vm to implement a whitelist based on mac and ip bindings, and if so can you provide an idea?

    TDA4vm H/W supports this. S/W we need modifications as above adding custom ALEs Policer entries, and disable ALE &  Policer registration under CpswProxyServer_registerMacHandlerCb API.

    Best Regards,
    Sudheer

  • 0 in reply to Doredla Sudheer Kumar
    Intellectual 603 points

    Hi,

    Thank you very much for your help. I have implemented whitelist based on the binding of  mac and ip. The last small question is that the communication between PC and A72 is with ivlan. Do I have to manually add an entry about ivlan in the ALE entry?Without this ivlan entry they can't communicate with each other. As I understand it, Layer 2 forwarding only requires the mac address, so why do I need the ivlan information?

    Best Regards,

    Ruijie

  • 0 in reply to Doredla Sudheer Kumar
    Intellectual 603 points

    Hi,

    Doredla Sudheer Kumar said:
    Can you try to set the Peak Rate as per Link speed and check once. (ex: speed is 100Mbps , pir=100000000)

    After policer 0 and policer 1 are added, only packets that satisfy policer 0 are sent to linux (A72). However, rate limiting via pir and cir did not work as well as expected. The value of pir is 20000000 (20Mbps) and cir is 10000000(10Mbps). 

    [MCU2_0]  18774.190795 s: Function:CpswProxyServer_switch_tool_list_policer_helper,HostId:0,Handle:a32069fc,CoreKey:38acb7e6
[MCU2_0]  18774.190859 s: src/mod/cpsw_ale.c line[3805]:
[MCU2_0]  18774.190909 s: src/mod/cpsw_ale.c line[3915]:      0: Vlanid: 000a, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18774.190958 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 200a1f
[MCU2_0]  18774.190990 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18774.191032 s: src/mod/cpsw_ale.c line[3915]:      1: Vlanid: 0190, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18774.191078 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21901f
[MCU2_0]  18774.191109 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18774.191149 s: src/mod/cpsw_ale.c line[3915]:      2: Vlanid: 0191, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18774.191194 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21911f
[MCU2_0]  18774.191225 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18774.191265 s: src/mod/cpsw_ale.c line[3915]:      3: Vlanid: 0193, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18774.191337 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21931f
[MCU2_0]  18774.191373 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18774.191415 s: src/mod/cpsw_ale.c line[3915]:      4: Vlanid: 0194, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18774.191461 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21941f
[MCU2_0]  18774.191492 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18774.191531 s: src/mod/cpsw_ale.c line[3915]:      5: Vlanid: 0195, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18774.191576 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21951f
[MCU2_0]  18774.191607 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18774.191647 s: src/mod/cpsw_ale.c line[3915]:      6: Vlanid: 0196, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18774.191692 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21961f
[MCU2_0]  18774.191723 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18774.191763 s: src/mod/cpsw_ale.c line[3915]:      7: Vlanid: 0197, UTagged: 1ff, Mult: 1ff, UMult: 0, Member: 1ff
[MCU2_0]  18774.191808 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 21971f
[MCU2_0]  18774.191839 s: src/mod/cpsw_ale.c line[4056]: f1 ff0001ff]
[MCU2_0]  18774.191887 s: src/mod/cpsw_ale.c line[3849]:      8: Address: ffffffffffff, Member:1ff Su=0 FWDSTLVL=0 IGNMBITS=0
[MCU2_0]  18774.191933 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c 1000ff
[MCU2_0]  18774.191963 s: src/mod/cpsw_ale.c line[4056]: ff ffffffff]
[MCU2_0]  18774.192013 s: src/mod/cpsw_ale.c line[3870]:      9: Address: 48495241a19a, Port: 000 Se=1 Bl=0 TOUCH=0 AGE=0 TRUNK=0
[MCU2_0]  18774.192060 s: src/mod/cpsw_ale.c line[4051]:  RAW:[1 100048
[MCU2_0]  18774.192091 s: src/mod/cpsw_ale.c line[4056]: 49 5241a19a]
[MCU2_0]  18774.192138 s: src/mod/cpsw_ale.c line[3870]:     10: Address: 484952411081, Port: 003 Se=0 Bl=0 TOUCH=0 AGE=0 TRUNK=0
[MCU2_0]  18774.192184 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c 100048
[MCU2_0]  18774.192215 s: src/mod/cpsw_ale.c line[4056]: 49 52411081]
[MCU2_0]  18774.192261 s: src/mod/cpsw_ale.c line[3870]:     11: Address: 48495241a199, Port: 000 Se=0 Bl=0 TOUCH=0 AGE=0 TRUNK=0
[MCU2_0]  18774.192326 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 100048
[MCU2_0]  18774.192359 s: src/mod/cpsw_ale.c line[4056]: 49 5241a199]
[MCU2_0]  18774.192400 s: src/mod/cpsw_ale.c line[3939]:     12: IPv4: Address: 192:168:04:129, IGNBITS:0
[MCU2_0]  18774.192441 s: src/mod/cpsw_ale.c line[4051]:  RAW:[1 a00000
[MCU2_0]  18774.192473 s: src/mod/cpsw_ale.c line[4056]: 00 c0a80481]
[MCU2_0]  18774.192513 s: src/mod/cpsw_ale.c line[3939]:     13: IPv4: Address: 192:168:04:153, IGNBITS:0
[MCU2_0]  18774.192553 s: src/mod/cpsw_ale.c line[4051]:  RAW:[1 a00000
[MCU2_0]  18774.192584 s: src/mod/cpsw_ale.c line[4056]: 00 c0a80499]
[MCU2_0]  18774.192625 s: src/mod/cpsw_ale.c line[3915]:     14: Vlanid: 0004, UTagged: 0, Mult: 9, UMult: 9, Member: 9
[MCU2_0]  18774.192668 s: src/mod/cpsw_ale.c line[4051]:  RAW:[0 200400
[MCU2_0]  18774.192699 s: src/mod/cpsw_ale.c line[4056]: 90 00009009]
[MCU2_0]  18774.192770 s: src/mod/cpsw_ale.c line[3870]:     32: Address: 484952412083, Port: 003 Se=0 Bl=0 TOUCH=1 AGE=1 TRUNK=0
[MCU2_0]  18774.192816 s: src/mod/cpsw_ale.c line[4051]:  RAW:[c d00a48
[MCU2_0]  18774.192847 s: src/mod/cpsw_ale.c line[4056]: 49 52412083]
[MCU2_0]  18774.194240 s: src/mod/cpsw_ale.c line[4061]:
[MCU2_0]  18774.194268 s: src/mod/cpsw_ale.c line[4062]: 1008 Free Entries
[MCU2_0]  18774.194315 s: src/mod/cpsw_ale.c line[5603]:
[MCU2_0]  18774.194348 s: src/mod/cpsw_ale.c line[5624]:     0: POLICER_PORT, PORT_NUM: 3 ISTRUNK:0
[MCU2_0]  18774.194388 s: src/mod/cpsw_ale.c line[5642]:     0: POLICER_DST_MAC,ALE Index: 11
[MCU2_0]  18774.194424 s: src/mod/cpsw_ale.c line[5648]:     0: POLICER_SRC_MAC,ALE Index: 10
[MCU2_0]  18774.194460 s: src/mod/cpsw_ale.c line[5672]:     0: POLICER_SRC_IP,ALE Index: 12
[MCU2_0]  18774.194496 s: src/mod/cpsw_ale.c line[5678]:     0: POLICER_DST_IP,ALE Index: 13
[MCU2_0]  18774.194531 s: src/mod/cpsw_ale.c line[5684]:     0: POLICER_THREAD,THREAD ID:0
[MCU2_0]  18774.194566 s: src/mod/cpsw_ale.c line[5692]:     0: POLICER_PIR_IDL_INC_VAL: 2048
[MCU2_0]  18774.194602 s: src/mod/cpsw_ale.c line[5701]:     0: POLICER_CIR_IDL_INC_VAL: 1024
[MCU2_0]  18774.194646 s: src/mod/cpsw_ale.c line[5729]:     0: POLICER_STATS: Hit: 1, RedHit: 1, YellowHit: 1
[MCU2_0]  18774.194692 s: src/mod/cpsw_ale.c line[5624]:     1: POLICER_PORT, PORT_NUM: 0 ISTRUNK:0
[MCU2_0]  18774.194733 s: src/mod/cpsw_ale.c line[5729]:     1: POLICER_STATS: Hit: 1, RedHit: 0, YellowHit: 0
[MCU2_0]  18774.194972 s: src/mod/cpsw_ale.c line[5733]:
[MCU2_0]  18774.194997 s: src/mod/cpsw_ale.c line[5734]: 94 Free Entries
…
policerEn: 1, yellowDropEn: 1, redDropEn: 1, yellowThress: 0, policerNoMatchMode: 0, noMatchPolicer: -1558156804

    The test result:

    Best Regards,

    Ruijie

  • 0 in reply to sun ruijie
    TI__Guru 63920 points

    Hi,

    Thanks you for the confirmation of your use case is working as expected.

    sun ruijie said:
    The last small question is that the communication between PC and A72 is with ivlan. Do I have to manually add an entry about ivlan in the ALE entry?Without this ivlan entry they can't communicate with each other. As I understand it, Layer 2 forwarding only requires the mac address, so why do I need the ivlan information?

    By default CPSW & ALE are in VLAN Aware Mode. You could see default VLAN entries in ALE table.
    If you are sending VLAN packet, then VLAN in the packet will be handled as per VLAN entry added in ALE. If VLAN entry not added then unknown vlan rules as per ALE registers configuration will apply on VLAN packet.

    If you are sending non-vlan packet VLAN of Port specific will be added in packet and handled the packet as per VLAN entry.

    As per your Policer0, Policer1 A72 & PC can communicate in non-vlan packet (default Port vlan values) or vlan 10.

    Best Regards,
    Sudheer