From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id B7910A05D3 for ; Mon, 25 Mar 2019 06:33:10 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 7582A2BD3; Mon, 25 Mar 2019 06:33:10 +0100 (CET) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id BA5432B9A for ; Mon, 25 Mar 2019 06:33:08 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Mar 2019 22:33:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,256,1549958400"; d="scan'208";a="143537563" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by FMSMGA003.fm.intel.com with ESMTP; 24 Mar 2019 22:33:07 -0700 Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 24 Mar 2019 22:33:07 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 24 Mar 2019 22:33:06 -0700 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.158]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.134]) with mapi id 14.03.0415.000; Mon, 25 Mar 2019 13:33:05 +0800 From: "Wu, ChangqingX" To: "Xiao, QimaiX" , "dts@dpdk.org" CC: "Xiao, QimaiX" Thread-Topic: [dts] [PATCH V1] tests/TestSuite_inline_ipsec:optimize verify encryptio Thread-Index: AQHU4rrp//3WFAcynEqjvTv2jNAugKYb0rNg Date: Mon, 25 Mar 2019 05:33:02 +0000 Message-ID: <7F81DD3887C58F49A6B2EFEC3C28E22E0B6B9747@SHSMSX101.ccr.corp.intel.com> References: <1553484721-81854-1-git-send-email-qimaix.xiao@intel.com> In-Reply-To: <1553484721-81854-1-git-send-email-qimaix.xiao@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH V1] tests/TestSuite_inline_ipsec:optimize verify encryptio X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dts-bounces@dpdk.org Sender: "dts" Tested-by: Wu, ChangqingX -----Original Message----- From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of xiao,qimai Sent: Monday, March 25, 2019 11:32 AM To: dts@dpdk.org Cc: Xiao, QimaiX Subject: [dts] [PATCH V1] tests/TestSuite_inline_ipsec:optimize verify encr= yptio Signed-off-by: xiao,qimai --- tests/TestSuite_inline_ipsec.py | 88 ++++++++++++++++++++++----------- 1 file changed, 59 insertions(+), 29 deletions(-) diff --git a/tests/TestSuite_inline_ipsec.py b/tests/TestSuite_inline_ipsec= .py index 1813c08..b6fdaa8 100644 --- a/tests/TestSuite_inline_ipsec.py +++ b/tests/TestSuite_inline_ipsec.py @@ -28,7 +28,7 @@ # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (= INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF = THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - +#-*- coding:utf-8 -*- =20 """ DPDK Test suite. @@ -36,13 +36,11 @@ Test inline_ipsec. """ =20 import utils -import string import time import re -import threading from test_case import TestCase -import getopt -from scapy.all import * +from scapy.all import ESP, IP, Ether, sendp, SecurityAssociation import=20 +random =20 ETHER_STANDARD_MTU =3D 1518 ETHER_JUMBO_FRAME_MTU =3D 9000 @@ -51,14 +49,14 @@ ETHER_JUMBO_FRAME_MTU =3D 9000 class TestInlineIpsec(T= estCase): """ This suite depend PyCryptodome,it provide authenticated encryption mod= es(GCM) - my environment:asn1crypto (0.22.0), pycryptodome (3.4.7), pycryptodome= x (3.4.7), - pycryptopp (0.6.0.1206569328141510525648634803928199668821045408958), = scapy (2.3.3.dev623) + my environment:cryptography (1.7.2), pycryptodome (3.4.7), pycryptodom= ex (3.4.7), + pycryptopp=20 + (0.6.0.1206569328141510525648634803928199668821045408958), scapy=20 + (2.4.2) """ + def set_up_all(self): """ Run at the start of each test suite. """ - self.verify(self.nic in ["niantic"], "%s NIC not support" % self.n= ic) self.verify(self.drivername in ["vfio-pci"], "%s drivername not su= pport" % self.drivername) self.dut_ports =3D self.dut.get_ports(self.nic) self.verify(len(self.dut_ports) >=3D 2, "Insufficient ports") @@ -= 86,7 +84,7 @@ class TestInlineIpsec(TestCase): =20 self.path =3D "./examples/ipsec-secgw/build/ipsec-secgw" # add print code in IPSEC app - sedcmd =3D r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, portid= );/i\\printf("[debug]receive %hhu packet in rxqueueid=3D%hhu\\n",nb_rx, que= ueid);' examples/ipsec-secgw/ipsec-secgw.c""" + sedcmd =3D r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, portid= );/i\\t\t\t\tprintf("[debug]receive %hhu packet in rxqueueid=3D%hhu\\n",nb_= rx, queueid);' examples/ipsec-secgw/ipsec-secgw.c""" self.dut.send_expect(sedcmd, "#", 60) =20 # build sample app @@ -158,14 +156,15 @@ class TestInlineIpsec(TestCase): =20 def set_cfg(self, filename, cfg): """ - open file and write cfg, scp it to dut base directory =20 + open file and write cfg, scp it to dut base directory """ for i in cfg: with open(filename, 'w') as f: f.write(cfg) self.dut.session.copy_file_to(filename, self.dut.base_dir) =20 - def send_encryption_package(self, intf, paysize=3D64, do_encrypt=3DFal= se, send_spi=3D5, count=3D1, inner_dst=3D'192.168.105.10', sa_src=3D'172.16= .1.5', sa_dst=3D'172.16.2.5'): + def send_encryption_package(self, intf, paysize=3D64, do_encrypt=3DFal= se, send_spi=3D5, count=3D1, + inner_dst=3D'192.168.105.10', sa_src=3D'17= 2.16.1.5', sa_dst=3D'172.16.2.5'): """ prepare a packet and send """ @@ -184,6 +183,8 @@ class TestInlineIpsec(TestCase): =20 if do_encrypt =3D=3D True: print "send encrypt package" + print("before encrypt, the package info is like below: ") + p.show() e =3D sa_gcm.encrypt(p) else: print "send normal package" @@ -196,42 +197,58 @@ class TestInlineIpsec(TestCase): name=3D'send_encryption_package') sendp(eth_e, iface=3Dintf, count=3Dcount) self.tester.destroy_session(session_send) + return payload,p.src,p.dst =20 - return payload - - def Ipsec_Encryption(self, config, file_name, txItf, rxItf, paysize=3D= 32, jumboframe=3D1518, do_encrypt=3DFalse, verify=3DTrue, send_spi=3D5, rec= eive_spi=3D1005, count=3D1, inner_dst=3D'192.168.105.10', sa_src=3D'172.16.= 1.5', sa_dst=3D'172.16.2.5'): + def Ipsec_Encryption(self, config, file_name, txItf, rxItf, paysize=3D= 32, jumboframe=3D1518, do_encrypt=3DFalse, + verify=3DTrue, send_spi=3D5, receive_spi=3D1005, = count=3D1, inner_dst=3D'192.168.105.10', + sa_src=3D'172.16.1.5', sa_dst=3D'172.16.2.5'): """ verify Ipsec receive package """ - cmd =3D self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' --= log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config=3D'%s' -= f %s" % ( + cmd =3D self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null'=20 + --log-level 8 --socket-mem 1024,1024 -- -p 0xf -P -u 0x2 -j %s=20 + --config=3D'%s' -f %s" % ( self.portpci_0, self.portpci_1, jumboframe, config, file_name) self.dut.send_expect(cmd, "IPSEC", 60) =20 session_receive =3D self.tester.create_session( name=3D'receive_encryption_package') + sa_gcm =3D r"sa_gcm=3DSecurityAssociation(ESP,spi=3D%s,crypt_algo= =3D'AES-GCM',crypt_key=3D'\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\= x09\xcf\x4f\x3d\xde\xad\xbe\xef',auth_algo=3D'NULL',auth_key=3DNone,tunnel_= header=3DIP(src=3D'172.16.1.5',dst=3D'172.16.2.5'))" % receive_spi =20 session_receive.send_expect("scapy", ">>>", 10) session_receive.send_expect( - "pkts=3Dsniff(iface=3D'%s',count=3D1,timeout=3D10)" % rxItf, "= ", 30) - send_package =3D self.send_encryption_package( - txItf, paysize, do_encrypt, send_spi, count, inner_dst, sa_src= , sa_dst) + "pkts=3Dsniff(iface=3D'%s',count=3D1,timeout=3D45)" % rxItf, "= ",=20 + 10) =20 - time.sleep(10) - out =3D session_receive.send_expect("pkts", "", 30) if do_encrypt: + send_package =3D self.send_encryption_package( + txItf, paysize, do_encrypt, send_spi, count, inner_dst, sa= _src, sa_dst) + time.sleep(45) + session_receive.send_expect("pkts", "", 30) out =3D session_receive.send_expect("pkts[0]['IP'] ", ">>>", 1= 0) else: + session_receive2 =3D self.tester.create_session(name=3D'receiv= e_encryption_package2') + session_receive2.send_expect("tcpdump -Xvvvi %s -c 1" % rxItf,= "", 30) + send_package =3D self.send_encryption_package(txItf, paysize, = do_encrypt, send_spi, count, inner_dst, sa_src, + sa_dst) + time.sleep(45) + rev =3D session_receive2.get_session_before() + print(rev) + p =3D re.compile(': ESP\(spi=3D0x\w+,seq=3D0x\w+\),') + res =3D p.search(rev) + self.verify(res, 'encrypt failed, tcpdump get %s' % rev) + self.tester.destroy_session(session_receive2) + session_receive.send_expect("pkts", "", 30) session_receive.send_expect(sa_gcm, ">>>", 10) - session_receive.send_expect( - "results=3Dsa_gcm.decrypt(pkts[0]['IP'])", ">>>", 10) + time.sleep(2) + =20 + session_receive.send_expect("results=3Dsa_gcm.decrypt(pkts[0]['IP'])",=20 + ">>>", 10) out =3D session_receive.send_expect("results", ">>>", 10) =20 if verify: - self.verify(send_package in out, + print('received packet content is %s'%out) + print('send pkt src ip is %s, dst ip is %s, payload is %s'%(se= nd_package[1],send_package[2],send_package[0])) + self.verify(send_package[0] in out, "Unreceived package or get other package") else: - self.verify(send_package not in out, + self.verify(send_package[0] not in out, "The function is not in effect") session_receive.send_expect("quit()", "#", 10) self.tester.destroy_session(session_receive) @@ -244,6 +261,7 @@ class TestInlineIpsec(TestCase): paysize =3D random.randint(1, ETHER_STANDARD_MTU) self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg', self.txItf, self.rxItf, paysize) + self.dut.send_expect("^C","#",5) =20 def test_Ipsec_Encryption_Jumboframe(self): """ @@ -253,6 +271,7 @@ class TestInlineIpsec(TestCase): paysize =3D random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_M= TU) self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg', self.txItf, self.rxItf, paysize, ETHER_JUMBO= _FRAME_MTU) + self.dut.send_expect("^C","#",5) =20 def test_Ipsec_Encryption_Rss(self): """ @@ -264,6 +283,7 @@ class TestInlineIpsec(TestCase): out =3D self.dut.get_session_output() verifycode =3D "receive 1 packet in rxqueueid=3D1" self.verify(verifycode in out, "rxqueueid error") + self.dut.send_expect("^C","#",5) =20 def test_IPSec_Decryption(self): """ @@ -273,6 +293,7 @@ class TestInlineIpsec(TestCase): paysize =3D random.randint(1, ETHER_STANDARD_MTU) self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf, self.txItf, paysize, do_encrypt=3DTrue, coun= t=3D2) + self.dut.send_expect("^C","#",5) =20 def test_IPSec_Decryption_Jumboframe(self): """ @@ -282,6 +303,7 @@ class TestInlineIpsec(TestCase): paysize =3D random.randint(ETHER_STANDARD_MTU, ETHER_JUMBO_FRAME_M= TU) self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf, self.txItf, paysize, ETHER_JUMBO_FRAME_MTU, = do_encrypt=3DTrue, count=3D2) + self.dut.send_expect("^C","#",5) =20 def test_Ipsec_Decryption_Rss(self): """ @@ -293,6 +315,7 @@ class TestInlineIpsec(TestCase): out =3D self.dut.get_session_output() verifycode =3D "receive 1 packet in rxqueueid=3D1" self.verify(verifycode in out, "rxqueueid error") + self.dut.send_expect("^C","#",5) =20 def test_Ipsec_Decryption_wrongkey(self): """ @@ -304,7 +327,9 @@ class TestInlineIpsec(TestCase): self.txItf, paysize, do_encrypt=3DTrue, veri= fy=3DFalse, count=3D2) out =3D self.dut.get_session_output() verifycode =3D "IPSEC_ESP: failed crypto op" - self.verify(verifycode in out, "Ipsec Decryption wrongkey failed") + l=3Dre.findall(verifycode,out) + self.verify(len(l)=3D=3D2, "Ipsec Decryption wrongkey failed") + self.dut.send_expect("^C","#",5) =20 def test_Ipsec_Encryption_Decryption(self): """ @@ -328,7 +353,6 @@ class TestInlineIpsec(TestCase): session_receive2.send_expect(sa_gcm, ">>>", 60) session_receive2.send_expect( "pkts=3Dsniff(iface=3D'%s',count=3D2,timeout=3D30)" % self.txI= tf, "", 60) - payload =3D "test for Ipsec Encryption Decryption simultaneously" sa_gcm =3D SecurityAssociation(ESP, spi=3D5, crypt_algo=3D'AES-GCM', @@ -336,24 +3= 60,30 @@ class TestInlineIpsec(TestCase): auth_algo=3D'NULL', auth_key=3DNone, tunnel_header=3DIP(src=3D'172.16.1.5'= , dst=3D'172.16.2.5')) sa_gcm.crypt_algo.icv_size =3D 16 - p =3D IP(src=3D'192.168.105.10', dst=3D'192.168.105.10') p /=3D payload p =3D IP(str(p)) - e1 =3D sa_gcm.encrypt(p) e2 =3D p =20 eth_e1 =3D Ether() / e1 eth_e1.src =3D self.rx_src eth_e1.dst =3D self.tx_dst + eth_e2 =3D Ether() / e2 eth_e2.src =3D self.rx_src eth_e2.dst =3D self.tx_dst - + session_receive3=3Dself.tester.create_session('check_forward_encry= ption_package') + session_receive3.send_expect("tcpdump -Xvvvi %s -c 1" % self.rxItf= , "", 30) + time.sleep(2) sendp(eth_e1, iface=3Dself.rxItf, count=3D2) sendp(eth_e2, iface=3Dself.txItf, count=3D1) time.sleep(30) + rev =3D session_receive3.get_session_before() + print(rev) + p =3D re.compile(': ESP\(spi=3D0x\w+,seq=3D0x\w+\),') + res =3D p.search(rev) + self.verify(res, 'encrypt failed, tcpdump get %s' % rev) session_receive.send_expect( "results=3Dsa_gcm.decrypt(pkts[2]['IP'])", ">>>", 60) out =3D session_receive.send_expect("results", ">>>", 60) -- 2.17.2