From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
Declan Doherty <declan.doherty@intel.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
"Pablo de Lara" <pablo.de.lara.guarch@intel.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
"Radu Nicolau" <radu.nicolau@intel.com>,
Ciara Power <ciara.power@intel.com>,
Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org>
Subject: [PATCH v2 13/13] test/crypto: add copy and set DF cases
Date: Mon, 6 Dec 2021 16:38:00 +0530 [thread overview]
Message-ID: <1638788880-650-14-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1638788880-650-1-git-send-email-anoobj@marvell.com>
Add test cases to verify copy DF and set DF options with lookaside IPsec
offload.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
app/test/test_cryptodev.c | 75 ++++++++++++++++++++++++++++++++
app/test/test_cryptodev_security_ipsec.c | 71 ++++++++++++++++++++++++++++--
app/test/test_cryptodev_security_ipsec.h | 10 +++++
doc/guides/rel_notes/release_22_03.rst | 1 +
4 files changed, 154 insertions(+), 3 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 203b4a4..f808719 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9169,6 +9169,13 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
sizeof(src));
memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
sizeof(dst));
+
+ if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+ ipsec_xform.tunnel.ipv4.df = 0;
+
+ if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0)
+ ipsec_xform.tunnel.ipv4.df = 1;
+
} else {
memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
sizeof(v6_src));
@@ -9282,6 +9289,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
memcpy(input_text, td[i].input_text.data,
td[i].input_text.len);
+ if (test_ipsec_pkt_update(input_text, flags))
+ return TEST_FAILED;
+
/* Generate crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -9700,6 +9710,55 @@ test_ipsec_proto_pkt_fragment(const void *data __rte_unused)
flags.fragment = true;
return test_ipsec_proto_all(&flags);
+
+}
+
+static int
+test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_0_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_1_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
}
static int
@@ -14724,6 +14783,22 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"Fragmented packet",
ut_setup_security, ut_teardown,
test_ipsec_proto_pkt_fragment),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 0 (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_0_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 1 (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_1_inner_0),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 94e5213..e662ea2 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -427,6 +427,9 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
ip->hdr_checksum = rte_ipv4_cksum(ip);
}
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+ flags->df == TEST_IPSEC_COPY_DF_INNER_1)
+ td->ipsec_xform.options.copy_df = 1;
}
}
@@ -640,6 +643,7 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
{
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+ uint8_t td_output_text[4096];
int ret;
/* For tests with status as error for test success, skip verification */
@@ -720,16 +724,21 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
return ret;
}
+ memcpy(td_output_text, td->output_text.data + skip, len);
- if (memcmp(output_text, td->output_text.data + skip, len)) {
+ if (test_ipsec_pkt_update(td_output_text, flags)) {
+ printf("Could not update expected vector");
+ return TEST_FAILED;
+ }
+
+ if (memcmp(output_text, td_output_text, len)) {
if (silent)
return TEST_FAILED;
printf("TestCase %s line %d: %s\n", __func__, __LINE__,
"output text not as expected\n");
- rte_hexdump(stdout, "expected", td->output_text.data + skip,
- len);
+ rte_hexdump(stdout, "expected", td_output_text, len);
rte_hexdump(stdout, "actual", output_text, len);
return TEST_FAILED;
}
@@ -797,10 +806,27 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
} else {
if (td->ipsec_xform.tunnel.type ==
RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ uint16_t f_off;
+
if (is_valid_ipv4_pkt(iph4) == false) {
printf("Tunnel outer header is not IPv4\n");
return TEST_FAILED;
}
+
+ f_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+ flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+ if (!(f_off & RTE_IPV4_HDR_DF_FLAG)) {
+ printf("DF bit is not set\n");
+ return TEST_FAILED;
+ }
+ } else {
+ if ((f_off & RTE_IPV4_HDR_DF_FLAG)) {
+ printf("DF bit is set\n");
+ return TEST_FAILED;
+ }
+ }
} else {
iph6 = (const struct rte_ipv6_hdr *)output_text;
if (is_valid_ipv6_pkt(iph6) == false) {
@@ -909,3 +935,42 @@ test_ipsec_stats_verify(struct rte_security_ctx *ctx,
return ret;
}
+
+int
+test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags)
+{
+ struct rte_ipv4_hdr *iph4;
+ bool cksum_dirty = false;
+ uint16_t frag_off;
+
+ iph4 = (struct rte_ipv4_hdr *)pkt;
+
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+ flags->df == TEST_IPSEC_SET_DF_0_INNER_1 ||
+ flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+ flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+
+ if (!is_ipv4(iph4)) {
+ printf("Invalid packet type");
+ return -1;
+ }
+
+ frag_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+ flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+ frag_off |= RTE_IPV4_HDR_DF_FLAG;
+ else
+ frag_off &= ~RTE_IPV4_HDR_DF_FLAG;
+
+ iph4->fragment_offset = rte_cpu_to_be_16(frag_off);
+ cksum_dirty = true;
+ }
+
+ if (cksum_dirty && is_ipv4(iph4)) {
+ iph4->hdr_checksum = 0;
+ iph4->hdr_checksum = rte_ipv4_cksum(iph4);
+ }
+
+ return 0;
+}
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 6e27eba..12a9b77 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -50,6 +50,13 @@ struct ipsec_test_data {
} xform;
};
+enum df_flags {
+ TEST_IPSEC_COPY_DF_INNER_0 = 1,
+ TEST_IPSEC_COPY_DF_INNER_1,
+ TEST_IPSEC_SET_DF_0_INNER_1,
+ TEST_IPSEC_SET_DF_1_INNER_0,
+};
+
struct ipsec_test_flags {
bool display_alg;
bool sa_expiry_pkts_soft;
@@ -66,6 +73,7 @@ struct ipsec_test_flags {
bool transport;
bool fragment;
bool stats_success;
+ enum df_flags df;
};
struct crypto_param {
@@ -226,4 +234,6 @@ int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir);
+int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
+
#endif
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index a7d0e53..1c6b846 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -72,6 +72,7 @@ New Features
* Added tunnel mode fragment packet tests.
* Added security stats tests.
* Added AES-CTR tests.
+ * Added set/copy DF tests.
Removed Items
--
2.7.4
next prev parent reply other threads:[~2021-12-06 11:09 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-06 7:58 [PATCH 00/13] Add new cases to lookaside IPsec tests Anoob Joseph
2021-12-06 7:58 ` [PATCH 01/13] test/crypto: add IPsec aes-cbc known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 " Anoob Joseph
2021-12-06 7:58 ` [PATCH 03/13] test/crypto: add chained operations in combined cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 04/13] test/crypto: add IPv6 tunnel mode cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 06/13] test/crypto: add IPsec fragmented packet " Anoob Joseph
2021-12-06 7:58 ` [PATCH 07/13] test/crypto: add transport mode cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 08/13] test/crypto: add security stats cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 10/13] test/crypto: add fragmented packet case Anoob Joseph
2021-12-06 7:58 ` [PATCH 11/13] test/crypto: skip null auth in ICV corrupt case Anoob Joseph
2021-12-06 7:58 ` [PATCH 12/13] test/crypto: add aes xcbc known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 13/13] test/crypto: add copy and set DF cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 00/13] Add new cases to lookaside IPsec tests Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 01/13] test/crypto: add IPsec aes-cbc known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 " Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 03/13] test/crypto: add chained operations in combined cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 04/13] test/crypto: add IPv6 tunnel mode cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 06/13] test/crypto: add IPsec fragmented packet " Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 07/13] test/crypto: add transport mode cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 08/13] test/crypto: add security stats cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 10/13] test/crypto: add fragmented packet case Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 11/13] test/crypto: skip null auth in ICV corrupt case Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 12/13] test/crypto: add aes xcbc known vectors Anoob Joseph
2021-12-06 11:08 ` Anoob Joseph [this message]
2022-01-21 11:02 ` [PATCH v2 00/13] Add new cases to lookaside IPsec tests Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1638788880-650-14-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=ciara.power@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=g.singh@nxp.com \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
--cc=marchana@marvell.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.