From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by dpdk.org (Postfix) with ESMTP id 6199E1B49B for ; Fri, 15 Feb 2019 07:19:24 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Feb 2019 22:19:23 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,371,1544515200"; d="scan'208";a="133766240" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by FMSMGA003.fm.intel.com with ESMTP; 14 Feb 2019 22:19:23 -0800 Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 14 Feb 2019 22:19:22 -0800 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 14 Feb 2019 22:19:22 -0800 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.102]) by shsmsx102.ccr.corp.intel.com ([169.254.2.207]) with mapi id 14.03.0415.000; Fri, 15 Feb 2019 14:19:15 +0800 From: "Chen, Zhaoyan" To: "Zhao, XinfengX" , "dts@dpdk.org" CC: "Tu, Lijuan" , "Chen, Zhaoyan" Thread-Topic: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config Thread-Index: AQHUwzXBiQ1tXA6nt0GfO9EW5WSI6aXctuOAgAOvU8A= Date: Fri, 15 Feb 2019 06:19:15 +0000 Message-ID: <9DEEADBC57E43F4DA73B571777FECECA41C38BA9@SHSMSX104.ccr.corp.intel.com> References: <1550019081-3179-1-git-send-email-xinfengx.zhao@intel.com> <44051B25D8C8784BB77FFB604D6A70CA12027B91@shsmsx102.ccr.corp.intel.com> In-Reply-To: <44051B25D8C8784BB77FFB604D6A70CA12027B91@shsmsx102.ccr.corp.intel.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Feb 2019 06:19:25 -0000 Acked-by: Zhaoyan Chen Regards, Zhaoyan Chen > -----Original Message----- > From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of Zhao, XinfengX > Sent: Wednesday, February 13, 2019 2:03 PM > To: dts@dpdk.org > Subject: Re: [dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and = config >=20 > Tested-by : Xinfeng Zhao >=20 > -----Original Message----- > From: Zhao, XinfengX > Sent: Wednesday, February 13, 2019 8:51 AM > To: dts@dpdk.org > Cc: Zhao, XinfengX > Subject: [dts][PATCH V1] tests: add the cryptodev ipsec-gw test and confi= g >=20 > add tests/TestSuite_ipsec_gw_cryptodev_func.py > add conf/ipsec_test.cfg >=20 > Signed-off-by: Xinfeng Zhao > --- > conf/ipsec_test.cfg | 253 +++++++++++ > tests/TestSuite_ipsec_gw_cryptodev_func.py | 652 > +++++++++++++++++++++++++++++ > 2 files changed, 905 insertions(+) > create mode 100644 conf/ipsec_test.cfg > create mode 100644 tests/TestSuite_ipsec_gw_cryptodev_func.py >=20 > diff --git a/conf/ipsec_test.cfg b/conf/ipsec_test.cfg new file mode 1006= 44 index > 0000000..ea8a55d > --- /dev/null > +++ b/conf/ipsec_test.cfg > @@ -0,0 +1,253 @@ > +########################################################## > ################# > +# IPSEC-SECGW Endpoint sample configuration > +# > +# The main purpose of this file is to show how to configure two system= s > +# back-to-back that would forward traffic through an IPsec tunnel. Thi= s > +# file is the Endpoint 0 configuration. To use this configuration file= , > +# add the following command-line option: > +# > +# -f ./ep0.cfg > +# > +########################################################## > ############# > +#### > + > +#SP IPv4 rules > +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 > +dport 0:65535 sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 > +sport 0:65535 dport 0:65535 sp ipv4 out esp protect 10 pri 1 dst > +192.168.175.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 11 > +pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp > +protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 sp > +ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport > +0:65535 sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport > +0:65535 dport 0:65535 sp ipv4 out esp protect 26 pri 1 dst > +192.168.56.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 30 > +pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp > +protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535 sp > +ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport > +0:65535 sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport > +0:65535 dport 0:65535 sp ipv4 out esp protect 45 pri 1 dst > +192.168.125.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 46 > +pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp > +bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 sp ipv4 > +out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535 > + > +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 > +dport 0:65535 sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 > +sport 0:65535 dport 0:65535 sp ipv4 in esp protect 110 pri 1 dst > +192.168.185.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 111 > +pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp > +protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 sp > +ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport > +0:65535 sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport > +0:65535 dport 0:65535 sp ipv4 in esp protect 125 pri 1 dst > +192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 125 > +pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp > +protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 sp > +ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport > +0:65535 sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport > +0:65535 dport 0:65535 sp ipv4 in esp protect 135 pri 1 dst > +192.168.35.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 136 > +pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp > +protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535 sp > +ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport > +0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 > +dport 0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport > +0:65535 dport 0:65535 > + > +#SP IPv6 rules > +sp ipv6 out esp protect 5 pri 1 dst > +0000:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 6 pri 1 dst > +0000:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 10 pri 1 dst > +0000:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 11 pri 1 dst > +0000:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 25 pri 1 dst > +0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 26 pri 1 dst > +0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 30 pri 1 dst > +0000:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 31 pri 1 dst > +0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 35 pri 1 dst > +0000:1111:1111:1111:7777:7777:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 36 pri 1 dst > +0000:1111:1111:1111:8888:8888:0000:0000/96 \ sport 0:65535 dport > +0:65535 > + > +sp ipv6 out esp protect 15 pri 1 dst > +ffff:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 in esp protect 16 pri 1 dst > +ffff:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 in esp protect 110 pri 1 dst > +ffff:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 in esp protect 111 pri 1 dst > +ffff:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 in esp protect 125 pri 1 dst > +ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 in esp protect 126 pri 1 dst > +ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 130 pri 1 dst > +ffff:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport > +0:65535 sp ipv6 out esp protect 131 pri 1 dst > +ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport > +0:65535 > + > +#SA rules > +sa out 5 cipher_algo aes-128-cbc cipher_key > +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key > +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src > +172.16.1.5 dst 172.16.2.5 > + > +sa out 6 aead_algo aes-128-gcm aead_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 > + > +sa out 10 cipher_algo aes-128-cbc cipher_key > +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ > +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key > +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ > +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport > + > +sa out 11 aead_algo aes-128-gcm aead_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +transport > + > +sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src > +172.16.1.5 \ dst 172.16.2.5 > + > +sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \ src > +4444:4444:4444:4444:4444:4444:4444:1111 \ dst > +5555:5555:5555:5555:5555:5555:5555:2222 > + > +sa out 25 cipher_algo aes-128-cbc cipher_key > +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ > +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key > +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ > +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src > +1111:1111:1111:1111:1111:1111:1111:5555 \ dst > +2222:2222:2222:2222:2222:2222:2222:5555 > + > +sa out 26 aead_algo aes-128-gcm aead_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +ipv6-tunnel \ src 1111:1111:1111:1111:1111:1111:1111:6666 \ dst > +2222:2222:2222:2222:2222:2222:2222:6666 > + > +sa out 30 cipher_algo aes-256-cbc cipher_key > +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 > +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key > +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ > +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src > +7777:7777:7777:7777:7777:7777:7777:1111 \ dst > +8888:8888:8888:8888:8888:8888:8888:2222 > + > +sa out 31 cipher_algo aes-128-ctr cipher_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo > +sha1-hmac auth_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode > +transport > + > +sa out 35 cipher_algo aes-256-cbc cipher_key > +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ > +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ > +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 > + > +sa out 36 cipher_algo aes-256-cbc cipher_key > +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ > +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac > +auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ > +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport > + > +sa out 45 cipher_algo aes-128-ctr cipher_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo > +sha1-hmac auth_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 > + > +sa out 46 cipher_algo aes-128-ctr cipher_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo > +sha1-hmac auth_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode > +ipv6-tunnel \ src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \ dst > +bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 > + > +sa in 105 cipher_algo aes-128-cbc cipher_key > +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key > +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src > +172.16.2.5 dst 172.16.1.5 > + > +sa in 106 aead_algo aes-128-gcm aead_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6 > + > +sa in 110 cipher_algo aes-128-cbc cipher_key > +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ > +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key > +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ > +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport > + > +sa in 111 aead_algo aes-128-gcm aead_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +transport > + > +sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src > +172.16.2.5 \ dst 172.16.1.5 > + > +sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \ src > +5555:5555:5555:5555:5555:5555:5555:2222 \ dst > +4444:4444:4444:4444:4444:4444:4444:1111 > + > +sa in 125 cipher_algo aes-128-cbc cipher_key > +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ > +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key > +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ > +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src > +2222:2222:2222:2222:2222:2222:2222:5555 \ dst > +1111:1111:1111:1111:1111:1111:1111:5555 > + > +sa in 126 aead_algo aes-128-gcm aead_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +ipv6-tunnel \ src 2222:2222:2222:2222:2222:2222:2222:6666 \ dst > +1111:1111:1111:1111:1111:1111:1111:6666 > + > +sa in 130 cipher_algo aes-256-cbc cipher_key > +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 > +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key > +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\ > +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src > +8888:8888:8888:8888:8888:8888:8888:2222 \ dst > +7777:7777:7777:7777:7777:7777:7777:1111 > + > +sa in 131 cipher_algo aes-128-ctr cipher_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo > +sha1-hmac auth_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +transport > + > +sa in 135 cipher_algo aes-256-cbc cipher_key > +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ > +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ > +mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5 > + > +sa in 136 cipher_algo aes-256-cbc cipher_key > +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 > +:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac auth_key > +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode > +transport > + > +sa in 145 cipher_algo aes-128-ctr cipher_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo > +sha1-hmac auth_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6 > + > +sa in 146 cipher_algo aes-128-ctr cipher_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo > +sha1-hmac auth_key > +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode > +ipv6-tunnel \ src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \ dst > +aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 > + > + > +#Routing rules > +rt ipv4 dst 172.16.2.5/32 port 0 > +rt ipv4 dst 172.16.2.6/32 port 0 > +rt ipv4 dst 192.168.175.0/24 port 0 > +rt ipv4 dst 192.168.176.0/24 port 0 > +rt ipv4 dst 192.168.240.0/24 port 0 > +rt ipv4 dst 192.168.241.0/24 port 0 > +rt ipv4 dst 192.168.115.0/24 port 0 > +rt ipv4 dst 192.168.116.0/24 port 0 > +rt ipv4 dst 192.168.65.0/24 port 0 > +rt ipv4 dst 192.168.66.0/24 port 0 > +rt ipv4 dst 192.168.185.0/24 port 0 > +rt ipv4 dst 192.168.186.0/24 port 0 > +rt ipv4 dst 192.168.210.0/24 port 0 > +rt ipv4 dst 192.168.211.0/24 port 0 > +rt ipv4 dst 192.168.245.0/24 port 0 > +rt ipv4 dst 192.168.246.0/24 port 0 > +rt ipv4 dst 192.168.26.0/24 port 0 > +rt ipv4 dst 192.168.76.0/24 port 0 > +rt ipv4 dst 192.168.35.0/24 port 0 > +rt ipv4 dst 192.168.85.0/24 port 0 > +rt ipv4 dst 192.168.86.0/24 port 0 > +rt ipv4 dst 192.168.135.0/24 port 0 > +rt ipv4 dst 192.168.136.0/24 port 0 > + > +rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0 rt ipv6 > +dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0 rt ipv6 dst > +5555:5555:5555:5555:5555:5555:5555:2222/116 port 0 rt ipv6 dst > +2222:2222:2222:2222:2222:2222:2222:5555/116 port 0 rt ipv6 dst > +2222:2222:2222:2222:2222:2222:2222:6666/116 port 0 rt ipv6 dst > +0000:1111:1111:1111:8888:8888:0000:1111/116 port 0 rt ipv6 dst > +0000:1111:1111:1111:9999:9999:0000:0000/116 port 0 rt ipv6 dst > +0000:1111:1111:1111:0000:0000:0000:1111/116 port 0 rt ipv6 dst > +0000:1111:1111:1111:1111:1111:0000:1111/116 port 0 rt ipv6 dst > +0000:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst > +0000:1111:1111:1111:1111:1111:0000:0000/116 port 0 rt ipv6 dst > +0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0 rt ipv6 dst > +0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0 > + > +rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0 rt ipv6 > +dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0 rt ipv6 dst > +ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0 rt ipv6 dst > +ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0 rt ipv6 dst > +ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst > +ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0 > diff --git a/tests/TestSuite_ipsec_gw_cryptodev_func.py > b/tests/TestSuite_ipsec_gw_cryptodev_func.py > new file mode 100644 > index 0000000..dc49577 > --- /dev/null > +++ b/tests/TestSuite_ipsec_gw_cryptodev_func.py > @@ -0,0 +1,652 @@ > +# BSD LICENSE > +# > +# Copyright(c) 2016-2017 Intel Corporation. All rights reserved. > +# All rights reserved. > +# > +# Redistribution and use in source and binary forms, with or without # > +modification, are permitted provided that the following conditions # > +are met: > +# > +# * Redistributions of source code must retain the above copyright > +# notice, this list of conditions and the following disclaimer. > +# * Redistributions in binary form must reproduce the above copyright > +# notice, this list of conditions and the following disclaimer in > +# the documentation and/or other materials provided with the > +# distribution. > +# * Neither the name of Intel Corporation nor the names of its > +# contributors may be used to endorse or promote products derived > +# from this software without specific prior written permission. > +# > +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND > CONTRIBUTORS # > +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # > +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS > FOR # > +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT > # > +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, > # > +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # > +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, > # > +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON > ANY # > +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # > +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE > # > +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > + > +import hmac > +import hashlib > +import binascii > +import time > +import utils > +from test_case import TestCase > +from packet import Packet, save_packets > + > +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, > +modes from cryptography.hazmat.primitives.ciphers.aead import AESCCM, > +AESGCM from cryptography.hazmat.backends import default_backend > + > +import cryptodev_common as cc > + > +class TestIPsecGW(TestCase): > + > + def set_up_all(self): > + > + self.core_config =3D "1S/2C/1T" > + self.number_of_ports =3D 1 > + self.dut_ports =3D self.dut.get_ports(self.nic) > + self.verify(len(self.dut_ports) >=3D self.number_of_ports, > + "Not enough ports for " + self.nic) > + self.ports_socket =3D self.dut.get_numa_id(self.dut_ports[0]) > + > + self.logger.info("core config =3D " + self.core_config) > + self.logger.info("number of ports =3D " + str(self.number_of_por= ts)) > + self.logger.info("dut ports =3D " + str(self.dut_ports)) > + self.logger.info("ports_socket =3D " + str(self.ports_socket)) > + > + # Generally, testbed should has 4 ports NIC, like, > + # 03:00.0 03:00.1 03:00.2 03:00.3 > + # This test case will > + # - physical link is 03:00.0 <-> 03:00.1 and 03:00.2 <-> 03:00.3 > + # - bind 03:00.0 and 03:00.2 to ipsec-secgw app > + # - send test packet from 03:00.3 > + # - receive packet which forwarded by ipsec-secgw from 03:00.0 > + # - configure port and peer in dts port.cfg > + self.tx_port =3D self.tester.get_local_port(self.dut_ports[1]) > + self.rx_port =3D self.tester.get_local_port(self.dut_ports[0]) > + > + self.tx_interface =3D self.tester.get_interface(self.tx_port) > + self.rx_interface =3D self.tester.get_interface(self.rx_port) > + > + self.logger.info("tx interface =3D " + self.tx_interface) > + self.logger.info("rx interface =3D " + self.rx_interface) > + > + self._app_path =3D "./examples/ipsec-secgw/build/ipsec-secgw" > + if not cc.is_build_skip(self): > + cc.build_dpdk_with_cryptodev(self) > + self.vf_driver =3D self.get_suite_cfg()['vf_driver'] > + cc.bind_qat_device(self, self.vf_driver) > + > + self._default_ipsec_gw_opts =3D { > + "config": None, > + "P": "", > + "p": "0x3", > + "f": "local_conf/ipsec_test.cfg", > + "u": "0x1" > + } > + > + self._pcap_idx =3D 0 > + self.pcap_filename =3D '' > + > + def set_up(self): > + pass > + > + def tear_down(self): > + self.dut.kill_all() > + > + def tear_down_all(self): > + cc.clear_dpdk_config(self) > + > + def test_qat_aes_128_cbc_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_128_cbc_ipv4_tunnel") > + self.pcap_filename =3D "test_qat_aes_128_cbc_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_256_cbc_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_256_cbc_ipv4_tunnel") > + self.pcap_filename =3D "test_qat_aes_256_cbc_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_gcm_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_gcm_ipv4_tunnel") > + self.pcap_filename =3D "test_qat_aes_gcm_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_qat_aes_128_ctr_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_128_ctr_ipv4_tunnel") > + self.pcap_filename =3D "test_qat_aes_128_ctr_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_qat_aes_128_ctr_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_128_ctr_ipv6_tunnel") > + self.pcap_filename =3D "test_qat_aes_128_ctr_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_qat_aes_128_ctr_ipv4_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_128_ctr_ipv4_transport") > + self.pcap_filename =3D "test_qat_aes_128_ctr_ipv4_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_qat_aes_128_ctr_ipv6_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_128_ctr_ipv6_transport") > + self.pcap_filename =3D "test_qat_aes_128_ctr_ipv6_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_qat_null_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_null_ipv4_tunnel") > + self.pcap_filename =3D "test_qat_null_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_128_cbc_ipv4_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_128_cbc_ipv4_transport") > + self.pcap_filename =3D "test_qat_aes_128_cbc_ipv4_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_256_cbc_ipv4_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_256_cbc_ipv4_transport") > + self.pcap_filename =3D "test_qat_aes_256_cbc_ipv4_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_gcm_ipv4_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_gcm_ipv4_transport") > + self.pcap_filename =3D "test_qat_aes_gcm_ipv4_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_qat_aes_128_cbc_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_128_cbc_ipv6_tunnel") > + self.pcap_filename =3D "test_qat_aes_128_cbc_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_256_cbc_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_256_cbc_ipv6_tunnel") > + self.pcap_filename =3D "test_qat_aes_256_cbc_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_gcm_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_gcm_ipv6_tunnel") > + self.pcap_filename =3D "test_qat_aes_gcm_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_null_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_null_ipv6_tunnel") > + self.pcap_filename =3D "test_qat_null_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_128_cbc_ipv6_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_128_cbc_ipv6_transport") > + self.pcap_filename =3D "test_qat_aes_128_cbc_ipv6_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_256_cbc_ipv6_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_256_cbc_ipv6_transport") > + self.pcap_filename =3D "test_qat_aes_256_cbc_ipv6_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_qat_aes_gcm_ipv6_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test qat_aes_gcm_ipv6_transport") > + self.pcap_filename =3D "test_qat_aes_gcm_ipv6_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_sw_aes_128_cbc_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_128_cbc_ipv4_tunnel") > + self.pcap_filename =3D "test_sw_aes_128_cbc_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_256_cbc_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_256_cbc_ipv4_tunnel") > + self.pcap_filename =3D "test_sw_aes_256_cbc_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_gcm_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_gcm_ipv4_tunnel") > + self.pcap_filename =3D "test_sw_aes_gcm_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_sw_null_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_null_ipv4_tunnel") > + self.pcap_filename =3D "test_sw_null_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_128_cbc_ipv4_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_128_cbc_ipv4_transport") > + self.pcap_filename =3D "test_sw_aes_128_cbc_ipv4_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_256_cbc_ipv4_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_256_cbc_ipv4_transport") > + self.pcap_filename =3D "test_sw_aes_256_cbc_ipv4_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_gcm_ipv4_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_gcm_ipv4_transport") > + self.pcap_filename =3D "test_sw_aes_gcm_ipv4_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_sw_aes_128_cbc_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_128_cbc_ipv6_tunnel") > + self.pcap_filename =3D "test_sw_aes_128_cbc_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_256_cbc_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_256_cbc_ipv6_tunnel") > + self.pcap_filename =3D "test_sw_aes_256_cbc_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_gcm_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_gcm_ipv6_tunnel") > + self.pcap_filename =3D "test_sw_aes_gcm_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_null_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_null_ipv6_tunnel") > + self.pcap_filename =3D "test_sw_null_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_128_cbc_ipv6_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_128_cbc_ipv6_transport") > + self.pcap_filename =3D "test_sw_aes_128_cbc_ipv6_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_256_cbc_ipv6_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_256_cbc_ipv6_transport") > + self.pcap_filename =3D "test_sw_aes_256_cbc_ipv6_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + > + self.verify(result, "FAIL") > + > + def test_sw_aes_gcm_ipv6_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_gcm_ipv6_transport") > + self.pcap_filename =3D "test_sw_aes_gcm_ipv6_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_sw_aes_128_ctr_ipv4_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_128_ctr_ipv4_tunnel") > + self.pcap_filename =3D "test_sw_aes_128_ctr_ipv4_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_sw_aes_128_ctr_ipv6_tunnel(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_128_ctr_ipv6_tunnel") > + self.pcap_filename =3D "test_sw_aes_128_ctr_ipv6_tunnel" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_sw_aes_128_ctr_ipv4_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_128_ctr_ipv4_transport") > + self.pcap_filename =3D "test_sw_aes_128_ctr_ipv4_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def test_sw_aes_128_ctr_ipv6_transport(self): > + if cc.is_test_skip(self): > + return > + > + self.logger.info("Test sw_aes_128_ctr_ipv6_transport") > + self.pcap_filename =3D "test_sw_aes_128_ctr_ipv6_transport" > + ipsec_gw_opt_str =3D self._get_ipsec_gw_opt_str() > + self.logger.debug(ipsec_gw_opt_str) > + > + result =3D self._execute_ipsec_gw_test(ipsec_gw_opt_str) > + self.verify(result, "FAIL") > + > + def _get_ipsec_gw_opt_str(self, override_ipsec_gw_opts=3D{}): > + return cc.get_opt_str(self, self._default_ipsec_gw_opts, > + override_ipsec_gw_opts) > + > + def _execute_ipsec_gw_test(self, ipsec_gw_opt_str): > + result =3D True > + eal_opt_str =3D cc.get_eal_opt_str(self) > + > + cmd_str =3D cc.get_dpdk_app_cmd_str(self._app_path, eal_opt_str, > ipsec_gw_opt_str) > + self.logger.info("IPsec-gw cmd: " + cmd_str) > + self.dut.send_expect(cmd_str, "IPSEC:", 30) > + time.sleep(3) > + inst =3D self.tester.tcpdump_sniff_packets(self.rx_interface, > + timeout=3D25) > + > + PACKET_COUNT =3D 65 > + payload =3D 256 * ['11'] > + > + case_cfgs =3D self.get_case_cfg() > + dst_ip =3D case_cfgs["dst_ip"] > + src_ip =3D case_cfgs["src_ip"] > + expected_dst_ip =3D case_cfgs["expected_dst_ip"] > + expected_src_ip =3D case_cfgs["expected_src_ip"] > + expected_spi =3D case_cfgs["expected_spi"] > + expected_length =3D case_cfgs["expected_length"] > + #expected_data =3D case_cfgs["expected_data"] > + > + pkt =3D Packet() > + if len(dst_ip)<=3D15: > + pkt.assign_layers(["ether", "ipv4", "udp", "raw"]) > + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst"= : > "52:00:00:00:00:01"}) > + pkt.config_layer("ipv4", {"src": src_ip, "dst": dst_ip}) > + else: > + pkt.assign_layers(["ether", "ipv6", "udp", "raw"]) > + pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst"= : > "52:00:00:00:00:01"}) > + pkt.config_layer("ipv6", {"src": src_ip, "dst": dst_ip}) > + pkt.config_layer("udp", {"dst": 0}) > + pkt.config_layer("raw", {"payload": payload}) > + pkt.send_pkt(tx_port=3Dself.tx_interface, count=3DPACKET_COUNT) > + > + pkt_rec =3D self.tester.load_tcpdump_sniff_packets(inst) > + > + pcap_filename =3D "output/{0}.pcap".format(self.pcap_filename) > + self.logger.info("Save pkts to {0}".format(pcap_filename)) > + save_packets(pkt_rec, pcap_filename) > + self._pcap_idx =3D self._pcap_idx + 1 > + > + if len(pkt_rec) =3D=3D 0: > + self.logger.error("IPsec forwarding failed") > + result =3D False > + > + for pkt_r in pkt_rec: > + pkt_src_ip =3D pkt_r.pktgen.strip_layer3("src") > + if pkt_src_ip !=3D expected_src_ip: > + pkt_r.pktgen.pkt.show() > + self.logger.error("SRC IP does not match. Pkt:{0}, Expec= ted:{1}".format( > + pkt_src_ip, expected_src_ip)) > + result =3D False > + break > + > + pkt_dst_ip =3D pkt_r.pktgen.strip_layer3("dst") > + self.logger.debug(pkt_dst_ip) > + if pkt_dst_ip !=3D expected_dst_ip: > + pkt_r.pktgen.pkt.show() > + self.logger.error("DST IP does not match. Pkt:{0}, Expec= ted:{1}".format( > + pkt_dst_ip, expected_dst_ip)) > + result =3D False > + break > + > + packet_hex =3D pkt_r.pktgen.pkt["ESP"].getfieldval("data") > + if packet_hex is None: > + self.logger.error("NO Payload !") > + result =3D False > + break > + payload_str =3D binascii.b2a_hex(packet_hex) > + self.logger.debug(payload_str) > + > + pkt_spi =3D hex(pkt_r.pktgen.pkt["ESP"].getfieldval("spi")) > + self.logger.debug(pkt_spi) > + if pkt_spi !=3D expected_spi: > + self.logger.error("SPI does not match. Pkt:{0}, Expected= :{1}".format( > + pkt_spi, expected_spi)) > + result =3D False > + break > + > + pkt_len =3D len(payload_str)/2 > + self.logger.debug(pkt_len) > + if pkt_len !=3D int(expected_length): > + self.logger.error("Packet length does not match. Pkt:{0}= , > Expected:{1}".format( > + pkt_len, expected_length)) > + result =3D False > + break > + > + self.dut.kill_all() > + return result > -- > 2.7.4