From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4BFB8A0503; Thu, 28 Apr 2022 07:25:41 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E53A0410DC; Thu, 28 Apr 2022 07:25:40 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id B737340E78 for ; Thu, 28 Apr 2022 07:25:39 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 23S3922d019070; Wed, 27 Apr 2022 22:25:39 -0700 Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1anam02lp2041.outbound.protection.outlook.com [104.47.57.41]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3fqhpn18uc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 27 Apr 2022 22:25:38 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d+gGtzMEioMaMH7KW6Kr2YjMlf50xN4zBIIohvxJzQ/WtGxQzZ/GWWqFtYIe7Uz7Xrttt29gVRhR1GFNnu4sbtlcSsJUsmT6+bE7Iou1M72Q3mhXJ/tLTSlelloZNskBMb+ayw56BCAylaCsTCZhmTdSEretZia79zq8GgJTgpWOHErk61BFu3AEEJA1UX2EL70NSFDPZhNPt8z5+FBhOuTw6AJuGVo1HGui+uZGE7NiNYJihLXo2GnEFkMp+7VV0OeKu38e0BRUsWxG44U2bfgOeSEPOKbZkR1BfQpURZ8dOssCJZZu05ZB7PXfOYwqPy6jYfn/Izy16BAFJxDNBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qsW0fClyyhAzwIArrLn+9jztlzky+EENmJ917xSatho=; b=Clt5oQRIhxmNpd8fiql6E5KcvshCvIPMmhS3WtIE/S0zw8DiJnBIXwPBZ+UGj1LUWO7BmhZIlbTDXemFNdImuqlaDvGh8aY04OKfwLYbjXTXQ9e/qIWxFzDiYIStvOOyw2qB0MIKJqrE/mx/TnKnCW8xlso9MKMnDs2o4mjfEEZ1kxi61g8xXU6JIv/OR1+UhAw8kPo6vDl9i4rBHwlSQW029ju9VFgcNmJp82XLM9jawHxPbMyP9yjNMeysXLLoD2w3vsU7jnfKZE5B/UTjgWv/smbARMlZTuU8+5j4x8urCflioUL8+QBx2AgmjSscv4AFJiynC393lzviheGieA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qsW0fClyyhAzwIArrLn+9jztlzky+EENmJ917xSatho=; b=H6yTiAihKxEuVIc3QZtzGzmIOsIyLtqMzCtIwWqJIB3OgDaMBXoSji3vqgYOYXAyEt8UXd7yPqwZ8tFt/3uo0+VVrJL3pEB/ZHI7zFrNV9CtaOSzjhdXe8iCaB8IytT+wWqhtvi4kzMW2BmkDBJiP4kum5ji0pvDc+yX+qotrzE= Received: from PH0PR18MB4672.namprd18.prod.outlook.com (2603:10b6:510:c9::16) by SN7PR18MB3952.namprd18.prod.outlook.com (2603:10b6:806:10a::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.14; Thu, 28 Apr 2022 05:25:36 +0000 Received: from PH0PR18MB4672.namprd18.prod.outlook.com ([fe80::141b:43fb:348e:f3a]) by PH0PR18MB4672.namprd18.prod.outlook.com ([fe80::141b:43fb:348e:f3a%5]) with mapi id 15.20.5206.013; Thu, 28 Apr 2022 05:25:36 +0000 From: Anoob Joseph To: Akhil Goyal , "dev@dpdk.org" CC: "thomas@monjalon.net" , "david.marchand@redhat.com" , "hemant.agrawal@nxp.com" , "konstantin.ananyev@intel.com" , "ciara.power@intel.com" , "ferruh.yigit@intel.com" , "andrew.rybchenko@oktetlabs.ru" , Nithin Kumar Dabilpuram , Vamsi Krishna Attunuru , Akhil Goyal Subject: RE: [PATCH v5 6/7] test/security: add ESN and anti-replay cases for inline Thread-Topic: [PATCH v5 6/7] test/security: add ESN and anti-replay cases for inline Thread-Index: AQHYWkk7cjXO7QoxaEqv2d34vTWmrq0Expyw Date: Thu, 28 Apr 2022 05:25:36 +0000 Message-ID: References: <20220416192530.173895-1-gakhil@marvell.com> <20220427151054.2536675-1-gakhil@marvell.com> <20220427151054.2536675-7-gakhil@marvell.com> In-Reply-To: <20220427151054.2536675-7-gakhil@marvell.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8885c14d-5572-4b06-e3bf-08da28d78655 x-ms-traffictypediagnostic: SN7PR18MB3952:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OS+/POs5aOsCxyStpWa0tgd5k4V+tkoWXafLJArlqRtFgKgHKw1vS6d7ejl5OPLQmPmtKFxATK2dFHFm/xCu68pch0/bytfS+52JWSTcCYsQCDhGGrjDXyPm+x7rQjfMO5qM1AV2YvI18HB6TylIiIiT1WKY8PBw+kMCNYvvkGb6yuWe2sVkIz//SPdflH7i1EBtMWSLl787xHD+J+nb6wdk95S/7Wm3Cv3v4PqHQ1/l5WdWG0NOh3gkoBGNiLJaPlMzfwJUCCNt4KiJOBMWLvNa8gjKauvatmxe66zzgC6NkGlyaBC1+Hi81iRfqprCC7b8C7uLyUsP7oIPkA4Ku6XxY19LQs8gYv11x1TOUxhNnygY4miIOzxER9hML7iJPgZkUM45CYuua41xZ6du7A7nYP+SHDB4uw14OmN+4hqC+rovRcRj4jRT+cR9y7COkP/llFXHkOcrZE+0/HzziLW6d7t+buAQwxU+IzOKc5sEprHB/J29tMqyg2TyYKEgCu9MVvfAmvRz12Pvf7Lozf7XUmDAKCLaEBVKFlYmMzFLzQHciCM3PKLpf0HoUcQ/8isDyLUnmuKv590IoAkfeky78+cGCPZhq6jRfnMhsnDpKUf3a+nfGddDDWENYhhLMyWOK5nixjtbK0z7NkKZ9xcbX1jD+6ehdJWuA+eKUhZPtfQmC97i4jC61um0ncQVrOMlg7T5LLJJwfy+gshLxg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR18MB4672.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(55016003)(316002)(9686003)(71200400001)(4326008)(26005)(86362001)(107886003)(508600001)(5660300002)(110136005)(54906003)(38070700005)(38100700002)(8936002)(7696005)(52536014)(6506007)(122000001)(186003)(33656002)(15650500001)(83380400001)(76116006)(8676002)(66446008)(66476007)(66556008)(2906002)(64756008)(66946007); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?wORIVrsfPDkbBbRbrdP8y62hCphI0TgAEZCwdd+ghRy4ygJ3sfuDElzVjteK?= =?us-ascii?Q?riraWnQsWZXJhDSBcGfves4dZzq4t+zUyLAZAilJNnpTTvhwcGXJqbq9QXYw?= =?us-ascii?Q?L1qAzu1wDjd1E55Rt1HibQlMJpxkOe37NZ3D1hhNnSOEUBnkxgDSDbqJBzzE?= =?us-ascii?Q?h7rrK/bDMNUFyfU4PgLX2ElsQwL9T4RdNygTDzc+BSAXMGyT91pNrbgXP6CY?= =?us-ascii?Q?z2t7UyCEFw2BTXIgyk2B6xJTPqQUkDP79wctKZvv+xkqOmJzJ6+r3/+e/u4x?= =?us-ascii?Q?Y6RZEiqNt4xSJzd4hQKtdwQnmHr1NXjWlRYJtY+/swCRll1kQPEAth9i9EwE?= =?us-ascii?Q?nmL1BzL5LplNdhG8a8h5L/R0aYXmDJ5937okFyal505tYulijtgzJd/XfC7N?= =?us-ascii?Q?8JUn8GmfZW8Qcqrmjn6gbThkqdQIJ4U+eRaiG72MhhephSC31zCMVJuOv47w?= =?us-ascii?Q?tHqBJ6wZpU+vbRZ5Bcm/r07a5YC1kbXvo9fPpCG0SgdEpd42meeC2PQBz2i1?= =?us-ascii?Q?QkqUIyMns8B2s+bZjDCegarDak5uMKMl9q2VMVRLmIeR5lnmwxK0iLBfZBfd?= =?us-ascii?Q?PV3f5IYmmbm+whwEFRYE1OrldnLdzeZkEyu5K21qFBDqhQgwZtYsi5nIJ8Tu?= =?us-ascii?Q?8z3dVSFuwK2+kvJ0GbNdNU6KxLQTyFj7XNIfrhjYZtiC3BT7Zfl2BthDlBYH?= =?us-ascii?Q?644ITSSoTQGGsG8QvINqWMZkINmbaUV9PlSttCJvGP+4VtseFhw4HlZdilAp?= =?us-ascii?Q?rZBLidYmrbLH7gDS4t4ExuQx9iSKa/rhmXLCKFtNQkytJwjM6v4jRbKRz7sz?= =?us-ascii?Q?wJOjHD2/2e3Z4r+tLNtQRYasas18BkIun4zKebtRJQYnZ2jfs4Wev+eN5rGH?= =?us-ascii?Q?YxAtGv88wo1+NC0jmHbLS/6yYyg32LKiCKC8fjcFZ+fHsp2LWQUksowu4zxU?= =?us-ascii?Q?DT+ul//+ft/fPiQI+o92UFF7quP4yQ1ws7DsX79MAe38U9d6iiuUfxhogGIG?= =?us-ascii?Q?J2t5MUpP1fVcbWNPCz5j38WaT1upF2KIZ+qF/PiueuiYzaIHX00l2EnkHoeA?= =?us-ascii?Q?NEcqOeLThgUNOW0FfbF7Jkcfg0BF1aEV2Qsaaf+gxNeZ+C+QaysXkcd6x7iU?= =?us-ascii?Q?DR/CttII0z8RWC3E3+LXMDx5ZhynB6Q2zr2Py8Vw8msTOCz1fNUa7P4tT4sa?= =?us-ascii?Q?WAAaRblkUKHXNr4IWr0T3RO0VESCyTC7WbajvIVRo5NvkatCmflu4aZ5CioD?= =?us-ascii?Q?p2aIhRI/Pezok70qtngGHEVHZx5d8tTyU1MRO+mL4GmF6VhAkkGkSQMRafC7?= =?us-ascii?Q?mMx4D9qmGhZPnCfj+GOAgUHRPSmXHPf1GNGjxfv8AQOivz74j7nII0EWLKSN?= =?us-ascii?Q?sA8yC7jVhSPaewxbU/GyTKhL8oFC9ZSxhHr3Tk3lAj9Ly3zpB7WDUKUFU4cG?= =?us-ascii?Q?fIZHtt6S44xfohnMkKC41FEUlHi1UIuJnuwt/KN0AdWDWYICCLW3TXiX2j0u?= =?us-ascii?Q?A8wGF+oMxN5wZxmhc5cjUEKo8+My0lYczWI2LnNv9n2Sa4e7JTszd24SdMNM?= =?us-ascii?Q?ARWGHGv8hk41JkNSlzFoPbqORzBaNWXCbxvjFLFDnv6/PYEsNYviwKPDEW37?= =?us-ascii?Q?aQpBP23Ck6od4fD/JzZEqqqcqaksQr/Jh0CoUY0VlZRPChPUw8G2xifspJMD?= =?us-ascii?Q?VpkkEg5LvKSPhMUEyBNS3LIlinyrdtiviS9YgI5YqH6xsr7oDceIdeVfhyWN?= =?us-ascii?Q?39SSDiSPow=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB4672.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8885c14d-5572-4b06-e3bf-08da28d78655 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2022 05:25:36.2577 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jX/MelwiXBid1n5NAX9sKeY7dMSEyBGUvGJd2vNArQzd3zmzFhO4Rf1irRT9zdrWH+G+ZEVwefC74lKOfV/GxA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR18MB3952 X-Proofpoint-GUID: YiFm4mtoPuiZ7nCtvUzzUxed0U2w17Mu X-Proofpoint-ORIG-GUID: YiFm4mtoPuiZ7nCtvUzzUxed0U2w17Mu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-27_04,2022-04-27_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi Akhil, Please see inline. Thanks, Anoob > Subject: [PATCH v5 6/7] test/security: add ESN and anti-replay cases for = inline >=20 > Added cases to test anti replay for inline IPsec processing with and with= out > extended sequence number support. >=20 > Signed-off-by: Akhil Goyal > --- > app/test/test_security_inline_proto.c | 308 > ++++++++++++++++++++++++++ > 1 file changed, 308 insertions(+) >=20 > diff --git a/app/test/test_security_inline_proto.c > b/app/test/test_security_inline_proto.c > index 055b753634..009405f403 100644 > --- a/app/test/test_security_inline_proto.c > +++ b/app/test/test_security_inline_proto.c > @@ -1091,6 +1091,136 @@ test_ipsec_inline_proto_all(const struct > ipsec_test_flags *flags) > return TEST_SKIPPED; > } >=20 > +static int > +test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[], > + struct ipsec_test_data res_d[], > + int nb_pkts, > + bool silent, > + const struct ipsec_test_flags *flags) { > + struct rte_security_session_conf sess_conf =3D {0}; > + struct ipsec_test_data *res_d_tmp =3D NULL; > + struct rte_crypto_sym_xform cipher =3D {0}; > + struct rte_crypto_sym_xform auth =3D {0}; > + struct rte_crypto_sym_xform aead =3D {0}; > + struct rte_mbuf *rx_pkt =3D NULL; > + struct rte_mbuf *tx_pkt =3D NULL; > + int nb_rx, nb_sent; > + struct rte_security_session *ses; > + struct rte_security_ctx *ctx; > + uint32_t ol_flags; > + int i, ret; > + > + if (td[0].aead) { > + sess_conf.crypto_xform =3D &aead; > + } else { > + if (td[0].ipsec_xform.direction =3D=3D > + RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { > + sess_conf.crypto_xform =3D &cipher; > + sess_conf.crypto_xform->type =3D > RTE_CRYPTO_SYM_XFORM_CIPHER; > + sess_conf.crypto_xform->next =3D &auth; > + sess_conf.crypto_xform->next->type =3D > RTE_CRYPTO_SYM_XFORM_AUTH; > + } else { > + sess_conf.crypto_xform =3D &auth; > + sess_conf.crypto_xform->type =3D > RTE_CRYPTO_SYM_XFORM_AUTH; > + sess_conf.crypto_xform->next =3D &cipher; > + sess_conf.crypto_xform->next->type =3D > RTE_CRYPTO_SYM_XFORM_CIPHER; > + } > + } > + > + /* Create Inline IPsec session. */ > + ret =3D create_inline_ipsec_session(&td[0], port_id, &ses, &ctx, > + &ol_flags, flags, &sess_conf); > + if (ret) > + return ret; > + > + if (td[0].ipsec_xform.direction =3D=3D > RTE_SECURITY_IPSEC_SA_DIR_INGRESS) > + create_default_flow(port_id); [Anoob] If rte_flow creation fails, then the test should be skipped. I see = that create_default_flow() is not returning error in case flow_validate() = or flow_create() fails. IMO, it should be fixed. > + > + for (i =3D 0; i < nb_pkts; i++) { > + tx_pkt =3D init_packet(mbufpool, td[i].input_text.data, > + td[i].input_text.len); > + if (tx_pkt =3D=3D NULL) { > + ret =3D TEST_FAILED; > + goto out; > + } > + > + if > (test_ipsec_pkt_update(rte_pktmbuf_mtod_offset(tx_pkt, > + uint8_t *, RTE_ETHER_HDR_LEN), > flags)) { > + ret =3D TEST_FAILED; > + goto out; > + } > + > + if (td[i].ipsec_xform.direction =3D=3D > + RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { > + if (flags->antireplay) { > + sess_conf.ipsec.esn.value =3D > + td[i].ipsec_xform.esn.value; > + ret =3D rte_security_session_update(ctx, ses, > + &sess_conf); > + if (ret) { [Anoob] ret should be set as TEST_SKIPPED. =20 > + printf("Could not update ESN in > session\n"); > + rte_pktmbuf_free(tx_pkt); > + goto out; > + } > + } > + if (ol_flags & > RTE_SECURITY_TX_OLOAD_NEED_MDATA) > + rte_security_set_pkt_metadata(ctx, ses, > + tx_pkt, NULL); > + tx_pkt->ol_flags |=3D > RTE_MBUF_F_TX_SEC_OFFLOAD; > + } > + /* Send packet to ethdev for inline IPsec processing. */ > + nb_sent =3D rte_eth_tx_burst(port_id, 0, &tx_pkt, 1); > + if (nb_sent !=3D 1) { > + printf("\nUnable to TX packets"); > + rte_pktmbuf_free(tx_pkt); > + ret =3D TEST_FAILED; > + goto out; > + } > + > + rte_pause(); > + > + /* Receive back packet on loopback interface. */ > + do { > + rte_delay_ms(1); > + nb_rx =3D rte_eth_rx_burst(port_id, 0, &rx_pkt, 1); > + } while (nb_rx =3D=3D 0); > + > + rte_pktmbuf_adj(rx_pkt, RTE_ETHER_HDR_LEN); > + > + if (res_d !=3D NULL) > + res_d_tmp =3D &res_d[i]; > + > + ret =3D test_ipsec_post_process(rx_pkt, &td[i], > + res_d_tmp, silent, flags); > + if (ret !=3D TEST_SUCCESS) { > + rte_pktmbuf_free(rx_pkt); > + goto out; > + } > + > + ret =3D test_ipsec_stats_verify(ctx, ses, flags, > + td->ipsec_xform.direction); > + if (ret !=3D TEST_SUCCESS) { > + rte_pktmbuf_free(rx_pkt); > + goto out; > + } > + > + rte_pktmbuf_free(rx_pkt); > + rx_pkt =3D NULL; > + tx_pkt =3D NULL; > + res_d_tmp =3D NULL;=20 [Anoob] Why do we need to set res_d_tmp to NULL? > + } > + > +out: > + if (td->ipsec_xform.direction =3D=3D > RTE_SECURITY_IPSEC_SA_DIR_INGRESS) > + destroy_default_flow(port_id); > + > + /* Destroy session so that other cases can create the session again */ > + rte_security_session_destroy(ctx, ses); > + ses =3D NULL; > + > + return ret; > +} >=20