From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 031B1A034F; Mon, 6 Dec 2021 09:00:53 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C9F6C426F6; Mon, 6 Dec 2021 09:00:28 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id EF69D41169 for ; Mon, 6 Dec 2021 09:00:27 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B5KQFYj018109; Mon, 6 Dec 2021 00:00:27 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=ym/A1IR9QVtqkhGAeMhU9wHAALn7U5NlxVDKBQPVQ64=; b=R96fFOQNWkM2ZeOxyfGt6amXl6KPupHSDC+pouha5CL2tqjjePjTRvMVeKOwiu/pfPBa oo+bDV7ZSxDej9xeXzTvv5uf03eq3STV5iCXdoIcAzgsBHO3oQDAFO+wcyuddQaT/og1 uflTvQam1giDey0KkJDKcWAg0kJ2eeNDw0WTPfEtX7rWD5t0q4veRdnzQlwfRkv15Arn LoRUr1ZqrGfmTUu/QlLRHaItfGlvOXlqN8EaDbBYQ3/ykdIFG6NAwjJ56ZFk1CtuvoS0 cjMhneKSgsGbKN/C1S6zZHlJ6UXF16fEq+rM8xPn153jygqmoNMSZDqS2/uVIjucNsGu nw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3cs0qn276d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Dec 2021 00:00:27 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 6 Dec 2021 00:00:25 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 6 Dec 2021 00:00:25 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id A91723F705C; Mon, 6 Dec 2021 00:00:21 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Pablo de Lara" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Subject: [PATCH 13/13] test/crypto: add copy and set DF cases Date: Mon, 6 Dec 2021 13:28:48 +0530 Message-ID: <1638777528-553-14-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1638777528-553-1-git-send-email-anoobj@marvell.com> References: <1638777528-553-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: 6mLqMcZTI--hb7MeB_eixUuaCKX9sjHa X-Proofpoint-ORIG-GUID: 6mLqMcZTI--hb7MeB_eixUuaCKX9sjHa X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-06_03,2021-12-06_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add test cases to verify copy DF and set DF options with lookaside IPsec offload. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.c | 75 ++++++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 71 ++++++++++++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.h | 10 +++++ doc/guides/rel_notes/release_22_03.rst | 18 ++++++++ 4 files changed, 171 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index aa85a19..aac17d1 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9169,6 +9169,13 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], sizeof(src)); memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst)); + + if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1) + ipsec_xform.tunnel.ipv4.df = 0; + + if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0) + ipsec_xform.tunnel.ipv4.df = 1; + } else { memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src, sizeof(v6_src)); @@ -9282,6 +9289,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], memcpy(input_text, td[i].input_text.data, td[i].input_text.len); + if (test_ipsec_pkt_update(input_text, flags)) + return TEST_FAILED; + /* Generate crypto op data structure */ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, RTE_CRYPTO_OP_TYPE_SYMMETRIC); @@ -9700,6 +9710,55 @@ test_ipsec_proto_pkt_fragment(const void *data __rte_unused) flags.fragment = true; return test_ipsec_proto_all(&flags); + +} + +static int +test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_COPY_DF_INNER_0; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_COPY_DF_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_SET_DF_0_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_SET_DF_1_INNER_0; + + return test_ipsec_proto_all(&flags); } static int @@ -14724,6 +14783,22 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Fragmented packet", ut_setup_security, ut_teardown, test_ipsec_proto_pkt_fragment), + TEST_CASE_NAMED_ST( + "Tunnel header copy DF (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_copy_df_inner_0), + TEST_CASE_NAMED_ST( + "Tunnel header copy DF (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_copy_df_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header set DF 0 (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_set_df_0_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header set DF 1 (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_set_df_1_inner_0), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 94e5213..4f5f20c 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -427,6 +427,9 @@ test_ipsec_td_prepare(const struct crypto_param *param1, ip->hdr_checksum = rte_ipv4_cksum(ip); } + if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 || + flags->df == TEST_IPSEC_COPY_DF_INNER_1) + td->ipsec_xform.options.copy_df = 1; } } @@ -640,6 +643,7 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, { uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); + uint8_t td_output_text[4096]; int ret; /* For tests with status as error for test success, skip verification */ @@ -720,16 +724,21 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, return ret; } + memcpy(td_output_text, td->output_text.data + skip, len); - if (memcmp(output_text, td->output_text.data + skip, len)) { + if (test_ipsec_pkt_update(td_output_text, flags)) { + printf("Could not update expected vector"); + return TEST_FAILED; + } + + if (memcmp(output_text, td_output_text, len)) { if (silent) return TEST_FAILED; printf("TestCase %s line %d: %s\n", __func__, __LINE__, "output text not as expected\n"); - rte_hexdump(stdout, "expected", td->output_text.data + skip, - len); + rte_hexdump(stdout, "expected", td_output_text, len); rte_hexdump(stdout, "actual", output_text, len); return TEST_FAILED; } @@ -797,10 +806,27 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, } else { if (td->ipsec_xform.tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + uint16_t f_off; + if (is_valid_ipv4_pkt(iph4) == false) { printf("Tunnel outer header is not IPv4\n"); return TEST_FAILED; } + + f_off = rte_be_to_cpu_16(iph4->fragment_offset); + + if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 || + flags->df == TEST_IPSEC_SET_DF_1_INNER_0) { + if (!(f_off & RTE_IPV4_HDR_DF_FLAG)) { + printf("DF bit is not set\n"); + return TEST_FAILED; + } + } else { + if ((f_off & RTE_IPV4_HDR_DF_FLAG)) { + printf("DF bit is set\n"); + return TEST_FAILED; + } + } } else { iph6 = (const struct rte_ipv6_hdr *)output_text; if (is_valid_ipv6_pkt(iph6) == false) { @@ -909,3 +935,42 @@ test_ipsec_stats_verify(struct rte_security_ctx *ctx, return ret; } + +int +test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags) +{ + struct rte_ipv4_hdr *iph4; + bool cksum_dirty = false; + uint16_t frag_off; + + iph4 = (struct rte_ipv4_hdr *)pkt; + + if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 || + flags->df == TEST_IPSEC_SET_DF_0_INNER_1 || + flags->df == TEST_IPSEC_COPY_DF_INNER_0 || + flags->df == TEST_IPSEC_SET_DF_1_INNER_0) { + + if (!is_ipv4(iph4)) { + printf("Invalid packet type"); + return -1; + } + + frag_off = rte_be_to_cpu_16(iph4->fragment_offset); + + if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 || + flags->df == TEST_IPSEC_SET_DF_0_INNER_1) + frag_off |= RTE_IPV4_HDR_DF_FLAG; + else + frag_off &= !RTE_IPV4_HDR_DF_FLAG; + + iph4->fragment_offset = rte_cpu_to_be_16(frag_off); + cksum_dirty = true; + } + + if (cksum_dirty && is_ipv4(iph4)) { + iph4->hdr_checksum = 0; + iph4->hdr_checksum = rte_ipv4_cksum(iph4); + } + + return 0; +} diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 6e27eba..12a9b77 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -50,6 +50,13 @@ struct ipsec_test_data { } xform; }; +enum df_flags { + TEST_IPSEC_COPY_DF_INNER_0 = 1, + TEST_IPSEC_COPY_DF_INNER_1, + TEST_IPSEC_SET_DF_0_INNER_1, + TEST_IPSEC_SET_DF_1_INNER_0, +}; + struct ipsec_test_flags { bool display_alg; bool sa_expiry_pkts_soft; @@ -66,6 +73,7 @@ struct ipsec_test_flags { bool transport; bool fragment; bool stats_success; + enum df_flags df; }; struct crypto_param { @@ -226,4 +234,6 @@ int test_ipsec_stats_verify(struct rte_security_ctx *ctx, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); +int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags); + #endif diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst index 6d99d1e..0a29671 100644 --- a/doc/guides/rel_notes/release_22_03.rst +++ b/doc/guides/rel_notes/release_22_03.rst @@ -55,6 +55,24 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated lookaside protocol (IPsec) tests in dpdk-test.** + + * Added support for chained operations. + * Added AES-CBC 128 NULL auth known vector tests. + * Added AES-CBC 128 HMAC-SHA256 known vector tests. + * Added AES-CBC 128 HMAC-SHA384 known vector tests. + * Added AES-CBC 128 HMAC-SHA512 known vector tests. + * Added NULL cipher AES-XCBC known vector tests. + * Added tunnel mode tests + * IPv6 in IPv6 + * IPv4 in IPv4 + * IPv4 in IPv6 + * IPv6 in IPv4 + * Added IPv4 transport mode tests. + * Added security stats tests. + * Added AES-CTR tests. + * Added set/copy DF tests. + Removed Items ------------- -- 2.7.4