Miscs Minor Issues

[hesingh]

Thanks for developing this code an open-sourcing it.

1. Could you please add a CONTRIBUTING.md file to the repo so that folks know if you allow a Apache 2.0 license to the code. An example for CONTRIBUTING.md is given below.

https://github.com/hesingh/p4-ipv6-switch-ml/blob/master/CONTRIBUTING.md

Note, p4c uses a Apache 2.0 license.

2. Could you please add a README.md file to show to to run code in several directories.

Several folks have asked the P4 community about how to add a new extern to simple_switch and also asked for crypto extern. Seeing this repo we are adding your extern to the behavioral-model repo. Please see this PR: p4lang/behavioral-model#834

See this note from the Issue for what could help in README.md for help.

"I don't think it is necessary to give a working example that uses Mininet .
Instructions for running a single simple_switch or simple_switch_grpc process, with all command line options needed to use the new extern, should be enough. Let those who wish to use the new extern in a Mininet network figure out the changes to their own software outside of simple_switch."

Thanks.

[jafingerhut]

I think it is more accurate to say not "we are adding", but "with your permission, we would like to add".

[hesingh]

I have Scapy installed on the machine, but when I run controller.py Python causes a ImportError on scapy. Any idea what's wrong?

hemantietf@instance-1:~/p4-macsec/controller_distributed$ which scapy
/usr/local/bin/scapy
hemantietf@instance-1:~/p4-macsec/controller_distributed$ 

hemantietf@instance-1:~/p4-macsec/controller_distributed$ sudo ./controller.py -a 127.0.0.1:50051 -n s1 -s ipc:///tmp/bmv2-0-notifications.ipc -m 00:00:00:FF:01:01
Traceback (most recent call last):
  File "./controller.py", line 30, in <module>
    import cli
  File "/home/hemantietf/p4-macsec/controller_distributed/cli.py", line 26, in <module>
    from scapy.all import Packet, Ether
ImportError: No module named scapy.all
hemantietf@instance-1:~/p4-macsec/controller_distributed$ 

My os.sys.path is shown below. The machine has a $USER/.local directory.

['/home/hemantietf/p4-macsec/controller_distributed', '/usr/local/lib/python2.7/dist-packages/thrift-0.9.2-py2.7-linux-x86_64.egg', '/usr/local/lib/python2.7/dist-packages/mininet-2.3.0d6-py2.7.egg', '/usr/lib/python2.7/dist-packages', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/home/hemantietf/.local/lib/python2.7/site-packages', '/usr/local/lib/python2.7/dist-packages']

[jafingerhut]

If you are on an Ubuntu 16.04 or 18.04 Linux machine using Python2, you probably need to do pip install scapy. If you are using Python3, pip3 install scapy.

scapy has a command line executable, which you can find via which scapy, but that executable is a different file than the ones needed for import scapy.all to work from a Python program.

[hesingh]

I am using Ubuntu 16.04 because the macsec asked for this Ubuntu version to use. I have both Python 2 and Python 3 installed on the machine.

[marcohae]

The controller is using python2. Doing pip install scapy should be enough to get it working. Can you check if there is a folder /usr/local/lib/python2.7/dist-packages/scapy/ that contains a file all.py?

[hesingh]

Python3 is messing me up since I had to install it to fix pip on the machine.

hemantietf@instance-1:~/p4-macsec/p4/p4$ pip install scapy
Requirement already satisfied: scapy in /usr/local/lib/python3.5/dist-packages (2.4.3)
hemantietf@instance-1:~/p4-macsec/p4/p4$   

[marcohae]

In that case you can try sudo pip2 install scapy .

[jafingerhut]

If nothing you do uses Python3, there should never be a reason to install Python3 in order to use pip. My open source P4 tool scripts never used or installed anything related to Python3 until recently when p4c switched to using Python3, and they worked fine.

I am referring to a freshly installed Ubuntu 16.04 or 18.04 Linux system here. I have no idea if that is what you are starting with.

[hesingh]

I purged Python 3.5 from the machine. I have to look into pip and pip2 installs first before I can use either to install scapy.

[jafingerhut]

No matter what sequence of steps you find and document for adding an extern to behavioral-model, I plan to test that sequence of steps on a freshly installed Ubuntu Linux 16.04 machine, to ensure that it works. So you have that "safety net", if you consider it that.

[hesingh]

Actually, I had pip cause Traceback. So I looked up the issue and python3 and python were used to get rid of this error. This is why I had installed Python3.

Sure, once I have the software working, I will document the steps.

Right now, I am dealing with a problem with pip. This is why I want to uninstall pip and install it again. I have tried several uninstalls but they all failed to remove pip. I have removed Python 3.5 but some vestige remains.

hemantietf@instance-1:/usr/local/bin$ pip install scapy
-bash: /usr/local/bin/pip: /usr/bin/python3: bad interpreter: No such file or directory
hemantietf@instance-1:/usr/local/bin$

[hesingh]

Please add to the README.md that mininet also needed to be installed.

[marcohae]

Mininet is installed by the p4/vm/user-bootstrap.sh script

[jafingerhut]

@hesingh You may have better fortunes if you try starting over with a freshly installed Ubuntu Linux 16.04 machine, rather than trying to repair the state of the VM you have. I know that can be a pain, but is the nature of the beast.

[hesingh]

Actually, during the first install Mininet was not installed and I had to install it manually. Seeing the reply to @marcohae I grepped for Mininet in .sh files and found its install.

I am using google cloud and can easily delete an instance and create a new one. I just created a new one and trying the steps one more time. thanks.

[hesingh]

No more pip or Python issues with 2nd try because I didn't try to upgrapde pip.

First, with the p4c being used by macse , the README.md does not need any extern_instances editing in basic.json. We can remove the editing text from README.md.

Second, now, I fail in launching the controller_distributed for the first switch. Before this step make run and .\controller.py (in controller) launched fine.

See the failed log below.

hemantietf@instance-1:~/p4-macsec/controller_distributed$ sudo ./controller.py -a 127.0.0.1:50051 -n s1 -s ipc:///tmp/bmv2-0-notifications.ipc -m 00:00:00:FF:01:01
Traceback (most recent call last):
  File "./controller.py", line 144, in <module>
    ctrl.startup()
  File "/home/hemantietf/p4-macsec/controller_distributed/switch_controller.py", line 110, in startup
    bmv2_json_file_path=self.bmv2_file_path)
  File "/home/hemantietf/p4-macsec/controller_distributed/p4runtime_lib/switch.py", line 58, in SetForwardingPipelineConfig
    self.client_stub.SetForwardingPipelineConfig(request)
  File "/usr/local/lib/python2.7/dist-packages/grpc/_channel.py", line 690, in __call__
    return _end_unary_response_blocking(state, call, False, None)
  File "/usr/local/lib/python2.7/dist-packages/grpc/_channel.py", line 592, in _end_unary_response_blocking
    raise _Rendezvous(state, None, None, deadline)
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
        status = StatusCode.UNAVAILABLE
        details = "failed to connect to all addresses"
        debug_error_string = "{"created":"@1576619800.790658183","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3934,"referenced_errors":[{"created":"@1576619800.790653702","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":393,"grpc_status":14}]}"
>
hemantietf@instance-1:~/p4-macsec/controller_distributed$ 

make run launched mininet hosts and switches which look operational.

mininet> links
h1-eth0<->s1-eth1 (OK OK) 
h2-eth0<->s2-eth1 (OK OK) 
h3-eth0<->s3-eth1 (OK OK) 
s1-eth2<->s2-eth2 (OK OK) 
s1-eth3<->s3-eth2 (OK OK) 
mininet> 

Log of controller launch is included below.

hemantietf@instance-1:~/p4-macsec/controller$ ./controller.py 
starting cli
(Cmd) Starting gRPC server for clients. Listening on 0.0.0.0:51001

[hesingh]

I changed the controller_distributed command to use 51001 instead of 50051 as shown below and then the other controller (launched from controller directory) receives a msg and emits an error.
50051 is specified in README.md file.

sudo ./controller.py -a 127.0.0.1:51001 -n s1 -s ipc:///tmp/bmv2-0-notifications.ipc -m 00:00:00:FF:01:01

The other controller's log is included below with the error.

~/p4-macsec/controller$ starting cli
(Cmd) Starting gRPC server for clients. Listening on 0.0.0.0:51001
E1217 23:12:51.327193071    3618 ssl_transport_security.cc:1246] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.

The error looks like a security certificate issue.

[marcohae]

I changed the controller_distributed command to use 51001 instead of 50051 as shown below and then the other controller (launched from controller directory) receives a msg and emits an error.
50051 is specified in README.md file.

The -a flag of controller_distributed specifies the p4runtime address of the BMv2 switch which is 127.0.0.1:50051. Port 51001 is the port of the central controller which uses mutual TLS with client certificates, so the OpenSSL error is to be expected in that case. You need to use -a 127.0.0.1:50051.

First, with the p4c being used by macse , the README.md does not need any extern_instances editing in basic.json. We can remove the editing text from README.md.

I just tried the current version of p4c. The problem with extern_instances does not exist anymore indeed. Thanks for the tip. However, if you use that version of p4c, you need to replace mark_to_drop() with mark_to_drop(standard_metadata) in the P4 program. That causes the BMv2 simple_switch not to start and output "Unknown primitive action: mark_to_drop" in the log. None the less, the script that starts the environment wrongly says "P4 switch s1 has been started" after several failed attempts of starting the switch. That explains the "failed to connect to all addresses" error of controller_distributed.

I'll see if I can port everything to the newest versions of p4c, BMv2 and PI. In the meantime, you can use the p4c version that is referenced in user-bootstrap.sh and fix the extern_instances as I explained in the README. That should get everything to work.

[hesingh]

I have already changed basic.p4 in my PR.for mark_to_drop(). Also, latest p4c does not compile the recirculate line of code. We can just drop the decrypted packet. Please see

https://github.com/p4lang/behavioral-model/pull/834/files#diff-eabb89454dbff2d48bc9bf22126b35d3

However, I am not using latest p4c with macsec. I just ran the user-bootstrap.sh and whatever p4c it installed is being used. Thus, mark_to_drop() should use no args. I am also not sure why extern_intances does not need any edit.

[hesingh]

I see this error with make run which is new:

emantietf@instance-1:/tmp$ more p4s.s1.log
Thrift port was not specified, will use 9090
Calling target program-options parser
Unknown primitive action: _ExternCrypt_validate
hemantietf@instance-1:/tmp$ 

[jafingerhut]

FYI, the warning message from p4c about recirculate/resubmit/clone calls that attempt to preserve metadata is just that: a warning message. It should not prevent a BMv2 JSON file from being created, if that is the only warning. It does mean that the metadata you want to be preserved might not be, when executing the resulting BMv2 JSON file.

There might be bigger issues you have preventing things from working, of course. Just wanted to throw that bit of info in here.

[hesingh]

The warning says "recirculate with non-empty argument not supported". Not supported is not good.

[jafingerhut]

Agreed that not supported is not good. The actual fact is that the BMv2 JSON will definitely recirculate/resubmit/clone the packet. Whether or not it preserves the specified metadata is the only part that might work, or might not work. p4c will not tell you whether it will work, or will not work -- the warning effectively means that part might not work. Again, that might not be your biggest trouble. I am just giving you some facts. Do with them what you will.

…

On Wed, Dec 18, 2019 at 5:02 AM Hemant Singh ***@***.***> wrote: The warning says "recirculate with non-empty argument not supported". Not supported is not good. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1?email_source=notifications&email_token=AAA2YPMJT3KSHTRLADZFHCLQZINPHA5CNFSM4J2FB63KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHGBE7A#issuecomment-567022204>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAA2YPJHRC6BVU3ZM56MJEDQZINPHANCNFSM4J2FB63A> .

[hesingh]

The Unknown primitive action: _ExternCrypt_validate is an error from the behavioral-model code:

tests/test_p4objects.cpp: std::string expected("Unknown primitive action: bad_primitive\n");

[hesingh]

Oops, I saw that basic.json was not edited and the extern_instances was empty. I edited the file and now I get failure on the new json code.

hemantietf@instance-1:/tmp$ cat p4s.s1.log
Thrift port was not specified, will use 9090
Calling target program-options parser
Invalid reference to extern type 'ext_crypt'
bad json:
{
   "id" : 0,
   "name" : "crypt",
   "type" : "ext_crypt"
}

[marcohae]

That happens when you are trying to use an external function that does not exist. Did you copy the file simple_switch.cpp from p4/target to p4/vm/behavioral-model/targets/simple_switch/ and then recompile both simple_switch and simple_switch_grpc?

[hesingh]

I see, thanks. Now, I am totally operational - thanks for all the help!

The only question I have is when I used the steps in README.md, I do not have to edit basic.json. This .json file already has extern_instances correct.

[hesingh]

PrintScrc of macsec running code.

[marcohae]

I'm glad it works now.
There is a basic.json file in the repository that is already edited. You have to edit it by yourself only if you change the basic.p4 program and the compiler has to compile it again.

Apparently, with newer versions of p4c, editing of the compiled program is not necessary at all anymore.

[hesingh]

I'm glad it works now.
There is a basic.json file in the repository that is already edited. You have to edit it by yourself only if you change the basic.p4 program and the compiler has to compile it again.

Apparently, with newer versions of p4c, editing of the compiled program is not necessary at all anymore.

I see, thanks for the clarification on the basic.p4 file.

One last thing. The crypto code is being added to latest p4c and I expect folks to test macsec using latest behavioral-model, p4c, and PI code. When you get a chance, please port the code to latest p4c, behavioral-model, and PI. Note, if you use crypto.cpp in my PR, the macsec code in simple_switch is already ported to latest behavioral-model. With latest p4c, recirculate in basic.p4 will not compile. I would consider dropping the decrypted packet.

[marcohae]

When you get a chance, please port the code to latest p4c, behavioral-model, and PI. Note, if you use crypto.cpp in my PR, the macsec code in simple_switch is already ported to latest behavioral-model.

I'm already on it. I'll have a look at your crypto.cpp, thanks.

[hesingh]

@marcohae Minor edit to README.md.

Please change this line

from

Start central controller by running ./controller in folder controller

to

Start central controller by running ./controller.py in folder controller

Also, make needs to be sudo make

Please also fix this spelling: impolementation

thanks.

[marcohae]

I've checked in an updated version that uses the newest p4c, BMv2 and PI. I also added a setup.sh script that does all the necessary setup steps.