From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 8FE3A5F2A for ; Wed, 13 Feb 2019 07:02:38 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Feb 2019 22:02:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,364,1544515200"; d="scan'208";a="274649902" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga004.jf.intel.com with ESMTP; 12 Feb 2019 22:02:37 -0800 Received: from fmsmsx161.amr.corp.intel.com (10.18.125.9) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 12 Feb 2019 22:02:37 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX161.amr.corp.intel.com (10.18.125.9) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 12 Feb 2019 22:02:36 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.207]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.194]) with mapi id 14.03.0415.000; Wed, 13 Feb 2019 14:02:34 +0800 From: "Zhao, XinfengX" To: "dts@dpdk.org" Thread-Topic: [dts][PATCH V1] tests: add the cryptodev ipsec-gw test and config Thread-Index: AQHUwzW3eVtvtTb4n0+LSz74OhP3L6XdPPiA Date: Wed, 13 Feb 2019 06:02:33 +0000 Message-ID: <44051B25D8C8784BB77FFB604D6A70CA12027B91@shsmsx102.ccr.corp.intel.com> References: <1550019081-3179-1-git-send-email-xinfengx.zhao@intel.com> In-Reply-To: <1550019081-3179-1-git-send-email-xinfengx.zhao@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2019 06:02:39 -0000 Tested-by : Xinfeng Zhao -----Original Message----- From: Zhao, XinfengX=20 Sent: Wednesday, February 13, 2019 8:51 AM To: dts@dpdk.org Cc: Zhao, XinfengX Subject: [dts][PATCH V1] tests: add the cryptodev ipsec-gw test and config add tests/TestSuite_ipsec_gw_cryptodev_func.py add conf/ipsec_test.cfg Signed-off-by: Xinfeng Zhao --- conf/ipsec_test.cfg | 253 +++++++++++ tests/TestSuite_ipsec_gw_cryptodev_func.py | 652 +++++++++++++++++++++++++= ++++ 2 files changed, 905 insertions(+) create mode 100644 conf/ipsec_test.cfg create mode 100644 tests/TestSuite_ipsec_gw_cryptodev_func.py diff --git a/conf/ipsec_test.cfg b/conf/ipsec_test.cfg new file mode 100644= index 0000000..ea8a55d --- /dev/null +++ b/conf/ipsec_test.cfg @@ -0,0 +1,253 @@ +##########################################################################= # +# IPSEC-SECGW Endpoint sample configuration +# +# The main purpose of this file is to show how to configure two systems +# back-to-back that would forward traffic through an IPsec tunnel. This +# file is the Endpoint 0 configuration. To use this configuration file, +# add the following command-line option: +# +# -f ./ep0.cfg +# +####################################################################### +#### + +#SP IPv4 rules +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535=20 +dport 0:65535 sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24=20 +sport 0:65535 dport 0:65535 sp ipv4 out esp protect 10 pri 1 dst=20 +192.168.175.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 11=20 +pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp=20 +protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 sp=20 +ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport=20 +0:65535 sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport=20 +0:65535 dport 0:65535 sp ipv4 out esp protect 26 pri 1 dst=20 +192.168.56.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 30=20 +pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp=20 +protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535 sp=20 +ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport=20 +0:65535 sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport=20 +0:65535 dport 0:65535 sp ipv4 out esp protect 45 pri 1 dst=20 +192.168.125.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 46=20 +pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp=20 +bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 sp ipv4=20 +out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535 + +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535=20 +dport 0:65535 sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24=20 +sport 0:65535 dport 0:65535 sp ipv4 in esp protect 110 pri 1 dst=20 +192.168.185.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 111=20 +pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp=20 +protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 sp=20 +ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport=20 +0:65535 sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport=20 +0:65535 dport 0:65535 sp ipv4 in esp protect 125 pri 1 dst=20 +192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 125=20 +pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp=20 +protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 sp=20 +ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport=20 +0:65535 sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport=20 +0:65535 dport 0:65535 sp ipv4 in esp protect 135 pri 1 dst=20 +192.168.35.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 136=20 +pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp=20 +protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535 sp=20 +ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport=20 +0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535=20 +dport 0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport=20 +0:65535 dport 0:65535 + +#SP IPv6 rules +sp ipv6 out esp protect 5 pri 1 dst=20 +0000:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 6 pri 1 dst=20 +0000:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 10 pri 1 dst=20 +0000:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 11 pri 1 dst=20 +0000:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 25 pri 1 dst=20 +0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 26 pri 1 dst=20 +0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 30 pri 1 dst=20 +0000:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 31 pri 1 dst=20 +0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 35 pri 1 dst=20 +0000:1111:1111:1111:7777:7777:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 36 pri 1 dst=20 +0000:1111:1111:1111:8888:8888:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 + +sp ipv6 out esp protect 15 pri 1 dst=20 +ffff:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 in esp protect 16 pri 1 dst=20 +ffff:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 in esp protect 110 pri 1 dst=20 +ffff:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 in esp protect 111 pri 1 dst=20 +ffff:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 in esp protect 125 pri 1 dst=20 +ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 in esp protect 126 pri 1 dst=20 +ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 130 pri 1 dst=20 +ffff:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 sp ipv6 out esp protect 131 pri 1 dst=20 +ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport=20 +0:65535 + +#SA rules +sa out 5 cipher_algo aes-128-cbc cipher_key=20 +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key=20 +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src=20 +172.16.1.5 dst 172.16.2.5 + +sa out 6 aead_algo aes-128-gcm aead_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 + +sa out 10 cipher_algo aes-128-cbc cipher_key=20 +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key=20 +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport + +sa out 11 aead_algo aes-128-gcm aead_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +transport + +sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src=20 +172.16.1.5 \ dst 172.16.2.5 + +sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \ src=20 +4444:4444:4444:4444:4444:4444:4444:1111 \ dst=20 +5555:5555:5555:5555:5555:5555:5555:2222 + +sa out 25 cipher_algo aes-128-cbc cipher_key=20 +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key=20 +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src=20 +1111:1111:1111:1111:1111:1111:1111:5555 \ dst=20 +2222:2222:2222:2222:2222:2222:2222:5555 + +sa out 26 aead_algo aes-128-gcm aead_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +ipv6-tunnel \ src 1111:1111:1111:1111:1111:1111:1111:6666 \ dst=20 +2222:2222:2222:2222:2222:2222:2222:6666 + +sa out 30 cipher_algo aes-256-cbc cipher_key=20 +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key=20 +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src=20 +7777:7777:7777:7777:7777:7777:7777:1111 \ dst=20 +8888:8888:8888:8888:8888:8888:8888:2222 + +sa out 31 cipher_algo aes-128-ctr cipher_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo=20 +sha1-hmac auth_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode=20 +transport + +sa out 35 cipher_algo aes-256-cbc cipher_key=20 +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \=20 +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \=20 +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 + +sa out 36 cipher_algo aes-256-cbc cipher_key=20 +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac=20 +auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport + +sa out 45 cipher_algo aes-128-ctr cipher_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo=20 +sha1-hmac auth_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 + +sa out 46 cipher_algo aes-128-ctr cipher_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo=20 +sha1-hmac auth_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode=20 +ipv6-tunnel \ src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \ dst=20 +bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 + +sa in 105 cipher_algo aes-128-cbc cipher_key=20 +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key=20 +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src=20 +172.16.2.5 dst 172.16.1.5 + +sa in 106 aead_algo aes-128-gcm aead_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6 + +sa in 110 cipher_algo aes-128-cbc cipher_key=20 +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key=20 +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport + +sa in 111 aead_algo aes-128-gcm aead_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +transport + +sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src=20 +172.16.2.5 \ dst 172.16.1.5 + +sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \ src=20 +5555:5555:5555:5555:5555:5555:5555:2222 \ dst=20 +4444:4444:4444:4444:4444:4444:4444:1111 + +sa in 125 cipher_algo aes-128-cbc cipher_key=20 +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key=20 +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src=20 +2222:2222:2222:2222:2222:2222:2222:5555 \ dst=20 +1111:1111:1111:1111:1111:1111:1111:5555 + +sa in 126 aead_algo aes-128-gcm aead_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +ipv6-tunnel \ src 2222:2222:2222:2222:2222:2222:2222:6666 \ dst=20 +1111:1111:1111:1111:1111:1111:1111:6666 + +sa in 130 cipher_algo aes-256-cbc cipher_key=20 +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key=20 +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src=20 +8888:8888:8888:8888:8888:8888:8888:2222 \ dst=20 +7777:7777:7777:7777:7777:7777:7777:1111 + +sa in 131 cipher_algo aes-128-ctr cipher_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo=20 +sha1-hmac auth_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +transport + +sa in 135 cipher_algo aes-256-cbc cipher_key=20 +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \=20 +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \=20 +mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5 + +sa in 136 cipher_algo aes-256-cbc cipher_key=20 +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 +:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac auth_key=20 +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode=20 +transport + +sa in 145 cipher_algo aes-128-ctr cipher_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo=20 +sha1-hmac auth_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6 + +sa in 146 cipher_algo aes-128-ctr cipher_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo=20 +sha1-hmac auth_key=20 +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode=20 +ipv6-tunnel \ src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \ dst=20 +aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 + + +#Routing rules +rt ipv4 dst 172.16.2.5/32 port 0 +rt ipv4 dst 172.16.2.6/32 port 0 +rt ipv4 dst 192.168.175.0/24 port 0 +rt ipv4 dst 192.168.176.0/24 port 0 +rt ipv4 dst 192.168.240.0/24 port 0 +rt ipv4 dst 192.168.241.0/24 port 0 +rt ipv4 dst 192.168.115.0/24 port 0 +rt ipv4 dst 192.168.116.0/24 port 0 +rt ipv4 dst 192.168.65.0/24 port 0 +rt ipv4 dst 192.168.66.0/24 port 0 +rt ipv4 dst 192.168.185.0/24 port 0 +rt ipv4 dst 192.168.186.0/24 port 0 +rt ipv4 dst 192.168.210.0/24 port 0 +rt ipv4 dst 192.168.211.0/24 port 0 +rt ipv4 dst 192.168.245.0/24 port 0 +rt ipv4 dst 192.168.246.0/24 port 0 +rt ipv4 dst 192.168.26.0/24 port 0 +rt ipv4 dst 192.168.76.0/24 port 0 +rt ipv4 dst 192.168.35.0/24 port 0 +rt ipv4 dst 192.168.85.0/24 port 0 +rt ipv4 dst 192.168.86.0/24 port 0 +rt ipv4 dst 192.168.135.0/24 port 0 +rt ipv4 dst 192.168.136.0/24 port 0 + +rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0 rt ipv6=20 +dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0 rt ipv6 dst=20 +5555:5555:5555:5555:5555:5555:5555:2222/116 port 0 rt ipv6 dst=20 +2222:2222:2222:2222:2222:2222:2222:5555/116 port 0 rt ipv6 dst=20 +2222:2222:2222:2222:2222:2222:2222:6666/116 port 0 rt ipv6 dst=20 +0000:1111:1111:1111:8888:8888:0000:1111/116 port 0 rt ipv6 dst=20 +0000:1111:1111:1111:9999:9999:0000:0000/116 port 0 rt ipv6 dst=20 +0000:1111:1111:1111:0000:0000:0000:1111/116 port 0 rt ipv6 dst=20 +0000:1111:1111:1111:1111:1111:0000:1111/116 port 0 rt ipv6 dst=20 +0000:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst=20 +0000:1111:1111:1111:1111:1111:0000:0000/116 port 0 rt ipv6 dst=20 +0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0 rt ipv6 dst=20 +0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0 + +rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0 rt ipv6=20 +dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0 rt ipv6 dst=20 +ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0 rt ipv6 dst=20 +ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0 rt ipv6 dst=20 +ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst=20 +ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0 diff --git a/tests/TestSuite_ipsec_gw_cryptodev_func.py b/tests/TestSuite_i= psec_gw_cryptodev_func.py new file mode 100644 index 0000000..dc49577 --- /dev/null +++ b/tests/TestSuite_ipsec_gw_cryptodev_func.py @@ -0,0 +1,652 @@ +# BSD LICENSE +# +# Copyright(c) 2016-2017 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without #=20 +modification, are permitted provided that the following conditions #=20 +are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS #=20 +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #=20 +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR #=20 +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT #=20 +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, #=20 +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #=20 +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, #=20 +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY #=20 +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #=20 +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE #=20 +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import hmac +import hashlib +import binascii +import time +import utils +from test_case import TestCase +from packet import Packet, save_packets + +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms,=20 +modes from cryptography.hazmat.primitives.ciphers.aead import AESCCM,=20 +AESGCM from cryptography.hazmat.backends import default_backend + +import cryptodev_common as cc + +class TestIPsecGW(TestCase): + + def set_up_all(self): + + self.core_config =3D "1S/2C/1T" + self.number_of_ports =3D 1 + self.dut_ports =3D self.dut.get_ports(self.nic) + self.verify(len(self.dut_ports) >=3D self.number_of_ports, + "Not enough ports for " + self.nic) + self.ports_socket =3D self.dut.get_numa_id(self.dut_ports[0]) + + self.logger.info("core config =3D " + self.core_config) + self.logger.info("number of ports =3D " + str(self.number_of_ports= )) + self.logger.info("dut ports =3D " + str(self.dut_ports)) + self.logger.info("ports_socket =3D " + str(self.ports_socket)) + + # Generally, testbed should has 4 ports NIC, like, + # 03:00.0 03:00.1 03:00.2 03:00.3 + # This test case will + # - physical link is 03:00.0 <-> 03:00.1 and 03:00.2 <-> 03:00.3 + # - bind 03:00.0 and 03:00.2 to ipsec-secgw app + # - send test packet from 03:00.3 + # - receive packet which forwarded by ipsec-secgw from 03:00.0 + # - configure port and peer in dts port.cfg + self.tx_port =3D self.tester.get_local_port(self.dut_ports[1]) + self.rx_port =3D self.tester.get_local_port(self.dut_ports[0]) + + self.tx_interface =3D self.tester.get_interface(self.tx_port) + self.rx_interface =3D self.tester.get_interface(self.rx_port) + + self.logger.info("tx interface =3D " + self.tx_interface) + self.logger.info("rx interface =3D " + self.rx_interface) + + self._app_path =3D "./examples/ipsec-secgw/build/ipsec-secgw" + if not cc.is_build_skip(self): + cc.build_dpdk_with_cryptodev(self) + self.vf_driver =3D self.get_suite_cfg()['vf_driver'] + cc.bind_qat_device(self, self.vf_driver) + + self._default_ipsec_gw_opts =3D { + "config": None, + "P": "", + "p": "0x3", + "f": "local_conf/ipsec_test.cfg", + "u": "0x1" + } + + self._pcap_idx =3D 0 + self.pcap_filename =3D '' + + def set_up(self): + pass + + def tear_down(self): + self.dut.kill_all() + + def tear_down_all(self): + cc.clear_dpdk_config(self) + + def test_qat_aes_128_cbc_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_cbc_ipv4_tunnel") + self.pcap_filename =3D "test_qat_aes_128_cbc_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_256_cbc_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_256_cbc_ipv4_tunnel") + self.pcap_filename =3D "test_qat_aes_256_cbc_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_gcm_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_gcm_ipv4_tunnel") + self.pcap_filename =3D "test_qat_aes_gcm_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_ctr_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_ctr_ipv4_tunnel") + self.pcap_filename =3D "test_qat_aes_128_ctr_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_ctr_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_ctr_ipv6_tunnel") + self.pcap_filename =3D "test_qat_aes_128_ctr_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_ctr_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_ctr_ipv4_transport") + self.pcap_filename =3D "test_qat_aes_128_ctr_ipv4_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_ctr_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_ctr_ipv6_transport") + self.pcap_filename =3D "test_qat_aes_128_ctr_ipv6_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_null_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_null_ipv4_tunnel") + self.pcap_filename =3D "test_qat_null_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_128_cbc_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_cbc_ipv4_transport") + self.pcap_filename =3D "test_qat_aes_128_cbc_ipv4_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_256_cbc_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_256_cbc_ipv4_transport") + self.pcap_filename =3D "test_qat_aes_256_cbc_ipv4_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_gcm_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_gcm_ipv4_transport") + self.pcap_filename =3D "test_qat_aes_gcm_ipv4_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_qat_aes_128_cbc_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_cbc_ipv6_tunnel") + self.pcap_filename =3D "test_qat_aes_128_cbc_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_256_cbc_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_256_cbc_ipv6_tunnel") + self.pcap_filename =3D "test_qat_aes_256_cbc_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_gcm_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_gcm_ipv6_tunnel") + self.pcap_filename =3D "test_qat_aes_gcm_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_null_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_null_ipv6_tunnel") + self.pcap_filename =3D "test_qat_null_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_128_cbc_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_128_cbc_ipv6_transport") + self.pcap_filename =3D "test_qat_aes_128_cbc_ipv6_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_256_cbc_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_256_cbc_ipv6_transport") + self.pcap_filename =3D "test_qat_aes_256_cbc_ipv6_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_qat_aes_gcm_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test qat_aes_gcm_ipv6_transport") + self.pcap_filename =3D "test_qat_aes_gcm_ipv6_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_cbc_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_cbc_ipv4_tunnel") + self.pcap_filename =3D "test_sw_aes_128_cbc_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_256_cbc_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_256_cbc_ipv4_tunnel") + self.pcap_filename =3D "test_sw_aes_256_cbc_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_gcm_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_gcm_ipv4_tunnel") + self.pcap_filename =3D "test_sw_aes_gcm_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_null_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_null_ipv4_tunnel") + self.pcap_filename =3D "test_sw_null_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_128_cbc_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_cbc_ipv4_transport") + self.pcap_filename =3D "test_sw_aes_128_cbc_ipv4_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_256_cbc_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_256_cbc_ipv4_transport") + self.pcap_filename =3D "test_sw_aes_256_cbc_ipv4_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_gcm_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_gcm_ipv4_transport") + self.pcap_filename =3D "test_sw_aes_gcm_ipv4_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_cbc_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_cbc_ipv6_tunnel") + self.pcap_filename =3D "test_sw_aes_128_cbc_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_256_cbc_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_256_cbc_ipv6_tunnel") + self.pcap_filename =3D "test_sw_aes_256_cbc_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_gcm_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_gcm_ipv6_tunnel") + self.pcap_filename =3D "test_sw_aes_gcm_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_null_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_null_ipv6_tunnel") + self.pcap_filename =3D "test_sw_null_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_128_cbc_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_cbc_ipv6_transport") + self.pcap_filename =3D "test_sw_aes_128_cbc_ipv6_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_256_cbc_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_256_cbc_ipv6_transport") + self.pcap_filename =3D "test_sw_aes_256_cbc_ipv6_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + + self.verify(result, "FAIL") + + def test_sw_aes_gcm_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_gcm_ipv6_transport") + self.pcap_filename =3D "test_sw_aes_gcm_ipv6_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_ctr_ipv4_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_ctr_ipv4_tunnel") + self.pcap_filename =3D "test_sw_aes_128_ctr_ipv4_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_ctr_ipv6_tunnel(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_ctr_ipv6_tunnel") + self.pcap_filename =3D "test_sw_aes_128_ctr_ipv6_tunnel" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_ctr_ipv4_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_ctr_ipv4_transport") + self.pcap_filename =3D "test_sw_aes_128_ctr_ipv4_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def test_sw_aes_128_ctr_ipv6_transport(self): + if cc.is_test_skip(self): + return + + self.logger.info("Test sw_aes_128_ctr_ipv6_transport") + self.pcap_filename =3D "test_sw_aes_128_ctr_ipv6_transport" + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() + self.logger.debug(ipsec_gw_opt_str) + + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) + self.verify(result, "FAIL") + + def _get_ipsec_gw_opt_str(self, override_ipsec_gw_opts=3D{}): + return cc.get_opt_str(self, self._default_ipsec_gw_opts, + override_ipsec_gw_opts) + + def _execute_ipsec_gw_test(self, ipsec_gw_opt_str): + result =3D True + eal_opt_str =3D cc.get_eal_opt_str(self) + + cmd_str =3D cc.get_dpdk_app_cmd_str(self._app_path, eal_opt_str, i= psec_gw_opt_str) + self.logger.info("IPsec-gw cmd: " + cmd_str) + self.dut.send_expect(cmd_str, "IPSEC:", 30) + time.sleep(3) + inst =3D self.tester.tcpdump_sniff_packets(self.rx_interface,=20 + timeout=3D25) + + PACKET_COUNT =3D 65 + payload =3D 256 * ['11'] + + case_cfgs =3D self.get_case_cfg() + dst_ip =3D case_cfgs["dst_ip"] + src_ip =3D case_cfgs["src_ip"] + expected_dst_ip =3D case_cfgs["expected_dst_ip"] + expected_src_ip =3D case_cfgs["expected_src_ip"] + expected_spi =3D case_cfgs["expected_spi"] + expected_length =3D case_cfgs["expected_length"] + #expected_data =3D case_cfgs["expected_data"] + + pkt =3D Packet() + if len(dst_ip)<=3D15: + pkt.assign_layers(["ether", "ipv4", "udp", "raw"]) + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": = "52:00:00:00:00:01"}) + pkt.config_layer("ipv4", {"src": src_ip, "dst": dst_ip}) + else: + pkt.assign_layers(["ether", "ipv6", "udp", "raw"]) + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": = "52:00:00:00:00:01"}) + pkt.config_layer("ipv6", {"src": src_ip, "dst": dst_ip}) + pkt.config_layer("udp", {"dst": 0}) + pkt.config_layer("raw", {"payload": payload}) + pkt.send_pkt(tx_port=3Dself.tx_interface, count=3DPACKET_COUNT) + + pkt_rec =3D self.tester.load_tcpdump_sniff_packets(inst) + + pcap_filename =3D "output/{0}.pcap".format(self.pcap_filename) + self.logger.info("Save pkts to {0}".format(pcap_filename)) + save_packets(pkt_rec, pcap_filename) + self._pcap_idx =3D self._pcap_idx + 1 + + if len(pkt_rec) =3D=3D 0: + self.logger.error("IPsec forwarding failed") + result =3D False + + for pkt_r in pkt_rec: + pkt_src_ip =3D pkt_r.pktgen.strip_layer3("src") + if pkt_src_ip !=3D expected_src_ip: + pkt_r.pktgen.pkt.show() + self.logger.error("SRC IP does not match. Pkt:{0}, Expecte= d:{1}".format( + pkt_src_ip, expected_src_ip)) + result =3D False + break + + pkt_dst_ip =3D pkt_r.pktgen.strip_layer3("dst") + self.logger.debug(pkt_dst_ip) + if pkt_dst_ip !=3D expected_dst_ip: + pkt_r.pktgen.pkt.show() + self.logger.error("DST IP does not match. Pkt:{0}, Expecte= d:{1}".format( + pkt_dst_ip, expected_dst_ip)) + result =3D False + break + + packet_hex =3D pkt_r.pktgen.pkt["ESP"].getfieldval("data") + if packet_hex is None: + self.logger.error("NO Payload !") + result =3D False + break + payload_str =3D binascii.b2a_hex(packet_hex) + self.logger.debug(payload_str) + + pkt_spi =3D hex(pkt_r.pktgen.pkt["ESP"].getfieldval("spi")) + self.logger.debug(pkt_spi) + if pkt_spi !=3D expected_spi: + self.logger.error("SPI does not match. Pkt:{0}, Expected:{= 1}".format( + pkt_spi, expected_spi)) + result =3D False + break + + pkt_len =3D len(payload_str)/2 + self.logger.debug(pkt_len) + if pkt_len !=3D int(expected_length): + self.logger.error("Packet length does not match. Pkt:{0}, = Expected:{1}".format( + pkt_len, expected_length)) + result =3D False + break + + self.dut.kill_all() + return result -- 2.7.4