From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 867B823D for ; Fri, 29 Dec 2017 10:55:55 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Dec 2017 01:55:54 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,475,1508828400"; d="scan'208";a="190768380" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga006.fm.intel.com with ESMTP; 29 Dec 2017 01:55:54 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.319.2; Fri, 29 Dec 2017 01:55:54 -0800 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.159]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.218]) with mapi id 14.03.0319.002; Fri, 29 Dec 2017 17:55:52 +0800 From: "Xu, GangX" To: "Peng, Yuan" , "dts@dpdk.org" CC: "Peng, Yuan" Thread-Topic: [dts] [PATCH V1] add test suite inline_ipsec Thread-Index: AQHTgIoVhrSNHYYYbkCGkLR4zbNCqaNaFU9w Date: Fri, 29 Dec 2017 09:55:52 +0000 Message-ID: <52FE6B2C7B32C541B3B4C691E214F6AB314F8C82@SHSMSX101.ccr.corp.intel.com> References: <1514540896-92174-1-git-send-email-yuan.peng@intel.com> <1514540896-92174-2-git-send-email-yuan.peng@intel.com> In-Reply-To: <1514540896-92174-2-git-send-email-yuan.peng@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH V1] add test suite inline_ipsec X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2017 09:55:56 -0000 Please Ignore this file -----Original Message----- From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of Peng Yuan Sent: Friday, December 29, 2017 5:48 PM To: dts@dpdk.org Cc: Peng, Yuan Subject: [dts] [PATCH V1] add test suite inline_ipsec Signed-off-by: Peng Yuan --- tests/TestSuite_inline_ipsec.py | 405 ++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 405 insertions(+) create mode 100644 tests/TestSuite_inline_ipsec.py diff --git a/tests/TestSuite_inline_ipsec.py b/tests/TestSuite_inline_ipsec= .py new file mode 100644 index 0000000..ba90caf --- /dev/null +++ b/tests/TestSuite_inline_ipsec.py @@ -0,0 +1,405 @@ +# BSD LICENSE +# +# Copyright(c) 2010-2017 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without #=20 +modification, are permitted provided that the following conditions #=20 +are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS #=20 +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #=20 +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR #=20 +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT #=20 +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, #=20 +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #=20 +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, #=20 +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY #=20 +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #=20 +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE #=20 +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +""" +DPDK Test suite. +Test inline_ipsec. +""" + +import utils +import string +import time +import re +import threading +from test_case import TestCase +import getopt +from scapy.all import * + +ETHER_STANDARD_MTU =3D 1518 +ETHER_JUMBO_FRAME_MTU =3D 9000 + + +class TestInlineIpsec(TestCase): + + def set_up_all(self): + """ + Run at the start of each test suite. + """ + self.verify(self.nic in ["niantic"], "%s NIC not support" % self.n= ic) + self.dut_ports =3D self.dut.get_ports(self.nic) + self.verify(len(self.dut_ports) >=3D 2, "Insufficient ports") + cores =3D self.dut.get_core_list("1S/4C/1T") + self.coremask =3D utils.create_mask(cores) + + # get test port info + self.rxport =3D self.tester.get_local_port(1) + self.txport =3D self.tester.get_local_port(0) + self.rxItf =3D self.tester.get_interface(self.rxport) + self.txItf =3D self.tester.get_interface(self.txport) + # get dut port pci + self.portpci_0 =3D self.dut.get_port_pci(self.dut_ports[0]) + self.portpci_1 =3D self.dut.get_port_pci(self.dut_ports[1]) + + # enable tester mtu + self.rxnetobj =3D self.tester.ports_info[self.rxport]['port'] + self.rxnetobj.enable_jumbo(framesize=3DETHER_JUMBO_FRAME_MTU + 100= ) + self.txnetobj =3D self.tester.ports_info[self.txport]['port'] + self.txnetobj.enable_jumbo(framesize=3DETHER_JUMBO_FRAME_MTU +=20 + 100) + + self.path =3D "./examples/ipsec-secgw/build/ipsec-secgw" + # add print code in IPSEC app + sedcmd =3D r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, portid= );/i\\printf("[debug]receive %hhu packet in rxqueueid=3D%hhu\\n",nb_rx, que= ueid);' examples/ipsec-secgw/ipsec-secgw.c""" + self.dut.send_expect(sedcmd, "#", 60) + + # build sample app + out =3D self.dut.build_dpdk_apps("./examples/ipsec-secgw") + self.verify("Error" not in out, "compilation error 1") + self.verify("No such file" not in out, "compilation error 2") + + self.cfg_prepare() + + def set_up(self): + """ + Run before each test case. + """ + pass + + def cfg_prepare(self): + """ + write the inline_ipsec configuration file + """ + enc =3D """ +#SP IPv4 rules +sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535=20 +dport 0:65535 + +#SA rules +sa out 1005 aead_algo aes-128-gcm aead_key=20 +2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type=20 +inline-crypto-offload \ + +#Routing rules +rt ipv4 dst 172.16.2.5/32 port 1 +""" + dec =3D """ +#SA rules +sa in 5 aead_algo aes-128-gcm aead_key=20 +2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type=20 +inline-crypto-offload \ + +#Routing rules +rt ipv4 dst 192.168.105.10/32 port 0 +""" + enc_rss =3D """ +#SP IPv4 rules +sp ipv4 out esp protect 1002 pri 1 dst 192.168.102.0/24 sport 0:65535=20 +dport 0:65535 + +sa out 1002 aead_algo aes-128-gcm aead_key=20 +2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.31.35 dst 172.16.32.35 \ port_id 1 \ type=20 +inline-crypto-offload \ + +#Routing rules +rt ipv4 dst 172.16.32.35/32 port 1 +""" + dec_rss =3D """ +#SA rules +sa in 3 aead_algo aes-128-gcm aead_key=20 +2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.21.25 dst 172.16.22.25 \ port_id 1 \ type=20 +inline-crypto-offload \ + +#Routing rules +rt ipv4 dst 192.168.105.10/32 port 0 +""" + dec_wrong_key =3D """ +#SA rules +sa in 5 aead_algo aes-128-gcm aead_key=20 +2f:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type=20 +inline-crypto-offload \ + +#Routing rules +rt ipv4 dst 192.168.105.10/32 port 0 +""" + enc_dec =3D """ +#SP IPv4 rules +sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535=20 +dport 0:65535 + +#SA rules +sa out 1005 aead_algo aes-128-gcm aead_key=20 +2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type=20 +inline-crypto-offload \ + +sa in 5 aead_algo aes-128-gcm aead_key=20 +2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode=20 +ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ type=20 +inline-crypto-offload \ + +#Routing rules +rt ipv4 dst 172.16.2.5/32 port 1 +rt ipv4 dst 192.168.105.10/32 port 0 +""" + self.set_cfg('enc.cfg', enc) + self.set_cfg('dec.cfg', dec) + self.set_cfg('enc_rss.cfg', enc_rss) + self.set_cfg('dec_rss.cfg', dec_rss) + self.set_cfg('enc_dec.cfg', enc_dec) + self.set_cfg('dec_wrong_key.cfg', dec_wrong_key) + + def set_cfg(self, filename, cfg): + """ + open file and write cfg, scp it to dut /root/dpdk/ =20 + """ + with open(filename, 'w') as f: + f.write(cfg) + self.dut.session.copy_file_to(filename, '/root/dpdk/') + + def send_encryption_package(self, intface, paysize=3D64, do_encrypt=3D= False, send_spi=3D5, count=3D1, mydst=3D'192.168.105.10', sa_src=3D'172.16.= 1.5', sa_dst=3D'172.16.2.5'): + """ + make a package and send=20 + """ + test =3D 'test-' * 2000 + payload =3D test[0:int(paysize)] + sa_gcm =3D SecurityAssociation(ESP, spi=3Dsend_spi, + crypt_algo=3D'AES-GCM', + crypt_key=3D'\x2b\x7e\x15\x16\x28\xae= \xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef', + auth_algo=3D'NULL', auth_key=3DNone, + tunnel_header=3DIP(src=3Dsa_src, dst= =3Dsa_dst)) + sa_gcm.crypt_algo.icv_size =3D 16 + + p =3D IP(src=3D'192.168.105.10', dst=3Dmydst) + p /=3D "|->" + p /=3D payload + p /=3D "<-|" + p =3D IP(str(p)) + + if do_encrypt =3D=3D True: + print "send encrypt package" + e =3D sa_gcm.encrypt(p) + else: + print "send normal package" + e =3D p + + eth_e =3D Ether() / e + eth_e.src =3D "52:54:00:21:68:1c" + eth_e.dst =3D "52:54:00:16:f6:b0" + session_send =3D self.tester.create_session( + name=3D'send_encryption_package') + sendp(eth_e, iface=3Dintface, count=3Dcount) + self.tester.destroy_session(session_send) + + return payload + + def Ipsec_Encryption(self, config, file_name, txItf, rxItf, paysize=3D= 32, jumboframe=3D1518, do_encrypt=3DFalse, verify=3DTrue, send_spi=3D5, rec= eive_spi=3D1005, count=3D1, mydst=3D'192.168.105.10', sa_src=3D'172.16.1.5'= , sa_dst=3D'172.16.2.5'): + """ + verify Ipsec receive package + """ + cmd =3D self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --= log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config=3D'%s' -= f %s" % ( + self.portpci_0, self.portpci_1, jumboframe, config, file_name) + self.dut.send_expect(cmd, "IPSEC", 60) + + session_receive =3D self.tester.create_session( + name=3D'receive_encryption_package') + sa_gcm =3D=20 + r"sa_gcm=3DSecurityAssociation(ESP,spi=3D%s,crypt_algo=3D'AES-GCM',crypt_= key + =3D'\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde + \xad\xbe\xef',auth_algo=3D'NULL',auth_key=3DNone,tunnel_header=3DIP(src= =3D'172 + .16.1.5',dst=3D'172.16.2.5'))" % receive_spi + + session_receive.send_expect("scapy", "Welcome to Scapy", 10) + session_receive.send_expect( + "pkts=3Dsniff(iface=3D'%s',count=3D1,timeout=3D10)" % rxItf, "= ", 30) + send_package =3D self.send_encryption_package( + txItf, paysize, do_encrypt, send_spi, count, mydst, sa_src,=20 + sa_dst) + + time.sleep(10) + out =3D session_receive.send_expect("pkts", "", 30) + if do_encrypt: + out =3D session_receive.send_expect("pkts[0]['IP'] ", ">>>", 1= 0) + else: + session_receive.send_expect(sa_gcm, ">>>", 10) + session_receive.send_expect( + "results=3Dsa_gcm.decrypt(pkts[0]['IP'])", ">>>", 10) + out =3D session_receive.send_expect("results", ">>>", 10) + + if verify: + self.verify(send_package in out, + "Unreceived package or get other package") + else: + self.verify(send_package not in out, + "The function is not in effect") + session_receive.send_expect("quit()", "#", 10) + self.tester.destroy_session(session_receive) + + def test_Ipsec_Encryption(self): + """ + test Ipsec Encryption + """ + config =3D '(0,0,21),(1,0,21)' + paysize =3D random.randint(1, ETHER_STANDARD_MTU) + self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg', + self.txItf, self.rxItf, paysize) + + def test_Ipsec_Encryption_Jumboframe(self): + """ + test Ipsec Encryption Jumboframe + """ + config =3D '(0,0,21),(1,0,21)' + paysize =3D random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_M= TU) + self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg', + self.txItf, self.rxItf, paysize,=20 + ETHER_JUMBO_FRAME_MTU) + + def test_Ipsec_Encryption_Rss(self): + """ + test Ipsec Encryption Rss + """ + config =3D '(0,0,20),(0,1,20),(1,0,21),(1,1,21)' + self.Ipsec_Encryption(config, '/root/dpdk/enc_rss.cfg', self.txItf= , + self.rxItf, send_spi=3D2, receive_spi=3D1002= , mydst=3D'192.168.102.10') + out =3D self.dut.get_session_output() + verifycode =3D "receive 1 packet in rxqueueid=3D1" + self.verify(verifycode in out, "rxqueueid error") + + def test_IPSec_Decryption(self): + """ + test IPSec Decryption + """ + config =3D '(0,0,21),(1,0,21)' + paysize =3D random.randint(1, ETHER_STANDARD_MTU) + self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf, + self.txItf, paysize, do_encrypt=3DTrue,=20 + count=3D2) + + def test_IPSec_Decryption_Jumboframe(self): + """ + test IPSec Decryption Jumboframe + """ + config =3D '(0,0,21),(1,0,21)' + paysize =3D random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_M= TU) + self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf, + self.txItf, paysize,=20 + ETHER_JUMBO_FRAME_MTU, do_encrypt=3DTrue, count=3D2) + + def test_Ipsec_Decryption_Rss(self): + """ + test Ipsec Decryption Rss + """ + config =3D '(0,0,20),(0,1,20),(1,0,21),(1,1,21)' + self.Ipsec_Encryption(config, '/root/dpdk/dec_rss.cfg', self.rxItf= , self.txItf, do_encrypt=3DTrue, + send_spi=3D3, receive_spi=3D1003, count=3D2,= sa_src=3D'172.16.21.25', sa_dst=3D'172.16.22.25') + out =3D self.dut.get_session_output() + verifycode =3D "receive 1 packet in rxqueueid=3D1" + self.verify(verifycode in out, "rxqueueid error") + + def test_Ipsec_Decryption_wrongkey(self): + """ + test Ipsec Decryption wrongkey + """ + config =3D '(0,0,21),(1,0,21)' + paysize =3D random.randint(1, ETHER_STANDARD_MTU) + self.Ipsec_Encryption(config, '/root/dpdk/dec_wrong_key.cfg', self= .rxItf, + self.txItf, paysize, do_encrypt=3DTrue, veri= fy=3DFalse, count=3D2) + out =3D self.dut.get_session_output() + verifycode =3D "IPSEC_ESP: failed crypto op" + self.verify(verifycode in out, "Ipsec Decryption wrongkey=20 + failed") + + def test_Ipsec_Encryption_Decryption(self): + """ + test Ipsec Encryption Decryption + """ + cmd =3D self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --= log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config=3D'%s' -= f %s" % ( + self.portpci_0, self.portpci_1, '1518', '(0,0,21),(1,0,21)', '= /root/dpdk/enc_dec.cfg') + self.dut.send_expect(cmd, "IPSEC", 60) + session_receive =3D self.tester.create_session( + name=3D'receive_encryption_package') + sa_gcm =3D r"sa_gcm=3DSecurityAssociation(ESP, spi=3D1005,crypt_al= go=3D'AES-GCM',crypt_key=3D'\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x8= 8\x09\xcf\x4f\x3d\xde\xad\xbe\xef',auth_algo=3D'NULL', auth_key=3DNone,tunn= el_header=3DIP(src=3D'172.16.1.5', dst=3D'172.16.2.5'))" + + session_receive.send_expect("scapy", "Welcome to Scapy", 60) + session_receive.send_expect(sa_gcm, ">>>", 60) + session_receive.send_expect( + "pkts=3Dsniff(iface=3D'%s',count=3D3)" % self.rxItf, "", 60) + session_receive2 =3D self.tester.create_session( + name=3D'receive_encryption_package2') + + session_receive2.send_expect("scapy", "Welcome to Scapy", 60) + session_receive2.send_expect(sa_gcm, ">>>", 60) + session_receive2.send_expect( + "pkts=3Dsniff(iface=3D'%s',count=3D2)" % self.txItf, "", 60) + + payload =3D "test for Ipsec Encryption Decryption simultaneously" + sa_gcm =3D SecurityAssociation(ESP, spi=3D5, + crypt_algo=3D'AES-GCM', + crypt_key=3D'\x2b\x7e\x15\x16\x28\xae= \xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef', + auth_algo=3D'NULL', auth_key=3DNone, + tunnel_header=3DIP(src=3D'172.16.1.5'= , dst=3D'172.16.2.5')) + sa_gcm.crypt_algo.icv_size =3D 16 + + p =3D IP(src=3D'192.168.105.10', dst=3D'192.168.105.10') + p /=3D "|->" + p /=3D payload + p /=3D "<-|" + p =3D IP(str(p)) + + e1 =3D sa_gcm.encrypt(p) + e2 =3D p + + eth_e1 =3D Ether() / e1 + eth_e1.src =3D "52:54:00:21:68:1c" + eth_e1.dst =3D "52:54:00:16:f6:b0" + eth_e2 =3D Ether() / e2 + eth_e2.src =3D "52:54:00:21:68:1c" + eth_e2.dst =3D "52:54:00:16:f6:b0" + + t1 =3D threading.Thread(target=3Dsendp(eth_e1, iface=3Dself.rxItf,= count=3D2)) + t1.start() + t2 =3D threading.Thread(target=3Dsendp(eth_e2, iface=3Dself.txItf,= count=3D1)) + t2.start() + session_receive.send_expect("^C", ">>>", 60) + session_receive2.send_expect("^C", ">>>", 60) + session_receive.send_expect( + "results=3Dsa_gcm.decrypt(pkts[2]['IP'])", ">>>", 60) + out =3D session_receive.send_expect("results", ">>>", 60) + self.verify(payload in out, "Get a error package") + out =3D session_receive2.send_expect("pkts[1]", ">>>", 60) + self.verify(payload in out, "Get a error package") + + def tear_down(self): + """ + Run after each test case. + """ + self.tester.send_expect("^C", "#", 5) + self.dut.kill_all() + time.sleep(2) + + def tear_down_all(self): + """ + Run after each test suite. + """ + self.rxnetobj.enable_jumbo(framesize=3DETHER_STANDARD_MTU) + self.txnetobj.enable_jumbo(framesize=3DETHER_STANDARD_MTU) -- 1.9.3