From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
Declan Doherty <declan.doherty@intel.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
"Pablo de Lara" <pablo.de.lara.guarch@intel.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
"Radu Nicolau" <radu.nicolau@intel.com>,
Ciara Power <ciara.power@intel.com>,
Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org>
Subject: [PATCH 13/13] test/crypto: add copy and set DF cases
Date: Mon, 6 Dec 2021 13:28:48 +0530 [thread overview]
Message-ID: <1638777528-553-14-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1638777528-553-1-git-send-email-anoobj@marvell.com>
Add test cases to verify copy DF and set DF options with lookaside IPsec
offload.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
app/test/test_cryptodev.c | 75 ++++++++++++++++++++++++++++++++
app/test/test_cryptodev_security_ipsec.c | 71 ++++++++++++++++++++++++++++--
app/test/test_cryptodev_security_ipsec.h | 10 +++++
doc/guides/rel_notes/release_22_03.rst | 18 ++++++++
4 files changed, 171 insertions(+), 3 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index aa85a19..aac17d1 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9169,6 +9169,13 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
sizeof(src));
memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
sizeof(dst));
+
+ if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+ ipsec_xform.tunnel.ipv4.df = 0;
+
+ if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0)
+ ipsec_xform.tunnel.ipv4.df = 1;
+
} else {
memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
sizeof(v6_src));
@@ -9282,6 +9289,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
memcpy(input_text, td[i].input_text.data,
td[i].input_text.len);
+ if (test_ipsec_pkt_update(input_text, flags))
+ return TEST_FAILED;
+
/* Generate crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -9700,6 +9710,55 @@ test_ipsec_proto_pkt_fragment(const void *data __rte_unused)
flags.fragment = true;
return test_ipsec_proto_all(&flags);
+
+}
+
+static int
+test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_0_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_1_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
}
static int
@@ -14724,6 +14783,22 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"Fragmented packet",
ut_setup_security, ut_teardown,
test_ipsec_proto_pkt_fragment),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 0 (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_0_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 1 (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_1_inner_0),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 94e5213..4f5f20c 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -427,6 +427,9 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
ip->hdr_checksum = rte_ipv4_cksum(ip);
}
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+ flags->df == TEST_IPSEC_COPY_DF_INNER_1)
+ td->ipsec_xform.options.copy_df = 1;
}
}
@@ -640,6 +643,7 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
{
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+ uint8_t td_output_text[4096];
int ret;
/* For tests with status as error for test success, skip verification */
@@ -720,16 +724,21 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
return ret;
}
+ memcpy(td_output_text, td->output_text.data + skip, len);
- if (memcmp(output_text, td->output_text.data + skip, len)) {
+ if (test_ipsec_pkt_update(td_output_text, flags)) {
+ printf("Could not update expected vector");
+ return TEST_FAILED;
+ }
+
+ if (memcmp(output_text, td_output_text, len)) {
if (silent)
return TEST_FAILED;
printf("TestCase %s line %d: %s\n", __func__, __LINE__,
"output text not as expected\n");
- rte_hexdump(stdout, "expected", td->output_text.data + skip,
- len);
+ rte_hexdump(stdout, "expected", td_output_text, len);
rte_hexdump(stdout, "actual", output_text, len);
return TEST_FAILED;
}
@@ -797,10 +806,27 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
} else {
if (td->ipsec_xform.tunnel.type ==
RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ uint16_t f_off;
+
if (is_valid_ipv4_pkt(iph4) == false) {
printf("Tunnel outer header is not IPv4\n");
return TEST_FAILED;
}
+
+ f_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+ flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+ if (!(f_off & RTE_IPV4_HDR_DF_FLAG)) {
+ printf("DF bit is not set\n");
+ return TEST_FAILED;
+ }
+ } else {
+ if ((f_off & RTE_IPV4_HDR_DF_FLAG)) {
+ printf("DF bit is set\n");
+ return TEST_FAILED;
+ }
+ }
} else {
iph6 = (const struct rte_ipv6_hdr *)output_text;
if (is_valid_ipv6_pkt(iph6) == false) {
@@ -909,3 +935,42 @@ test_ipsec_stats_verify(struct rte_security_ctx *ctx,
return ret;
}
+
+int
+test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags)
+{
+ struct rte_ipv4_hdr *iph4;
+ bool cksum_dirty = false;
+ uint16_t frag_off;
+
+ iph4 = (struct rte_ipv4_hdr *)pkt;
+
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+ flags->df == TEST_IPSEC_SET_DF_0_INNER_1 ||
+ flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+ flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+
+ if (!is_ipv4(iph4)) {
+ printf("Invalid packet type");
+ return -1;
+ }
+
+ frag_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+ flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+ frag_off |= RTE_IPV4_HDR_DF_FLAG;
+ else
+ frag_off &= !RTE_IPV4_HDR_DF_FLAG;
+
+ iph4->fragment_offset = rte_cpu_to_be_16(frag_off);
+ cksum_dirty = true;
+ }
+
+ if (cksum_dirty && is_ipv4(iph4)) {
+ iph4->hdr_checksum = 0;
+ iph4->hdr_checksum = rte_ipv4_cksum(iph4);
+ }
+
+ return 0;
+}
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 6e27eba..12a9b77 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -50,6 +50,13 @@ struct ipsec_test_data {
} xform;
};
+enum df_flags {
+ TEST_IPSEC_COPY_DF_INNER_0 = 1,
+ TEST_IPSEC_COPY_DF_INNER_1,
+ TEST_IPSEC_SET_DF_0_INNER_1,
+ TEST_IPSEC_SET_DF_1_INNER_0,
+};
+
struct ipsec_test_flags {
bool display_alg;
bool sa_expiry_pkts_soft;
@@ -66,6 +73,7 @@ struct ipsec_test_flags {
bool transport;
bool fragment;
bool stats_success;
+ enum df_flags df;
};
struct crypto_param {
@@ -226,4 +234,6 @@ int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir);
+int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
+
#endif
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 6d99d1e..0a29671 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -55,6 +55,24 @@ New Features
Also, make sure to start the actual text at the margin.
=======================================================
+* **Updated lookaside protocol (IPsec) tests in dpdk-test.**
+
+ * Added support for chained operations.
+ * Added AES-CBC 128 NULL auth known vector tests.
+ * Added AES-CBC 128 HMAC-SHA256 known vector tests.
+ * Added AES-CBC 128 HMAC-SHA384 known vector tests.
+ * Added AES-CBC 128 HMAC-SHA512 known vector tests.
+ * Added NULL cipher AES-XCBC known vector tests.
+ * Added tunnel mode tests
+ * IPv6 in IPv6
+ * IPv4 in IPv4
+ * IPv4 in IPv6
+ * IPv6 in IPv4
+ * Added IPv4 transport mode tests.
+ * Added security stats tests.
+ * Added AES-CTR tests.
+ * Added set/copy DF tests.
+
Removed Items
-------------
--
2.7.4
next prev parent reply other threads:[~2021-12-06 8:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-06 7:58 [PATCH 00/13] Add new cases to lookaside IPsec tests Anoob Joseph
2021-12-06 7:58 ` [PATCH 01/13] test/crypto: add IPsec aes-cbc known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 " Anoob Joseph
2021-12-06 7:58 ` [PATCH 03/13] test/crypto: add chained operations in combined cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 04/13] test/crypto: add IPv6 tunnel mode cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 06/13] test/crypto: add IPsec fragmented packet " Anoob Joseph
2021-12-06 7:58 ` [PATCH 07/13] test/crypto: add transport mode cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 08/13] test/crypto: add security stats cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 10/13] test/crypto: add fragmented packet case Anoob Joseph
2021-12-06 7:58 ` [PATCH 11/13] test/crypto: skip null auth in ICV corrupt case Anoob Joseph
2021-12-06 7:58 ` [PATCH 12/13] test/crypto: add aes xcbc known vectors Anoob Joseph
2021-12-06 7:58 ` Anoob Joseph [this message]
2021-12-06 11:07 ` [PATCH v2 00/13] Add new cases to lookaside IPsec tests Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 01/13] test/crypto: add IPsec aes-cbc known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 " Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 03/13] test/crypto: add chained operations in combined cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 04/13] test/crypto: add IPv6 tunnel mode cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 06/13] test/crypto: add IPsec fragmented packet " Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 07/13] test/crypto: add transport mode cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 08/13] test/crypto: add security stats cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 10/13] test/crypto: add fragmented packet case Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 11/13] test/crypto: skip null auth in ICV corrupt case Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 12/13] test/crypto: add aes xcbc known vectors Anoob Joseph
2021-12-06 11:08 ` [PATCH v2 13/13] test/crypto: add copy and set DF cases Anoob Joseph
2022-01-21 11:02 ` [PATCH v2 00/13] Add new cases to lookaside IPsec tests Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1638777528-553-14-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=ciara.power@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=g.singh@nxp.com \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
--cc=marchana@marvell.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).