* [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config
@ 2019-02-13 0:51 Xinfeng Zhao
2019-02-13 6:02 ` Zhao, XinfengX
2019-02-26 2:35 ` Tu, Lijuan
0 siblings, 2 replies; 4+ messages in thread
From: Xinfeng Zhao @ 2019-02-13 0:51 UTC (permalink / raw)
To: dts; +Cc: Xinfeng Zhao
add tests/TestSuite_ipsec_gw_cryptodev_func.py
add conf/ipsec_test.cfg
Signed-off-by: Xinfeng Zhao <xinfengx.zhao@intel.com>
---
conf/ipsec_test.cfg | 253 +++++++++++
tests/TestSuite_ipsec_gw_cryptodev_func.py | 652 +++++++++++++++++++++++++++++
2 files changed, 905 insertions(+)
create mode 100644 conf/ipsec_test.cfg
create mode 100644 tests/TestSuite_ipsec_gw_cryptodev_func.py
diff --git a/conf/ipsec_test.cfg b/conf/ipsec_test.cfg
new file mode 100644
index 0000000..ea8a55d
--- /dev/null
+++ b/conf/ipsec_test.cfg
@@ -0,0 +1,253 @@
+###########################################################################
+# IPSEC-SECGW Endpoint sample configuration
+#
+# The main purpose of this file is to show how to configure two systems
+# back-to-back that would forward traffic through an IPsec tunnel. This
+# file is the Endpoint 0 configuration. To use this configuration file,
+# add the following command-line option:
+#
+# -f ./ep0.cfg
+#
+###########################################################################
+
+#SP IPv4 rules
+sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 30 pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 45 pri 1 dst 192.168.125.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 46 pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
+
+sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 135 pri 1 dst 192.168.35.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 136 pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535
+
+#SP IPv6 rules
+sp ipv6 out esp protect 5 pri 1 dst 0000:1111:1111:1111:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 6 pri 1 dst 0000:1111:1111:1111:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 10 pri 1 dst 0000:1111:1111:1111:0000:0000:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 11 pri 1 dst 0000:1111:1111:1111:1111:1111:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 25 pri 1 dst 0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 26 pri 1 dst 0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 30 pri 1 dst 0000:1111:1111:1111:9999:9999:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 31 pri 1 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 35 pri 1 dst 0000:1111:1111:1111:7777:7777:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 36 pri 1 dst 0000:1111:1111:1111:8888:8888:0000:0000/96 \
+sport 0:65535 dport 0:65535
+
+sp ipv6 out esp protect 15 pri 1 dst ffff:1111:1111:1111:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 16 pri 1 dst ffff:1111:1111:1111:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 110 pri 1 dst ffff:1111:1111:1111:0000:0000:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 111 pri 1 dst ffff:1111:1111:1111:1111:1111:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 125 pri 1 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 126 pri 1 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 130 pri 1 dst ffff:1111:1111:1111:9999:9999:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 131 pri 1 dst ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+
+#SA rules
+sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 6 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 11 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.5 \
+dst 172.16.2.5
+
+sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \
+src 4444:4444:4444:4444:4444:4444:4444:1111 \
+dst 5555:5555:5555:5555:5555:5555:5555:2222
+
+sa out 25 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 1111:1111:1111:1111:1111:1111:1111:5555 \
+dst 2222:2222:2222:2222:2222:2222:2222:5555
+
+sa out 26 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src 1111:1111:1111:1111:1111:1111:1111:6666 \
+dst 2222:2222:2222:2222:2222:2222:2222:6666
+
+sa out 30 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \
+auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 7777:7777:7777:7777:7777:7777:7777:1111 \
+dst 8888:8888:8888:8888:8888:8888:8888:2222
+
+sa out 31 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode transport
+
+sa out 35 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 36 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \
+auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 45 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 46 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode ipv6-tunnel \
+src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \
+dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222
+
+sa in 105 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 106 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 110 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 111 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.5 \
+dst 172.16.1.5
+
+sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \
+src 5555:5555:5555:5555:5555:5555:5555:2222 \
+dst 4444:4444:4444:4444:4444:4444:4444:1111
+
+sa in 125 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 2222:2222:2222:2222:2222:2222:2222:5555 \
+dst 1111:1111:1111:1111:1111:1111:1111:5555
+
+sa in 126 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src 2222:2222:2222:2222:2222:2222:2222:6666 \
+dst 1111:1111:1111:1111:1111:1111:1111:6666
+
+sa in 130 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \
+auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 8888:8888:8888:8888:8888:8888:8888:2222 \
+dst 7777:7777:7777:7777:7777:7777:7777:1111
+
+sa in 131 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 135 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 136 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \
+auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 145 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 146 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \
+dst aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111
+
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 0
+rt ipv4 dst 172.16.2.6/32 port 0
+rt ipv4 dst 192.168.175.0/24 port 0
+rt ipv4 dst 192.168.176.0/24 port 0
+rt ipv4 dst 192.168.240.0/24 port 0
+rt ipv4 dst 192.168.241.0/24 port 0
+rt ipv4 dst 192.168.115.0/24 port 0
+rt ipv4 dst 192.168.116.0/24 port 0
+rt ipv4 dst 192.168.65.0/24 port 0
+rt ipv4 dst 192.168.66.0/24 port 0
+rt ipv4 dst 192.168.185.0/24 port 0
+rt ipv4 dst 192.168.186.0/24 port 0
+rt ipv4 dst 192.168.210.0/24 port 0
+rt ipv4 dst 192.168.211.0/24 port 0
+rt ipv4 dst 192.168.245.0/24 port 0
+rt ipv4 dst 192.168.246.0/24 port 0
+rt ipv4 dst 192.168.26.0/24 port 0
+rt ipv4 dst 192.168.76.0/24 port 0
+rt ipv4 dst 192.168.35.0/24 port 0
+rt ipv4 dst 192.168.85.0/24 port 0
+rt ipv4 dst 192.168.86.0/24 port 0
+rt ipv4 dst 192.168.135.0/24 port 0
+rt ipv4 dst 192.168.136.0/24 port 0
+
+rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0
+rt ipv6 dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0
+rt ipv6 dst 5555:5555:5555:5555:5555:5555:5555:2222/116 port 0
+rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:5555/116 port 0
+rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:6666/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:8888:8888:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:9999:9999:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0
+
+rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0
diff --git a/tests/TestSuite_ipsec_gw_cryptodev_func.py b/tests/TestSuite_ipsec_gw_cryptodev_func.py
new file mode 100644
index 0000000..dc49577
--- /dev/null
+++ b/tests/TestSuite_ipsec_gw_cryptodev_func.py
@@ -0,0 +1,652 @@
+# BSD LICENSE
+#
+# Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Intel Corporation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+import hmac
+import hashlib
+import binascii
+import time
+import utils
+from test_case import TestCase
+from packet import Packet, save_packets
+
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives.ciphers.aead import AESCCM, AESGCM
+from cryptography.hazmat.backends import default_backend
+
+import cryptodev_common as cc
+
+class TestIPsecGW(TestCase):
+
+ def set_up_all(self):
+
+ self.core_config = "1S/2C/1T"
+ self.number_of_ports = 1
+ self.dut_ports = self.dut.get_ports(self.nic)
+ self.verify(len(self.dut_ports) >= self.number_of_ports,
+ "Not enough ports for " + self.nic)
+ self.ports_socket = self.dut.get_numa_id(self.dut_ports[0])
+
+ self.logger.info("core config = " + self.core_config)
+ self.logger.info("number of ports = " + str(self.number_of_ports))
+ self.logger.info("dut ports = " + str(self.dut_ports))
+ self.logger.info("ports_socket = " + str(self.ports_socket))
+
+ # Generally, testbed should has 4 ports NIC, like,
+ # 03:00.0 03:00.1 03:00.2 03:00.3
+ # This test case will
+ # - physical link is 03:00.0 <-> 03:00.1 and 03:00.2 <-> 03:00.3
+ # - bind 03:00.0 and 03:00.2 to ipsec-secgw app
+ # - send test packet from 03:00.3
+ # - receive packet which forwarded by ipsec-secgw from 03:00.0
+ # - configure port and peer in dts port.cfg
+ self.tx_port = self.tester.get_local_port(self.dut_ports[1])
+ self.rx_port = self.tester.get_local_port(self.dut_ports[0])
+
+ self.tx_interface = self.tester.get_interface(self.tx_port)
+ self.rx_interface = self.tester.get_interface(self.rx_port)
+
+ self.logger.info("tx interface = " + self.tx_interface)
+ self.logger.info("rx interface = " + self.rx_interface)
+
+ self._app_path = "./examples/ipsec-secgw/build/ipsec-secgw"
+ if not cc.is_build_skip(self):
+ cc.build_dpdk_with_cryptodev(self)
+ self.vf_driver = self.get_suite_cfg()['vf_driver']
+ cc.bind_qat_device(self, self.vf_driver)
+
+ self._default_ipsec_gw_opts = {
+ "config": None,
+ "P": "",
+ "p": "0x3",
+ "f": "local_conf/ipsec_test.cfg",
+ "u": "0x1"
+ }
+
+ self._pcap_idx = 0
+ self.pcap_filename = ''
+
+ def set_up(self):
+ pass
+
+ def tear_down(self):
+ self.dut.kill_all()
+
+ def tear_down_all(self):
+ cc.clear_dpdk_config(self)
+
+ def test_qat_aes_128_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_gcm_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_null_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_null_ipv4_tunnel")
+ self.pcap_filename = "test_qat_null_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_gcm_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_gcm_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_null_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_null_ipv6_tunnel")
+ self.pcap_filename = "test_qat_null_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_gcm_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_gcm_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_null_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_null_ipv4_tunnel")
+ self.pcap_filename = "test_sw_null_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_gcm_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_gcm_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_null_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_null_ipv6_tunnel")
+ self.pcap_filename = "test_sw_null_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_gcm_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def _get_ipsec_gw_opt_str(self, override_ipsec_gw_opts={}):
+ return cc.get_opt_str(self, self._default_ipsec_gw_opts,
+ override_ipsec_gw_opts)
+
+ def _execute_ipsec_gw_test(self, ipsec_gw_opt_str):
+ result = True
+ eal_opt_str = cc.get_eal_opt_str(self)
+
+ cmd_str = cc.get_dpdk_app_cmd_str(self._app_path, eal_opt_str, ipsec_gw_opt_str)
+ self.logger.info("IPsec-gw cmd: " + cmd_str)
+ self.dut.send_expect(cmd_str, "IPSEC:", 30)
+ time.sleep(3)
+ inst = self.tester.tcpdump_sniff_packets(self.rx_interface, timeout=25)
+
+ PACKET_COUNT = 65
+ payload = 256 * ['11']
+
+ case_cfgs = self.get_case_cfg()
+ dst_ip = case_cfgs["dst_ip"]
+ src_ip = case_cfgs["src_ip"]
+ expected_dst_ip = case_cfgs["expected_dst_ip"]
+ expected_src_ip = case_cfgs["expected_src_ip"]
+ expected_spi = case_cfgs["expected_spi"]
+ expected_length = case_cfgs["expected_length"]
+ #expected_data = case_cfgs["expected_data"]
+
+ pkt = Packet()
+ if len(dst_ip)<=15:
+ pkt.assign_layers(["ether", "ipv4", "udp", "raw"])
+ pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": "52:00:00:00:00:01"})
+ pkt.config_layer("ipv4", {"src": src_ip, "dst": dst_ip})
+ else:
+ pkt.assign_layers(["ether", "ipv6", "udp", "raw"])
+ pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": "52:00:00:00:00:01"})
+ pkt.config_layer("ipv6", {"src": src_ip, "dst": dst_ip})
+ pkt.config_layer("udp", {"dst": 0})
+ pkt.config_layer("raw", {"payload": payload})
+ pkt.send_pkt(tx_port=self.tx_interface, count=PACKET_COUNT)
+
+ pkt_rec = self.tester.load_tcpdump_sniff_packets(inst)
+
+ pcap_filename = "output/{0}.pcap".format(self.pcap_filename)
+ self.logger.info("Save pkts to {0}".format(pcap_filename))
+ save_packets(pkt_rec, pcap_filename)
+ self._pcap_idx = self._pcap_idx + 1
+
+ if len(pkt_rec) == 0:
+ self.logger.error("IPsec forwarding failed")
+ result = False
+
+ for pkt_r in pkt_rec:
+ pkt_src_ip = pkt_r.pktgen.strip_layer3("src")
+ if pkt_src_ip != expected_src_ip:
+ pkt_r.pktgen.pkt.show()
+ self.logger.error("SRC IP does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_src_ip, expected_src_ip))
+ result = False
+ break
+
+ pkt_dst_ip = pkt_r.pktgen.strip_layer3("dst")
+ self.logger.debug(pkt_dst_ip)
+ if pkt_dst_ip != expected_dst_ip:
+ pkt_r.pktgen.pkt.show()
+ self.logger.error("DST IP does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_dst_ip, expected_dst_ip))
+ result = False
+ break
+
+ packet_hex = pkt_r.pktgen.pkt["ESP"].getfieldval("data")
+ if packet_hex is None:
+ self.logger.error("NO Payload !")
+ result = False
+ break
+ payload_str = binascii.b2a_hex(packet_hex)
+ self.logger.debug(payload_str)
+
+ pkt_spi = hex(pkt_r.pktgen.pkt["ESP"].getfieldval("spi"))
+ self.logger.debug(pkt_spi)
+ if pkt_spi != expected_spi:
+ self.logger.error("SPI does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_spi, expected_spi))
+ result = False
+ break
+
+ pkt_len = len(payload_str)/2
+ self.logger.debug(pkt_len)
+ if pkt_len != int(expected_length):
+ self.logger.error("Packet length does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_len, expected_length))
+ result = False
+ break
+
+ self.dut.kill_all()
+ return result
--
2.7.4
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config
2019-02-13 0:51 [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config Xinfeng Zhao
@ 2019-02-13 6:02 ` Zhao, XinfengX
2019-02-15 6:19 ` Chen, Zhaoyan
2019-02-26 2:35 ` Tu, Lijuan
1 sibling, 1 reply; 4+ messages in thread
From: Zhao, XinfengX @ 2019-02-13 6:02 UTC (permalink / raw)
To: dts
Tested-by : Xinfeng Zhao <xinfengx.zhao@intel.com>
-----Original Message-----
From: Zhao, XinfengX
Sent: Wednesday, February 13, 2019 8:51 AM
To: dts@dpdk.org
Cc: Zhao, XinfengX <xinfengx.zhao@intel.com>
Subject: [dts][PATCH V1] tests: add the cryptodev ipsec-gw test and config
add tests/TestSuite_ipsec_gw_cryptodev_func.py
add conf/ipsec_test.cfg
Signed-off-by: Xinfeng Zhao <xinfengx.zhao@intel.com>
---
conf/ipsec_test.cfg | 253 +++++++++++
tests/TestSuite_ipsec_gw_cryptodev_func.py | 652 +++++++++++++++++++++++++++++
2 files changed, 905 insertions(+)
create mode 100644 conf/ipsec_test.cfg
create mode 100644 tests/TestSuite_ipsec_gw_cryptodev_func.py
diff --git a/conf/ipsec_test.cfg b/conf/ipsec_test.cfg new file mode 100644 index 0000000..ea8a55d
--- /dev/null
+++ b/conf/ipsec_test.cfg
@@ -0,0 +1,253 @@
+###########################################################################
+# IPSEC-SECGW Endpoint sample configuration
+#
+# The main purpose of this file is to show how to configure two systems
+# back-to-back that would forward traffic through an IPsec tunnel. This
+# file is the Endpoint 0 configuration. To use this configuration file,
+# add the following command-line option:
+#
+# -f ./ep0.cfg
+#
+#######################################################################
+####
+
+#SP IPv4 rules
+sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535
+dport 0:65535 sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24
+sport 0:65535 dport 0:65535 sp ipv4 out esp protect 10 pri 1 dst
+192.168.175.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 11
+pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
+protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport
+0:65535 sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport
+0:65535 dport 0:65535 sp ipv4 out esp protect 26 pri 1 dst
+192.168.56.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 30
+pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
+protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport
+0:65535 sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport
+0:65535 dport 0:65535 sp ipv4 out esp protect 45 pri 1 dst
+192.168.125.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 46
+pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
+bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 sp ipv4
+out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
+
+sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535
+dport 0:65535 sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24
+sport 0:65535 dport 0:65535 sp ipv4 in esp protect 110 pri 1 dst
+192.168.185.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 111
+pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
+protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport
+0:65535 sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport
+0:65535 dport 0:65535 sp ipv4 in esp protect 125 pri 1 dst
+192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 125
+pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
+protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport
+0:65535 sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport
+0:65535 dport 0:65535 sp ipv4 in esp protect 135 pri 1 dst
+192.168.35.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 136
+pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
+protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport
+0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535
+dport 0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport
+0:65535 dport 0:65535
+
+#SP IPv6 rules
+sp ipv6 out esp protect 5 pri 1 dst
+0000:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 6 pri 1 dst
+0000:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 10 pri 1 dst
+0000:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 11 pri 1 dst
+0000:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 25 pri 1 dst
+0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 26 pri 1 dst
+0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 30 pri 1 dst
+0000:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 31 pri 1 dst
+0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 35 pri 1 dst
+0000:1111:1111:1111:7777:7777:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 36 pri 1 dst
+0000:1111:1111:1111:8888:8888:0000:0000/96 \ sport 0:65535 dport
+0:65535
+
+sp ipv6 out esp protect 15 pri 1 dst
+ffff:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 16 pri 1 dst
+ffff:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 110 pri 1 dst
+ffff:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 111 pri 1 dst
+ffff:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 125 pri 1 dst
+ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 126 pri 1 dst
+ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 130 pri 1 dst
+ffff:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 131 pri 1 dst
+ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
+0:65535
+
+#SA rules
+sa out 5 cipher_algo aes-128-cbc cipher_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
+172.16.1.5 dst 172.16.2.5
+
+sa out 6 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 10 cipher_algo aes-128-cbc cipher_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 11 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+transport
+
+sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src
+172.16.1.5 \ dst 172.16.2.5
+
+sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \ src
+4444:4444:4444:4444:4444:4444:4444:1111 \ dst
+5555:5555:5555:5555:5555:5555:5555:2222
+
+sa out 25 cipher_algo aes-128-cbc cipher_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
+1111:1111:1111:1111:1111:1111:1111:5555 \ dst
+2222:2222:2222:2222:2222:2222:2222:5555
+
+sa out 26 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv6-tunnel \ src 1111:1111:1111:1111:1111:1111:1111:6666 \ dst
+2222:2222:2222:2222:2222:2222:2222:6666
+
+sa out 30 cipher_algo aes-256-cbc cipher_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
+:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
+7777:7777:7777:7777:7777:7777:7777:1111 \ dst
+8888:8888:8888:8888:8888:8888:8888:2222
+
+sa out 31 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
+transport
+
+sa out 35 cipher_algo aes-256-cbc cipher_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 36 cipher_algo aes-256-cbc cipher_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac
+auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 45 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 46 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
+ipv6-tunnel \ src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \ dst
+bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222
+
+sa in 105 cipher_algo aes-128-cbc cipher_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
+172.16.2.5 dst 172.16.1.5
+
+sa in 106 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 110 cipher_algo aes-128-cbc cipher_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 111 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+transport
+
+sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src
+172.16.2.5 \ dst 172.16.1.5
+
+sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \ src
+5555:5555:5555:5555:5555:5555:5555:2222 \ dst
+4444:4444:4444:4444:4444:4444:4444:1111
+
+sa in 125 cipher_algo aes-128-cbc cipher_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
+2222:2222:2222:2222:2222:2222:2222:5555 \ dst
+1111:1111:1111:1111:1111:1111:1111:5555
+
+sa in 126 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv6-tunnel \ src 2222:2222:2222:2222:2222:2222:2222:6666 \ dst
+1111:1111:1111:1111:1111:1111:1111:6666
+
+sa in 130 cipher_algo aes-256-cbc cipher_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
+:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
+8888:8888:8888:8888:8888:8888:8888:2222 \ dst
+7777:7777:7777:7777:7777:7777:7777:1111
+
+sa in 131 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+transport
+
+sa in 135 cipher_algo aes-256-cbc cipher_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 136 cipher_algo aes-256-cbc cipher_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1
+:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac auth_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode
+transport
+
+sa in 145 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 146 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv6-tunnel \ src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \ dst
+aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111
+
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 0
+rt ipv4 dst 172.16.2.6/32 port 0
+rt ipv4 dst 192.168.175.0/24 port 0
+rt ipv4 dst 192.168.176.0/24 port 0
+rt ipv4 dst 192.168.240.0/24 port 0
+rt ipv4 dst 192.168.241.0/24 port 0
+rt ipv4 dst 192.168.115.0/24 port 0
+rt ipv4 dst 192.168.116.0/24 port 0
+rt ipv4 dst 192.168.65.0/24 port 0
+rt ipv4 dst 192.168.66.0/24 port 0
+rt ipv4 dst 192.168.185.0/24 port 0
+rt ipv4 dst 192.168.186.0/24 port 0
+rt ipv4 dst 192.168.210.0/24 port 0
+rt ipv4 dst 192.168.211.0/24 port 0
+rt ipv4 dst 192.168.245.0/24 port 0
+rt ipv4 dst 192.168.246.0/24 port 0
+rt ipv4 dst 192.168.26.0/24 port 0
+rt ipv4 dst 192.168.76.0/24 port 0
+rt ipv4 dst 192.168.35.0/24 port 0
+rt ipv4 dst 192.168.85.0/24 port 0
+rt ipv4 dst 192.168.86.0/24 port 0
+rt ipv4 dst 192.168.135.0/24 port 0
+rt ipv4 dst 192.168.136.0/24 port 0
+
+rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0 rt ipv6
+dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0 rt ipv6 dst
+5555:5555:5555:5555:5555:5555:5555:2222/116 port 0 rt ipv6 dst
+2222:2222:2222:2222:2222:2222:2222:5555/116 port 0 rt ipv6 dst
+2222:2222:2222:2222:2222:2222:2222:6666/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:8888:8888:0000:1111/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:9999:9999:0000:0000/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:0000:0000:0000:1111/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:1111:1111:0000:1111/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:1111:1111:0000:0000/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0
+
+rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0 rt ipv6
+dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0 rt ipv6 dst
+ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0 rt ipv6 dst
+ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0 rt ipv6 dst
+ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
+ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0
diff --git a/tests/TestSuite_ipsec_gw_cryptodev_func.py b/tests/TestSuite_ipsec_gw_cryptodev_func.py
new file mode 100644
index 0000000..dc49577
--- /dev/null
+++ b/tests/TestSuite_ipsec_gw_cryptodev_func.py
@@ -0,0 +1,652 @@
+# BSD LICENSE
+#
+# Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without #
+modification, are permitted provided that the following conditions #
+are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Intel Corporation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS #
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR #
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT #
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, #
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, #
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY #
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE #
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+import hmac
+import hashlib
+import binascii
+import time
+import utils
+from test_case import TestCase
+from packet import Packet, save_packets
+
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms,
+modes from cryptography.hazmat.primitives.ciphers.aead import AESCCM,
+AESGCM from cryptography.hazmat.backends import default_backend
+
+import cryptodev_common as cc
+
+class TestIPsecGW(TestCase):
+
+ def set_up_all(self):
+
+ self.core_config = "1S/2C/1T"
+ self.number_of_ports = 1
+ self.dut_ports = self.dut.get_ports(self.nic)
+ self.verify(len(self.dut_ports) >= self.number_of_ports,
+ "Not enough ports for " + self.nic)
+ self.ports_socket = self.dut.get_numa_id(self.dut_ports[0])
+
+ self.logger.info("core config = " + self.core_config)
+ self.logger.info("number of ports = " + str(self.number_of_ports))
+ self.logger.info("dut ports = " + str(self.dut_ports))
+ self.logger.info("ports_socket = " + str(self.ports_socket))
+
+ # Generally, testbed should has 4 ports NIC, like,
+ # 03:00.0 03:00.1 03:00.2 03:00.3
+ # This test case will
+ # - physical link is 03:00.0 <-> 03:00.1 and 03:00.2 <-> 03:00.3
+ # - bind 03:00.0 and 03:00.2 to ipsec-secgw app
+ # - send test packet from 03:00.3
+ # - receive packet which forwarded by ipsec-secgw from 03:00.0
+ # - configure port and peer in dts port.cfg
+ self.tx_port = self.tester.get_local_port(self.dut_ports[1])
+ self.rx_port = self.tester.get_local_port(self.dut_ports[0])
+
+ self.tx_interface = self.tester.get_interface(self.tx_port)
+ self.rx_interface = self.tester.get_interface(self.rx_port)
+
+ self.logger.info("tx interface = " + self.tx_interface)
+ self.logger.info("rx interface = " + self.rx_interface)
+
+ self._app_path = "./examples/ipsec-secgw/build/ipsec-secgw"
+ if not cc.is_build_skip(self):
+ cc.build_dpdk_with_cryptodev(self)
+ self.vf_driver = self.get_suite_cfg()['vf_driver']
+ cc.bind_qat_device(self, self.vf_driver)
+
+ self._default_ipsec_gw_opts = {
+ "config": None,
+ "P": "",
+ "p": "0x3",
+ "f": "local_conf/ipsec_test.cfg",
+ "u": "0x1"
+ }
+
+ self._pcap_idx = 0
+ self.pcap_filename = ''
+
+ def set_up(self):
+ pass
+
+ def tear_down(self):
+ self.dut.kill_all()
+
+ def tear_down_all(self):
+ cc.clear_dpdk_config(self)
+
+ def test_qat_aes_128_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_gcm_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_null_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_null_ipv4_tunnel")
+ self.pcap_filename = "test_qat_null_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_gcm_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_gcm_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_null_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_null_ipv6_tunnel")
+ self.pcap_filename = "test_qat_null_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_gcm_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_gcm_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_null_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_null_ipv4_tunnel")
+ self.pcap_filename = "test_sw_null_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_gcm_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_gcm_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_null_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_null_ipv6_tunnel")
+ self.pcap_filename = "test_sw_null_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_gcm_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def _get_ipsec_gw_opt_str(self, override_ipsec_gw_opts={}):
+ return cc.get_opt_str(self, self._default_ipsec_gw_opts,
+ override_ipsec_gw_opts)
+
+ def _execute_ipsec_gw_test(self, ipsec_gw_opt_str):
+ result = True
+ eal_opt_str = cc.get_eal_opt_str(self)
+
+ cmd_str = cc.get_dpdk_app_cmd_str(self._app_path, eal_opt_str, ipsec_gw_opt_str)
+ self.logger.info("IPsec-gw cmd: " + cmd_str)
+ self.dut.send_expect(cmd_str, "IPSEC:", 30)
+ time.sleep(3)
+ inst = self.tester.tcpdump_sniff_packets(self.rx_interface,
+ timeout=25)
+
+ PACKET_COUNT = 65
+ payload = 256 * ['11']
+
+ case_cfgs = self.get_case_cfg()
+ dst_ip = case_cfgs["dst_ip"]
+ src_ip = case_cfgs["src_ip"]
+ expected_dst_ip = case_cfgs["expected_dst_ip"]
+ expected_src_ip = case_cfgs["expected_src_ip"]
+ expected_spi = case_cfgs["expected_spi"]
+ expected_length = case_cfgs["expected_length"]
+ #expected_data = case_cfgs["expected_data"]
+
+ pkt = Packet()
+ if len(dst_ip)<=15:
+ pkt.assign_layers(["ether", "ipv4", "udp", "raw"])
+ pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": "52:00:00:00:00:01"})
+ pkt.config_layer("ipv4", {"src": src_ip, "dst": dst_ip})
+ else:
+ pkt.assign_layers(["ether", "ipv6", "udp", "raw"])
+ pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": "52:00:00:00:00:01"})
+ pkt.config_layer("ipv6", {"src": src_ip, "dst": dst_ip})
+ pkt.config_layer("udp", {"dst": 0})
+ pkt.config_layer("raw", {"payload": payload})
+ pkt.send_pkt(tx_port=self.tx_interface, count=PACKET_COUNT)
+
+ pkt_rec = self.tester.load_tcpdump_sniff_packets(inst)
+
+ pcap_filename = "output/{0}.pcap".format(self.pcap_filename)
+ self.logger.info("Save pkts to {0}".format(pcap_filename))
+ save_packets(pkt_rec, pcap_filename)
+ self._pcap_idx = self._pcap_idx + 1
+
+ if len(pkt_rec) == 0:
+ self.logger.error("IPsec forwarding failed")
+ result = False
+
+ for pkt_r in pkt_rec:
+ pkt_src_ip = pkt_r.pktgen.strip_layer3("src")
+ if pkt_src_ip != expected_src_ip:
+ pkt_r.pktgen.pkt.show()
+ self.logger.error("SRC IP does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_src_ip, expected_src_ip))
+ result = False
+ break
+
+ pkt_dst_ip = pkt_r.pktgen.strip_layer3("dst")
+ self.logger.debug(pkt_dst_ip)
+ if pkt_dst_ip != expected_dst_ip:
+ pkt_r.pktgen.pkt.show()
+ self.logger.error("DST IP does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_dst_ip, expected_dst_ip))
+ result = False
+ break
+
+ packet_hex = pkt_r.pktgen.pkt["ESP"].getfieldval("data")
+ if packet_hex is None:
+ self.logger.error("NO Payload !")
+ result = False
+ break
+ payload_str = binascii.b2a_hex(packet_hex)
+ self.logger.debug(payload_str)
+
+ pkt_spi = hex(pkt_r.pktgen.pkt["ESP"].getfieldval("spi"))
+ self.logger.debug(pkt_spi)
+ if pkt_spi != expected_spi:
+ self.logger.error("SPI does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_spi, expected_spi))
+ result = False
+ break
+
+ pkt_len = len(payload_str)/2
+ self.logger.debug(pkt_len)
+ if pkt_len != int(expected_length):
+ self.logger.error("Packet length does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_len, expected_length))
+ result = False
+ break
+
+ self.dut.kill_all()
+ return result
--
2.7.4
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config
2019-02-13 6:02 ` Zhao, XinfengX
@ 2019-02-15 6:19 ` Chen, Zhaoyan
0 siblings, 0 replies; 4+ messages in thread
From: Chen, Zhaoyan @ 2019-02-15 6:19 UTC (permalink / raw)
To: Zhao, XinfengX, dts; +Cc: Tu, Lijuan, Chen, Zhaoyan
Acked-by: Zhaoyan Chen <zhaoyan.chen@intel.com>
Regards,
Zhaoyan Chen
> -----Original Message-----
> From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of Zhao, XinfengX
> Sent: Wednesday, February 13, 2019 2:03 PM
> To: dts@dpdk.org
> Subject: Re: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config
>
> Tested-by : Xinfeng Zhao <xinfengx.zhao@intel.com>
>
> -----Original Message-----
> From: Zhao, XinfengX
> Sent: Wednesday, February 13, 2019 8:51 AM
> To: dts@dpdk.org
> Cc: Zhao, XinfengX <xinfengx.zhao@intel.com>
> Subject: [dts][PATCH V1] tests: add the cryptodev ipsec-gw test and config
>
> add tests/TestSuite_ipsec_gw_cryptodev_func.py
> add conf/ipsec_test.cfg
>
> Signed-off-by: Xinfeng Zhao <xinfengx.zhao@intel.com>
> ---
> conf/ipsec_test.cfg | 253 +++++++++++
> tests/TestSuite_ipsec_gw_cryptodev_func.py | 652
> +++++++++++++++++++++++++++++
> 2 files changed, 905 insertions(+)
> create mode 100644 conf/ipsec_test.cfg
> create mode 100644 tests/TestSuite_ipsec_gw_cryptodev_func.py
>
> diff --git a/conf/ipsec_test.cfg b/conf/ipsec_test.cfg new file mode 100644 index
> 0000000..ea8a55d
> --- /dev/null
> +++ b/conf/ipsec_test.cfg
> @@ -0,0 +1,253 @@
> +##########################################################
> #################
> +# IPSEC-SECGW Endpoint sample configuration
> +#
> +# The main purpose of this file is to show how to configure two systems
> +# back-to-back that would forward traffic through an IPsec tunnel. This
> +# file is the Endpoint 0 configuration. To use this configuration file,
> +# add the following command-line option:
> +#
> +# -f ./ep0.cfg
> +#
> +##########################################################
> #############
> +####
> +
> +#SP IPv4 rules
> +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535
> +dport 0:65535 sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24
> +sport 0:65535 dport 0:65535 sp ipv4 out esp protect 10 pri 1 dst
> +192.168.175.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 11
> +pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
> +protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 out esp protect 26 pri 1 dst
> +192.168.56.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 30
> +pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
> +protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 out esp protect 45 pri 1 dst
> +192.168.125.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 46
> +pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
> +bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 sp ipv4
> +out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
> +
> +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535
> +dport 0:65535 sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24
> +sport 0:65535 dport 0:65535 sp ipv4 in esp protect 110 pri 1 dst
> +192.168.185.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 111
> +pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
> +protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 in esp protect 125 pri 1 dst
> +192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 125
> +pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
> +protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 in esp protect 135 pri 1 dst
> +192.168.35.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 136
> +pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
> +protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535
> +dport 0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport
> +0:65535 dport 0:65535
> +
> +#SP IPv6 rules
> +sp ipv6 out esp protect 5 pri 1 dst
> +0000:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 6 pri 1 dst
> +0000:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 10 pri 1 dst
> +0000:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 11 pri 1 dst
> +0000:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 25 pri 1 dst
> +0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 26 pri 1 dst
> +0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 30 pri 1 dst
> +0000:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 31 pri 1 dst
> +0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 35 pri 1 dst
> +0000:1111:1111:1111:7777:7777:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 36 pri 1 dst
> +0000:1111:1111:1111:8888:8888:0000:0000/96 \ sport 0:65535 dport
> +0:65535
> +
> +sp ipv6 out esp protect 15 pri 1 dst
> +ffff:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 16 pri 1 dst
> +ffff:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 110 pri 1 dst
> +ffff:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 111 pri 1 dst
> +ffff:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 125 pri 1 dst
> +ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 126 pri 1 dst
> +ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 130 pri 1 dst
> +ffff:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 131 pri 1 dst
> +ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535
> +
> +#SA rules
> +sa out 5 cipher_algo aes-128-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
> +172.16.1.5 dst 172.16.2.5
> +
> +sa out 6 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
> +
> +sa out 10 cipher_algo aes-128-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
> +
> +sa out 11 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +transport
> +
> +sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src
> +172.16.1.5 \ dst 172.16.2.5
> +
> +sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \ src
> +4444:4444:4444:4444:4444:4444:4444:1111 \ dst
> +5555:5555:5555:5555:5555:5555:5555:2222
> +
> +sa out 25 cipher_algo aes-128-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +1111:1111:1111:1111:1111:1111:1111:5555 \ dst
> +2222:2222:2222:2222:2222:2222:2222:5555
> +
> +sa out 26 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv6-tunnel \ src 1111:1111:1111:1111:1111:1111:1111:6666 \ dst
> +2222:2222:2222:2222:2222:2222:2222:6666
> +
> +sa out 30 cipher_algo aes-256-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
> +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +7777:7777:7777:7777:7777:7777:7777:1111 \ dst
> +8888:8888:8888:8888:8888:8888:8888:2222
> +
> +sa out 31 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
> +transport
> +
> +sa out 35 cipher_algo aes-256-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
> +
> +sa out 36 cipher_algo aes-256-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac
> +auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
> +
> +sa out 45 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
> +
> +sa out 46 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
> +ipv6-tunnel \ src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \ dst
> +bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222
> +
> +sa in 105 cipher_algo aes-128-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
> +172.16.2.5 dst 172.16.1.5
> +
> +sa in 106 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
> +
> +sa in 110 cipher_algo aes-128-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
> +
> +sa in 111 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +transport
> +
> +sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src
> +172.16.2.5 \ dst 172.16.1.5
> +
> +sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \ src
> +5555:5555:5555:5555:5555:5555:5555:2222 \ dst
> +4444:4444:4444:4444:4444:4444:4444:1111
> +
> +sa in 125 cipher_algo aes-128-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +2222:2222:2222:2222:2222:2222:2222:5555 \ dst
> +1111:1111:1111:1111:1111:1111:1111:5555
> +
> +sa in 126 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv6-tunnel \ src 2222:2222:2222:2222:2222:2222:2222:6666 \ dst
> +1111:1111:1111:1111:1111:1111:1111:6666
> +
> +sa in 130 cipher_algo aes-256-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
> +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +8888:8888:8888:8888:8888:8888:8888:2222 \ dst
> +7777:7777:7777:7777:7777:7777:7777:1111
> +
> +sa in 131 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +transport
> +
> +sa in 135 cipher_algo aes-256-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
> +
> +sa in 136 cipher_algo aes-256-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1
> +:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac auth_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode
> +transport
> +
> +sa in 145 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
> +
> +sa in 146 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv6-tunnel \ src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \ dst
> +aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111
> +
> +
> +#Routing rules
> +rt ipv4 dst 172.16.2.5/32 port 0
> +rt ipv4 dst 172.16.2.6/32 port 0
> +rt ipv4 dst 192.168.175.0/24 port 0
> +rt ipv4 dst 192.168.176.0/24 port 0
> +rt ipv4 dst 192.168.240.0/24 port 0
> +rt ipv4 dst 192.168.241.0/24 port 0
> +rt ipv4 dst 192.168.115.0/24 port 0
> +rt ipv4 dst 192.168.116.0/24 port 0
> +rt ipv4 dst 192.168.65.0/24 port 0
> +rt ipv4 dst 192.168.66.0/24 port 0
> +rt ipv4 dst 192.168.185.0/24 port 0
> +rt ipv4 dst 192.168.186.0/24 port 0
> +rt ipv4 dst 192.168.210.0/24 port 0
> +rt ipv4 dst 192.168.211.0/24 port 0
> +rt ipv4 dst 192.168.245.0/24 port 0
> +rt ipv4 dst 192.168.246.0/24 port 0
> +rt ipv4 dst 192.168.26.0/24 port 0
> +rt ipv4 dst 192.168.76.0/24 port 0
> +rt ipv4 dst 192.168.35.0/24 port 0
> +rt ipv4 dst 192.168.85.0/24 port 0
> +rt ipv4 dst 192.168.86.0/24 port 0
> +rt ipv4 dst 192.168.135.0/24 port 0
> +rt ipv4 dst 192.168.136.0/24 port 0
> +
> +rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0 rt ipv6
> +dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0 rt ipv6 dst
> +5555:5555:5555:5555:5555:5555:5555:2222/116 port 0 rt ipv6 dst
> +2222:2222:2222:2222:2222:2222:2222:5555/116 port 0 rt ipv6 dst
> +2222:2222:2222:2222:2222:2222:2222:6666/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:8888:8888:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:9999:9999:0000:0000/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:0000:0000:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:1111:1111:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:1111:1111:0000:0000/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0
> +
> +rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0 rt ipv6
> +dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0
> diff --git a/tests/TestSuite_ipsec_gw_cryptodev_func.py
> b/tests/TestSuite_ipsec_gw_cryptodev_func.py
> new file mode 100644
> index 0000000..dc49577
> --- /dev/null
> +++ b/tests/TestSuite_ipsec_gw_cryptodev_func.py
> @@ -0,0 +1,652 @@
> +# BSD LICENSE
> +#
> +# Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
> +# All rights reserved.
> +#
> +# Redistribution and use in source and binary forms, with or without #
> +modification, are permitted provided that the following conditions #
> +are met:
> +#
> +# * Redistributions of source code must retain the above copyright
> +# notice, this list of conditions and the following disclaimer.
> +# * Redistributions in binary form must reproduce the above copyright
> +# notice, this list of conditions and the following disclaimer in
> +# the documentation and/or other materials provided with the
> +# distribution.
> +# * Neither the name of Intel Corporation nor the names of its
> +# contributors may be used to endorse or promote products derived
> +# from this software without specific prior written permission.
> +#
> +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
> CONTRIBUTORS #
> +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #
> +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
> FOR #
> +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> #
> +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> #
> +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #
> +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> #
> +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
> ANY #
> +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #
> +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> #
> +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> +
> +import hmac
> +import hashlib
> +import binascii
> +import time
> +import utils
> +from test_case import TestCase
> +from packet import Packet, save_packets
> +
> +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms,
> +modes from cryptography.hazmat.primitives.ciphers.aead import AESCCM,
> +AESGCM from cryptography.hazmat.backends import default_backend
> +
> +import cryptodev_common as cc
> +
> +class TestIPsecGW(TestCase):
> +
> + def set_up_all(self):
> +
> + self.core_config = "1S/2C/1T"
> + self.number_of_ports = 1
> + self.dut_ports = self.dut.get_ports(self.nic)
> + self.verify(len(self.dut_ports) >= self.number_of_ports,
> + "Not enough ports for " + self.nic)
> + self.ports_socket = self.dut.get_numa_id(self.dut_ports[0])
> +
> + self.logger.info("core config = " + self.core_config)
> + self.logger.info("number of ports = " + str(self.number_of_ports))
> + self.logger.info("dut ports = " + str(self.dut_ports))
> + self.logger.info("ports_socket = " + str(self.ports_socket))
> +
> + # Generally, testbed should has 4 ports NIC, like,
> + # 03:00.0 03:00.1 03:00.2 03:00.3
> + # This test case will
> + # - physical link is 03:00.0 <-> 03:00.1 and 03:00.2 <-> 03:00.3
> + # - bind 03:00.0 and 03:00.2 to ipsec-secgw app
> + # - send test packet from 03:00.3
> + # - receive packet which forwarded by ipsec-secgw from 03:00.0
> + # - configure port and peer in dts port.cfg
> + self.tx_port = self.tester.get_local_port(self.dut_ports[1])
> + self.rx_port = self.tester.get_local_port(self.dut_ports[0])
> +
> + self.tx_interface = self.tester.get_interface(self.tx_port)
> + self.rx_interface = self.tester.get_interface(self.rx_port)
> +
> + self.logger.info("tx interface = " + self.tx_interface)
> + self.logger.info("rx interface = " + self.rx_interface)
> +
> + self._app_path = "./examples/ipsec-secgw/build/ipsec-secgw"
> + if not cc.is_build_skip(self):
> + cc.build_dpdk_with_cryptodev(self)
> + self.vf_driver = self.get_suite_cfg()['vf_driver']
> + cc.bind_qat_device(self, self.vf_driver)
> +
> + self._default_ipsec_gw_opts = {
> + "config": None,
> + "P": "",
> + "p": "0x3",
> + "f": "local_conf/ipsec_test.cfg",
> + "u": "0x1"
> + }
> +
> + self._pcap_idx = 0
> + self.pcap_filename = ''
> +
> + def set_up(self):
> + pass
> +
> + def tear_down(self):
> + self.dut.kill_all()
> +
> + def tear_down_all(self):
> + cc.clear_dpdk_config(self)
> +
> + def test_qat_aes_128_cbc_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_cbc_ipv4_tunnel")
> + self.pcap_filename = "test_qat_aes_128_cbc_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_256_cbc_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_256_cbc_ipv4_tunnel")
> + self.pcap_filename = "test_qat_aes_256_cbc_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_gcm_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_gcm_ipv4_tunnel")
> + self.pcap_filename = "test_qat_aes_gcm_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_ctr_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_ctr_ipv4_tunnel")
> + self.pcap_filename = "test_qat_aes_128_ctr_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_ctr_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_ctr_ipv6_tunnel")
> + self.pcap_filename = "test_qat_aes_128_ctr_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_ctr_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_ctr_ipv4_transport")
> + self.pcap_filename = "test_qat_aes_128_ctr_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_ctr_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_ctr_ipv6_transport")
> + self.pcap_filename = "test_qat_aes_128_ctr_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_null_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_null_ipv4_tunnel")
> + self.pcap_filename = "test_qat_null_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_cbc_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_cbc_ipv4_transport")
> + self.pcap_filename = "test_qat_aes_128_cbc_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_256_cbc_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_256_cbc_ipv4_transport")
> + self.pcap_filename = "test_qat_aes_256_cbc_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_gcm_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_gcm_ipv4_transport")
> + self.pcap_filename = "test_qat_aes_gcm_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_cbc_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_cbc_ipv6_tunnel")
> + self.pcap_filename = "test_qat_aes_128_cbc_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_256_cbc_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_256_cbc_ipv6_tunnel")
> + self.pcap_filename = "test_qat_aes_256_cbc_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_gcm_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_gcm_ipv6_tunnel")
> + self.pcap_filename = "test_qat_aes_gcm_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_null_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_null_ipv6_tunnel")
> + self.pcap_filename = "test_qat_null_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_cbc_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_cbc_ipv6_transport")
> + self.pcap_filename = "test_qat_aes_128_cbc_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_256_cbc_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_256_cbc_ipv6_transport")
> + self.pcap_filename = "test_qat_aes_256_cbc_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_gcm_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_gcm_ipv6_transport")
> + self.pcap_filename = "test_qat_aes_gcm_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_cbc_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_cbc_ipv4_tunnel")
> + self.pcap_filename = "test_sw_aes_128_cbc_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_256_cbc_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_256_cbc_ipv4_tunnel")
> + self.pcap_filename = "test_sw_aes_256_cbc_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_gcm_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_gcm_ipv4_tunnel")
> + self.pcap_filename = "test_sw_aes_gcm_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_null_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_null_ipv4_tunnel")
> + self.pcap_filename = "test_sw_null_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_cbc_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_cbc_ipv4_transport")
> + self.pcap_filename = "test_sw_aes_128_cbc_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_256_cbc_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_256_cbc_ipv4_transport")
> + self.pcap_filename = "test_sw_aes_256_cbc_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_gcm_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_gcm_ipv4_transport")
> + self.pcap_filename = "test_sw_aes_gcm_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_cbc_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_cbc_ipv6_tunnel")
> + self.pcap_filename = "test_sw_aes_128_cbc_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_256_cbc_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_256_cbc_ipv6_tunnel")
> + self.pcap_filename = "test_sw_aes_256_cbc_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_gcm_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_gcm_ipv6_tunnel")
> + self.pcap_filename = "test_sw_aes_gcm_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_null_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_null_ipv6_tunnel")
> + self.pcap_filename = "test_sw_null_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_cbc_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_cbc_ipv6_transport")
> + self.pcap_filename = "test_sw_aes_128_cbc_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_256_cbc_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_256_cbc_ipv6_transport")
> + self.pcap_filename = "test_sw_aes_256_cbc_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_gcm_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_gcm_ipv6_transport")
> + self.pcap_filename = "test_sw_aes_gcm_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_ctr_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_ctr_ipv4_tunnel")
> + self.pcap_filename = "test_sw_aes_128_ctr_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_ctr_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_ctr_ipv6_tunnel")
> + self.pcap_filename = "test_sw_aes_128_ctr_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_ctr_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_ctr_ipv4_transport")
> + self.pcap_filename = "test_sw_aes_128_ctr_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_ctr_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_ctr_ipv6_transport")
> + self.pcap_filename = "test_sw_aes_128_ctr_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def _get_ipsec_gw_opt_str(self, override_ipsec_gw_opts={}):
> + return cc.get_opt_str(self, self._default_ipsec_gw_opts,
> + override_ipsec_gw_opts)
> +
> + def _execute_ipsec_gw_test(self, ipsec_gw_opt_str):
> + result = True
> + eal_opt_str = cc.get_eal_opt_str(self)
> +
> + cmd_str = cc.get_dpdk_app_cmd_str(self._app_path, eal_opt_str,
> ipsec_gw_opt_str)
> + self.logger.info("IPsec-gw cmd: " + cmd_str)
> + self.dut.send_expect(cmd_str, "IPSEC:", 30)
> + time.sleep(3)
> + inst = self.tester.tcpdump_sniff_packets(self.rx_interface,
> + timeout=25)
> +
> + PACKET_COUNT = 65
> + payload = 256 * ['11']
> +
> + case_cfgs = self.get_case_cfg()
> + dst_ip = case_cfgs["dst_ip"]
> + src_ip = case_cfgs["src_ip"]
> + expected_dst_ip = case_cfgs["expected_dst_ip"]
> + expected_src_ip = case_cfgs["expected_src_ip"]
> + expected_spi = case_cfgs["expected_spi"]
> + expected_length = case_cfgs["expected_length"]
> + #expected_data = case_cfgs["expected_data"]
> +
> + pkt = Packet()
> + if len(dst_ip)<=15:
> + pkt.assign_layers(["ether", "ipv4", "udp", "raw"])
> + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst":
> "52:00:00:00:00:01"})
> + pkt.config_layer("ipv4", {"src": src_ip, "dst": dst_ip})
> + else:
> + pkt.assign_layers(["ether", "ipv6", "udp", "raw"])
> + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst":
> "52:00:00:00:00:01"})
> + pkt.config_layer("ipv6", {"src": src_ip, "dst": dst_ip})
> + pkt.config_layer("udp", {"dst": 0})
> + pkt.config_layer("raw", {"payload": payload})
> + pkt.send_pkt(tx_port=self.tx_interface, count=PACKET_COUNT)
> +
> + pkt_rec = self.tester.load_tcpdump_sniff_packets(inst)
> +
> + pcap_filename = "output/{0}.pcap".format(self.pcap_filename)
> + self.logger.info("Save pkts to {0}".format(pcap_filename))
> + save_packets(pkt_rec, pcap_filename)
> + self._pcap_idx = self._pcap_idx + 1
> +
> + if len(pkt_rec) == 0:
> + self.logger.error("IPsec forwarding failed")
> + result = False
> +
> + for pkt_r in pkt_rec:
> + pkt_src_ip = pkt_r.pktgen.strip_layer3("src")
> + if pkt_src_ip != expected_src_ip:
> + pkt_r.pktgen.pkt.show()
> + self.logger.error("SRC IP does not match. Pkt:{0}, Expected:{1}".format(
> + pkt_src_ip, expected_src_ip))
> + result = False
> + break
> +
> + pkt_dst_ip = pkt_r.pktgen.strip_layer3("dst")
> + self.logger.debug(pkt_dst_ip)
> + if pkt_dst_ip != expected_dst_ip:
> + pkt_r.pktgen.pkt.show()
> + self.logger.error("DST IP does not match. Pkt:{0}, Expected:{1}".format(
> + pkt_dst_ip, expected_dst_ip))
> + result = False
> + break
> +
> + packet_hex = pkt_r.pktgen.pkt["ESP"].getfieldval("data")
> + if packet_hex is None:
> + self.logger.error("NO Payload !")
> + result = False
> + break
> + payload_str = binascii.b2a_hex(packet_hex)
> + self.logger.debug(payload_str)
> +
> + pkt_spi = hex(pkt_r.pktgen.pkt["ESP"].getfieldval("spi"))
> + self.logger.debug(pkt_spi)
> + if pkt_spi != expected_spi:
> + self.logger.error("SPI does not match. Pkt:{0}, Expected:{1}".format(
> + pkt_spi, expected_spi))
> + result = False
> + break
> +
> + pkt_len = len(payload_str)/2
> + self.logger.debug(pkt_len)
> + if pkt_len != int(expected_length):
> + self.logger.error("Packet length does not match. Pkt:{0},
> Expected:{1}".format(
> + pkt_len, expected_length))
> + result = False
> + break
> +
> + self.dut.kill_all()
> + return result
> --
> 2.7.4
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config
2019-02-13 0:51 [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config Xinfeng Zhao
2019-02-13 6:02 ` Zhao, XinfengX
@ 2019-02-26 2:35 ` Tu, Lijuan
1 sibling, 0 replies; 4+ messages in thread
From: Tu, Lijuan @ 2019-02-26 2:35 UTC (permalink / raw)
To: Zhao, XinfengX, dts; +Cc: Zhao, XinfengX
Applied, thanks
> -----Original Message-----
> From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of Xinfeng Zhao
> Sent: Wednesday, February 13, 2019 8:51 AM
> To: dts@dpdk.org
> Cc: Zhao, XinfengX <xinfengx.zhao@intel.com>
> Subject: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config
>
> add tests/TestSuite_ipsec_gw_cryptodev_func.py
> add conf/ipsec_test.cfg
>
> Signed-off-by: Xinfeng Zhao <xinfengx.zhao@intel.com>
> ---
> conf/ipsec_test.cfg | 253 +++++++++++
> tests/TestSuite_ipsec_gw_cryptodev_func.py | 652
> +++++++++++++++++++++++++++++
> 2 files changed, 905 insertions(+)
> create mode 100644 conf/ipsec_test.cfg
> create mode 100644 tests/TestSuite_ipsec_gw_cryptodev_func.py
>
> diff --git a/conf/ipsec_test.cfg b/conf/ipsec_test.cfg new file mode 100644
> index 0000000..ea8a55d
> --- /dev/null
> +++ b/conf/ipsec_test.cfg
> @@ -0,0 +1,253 @@
> +################################################################
> ###########
> +# IPSEC-SECGW Endpoint sample configuration
> +#
> +# The main purpose of this file is to show how to configure two systems
> +# back-to-back that would forward traffic through an IPsec tunnel. This
> +# file is the Endpoint 0 configuration. To use this configuration file,
> +# add the following command-line option:
> +#
> +# -f ./ep0.cfg
> +#
> +################################################################
> #######
> +####
> +
> +#SP IPv4 rules
> +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535
> +dport 0:65535 sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24
> +sport 0:65535 dport 0:65535 sp ipv4 out esp protect 10 pri 1 dst
> +192.168.175.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 11
> +pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
> +protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 out esp protect 26 pri 1 dst
> +192.168.56.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 30
> +pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
> +protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 out esp protect 45 pri 1 dst
> +192.168.125.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 46
> +pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
> +bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 sp ipv4
> +out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
> +
> +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535
> +dport 0:65535 sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24
> +sport 0:65535 dport 0:65535 sp ipv4 in esp protect 110 pri 1 dst
> +192.168.185.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 111
> +pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
> +protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 in esp protect 125 pri 1 dst
> +192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 125
> +pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
> +protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 in esp protect 135 pri 1 dst
> +192.168.35.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 136
> +pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
> +protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535
> +dport 0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport
> +0:65535 dport 0:65535
> +
> +#SP IPv6 rules
> +sp ipv6 out esp protect 5 pri 1 dst
> +0000:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 6 pri 1 dst
> +0000:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 10 pri 1 dst
> +0000:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 11 pri 1 dst
> +0000:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 25 pri 1 dst
> +0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 26 pri 1 dst
> +0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 30 pri 1 dst
> +0000:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 31 pri 1 dst
> +0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 35 pri 1 dst
> +0000:1111:1111:1111:7777:7777:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 36 pri 1 dst
> +0000:1111:1111:1111:8888:8888:0000:0000/96 \ sport 0:65535 dport
> +0:65535
> +
> +sp ipv6 out esp protect 15 pri 1 dst
> +ffff:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 16 pri 1 dst
> +ffff:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 110 pri 1 dst
> +ffff:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 111 pri 1 dst
> +ffff:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 125 pri 1 dst
> +ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 126 pri 1 dst
> +ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 130 pri 1 dst
> +ffff:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 131 pri 1 dst
> +ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535
> +
> +#SA rules
> +sa out 5 cipher_algo aes-128-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
> +172.16.1.5 dst 172.16.2.5
> +
> +sa out 6 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
> +
> +sa out 10 cipher_algo aes-128-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
> +
> +sa out 11 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +transport
> +
> +sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src
> +172.16.1.5 \ dst 172.16.2.5
> +
> +sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \ src
> +4444:4444:4444:4444:4444:4444:4444:1111 \ dst
> +5555:5555:5555:5555:5555:5555:5555:2222
> +
> +sa out 25 cipher_algo aes-128-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +1111:1111:1111:1111:1111:1111:1111:5555 \ dst
> +2222:2222:2222:2222:2222:2222:2222:5555
> +
> +sa out 26 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv6-tunnel \ src 1111:1111:1111:1111:1111:1111:1111:6666 \ dst
> +2222:2222:2222:2222:2222:2222:2222:6666
> +
> +sa out 30 cipher_algo aes-256-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
> +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +7777:7777:7777:7777:7777:7777:7777:1111 \ dst
> +8888:8888:8888:8888:8888:8888:8888:2222
> +
> +sa out 31 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
> +transport
> +
> +sa out 35 cipher_algo aes-256-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
> +
> +sa out 36 cipher_algo aes-256-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac
> +auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
> +
> +sa out 45 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
> +
> +sa out 46 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
> +ipv6-tunnel \ src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \ dst
> +bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222
> +
> +sa in 105 cipher_algo aes-128-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
> +172.16.2.5 dst 172.16.1.5
> +
> +sa in 106 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
> +
> +sa in 110 cipher_algo aes-128-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
> +
> +sa in 111 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +transport
> +
> +sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src
> +172.16.2.5 \ dst 172.16.1.5
> +
> +sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \ src
> +5555:5555:5555:5555:5555:5555:5555:2222 \ dst
> +4444:4444:4444:4444:4444:4444:4444:1111
> +
> +sa in 125 cipher_algo aes-128-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +2222:2222:2222:2222:2222:2222:2222:5555 \ dst
> +1111:1111:1111:1111:1111:1111:1111:5555
> +
> +sa in 126 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv6-tunnel \ src 2222:2222:2222:2222:2222:2222:2222:6666 \ dst
> +1111:1111:1111:1111:1111:1111:1111:6666
> +
> +sa in 130 cipher_algo aes-256-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
> +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +8888:8888:8888:8888:8888:8888:8888:2222 \ dst
> +7777:7777:7777:7777:7777:7777:7777:1111
> +
> +sa in 131 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +transport
> +
> +sa in 135 cipher_algo aes-256-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
> +
> +sa in 136 cipher_algo aes-256-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1
> +:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac auth_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode
> +transport
> +
> +sa in 145 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
> +
> +sa in 146 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv6-tunnel \ src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \ dst
> +aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111
> +
> +
> +#Routing rules
> +rt ipv4 dst 172.16.2.5/32 port 0
> +rt ipv4 dst 172.16.2.6/32 port 0
> +rt ipv4 dst 192.168.175.0/24 port 0
> +rt ipv4 dst 192.168.176.0/24 port 0
> +rt ipv4 dst 192.168.240.0/24 port 0
> +rt ipv4 dst 192.168.241.0/24 port 0
> +rt ipv4 dst 192.168.115.0/24 port 0
> +rt ipv4 dst 192.168.116.0/24 port 0
> +rt ipv4 dst 192.168.65.0/24 port 0
> +rt ipv4 dst 192.168.66.0/24 port 0
> +rt ipv4 dst 192.168.185.0/24 port 0
> +rt ipv4 dst 192.168.186.0/24 port 0
> +rt ipv4 dst 192.168.210.0/24 port 0
> +rt ipv4 dst 192.168.211.0/24 port 0
> +rt ipv4 dst 192.168.245.0/24 port 0
> +rt ipv4 dst 192.168.246.0/24 port 0
> +rt ipv4 dst 192.168.26.0/24 port 0
> +rt ipv4 dst 192.168.76.0/24 port 0
> +rt ipv4 dst 192.168.35.0/24 port 0
> +rt ipv4 dst 192.168.85.0/24 port 0
> +rt ipv4 dst 192.168.86.0/24 port 0
> +rt ipv4 dst 192.168.135.0/24 port 0
> +rt ipv4 dst 192.168.136.0/24 port 0
> +
> +rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0 rt ipv6
> +dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0 rt ipv6 dst
> +5555:5555:5555:5555:5555:5555:5555:2222/116 port 0 rt ipv6 dst
> +2222:2222:2222:2222:2222:2222:2222:5555/116 port 0 rt ipv6 dst
> +2222:2222:2222:2222:2222:2222:2222:6666/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:8888:8888:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:9999:9999:0000:0000/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:0000:0000:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:1111:1111:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:1111:1111:0000:0000/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0
> +
> +rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0 rt ipv6
> +dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0
> diff --git a/tests/TestSuite_ipsec_gw_cryptodev_func.py
> b/tests/TestSuite_ipsec_gw_cryptodev_func.py
> new file mode 100644
> index 0000000..dc49577
> --- /dev/null
> +++ b/tests/TestSuite_ipsec_gw_cryptodev_func.py
> @@ -0,0 +1,652 @@
> +# BSD LICENSE
> +#
> +# Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
> +# All rights reserved.
> +#
> +# Redistribution and use in source and binary forms, with or without #
> +modification, are permitted provided that the following conditions #
> +are met:
> +#
> +# * Redistributions of source code must retain the above copyright
> +# notice, this list of conditions and the following disclaimer.
> +# * Redistributions in binary form must reproduce the above copyright
> +# notice, this list of conditions and the following disclaimer in
> +# the documentation and/or other materials provided with the
> +# distribution.
> +# * Neither the name of Intel Corporation nor the names of its
> +# contributors may be used to endorse or promote products derived
> +# from this software without specific prior written permission.
> +#
> +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
> CONTRIBUTORS #
> +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #
> +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
> FOR #
> +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
> COPYRIGHT #
> +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
> INCIDENTAL, #
> +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> #
> +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
> USE, #
> +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
> ANY #
> +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #
> +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
> USE #
> +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> +
> +import hmac
> +import hashlib
> +import binascii
> +import time
> +import utils
> +from test_case import TestCase
> +from packet import Packet, save_packets
> +
> +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms,
> +modes from cryptography.hazmat.primitives.ciphers.aead import AESCCM,
> +AESGCM from cryptography.hazmat.backends import default_backend
> +
> +import cryptodev_common as cc
> +
> +class TestIPsecGW(TestCase):
> +
> + def set_up_all(self):
> +
> + self.core_config = "1S/2C/1T"
> + self.number_of_ports = 1
> + self.dut_ports = self.dut.get_ports(self.nic)
> + self.verify(len(self.dut_ports) >= self.number_of_ports,
> + "Not enough ports for " + self.nic)
> + self.ports_socket = self.dut.get_numa_id(self.dut_ports[0])
> +
> + self.logger.info("core config = " + self.core_config)
> + self.logger.info("number of ports = " + str(self.number_of_ports))
> + self.logger.info("dut ports = " + str(self.dut_ports))
> + self.logger.info("ports_socket = " + str(self.ports_socket))
> +
> + # Generally, testbed should has 4 ports NIC, like,
> + # 03:00.0 03:00.1 03:00.2 03:00.3
> + # This test case will
> + # - physical link is 03:00.0 <-> 03:00.1 and 03:00.2 <-> 03:00.3
> + # - bind 03:00.0 and 03:00.2 to ipsec-secgw app
> + # - send test packet from 03:00.3
> + # - receive packet which forwarded by ipsec-secgw from 03:00.0
> + # - configure port and peer in dts port.cfg
> + self.tx_port = self.tester.get_local_port(self.dut_ports[1])
> + self.rx_port = self.tester.get_local_port(self.dut_ports[0])
> +
> + self.tx_interface = self.tester.get_interface(self.tx_port)
> + self.rx_interface = self.tester.get_interface(self.rx_port)
> +
> + self.logger.info("tx interface = " + self.tx_interface)
> + self.logger.info("rx interface = " + self.rx_interface)
> +
> + self._app_path = "./examples/ipsec-secgw/build/ipsec-secgw"
> + if not cc.is_build_skip(self):
> + cc.build_dpdk_with_cryptodev(self)
> + self.vf_driver = self.get_suite_cfg()['vf_driver']
> + cc.bind_qat_device(self, self.vf_driver)
> +
> + self._default_ipsec_gw_opts = {
> + "config": None,
> + "P": "",
> + "p": "0x3",
> + "f": "local_conf/ipsec_test.cfg",
> + "u": "0x1"
> + }
> +
> + self._pcap_idx = 0
> + self.pcap_filename = ''
> +
> + def set_up(self):
> + pass
> +
> + def tear_down(self):
> + self.dut.kill_all()
> +
> + def tear_down_all(self):
> + cc.clear_dpdk_config(self)
> +
> + def test_qat_aes_128_cbc_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_cbc_ipv4_tunnel")
> + self.pcap_filename = "test_qat_aes_128_cbc_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_256_cbc_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_256_cbc_ipv4_tunnel")
> + self.pcap_filename = "test_qat_aes_256_cbc_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_gcm_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_gcm_ipv4_tunnel")
> + self.pcap_filename = "test_qat_aes_gcm_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_ctr_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_ctr_ipv4_tunnel")
> + self.pcap_filename = "test_qat_aes_128_ctr_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_ctr_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_ctr_ipv6_tunnel")
> + self.pcap_filename = "test_qat_aes_128_ctr_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_ctr_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_ctr_ipv4_transport")
> + self.pcap_filename = "test_qat_aes_128_ctr_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_ctr_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_ctr_ipv6_transport")
> + self.pcap_filename = "test_qat_aes_128_ctr_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_null_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_null_ipv4_tunnel")
> + self.pcap_filename = "test_qat_null_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_cbc_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_cbc_ipv4_transport")
> + self.pcap_filename = "test_qat_aes_128_cbc_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_256_cbc_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_256_cbc_ipv4_transport")
> + self.pcap_filename = "test_qat_aes_256_cbc_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_gcm_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_gcm_ipv4_transport")
> + self.pcap_filename = "test_qat_aes_gcm_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_cbc_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_cbc_ipv6_tunnel")
> + self.pcap_filename = "test_qat_aes_128_cbc_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_256_cbc_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_256_cbc_ipv6_tunnel")
> + self.pcap_filename = "test_qat_aes_256_cbc_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_gcm_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_gcm_ipv6_tunnel")
> + self.pcap_filename = "test_qat_aes_gcm_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_null_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_null_ipv6_tunnel")
> + self.pcap_filename = "test_qat_null_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_128_cbc_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_128_cbc_ipv6_transport")
> + self.pcap_filename = "test_qat_aes_128_cbc_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_256_cbc_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_256_cbc_ipv6_transport")
> + self.pcap_filename = "test_qat_aes_256_cbc_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_qat_aes_gcm_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test qat_aes_gcm_ipv6_transport")
> + self.pcap_filename = "test_qat_aes_gcm_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_cbc_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_cbc_ipv4_tunnel")
> + self.pcap_filename = "test_sw_aes_128_cbc_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_256_cbc_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_256_cbc_ipv4_tunnel")
> + self.pcap_filename = "test_sw_aes_256_cbc_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_gcm_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_gcm_ipv4_tunnel")
> + self.pcap_filename = "test_sw_aes_gcm_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_null_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_null_ipv4_tunnel")
> + self.pcap_filename = "test_sw_null_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_cbc_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_cbc_ipv4_transport")
> + self.pcap_filename = "test_sw_aes_128_cbc_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_256_cbc_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_256_cbc_ipv4_transport")
> + self.pcap_filename = "test_sw_aes_256_cbc_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_gcm_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_gcm_ipv4_transport")
> + self.pcap_filename = "test_sw_aes_gcm_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_cbc_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_cbc_ipv6_tunnel")
> + self.pcap_filename = "test_sw_aes_128_cbc_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_256_cbc_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_256_cbc_ipv6_tunnel")
> + self.pcap_filename = "test_sw_aes_256_cbc_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_gcm_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_gcm_ipv6_tunnel")
> + self.pcap_filename = "test_sw_aes_gcm_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_null_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_null_ipv6_tunnel")
> + self.pcap_filename = "test_sw_null_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_cbc_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_cbc_ipv6_transport")
> + self.pcap_filename = "test_sw_aes_128_cbc_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_256_cbc_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_256_cbc_ipv6_transport")
> + self.pcap_filename = "test_sw_aes_256_cbc_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> +
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_gcm_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_gcm_ipv6_transport")
> + self.pcap_filename = "test_sw_aes_gcm_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_ctr_ipv4_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_ctr_ipv4_tunnel")
> + self.pcap_filename = "test_sw_aes_128_ctr_ipv4_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_ctr_ipv6_tunnel(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_ctr_ipv6_tunnel")
> + self.pcap_filename = "test_sw_aes_128_ctr_ipv6_tunnel"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_ctr_ipv4_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_ctr_ipv4_transport")
> + self.pcap_filename = "test_sw_aes_128_ctr_ipv4_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def test_sw_aes_128_ctr_ipv6_transport(self):
> + if cc.is_test_skip(self):
> + return
> +
> + self.logger.info("Test sw_aes_128_ctr_ipv6_transport")
> + self.pcap_filename = "test_sw_aes_128_ctr_ipv6_transport"
> + ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
> + self.logger.debug(ipsec_gw_opt_str)
> +
> + result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
> + self.verify(result, "FAIL")
> +
> + def _get_ipsec_gw_opt_str(self, override_ipsec_gw_opts={}):
> + return cc.get_opt_str(self, self._default_ipsec_gw_opts,
> + override_ipsec_gw_opts)
> +
> + def _execute_ipsec_gw_test(self, ipsec_gw_opt_str):
> + result = True
> + eal_opt_str = cc.get_eal_opt_str(self)
> +
> + cmd_str = cc.get_dpdk_app_cmd_str(self._app_path, eal_opt_str,
> ipsec_gw_opt_str)
> + self.logger.info("IPsec-gw cmd: " + cmd_str)
> + self.dut.send_expect(cmd_str, "IPSEC:", 30)
> + time.sleep(3)
> + inst = self.tester.tcpdump_sniff_packets(self.rx_interface,
> + timeout=25)
> +
> + PACKET_COUNT = 65
> + payload = 256 * ['11']
> +
> + case_cfgs = self.get_case_cfg()
> + dst_ip = case_cfgs["dst_ip"]
> + src_ip = case_cfgs["src_ip"]
> + expected_dst_ip = case_cfgs["expected_dst_ip"]
> + expected_src_ip = case_cfgs["expected_src_ip"]
> + expected_spi = case_cfgs["expected_spi"]
> + expected_length = case_cfgs["expected_length"]
> + #expected_data = case_cfgs["expected_data"]
> +
> + pkt = Packet()
> + if len(dst_ip)<=15:
> + pkt.assign_layers(["ether", "ipv4", "udp", "raw"])
> + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst":
> "52:00:00:00:00:01"})
> + pkt.config_layer("ipv4", {"src": src_ip, "dst": dst_ip})
> + else:
> + pkt.assign_layers(["ether", "ipv6", "udp", "raw"])
> + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst":
> "52:00:00:00:00:01"})
> + pkt.config_layer("ipv6", {"src": src_ip, "dst": dst_ip})
> + pkt.config_layer("udp", {"dst": 0})
> + pkt.config_layer("raw", {"payload": payload})
> + pkt.send_pkt(tx_port=self.tx_interface, count=PACKET_COUNT)
> +
> + pkt_rec = self.tester.load_tcpdump_sniff_packets(inst)
> +
> + pcap_filename = "output/{0}.pcap".format(self.pcap_filename)
> + self.logger.info("Save pkts to {0}".format(pcap_filename))
> + save_packets(pkt_rec, pcap_filename)
> + self._pcap_idx = self._pcap_idx + 1
> +
> + if len(pkt_rec) == 0:
> + self.logger.error("IPsec forwarding failed")
> + result = False
> +
> + for pkt_r in pkt_rec:
> + pkt_src_ip = pkt_r.pktgen.strip_layer3("src")
> + if pkt_src_ip != expected_src_ip:
> + pkt_r.pktgen.pkt.show()
> + self.logger.error("SRC IP does not match. Pkt:{0},
> Expected:{1}".format(
> + pkt_src_ip, expected_src_ip))
> + result = False
> + break
> +
> + pkt_dst_ip = pkt_r.pktgen.strip_layer3("dst")
> + self.logger.debug(pkt_dst_ip)
> + if pkt_dst_ip != expected_dst_ip:
> + pkt_r.pktgen.pkt.show()
> + self.logger.error("DST IP does not match. Pkt:{0},
> Expected:{1}".format(
> + pkt_dst_ip, expected_dst_ip))
> + result = False
> + break
> +
> + packet_hex = pkt_r.pktgen.pkt["ESP"].getfieldval("data")
> + if packet_hex is None:
> + self.logger.error("NO Payload !")
> + result = False
> + break
> + payload_str = binascii.b2a_hex(packet_hex)
> + self.logger.debug(payload_str)
> +
> + pkt_spi = hex(pkt_r.pktgen.pkt["ESP"].getfieldval("spi"))
> + self.logger.debug(pkt_spi)
> + if pkt_spi != expected_spi:
> + self.logger.error("SPI does not match. Pkt:{0}, Expected:{1}".format(
> + pkt_spi, expected_spi))
> + result = False
> + break
> +
> + pkt_len = len(payload_str)/2
> + self.logger.debug(pkt_len)
> + if pkt_len != int(expected_length):
> + self.logger.error("Packet length does not match. Pkt:{0},
> Expected:{1}".format(
> + pkt_len, expected_length))
> + result = False
> + break
> +
> + self.dut.kill_all()
> + return result
> --
> 2.7.4
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-02-26 2:35 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-13 0:51 [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config Xinfeng Zhao
2019-02-13 6:02 ` Zhao, XinfengX
2019-02-15 6:19 ` Chen, Zhaoyan
2019-02-26 2:35 ` Tu, Lijuan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).