DPDK patches and discussions
 help / color / mirror / Atom feed
From: Nithin Dabilpuram <ndabilpuram@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Fan Zhang <fanzhang.oss@gmail.com>
Cc: <jerinj@marvell.com>, <dev@dpdk.org>,
	Nithin Dabilpuram <ndabilpuram@marvell.com>
Subject: [PATCH 3/3] test/security: add unittest for inline ingress oop
Date: Tue, 11 Apr 2023 15:34:09 +0530	[thread overview]
Message-ID: <20230411100410.1174495-3-ndabilpuram@marvell.com> (raw)
In-Reply-To: <20230411100410.1174495-1-ndabilpuram@marvell.com>

Add unittest for inline ingress out-of-place processing.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
---
 app/test/test_cryptodev_security_ipsec.c |  8 +++
 app/test/test_cryptodev_security_ipsec.h |  1 +
 app/test/test_security_inline_proto.c    | 85 ++++++++++++++++++++++++
 3 files changed, 94 insertions(+)

diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 7a8688c692..be9e246bfe 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -213,6 +213,14 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 		}
 	}
 
+	if (ipsec_xform->options.ingress_oop == 1 &&
+	    sec_cap->ipsec.options.ingress_oop == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1,
+				"Inline Ingress OOP processing is not supported\n");
+		return -ENOTSUP;
+	}
+
 	return 0;
 }
 
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 92e641ba0b..5606ec056d 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -110,6 +110,7 @@ struct ipsec_test_flags {
 	bool ah;
 	uint32_t plaintext_len;
 	int nb_segs_in_mbuf;
+	bool inb_oop;
 };
 
 struct crypto_param {
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 79858e559f..80bcdfc701 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -735,6 +735,51 @@ get_and_verify_incomplete_frags(struct rte_mbuf *mbuf,
 	return ret;
 }
 
+static int
+verify_inbound_oop(struct ipsec_test_data *td,
+		   bool silent, struct rte_mbuf *mbuf)
+{
+	int ret = TEST_SUCCESS, rc;
+	struct rte_mbuf *orig;
+	uint32_t len;
+	void *data;
+
+	orig = *rte_security_oop_dynfield(mbuf);
+	if (!orig) {
+		if (!silent)
+			printf("\nUnable to get orig buffer OOP session");
+		return TEST_FAILED;
+	}
+
+	/* Skip Ethernet header comparison */
+	rte_pktmbuf_adj(orig, RTE_ETHER_HDR_LEN);
+
+	len = td->input_text.len;
+	if (orig->pkt_len != len) {
+		if (!silent)
+			printf("\nOriginal packet length mismatch, expected %u, got %u ",
+			       len, orig->pkt_len);
+		ret = TEST_FAILED;
+	}
+
+	data = rte_pktmbuf_mtod(orig, void *);
+	rc = memcmp(data, td->input_text.data, len);
+	if (rc) {
+		ret = TEST_FAILED;
+		if (silent)
+			goto exit;
+
+		printf("TestCase %s line %d: %s\n", __func__, __LINE__,
+		       "output text not as expected\n");
+
+		rte_hexdump(stdout, "expected", td->input_text.data, len);
+		rte_hexdump(stdout, "actual", data, len);
+	}
+exit:
+	rte_pktmbuf_free(orig);
+	return ret;
+}
+
 static int
 test_ipsec_with_reassembly(struct reassembly_vector *vector,
 		const struct ipsec_test_flags *flags)
@@ -1115,6 +1160,12 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
 	if (ret)
 		return ret;
 
+	if (flags->inb_oop && rte_security_oop_dynfield_offset < 0) {
+		printf("\nDynamic field not available for inline inbound OOP");
+		ret = TEST_FAILED;
+		goto out;
+	}
+
 	if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
 		ret = create_default_flow(port_id);
 		if (ret)
@@ -1206,6 +1257,15 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
 			goto out;
 		}
 
+		if (flags->inb_oop) {
+			ret = verify_inbound_oop(td, silent, rx_pkts_burst[i]);
+			if (ret != TEST_SUCCESS) {
+				for ( ; i < nb_rx; i++)
+					rte_pktmbuf_free(rx_pkts_burst[i]);
+				goto out;
+			}
+		}
+
 		rte_pktmbuf_free(rx_pkts_burst[i]);
 		rx_pkts_burst[i] = NULL;
 	}
@@ -1994,6 +2054,26 @@ test_ipsec_inline_proto_known_vec_inb(const void *test_data)
 	return test_ipsec_inline_proto_process(&td_inb, NULL, 1, false, &flags);
 }
 
+static int
+test_ipsec_inline_proto_oop_inb(const void *test_data)
+{
+	const struct ipsec_test_data *td = test_data;
+	struct ipsec_test_flags flags;
+	struct ipsec_test_data td_inb;
+
+	memset(&flags, 0, sizeof(flags));
+	flags.inb_oop = true;
+
+	if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+		test_ipsec_td_in_from_out(td, &td_inb);
+	else
+		memcpy(&td_inb, td, sizeof(td_inb));
+
+	td_inb.ipsec_xform.options.ingress_oop = true;
+
+	return test_ipsec_inline_proto_process(&td_inb, NULL, 1, false, &flags);
+}
+
 static int
 test_ipsec_inline_proto_display_list(const void *data __rte_unused)
 {
@@ -3086,6 +3166,11 @@ static struct unit_test_suite inline_ipsec_testsuite  = {
 			"IPv4 Reassembly with burst of 4 fragments",
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
 			test_inline_ip_reassembly, &ipv4_4frag_burst_vector),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound Out-Of-Place processing",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_oop_inb,
+			&pkt_aes_128_gcm),
 
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	},
-- 
2.25.1


  parent reply	other threads:[~2023-04-11 10:08 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-09  8:56 [RFC 1/2] security: introduce out of place support for inline ingress Nithin Dabilpuram
2023-03-09  8:56 ` [RFC 2/2] test/security: add unittest for inline ingress oop Nithin Dabilpuram
2023-04-11 10:04 ` [PATCH 1/3] security: introduce out of place support for inline ingress Nithin Dabilpuram
2023-04-11 10:04   ` [PATCH 2/3] net/cnxk: support inline ingress out of place session Nithin Dabilpuram
2023-04-11 10:04   ` Nithin Dabilpuram [this message]
2023-04-11 18:05   ` [PATCH 1/3] security: introduce out of place support for inline ingress Stephen Hemminger
2023-04-18  8:33     ` Jerin Jacob
2023-04-24 22:41       ` Thomas Monjalon
2023-05-19  8:07         ` Jerin Jacob
2023-05-30  9:23           ` Jerin Jacob
2023-05-30 13:51             ` Thomas Monjalon
2023-05-31  9:26               ` Morten Brørup
2023-07-01  7:15   ` [PATCH] doc: announce addition of new security IPsec SA option Nithin Dabilpuram
2023-07-03 14:35     ` Akhil Goyal
2023-07-04  5:15     ` [PATCH v2] " Nithin Dabilpuram
2023-07-05 14:07       ` Jerin Jacob
2023-07-11  8:55         ` [EXT] " Akhil Goyal
2023-07-06 23:05     ` [PATCH] " Ji, Kai
2023-08-11  8:54 ` [PATCH 1/3] security: introduce out of place support for inline ingress Nithin Dabilpuram
2023-08-11  8:54   ` [PATCH 2/3] net/cnxk: support inline ingress out of place session Nithin Dabilpuram
2023-08-11  8:54   ` [PATCH 3/3] test/security: add unittest for inline ingress oop Nithin Dabilpuram
2023-09-19 19:55   ` [PATCH 1/3] security: introduce out of place support for inline ingress Akhil Goyal
2023-09-21  2:15 ` [PATCH v2 " Nithin Dabilpuram
2023-09-21  2:15   ` [PATCH v2 2/3] net/cnxk: support inline ingress out of place session Nithin Dabilpuram
2023-09-21  2:15   ` [PATCH v2 3/3] test/security: add unittest for inline ingress oop Nithin Dabilpuram
2023-09-21 10:44   ` [PATCH v2 1/3] security: introduce out of place support for inline ingress Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230411100410.1174495-3-ndabilpuram@marvell.com \
    --to=ndabilpuram@marvell.com \
    --cc=dev@dpdk.org \
    --cc=fanzhang.oss@gmail.com \
    --cc=gakhil@marvell.com \
    --cc=jerinj@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).