From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 76A18A046B for ; Wed, 29 May 2019 04:21:43 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 6B33E37A2; Wed, 29 May 2019 04:21:43 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by dpdk.org (Postfix) with ESMTP id 7BF17A49 for ; Wed, 29 May 2019 04:21:41 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 May 2019 19:21:41 -0700 X-ExtLoop1: 1 Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga006.fm.intel.com with ESMTP; 28 May 2019 19:21:41 -0700 Received: from shsmsx106.ccr.corp.intel.com (10.239.4.159) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 28 May 2019 19:21:40 -0700 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.129]) by SHSMSX106.ccr.corp.intel.com ([169.254.10.213]) with mapi id 14.03.0415.000; Wed, 29 May 2019 10:21:39 +0800 From: "Tu, Lijuan" To: "Xiao, QimaiX" , "dts@dpdk.org" CC: "Xiao, QimaiX" Thread-Topic: [dts] [PATCH V2] update inline_ipsec to test new version dpdk Thread-Index: AQHVEIfSUxKVSsY8D0SurfmuT9M0RKaBaWkA Date: Wed, 29 May 2019 02:21:38 +0000 Message-ID: <8CE3E05A3F976642AAB0F4675D0AD20E0BA865C6@SHSMSX101.ccr.corp.intel.com> References: <1558520602-62975-1-git-send-email-qimaix.xiao@intel.com> In-Reply-To: <1558520602-62975-1-git-send-email-qimaix.xiao@intel.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiN2ZlZTdlNjMtODY4ZC00ZTcxLWI2NGEtNDczYWZhOWFjNGFkIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiZnlGK25cL0JHeU1uTlhZZGp3OFRiUkRlOHZnODBzREw0Y1oyWDBcL1luVmViSHdwcVhrM1BQWTk1XC9lMGR1YUlNViJ9 x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH V2] update inline_ipsec to test new version dpdk X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dts-bounces@dpdk.org Sender: "dts" Applied, thanks > -----Original Message----- > From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of xiao,qimai > Sent: Wednesday, May 22, 2019 6:23 PM > To: dts@dpdk.org > Cc: Xiao, QimaiX > Subject: [dts] [PATCH V2] update inline_ipsec to test new version dpdk >=20 > 1.remove unused imports > 2.add some steps to verfiy encrypt package 3.upadte verify message of > decrypt with wrong key >=20 > Signed-off-by: xiao,qimai > --- > tests/TestSuite_inline_ipsec.py | 82 +++++++++++++++++++++++---------- > 1 file changed, 58 insertions(+), 24 deletions(-) >=20 > diff --git a/tests/TestSuite_inline_ipsec.py b/tests/TestSuite_inline_ips= ec.py > index 1813c08..d67bcce 100644 > --- a/tests/TestSuite_inline_ipsec.py > +++ b/tests/TestSuite_inline_ipsec.py > @@ -36,13 +36,12 @@ Test inline_ipsec. > """ >=20 > import utils > -import string > import time > import re > -import threading > +import random > + > +from scapy.all import ESP, IP, Ether, sendp, SecurityAssociation > from test_case import TestCase > -import getopt > -from scapy.all import * >=20 > ETHER_STANDARD_MTU =3D 1518 > ETHER_JUMBO_FRAME_MTU =3D 9000 > @@ -51,9 +50,10 @@ ETHER_JUMBO_FRAME_MTU =3D 9000 class > TestInlineIpsec(TestCase): > """ > This suite depend PyCryptodome,it provide authenticated encryption > modes(GCM) > - my environment:asn1crypto (0.22.0), pycryptodome (3.4.7), > pycryptodomex (3.4.7), > - pycryptopp > (0.6.0.1206569328141510525648634803928199668821045408958), scapy > (2.3.3.dev623) > + my environment:cryptography (1.7.2), pycryptodome (3.4.7), > pycryptodomex (3.4.7), > + pycryptopp > + (0.6.0.1206569328141510525648634803928199668821045408958), scapy > + (2.4.2) > """ > + > def set_up_all(self): > """ > Run at the start of each test suite. > @@ -86,7 +86,7 @@ class TestInlineIpsec(TestCase): >=20 > self.path =3D "./examples/ipsec-secgw/build/ipsec-secgw" > # add print code in IPSEC app > - sedcmd =3D r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, > portid);/i\\printf("[debug]receive %hhu packet in rxqueueid=3D%hhu\\n",nb= _rx, > queueid);' examples/ipsec-secgw/ipsec-secgw.c""" > + sedcmd =3D r"""sed -i -e '/process_pkts(qconf, pkts, nb_rx, > portid);/i\\t\t\t\tprintf("[debug]receive %hhu packet in > rxqueueid=3D%hhu\\n",nb_rx, queueid);' examples/ipsec-secgw/ipsec- > secgw.c""" > self.dut.send_expect(sedcmd, "#", 60) >=20 > # build sample app > @@ -165,7 +165,8 @@ class TestInlineIpsec(TestCase): > f.write(cfg) > self.dut.session.copy_file_to(filename, self.dut.base_dir) >=20 > - def send_encryption_package(self, intf, paysize=3D64, do_encrypt=3DF= alse, > send_spi=3D5, count=3D1, inner_dst=3D'192.168.105.10', sa_src=3D'172.16.1= .5', > sa_dst=3D'172.16.2.5'): > + def send_encryption_package(self, intf, paysize=3D64, do_encrypt=3DF= alse, > send_spi=3D5, count=3D1, > + inner_dst=3D'192.168.105.10', sa_src=3D'= 172.16.1.5', > sa_dst=3D'172.16.2.5'): > """ > prepare a packet and send > """ > @@ -184,6 +185,8 @@ class TestInlineIpsec(TestCase): >=20 > if do_encrypt =3D=3D True: > print "send encrypt package" > + print("before encrypt, the package info is like below: ") > + p.show() > e =3D sa_gcm.encrypt(p) > else: > print "send normal package" > @@ -196,14 +199,15 @@ class TestInlineIpsec(TestCase): > name=3D'send_encryption_package') > sendp(eth_e, iface=3Dintf, count=3Dcount) > self.tester.destroy_session(session_send) > + return payload, p.src, p.dst >=20 > - return payload > - > - def Ipsec_Encryption(self, config, file_name, txItf, rxItf, paysize= =3D32, > jumboframe=3D1518, do_encrypt=3DFalse, verify=3DTrue, send_spi=3D5, > receive_spi=3D1005, count=3D1, inner_dst=3D'192.168.105.10', sa_src=3D'17= 2.16.1.5', > sa_dst=3D'172.16.2.5'): > + def Ipsec_Encryption(self, config, file_name, txItf, rxItf, paysize= =3D32, > jumboframe=3D1518, do_encrypt=3DFalse, > + verify=3DTrue, send_spi=3D5, receive_spi=3D1005= , count=3D1, > inner_dst=3D'192.168.105.10', > + sa_src=3D'172.16.1.5', sa_dst=3D'172.16.2.5'): > """ > verify Ipsec receive package > """ > - cmd =3D self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' = --log-level 8 > --socket-mem 1024,1 -- -p 0xf -P -u 0x2 -j %s --config=3D'%s' -f %s" % ( > + cmd =3D self.path + " -l 20,21 -w %s -w %s --vdev 'crypto_null' > + --log-level 8 --socket-mem 1024,1024 -- -p 0xf -P -u 0x2 -j %s > + --config=3D'%s' -f %s" % ( > self.portpci_0, self.portpci_1, jumboframe, config, file_nam= e) > self.dut.send_expect(cmd, "IPSEC", 60) >=20 > @@ -213,25 +217,40 @@ class TestInlineIpsec(TestCase): >=20 > session_receive.send_expect("scapy", ">>>", 10) > session_receive.send_expect( > - "pkts=3Dsniff(iface=3D'%s',count=3D1,timeout=3D10)" % rxItf,= "", 30) > - send_package =3D self.send_encryption_package( > - txItf, paysize, do_encrypt, send_spi, count, inner_dst, sa_s= rc, sa_dst) > + "pkts=3Dsniff(iface=3D'%s',count=3D1,timeout=3D45)" % rxItf,= "", > + 10) >=20 > - time.sleep(10) > - out =3D session_receive.send_expect("pkts", "", 30) > if do_encrypt: > + send_package =3D self.send_encryption_package( > + txItf, paysize, do_encrypt, send_spi, count, inner_dst, = sa_src, > sa_dst) > + time.sleep(45) > + session_receive.send_expect("pkts", "", 30) > out =3D session_receive.send_expect("pkts[0]['IP'] ", ">>>",= 10) > else: > + session_receive2 =3D > self.tester.create_session(name=3D'receive_encryption_package2') > + session_receive2.send_expect("tcpdump -Xvvvi %s -c 1" % rxIt= f, "", 30) > + send_package =3D self.send_encryption_package(txItf, paysize= , > do_encrypt, send_spi, count, inner_dst, sa_src, > + sa_dst) > + time.sleep(45) > + rev =3D session_receive2.get_session_before() > + print(rev) > + p =3D re.compile(': ESP\(spi=3D0x\w+,seq=3D0x\w+\),') > + res =3D p.search(rev) > + self.verify(res, 'encrypt failed, tcpdump get %s' % rev) > + self.tester.destroy_session(session_receive2) > + session_receive.send_expect("pkts", "", 30) > session_receive.send_expect(sa_gcm, ">>>", 10) > - session_receive.send_expect( > - "results=3Dsa_gcm.decrypt(pkts[0]['IP'])", ">>>", 10) > + time.sleep(2) > + > + session_receive.send_expect("results=3Dsa_gcm.decrypt(pkts[0]['IP'])", > + ">>>", 10) > out =3D session_receive.send_expect("results", ">>>", 10) >=20 > if verify: > - self.verify(send_package in out, > + print('received packet content is %s' % out) > + print('send pkt src ip is %s, dst ip is %s, payload is %s' %= ( > + send_package[1], send_package[2], send_package[0])) > + self.verify(send_package[0] in out, > "Unreceived package or get other package") > else: > - self.verify(send_package not in out, > + self.verify(send_package[0] not in out, > "The function is not in effect") > session_receive.send_expect("quit()", "#", 10) > self.tester.destroy_session(session_receive) > @@ -244,6 +263,7 @@ class TestInlineIpsec(TestCase): > paysize =3D random.randint(1, ETHER_STANDARD_MTU) > self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg', > self.txItf, self.rxItf, paysize) > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Encryption_Jumboframe(self): > """ > @@ -253,6 +273,7 @@ class TestInlineIpsec(TestCase): > paysize =3D random.randint(ETHER_STANDARD_MTU, > ETHER_JUMBO_FRAME_MTU) > self.Ipsec_Encryption(config, '/root/dpdk/enc.cfg', > self.txItf, self.rxItf, paysize, ETHER_JUM= BO_FRAME_MTU) > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Encryption_Rss(self): > """ > @@ -264,6 +285,7 @@ class TestInlineIpsec(TestCase): > out =3D self.dut.get_session_output() > verifycode =3D "receive 1 packet in rxqueueid=3D1" > self.verify(verifycode in out, "rxqueueid error") > + self.dut.send_expect("^C", "#", 5) >=20 > def test_IPSec_Decryption(self): > """ > @@ -273,6 +295,7 @@ class TestInlineIpsec(TestCase): > paysize =3D random.randint(1, ETHER_STANDARD_MTU) > self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf, > self.txItf, paysize, do_encrypt=3DTrue, co= unt=3D2) > + self.dut.send_expect("^C", "#", 5) >=20 > def test_IPSec_Decryption_Jumboframe(self): > """ > @@ -282,6 +305,7 @@ class TestInlineIpsec(TestCase): > paysize =3D random.randint(ETHER_STANDARD_MTU, > ETHER_JUMBO_FRAME_MTU) > self.Ipsec_Encryption(config, '/root/dpdk/dec.cfg', self.rxItf, > self.txItf, paysize, ETHER_JUMBO_FRAME_MTU= , > do_encrypt=3DTrue, count=3D2) > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Decryption_Rss(self): > """ > @@ -293,6 +317,7 @@ class TestInlineIpsec(TestCase): > out =3D self.dut.get_session_output() > verifycode =3D "receive 1 packet in rxqueueid=3D1" > self.verify(verifycode in out, "rxqueueid error") > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Decryption_wrongkey(self): > """ > @@ -303,8 +328,10 @@ class TestInlineIpsec(TestCase): > self.Ipsec_Encryption(config, '/root/dpdk/dec_wrong_key.cfg', se= lf.rxItf, > self.txItf, paysize, do_encrypt=3DTrue, ve= rify=3DFalse, count=3D2) > out =3D self.dut.get_session_output() > - verifycode =3D "IPSEC_ESP: failed crypto op" > - self.verify(verifycode in out, "Ipsec Decryption wrongkey failed= ") > + verifycode =3D "IPSEC_ESP: esp_inbound_post\(\) failed crypto op= " > + l =3D re.findall(verifycode, out) > + self.verify(len(l) =3D=3D 2, "Ipsec Decryption wrongkey failed") > + self.dut.send_expect("^C", "#", 5) >=20 > def test_Ipsec_Encryption_Decryption(self): > """ > @@ -350,10 +377,17 @@ class TestInlineIpsec(TestCase): > eth_e2 =3D Ether() / e2 > eth_e2.src =3D self.rx_src > eth_e2.dst =3D self.tx_dst > - > + session_receive3 =3D > self.tester.create_session('check_forward_encryption_package') > + session_receive3.send_expect("tcpdump -Xvvvi %s -c 1" % self.rxI= tf, "", > 30) > + time.sleep(2) > sendp(eth_e1, iface=3Dself.rxItf, count=3D2) > sendp(eth_e2, iface=3Dself.txItf, count=3D1) > time.sleep(30) > + rev =3D session_receive3.get_session_before() > + print(rev) > + p =3D re.compile(': ESP\(spi=3D0x\w+,seq=3D0x\w+\),') > + res =3D p.search(rev) > + self.verify(res, 'encrypt failed, tcpdump get %s' % rev) > session_receive.send_expect( > "results=3Dsa_gcm.decrypt(pkts[2]['IP'])", ">>>", 60) > out =3D session_receive.send_expect("results", ">>>", 60) > -- > 2.17.1