aboutsummaryrefslogtreecommitdiffstats
path: root/dpdk/Makefile
blob: d7d4671322cbd6c0d03db3a8ca2741bba3069478 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

# Copyright (c) 2015 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Scripts require non-POSIX parts of bash
SHELL := /bin/bash

DPDK_BUILD_DIR        ?= $(CURDIR)/_build
DPDK_INSTALL_DIR      ?= $(CURDIR)/_install
DPDK_PKTMBUF_HEADROOM ?= 256
DPDK_DOWNLOAD_DIR     ?= $(HOME)/Downloads
DPDK_MARCH            ?= native
DPDK_DEBUG            ?= n

B := $(DPDK_BUILD_DIR)
I := $(DPDK_INSTALL_DIR)
DPDK_VERSION ?= 2.2.0
DPDK_TARBALL := dpdk-$(DPDK_VERSION).tar.gz
DPDK_TAR_URL := http://dpdk.org/browse/dpdk/snapshot/$(DPDK_TARBALL)
DPDK_2.1.0_TARBALL_MD5_CKSUM := 205a0d12bfd6eb717d57506272f43519
DPDK_2.2.0_TARBALL_MD5_CKSUM := 22e2fd68cd5504f43fe9a5a6fd6dd938
DPDK_SOURCE := $(B)/dpdk-$(DPDK_VERSION)
DPDK_TARGET := x86_64-native-linuxapp-gcc
JOBS := $(shell grep processor /proc/cpuinfo | wc -l)

# compiler/linker custom arguments
DPDK_CPU_CFLAGS := -pie -fPIC
DPDK_CPU_LDFLAGS := -pie -fPIC
DPDK_EXTRA_LDFLAGS := -g

ifeq ($(DPDK_DEBUG),n)
DPDK_EXTRA_CFLAGS := -g 
else
DPDK_EXTRA_CFLAGS := -g -O0 
endif

# translate gcc march values to DPDK arch
ifeq ($(DPDK_MARCH),native)
DPDK_MACHINE:=native                     # autodetect host CPU
else ifeq ($(DPDK_MARCH),corei7)
DPDK_MACHINE:=nhm                        # Nehalem / Westmere
else ifeq ($(DPDK_MARCH),corei7-avx)
DPDK_MACHINE:=snb                        # Sandy Bridge
else ifeq ($(DPDK_MARCH),core-avx-i)
DPDK_MACHINE:=ivb                        # Ivy Bridge
else ifeq ($(DPDK_MARCH),core-avx2)
DPDK_MACHINE:=hsw                        # Haswell
else
$(error Unknown DPDK_MARCH)
endif

# assemble DPDK make arguments
DPDK_MAKE_ARGS := -C $(DPDK_SOURCE) -j $(JOBS) \
	T=$(DPDK_TARGET) \
	RTE_CONFIG_TEMPLATE=../custom-config \
	RTE_OUTPUT=$(I) \
	EXTRA_CFLAGS="$(DPDK_EXTRA_CFLAGS)" \
	EXTRA_LDFLAGS="$(DPDK_EXTRA_LDFLAGS)" \
	CPU_CFLAGS="$(DPDK_CPU_CFLAGS)" \
	CPU_LDFLAGS="$(DPDK_CPU_LDFLAGS)"

DPDK_SOURCE_FILES := $(shell  [ -e $(DPDK_SOURCE) ] && find $(DPDK_SOURCE) -name "*.[chS]")  

define set
@if grep -q CONFIG_$1 $@ ; \
	then sed -i -e 's/.*\(CONFIG_$1=\).*/\1$2/' $@ ; \
	else echo CONFIG_$1=$2 >> $@ ; \
fi
endef

all: build

$(B)/custom-config: $(B)/.patch.ok Makefile
	@echo --- generating custom config from $(DPDK_SOURCE)/config/common_linuxapp ---
	@cp $(DPDK_SOURCE)/config/common_linuxapp $@ 
	$(call set,RTE_MACHINE,$(DPDK_MACHINE))
	$(call set,RTE_ARCH,"x86_64")
	$(call set,RTE_ARCH_X86_64,y)
	$(call set,RTE_ARCH_64,y)
	$(call set,RTE_TOOLCHAIN_GCC,y)
	$(call set,RTE_TOOLCHAIN,"gcc")
	@# modify options
	$(call set,RTE_MAX_LCORE,256)
	$(call set,RTE_PKTMBUF_HEADROOM,$(DPDK_PKTMBUF_HEADROOM))
	$(call set,RTE_LIBEAL_USE_HPET,y)
	$(call set,RTE_BUILD_COMBINE_LIBS,y)
	$(call set,RTE_LIBRTE_I40E_16BYTE_RX_DESC,y)
	$(call set,RTE_LIBRTE_I40E_ITR_INTERVAL,16)
	@# enable debug init for device drivers
	$(call set,RTE_LIBRTE_I40E_DEBUG_INIT,$(DPDK_DEBUG))
	$(call set,RTE_LIBRTE_IXGBE_DEBUG_INIT,$(DPDK_DEBUG))
	$(call set,RTE_LIBRTE_E1000_DEBUG_INIT,$(DPDK_DEBUG))
	$(call set,RTE_LIBRTE_VIRTIO_DEBUG_INIT,$(DPDK_DEBUG))
	$(call set,RTE_LIBRTE_VMXNET3_DEBUG_INIT,$(DPDK_DEBUG))
	@# not needed
	$(call set,RTE_LIBRTE_PMD_BOND,n)
	$(call set,RTE_LIBRTE_TIMER,n)
	$(call set,RTE_LIBRTE_CFGFILE,n)
	$(call set,RTE_LIBRTE_LPM,n)
	$(call set,RTE_LIBRTE_ACL,n)
	$(call set,RTE_LIBRTE_POWER,n)
	$(call set,RTE_LIBRTE_IP_FRAG,n)
	$(call set,RTE_LIBRTE_DISTRIBUTOR,n)
	$(call set,RTE_LIBRTE_REORDER,n)
	$(call set,RTE_LIBRTE_PORT,n)
	$(call set,RTE_LIBRTE_TABLE,n)
	$(call set,RTE_LIBRTE_PIPELINE,n)
	$(call set,RTE_KNI_KMOD,n)
	@rm -f .config.ok

$(CURDIR)/$(DPDK_TARBALL):
	@mkdir -p $(B)
	@if [ -e $(DPDK_DOWNLOAD_DIR)/$(DPDK_TARBALL) ] ; \
		then cp $(DPDK_DOWNLOAD_DIR)/$(DPDK_TARBALL) $(CURDIR) ; \
		else curl -o $(CURDIR)/$(DPDK_TARBALL) -LO $(DPDK_TAR_URL) ; \
	fi
	@rm -f $(B)/.download.ok

$(B)/.download.ok: $(CURDIR)/$(DPDK_TARBALL)
	@openssl md5 $< | cut -f 2 -d " " - > $(B)/$(DPDK_TARBALL).md5sum
	@([ "$$(<$(B)/$(DPDK_TARBALL).md5sum)" = "$(DPDK_$(DPDK_VERSION)_TARBALL_MD5_CKSUM)" ] || \
	( echo "Bad Checksum! Please remove $< and retry" && \
		rm $(B)/$(DPDK_TARBALL).md5sum && false ))
	@touch $@

.PHONY: download
download: $(B)/.download.ok

$(B)/.extract.ok: $(B)/.download.ok
	@echo --- extracting $(DPDK_TARBALL) ---
	@tar --directory $(B) --extract --file $(CURDIR)/$(DPDK_TARBALL) --gzip
	@touch $@

.PHONY: extract
extract: $(B)/.extract.ok

$(B)/.patch.ok: $(B)/.extract.ok
	@echo --- patching ---
	for f in $(CURDIR)/dpdk-$(DPDK_VERSION)_patches/*.patch ; do \
		echo Applying patch: $$(basename $$f) ; \
		patch -p1 -d $(DPDK_SOURCE) < $$f ; \
	done
	@touch $@

.PHONY: patch
patch: $(B)/.patch.ok

$(B)/.config.ok: $(B)/.patch.ok $(B)/custom-config
	@make $(DPDK_MAKE_ARGS) config
	@touch $@

.PHONY: config
config: $(B)/.config.ok

$(B)/.build.ok: $(DPDK_SOURCE_FILES)
	@if [ ! -e $(B)/.config.ok ] ; then echo 'Please run "make config" first' && false ; fi
	@make $(DPDK_MAKE_ARGS) install
	@dkms/create_deb_manifest.sh $(DPDK_VERSION) $(subst $(realpath ..)/,,$(B))
	@touch $@

.PHONY: build
build: $(B)/.build.ok

.PHONY: clean
clean:
	@rm -rf $(B) $(I)
an class="n">config_tra_params(p, self.encryption_type) for p in params: self.config_esp_tun(p) for p in params: d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4 r = VppIpRoute(self, p.remote_tun_if_host, p.addr_len, [VppRoutePath(self.tun_if.remote_addr[p.addr_type], 0xffffffff, proto=d)], is_ip6=p.is_ipv6) r.add_vpp_config() self.net_objs.append(r) self.logger.info(self.vapi.ppcli("show ipsec all")) def unconfig_network(self): for o in reversed(self.net_objs): o.remove_vpp_config() self.net_objs = [] def config_esp_tun(self, params): addr_type = params.addr_type scapy_tun_sa_id = params.scapy_tun_sa_id scapy_tun_spi = params.scapy_tun_spi vpp_tun_sa_id = params.vpp_tun_sa_id vpp_tun_spi = params.vpp_tun_spi auth_algo_vpp_id = params.auth_algo_vpp_id auth_key = params.auth_key crypt_algo_vpp_id = params.crypt_algo_vpp_id crypt_key = params.crypt_key remote_tun_if_host = params.remote_tun_if_host addr_any = params.addr_any addr_bcast = params.addr_bcast e = VppEnum.vl_api_ipsec_spd_action_t objs = [] params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.local_addr[addr_type], self.tun_if.remote_addr[addr_type]) params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.remote_addr[addr_type], self.tun_if.local_addr[addr_type]) objs.append(params.tun_sa_in) objs.append(params.tun_sa_out) params.spd_policy_in_any = VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_ESP) params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_ESP, is_outbound=0) objs.append(params.spd_policy_out_any) objs.append(params.spd_policy_in_any) objs.append(VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, remote_tun_if_host, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], 0, priority=10, policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0)) objs.append(VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], remote_tun_if_host, remote_tun_if_host, 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, priority=10)) objs.append(VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, remote_tun_if_host, self.pg0.local_addr[addr_type], self.pg0.local_addr[addr_type], 0, priority=20, policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0)) objs.append(VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg0.local_addr[addr_type], self.pg0.local_addr[addr_type], remote_tun_if_host, remote_tun_if_host, 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, priority=20)) for o in objs: o.add_vpp_config() self.net_objs = self.net_objs + objs def config_esp_tra(self, params): addr_type = params.addr_type scapy_tra_sa_id = params.scapy_tra_sa_id scapy_tra_spi = params.scapy_tra_spi vpp_tra_sa_id = params.vpp_tra_sa_id vpp_tra_spi = params.vpp_tra_spi auth_algo_vpp_id = params.auth_algo_vpp_id auth_key = params.auth_key crypt_algo_vpp_id = params.crypt_algo_vpp_id crypt_key = params.crypt_key addr_any = params.addr_any addr_bcast = params.addr_bcast flags = (VppEnum.vl_api_ipsec_sad_flags_t. IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY) e = VppEnum.vl_api_ipsec_spd_action_t flags = params.flags | flags objs = [] params.tra_sa_in = VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, flags=flags) params.tra_sa_out = VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, flags=flags) objs.append(params.tra_sa_in) objs.append(params.tra_sa_out) objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_ESP)) objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_ESP, is_outbound=0)) objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id, self.tra_if.local_addr[addr_type], self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], self.tra_if.remote_addr[addr_type], 0, priority=10, policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0)) objs.append(VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id, self.tra_if.local_addr[addr_type], self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], self.tra_if.remote_addr[addr_type], 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, priority=10)) for o in objs: o.add_vpp_config() self.net_objs = self.net_objs + objs class TemplateIpsecEsp(ConfigIpsecESP): """ Basic test for ipsec esp sanity - tunnel and transport modes. Below 4 cases are covered as part of this test 1) ipsec esp v4 transport basic test - IPv4 Transport mode scenario using HMAC-SHA1-96 integrity algo 2) ipsec esp v4 transport burst test Above test for 257 pkts 3) ipsec esp 4o4 tunnel basic test - IPv4 Tunnel mode scenario using HMAC-SHA1-96 integrity algo 4) ipsec esp 4o4 tunnel burst test Above test for 257 pkts TRANSPORT MODE: --- encrypt --- |pg2| <-------> |VPP| --- decrypt --- TUNNEL MODE: --- encrypt --- plain --- |pg0| <------- |VPP| <------ |pg1| --- --- --- --- decrypt --- plain --- |pg0| -------> |VPP| ------> |pg1| --- --- --- """ @classmethod def setUpClass(cls): super(TemplateIpsecEsp, cls).setUpClass() @classmethod def tearDownClass(cls): super(TemplateIpsecEsp, cls).tearDownClass() def setUp(self): super(TemplateIpsecEsp, self).setUp() self.config_network(self.params.values()) def tearDown(self): self.unconfig_network() super(TemplateIpsecEsp, self).tearDown() class TestIpsecEsp1(TemplateIpsecEsp, IpsecTra46Tests, IpsecTun46Tests): """ Ipsec ESP - TUN & TRA tests """ pass class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests): """ Ipsec ESP - TCP tests """ pass class TemplateIpsecEspUdp(ConfigIpsecESP): """ UDP encapped ESP """ @classmethod def setUpClass(cls): super(TemplateIpsecEspUdp, cls).setUpClass() @classmethod def tearDownClass(cls): super(TemplateIpsecEspUdp, cls).tearDownClass() def setUp(self): super(TemplateIpsecEspUdp, self).setUp() self.net_objs = [] self.tun_if = self.pg0 self.tra_if = self.pg2 self.logger.info(self.vapi.ppcli("show int addr")) p = self.ipv4_params p.flags = (VppEnum.vl_api_ipsec_sad_flags_t. IPSEC_API_SAD_FLAG_UDP_ENCAP) p.nat_header = UDP(sport=5454, dport=4500) self.tra_spd = VppIpsecSpd(self, self.tra_spd_id) self.tra_spd.add_vpp_config() VppIpsecSpdItfBinding(self, self.tra_spd, self.tra_if).add_vpp_config() self.config_esp_tra(p) config_tra_params(p, self.encryption_type) self.tun_spd = VppIpsecSpd(self, self.tun_spd_id) self.tun_spd.add_vpp_config() VppIpsecSpdItfBinding(self, self.tun_spd, self.tun_if).add_vpp_config() self.config_esp_tun(p) self.logger.info(self.vapi.ppcli("show ipsec all")) d = DpoProto.DPO_PROTO_IP4 VppIpRoute(self, p.remote_tun_if_host, p.addr_len, [VppRoutePath(self.tun_if.remote_addr[p.addr_type], 0xffffffff, proto=d)]).add_vpp_config() def tearDown(self): super(TemplateIpsecEspUdp, self).tearDown() def show_commands_at_teardown(self): self.logger.info(self.vapi.cli("show hardware")) class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests, IpsecTun4Tests): """ Ipsec NAT-T ESP UDP tests """ pass class TestIpsecEspAll(ConfigIpsecESP, IpsecTra4, IpsecTra6, IpsecTun4, IpsecTun6): """ Ipsec ESP all Algos """ def setUp(self): super(TestIpsecEspAll, self).setUp() def tearDown(self): super(TestIpsecEspAll, self).tearDown() def test_crypto_algs(self): """All engines AES-CBC-[128, 192, 256] w/o ESN""" # foreach VPP crypto engine engines = ["ia32", "ipsecmb", "openssl"] # foreach crypto algorithm algos = [{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_128, 'scapy': "AES-CBC", 'key': "JPjyOWBeVEQiMe7h"}, {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_192, 'scapy': "AES-CBC", 'key': "JPjyOWBeVEQiMe7hJPjyOWBe"}, {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_256, 'scapy': "AES-CBC", 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}] # bug found in VPP needs fixing with flag # (VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN) flags = [0] # # loop through the VPP engines # for engine in engines: self.vapi.cli("set crypto handler all %s" % engine) # # loop through each of the algorithms # for algo in algos: # with self.subTest(algo=algo['scapy']): for flag in flags: # # setup up the config paramters # self.ipv4_params = IPsecIPv4Params() self.ipv6_params = IPsecIPv6Params() self.params = {self.ipv4_params.addr_type: self.ipv4_params, self.ipv6_params.addr_type: self.ipv6_params} for _, p in self.params.items(): p.crypt_algo_vpp_id = algo['vpp'] p.crypt_algo = algo['scapy'] p.crypt_key = algo['key'] p.flags = p.flags | flag # # configure the SPDs. SAs, etc # self.config_network(self.params.values()) # # run some traffic. # An exhautsive 4o6, 6o4 is not necessary # for each algo # self.verify_tra_basic6(count=17) self.verify_tra_basic4(count=17) self.verify_tun_66(self.params[socket.AF_INET6], 17) self.verify_tun_44(self.params[socket.AF_INET], 17) # # remove the SPDs, SAs, etc # self.unconfig_network() if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)