* [dts] [PATCH V1] add inline_ipsec test plan
@ 2017-12-29 10:00 xu,gang
2017-12-29 10:00 ` [dts] [PATCH V1] add test suite inline_ipsec xu,gang
2018-01-02 7:46 ` [dts] [PATCH V1] add inline_ipsec test plan Liu, Yong
0 siblings, 2 replies; 6+ messages in thread
From: xu,gang @ 2017-12-29 10:00 UTC (permalink / raw)
To: dts; +Cc: xu,gang
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=a, Size: 14622 bytes --]
Signed-off-by: xu,gang <gangx.xu@intel.com>
---
test_plans/inline_ipsec_test_plan.rst | 355 ++++++++++++++++++++++++++++++++++
1 file changed, 355 insertions(+)
create mode 100644 test_plans/inline_ipsec_test_plan.rst
diff --git a/test_plans/inline_ipsec_test_plan.rst b/test_plans/inline_ipsec_test_plan.rst
new file mode 100644
index 0000000..bc10111
--- /dev/null
+++ b/test_plans/inline_ipsec_test_plan.rst
@@ -0,0 +1,355 @@
+.. Copyright (c) <2017>, Intel Corporation
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ - Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ - Neither the name of Intel Corporation nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPR ESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================
+Inline IPsec Test Plan
+======================
+This test plan describe the method of validation inline hardware acceleration
+of symmetric crypto processing of IPsec flows on Intel® 82599 10 GbE
+Controller (IXGBE) within the cryptodev framework.
+
+***Limitation:
+AES-GCM 128 ESP Tunnel/Transport mode and Authentication only mode are
+supported.***
+
+Ref links:
+https://tools.ietf.org/html/rfc4301
+
+https://tools.ietf.org/html/rfc4302
+
+https://tools.ietf.org/html/rfc4303
+
+http://dpdk.org/doc/guides/sample_app_ug/ipsec_secgw.html
+
+Abbr:
+ESP: Encapsulating Security Payload::
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ----
+ | Security Parameters Index (SPI) | ^Int.
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Cov-
+ | Sequence Number | |ered
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ----
+ | Payload Data* (variable) | | ^
+ ~ ~ | |
+ | | |Conf.
+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Cov-
+ | | Padding (0-255 bytes) | |ered*
+ +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
+ | | Pad Length | Next Header | v v
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ------
+ | Integrity Check Value-ICV (variable) |
+ ~ ~
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+SPI: Security Parameters Index
+
+The SPI is an arbitrary 32-bit value that is used by a receiver to identify
+the SA to which an incoming packet is bound.
+
+Sequence Number:
+
+This unsigned 32-bit field contains a counter value that increases by
+one for each packet sent
+
+AES: Advanced Encryption Standard
+
+GCM: Galois Counter Mode
+
+Prerequisites
+=============
+2 * 10Gb Ethernet ports of the DUT are directly connected in full-duplex to
+different ports of the peer traffic generator.
+
+Bind two ports to vfio-pci.
+modprobe vfio-pci
+
+
+Test Case: Inline cfg parsing
+=============================
+Create inline ipsec configuration file like below::
+
+ #SP IPv4 rules
+ sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+
+ #SA rules
+ sa out 1005 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+ mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+ port_id 1 \
+ type inline-crypto-offload \
+
+ sa in 5 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+ mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+ port_id 1 \
+ type inline-crypto-offload \
+
+ #Routing rules
+ rt ipv4 dst 172.16.2.5/32 port 1
+ rt ipv4 dst 192.168.105.10/32 port 0
+
+Starting ipsec-secgw sample and make sure SP/SA/RT rules loaded successfully.
+
+Check ipsec-secgw can detect invalid cipher algo.
+
+Check ipsec-secgw can detect invalid auth algo.
+
+Check ipsec-secgw can detect invalid key format.
+
+
+Test Case: IPSec Encryption
+=================================
+Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected mode::
+
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
+ "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
+ 0x2 --config="(0,0,20),(1,0,21)" -f ./enc.cfg
+
+Use scapy to listen on unprotected port
+sudo python ./scapy_receive.py -i ens802f1
+
+Send burst(32) normal packets with dst ip (192.168.105.0) to protected port.
+ sudo python ./scapy_send.py -i ens802f0 -s 32 -c 1 -e 0
+
+Check burst esp packets received from unprotected port.
+tcpdump -Xvvvi ens802f1
+
+[root@dpdk98 scripts]# tcpdump -Xvvvi ens802f1
+tcpdump: listening on ens802f1, link-type EN10MB (Ethernet), capture size 262144 bytes
+06:10:25.674233 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto ESP (50), length 108)
+ 172.16.1.5 > 172.16.2.5: ESP(spi=0x000003ed,seq=0x9), length 88
+ 0x0000: 4500 006c 0000 0000 4032 1f36 ac10 0105 E..l....@2.6....
+ 0x0010: ac10 0205 0000 03ed 0000 0009 0000 0000 ................
+ 0x0020: 0000 0009 4468 a4af 5853 7545 b21d 977c ....Dh..XSuE...|
+ 0x0030: b911 7ec6 74a0 3349 b986 02d2 a322 d050 ..~.t.3I.....".P
+ 0x0040: 8a0d 4ffc ef4d 6246 86fe 26f0 9377 84b5 ..O..MbF..&..w..
+ 0x0050: 8b06 c7e0 05d3 1ac5 1a30 1a93 8660 4292 .........0...`B.
+ 0x0060: 999a c84d 49ed ff95 89a1 6917 ...MI.....i.
+
+
+Check esp packets' format is correct.
+
+See decrypted packets on scapy output
+[root@dpdk98 scripts]# sudo python ./scapy_receive.py -i ens802f1
+###[ IP ]###
+ version = 4
+ ihl = 5
+ tos = 0x0
+ len = 52
+ id = 1
+ flags =
+ frag = 0
+ ttl = 63
+ proto = ip
+ chksum = 0x2764
+ src = 192.168.105.10
+ dst = 192.168.105.10
+ \options \
+###[ Raw ]###
+ load = '|->test-test-test-test-test-t<-|'
+
+
+Test Case: IPSec Encryption with Jumboframe
+==============================================
+Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected mode::
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
+ "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
+ 0x2 --config="(0,0,20),(1,0,21)" -f ./enc.cfg
+
+Use scapy to listen on unprotected port
+
+Default frame size is 1518, send burst(1000) packets with dst ip (192.168.105.0) to protected port.
+
+Check burst esp packets received from unprotected port.
+
+Check esp packets' format is correct.
+
+See decrypted packets on scapy output
+
+Send burst(8192) jumbo packets with dst ip (192.168.105.0) to protected port.
+
+Check burst esp packets can't be received from unprotected port.
+
+Set jumbo frames size as 9000, start it with port 1 assigned to unprotected mode::
+
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
+ "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
+ 0x2 -j 9000 --config="(0,0,20),(1,0,21)" -f ./enc.cfg
+
+Use scapy to listen on unprotected port
+
+Send burst(8192) jumbo packets with dst ip (192.168.105.0) to protected port.
+
+Check burst jumbo packets received from unprotected port.
+
+Check esp packets' format is correct.
+
+See decrypted packets on scapy output
+
+Send burst(9000) jumbo packets with dst ip (192.168.105.0) to protected port.
+
+Check burst jumbo packets can't be received from unprotected port.
+
+
+Test Case: IPSec Encryption with RSS
+==================================
+Create configuration file with multiple SP/SA/RT rules for different ip address.
+
+Start ipsec-secgw with two queues enabled on each port and port 1 assigned to unprotected mode::
+
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
+ "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
+ 0x2 --config="(0,0,20),(0,1,20),(1,0,21),(1,1,21)" -f ./enc_rss.cfg
+
+Use scapy to listen on unprotected port
+sudo python ./scapy_receive_enc_rss.py -i ens802f1
+
+Send burst(32) packets with different dst ip to protected port.
+sudo python ./scapy_send_enc_rss.py -i ens802f0 -s 32 -c 1 -e 0
+
+Check burst esp packets received from queue 0 and queue 1 on unprotected port.
+tcpdump -Xvvvi ens802f1
+
+Check esp packets' format is correct.
+
+See decrypted packets on scapy output
+
+
+Test Case: IPSec Decryption
+=================================
+Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected mode::
+
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
+ "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
+ 0x2 --config="(0,0,20),(1,0,21)" -f ./dec.cfg
+
+Send two burst(32) esp packets to unprotected port.
+sudo python ./scapy_send.py -i ens802f1 -s 32 -c 1 -e 1
+
+First one will produce an error "IPSEC_ESP: failed crypto op" in the IPsec application,
+but it will setup the SA. Second one will decrypt and send back the decrypted packet.
+
+Check burst packets which have been decapsulated received from protected port
+tcpdump -Xvvvi ens802f0
+
+Test Case: IPSec Decryption with wrong key
+===============================================
+Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected mode::
+
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
+ "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
+ 0x2 --config="(0,0,20),(1,0,21)" -f ./dec.cfg
+
+Change dec.cfg key is not same with send packet encrypted key
+
+Send one burst(32) esp packets to unprotected port.
+
+IPsec application will produce an error "IPSEC_ESP: failed crypto op" ,
+but it will setup the SA.
+
+Send one burst(32) esp packets to unprotected port.
+
+Check burst packets which have been decapsulated can't be received from protected port,
+IPsec application will produce error "IPSEC_ESP: failed crypto op".
+
+
+Test Case: IPSec Decryption with Jumboframe
+=================================================
+Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected mode::
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
+ "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
+ 0x2 --config="(0,0,20),(1,0,21)" -f ./dec.cfg
+Default frame size is 1518, Send two burst(1000) esp packets to unprotected port.
+
+First one will produce an error "IPSEC_ESP: failed crypto op" in the IPsec application,
+but it will setup the SA. Second one will decrypt and send back the decrypted packet.
+
+Check burst(1000) packets which have been decapsulated received from protected port.
+
+Send burst(8192) esp packets to unprotected port.
+
+Check burst(8192) packets which have been decapsulated can't be received from protected port.
+
+Set jumbo frames size as 9000, start it with port 1 assigned to unprotected mode::
+
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
+ "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
+ 0x2 -j 9000 --config="(0,0,20),(1,0,21)" -f ./dec.cfg
+
+Send two burst(8192) esp packets to unprotected port.
+
+First one will produce an error "IPSEC_ESP: failed crypto op" in the IPsec application,
+but it will setup the SA. Second one will decrypt and send back the decrypted packet.
+
+Check burst(8192) packets which have been decapsulated received from protected port.
+
+Send burst(9000) esp packets to unprotected port.
+
+Check burst(9000) packets which have been decapsulated can't be received from protected port.
+
+
+Test Case: IPSec Decryption with RSS
+===========================================
+Create configuration file with multiple SA rule for different ip address.
+
+Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected mode::
+
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
+ "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
+ 0x2 -config="(0,0,20),(0,1,20),(1,0,21),(1,1,21)" -f ./dec_rss.cfg
+
+Send two burst(32) esp packets with different ip to unprotected port.
+
+First one will produce an error "IPSEC_ESP: failed crypto op" in the IPsec application,
+but it will setup the SA. Second one will decrypt and send back the decrypted packet.
+
+Check burst(32) packets which have been decapsulated received from queue 0 and
+1 on protected port.
+
+
+Test Case: IPSec Encryption/Decryption simultaneously
+=====================================================
+Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected mode::
+
+ sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1
+ --vdev "crypto_null" --log-level 8 --socket-mem 1024,1
+ -- -p 0xf -P -u 0x2 --config="(0,0,20),(1,0,21)" -f ./enc_dec.cfg
+
+Send normal and esp packets to protected and unprotected ports simultaneously.
+
+Note when testing inbound IPSec, first one will produce an error "IPSEC_ESP:
+invalid padding" in the IPsec application, but it will setup the SA. Second
+one will decrypt and send back the decrypted packet.
+
+Check esp and normal packets received from unprotected and protected ports.
--
1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [dts] [PATCH V1] add test suite inline_ipsec
2017-12-29 10:00 [dts] [PATCH V1] add inline_ipsec test plan xu,gang
@ 2017-12-29 10:00 ` xu,gang
2018-01-02 8:16 ` Liu, Yong
2018-01-02 7:46 ` [dts] [PATCH V1] add inline_ipsec test plan Liu, Yong
1 sibling, 1 reply; 6+ messages in thread
From: xu,gang @ 2017-12-29 10:00 UTC (permalink / raw)
To: dts; +Cc: xu,gang
Signed-off-by: xu,gang <gangx.xu@intel.com>
---
tests/TestSuite_inline_ipsec.py | 405 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 405 insertions(+)
create mode 100644 tests/TestSuite_inline_ipsec.py
diff --git a/tests/TestSuite_inline_ipsec.py b/tests/TestSuite_inline_ipsec.py
new file mode 100644
index 0000000..ba90caf
--- /dev/null
+++ b/tests/TestSuite_inline_ipsec.py
@@ -0,0 +1,405 @@
+# BSD LICENSE
+#
+# Copyright(c) 2010-2017 Intel Corporation. All rights reserved.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Intel Corporation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+"""
+DPDK Test suite.
+Test inline_ipsec.
+"""
+
+import utils
+import string
+import time
+import re
+import threading
+from test_case import TestCase
+import getopt
+from scapy.all import *
+
+ETHER_STANDARD_MTU = 1518
+ETHER_JUMBO_FRAME_MTU = 9000
+
+
+class TestInlineIpsec(TestCase):
+
+ def set_up_all(self):
+ """
+ Run at the start of each test suite.
+ """
+ self.verify(self.nic in ["niantic"], "%s NIC not support" % self.nic)
+ self.dut_ports = self.dut.get_ports(self.nic)
+ self.verify(len(self.dut_ports) >= 2, "Insufficient ports")
+ cores = self.dut.get_core_list("1S/4C/1T")
+ self.coremask = utils.create_mask(cores)
+
+ # get test port info
+ self.rxport = self.tester.get_local_port(1)
+ self.txport = self.tester.get_local_port(0)
+ self.rxItf = self.tester.get_interface(self.rxport)
+ self.txItf = self.tester.get_interface(self.txport)
+ # get dut port pci
+ self.portpci_0 = self.dut.get_port_pci(self.dut_ports[0])
+ self.portpci_1 = self.dut.get_port_pci(self.dut_ports[1])
+
+ # enable tester mtu
+ self.rxnetobj = self.tester.ports_info[self.rxport]['port']
+ self.rxnetobj.enable_jumbo(framesize=ETHER_JUMBO_FRAME_MTU + 100)
+ self.txnetobj = self.tester.ports_info[self.txport]['port']
+ self.txnetobj.enable_jumbo(framesize=ETHER_JUMBO_FRAME_MTU + 100)
+
+ self.path = "./examples/ipsec-secgw/build/ipsec-secgw"
+ # add print code in IPSEC app
+ sedcmd = r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, portid);/i\\printf("[debug]receive %hhu packet in rxqueueid=%hhu\\n",nb_rx, queueid);' examples/ipsec-secgw/ipsec-secgw.c"""
+ self.dut.send_expect(sedcmd, "#", 60)
+
+ # build sample app
+ out = self.dut.build_dpdk_apps("./examples/ipsec-secgw")
+ self.verify("Error" not in out, "compilation error 1")
+ self.verify("No such file" not in out, "compilation error 2")
+
+ self.cfg_prepare()
+
+ def set_up(self):
+ """
+ Run before each test case.
+ """
+ pass
+
+ def cfg_prepare(self):
+ """
+ write the inline_ipsec configuration file
+ """
+ enc = """
+#SP IPv4 rules
+sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+
+#SA rules
+sa out 1005 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 1
+"""
+ dec = """
+#SA rules
+sa in 5 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ enc_rss = """
+#SP IPv4 rules
+sp ipv4 out esp protect 1002 pri 1 dst 192.168.102.0/24 sport 0:65535 dport 0:65535
+
+sa out 1002 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.31.35 dst 172.16.32.35 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 172.16.32.35/32 port 1
+"""
+ dec_rss = """
+#SA rules
+sa in 3 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.21.25 dst 172.16.22.25 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ dec_wrong_key = """
+#SA rules
+sa in 5 aead_algo aes-128-gcm aead_key 2f:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ enc_dec = """
+#SP IPv4 rules
+sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+
+#SA rules
+sa out 1005 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+sa in 5 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 1
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ self.set_cfg('enc.cfg', enc)
+ self.set_cfg('dec.cfg', dec)
+ self.set_cfg('enc_rss.cfg', enc_rss)
+ self.set_cfg('dec_rss.cfg', dec_rss)
+ self.set_cfg('enc_dec.cfg', enc_dec)
+ self.set_cfg('dec_wrong_key.cfg', dec_wrong_key)
+
+ def set_cfg(self, filename, cfg):
+ """
+ open file and write cfg, scp it to dut /root/dpdk/
+ """
+ with open(filename, 'w') as f:
+ f.write(cfg)
+ self.dut.session.copy_file_to(filename, '/root/dpdk/')
+
+ def send_encryption_package(self, intface, paysize=64, do_encrypt=False, send_spi=5, count=1, mydst='192.168.105.10', sa_src='172.16.1.5', sa_dst='172.16.2.5'):
+ """
+ make a package and send
+ """
+ test = 'test-' * 2000
+ payload = test[0:int(paysize)]
+ sa_gcm = SecurityAssociation(ESP, spi=send_spi,
+ crypt_algo='AES-GCM',
+ crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',
+ auth_algo='NULL', auth_key=None,
+ tunnel_header=IP(src=sa_src, dst=sa_dst))
+ sa_gcm.crypt_algo.icv_size = 16
+
+ p = IP(src='192.168.105.10', dst=mydst)
+ p /= "|->"
+ p /= payload
+ p /= "<-|"
+ p = IP(str(p))
+
+ if do_encrypt == True:
+ print "send encrypt package"
+ e = sa_gcm.encrypt(p)
+ else:
+ print "send normal package"
+ e = p
+
+ eth_e = Ether() / e
+ eth_e.src = "52:54:00:21:68:1c"
+ eth_e.dst = "52:54:00:16:f6:b0"
+ session_send = self.tester.create_session(
+ name='send_encryption_package')
+ sendp(eth_e, iface=intface, count=count)
+ self.tester.destroy_session(session_send)
+
+ return payload
+
+ def Ipsec_Encryption(self, config, file_name, txItf, rxItf, paysize=32, jumboframe=1518, do_encrypt=False, verify=True, send_spi=5, receive_spi=1005, count=1, mydst='192.168.105.10', sa_src='172.16.1.5', sa_dst='172.16.2.5'):
+ """
+ verify Ipsec receive package
+ """
+ cmd = self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config='%s' -f %s" % (
+ self.portpci_0, self.portpci_1, jumboframe, config, file_name)
+ self.dut.send_expect(cmd, "IPSEC", 60)
+
+ session_receive = self.tester.create_session(
+ name='receive_encryption_package')
+ sa_gcm = r"sa_gcm=SecurityAssociation(ESP,spi=%s,crypt_algo='AES-GCM',crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',auth_algo='NULL',auth_key=None,tunnel_header=IP(src='172.16.1.5',dst='172.16.2.5'))" % receive_spi
+
+ session_receive.send_expect("scapy", "Welcome to Scapy", 10)
+ session_receive.send_expect(
+ "pkts=sniff(iface='%s',count=1,timeout=10)" % rxItf, "", 30)
+ send_package = self.send_encryption_package(
+ txItf, paysize, do_encrypt, send_spi, count, mydst, sa_src, sa_dst)
+
+ time.sleep(10)
+ out = session_receive.send_expect("pkts", "", 30)
+ if do_encrypt:
+ out = session_receive.send_expect("pkts[0]['IP'] ", ">>>", 10)
+ else:
+ session_receive.send_expect(sa_gcm, ">>>", 10)
+ session_receive.send_expect(
+ "results=sa_gcm.decrypt(pkts[0]['IP'])", ">>>", 10)
+ out = session_receive.send_expect("results", ">>>", 10)
+
+ if verify:
+ self.verify(send_package in out,
+ "Unreceived package or get other package")
+ else:
+ self.verify(send_package not in out,
+ "The function is not in effect")
+ session_receive.send_expect("quit()", "#", 10)
+ self.tester.destroy_session(session_receive)
+
+ def test_Ipsec_Encryption(self):
+ """
+ test Ipsec Encryption
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg',
+ self.txItf, self.rxItf, paysize)
+
+ def test_Ipsec_Encryption_Jumboframe(self):
+ """
+ test Ipsec Encryption Jumboframe
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg',
+ self.txItf, self.rxItf, paysize, ETHER_JUMBO_FRAME_MTU)
+
+ def test_Ipsec_Encryption_Rss(self):
+ """
+ test Ipsec Encryption Rss
+ """
+ config = '(0,0,20),(0,1,20),(1,0,21),(1,1,21)'
+ self.Ipsec_Encryption(config, '/root/dpdk/enc_rss.cfg', self.txItf,
+ self.rxItf, send_spi=2, receive_spi=1002, mydst='192.168.102.10')
+ out = self.dut.get_session_output()
+ verifycode = "receive 1 packet in rxqueueid=1"
+ self.verify(verifycode in out, "rxqueueid error")
+
+ def test_IPSec_Decryption(self):
+ """
+ test IPSec Decryption
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf,
+ self.txItf, paysize, do_encrypt=True, count=2)
+
+ def test_IPSec_Decryption_Jumboframe(self):
+ """
+ test IPSec Decryption Jumboframe
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf,
+ self.txItf, paysize, ETHER_JUMBO_FRAME_MTU, do_encrypt=True, count=2)
+
+ def test_Ipsec_Decryption_Rss(self):
+ """
+ test Ipsec Decryption Rss
+ """
+ config = '(0,0,20),(0,1,20),(1,0,21),(1,1,21)'
+ self.Ipsec_Encryption(config, '/root/dpdk/dec_rss.cfg', self.rxItf, self.txItf, do_encrypt=True,
+ send_spi=3, receive_spi=1003, count=2, sa_src='172.16.21.25', sa_dst='172.16.22.25')
+ out = self.dut.get_session_output()
+ verifycode = "receive 1 packet in rxqueueid=1"
+ self.verify(verifycode in out, "rxqueueid error")
+
+ def test_Ipsec_Decryption_wrongkey(self):
+ """
+ test Ipsec Decryption wrongkey
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/dec_wrong_key.cfg', self.rxItf,
+ self.txItf, paysize, do_encrypt=True, verify=False, count=2)
+ out = self.dut.get_session_output()
+ verifycode = "IPSEC_ESP: failed crypto op"
+ self.verify(verifycode in out, "Ipsec Decryption wrongkey failed")
+
+ def test_Ipsec_Encryption_Decryption(self):
+ """
+ test Ipsec Encryption Decryption
+ """
+ cmd = self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config='%s' -f %s" % (
+ self.portpci_0, self.portpci_1, '1518', '(0,0,21),(1,0,21)', '/root/dpdk/enc_dec.cfg')
+ self.dut.send_expect(cmd, "IPSEC", 60)
+ session_receive = self.tester.create_session(
+ name='receive_encryption_package')
+ sa_gcm = r"sa_gcm=SecurityAssociation(ESP, spi=1005,crypt_algo='AES-GCM',crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',auth_algo='NULL', auth_key=None,tunnel_header=IP(src='172.16.1.5', dst='172.16.2.5'))"
+
+ session_receive.send_expect("scapy", "Welcome to Scapy", 60)
+ session_receive.send_expect(sa_gcm, ">>>", 60)
+ session_receive.send_expect(
+ "pkts=sniff(iface='%s',count=3)" % self.rxItf, "", 60)
+ session_receive2 = self.tester.create_session(
+ name='receive_encryption_package2')
+
+ session_receive2.send_expect("scapy", "Welcome to Scapy", 60)
+ session_receive2.send_expect(sa_gcm, ">>>", 60)
+ session_receive2.send_expect(
+ "pkts=sniff(iface='%s',count=2)" % self.txItf, "", 60)
+
+ payload = "test for Ipsec Encryption Decryption simultaneously"
+ sa_gcm = SecurityAssociation(ESP, spi=5,
+ crypt_algo='AES-GCM',
+ crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',
+ auth_algo='NULL', auth_key=None,
+ tunnel_header=IP(src='172.16.1.5', dst='172.16.2.5'))
+ sa_gcm.crypt_algo.icv_size = 16
+
+ p = IP(src='192.168.105.10', dst='192.168.105.10')
+ p /= "|->"
+ p /= payload
+ p /= "<-|"
+ p = IP(str(p))
+
+ e1 = sa_gcm.encrypt(p)
+ e2 = p
+
+ eth_e1 = Ether() / e1
+ eth_e1.src = "52:54:00:21:68:1c"
+ eth_e1.dst = "52:54:00:16:f6:b0"
+ eth_e2 = Ether() / e2
+ eth_e2.src = "52:54:00:21:68:1c"
+ eth_e2.dst = "52:54:00:16:f6:b0"
+
+ t1 = threading.Thread(target=sendp(eth_e1, iface=self.rxItf, count=2))
+ t1.start()
+ t2 = threading.Thread(target=sendp(eth_e2, iface=self.txItf, count=1))
+ t2.start()
+ session_receive.send_expect("^C", ">>>", 60)
+ session_receive2.send_expect("^C", ">>>", 60)
+ session_receive.send_expect(
+ "results=sa_gcm.decrypt(pkts[2]['IP'])", ">>>", 60)
+ out = session_receive.send_expect("results", ">>>", 60)
+ self.verify(payload in out, "Get a error package")
+ out = session_receive2.send_expect("pkts[1]", ">>>", 60)
+ self.verify(payload in out, "Get a error package")
+
+ def tear_down(self):
+ """
+ Run after each test case.
+ """
+ self.tester.send_expect("^C", "#", 5)
+ self.dut.kill_all()
+ time.sleep(2)
+
+ def tear_down_all(self):
+ """
+ Run after each test suite.
+ """
+ self.rxnetobj.enable_jumbo(framesize=ETHER_STANDARD_MTU)
+ self.txnetobj.enable_jumbo(framesize=ETHER_STANDARD_MTU)
--
1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dts] [PATCH V1] add inline_ipsec test plan
2017-12-29 10:00 [dts] [PATCH V1] add inline_ipsec test plan xu,gang
2017-12-29 10:00 ` [dts] [PATCH V1] add test suite inline_ipsec xu,gang
@ 2018-01-02 7:46 ` Liu, Yong
1 sibling, 0 replies; 6+ messages in thread
From: Liu, Yong @ 2018-01-02 7:46 UTC (permalink / raw)
To: Xu, GangX, dts; +Cc: Xu, GangX
Gang, some comments are inline.
> -----Original Message-----
> From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of xu,gang
> Sent: Friday, December 29, 2017 6:01 PM
> To: dts@dpdk.org
> Cc: Xu, GangX <gangx.xu@intel.com>
> Subject: [dts] [PATCH V1] add inline_ipsec test plan
>
> Signed-off-by: xu,gang <gangx.xu@intel.com>
> ---
> test_plans/inline_ipsec_test_plan.rst | 355
> ++++++++++++++++++++++++++++++++++
> 1 file changed, 355 insertions(+)
> create mode 100644 test_plans/inline_ipsec_test_plan.rst
>
> diff --git a/test_plans/inline_ipsec_test_plan.rst
> b/test_plans/inline_ipsec_test_plan.rst
> new file mode 100644
> index 0000000..bc10111
> --- /dev/null
> +++ b/test_plans/inline_ipsec_test_plan.rst
> @@ -0,0 +1,355 @@
> +.. Copyright (c) <2017>, Intel Corporation
> + All rights reserved.
> +
> + Redistribution and use in source and binary forms, with or without
> + modification, are permitted provided that the following conditions
> + are met:
> +
> + - Redistributions of source code must retain the above copyright
> + notice, this list of conditions and the following disclaimer.
> +
> + - Redistributions in binary form must reproduce the above copyright
> + notice, this list of conditions and the following disclaimer in
> + the documentation and/or other materials provided with the
> + distribution.
> +
> + - Neither the name of Intel Corporation nor the names of its
> + contributors may be used to endorse or promote products derived
> + from this software without specific prior written permission.
> +
> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> + "AS IS" AND ANY EXPR ESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
> + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
> + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
> + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
> + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
> + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
> + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
> + OF THE POSSIBILITY OF SUCH DAMAGE.
> +
> +======================
> +Inline IPsec Test Plan
> +======================
> +This test plan describe the method of validation inline hardware
> acceleration
> +of symmetric crypto processing of IPsec flows on Intel® 82599 10 GbE
> +Controller (IXGBE) within the cryptodev framework.
> +
> +***Limitation:
> +AES-GCM 128 ESP Tunnel/Transport mode and Authentication only mode are
> +supported.***
> +
> +Ref links:
> +https://tools.ietf.org/html/rfc4301
> +
> +https://tools.ietf.org/html/rfc4302
> +
> +https://tools.ietf.org/html/rfc4303
> +
> +http://dpdk.org/doc/guides/sample_app_ug/ipsec_secgw.html
> +
> +Abbr:
> +ESP: Encapsulating Security Payload::
> +
> + 0 1 2 3
> + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ --
> --
> + | Security Parameters Index (SPI) |
> ^Int.
> + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |Cov-
> + | Sequence Number |
> |ered
> + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
> ----
> + | Payload Data* (variable) | |
> ^
> + ~ ~ |
> |
> + | |
> |Conf.
> + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |Cov-
> + | | Padding (0-255 bytes) |
> |ered*
> + +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
> |
> + | | Pad Length | Next Header | v
> v
> + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ --
> ----
> + | Integrity Check Value-ICV (variable) |
> + ~ ~
> + | |
> + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> +
> +
> +SPI: Security Parameters Index
> +
> +The SPI is an arbitrary 32-bit value that is used by a receiver to
> identify
> +the SA to which an incoming packet is bound.
> +
> +Sequence Number:
> +
> +This unsigned 32-bit field contains a counter value that increases by
> +one for each packet sent
> +
> +AES: Advanced Encryption Standard
> +
> +GCM: Galois Counter Mode
> +
> +Prerequisites
> +=============
> +2 * 10Gb Ethernet ports of the DUT are directly connected in full-duplex
> to
> +different ports of the peer traffic generator.
> +
> +Bind two ports to vfio-pci.
> +modprobe vfio-pci
> +
> +
> +Test Case: Inline cfg parsing
> +=============================
> +Create inline ipsec configuration file like below::
> +
> + #SP IPv4 rules
> + sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport
> 0:65535 dport 0:65535
> +
> + #SA rules
> + sa out 1005 aead_algo aes-128-gcm aead_key
> 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
> + mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
> + port_id 1 \
> + type inline-crypto-offload \
> +
> + sa in 5 aead_algo aes-128-gcm aead_key
> 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
> + mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
> + port_id 1 \
> + type inline-crypto-offload \
> +
> + #Routing rules
> + rt ipv4 dst 172.16.2.5/32 port 1
> + rt ipv4 dst 192.168.105.10/32 port 0
> +
> +Starting ipsec-secgw sample and make sure SP/SA/RT rules loaded
> successfully.
> +
> +Check ipsec-secgw can detect invalid cipher algo.
> +
> +Check ipsec-secgw can detect invalid auth algo.
> +
> +Check ipsec-secgw can detect invalid key format.
> +
> +
> +Test Case: IPSec Encryption
> +=================================
> +Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected
> mode::
> +
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
> + "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
> + 0x2 --config="(0,0,20),(1,0,21)" -f ./enc.cfg
> +
> +Use scapy to listen on unprotected port
> +sudo python ./scapy_receive.py -i ens802f1
> +
Gang, please do not use your own script in the test plan. Others can't get the idea what is happening in your script.
> +Send burst(32) normal packets with dst ip (192.168.105.0) to protected
> port.
> + sudo python ./scapy_send.py -i ens802f0 -s 32 -c 1 -e 0
> +
Same as previous.
> +Check burst esp packets received from unprotected port.
> +tcpdump -Xvvvi ens802f1
> +
> +[root@dpdk98 scripts]# tcpdump -Xvvvi ens802f1
> +tcpdump: listening on ens802f1, link-type EN10MB (Ethernet), capture size
> 262144 bytes
> +06:10:25.674233 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto
> ESP (50), length 108)
> + 172.16.1.5 > 172.16.2.5: ESP(spi=0x000003ed,seq=0x9), length 88
> + 0x0000: 4500 006c 0000 0000 4032 1f36 ac10 0105 E..l....@2.6....
> + 0x0010: ac10 0205 0000 03ed 0000 0009 0000 0000 ................
> + 0x0020: 0000 0009 4468 a4af 5853 7545 b21d
> 977c ....Dh..XSuE...|
> + 0x0030: b911 7ec6 74a0 3349 b986 02d2 a322
> d050 ..~.t.3I.....".P
> + 0x0040: 8a0d 4ffc ef4d 6246 86fe 26f0 9377 84b5 ..O..MbF..&..w..
> + 0x0050: 8b06 c7e0 05d3 1ac5 1a30 1a93 8660 4292 .........0...`B.
> + 0x0060: 999a c84d 49ed ff95 89a1 6917 ...MI.....i.
> +
> +
> +Check esp packets' format is correct.
> +
> +See decrypted packets on scapy output
> +[root@dpdk98 scripts]# sudo python ./scapy_receive.py -i ens802f1
Please remove prompt like "[root@dpdk98 scripts]" and please just show scapy dump command here.
> +###[ IP ]###
> + version = 4
> + ihl = 5
> + tos = 0x0
> + len = 52
> + id = 1
> + flags =
> + frag = 0
> + ttl = 63
> + proto = ip
> + chksum = 0x2764
> + src = 192.168.105.10
> + dst = 192.168.105.10
> + \options \
> +###[ Raw ]###
> + load = '|->test-test-test-test-test-t<-|'
> +
> +
Please optimize the format, before the output should be the indent.
> +Test Case: IPSec Encryption with Jumboframe
> +==============================================
> +Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected
> mode::
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
> + "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
> + 0x2 --config="(0,0,20),(1,0,21)" -f ./enc.cfg
> +
> +Use scapy to listen on unprotected port
> +
> +Default frame size is 1518, send burst(1000) packets with dst ip
> (192.168.105.0) to protected port.
> +
> +Check burst esp packets received from unprotected port.
> +
> +Check esp packets' format is correct.
> +
> +See decrypted packets on scapy output
> +
> +Send burst(8192) jumbo packets with dst ip (192.168.105.0) to protected
> port.
> +
> +Check burst esp packets can't be received from unprotected port.
> +
> +Set jumbo frames size as 9000, start it with port 1 assigned to
> unprotected mode::
> +
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
> + "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
> + 0x2 -j 9000 --config="(0,0,20),(1,0,21)" -f ./enc.cfg
> +
> +Use scapy to listen on unprotected port
> +
> +Send burst(8192) jumbo packets with dst ip (192.168.105.0) to protected
> port.
> +
> +Check burst jumbo packets received from unprotected port.
> +
> +Check esp packets' format is correct.
> +
> +See decrypted packets on scapy output
> +
> +Send burst(9000) jumbo packets with dst ip (192.168.105.0) to protected
> port.
> +
> +Check burst jumbo packets can't be received from unprotected port.
> +
> +
> +Test Case: IPSec Encryption with RSS
> +==================================
> +Create configuration file with multiple SP/SA/RT rules for different ip
> address.
> +
> +Start ipsec-secgw with two queues enabled on each port and port 1
> assigned to unprotected mode::
> +
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
> + "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
> + 0x2 --config="(0,0,20),(0,1,20),(1,0,21),(1,1,21)" -f ./enc_rss.cfg
> +
> +Use scapy to listen on unprotected port
> +sudo python ./scapy_receive_enc_rss.py -i ens802f1
> +
> +Send burst(32) packets with different dst ip to protected port.
> +sudo python ./scapy_send_enc_rss.py -i ens802f0 -s 32 -c 1 -e 0
> +
> +Check burst esp packets received from queue 0 and queue 1 on unprotected
> port.
> +tcpdump -Xvvvi ens802f1
> +
> +Check esp packets' format is correct.
> +
> +See decrypted packets on scapy output
> +
> +
> +Test Case: IPSec Decryption
> +=================================
> +Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected
> mode::
> +
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
> + "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
> + 0x2 --config="(0,0,20),(1,0,21)" -f ./dec.cfg
> +
> +Send two burst(32) esp packets to unprotected port.
> +sudo python ./scapy_send.py -i ens802f1 -s 32 -c 1 -e 1
> +
> +First one will produce an error "IPSEC_ESP: failed crypto op" in the
> IPsec application,
> +but it will setup the SA. Second one will decrypt and send back the
> decrypted packet.
> +
> +Check burst packets which have been decapsulated received from protected
> port
> +tcpdump -Xvvvi ens802f0
> +
> +Test Case: IPSec Decryption with wrong key
> +===============================================
> +Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected
> mode::
> +
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
> + "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
> + 0x2 --config="(0,0,20),(1,0,21)" -f ./dec.cfg
> +
> +Change dec.cfg key is not same with send packet encrypted key
> +
> +Send one burst(32) esp packets to unprotected port.
> +
> +IPsec application will produce an error "IPSEC_ESP: failed crypto op" ,
> +but it will setup the SA.
> +
> +Send one burst(32) esp packets to unprotected port.
> +
> +Check burst packets which have been decapsulated can't be received from
> protected port,
> +IPsec application will produce error "IPSEC_ESP: failed crypto op".
> +
> +
> +Test Case: IPSec Decryption with Jumboframe
> +=================================================
> +Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected
> mode::
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
> + "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
> + 0x2 --config="(0,0,20),(1,0,21)" -f ./dec.cfg
> +Default frame size is 1518, Send two burst(1000) esp packets to
> unprotected port.
> +
> +First one will produce an error "IPSEC_ESP: failed crypto op" in the
> IPsec application,
> +but it will setup the SA. Second one will decrypt and send back the
> decrypted packet.
> +
> +Check burst(1000) packets which have been decapsulated received from
> protected port.
> +
> +Send burst(8192) esp packets to unprotected port.
> +
> +Check burst(8192) packets which have been decapsulated can't be received
> from protected port.
> +
> +Set jumbo frames size as 9000, start it with port 1 assigned to
> unprotected mode::
> +
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
> + "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
> + 0x2 -j 9000 --config="(0,0,20),(1,0,21)" -f ./dec.cfg
> +
> +Send two burst(8192) esp packets to unprotected port.
> +
> +First one will produce an error "IPSEC_ESP: failed crypto op" in the
> IPsec application,
> +but it will setup the SA. Second one will decrypt and send back the
> decrypted packet.
> +
> +Check burst(8192) packets which have been decapsulated received from
> protected port.
> +
> +Send burst(9000) esp packets to unprotected port.
> +
> +Check burst(9000) packets which have been decapsulated can't be received
> from protected port.
> +
> +
> +Test Case: IPSec Decryption with RSS
> +===========================================
> +Create configuration file with multiple SA rule for different ip address.
> +
> +Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected
> mode::
> +
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1 --vdev
> + "crypto_null" --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u
> + 0x2 -config="(0,0,20),(0,1,20),(1,0,21),(1,1,21)" -f ./dec_rss.cfg
> +
> +Send two burst(32) esp packets with different ip to unprotected port.
> +
> +First one will produce an error "IPSEC_ESP: failed crypto op" in the
> IPsec application,
> +but it will setup the SA. Second one will decrypt and send back the
> decrypted packet.
> +
> +Check burst(32) packets which have been decapsulated received from queue
> 0 and
> +1 on protected port.
> +
> +
> +Test Case: IPSec Encryption/Decryption simultaneously
> +=====================================================
> +Start ipsec-secgw with two 82599 ports and assign port 1 to unprotected
> mode::
> +
> + sudo ./build/ipsec-secgw -l 20,21 -w 83:00.0 -w 83:00.1
> + --vdev "crypto_null" --log-level 8 --socket-mem 1024,1
> + -- -p 0xf -P -u 0x2 --config="(0,0,20),(1,0,21)" -f ./enc_dec.cfg
> +
> +Send normal and esp packets to protected and unprotected ports
> simultaneously.
> +
> +Note when testing inbound IPSec, first one will produce an error
> "IPSEC_ESP:
> +invalid padding" in the IPsec application, but it will setup the SA.
> Second
> +one will decrypt and send back the decrypted packet.
> +
> +Check esp and normal packets received from unprotected and protected
> ports.
> --
> 1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dts] [PATCH V1] add test suite inline_ipsec
2017-12-29 10:00 ` [dts] [PATCH V1] add test suite inline_ipsec xu,gang
@ 2018-01-02 8:16 ` Liu, Yong
0 siblings, 0 replies; 6+ messages in thread
From: Liu, Yong @ 2018-01-02 8:16 UTC (permalink / raw)
To: Xu, GangX, dts; +Cc: Xu, GangX
Gang, some comments are inline.
Thanks,
Marvin
> -----Original Message-----
> From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of xu,gang
> Sent: Friday, December 29, 2017 6:01 PM
> To: dts@dpdk.org
> Cc: Xu, GangX <gangx.xu@intel.com>
> Subject: [dts] [PATCH V1] add test suite inline_ipsec
>
> Signed-off-by: xu,gang <gangx.xu@intel.com>
> ---
> tests/TestSuite_inline_ipsec.py | 405
> ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 405 insertions(+)
> create mode 100644 tests/TestSuite_inline_ipsec.py
>
> diff --git a/tests/TestSuite_inline_ipsec.py
> b/tests/TestSuite_inline_ipsec.py
> new file mode 100644
> index 0000000..ba90caf
> --- /dev/null
> +++ b/tests/TestSuite_inline_ipsec.py
> @@ -0,0 +1,405 @@
> +# BSD LICENSE
> +#
> +# Copyright(c) 2010-2017 Intel Corporation. All rights reserved.
> +# All rights reserved.
> +#
> +# Redistribution and use in source and binary forms, with or without
> +# modification, are permitted provided that the following conditions
> +# are met:
> +#
> +# * Redistributions of source code must retain the above copyright
> +# notice, this list of conditions and the following disclaimer.
> +# * Redistributions in binary form must reproduce the above copyright
> +# notice, this list of conditions and the following disclaimer in
> +# the documentation and/or other materials provided with the
> +# distribution.
> +# * Neither the name of Intel Corporation nor the names of its
> +# contributors may be used to endorse or promote products derived
> +# from this software without specific prior written permission.
> +#
> +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> +
> +
> +"""
> +DPDK Test suite.
> +Test inline_ipsec.
> +"""
> +
> +import utils
> +import string
> +import time
> +import re
> +import threading
> +from test_case import TestCase
> +import getopt
> +from scapy.all import *
> +
> +ETHER_STANDARD_MTU = 1518
> +ETHER_JUMBO_FRAME_MTU = 9000
> +
> +
> +class TestInlineIpsec(TestCase):
> +
> + def set_up_all(self):
> + """
> + Run at the start of each test suite.
> + """
> + self.verify(self.nic in ["niantic"], "%s NIC not support" %
> self.nic)
> + self.dut_ports = self.dut.get_ports(self.nic)
> + self.verify(len(self.dut_ports) >= 2, "Insufficient ports")
> + cores = self.dut.get_core_list("1S/4C/1T")
> + self.coremask = utils.create_mask(cores)
> +
> + # get test port info
> + self.rxport = self.tester.get_local_port(1)
> + self.txport = self.tester.get_local_port(0)
> + self.rxItf = self.tester.get_interface(self.rxport)
> + self.txItf = self.tester.get_interface(self.txport)
> + # get dut port pci
> + self.portpci_0 = self.dut.get_port_pci(self.dut_ports[0])
> + self.portpci_1 = self.dut.get_port_pci(self.dut_ports[1])
> +
> + # enable tester mtu
> + self.rxnetobj = self.tester.ports_info[self.rxport]['port']
> + self.rxnetobj.enable_jumbo(framesize=ETHER_JUMBO_FRAME_MTU + 100)
> + self.txnetobj = self.tester.ports_info[self.txport]['port']
> + self.txnetobj.enable_jumbo(framesize=ETHER_JUMBO_FRAME_MTU + 100)
> +
> + self.path = "./examples/ipsec-secgw/build/ipsec-secgw"
> + # add print code in IPSEC app
> + sedcmd = r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx,
> portid);/i\\printf("[debug]receive %hhu packet in rxqueueid=%hhu\\n",nb_rx,
> queueid);' examples/ipsec-secgw/ipsec-secgw.c"""
> + self.dut.send_expect(sedcmd, "#", 60)
> +
> + # build sample app
> + out = self.dut.build_dpdk_apps("./examples/ipsec-secgw")
> + self.verify("Error" not in out, "compilation error 1")
> + self.verify("No such file" not in out, "compilation error 2")
> +
> + self.cfg_prepare()
> +
> + def set_up(self):
> + """
> + Run before each test case.
> + """
> + pass
> +
> + def cfg_prepare(self):
> + """
> + write the inline_ipsec configuration file
> + """
> + enc = """
> +#SP IPv4 rules
> +sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535
> dport 0:65535
> +
> +#SA rules
> +sa out 1005 aead_algo aes-128-gcm aead_key
> 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
> +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
> +port_id 1 \
> +type inline-crypto-offload \
> +
> +#Routing rules
> +rt ipv4 dst 172.16.2.5/32 port 1
> +"""
You can use parentheses which is more readable for multiple lines string.
eg:
enc = ("#SP IPv4 rules"
"sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535"
"#SA rules"
"sa out 1005 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 port_id 1 type inline-crypto-offload"
)
> + dec = """
> +#SA rules
> +sa in 5 aead_algo aes-128-gcm aead_key
> 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
> +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
> +port_id 1 \
> +type inline-crypto-offload \
> +
> +#Routing rules
> +rt ipv4 dst 192.168.105.10/32 port 0
> +"""
> + enc_rss = """
> +#SP IPv4 rules
> +sp ipv4 out esp protect 1002 pri 1 dst 192.168.102.0/24 sport 0:65535
> dport 0:65535
> +
> +sa out 1002 aead_algo aes-128-gcm aead_key
> 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
> +mode ipv4-tunnel src 172.16.31.35 dst 172.16.32.35 \
> +port_id 1 \
> +type inline-crypto-offload \
> +
> +#Routing rules
> +rt ipv4 dst 172.16.32.35/32 port 1
> +"""
> + dec_rss = """
> +#SA rules
> +sa in 3 aead_algo aes-128-gcm aead_key
> 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
> +mode ipv4-tunnel src 172.16.21.25 dst 172.16.22.25 \
> +port_id 1 \
> +type inline-crypto-offload \
> +
> +#Routing rules
> +rt ipv4 dst 192.168.105.10/32 port 0
> +"""
> + dec_wrong_key = """
> +#SA rules
> +sa in 5 aead_algo aes-128-gcm aead_key
> 2f:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
> +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
> +port_id 1 \
> +type inline-crypto-offload \
> +
> +#Routing rules
> +rt ipv4 dst 192.168.105.10/32 port 0
> +"""
> + enc_dec = """
> +#SP IPv4 rules
> +sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535
> dport 0:65535
> +
> +#SA rules
> +sa out 1005 aead_algo aes-128-gcm aead_key
> 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
> +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
> +port_id 1 \
> +type inline-crypto-offload \
> +
> +sa in 5 aead_algo aes-128-gcm aead_key
> 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
> +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
> +port_id 1 \
> +type inline-crypto-offload \
> +
> +#Routing rules
> +rt ipv4 dst 172.16.2.5/32 port 1
> +rt ipv4 dst 192.168.105.10/32 port 0
> +"""
> + self.set_cfg('enc.cfg', enc)
> + self.set_cfg('dec.cfg', dec)
> + self.set_cfg('enc_rss.cfg', enc_rss)
> + self.set_cfg('dec_rss.cfg', dec_rss)
> + self.set_cfg('enc_dec.cfg', enc_dec)
> + self.set_cfg('dec_wrong_key.cfg', dec_wrong_key)
> +
> + def set_cfg(self, filename, cfg):
> + """
> + open file and write cfg, scp it to dut /root/dpdk/
> + """
> + with open(filename, 'w') as f:
> + f.write(cfg)
> + self.dut.session.copy_file_to(filename, '/root/dpdk/')
> +
> + def send_encryption_package(self, intface, paysize=64,
> do_encrypt=False, send_spi=5, count=1, mydst='192.168.105.10',
> sa_src='172.16.1.5', sa_dst='172.16.2.5'):
> + """
Please either use abbreviation "intf" or full word "interface".
"mydst" should be "inner_dst" or "data_dst".
> + make a package and send
> + """
> + test = 'test-' * 2000
> + payload = test[0:int(paysize)]
> + sa_gcm = SecurityAssociation(ESP, spi=send_spi,
> + crypt_algo='AES-GCM',
> +
> crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3
> d\xde\xad\xbe\xef',
> + auth_algo='NULL', auth_key=None,
> + tunnel_header=IP(src=sa_src,
> dst=sa_dst))
> + sa_gcm.crypt_algo.icv_size = 16
> +
> + p = IP(src='192.168.105.10', dst=mydst)
> + p /= "|->"
> + p /= payload
> + p /= "<-|"
> + p = IP(str(p))
Why add "|->" and "<-|" in the payload?
> +
> + if do_encrypt == True:
> + print "send encrypt package"
> + e = sa_gcm.encrypt(p)
> + else:
> + print "send normal package"
> + e = p
> +
> + eth_e = Ether() / e
> + eth_e.src = "52:54:00:21:68:1c"
> + eth_e.dst = "52:54:00:16:f6:b0"
Please remove hard-coded mac, should be tester and DUT port's mac address.
> + session_send = self.tester.create_session(
> + name='send_encryption_package')
> + sendp(eth_e, iface=intface, count=count)
> + self.tester.destroy_session(session_send)
> +
> + return payload
> +
> + def Ipsec_Encryption(self, config, file_name, txItf, rxItf,
> paysize=32, jumboframe=1518, do_encrypt=False, verify=True, send_spi=5,
> receive_spi=1005, count=1, mydst='192.168.105.10', sa_src='172.16.1.5',
> sa_dst='172.16.2.5'):
> + """
> + verify Ipsec receive package
> + """
> + cmd = self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --
> log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config='%s' -
> f %s" % (
> + self.portpci_0, self.portpci_1, jumboframe, config, file_name)
> + self.dut.send_expect(cmd, "IPSEC", 60)
> +
> + session_receive = self.tester.create_session(
> + name='receive_encryption_package')
> + sa_gcm = r"sa_gcm=SecurityAssociation(ESP,spi=%s,crypt_algo='AES-
> GCM',crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x
> 4f\x3d\xde\xad\xbe\xef',auth_algo='NULL',auth_key=None,tunnel_header=IP(sr
> c='172.16.1.5',dst='172.16.2.5'))" % receive_spi
> +
> + session_receive.send_expect("scapy", "Welcome to Scapy", 10)
Should wait for ">>>" which is commonly used in scapy related command.
> + session_receive.send_expect(
> + "pkts=sniff(iface='%s',count=1,timeout=10)" % rxItf, "", 30)
> + send_package = self.send_encryption_package(
> + txItf, paysize, do_encrypt, send_spi, count, mydst, sa_src,
> sa_dst)
> +
> + time.sleep(10)
> + out = session_receive.send_expect("pkts", "", 30)
> + if do_encrypt:
> + out = session_receive.send_expect("pkts[0]['IP'] ", ">>>", 10)
> + else:
> + session_receive.send_expect(sa_gcm, ">>>", 10)
> + session_receive.send_expect(
> + "results=sa_gcm.decrypt(pkts[0]['IP'])", ">>>", 10)
> + out = session_receive.send_expect("results", ">>>", 10)
> +
> + if verify:
> + self.verify(send_package in out,
> + "Unreceived package or get other package")
> + else:
> + self.verify(send_package not in out,
> + "The function is not in effect")
> + session_receive.send_expect("quit()", "#", 10)
> + self.tester.destroy_session(session_receive)
> +
> + def test_Ipsec_Encryption(self):
> + """
> + test Ipsec Encryption
> + """
> + config = '(0,0,21),(1,0,21)'
> + paysize = random.randint(1, ETHER_STANDARD_MTU)
> + self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg',
> + self.txItf, self.rxItf, paysize)
> +
> + def test_Ipsec_Encryption_Jumboframe(self):
> + """
> + test Ipsec Encryption Jumboframe
> + """
> + config = '(0,0,21),(1,0,21)'
> + paysize = random.randint(ETHER_STANDARD_MTU,
> ETHER_JUMBO_FRAME_MTU)
> + self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg',
> + self.txItf, self.rxItf, paysize,
> ETHER_JUMBO_FRAME_MTU)
> +
> + def test_Ipsec_Encryption_Rss(self):
> + """
> + test Ipsec Encryption Rss
> + """
> + config = '(0,0,20),(0,1,20),(1,0,21),(1,1,21)'
> + self.Ipsec_Encryption(config, '/root/dpdk/enc_rss.cfg',
> self.txItf,
> + self.rxItf, send_spi=2, receive_spi=1002,
> mydst='192.168.102.10')
> + out = self.dut.get_session_output()
> + verifycode = "receive 1 packet in rxqueueid=1"
> + self.verify(verifycode in out, "rxqueueid error")
> +
> + def test_IPSec_Decryption(self):
> + """
> + test IPSec Decryption
> + """
> + config = '(0,0,21),(1,0,21)'
> + paysize = random.randint(1, ETHER_STANDARD_MTU)
> + self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf,
> + self.txItf, paysize, do_encrypt=True,
> count=2)
> +
> + def test_IPSec_Decryption_Jumboframe(self):
> + """
> + test IPSec Decryption Jumboframe
> + """
> + config = '(0,0,21),(1,0,21)'
> + paysize = random.randint(ETHER_STANDARD_MTU,
> ETHER_JUMBO_FRAME_MTU)
> + self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf,
> + self.txItf, paysize, ETHER_JUMBO_FRAME_MTU,
> do_encrypt=True, count=2)
> +
> + def test_Ipsec_Decryption_Rss(self):
> + """
> + test Ipsec Decryption Rss
> + """
> + config = '(0,0,20),(0,1,20),(1,0,21),(1,1,21)'
> + self.Ipsec_Encryption(config, '/root/dpdk/dec_rss.cfg',
> self.rxItf, self.txItf, do_encrypt=True,
> + send_spi=3, receive_spi=1003, count=2,
> sa_src='172.16.21.25', sa_dst='172.16.22.25')
> + out = self.dut.get_session_output()
> + verifycode = "receive 1 packet in rxqueueid=1"
> + self.verify(verifycode in out, "rxqueueid error")
> +
> + def test_Ipsec_Decryption_wrongkey(self):
> + """
> + test Ipsec Decryption wrongkey
> + """
> + config = '(0,0,21),(1,0,21)'
> + paysize = random.randint(1, ETHER_STANDARD_MTU)
> + self.Ipsec_Encryption(config, '/root/dpdk/dec_wrong_key.cfg',
> self.rxItf,
> + self.txItf, paysize, do_encrypt=True,
> verify=False, count=2)
> + out = self.dut.get_session_output()
> + verifycode = "IPSEC_ESP: failed crypto op"
> + self.verify(verifycode in out, "Ipsec Decryption wrongkey failed")
> +
> + def test_Ipsec_Encryption_Decryption(self):
> + """
> + test Ipsec Encryption Decryption
> + """
> + cmd = self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --
> log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config='%s' -
> f %s" % (
> + self.portpci_0, self.portpci_1, '1518', '(0,0,21),(1,0,21)',
> '/root/dpdk/enc_dec.cfg')
> + self.dut.send_expect(cmd, "IPSEC", 60)
> + session_receive = self.tester.create_session(
> + name='receive_encryption_package')
> + sa_gcm = r"sa_gcm=SecurityAssociation(ESP,
> spi=1005,crypt_algo='AES-
> GCM',crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x
> 4f\x3d\xde\xad\xbe\xef',auth_algo='NULL',
> auth_key=None,tunnel_header=IP(src='172.16.1.5', dst='172.16.2.5'))"
> +
> + session_receive.send_expect("scapy", "Welcome to Scapy", 60)
> + session_receive.send_expect(sa_gcm, ">>>", 60)
> + session_receive.send_expect(
> + "pkts=sniff(iface='%s',count=3)" % self.rxItf, "", 60)
> + session_receive2 = self.tester.create_session(
> + name='receive_encryption_package2')
> +
> + session_receive2.send_expect("scapy", "Welcome to Scapy", 60)
> + session_receive2.send_expect(sa_gcm, ">>>", 60)
> + session_receive2.send_expect(
> + "pkts=sniff(iface='%s',count=2)" % self.txItf, "", 60)
> +
> + payload = "test for Ipsec Encryption Decryption simultaneously"
> + sa_gcm = SecurityAssociation(ESP, spi=5,
> + crypt_algo='AES-GCM',
> +
> crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3
> d\xde\xad\xbe\xef',
> + auth_algo='NULL', auth_key=None,
> + tunnel_header=IP(src='172.16.1.5',
> dst='172.16.2.5'))
> + sa_gcm.crypt_algo.icv_size = 16
> +
> + p = IP(src='192.168.105.10', dst='192.168.105.10')
> + p /= "|->"
> + p /= payload
> + p /= "<-|"
> + p = IP(str(p))
> +
> + e1 = sa_gcm.encrypt(p)
> + e2 = p
> +
> + eth_e1 = Ether() / e1
> + eth_e1.src = "52:54:00:21:68:1c"
> + eth_e1.dst = "52:54:00:16:f6:b0"
> + eth_e2 = Ether() / e2
> + eth_e2.src = "52:54:00:21:68:1c"
> + eth_e2.dst = "52:54:00:16:f6:b0"
> +
> + t1 = threading.Thread(target=sendp(eth_e1, iface=self.rxItf,
> count=2))
> + t1.start()
> + t2 = threading.Thread(target=sendp(eth_e2, iface=self.txItf,
> count=1))
> + t2.start()
We'd like to enable threading support in the framework rather than the suite.
If there is no special need for threading module, please remove it.
> + session_receive.send_expect("^C", ">>>", 60)
> + session_receive2.send_expect("^C", ">>>", 60)
> + session_receive.send_expect(
> + "results=sa_gcm.decrypt(pkts[2]['IP'])", ">>>", 60)
> + out = session_receive.send_expect("results", ">>>", 60)
> + self.verify(payload in out, "Get a error package")
Please clear the error reason, not just an announcement.
> + out = session_receive2.send_expect("pkts[1]", ">>>", 60)
> + self.verify(payload in out, "Get a error package")
> +
> + def tear_down(self):
> + """
> + Run after each test case.
> + """
> + self.tester.send_expect("^C", "#", 5)
> + self.dut.kill_all()
> + time.sleep(2)
> +
> + def tear_down_all(self):
> + """
> + Run after each test suite.
> + """
> + self.rxnetobj.enable_jumbo(framesize=ETHER_STANDARD_MTU)
> + self.txnetobj.enable_jumbo(framesize=ETHER_STANDARD_MTU)
> --
> 1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dts] [PATCH V1] add test suite inline_ipsec
2017-12-29 9:48 ` [dts] [PATCH V1] add test suite inline_ipsec Peng Yuan
@ 2017-12-29 9:55 ` Xu, GangX
0 siblings, 0 replies; 6+ messages in thread
From: Xu, GangX @ 2017-12-29 9:55 UTC (permalink / raw)
To: Peng, Yuan, dts; +Cc: Peng, Yuan
Please Ignore this file
-----Original Message-----
From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of Peng Yuan
Sent: Friday, December 29, 2017 5:48 PM
To: dts@dpdk.org
Cc: Peng, Yuan <yuan.peng@intel.com>
Subject: [dts] [PATCH V1] add test suite inline_ipsec
Signed-off-by: Peng Yuan <yuan.peng@intel.com>
---
tests/TestSuite_inline_ipsec.py | 405 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 405 insertions(+)
create mode 100644 tests/TestSuite_inline_ipsec.py
diff --git a/tests/TestSuite_inline_ipsec.py b/tests/TestSuite_inline_ipsec.py new file mode 100644 index 0000000..ba90caf
--- /dev/null
+++ b/tests/TestSuite_inline_ipsec.py
@@ -0,0 +1,405 @@
+# BSD LICENSE
+#
+# Copyright(c) 2010-2017 Intel Corporation. All rights reserved.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without #
+modification, are permitted provided that the following conditions #
+are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Intel Corporation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS #
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR #
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT #
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, #
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, #
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY #
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE #
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+"""
+DPDK Test suite.
+Test inline_ipsec.
+"""
+
+import utils
+import string
+import time
+import re
+import threading
+from test_case import TestCase
+import getopt
+from scapy.all import *
+
+ETHER_STANDARD_MTU = 1518
+ETHER_JUMBO_FRAME_MTU = 9000
+
+
+class TestInlineIpsec(TestCase):
+
+ def set_up_all(self):
+ """
+ Run at the start of each test suite.
+ """
+ self.verify(self.nic in ["niantic"], "%s NIC not support" % self.nic)
+ self.dut_ports = self.dut.get_ports(self.nic)
+ self.verify(len(self.dut_ports) >= 2, "Insufficient ports")
+ cores = self.dut.get_core_list("1S/4C/1T")
+ self.coremask = utils.create_mask(cores)
+
+ # get test port info
+ self.rxport = self.tester.get_local_port(1)
+ self.txport = self.tester.get_local_port(0)
+ self.rxItf = self.tester.get_interface(self.rxport)
+ self.txItf = self.tester.get_interface(self.txport)
+ # get dut port pci
+ self.portpci_0 = self.dut.get_port_pci(self.dut_ports[0])
+ self.portpci_1 = self.dut.get_port_pci(self.dut_ports[1])
+
+ # enable tester mtu
+ self.rxnetobj = self.tester.ports_info[self.rxport]['port']
+ self.rxnetobj.enable_jumbo(framesize=ETHER_JUMBO_FRAME_MTU + 100)
+ self.txnetobj = self.tester.ports_info[self.txport]['port']
+ self.txnetobj.enable_jumbo(framesize=ETHER_JUMBO_FRAME_MTU +
+ 100)
+
+ self.path = "./examples/ipsec-secgw/build/ipsec-secgw"
+ # add print code in IPSEC app
+ sedcmd = r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, portid);/i\\printf("[debug]receive %hhu packet in rxqueueid=%hhu\\n",nb_rx, queueid);' examples/ipsec-secgw/ipsec-secgw.c"""
+ self.dut.send_expect(sedcmd, "#", 60)
+
+ # build sample app
+ out = self.dut.build_dpdk_apps("./examples/ipsec-secgw")
+ self.verify("Error" not in out, "compilation error 1")
+ self.verify("No such file" not in out, "compilation error 2")
+
+ self.cfg_prepare()
+
+ def set_up(self):
+ """
+ Run before each test case.
+ """
+ pass
+
+ def cfg_prepare(self):
+ """
+ write the inline_ipsec configuration file
+ """
+ enc = """
+#SP IPv4 rules
+sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535
+dport 0:65535
+
+#SA rules
+sa out 1005 aead_algo aes-128-gcm aead_key
+2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type
+inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 1
+"""
+ dec = """
+#SA rules
+sa in 5 aead_algo aes-128-gcm aead_key
+2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type
+inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ enc_rss = """
+#SP IPv4 rules
+sp ipv4 out esp protect 1002 pri 1 dst 192.168.102.0/24 sport 0:65535
+dport 0:65535
+
+sa out 1002 aead_algo aes-128-gcm aead_key
+2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.31.35 dst 172.16.32.35 \ port_id 1 \ type
+inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 172.16.32.35/32 port 1
+"""
+ dec_rss = """
+#SA rules
+sa in 3 aead_algo aes-128-gcm aead_key
+2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.21.25 dst 172.16.22.25 \ port_id 1 \ type
+inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ dec_wrong_key = """
+#SA rules
+sa in 5 aead_algo aes-128-gcm aead_key
+2f:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type
+inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ enc_dec = """
+#SP IPv4 rules
+sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535
+dport 0:65535
+
+#SA rules
+sa out 1005 aead_algo aes-128-gcm aead_key
+2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type
+inline-crypto-offload \
+
+sa in 5 aead_algo aes-128-gcm aead_key
+2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type
+inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 1
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ self.set_cfg('enc.cfg', enc)
+ self.set_cfg('dec.cfg', dec)
+ self.set_cfg('enc_rss.cfg', enc_rss)
+ self.set_cfg('dec_rss.cfg', dec_rss)
+ self.set_cfg('enc_dec.cfg', enc_dec)
+ self.set_cfg('dec_wrong_key.cfg', dec_wrong_key)
+
+ def set_cfg(self, filename, cfg):
+ """
+ open file and write cfg, scp it to dut /root/dpdk/
+ """
+ with open(filename, 'w') as f:
+ f.write(cfg)
+ self.dut.session.copy_file_to(filename, '/root/dpdk/')
+
+ def send_encryption_package(self, intface, paysize=64, do_encrypt=False, send_spi=5, count=1, mydst='192.168.105.10', sa_src='172.16.1.5', sa_dst='172.16.2.5'):
+ """
+ make a package and send
+ """
+ test = 'test-' * 2000
+ payload = test[0:int(paysize)]
+ sa_gcm = SecurityAssociation(ESP, spi=send_spi,
+ crypt_algo='AES-GCM',
+ crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',
+ auth_algo='NULL', auth_key=None,
+ tunnel_header=IP(src=sa_src, dst=sa_dst))
+ sa_gcm.crypt_algo.icv_size = 16
+
+ p = IP(src='192.168.105.10', dst=mydst)
+ p /= "|->"
+ p /= payload
+ p /= "<-|"
+ p = IP(str(p))
+
+ if do_encrypt == True:
+ print "send encrypt package"
+ e = sa_gcm.encrypt(p)
+ else:
+ print "send normal package"
+ e = p
+
+ eth_e = Ether() / e
+ eth_e.src = "52:54:00:21:68:1c"
+ eth_e.dst = "52:54:00:16:f6:b0"
+ session_send = self.tester.create_session(
+ name='send_encryption_package')
+ sendp(eth_e, iface=intface, count=count)
+ self.tester.destroy_session(session_send)
+
+ return payload
+
+ def Ipsec_Encryption(self, config, file_name, txItf, rxItf, paysize=32, jumboframe=1518, do_encrypt=False, verify=True, send_spi=5, receive_spi=1005, count=1, mydst='192.168.105.10', sa_src='172.16.1.5', sa_dst='172.16.2.5'):
+ """
+ verify Ipsec receive package
+ """
+ cmd = self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config='%s' -f %s" % (
+ self.portpci_0, self.portpci_1, jumboframe, config, file_name)
+ self.dut.send_expect(cmd, "IPSEC", 60)
+
+ session_receive = self.tester.create_session(
+ name='receive_encryption_package')
+ sa_gcm =
+ r"sa_gcm=SecurityAssociation(ESP,spi=%s,crypt_algo='AES-GCM',crypt_key
+ ='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde
+ \xad\xbe\xef',auth_algo='NULL',auth_key=None,tunnel_header=IP(src='172
+ .16.1.5',dst='172.16.2.5'))" % receive_spi
+
+ session_receive.send_expect("scapy", "Welcome to Scapy", 10)
+ session_receive.send_expect(
+ "pkts=sniff(iface='%s',count=1,timeout=10)" % rxItf, "", 30)
+ send_package = self.send_encryption_package(
+ txItf, paysize, do_encrypt, send_spi, count, mydst, sa_src,
+ sa_dst)
+
+ time.sleep(10)
+ out = session_receive.send_expect("pkts", "", 30)
+ if do_encrypt:
+ out = session_receive.send_expect("pkts[0]['IP'] ", ">>>", 10)
+ else:
+ session_receive.send_expect(sa_gcm, ">>>", 10)
+ session_receive.send_expect(
+ "results=sa_gcm.decrypt(pkts[0]['IP'])", ">>>", 10)
+ out = session_receive.send_expect("results", ">>>", 10)
+
+ if verify:
+ self.verify(send_package in out,
+ "Unreceived package or get other package")
+ else:
+ self.verify(send_package not in out,
+ "The function is not in effect")
+ session_receive.send_expect("quit()", "#", 10)
+ self.tester.destroy_session(session_receive)
+
+ def test_Ipsec_Encryption(self):
+ """
+ test Ipsec Encryption
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg',
+ self.txItf, self.rxItf, paysize)
+
+ def test_Ipsec_Encryption_Jumboframe(self):
+ """
+ test Ipsec Encryption Jumboframe
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg',
+ self.txItf, self.rxItf, paysize,
+ ETHER_JUMBO_FRAME_MTU)
+
+ def test_Ipsec_Encryption_Rss(self):
+ """
+ test Ipsec Encryption Rss
+ """
+ config = '(0,0,20),(0,1,20),(1,0,21),(1,1,21)'
+ self.Ipsec_Encryption(config, '/root/dpdk/enc_rss.cfg', self.txItf,
+ self.rxItf, send_spi=2, receive_spi=1002, mydst='192.168.102.10')
+ out = self.dut.get_session_output()
+ verifycode = "receive 1 packet in rxqueueid=1"
+ self.verify(verifycode in out, "rxqueueid error")
+
+ def test_IPSec_Decryption(self):
+ """
+ test IPSec Decryption
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf,
+ self.txItf, paysize, do_encrypt=True,
+ count=2)
+
+ def test_IPSec_Decryption_Jumboframe(self):
+ """
+ test IPSec Decryption Jumboframe
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf,
+ self.txItf, paysize,
+ ETHER_JUMBO_FRAME_MTU, do_encrypt=True, count=2)
+
+ def test_Ipsec_Decryption_Rss(self):
+ """
+ test Ipsec Decryption Rss
+ """
+ config = '(0,0,20),(0,1,20),(1,0,21),(1,1,21)'
+ self.Ipsec_Encryption(config, '/root/dpdk/dec_rss.cfg', self.rxItf, self.txItf, do_encrypt=True,
+ send_spi=3, receive_spi=1003, count=2, sa_src='172.16.21.25', sa_dst='172.16.22.25')
+ out = self.dut.get_session_output()
+ verifycode = "receive 1 packet in rxqueueid=1"
+ self.verify(verifycode in out, "rxqueueid error")
+
+ def test_Ipsec_Decryption_wrongkey(self):
+ """
+ test Ipsec Decryption wrongkey
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/dec_wrong_key.cfg', self.rxItf,
+ self.txItf, paysize, do_encrypt=True, verify=False, count=2)
+ out = self.dut.get_session_output()
+ verifycode = "IPSEC_ESP: failed crypto op"
+ self.verify(verifycode in out, "Ipsec Decryption wrongkey
+ failed")
+
+ def test_Ipsec_Encryption_Decryption(self):
+ """
+ test Ipsec Encryption Decryption
+ """
+ cmd = self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config='%s' -f %s" % (
+ self.portpci_0, self.portpci_1, '1518', '(0,0,21),(1,0,21)', '/root/dpdk/enc_dec.cfg')
+ self.dut.send_expect(cmd, "IPSEC", 60)
+ session_receive = self.tester.create_session(
+ name='receive_encryption_package')
+ sa_gcm = r"sa_gcm=SecurityAssociation(ESP, spi=1005,crypt_algo='AES-GCM',crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',auth_algo='NULL', auth_key=None,tunnel_header=IP(src='172.16.1.5', dst='172.16.2.5'))"
+
+ session_receive.send_expect("scapy", "Welcome to Scapy", 60)
+ session_receive.send_expect(sa_gcm, ">>>", 60)
+ session_receive.send_expect(
+ "pkts=sniff(iface='%s',count=3)" % self.rxItf, "", 60)
+ session_receive2 = self.tester.create_session(
+ name='receive_encryption_package2')
+
+ session_receive2.send_expect("scapy", "Welcome to Scapy", 60)
+ session_receive2.send_expect(sa_gcm, ">>>", 60)
+ session_receive2.send_expect(
+ "pkts=sniff(iface='%s',count=2)" % self.txItf, "", 60)
+
+ payload = "test for Ipsec Encryption Decryption simultaneously"
+ sa_gcm = SecurityAssociation(ESP, spi=5,
+ crypt_algo='AES-GCM',
+ crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',
+ auth_algo='NULL', auth_key=None,
+ tunnel_header=IP(src='172.16.1.5', dst='172.16.2.5'))
+ sa_gcm.crypt_algo.icv_size = 16
+
+ p = IP(src='192.168.105.10', dst='192.168.105.10')
+ p /= "|->"
+ p /= payload
+ p /= "<-|"
+ p = IP(str(p))
+
+ e1 = sa_gcm.encrypt(p)
+ e2 = p
+
+ eth_e1 = Ether() / e1
+ eth_e1.src = "52:54:00:21:68:1c"
+ eth_e1.dst = "52:54:00:16:f6:b0"
+ eth_e2 = Ether() / e2
+ eth_e2.src = "52:54:00:21:68:1c"
+ eth_e2.dst = "52:54:00:16:f6:b0"
+
+ t1 = threading.Thread(target=sendp(eth_e1, iface=self.rxItf, count=2))
+ t1.start()
+ t2 = threading.Thread(target=sendp(eth_e2, iface=self.txItf, count=1))
+ t2.start()
+ session_receive.send_expect("^C", ">>>", 60)
+ session_receive2.send_expect("^C", ">>>", 60)
+ session_receive.send_expect(
+ "results=sa_gcm.decrypt(pkts[2]['IP'])", ">>>", 60)
+ out = session_receive.send_expect("results", ">>>", 60)
+ self.verify(payload in out, "Get a error package")
+ out = session_receive2.send_expect("pkts[1]", ">>>", 60)
+ self.verify(payload in out, "Get a error package")
+
+ def tear_down(self):
+ """
+ Run after each test case.
+ """
+ self.tester.send_expect("^C", "#", 5)
+ self.dut.kill_all()
+ time.sleep(2)
+
+ def tear_down_all(self):
+ """
+ Run after each test suite.
+ """
+ self.rxnetobj.enable_jumbo(framesize=ETHER_STANDARD_MTU)
+ self.txnetobj.enable_jumbo(framesize=ETHER_STANDARD_MTU)
--
1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [dts] [PATCH V1] add test suite inline_ipsec
2017-12-29 9:48 Peng Yuan
@ 2017-12-29 9:48 ` Peng Yuan
2017-12-29 9:55 ` Xu, GangX
0 siblings, 1 reply; 6+ messages in thread
From: Peng Yuan @ 2017-12-29 9:48 UTC (permalink / raw)
To: dts; +Cc: Peng Yuan
Signed-off-by: Peng Yuan <yuan.peng@intel.com>
---
tests/TestSuite_inline_ipsec.py | 405 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 405 insertions(+)
create mode 100644 tests/TestSuite_inline_ipsec.py
diff --git a/tests/TestSuite_inline_ipsec.py b/tests/TestSuite_inline_ipsec.py
new file mode 100644
index 0000000..ba90caf
--- /dev/null
+++ b/tests/TestSuite_inline_ipsec.py
@@ -0,0 +1,405 @@
+# BSD LICENSE
+#
+# Copyright(c) 2010-2017 Intel Corporation. All rights reserved.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Intel Corporation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+"""
+DPDK Test suite.
+Test inline_ipsec.
+"""
+
+import utils
+import string
+import time
+import re
+import threading
+from test_case import TestCase
+import getopt
+from scapy.all import *
+
+ETHER_STANDARD_MTU = 1518
+ETHER_JUMBO_FRAME_MTU = 9000
+
+
+class TestInlineIpsec(TestCase):
+
+ def set_up_all(self):
+ """
+ Run at the start of each test suite.
+ """
+ self.verify(self.nic in ["niantic"], "%s NIC not support" % self.nic)
+ self.dut_ports = self.dut.get_ports(self.nic)
+ self.verify(len(self.dut_ports) >= 2, "Insufficient ports")
+ cores = self.dut.get_core_list("1S/4C/1T")
+ self.coremask = utils.create_mask(cores)
+
+ # get test port info
+ self.rxport = self.tester.get_local_port(1)
+ self.txport = self.tester.get_local_port(0)
+ self.rxItf = self.tester.get_interface(self.rxport)
+ self.txItf = self.tester.get_interface(self.txport)
+ # get dut port pci
+ self.portpci_0 = self.dut.get_port_pci(self.dut_ports[0])
+ self.portpci_1 = self.dut.get_port_pci(self.dut_ports[1])
+
+ # enable tester mtu
+ self.rxnetobj = self.tester.ports_info[self.rxport]['port']
+ self.rxnetobj.enable_jumbo(framesize=ETHER_JUMBO_FRAME_MTU + 100)
+ self.txnetobj = self.tester.ports_info[self.txport]['port']
+ self.txnetobj.enable_jumbo(framesize=ETHER_JUMBO_FRAME_MTU + 100)
+
+ self.path = "./examples/ipsec-secgw/build/ipsec-secgw"
+ # add print code in IPSEC app
+ sedcmd = r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, portid);/i\\printf("[debug]receive %hhu packet in rxqueueid=%hhu\\n",nb_rx, queueid);' examples/ipsec-secgw/ipsec-secgw.c"""
+ self.dut.send_expect(sedcmd, "#", 60)
+
+ # build sample app
+ out = self.dut.build_dpdk_apps("./examples/ipsec-secgw")
+ self.verify("Error" not in out, "compilation error 1")
+ self.verify("No such file" not in out, "compilation error 2")
+
+ self.cfg_prepare()
+
+ def set_up(self):
+ """
+ Run before each test case.
+ """
+ pass
+
+ def cfg_prepare(self):
+ """
+ write the inline_ipsec configuration file
+ """
+ enc = """
+#SP IPv4 rules
+sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+
+#SA rules
+sa out 1005 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 1
+"""
+ dec = """
+#SA rules
+sa in 5 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ enc_rss = """
+#SP IPv4 rules
+sp ipv4 out esp protect 1002 pri 1 dst 192.168.102.0/24 sport 0:65535 dport 0:65535
+
+sa out 1002 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.31.35 dst 172.16.32.35 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 172.16.32.35/32 port 1
+"""
+ dec_rss = """
+#SA rules
+sa in 3 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.21.25 dst 172.16.22.25 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ dec_wrong_key = """
+#SA rules
+sa in 5 aead_algo aes-128-gcm aead_key 2f:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ enc_dec = """
+#SP IPv4 rules
+sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+
+#SA rules
+sa out 1005 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+sa in 5 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
+port_id 1 \
+type inline-crypto-offload \
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 1
+rt ipv4 dst 192.168.105.10/32 port 0
+"""
+ self.set_cfg('enc.cfg', enc)
+ self.set_cfg('dec.cfg', dec)
+ self.set_cfg('enc_rss.cfg', enc_rss)
+ self.set_cfg('dec_rss.cfg', dec_rss)
+ self.set_cfg('enc_dec.cfg', enc_dec)
+ self.set_cfg('dec_wrong_key.cfg', dec_wrong_key)
+
+ def set_cfg(self, filename, cfg):
+ """
+ open file and write cfg, scp it to dut /root/dpdk/
+ """
+ with open(filename, 'w') as f:
+ f.write(cfg)
+ self.dut.session.copy_file_to(filename, '/root/dpdk/')
+
+ def send_encryption_package(self, intface, paysize=64, do_encrypt=False, send_spi=5, count=1, mydst='192.168.105.10', sa_src='172.16.1.5', sa_dst='172.16.2.5'):
+ """
+ make a package and send
+ """
+ test = 'test-' * 2000
+ payload = test[0:int(paysize)]
+ sa_gcm = SecurityAssociation(ESP, spi=send_spi,
+ crypt_algo='AES-GCM',
+ crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',
+ auth_algo='NULL', auth_key=None,
+ tunnel_header=IP(src=sa_src, dst=sa_dst))
+ sa_gcm.crypt_algo.icv_size = 16
+
+ p = IP(src='192.168.105.10', dst=mydst)
+ p /= "|->"
+ p /= payload
+ p /= "<-|"
+ p = IP(str(p))
+
+ if do_encrypt == True:
+ print "send encrypt package"
+ e = sa_gcm.encrypt(p)
+ else:
+ print "send normal package"
+ e = p
+
+ eth_e = Ether() / e
+ eth_e.src = "52:54:00:21:68:1c"
+ eth_e.dst = "52:54:00:16:f6:b0"
+ session_send = self.tester.create_session(
+ name='send_encryption_package')
+ sendp(eth_e, iface=intface, count=count)
+ self.tester.destroy_session(session_send)
+
+ return payload
+
+ def Ipsec_Encryption(self, config, file_name, txItf, rxItf, paysize=32, jumboframe=1518, do_encrypt=False, verify=True, send_spi=5, receive_spi=1005, count=1, mydst='192.168.105.10', sa_src='172.16.1.5', sa_dst='172.16.2.5'):
+ """
+ verify Ipsec receive package
+ """
+ cmd = self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config='%s' -f %s" % (
+ self.portpci_0, self.portpci_1, jumboframe, config, file_name)
+ self.dut.send_expect(cmd, "IPSEC", 60)
+
+ session_receive = self.tester.create_session(
+ name='receive_encryption_package')
+ sa_gcm = r"sa_gcm=SecurityAssociation(ESP,spi=%s,crypt_algo='AES-GCM',crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',auth_algo='NULL',auth_key=None,tunnel_header=IP(src='172.16.1.5',dst='172.16.2.5'))" % receive_spi
+
+ session_receive.send_expect("scapy", "Welcome to Scapy", 10)
+ session_receive.send_expect(
+ "pkts=sniff(iface='%s',count=1,timeout=10)" % rxItf, "", 30)
+ send_package = self.send_encryption_package(
+ txItf, paysize, do_encrypt, send_spi, count, mydst, sa_src, sa_dst)
+
+ time.sleep(10)
+ out = session_receive.send_expect("pkts", "", 30)
+ if do_encrypt:
+ out = session_receive.send_expect("pkts[0]['IP'] ", ">>>", 10)
+ else:
+ session_receive.send_expect(sa_gcm, ">>>", 10)
+ session_receive.send_expect(
+ "results=sa_gcm.decrypt(pkts[0]['IP'])", ">>>", 10)
+ out = session_receive.send_expect("results", ">>>", 10)
+
+ if verify:
+ self.verify(send_package in out,
+ "Unreceived package or get other package")
+ else:
+ self.verify(send_package not in out,
+ "The function is not in effect")
+ session_receive.send_expect("quit()", "#", 10)
+ self.tester.destroy_session(session_receive)
+
+ def test_Ipsec_Encryption(self):
+ """
+ test Ipsec Encryption
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg',
+ self.txItf, self.rxItf, paysize)
+
+ def test_Ipsec_Encryption_Jumboframe(self):
+ """
+ test Ipsec Encryption Jumboframe
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg',
+ self.txItf, self.rxItf, paysize, ETHER_JUMBO_FRAME_MTU)
+
+ def test_Ipsec_Encryption_Rss(self):
+ """
+ test Ipsec Encryption Rss
+ """
+ config = '(0,0,20),(0,1,20),(1,0,21),(1,1,21)'
+ self.Ipsec_Encryption(config, '/root/dpdk/enc_rss.cfg', self.txItf,
+ self.rxItf, send_spi=2, receive_spi=1002, mydst='192.168.102.10')
+ out = self.dut.get_session_output()
+ verifycode = "receive 1 packet in rxqueueid=1"
+ self.verify(verifycode in out, "rxqueueid error")
+
+ def test_IPSec_Decryption(self):
+ """
+ test IPSec Decryption
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf,
+ self.txItf, paysize, do_encrypt=True, count=2)
+
+ def test_IPSec_Decryption_Jumboframe(self):
+ """
+ test IPSec Decryption Jumboframe
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf,
+ self.txItf, paysize, ETHER_JUMBO_FRAME_MTU, do_encrypt=True, count=2)
+
+ def test_Ipsec_Decryption_Rss(self):
+ """
+ test Ipsec Decryption Rss
+ """
+ config = '(0,0,20),(0,1,20),(1,0,21),(1,1,21)'
+ self.Ipsec_Encryption(config, '/root/dpdk/dec_rss.cfg', self.rxItf, self.txItf, do_encrypt=True,
+ send_spi=3, receive_spi=1003, count=2, sa_src='172.16.21.25', sa_dst='172.16.22.25')
+ out = self.dut.get_session_output()
+ verifycode = "receive 1 packet in rxqueueid=1"
+ self.verify(verifycode in out, "rxqueueid error")
+
+ def test_Ipsec_Decryption_wrongkey(self):
+ """
+ test Ipsec Decryption wrongkey
+ """
+ config = '(0,0,21),(1,0,21)'
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption(config, '/root/dpdk/dec_wrong_key.cfg', self.rxItf,
+ self.txItf, paysize, do_encrypt=True, verify=False, count=2)
+ out = self.dut.get_session_output()
+ verifycode = "IPSEC_ESP: failed crypto op"
+ self.verify(verifycode in out, "Ipsec Decryption wrongkey failed")
+
+ def test_Ipsec_Encryption_Decryption(self):
+ """
+ test Ipsec Encryption Decryption
+ """
+ cmd = self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config='%s' -f %s" % (
+ self.portpci_0, self.portpci_1, '1518', '(0,0,21),(1,0,21)', '/root/dpdk/enc_dec.cfg')
+ self.dut.send_expect(cmd, "IPSEC", 60)
+ session_receive = self.tester.create_session(
+ name='receive_encryption_package')
+ sa_gcm = r"sa_gcm=SecurityAssociation(ESP, spi=1005,crypt_algo='AES-GCM',crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',auth_algo='NULL', auth_key=None,tunnel_header=IP(src='172.16.1.5', dst='172.16.2.5'))"
+
+ session_receive.send_expect("scapy", "Welcome to Scapy", 60)
+ session_receive.send_expect(sa_gcm, ">>>", 60)
+ session_receive.send_expect(
+ "pkts=sniff(iface='%s',count=3)" % self.rxItf, "", 60)
+ session_receive2 = self.tester.create_session(
+ name='receive_encryption_package2')
+
+ session_receive2.send_expect("scapy", "Welcome to Scapy", 60)
+ session_receive2.send_expect(sa_gcm, ">>>", 60)
+ session_receive2.send_expect(
+ "pkts=sniff(iface='%s',count=2)" % self.txItf, "", 60)
+
+ payload = "test for Ipsec Encryption Decryption simultaneously"
+ sa_gcm = SecurityAssociation(ESP, spi=5,
+ crypt_algo='AES-GCM',
+ crypt_key='\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',
+ auth_algo='NULL', auth_key=None,
+ tunnel_header=IP(src='172.16.1.5', dst='172.16.2.5'))
+ sa_gcm.crypt_algo.icv_size = 16
+
+ p = IP(src='192.168.105.10', dst='192.168.105.10')
+ p /= "|->"
+ p /= payload
+ p /= "<-|"
+ p = IP(str(p))
+
+ e1 = sa_gcm.encrypt(p)
+ e2 = p
+
+ eth_e1 = Ether() / e1
+ eth_e1.src = "52:54:00:21:68:1c"
+ eth_e1.dst = "52:54:00:16:f6:b0"
+ eth_e2 = Ether() / e2
+ eth_e2.src = "52:54:00:21:68:1c"
+ eth_e2.dst = "52:54:00:16:f6:b0"
+
+ t1 = threading.Thread(target=sendp(eth_e1, iface=self.rxItf, count=2))
+ t1.start()
+ t2 = threading.Thread(target=sendp(eth_e2, iface=self.txItf, count=1))
+ t2.start()
+ session_receive.send_expect("^C", ">>>", 60)
+ session_receive2.send_expect("^C", ">>>", 60)
+ session_receive.send_expect(
+ "results=sa_gcm.decrypt(pkts[2]['IP'])", ">>>", 60)
+ out = session_receive.send_expect("results", ">>>", 60)
+ self.verify(payload in out, "Get a error package")
+ out = session_receive2.send_expect("pkts[1]", ">>>", 60)
+ self.verify(payload in out, "Get a error package")
+
+ def tear_down(self):
+ """
+ Run after each test case.
+ """
+ self.tester.send_expect("^C", "#", 5)
+ self.dut.kill_all()
+ time.sleep(2)
+
+ def tear_down_all(self):
+ """
+ Run after each test suite.
+ """
+ self.rxnetobj.enable_jumbo(framesize=ETHER_STANDARD_MTU)
+ self.txnetobj.enable_jumbo(framesize=ETHER_STANDARD_MTU)
--
1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-01-02 8:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-29 10:00 [dts] [PATCH V1] add inline_ipsec test plan xu,gang
2017-12-29 10:00 ` [dts] [PATCH V1] add test suite inline_ipsec xu,gang
2018-01-02 8:16 ` Liu, Yong
2018-01-02 7:46 ` [dts] [PATCH V1] add inline_ipsec test plan Liu, Yong
-- strict thread matches above, loose matches on Subject: below --
2017-12-29 9:48 Peng Yuan
2017-12-29 9:48 ` [dts] [PATCH V1] add test suite inline_ipsec Peng Yuan
2017-12-29 9:55 ` Xu, GangX
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).