From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by dpdk.org (Postfix) with ESMTP id E4D9E7CB0 for ; Wed, 13 Feb 2019 01:47:33 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Feb 2019 16:47:32 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,364,1544515200"; d="scan'208";a="142937782" Received: from unknown (HELO localhost.localdomain.sh.intel.com) ([10.240.176.135]) by fmsmga002.fm.intel.com with ESMTP; 12 Feb 2019 16:47:31 -0800 From: Xinfeng Zhao To: dts@dpdk.org Cc: Xinfeng Zhao Date: Wed, 13 Feb 2019 08:51:21 +0800 Message-Id: <1550019081-3179-1-git-send-email-xinfengx.zhao@intel.com> X-Mailer: git-send-email 1.9.3 Subject: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2019 00:47:34 -0000 add tests/TestSuite_ipsec_gw_cryptodev_func.py add conf/ipsec_test.cfg Signed-off-by: Xinfeng Zhao --- conf/ipsec_test.cfg | 253 +++++++++++ tests/TestSuite_ipsec_gw_cryptodev_func.py | 652 +++++++++++++++++++++++++++++ 2 files changed, 905 insertions(+) create mode 100644 conf/ipsec_test.cfg create mode 100644 tests/TestSuite_ipsec_gw_cryptodev_func.py diff --git a/conf/ipsec_test.cfg b/conf/ipsec_test.cfg new file mode 100644 index 0000000..ea8a55d --- /dev/null +++ b/conf/ipsec_test.cfg @@ -0,0 +1,253 @@ +########################################################################### +# IPSEC-SECGW Endpoint sample configuration +# +# The main purpose of this file is to show how to configure two systems +# back-to-back that would forward traffic through an IPsec tunnel. This +# file is the Endpoint 0 configuration. To use this configuration file, +# add the following command-line option: +# +# -f ./ep0.cfg +# +########################################################################### + +#SP IPv4 rules +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 30 pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 45 pri 1 dst 192.168.125.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 46 pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535 + +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 135 pri 1 dst 192.168.35.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 136 pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535 + +#SP IPv6 rules +sp ipv6 out esp protect 5 pri 1 dst 0000:1111:1111:1111:5555:5555:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 6 pri 1 dst 0000:1111:1111:1111:6666:6666:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 10 pri 1 dst 0000:1111:1111:1111:0000:0000:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 11 pri 1 dst 0000:1111:1111:1111:1111:1111:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 25 pri 1 dst 0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 26 pri 1 dst 0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 30 pri 1 dst 0000:1111:1111:1111:9999:9999:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 31 pri 1 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 35 pri 1 dst 0000:1111:1111:1111:7777:7777:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 36 pri 1 dst 0000:1111:1111:1111:8888:8888:0000:0000/96 \ +sport 0:65535 dport 0:65535 + +sp ipv6 out esp protect 15 pri 1 dst ffff:1111:1111:1111:5555:5555:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 16 pri 1 dst ffff:1111:1111:1111:6666:6666:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 110 pri 1 dst ffff:1111:1111:1111:0000:0000:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 111 pri 1 dst ffff:1111:1111:1111:1111:1111:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 125 pri 1 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 126 pri 1 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 130 pri 1 dst ffff:1111:1111:1111:9999:9999:0000:0000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 131 pri 1 dst ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ +sport 0:65535 dport 0:65535 + +#SA rules +sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 + +sa out 6 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 + +sa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport + +sa out 11 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode transport + +sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.5 \ +dst 172.16.2.5 + +sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \ +src 4444:4444:4444:4444:4444:4444:4444:1111 \ +dst 5555:5555:5555:5555:5555:5555:5555:2222 + +sa out 25 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ +src 1111:1111:1111:1111:1111:1111:1111:5555 \ +dst 2222:2222:2222:2222:2222:2222:2222:5555 + +sa out 26 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode ipv6-tunnel \ +src 1111:1111:1111:1111:1111:1111:1111:6666 \ +dst 2222:2222:2222:2222:2222:2222:2222:6666 + +sa out 30 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \ +auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ +src 7777:7777:7777:7777:7777:7777:7777:1111 \ +dst 8888:8888:8888:8888:8888:8888:8888:2222 + +sa out 31 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode transport + +sa out 35 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 + +sa out 36 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \ +auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport + +sa out 45 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 + +sa out 46 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode ipv6-tunnel \ +src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \ +dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 + +sa in 105 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5 + +sa in 106 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6 + +sa in 110 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport + +sa in 111 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode transport + +sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.5 \ +dst 172.16.1.5 + +sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \ +src 5555:5555:5555:5555:5555:5555:5555:2222 \ +dst 4444:4444:4444:4444:4444:4444:4444:1111 + +sa in 125 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ +src 2222:2222:2222:2222:2222:2222:2222:5555 \ +dst 1111:1111:1111:1111:1111:1111:1111:5555 + +sa in 126 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode ipv6-tunnel \ +src 2222:2222:2222:2222:2222:2222:2222:6666 \ +dst 1111:1111:1111:1111:1111:1111:1111:6666 + +sa in 130 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \ +auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ +src 8888:8888:8888:8888:8888:8888:8888:2222 \ +dst 7777:7777:7777:7777:7777:7777:7777:1111 + +sa in 131 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode transport + +sa in 135 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5 + +sa in 136 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \ +auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport + +sa in 145 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6 + +sa in 146 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ +mode ipv6-tunnel \ +src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \ +dst aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 + + +#Routing rules +rt ipv4 dst 172.16.2.5/32 port 0 +rt ipv4 dst 172.16.2.6/32 port 0 +rt ipv4 dst 192.168.175.0/24 port 0 +rt ipv4 dst 192.168.176.0/24 port 0 +rt ipv4 dst 192.168.240.0/24 port 0 +rt ipv4 dst 192.168.241.0/24 port 0 +rt ipv4 dst 192.168.115.0/24 port 0 +rt ipv4 dst 192.168.116.0/24 port 0 +rt ipv4 dst 192.168.65.0/24 port 0 +rt ipv4 dst 192.168.66.0/24 port 0 +rt ipv4 dst 192.168.185.0/24 port 0 +rt ipv4 dst 192.168.186.0/24 port 0 +rt ipv4 dst 192.168.210.0/24 port 0 +rt ipv4 dst 192.168.211.0/24 port 0 +rt ipv4 dst 192.168.245.0/24 port 0 +rt ipv4 dst 192.168.246.0/24 port 0 +rt ipv4 dst 192.168.26.0/24 port 0 +rt ipv4 dst 192.168.76.0/24 port 0 +rt ipv4 dst 192.168.35.0/24 port 0 +rt ipv4 dst 192.168.85.0/24 port 0 +rt ipv4 dst 192.168.86.0/24 port 0 +rt ipv4 dst 192.168.135.0/24 port 0 +rt ipv4 dst 192.168.136.0/24 port 0 + +rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0 +rt ipv6 dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0 +rt ipv6 dst 5555:5555:5555:5555:5555:5555:5555:2222/116 port 0 +rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:5555/116 port 0 +rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:6666/116 port 0 +rt ipv6 dst 0000:1111:1111:1111:8888:8888:0000:1111/116 port 0 +rt ipv6 dst 0000:1111:1111:1111:9999:9999:0000:0000/116 port 0 +rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:1111/116 port 0 +rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:1111/116 port 0 +rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:0000/116 port 0 +rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:0000/116 port 0 +rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0 +rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0 + +rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0 +rt ipv6 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0 +rt ipv6 dst ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0 +rt ipv6 dst ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0 +rt ipv6 dst ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0 +rt ipv6 dst ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0 diff --git a/tests/TestSuite_ipsec_gw_cryptodev_func.py b/tests/TestSuite_ipsec_gw_cryptodev_func.py new file mode 100644 index 0000000..dc49577 --- /dev/null +++ b/tests/TestSuite_ipsec_gw_cryptodev_func.py @@ -0,0 +1,652 @@ +# BSD LICENSE +# +# Copyright(c) 2016-2017 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import hmac +import hashlib +import binascii +import time +import utils +from test_case import TestCase +from packet import Packet, save_packets + +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from cryptography.hazmat.primitives.ciphers.aead import AESCCM, AESGCM +from cryptography.hazmat.backends import default_backend + +import cryptodev_common as cc + +class TestIPsecGW(TestCase): + + def set_up_all(self): + + self.core_config = "1S/2C/1T" + self.number_of_ports = 1 + self.dut_ports = self.dut.get_ports(self.nic) + self.verify(len(self.dut_ports) >= self.number_of_ports, + "Not enough ports for " + self.nic) + self.ports_socket = self.dut.get_numa_id(self.dut_ports[0]) + + self.logger.info("core config = " + self.core_config) + self.logger.info("number of ports = " + str(self.number_of_ports)) + self.logger.info("dut ports = " + str(self.dut_ports)) + self.logger.info("ports_socket = " + str(self.ports_socket)) + + # Generally, testbed should has 4 ports NIC, like, + # 03:00.0 03:00.1 03:00.2 03:00.3 + # This test case will + # - physical link is 03:00.0 <-> 03:00.1 and 03:00.2 <-> 03:00.3 + # - bind 03:00.0 and 03:00.2 to ipsec-secgw app + # - send test packet from 03:00.3 + # - receive packet which forwarded by ipsec-secgw from 03:00.0 + # - configure port and peer in dts port.cfg + self.tx_port = self.tester.get_local_port(self.dut_ports[1]) + self.rx_port = self.tester.get_local_port(self.dut_ports[0]) + + self.tx_interface = self.tester.get_interface(self.tx_port) + self.rx_interface = self.tester.get_interface(self.rx_port) + + self.logger.info("tx interface = " + self.tx_interface) + self.logger.info("rx interface = " + self.rx_interface) + + self._app_path = "./examples/ipsec-secgw/build/ipsec-secgw" + if not cc.is_build_skip(self): + cc.build_dpdk_with_cryptodev(self) + self.vf_driver = self.get_suite_cfg()['vf_driver'] + cc.bind_qat_device(self, self.vf_driver) + + self._default_ipsec_gw_opts = { + "config": None, + "P": "", + "p": "0x3", + "f": "local_conf/ipsec_test.cfg", + "u": "0x1" + } + + self._pcap_idx = 0 + self.pcap_filename = '' + + def set_up(self): + pass + + def tear_down(self): + self.dut.kill_all() + + def tear_down_all(self): + cc.clear_dpdk_config(self) + + def test_qat_aes_128_cbc_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_cbc_ipv4_tunnel") + self.pcap_filename = "test_qat_aes_128_cbc_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_256_cbc_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_256_cbc_ipv4_tunnel") + self.pcap_filename = "test_qat_aes_256_cbc_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_gcm_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_gcm_ipv4_tunnel") + self.pcap_filename = "test_qat_aes_gcm_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_ctr_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_ctr_ipv4_tunnel") + self.pcap_filename = "test_qat_aes_128_ctr_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_ctr_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_ctr_ipv6_tunnel") + self.pcap_filename = "test_qat_aes_128_ctr_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_ctr_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_ctr_ipv4_transport") + self.pcap_filename = "test_qat_aes_128_ctr_ipv4_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_ctr_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_ctr_ipv6_transport") + self.pcap_filename = "test_qat_aes_128_ctr_ipv6_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_null_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_null_ipv4_tunnel") + self.pcap_filename = "test_qat_null_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_128_cbc_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_cbc_ipv4_transport") + self.pcap_filename = "test_qat_aes_128_cbc_ipv4_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_256_cbc_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_256_cbc_ipv4_transport") + self.pcap_filename = "test_qat_aes_256_cbc_ipv4_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_gcm_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_gcm_ipv4_transport") + self.pcap_filename = "test_qat_aes_gcm_ipv4_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_cbc_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_cbc_ipv6_tunnel") + self.pcap_filename = "test_qat_aes_128_cbc_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_256_cbc_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_256_cbc_ipv6_tunnel") + self.pcap_filename = "test_qat_aes_256_cbc_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_gcm_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_gcm_ipv6_tunnel") + self.pcap_filename = "test_qat_aes_gcm_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_null_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_null_ipv6_tunnel") + self.pcap_filename = "test_qat_null_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_128_cbc_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_cbc_ipv6_transport") + self.pcap_filename = "test_qat_aes_128_cbc_ipv6_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_256_cbc_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_256_cbc_ipv6_transport") + self.pcap_filename = "test_qat_aes_256_cbc_ipv6_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_gcm_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_gcm_ipv6_transport") + self.pcap_filename = "test_qat_aes_gcm_ipv6_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_cbc_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_cbc_ipv4_tunnel") + self.pcap_filename = "test_sw_aes_128_cbc_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_256_cbc_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_256_cbc_ipv4_tunnel") + self.pcap_filename = "test_sw_aes_256_cbc_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_gcm_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_gcm_ipv4_tunnel") + self.pcap_filename = "test_sw_aes_gcm_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_null_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_null_ipv4_tunnel") + self.pcap_filename = "test_sw_null_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_128_cbc_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_cbc_ipv4_transport") + self.pcap_filename = "test_sw_aes_128_cbc_ipv4_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_256_cbc_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_256_cbc_ipv4_transport") + self.pcap_filename = "test_sw_aes_256_cbc_ipv4_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_gcm_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_gcm_ipv4_transport") + self.pcap_filename = "test_sw_aes_gcm_ipv4_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_cbc_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_cbc_ipv6_tunnel") + self.pcap_filename = "test_sw_aes_128_cbc_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_256_cbc_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_256_cbc_ipv6_tunnel") + self.pcap_filename = "test_sw_aes_256_cbc_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_gcm_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_gcm_ipv6_tunnel") + self.pcap_filename = "test_sw_aes_gcm_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_null_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_null_ipv6_tunnel") + self.pcap_filename = "test_sw_null_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_128_cbc_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_cbc_ipv6_transport") + self.pcap_filename = "test_sw_aes_128_cbc_ipv6_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_256_cbc_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_256_cbc_ipv6_transport") + self.pcap_filename = "test_sw_aes_256_cbc_ipv6_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_gcm_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_gcm_ipv6_transport") + self.pcap_filename = "test_sw_aes_gcm_ipv6_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_ctr_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_ctr_ipv4_tunnel") + self.pcap_filename = "test_sw_aes_128_ctr_ipv4_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_ctr_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_ctr_ipv6_tunnel") + self.pcap_filename = "test_sw_aes_128_ctr_ipv6_tunnel" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_ctr_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_ctr_ipv4_transport") + self.pcap_filename = "test_sw_aes_128_ctr_ipv4_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_ctr_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_ctr_ipv6_transport") + self.pcap_filename = "test_sw_aes_128_ctr_ipv6_transport" + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def _get_ipsec_gw_opt_str(self, override_ipsec_gw_opts={}): + return cc.get_opt_str(self, self._default_ipsec_gw_opts, + override_ipsec_gw_opts) + + def _execute_ipsec_gw_test(self, ipsec_gw_opt_str): + result = True + eal_opt_str = cc.get_eal_opt_str(self) + + cmd_str = cc.get_dpdk_app_cmd_str(self._app_path, eal_opt_str, ipsec_gw_opt_str) + self.logger.info("IPsec-gw cmd: " + cmd_str) + self.dut.send_expect(cmd_str, "IPSEC:", 30) + time.sleep(3) + inst = self.tester.tcpdump_sniff_packets(self.rx_interface, timeout=25) + + PACKET_COUNT = 65 + payload = 256 * ['11'] + + case_cfgs = self.get_case_cfg() + dst_ip = case_cfgs["dst_ip"] + src_ip = case_cfgs["src_ip"] + expected_dst_ip = case_cfgs["expected_dst_ip"] + expected_src_ip = case_cfgs["expected_src_ip"] + expected_spi = case_cfgs["expected_spi"] + expected_length = case_cfgs["expected_length"] + #expected_data = case_cfgs["expected_data"] + + pkt = Packet() + if len(dst_ip)<=15: + pkt.assign_layers(["ether", "ipv4", "udp", "raw"]) + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": "52:00:00:00:00:01"}) + pkt.config_layer("ipv4", {"src": src_ip, "dst": dst_ip}) + else: + pkt.assign_layers(["ether", "ipv6", "udp", "raw"]) + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": "52:00:00:00:00:01"}) + pkt.config_layer("ipv6", {"src": src_ip, "dst": dst_ip}) + pkt.config_layer("udp", {"dst": 0}) + pkt.config_layer("raw", {"payload": payload}) + pkt.send_pkt(tx_port=self.tx_interface, count=PACKET_COUNT) + + pkt_rec = self.tester.load_tcpdump_sniff_packets(inst) + + pcap_filename = "output/{0}.pcap".format(self.pcap_filename) + self.logger.info("Save pkts to {0}".format(pcap_filename)) + save_packets(pkt_rec, pcap_filename) + self._pcap_idx = self._pcap_idx + 1 + + if len(pkt_rec) == 0: + self.logger.error("IPsec forwarding failed") + result = False + + for pkt_r in pkt_rec: + pkt_src_ip = pkt_r.pktgen.strip_layer3("src") + if pkt_src_ip != expected_src_ip: + pkt_r.pktgen.pkt.show() + self.logger.error("SRC IP does not match. Pkt:{0}, Expected:{1}".format( + pkt_src_ip, expected_src_ip)) + result = False + break + + pkt_dst_ip = pkt_r.pktgen.strip_layer3("dst") + self.logger.debug(pkt_dst_ip) + if pkt_dst_ip != expected_dst_ip: + pkt_r.pktgen.pkt.show() + self.logger.error("DST IP does not match. Pkt:{0}, Expected:{1}".format( + pkt_dst_ip, expected_dst_ip)) + result = False + break + + packet_hex = pkt_r.pktgen.pkt["ESP"].getfieldval("data") + if packet_hex is None: + self.logger.error("NO Payload !") + result = False + break + payload_str = binascii.b2a_hex(packet_hex) + self.logger.debug(payload_str) + + pkt_spi = hex(pkt_r.pktgen.pkt["ESP"].getfieldval("spi")) + self.logger.debug(pkt_spi) + if pkt_spi != expected_spi: + self.logger.error("SPI does not match. Pkt:{0}, Expected:{1}".format( + pkt_spi, expected_spi)) + result = False + break + + pkt_len = len(payload_str)/2 + self.logger.debug(pkt_len) + if pkt_len != int(expected_length): + self.logger.error("Packet length does not match. Pkt:{0}, Expected:{1}".format( + pkt_len, expected_length)) + result = False + break + + self.dut.kill_all() + return result -- 2.7.4