[dts] [PATCH V1] tests: add the cryptodev ipsec-gw test and config
Zhao, XinfengX
xinfengx.zhao at intel.com
Wed Feb 13 07:02:33 CET 2019
Tested-by : Xinfeng Zhao <xinfengx.zhao at intel.com>
-----Original Message-----
From: Zhao, XinfengX
Sent: Wednesday, February 13, 2019 8:51 AM
To: dts at dpdk.org
Cc: Zhao, XinfengX <xinfengx.zhao at intel.com>
Subject: [dts][PATCH V1] tests: add the cryptodev ipsec-gw test and config
add tests/TestSuite_ipsec_gw_cryptodev_func.py
add conf/ipsec_test.cfg
Signed-off-by: Xinfeng Zhao <xinfengx.zhao at intel.com>
---
conf/ipsec_test.cfg | 253 +++++++++++
tests/TestSuite_ipsec_gw_cryptodev_func.py | 652 +++++++++++++++++++++++++++++
2 files changed, 905 insertions(+)
create mode 100644 conf/ipsec_test.cfg
create mode 100644 tests/TestSuite_ipsec_gw_cryptodev_func.py
diff --git a/conf/ipsec_test.cfg b/conf/ipsec_test.cfg new file mode 100644 index 0000000..ea8a55d
--- /dev/null
+++ b/conf/ipsec_test.cfg
@@ -0,0 +1,253 @@
+###########################################################################
+# IPSEC-SECGW Endpoint sample configuration
+#
+# The main purpose of this file is to show how to configure two systems
+# back-to-back that would forward traffic through an IPsec tunnel. This
+# file is the Endpoint 0 configuration. To use this configuration file,
+# add the following command-line option:
+#
+# -f ./ep0.cfg
+#
+#######################################################################
+####
+
+#SP IPv4 rules
+sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535
+dport 0:65535 sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24
+sport 0:65535 dport 0:65535 sp ipv4 out esp protect 10 pri 1 dst
+192.168.175.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 11
+pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
+protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport
+0:65535 sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport
+0:65535 dport 0:65535 sp ipv4 out esp protect 26 pri 1 dst
+192.168.56.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 30
+pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
+protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport
+0:65535 sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport
+0:65535 dport 0:65535 sp ipv4 out esp protect 45 pri 1 dst
+192.168.125.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 46
+pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
+bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 sp ipv4
+out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
+
+sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535
+dport 0:65535 sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24
+sport 0:65535 dport 0:65535 sp ipv4 in esp protect 110 pri 1 dst
+192.168.185.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 111
+pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
+protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport
+0:65535 sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport
+0:65535 dport 0:65535 sp ipv4 in esp protect 125 pri 1 dst
+192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 125
+pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
+protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport
+0:65535 sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport
+0:65535 dport 0:65535 sp ipv4 in esp protect 135 pri 1 dst
+192.168.35.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 136
+pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
+protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535 sp
+ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport
+0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535
+dport 0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport
+0:65535 dport 0:65535
+
+#SP IPv6 rules
+sp ipv6 out esp protect 5 pri 1 dst
+0000:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 6 pri 1 dst
+0000:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 10 pri 1 dst
+0000:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 11 pri 1 dst
+0000:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 25 pri 1 dst
+0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 26 pri 1 dst
+0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 30 pri 1 dst
+0000:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 31 pri 1 dst
+0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 35 pri 1 dst
+0000:1111:1111:1111:7777:7777:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 36 pri 1 dst
+0000:1111:1111:1111:8888:8888:0000:0000/96 \ sport 0:65535 dport
+0:65535
+
+sp ipv6 out esp protect 15 pri 1 dst
+ffff:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 16 pri 1 dst
+ffff:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 110 pri 1 dst
+ffff:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 111 pri 1 dst
+ffff:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 125 pri 1 dst
+ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 in esp protect 126 pri 1 dst
+ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 130 pri 1 dst
+ffff:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
+0:65535 sp ipv6 out esp protect 131 pri 1 dst
+ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
+0:65535
+
+#SA rules
+sa out 5 cipher_algo aes-128-cbc cipher_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
+172.16.1.5 dst 172.16.2.5
+
+sa out 6 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 10 cipher_algo aes-128-cbc cipher_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 11 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+transport
+
+sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src
+172.16.1.5 \ dst 172.16.2.5
+
+sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \ src
+4444:4444:4444:4444:4444:4444:4444:1111 \ dst
+5555:5555:5555:5555:5555:5555:5555:2222
+
+sa out 25 cipher_algo aes-128-cbc cipher_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
+1111:1111:1111:1111:1111:1111:1111:5555 \ dst
+2222:2222:2222:2222:2222:2222:2222:5555
+
+sa out 26 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv6-tunnel \ src 1111:1111:1111:1111:1111:1111:1111:6666 \ dst
+2222:2222:2222:2222:2222:2222:2222:6666
+
+sa out 30 cipher_algo aes-256-cbc cipher_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
+:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
+7777:7777:7777:7777:7777:7777:7777:1111 \ dst
+8888:8888:8888:8888:8888:8888:8888:2222
+
+sa out 31 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
+transport
+
+sa out 35 cipher_algo aes-256-cbc cipher_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 36 cipher_algo aes-256-cbc cipher_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac
+auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 45 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 46 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
+ipv6-tunnel \ src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \ dst
+bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222
+
+sa in 105 cipher_algo aes-128-cbc cipher_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
+172.16.2.5 dst 172.16.1.5
+
+sa in 106 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 110 cipher_algo aes-128-cbc cipher_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 111 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+transport
+
+sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src
+172.16.2.5 \ dst 172.16.1.5
+
+sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \ src
+5555:5555:5555:5555:5555:5555:5555:2222 \ dst
+4444:4444:4444:4444:4444:4444:4444:1111
+
+sa in 125 cipher_algo aes-128-cbc cipher_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
+2222:2222:2222:2222:2222:2222:2222:5555 \ dst
+1111:1111:1111:1111:1111:1111:1111:5555
+
+sa in 126 aead_algo aes-128-gcm aead_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv6-tunnel \ src 2222:2222:2222:2222:2222:2222:2222:6666 \ dst
+1111:1111:1111:1111:1111:1111:1111:6666
+
+sa in 130 cipher_algo aes-256-cbc cipher_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
+:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
+c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
+8888:8888:8888:8888:8888:8888:8888:2222 \ dst
+7777:7777:7777:7777:7777:7777:7777:1111
+
+sa in 131 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+transport
+
+sa in 135 cipher_algo aes-256-cbc cipher_key
+0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 136 cipher_algo aes-256-cbc cipher_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1
+:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac auth_key
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode
+transport
+
+sa in 145 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 146 cipher_algo aes-128-ctr cipher_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
+sha1-hmac auth_key
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
+ipv6-tunnel \ src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \ dst
+aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111
+
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 0
+rt ipv4 dst 172.16.2.6/32 port 0
+rt ipv4 dst 192.168.175.0/24 port 0
+rt ipv4 dst 192.168.176.0/24 port 0
+rt ipv4 dst 192.168.240.0/24 port 0
+rt ipv4 dst 192.168.241.0/24 port 0
+rt ipv4 dst 192.168.115.0/24 port 0
+rt ipv4 dst 192.168.116.0/24 port 0
+rt ipv4 dst 192.168.65.0/24 port 0
+rt ipv4 dst 192.168.66.0/24 port 0
+rt ipv4 dst 192.168.185.0/24 port 0
+rt ipv4 dst 192.168.186.0/24 port 0
+rt ipv4 dst 192.168.210.0/24 port 0
+rt ipv4 dst 192.168.211.0/24 port 0
+rt ipv4 dst 192.168.245.0/24 port 0
+rt ipv4 dst 192.168.246.0/24 port 0
+rt ipv4 dst 192.168.26.0/24 port 0
+rt ipv4 dst 192.168.76.0/24 port 0
+rt ipv4 dst 192.168.35.0/24 port 0
+rt ipv4 dst 192.168.85.0/24 port 0
+rt ipv4 dst 192.168.86.0/24 port 0
+rt ipv4 dst 192.168.135.0/24 port 0
+rt ipv4 dst 192.168.136.0/24 port 0
+
+rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0 rt ipv6
+dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0 rt ipv6 dst
+5555:5555:5555:5555:5555:5555:5555:2222/116 port 0 rt ipv6 dst
+2222:2222:2222:2222:2222:2222:2222:5555/116 port 0 rt ipv6 dst
+2222:2222:2222:2222:2222:2222:2222:6666/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:8888:8888:0000:1111/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:9999:9999:0000:0000/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:0000:0000:0000:1111/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:1111:1111:0000:1111/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:1111:1111:0000:0000/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0 rt ipv6 dst
+0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0
+
+rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0 rt ipv6
+dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0 rt ipv6 dst
+ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0 rt ipv6 dst
+ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0 rt ipv6 dst
+ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
+ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0
diff --git a/tests/TestSuite_ipsec_gw_cryptodev_func.py b/tests/TestSuite_ipsec_gw_cryptodev_func.py
new file mode 100644
index 0000000..dc49577
--- /dev/null
+++ b/tests/TestSuite_ipsec_gw_cryptodev_func.py
@@ -0,0 +1,652 @@
+# BSD LICENSE
+#
+# Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without #
+modification, are permitted provided that the following conditions #
+are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Intel Corporation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS #
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR #
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT #
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, #
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, #
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY #
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE #
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+import hmac
+import hashlib
+import binascii
+import time
+import utils
+from test_case import TestCase
+from packet import Packet, save_packets
+
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms,
+modes from cryptography.hazmat.primitives.ciphers.aead import AESCCM,
+AESGCM from cryptography.hazmat.backends import default_backend
+
+import cryptodev_common as cc
+
+class TestIPsecGW(TestCase):
+
+ def set_up_all(self):
+
+ self.core_config = "1S/2C/1T"
+ self.number_of_ports = 1
+ self.dut_ports = self.dut.get_ports(self.nic)
+ self.verify(len(self.dut_ports) >= self.number_of_ports,
+ "Not enough ports for " + self.nic)
+ self.ports_socket = self.dut.get_numa_id(self.dut_ports[0])
+
+ self.logger.info("core config = " + self.core_config)
+ self.logger.info("number of ports = " + str(self.number_of_ports))
+ self.logger.info("dut ports = " + str(self.dut_ports))
+ self.logger.info("ports_socket = " + str(self.ports_socket))
+
+ # Generally, testbed should has 4 ports NIC, like,
+ # 03:00.0 03:00.1 03:00.2 03:00.3
+ # This test case will
+ # - physical link is 03:00.0 <-> 03:00.1 and 03:00.2 <-> 03:00.3
+ # - bind 03:00.0 and 03:00.2 to ipsec-secgw app
+ # - send test packet from 03:00.3
+ # - receive packet which forwarded by ipsec-secgw from 03:00.0
+ # - configure port and peer in dts port.cfg
+ self.tx_port = self.tester.get_local_port(self.dut_ports[1])
+ self.rx_port = self.tester.get_local_port(self.dut_ports[0])
+
+ self.tx_interface = self.tester.get_interface(self.tx_port)
+ self.rx_interface = self.tester.get_interface(self.rx_port)
+
+ self.logger.info("tx interface = " + self.tx_interface)
+ self.logger.info("rx interface = " + self.rx_interface)
+
+ self._app_path = "./examples/ipsec-secgw/build/ipsec-secgw"
+ if not cc.is_build_skip(self):
+ cc.build_dpdk_with_cryptodev(self)
+ self.vf_driver = self.get_suite_cfg()['vf_driver']
+ cc.bind_qat_device(self, self.vf_driver)
+
+ self._default_ipsec_gw_opts = {
+ "config": None,
+ "P": "",
+ "p": "0x3",
+ "f": "local_conf/ipsec_test.cfg",
+ "u": "0x1"
+ }
+
+ self._pcap_idx = 0
+ self.pcap_filename = ''
+
+ def set_up(self):
+ pass
+
+ def tear_down(self):
+ self.dut.kill_all()
+
+ def tear_down_all(self):
+ cc.clear_dpdk_config(self)
+
+ def test_qat_aes_128_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_gcm_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv4_tunnel")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_ctr_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_ctr_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_128_ctr_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_null_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_null_ipv4_tunnel")
+ self.pcap_filename = "test_qat_null_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv4_transport")
+ self.pcap_filename = "test_qat_aes_gcm_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv6_tunnel")
+ self.pcap_filename = "test_qat_aes_gcm_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_null_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_null_ipv6_tunnel")
+ self.pcap_filename = "test_qat_null_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_128_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_128_cbc_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_128_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_256_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_256_cbc_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_256_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_qat_aes_gcm_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test qat_aes_gcm_ipv6_transport")
+ self.pcap_filename = "test_qat_aes_gcm_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_gcm_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_null_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_null_ipv4_tunnel")
+ self.pcap_filename = "test_sw_null_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_gcm_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_gcm_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_null_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_null_ipv6_tunnel")
+ self.pcap_filename = "test_sw_null_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_cbc_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_128_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_256_cbc_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_256_cbc_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_256_cbc_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_gcm_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_gcm_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_gcm_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv4_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv4_tunnel")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv4_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv6_tunnel(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv6_tunnel")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv6_tunnel"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv4_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv4_transport")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv4_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def test_sw_aes_128_ctr_ipv6_transport(self):
+ if cc.is_test_skip(self):
+ return
+
+ self.logger.info("Test sw_aes_128_ctr_ipv6_transport")
+ self.pcap_filename = "test_sw_aes_128_ctr_ipv6_transport"
+ ipsec_gw_opt_str = self._get_ipsec_gw_opt_str()
+ self.logger.debug(ipsec_gw_opt_str)
+
+ result = self._execute_ipsec_gw_test(ipsec_gw_opt_str)
+ self.verify(result, "FAIL")
+
+ def _get_ipsec_gw_opt_str(self, override_ipsec_gw_opts={}):
+ return cc.get_opt_str(self, self._default_ipsec_gw_opts,
+ override_ipsec_gw_opts)
+
+ def _execute_ipsec_gw_test(self, ipsec_gw_opt_str):
+ result = True
+ eal_opt_str = cc.get_eal_opt_str(self)
+
+ cmd_str = cc.get_dpdk_app_cmd_str(self._app_path, eal_opt_str, ipsec_gw_opt_str)
+ self.logger.info("IPsec-gw cmd: " + cmd_str)
+ self.dut.send_expect(cmd_str, "IPSEC:", 30)
+ time.sleep(3)
+ inst = self.tester.tcpdump_sniff_packets(self.rx_interface,
+ timeout=25)
+
+ PACKET_COUNT = 65
+ payload = 256 * ['11']
+
+ case_cfgs = self.get_case_cfg()
+ dst_ip = case_cfgs["dst_ip"]
+ src_ip = case_cfgs["src_ip"]
+ expected_dst_ip = case_cfgs["expected_dst_ip"]
+ expected_src_ip = case_cfgs["expected_src_ip"]
+ expected_spi = case_cfgs["expected_spi"]
+ expected_length = case_cfgs["expected_length"]
+ #expected_data = case_cfgs["expected_data"]
+
+ pkt = Packet()
+ if len(dst_ip)<=15:
+ pkt.assign_layers(["ether", "ipv4", "udp", "raw"])
+ pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": "52:00:00:00:00:01"})
+ pkt.config_layer("ipv4", {"src": src_ip, "dst": dst_ip})
+ else:
+ pkt.assign_layers(["ether", "ipv6", "udp", "raw"])
+ pkt.config_layer("ether", {"src": "52:00:00:00:00:00", "dst": "52:00:00:00:00:01"})
+ pkt.config_layer("ipv6", {"src": src_ip, "dst": dst_ip})
+ pkt.config_layer("udp", {"dst": 0})
+ pkt.config_layer("raw", {"payload": payload})
+ pkt.send_pkt(tx_port=self.tx_interface, count=PACKET_COUNT)
+
+ pkt_rec = self.tester.load_tcpdump_sniff_packets(inst)
+
+ pcap_filename = "output/{0}.pcap".format(self.pcap_filename)
+ self.logger.info("Save pkts to {0}".format(pcap_filename))
+ save_packets(pkt_rec, pcap_filename)
+ self._pcap_idx = self._pcap_idx + 1
+
+ if len(pkt_rec) == 0:
+ self.logger.error("IPsec forwarding failed")
+ result = False
+
+ for pkt_r in pkt_rec:
+ pkt_src_ip = pkt_r.pktgen.strip_layer3("src")
+ if pkt_src_ip != expected_src_ip:
+ pkt_r.pktgen.pkt.show()
+ self.logger.error("SRC IP does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_src_ip, expected_src_ip))
+ result = False
+ break
+
+ pkt_dst_ip = pkt_r.pktgen.strip_layer3("dst")
+ self.logger.debug(pkt_dst_ip)
+ if pkt_dst_ip != expected_dst_ip:
+ pkt_r.pktgen.pkt.show()
+ self.logger.error("DST IP does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_dst_ip, expected_dst_ip))
+ result = False
+ break
+
+ packet_hex = pkt_r.pktgen.pkt["ESP"].getfieldval("data")
+ if packet_hex is None:
+ self.logger.error("NO Payload !")
+ result = False
+ break
+ payload_str = binascii.b2a_hex(packet_hex)
+ self.logger.debug(payload_str)
+
+ pkt_spi = hex(pkt_r.pktgen.pkt["ESP"].getfieldval("spi"))
+ self.logger.debug(pkt_spi)
+ if pkt_spi != expected_spi:
+ self.logger.error("SPI does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_spi, expected_spi))
+ result = False
+ break
+
+ pkt_len = len(payload_str)/2
+ self.logger.debug(pkt_len)
+ if pkt_len != int(expected_length):
+ self.logger.error("Packet length does not match. Pkt:{0}, Expected:{1}".format(
+ pkt_len, expected_length))
+ result = False
+ break
+
+ self.dut.kill_all()
+ return result
--
2.7.4
More information about the dts
mailing list