From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9D6D2A034F; Mon, 6 Dec 2021 12:09:42 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 76EE941168; Mon, 6 Dec 2021 12:09:26 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 44750410E5 for ; Mon, 6 Dec 2021 12:09:25 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B68PoDA013769; Mon, 6 Dec 2021 03:09:24 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=nzxs0N8TRRmgi7Znnc0pW28zQocSuhiqGHY3eo7lIW0=; b=cxomGCwMI0qJy3O1QG1npZTTXG7KK2mHTJ/99iOjXrvbyx/Jhna38Eu2EunTVKiTukwN Vpqmh5hk+6dSNeMMf4Frt2rd9TJ2iNYsFgC/hKkf7FKs8dx9owyKzhloGDhcmRHAAy6i la74ExpLe3qLcpXYhlMuNOne7SMpONLUd2MBlI56qGfw/2+pd662cGhFPir4O/wuPiqb Fl7zlYvhKesMgs/wYy0M3Scm4nr7i5rmdOUIHAtPDu7iALxvjLkLTBeLKOb0ddSrr3DY TjnLXt+dmt44iUI78cSdOoXpUShlb7cNCS6bmlGKiKQ6KEUAw//HMGf3KgiRekM6IvkF hw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3cs0qn2utn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Dec 2021 03:09:24 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Dec 2021 03:09:22 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 6 Dec 2021 03:09:22 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id CA8263F704A; Mon, 6 Dec 2021 03:09:18 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Pablo de Lara" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Subject: [PATCH v2 13/13] test/crypto: add copy and set DF cases Date: Mon, 6 Dec 2021 16:38:00 +0530 Message-ID: <1638788880-650-14-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1638788880-650-1-git-send-email-anoobj@marvell.com> References: <1638777528-553-1-git-send-email-anoobj@marvell.com> <1638788880-650-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: Y6xcN5NbYtxicb0pYx8Vv3yYfYneeb8c X-Proofpoint-ORIG-GUID: Y6xcN5NbYtxicb0pYx8Vv3yYfYneeb8c X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-06_04,2021-12-06_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add test cases to verify copy DF and set DF options with lookaside IPsec offload. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.c | 75 ++++++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 71 ++++++++++++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.h | 10 +++++ doc/guides/rel_notes/release_22_03.rst | 1 + 4 files changed, 154 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 203b4a4..f808719 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9169,6 +9169,13 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], sizeof(src)); memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst)); + + if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1) + ipsec_xform.tunnel.ipv4.df = 0; + + if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0) + ipsec_xform.tunnel.ipv4.df = 1; + } else { memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src, sizeof(v6_src)); @@ -9282,6 +9289,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], memcpy(input_text, td[i].input_text.data, td[i].input_text.len); + if (test_ipsec_pkt_update(input_text, flags)) + return TEST_FAILED; + /* Generate crypto op data structure */ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, RTE_CRYPTO_OP_TYPE_SYMMETRIC); @@ -9700,6 +9710,55 @@ test_ipsec_proto_pkt_fragment(const void *data __rte_unused) flags.fragment = true; return test_ipsec_proto_all(&flags); + +} + +static int +test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_COPY_DF_INNER_0; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_COPY_DF_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_SET_DF_0_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_SET_DF_1_INNER_0; + + return test_ipsec_proto_all(&flags); } static int @@ -14724,6 +14783,22 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Fragmented packet", ut_setup_security, ut_teardown, test_ipsec_proto_pkt_fragment), + TEST_CASE_NAMED_ST( + "Tunnel header copy DF (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_copy_df_inner_0), + TEST_CASE_NAMED_ST( + "Tunnel header copy DF (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_copy_df_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header set DF 0 (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_set_df_0_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header set DF 1 (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_set_df_1_inner_0), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 94e5213..e662ea2 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -427,6 +427,9 @@ test_ipsec_td_prepare(const struct crypto_param *param1, ip->hdr_checksum = rte_ipv4_cksum(ip); } + if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 || + flags->df == TEST_IPSEC_COPY_DF_INNER_1) + td->ipsec_xform.options.copy_df = 1; } } @@ -640,6 +643,7 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, { uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); + uint8_t td_output_text[4096]; int ret; /* For tests with status as error for test success, skip verification */ @@ -720,16 +724,21 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, return ret; } + memcpy(td_output_text, td->output_text.data + skip, len); - if (memcmp(output_text, td->output_text.data + skip, len)) { + if (test_ipsec_pkt_update(td_output_text, flags)) { + printf("Could not update expected vector"); + return TEST_FAILED; + } + + if (memcmp(output_text, td_output_text, len)) { if (silent) return TEST_FAILED; printf("TestCase %s line %d: %s\n", __func__, __LINE__, "output text not as expected\n"); - rte_hexdump(stdout, "expected", td->output_text.data + skip, - len); + rte_hexdump(stdout, "expected", td_output_text, len); rte_hexdump(stdout, "actual", output_text, len); return TEST_FAILED; } @@ -797,10 +806,27 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, } else { if (td->ipsec_xform.tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + uint16_t f_off; + if (is_valid_ipv4_pkt(iph4) == false) { printf("Tunnel outer header is not IPv4\n"); return TEST_FAILED; } + + f_off = rte_be_to_cpu_16(iph4->fragment_offset); + + if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 || + flags->df == TEST_IPSEC_SET_DF_1_INNER_0) { + if (!(f_off & RTE_IPV4_HDR_DF_FLAG)) { + printf("DF bit is not set\n"); + return TEST_FAILED; + } + } else { + if ((f_off & RTE_IPV4_HDR_DF_FLAG)) { + printf("DF bit is set\n"); + return TEST_FAILED; + } + } } else { iph6 = (const struct rte_ipv6_hdr *)output_text; if (is_valid_ipv6_pkt(iph6) == false) { @@ -909,3 +935,42 @@ test_ipsec_stats_verify(struct rte_security_ctx *ctx, return ret; } + +int +test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags) +{ + struct rte_ipv4_hdr *iph4; + bool cksum_dirty = false; + uint16_t frag_off; + + iph4 = (struct rte_ipv4_hdr *)pkt; + + if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 || + flags->df == TEST_IPSEC_SET_DF_0_INNER_1 || + flags->df == TEST_IPSEC_COPY_DF_INNER_0 || + flags->df == TEST_IPSEC_SET_DF_1_INNER_0) { + + if (!is_ipv4(iph4)) { + printf("Invalid packet type"); + return -1; + } + + frag_off = rte_be_to_cpu_16(iph4->fragment_offset); + + if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 || + flags->df == TEST_IPSEC_SET_DF_0_INNER_1) + frag_off |= RTE_IPV4_HDR_DF_FLAG; + else + frag_off &= ~RTE_IPV4_HDR_DF_FLAG; + + iph4->fragment_offset = rte_cpu_to_be_16(frag_off); + cksum_dirty = true; + } + + if (cksum_dirty && is_ipv4(iph4)) { + iph4->hdr_checksum = 0; + iph4->hdr_checksum = rte_ipv4_cksum(iph4); + } + + return 0; +} diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 6e27eba..12a9b77 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -50,6 +50,13 @@ struct ipsec_test_data { } xform; }; +enum df_flags { + TEST_IPSEC_COPY_DF_INNER_0 = 1, + TEST_IPSEC_COPY_DF_INNER_1, + TEST_IPSEC_SET_DF_0_INNER_1, + TEST_IPSEC_SET_DF_1_INNER_0, +}; + struct ipsec_test_flags { bool display_alg; bool sa_expiry_pkts_soft; @@ -66,6 +73,7 @@ struct ipsec_test_flags { bool transport; bool fragment; bool stats_success; + enum df_flags df; }; struct crypto_param { @@ -226,4 +234,6 @@ int test_ipsec_stats_verify(struct rte_security_ctx *ctx, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); +int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags); + #endif diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst index a7d0e53..1c6b846 100644 --- a/doc/guides/rel_notes/release_22_03.rst +++ b/doc/guides/rel_notes/release_22_03.rst @@ -72,6 +72,7 @@ New Features * Added tunnel mode fragment packet tests. * Added security stats tests. * Added AES-CTR tests. + * Added set/copy DF tests. Removed Items -- 2.7.4