From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 39BCFA0679 for ; Fri, 29 Mar 2019 07:41:24 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 01F6B2BF4; Fri, 29 Mar 2019 07:41:24 +0100 (CET) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 98A4B2965 for ; Fri, 29 Mar 2019 07:41:22 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Mar 2019 23:41:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,283,1549958400"; d="scan'208";a="331783502" Received: from purley-s2600stq.sh.intel.com ([10.67.110.242]) by fmsmga006.fm.intel.com with ESMTP; 28 Mar 2019 23:41:20 -0700 From: Xinfeng Zhao To: dts@dpdk.org Cc: Xinfeng Zhao Date: Fri, 29 Mar 2019 04:59:36 +0800 Message-Id: <1553806776-285587-1-git-send-email-xinfengx.zhao@intel.com> X-Mailer: git-send-email 2.7.4 Subject: [dts] [PATCH V1] test_plan: add test plan for cryptodev virtio ipsec test X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dts-bounces@dpdk.org Sender: "dts" Signed-off-by: Xinfeng Zhao --- .../virtio_ipsec_cryptodev_func_test_plan.rst | 178 +++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 test_plans/virtio_ipsec_cryptodev_func_test_plan.rst diff --git a/test_plans/virtio_ipsec_cryptodev_func_test_plan.rst b/test_plans/virtio_ipsec_cryptodev_func_test_plan.rst new file mode 100644 index 0000000..74842ac --- /dev/null +++ b/test_plans/virtio_ipsec_cryptodev_func_test_plan.rst @@ -0,0 +1,178 @@ +.. Copyright (c) <2018-2019> Intel Corporation + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + - Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + - Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + - Neither the name of Intel Corporation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +======================================= +Cryptodev virtio ipsec Application Tests +======================================= + + +Description +=========== + +This document provides the test plan for testing Cryptodev virtio ipsec by +crypto ipsec-secgw application. The crypto virtio ipsec application is a DPDK app +under DPDK app folder. + +Cryptodev virtio ipsec supports AESNI MB PMD, VIRTIO PMD + +AESNI MB PMD algorithm table +The table below contains AESNI MB algorithms which supported in crypto virtio ipsec. +Part of the algorithms are not supported currently. + ++-----------+-------------------+---------------------------------------------------------------------------+ +| Algorithm | Mode | Detail | ++-----------+-------------------+---------------------------------------------------------------------------+ +| aes | cbc | Encrypt/Decrypt;Key size: 128, 192, 256 bits | ++-----------+-------------------+---------------------------------------------------------------------------+ +| sha | | sha1, sha2-224, sha2-384, sha2-256, sha2-512 | ++-----------+-------------------+---------------------------------------------------------------------------+ +| hmac | | Support sha implementations sha1, sha2-224, sha2-256, | +| | | | +| | | sha2-384, sha2-512 | ++-----------+-------------------+---------------------------------------------------------------------------+ + +VIRTIO PMD algorithm table +The table below contains virtio algorithms which supported in crypto virtio ipsec. +Part of the algorithms are not supported currently. + ++-----------+-------------------+---------------------------------------------------------------------------+ +| Algorithm | Mode | Detail | ++-----------+-------------------+---------------------------------------------------------------------------+ +| aes | cbc | Encrypt/Decrypt;Key size: 128, 192, 256 bits | ++-----------+-------------------+---------------------------------------------------------------------------+ +| sha | | sha1, sha2-224, sha2-384, sha2-256, sha2-512 | ++-----------+-------------------+---------------------------------------------------------------------------+ +| hmac | | Support sha implementations sha1, sha2-224, sha2-256, | +| | | | +| | | sha2-384, sha2-512 | ++-----------+-------------------+---------------------------------------------------------------------------+ + +Prerequisites +============= + +qemu version >= 2.12 +in qemu enable vhost-user-crypto: + ./configure --target-list=x86_64-softmmu --enable-vhost-crypto --prefix=/root/qemu-2.12 && make && make install +the bin is in /root/qemu-2.12 folder, which is your specified + +The options of ipsec-secgw is below: + + ./build/ipsec-secgw [EAL options] -- + -p PORTMASK -P -u PORTMASK -j FRAMESIZE + -l -w REPLAY_WINOW_SIZE -e -a + --config (port,queue,lcore)[,(port,queue,lcore] + --single-sa SAIDX + --rxoffload MASK + --txoffload MASK + -f CONFIG_FILE_PATH + +* The "-f /path/to/config_file" option enables the application read and + parse the configuration file specified, and configures the application + with a given set of SP, SA and Routing entries accordingly. + +Test case setup: +================ + +For function test, the DUT forward UDP packets generated by scapy. +After sending single packet from Scapy, crytpoDev function encrypt/decrypt the +payload in packet by using algorithm setting in VM. the packet back to tester. + +Use TCPDump to capture the received packet on tester. Then tester parses the payload +and compare the payload with correct answer pre-stored in scripts: + + +----------+ +----------------------------------+ + | | | +--------+ +--------+ | + | | -------------|-->| VM0 | -----> | | | + | Tester | | +--------+ | VM1 | | + | | <------------|-------------------> | | | + | | | +--------+ | + +----------+ +----------------------------------+ + +In Host: +# Build DPDK and vhost_crypto app + enable CONFIG_RTE_LIBRTE_VHOST in config/common_base + make install -j T=x86_64-native-linuxapp-gcc + make -C examples/vhost_crypto + +# Compile the latest qemu +# Run the dpdk vhost sample + ./examples/vhost_crypto/build/vhost-crypto --socket-mem 2048,0 --legacy-mem -w 1a:01.0 -w 1c:01.0 -w 1e:01.0 --vdev crypto_scheduler_pmd_1,slave=0000:1a:01.0_qat_sym,slave=0000:1c:01.0_qat_sym,slave=0000:1e:01.0_qat_sym,mode=round-robin,ordering=enable -l 8,9,10,11,12 -n 6 -- --config "(9,0,0),(10,0,0),(11,0,0),(12,0,0)" --socket-file 9,/tmp/vm0_crypto0.sock --socket-file=10,/tmp/vm0_crypto1.sock --socket-file=11,/tmp/vm1_crypto0.sock --socket-file=12,/tmp/vm1_crypto1.sock + +# bind vfio-pci + usertools/dpdk-devbind.py --bind=vfio-pci 0000:60:00.0 0000:60:00.1 0000:3b:00.0 0000:3b:00.1 + +# Start VM0 by the qemu + taskset -c 11,12,13,14 /root/qemu-2/bin/qemu-system-x86_64 -name vm0 -enable-kvm -pidfile /tmp/.vm0.pid + -daemonize -monitor unix:/tmp/vm0_monitor.sock,server,nowait + -net nic,vlan=0,macaddr=00:00:00:42:65:aa,model=e1000,addr=1f -net user,vlan=0,hostfwd=tcp:10.67.111.126:6000-:22 + -cpu host -smp 4 -m 5120 -object memory-backend-file,id=mem,size=5120M,mem-path=/mnt/huge,share=on -numa node,memdev=mem -mem-prealloc + -chardev socket,path=/tmp/vm0_qga0.sock,server,nowait,id=vm0_qga0 -device virtio-serial -device virtserialport,chardev=vm0_qga0,name=org.qemu.guest_agent.0 + -vnc :1 + -chardev socket,path=/tmp/vm0_crypto0.sock,id=vm0_crypto0 -object cryptodev-vhost-user,id=cryptodev0,chardev=vm0_crypto0 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 + -chardev socket,path=/tmp/vm0_crypto1.sock,id=vm0_crypto1 -object cryptodev-vhost-user,id=cryptodev1,chardev=vm0_crypto1 -device virtio-crypto-pci,id=crypto1,cryptodev=cryptodev1 + -drive file=/root/VMs/virtio_crypto_test_710_1.img + -device vfio-pci,host=0000:3b:00.0,id=pt_0 + -device vfio-pci,host=0000:3b:00.1,id=pt_1 + +# Start VM1 by the qemu + taskset -c 15,16,17,18 /root/qemu-2/bin/qemu-system-x86_64 -name vm1 -enable-kvm -pidfile /tmp/.vm1.pid + -daemonize -monitor unix:/tmp/vm1_monitor.sock,server,nowait + -net nic,vlan=0,macaddr=00:00:00:db:2e:f9,model=e1000,addr=1f -net user,vlan=0,hostfwd=tcp:10.67.111.126:6001-:22 + -cpu host -smp 4 -m 5120 -object memory-backend-file,id=mem,size=5120M,mem-path=/mnt/huge,share=on -numa node,memdev=mem -mem-prealloc + -chardev socket,path=/tmp/vm1_qga0.sock,server,nowait,id=vm1_qga0 -device virtio-serial -device virtserialport,chardev=vm1_qga0,name=org.qemu.guest_agent.0 + -vnc :2 + -chardev socket,path=/tmp/vm1_crypto0.sock,id=vm1_crypto0 -object cryptodev-vhost-user,id=cryptodev0,chardev=vm1_crypto0 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 + -chardev socket,path=/tmp/vm1_crypto1.sock,id=vm1_crypto1 -object cryptodev-vhost-user,id=cryptodev1,chardev=vm1_crypto1 -device virtio-crypto-pci,id=crypto1,cryptodev=cryptodev1 + -drive file=/root/VMs/virtio_crypto_test_710_2.img + -device vfio-pci,host=0000:60:00.0,id=pt_0 + -device vfio-pci,host=0000:60:00.1,id=pt_1 + +In VM +# set virtio device + modprobe uio_pci_generic + echo -n 0000:00:04.0 > /sys/bus/pci/drivers/virtio-pci/unbind + echo -n 0000:00:05.0 > /sys/bus/pci/drivers/virtio-pci/unbind + echo "1af4 1054" > /sys/bus/pci/drivers/uio_pci_generic/new_id + +# Run the ipsec test cases cmd + + 1. AESNI_MB case Command line Eg: + In vm0: + ./examples/ipsec-secgw/build/ipsec-secgw --socket-mem 1024,0 -w 0000:00:06.0 -w 0000:00:07.0 --vdev crypto_aesni_mb_pmd_1 --vdev crypto_aesni_mb_pmd_2 -l 1,2,3 -n 4 -- -P --config "(0,0,2),(1,0,3)" -u 0x1 -p 0x3 -f /root/ipsec_test0.cfg + In vm1: + ./examples/ipsec-secgw/build/ipsec-secgw --socket-mem 1024,0 -w 0000:00:06.0 -w 0000:00:07.0 --vdev crypto_aesni_mb_pmd_1 --vdev crypto_aesni_mb_pmd_2 -l 1,2,3 -n 4 -- -P --config "(0,0,2),(1,0,3)" -u 0x1 -p 0x3 -f /root/ipsec_test1.cfg + + 2. VIRTIO case Command line Eg: + In vm0: + ./examples/ipsec-secgw/build/ipsec-secgw --socket-mem 1024,0 -w 0000:00:06.0 -w 0000:00:07.0 -w 00:04.0 -w 00:05.0 -l 1,2,3 -n 4 -- -P --config "(0,0,2),(1,0,3)" -u 0x1 -p 0x3 -f /root/ipsec_test0.cfg + In vm1: + ./examples/ipsec-secgw/build/ipsec-secgw --socket-mem 1024,0 -w 0000:00:06.0 -w 0000:00:07.0 -w 00:04.0 -w 00:05.0 -l 1,2,3 -n 4 -- -P --config "(0,0,2),(1,0,3)" -u 0x1 -p 0x3 -f /root/ipsec_test1.cfg -- 2.7.4