From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id D1CC9A05D3 for ; Wed, 22 May 2019 11:32:21 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 906D710BD; Wed, 22 May 2019 11:32:21 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 8F9BE3DC for ; Wed, 22 May 2019 11:32:19 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 May 2019 02:32:18 -0700 X-ExtLoop1: 1 Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga005.jf.intel.com with ESMTP; 22 May 2019 02:32:18 -0700 Received: from fmsmsx154.amr.corp.intel.com (10.18.116.70) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 22 May 2019 02:32:17 -0700 Received: from shsmsx153.ccr.corp.intel.com (10.239.6.53) by FMSMSX154.amr.corp.intel.com (10.18.116.70) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 22 May 2019 02:32:17 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.70]) by SHSMSX153.ccr.corp.intel.com ([169.254.12.150]) with mapi id 14.03.0415.000; Wed, 22 May 2019 17:32:15 +0800 From: "Xiao, QimaiX" To: "Li, WenjieX A" , "dts@dpdk.org" Thread-Topic: [dts] [PATCH V1] update inline_ipsec to test dpdk19.05 Thread-Index: AQHVBKUdP/zNdpDndkaTPbpizaIgMKZ28y3w Date: Wed, 22 May 2019 09:32:15 +0000 Message-ID: <5C5FA1EBCC0D164EAD0302E258A5234B6FB4C8@SHSMSX103.ccr.corp.intel.com> References: <1556269093-11234-1-git-send-email-qimaix.xiao@intel.com> <8688172CD5C0B74590FAE19D9579F94B536E1A9D@SHSMSX103.ccr.corp.intel.com> In-Reply-To: <8688172CD5C0B74590FAE19D9579F94B536E1A9D@SHSMSX103.ccr.corp.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH V1] update inline_ipsec to test dpdk19.05 X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dts-bounces@dpdk.org Sender: "dts" Hi, wenjie: This case depend on PyCryptodome, ,it provide authenticated encryption mode= s(GCM). And due to scapy lower than 2.3.3 lack of some crypto modules, therefor thi= s case can only run on tester with scapy 2.3.3 or later. I've submitted a patch to update its test plan to specify the dependences i= nfo. Best Regards, Xiao,qiami -----Original Message----- From: Li, WenjieX A=20 Sent: Tuesday, May 7, 2019 3:19 PM To: Xiao, QimaiX ; dts@dpdk.org Cc: Xiao, QimaiX Subject: RE: [dts] [PATCH V1] update inline_ipsec to test dpdk19.05 Hi Qimai, 1. Please do not change script like this: > -import utils > -import time ... > +import time > +import utils 2. You are using scapy 2.4.2. Does this script still work with scapy 2.2.* = or 2.3.*? Scapy 2.4.2 can cause below error with current dts(dep/Dot1BR.py= ). "dts: name 'ETHER_TYPES' is not defined Traceback (most recent call last): File "./main.py", line 162, in args.debug, args.debugcase, args.re_run, args.commands) File "/home/autoregression/dts/framework/dts.py", line 563, in run_all dts_run_target(duts, tester, targets, test_suites) File "/home/autoregression/dts/framework/dts.py", line 381, in dts_run_ta= rget dts_run_suite(duts, tester, test_suites, target) File "/home/autoregression/dts/framework/dts.py", line 435, in dts_run_su= ite suite_obj.execute_tear_downall() UnboundLocalError: local variable 'suite_obj' referenced before assignment dts: DTS ended " Thank you! BR, Wenjie > -----Original Message----- > From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of xiao,qimai > Sent: Friday, April 26, 2019 4:58 PM > To: dts@dpdk.org > Cc: Xiao, QimaiX > Subject: [dts] [PATCH V1] update inline_ipsec to test dpdk19.05 >=20 > 1.remove unused imports > 2.add some steps to verfiy encrypt package 3.upadte verify message of=20 > decrypt with wrong key >=20 > Signed-off-by: xiao,qimai > --- > tests/TestSuite_inline_ipsec.py | 86=20 > +++++++++++++++++++++++---------- > 1 file changed, 60 insertions(+), 26 deletions(-) >=20 > diff --git a/tests/TestSuite_inline_ipsec.py=20 > b/tests/TestSuite_inline_ipsec.py index 1813c08..369d4f0 100644 > --- a/tests/TestSuite_inline_ipsec.py > +++ b/tests/TestSuite_inline_ipsec.py > @@ -35,14 +35,13 @@ DPDK Test suite. > Test inline_ipsec. > """ >=20 > -import utils > -import string > -import time > +import random > import re > -import threading > +import time > + > +import utils > +from scapy.all import ESP, IP, Ether, sendp, SecurityAssociation > from test_case import TestCase > -import getopt > -from scapy.all import * >=20 > ETHER_STANDARD_MTU =3D 1518 > ETHER_JUMBO_FRAME_MTU =3D 9000 > @@ -51,9 +50,10 @@ ETHER_JUMBO_FRAME_MTU =3D 9000 class > TestInlineIpsec(TestCase): > """ > This suite depend PyCryptodome,it provide authenticated=20 > encryption > modes(GCM) > - my environment:asn1crypto (0.22.0), pycryptodome (3.4.7), pycryptodo= mex > (3.4.7), > - pycryptopp > (0.6.0.1206569328141510525648634803928199668821045408958), scapy > (2.3.3.dev623) > + my environment:cryptography (1.7.2), pycryptodome (3.4.7),=20 > + pycryptodomex > (3.4.7), > + pycryptopp > + (0.6.0.1206569328141510525648634803928199668821045408958), scapy > + (2.4.2) > """ > + > def set_up_all(self): > """ > Run at the start of each test suite. > @@ -86,7 +86,7 @@ class TestInlineIpsec(TestCase): >=20 > self.path =3D "./examples/ipsec-secgw/build/ipsec-secgw" > # add print code in IPSEC app > - sedcmd =3D r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, > portid);/i\\printf("[debug]receive %hhu packet in=20 > rxqueueid=3D%hhu\\n",nb_rx, queueid);' examples/ipsec-secgw/ipsec-secgw.c= """ > + sedcmd =3D r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, > portid);/i\\t\t\t\tprintf("[debug]receive %hhu packet in=20 > rxqueueid=3D%hhu\\n",nb_rx, queueid);' examples/ipsec-secgw/ipsec-secgw.c= """ > self.dut.send_expect(sedcmd, "#", 60) >=20 > # build sample app > @@ -165,7 +165,8 @@ class TestInlineIpsec(TestCase): > f.write(cfg) > self.dut.session.copy_file_to(filename, self.dut.base_dir) >=20 > - def send_encryption_package(self, intf, paysize=3D64, do_encrypt=3DF= alse, > send_spi=3D5, count=3D1, inner_dst=3D'192.168.105.10', sa_src=3D'172.16.1= .5', > sa_dst=3D'172.16.2.5'): > + def send_encryption_package(self, intf, paysize=3D64,=20 > + do_encrypt=3DFalse, > send_spi=3D5, count=3D1, > + inner_dst=3D'192.168.105.10',=20 > + sa_src=3D'172.16.1.5', > sa_dst=3D'172.16.2.5'): > """ > prepare a packet and send > """ > @@ -184,6 +185,8 @@ class TestInlineIpsec(TestCase): >=20 > if do_encrypt =3D=3D True: > print "send encrypt package" > + print("before encrypt, the package info is like below: ") > + p.show() > e =3D sa_gcm.encrypt(p) > else: > print "send normal package" > @@ -196,14 +199,15 @@ class TestInlineIpsec(TestCase): > name=3D'send_encryption_package') > sendp(eth_e, iface=3Dintf, count=3Dcount) > self.tester.destroy_session(session_send) > + return payload, p.src, p.dst >=20 > - return payload > - > - def Ipsec_Encryption(self, config, file_name, txItf, rxItf, paysize= =3D32, > jumboframe=3D1518, do_encrypt=3DFalse, verify=3DTrue, send_spi=3D5,=20 > receive_spi=3D1005, count=3D1, inner_dst=3D'192.168.105.10',=20 > sa_src=3D'172.16.1.5', > sa_dst=3D'172.16.2.5'): > + def Ipsec_Encryption(self, config, file_name, txItf, rxItf,=20 > + paysize=3D32, > jumboframe=3D1518, do_encrypt=3DFalse, > + verify=3DTrue, send_spi=3D5, receive_spi=3D1005= ,=20 > + count=3D1, > inner_dst=3D'192.168.105.10', > + sa_src=3D'172.16.1.5', sa_dst=3D'172.16.2.5'): > """ > verify Ipsec receive package > """ > - cmd =3D self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' = --log-level 8 -- > socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config=3D'%s' -f %s" % ( > + cmd =3D self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' > + --log-level 8 --socket-mem 1024,1024 -- -p 0xf -P -u 0x2 -j %s=20 > + --config=3D'%s' -f %s" % ( > self.portpci_0, self.portpci_1, jumboframe, config, file_nam= e) > self.dut.send_expect(cmd, "IPSEC", 60) >=20 > @@ -213,25 +217,40 @@ class TestInlineIpsec(TestCase): >=20 > session_receive.send_expect("scapy", ">>>", 10) > session_receive.send_expect( > - "pkts=3Dsniff(iface=3D'%s',count=3D1,timeout=3D10)" % rxItf,= "", 30) > - send_package =3D self.send_encryption_package( > - txItf, paysize, do_encrypt, send_spi, count, inner_dst, sa_s= rc, sa_dst) > + "pkts=3Dsniff(iface=3D'%s',count=3D1,timeout=3D45)" % rxItf,= "", > + 10) >=20 > - time.sleep(10) > - out =3D session_receive.send_expect("pkts", "", 30) > if do_encrypt: > + send_package =3D self.send_encryption_package( > + txItf, paysize, do_encrypt, send_spi, count, inner_dst, = sa_src, sa_dst) > + time.sleep(45) > + session_receive.send_expect("pkts", "", 30) > out =3D session_receive.send_expect("pkts[0]['IP'] ", ">>>",= 10) > else: > + session_receive2 =3D > self.tester.create_session(name=3D'receive_encryption_package2') > + session_receive2.send_expect("tcpdump -Xvvvi %s -c 1" % rxIt= f, "", 30) > + send_package =3D self.send_encryption_package(txItf,=20 > + paysize, > do_encrypt, send_spi, count, inner_dst, sa_src, > + sa_dst) > + time.sleep(45) > + rev =3D session_receive2.get_session_before() > + print(rev) > + p =3D re.compile(': ESP\(spi=3D0x\w+,seq=3D0x\w+\),') > + res =3D p.search(rev) > + self.verify(res, 'encrypt failed, tcpdump get %s' % rev) > + self.tester.destroy_session(session_receive2) > + session_receive.send_expect("pkts", "", 30) > session_receive.send_expect(sa_gcm, ">>>", 10) > - session_receive.send_expect( > - "results=3Dsa_gcm.decrypt(pkts[0]['IP'])", ">>>", 10) > + time.sleep(2) > + > + session_receive.send_expect("results=3Dsa_gcm.decrypt(pkts[0]['IP'])", > + ">>>", 10) > out =3D session_receive.send_expect("results", ">>>", 10) >=20 > if verify: > - self.verify(send_package in out, > + print('received packet content is %s' % out) > + print('send pkt src ip is %s, dst ip is %s, payload is %s' %= ( > + send_package[1], send_package[2], send_package[0])) > + self.verify(send_package[0] in out, > "Unreceived package or get other package") > else: > - self.verify(send_package not in out, > + self.verify(send_package[0] not in out, > "The function is not in effect") > session_receive.send_expect("quit()", "#", 10) > self.tester.destroy_session(session_receive) > @@ -244,6 +263,7 @@ class TestInlineIpsec(TestCase): > paysize =3D random.randint(1, ETHER_STANDARD_MTU) > self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg', > self.txItf, self.rxItf, paysize) > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Encryption_Jumboframe(self): > """ > @@ -253,6 +273,7 @@ class TestInlineIpsec(TestCase): > paysize =3D random.randint(ETHER_STANDARD_MTU, > ETHER_JUMBO_FRAME_MTU) > self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg', > self.txItf, self.rxItf, paysize,=20 > ETHER_JUMBO_FRAME_MTU) > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Encryption_Rss(self): > """ > @@ -264,6 +285,7 @@ class TestInlineIpsec(TestCase): > out =3D self.dut.get_session_output() > verifycode =3D "receive 1 packet in rxqueueid=3D1" > self.verify(verifycode in out, "rxqueueid error") > + self.dut.send_expect("^C", "#", 5) >=20 > def test_IPSec_Decryption(self): > """ > @@ -273,6 +295,7 @@ class TestInlineIpsec(TestCase): > paysize =3D random.randint(1, ETHER_STANDARD_MTU) > self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf, > self.txItf, paysize, do_encrypt=3DTrue,=20 > count=3D2) > + self.dut.send_expect("^C", "#", 5) >=20 > def test_IPSec_Decryption_Jumboframe(self): > """ > @@ -282,6 +305,7 @@ class TestInlineIpsec(TestCase): > paysize =3D random.randint(ETHER_STANDARD_MTU, > ETHER_JUMBO_FRAME_MTU) > self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf, > self.txItf, paysize,=20 > ETHER_JUMBO_FRAME_MTU, do_encrypt=3DTrue, count=3D2) > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Decryption_Rss(self): > """ > @@ -293,6 +317,7 @@ class TestInlineIpsec(TestCase): > out =3D self.dut.get_session_output() > verifycode =3D "receive 1 packet in rxqueueid=3D1" > self.verify(verifycode in out, "rxqueueid error") > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Decryption_wrongkey(self): > """ > @@ -303,8 +328,10 @@ class TestInlineIpsec(TestCase): > self.Ipsec_Encryption(config, '/root/dpdk/dec_wrong_key.cfg', se= lf.rxItf, > self.txItf, paysize, do_encrypt=3DTrue, ve= rify=3DFalse, count=3D2) > out =3D self.dut.get_session_output() > - verifycode =3D "IPSEC_ESP: failed crypto op" > - self.verify(verifycode in out, "Ipsec Decryption wrongkey failed= ") > + verifycode =3D "IPSEC_ESP: esp_inbound_post() failed crypto op" > + l =3D re.findall(verifycode, out) > + self.verify(len(l) =3D=3D 2, "Ipsec Decryption wrongkey failed") > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Encryption_Decryption(self): > """ > @@ -350,10 +377,17 @@ class TestInlineIpsec(TestCase): > eth_e2 =3D Ether() / e2 > eth_e2.src =3D self.rx_src > eth_e2.dst =3D self.tx_dst > - > + session_receive3 =3D > self.tester.create_session('check_forward_encryption_package') > + session_receive3.send_expect("tcpdump -Xvvvi %s -c 1" % self.rxI= tf, "", 30) > + time.sleep(2) > sendp(eth_e1, iface=3Dself.rxItf, count=3D2) > sendp(eth_e2, iface=3Dself.txItf, count=3D1) > time.sleep(30) > + rev =3D session_receive3.get_session_before() > + print(rev) > + p =3D re.compile(': ESP\(spi=3D0x\w+,seq=3D0x\w+\),') > + res =3D p.search(rev) > + self.verify(res, 'encrypt failed, tcpdump get %s' % rev) > session_receive.send_expect( > "results=3Dsa_gcm.decrypt(pkts[2]['IP'])", ">>>", 60) > out =3D session_receive.send_expect("results", ">>>", 60) > -- > 2.17.0