From: Volodymyr Fialko <vfialko@marvell.com>
To: <dev@dpdk.org>, Akhil Goyal <gakhil@marvell.com>,
Fan Zhang <roy.fan.zhang@intel.com>
Cc: <jerinj@marvell.com>, Volodymyr Fialko <vfialko@marvell.com>,
Anoob Joseph <anoobj@marvell.com>
Subject: [PATCH v2 1/2] test/crypto: add TTL and hop limit decrement cases
Date: Wed, 23 Feb 2022 11:40:45 +0100 [thread overview]
Message-ID: <20220223104046.1231153-2-vfialko@marvell.com> (raw)
In-Reply-To: <20220223104046.1231153-1-vfialko@marvell.com>
Add test cases to verify TTL and hop limit decrement with lookaside
IPsec offload.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
---
app/test/test_cryptodev.c | 29 +++++++++++++++++++
app/test/test_cryptodev_security_ipsec.c | 37 ++++++++++++++++++++++++
app/test/test_cryptodev_security_ipsec.h | 1 +
3 files changed, 67 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index fc3c09d86f..694b073f4f 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -10102,6 +10102,27 @@ test_PDCP_PROTO_all(void)
return TEST_SUCCESS;
}
+static int
+test_ipsec_proto_ipv4_ttl_decrement(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags = {
+ .dec_ttl_or_hop_limit = true
+ };
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv6_hop_limit_decrement(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags = {
+ .ipv6 = true,
+ .dec_ttl_or_hop_limit = true
+ };
+
+ return test_ipsec_proto_all(&flags);
+}
+
static int
test_docsis_proto_uplink(const void *data)
{
@@ -15158,6 +15179,14 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_pkt_esn_antireplay4096,
&pkt_aes_128_gcm),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv4 decrement inner TTL",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv4_ttl_decrement),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv6 decrement inner hop limit",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv6_hop_limit_decrement),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 3887b05135..f66360f4c4 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -443,6 +443,9 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
if (flags->dscp == TEST_IPSEC_COPY_DSCP_INNER_0 ||
flags->dscp == TEST_IPSEC_COPY_DSCP_INNER_1)
td->ipsec_xform.options.copy_dscp = 1;
+
+ if (flags->dec_ttl_or_hop_limit)
+ td->ipsec_xform.options.dec_ttl = 1;
}
}
@@ -650,6 +653,32 @@ test_ipsec_l4_csum_verify(struct rte_mbuf *m)
return TEST_SUCCESS;
}
+static int
+test_ipsec_ttl_or_hop_decrement_verify(void *received, void *expected)
+{
+ struct rte_ipv4_hdr *iph4_ex, *iph4_re;
+ struct rte_ipv6_hdr *iph6_ex, *iph6_re;
+
+ if (is_ipv4(received) && is_ipv4(expected)) {
+ iph4_ex = expected;
+ iph4_re = received;
+ iph4_ex->time_to_live -= 1;
+ if (iph4_re->time_to_live != iph4_ex->time_to_live)
+ return TEST_FAILED;
+ } else if (!is_ipv4(received) && !is_ipv4(expected)) {
+ iph6_ex = expected;
+ iph6_re = received;
+ iph6_ex->hop_limits -= 1;
+ if (iph6_re->hop_limits != iph6_ex->hop_limits)
+ return TEST_FAILED;
+ } else {
+ printf("IP header version miss match\n");
+ return TEST_FAILED;
+ }
+
+ return TEST_SUCCESS;
+}
+
static int
test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
bool silent, const struct ipsec_test_flags *flags)
@@ -740,6 +769,14 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
memcpy(td_output_text, td->output_text.data + skip, len);
+ if ((td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&
+ flags->dec_ttl_or_hop_limit) {
+ if (test_ipsec_ttl_or_hop_decrement_verify(output_text, td_output_text)) {
+ printf("Inner TTL/hop limit decrement test failed\n");
+ return TEST_FAILED;
+ }
+ }
+
if (test_ipsec_pkt_update(td_output_text, flags)) {
printf("Could not update expected vector");
return TEST_FAILED;
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index a15c1d3015..7529d2ae50 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -87,6 +87,7 @@ struct ipsec_test_flags {
bool antireplay;
enum df_flags df;
enum dscp_flags dscp;
+ bool dec_ttl_or_hop_limit;
};
struct crypto_param {
--
2.25.1
next prev parent reply other threads:[~2022-02-23 10:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-18 12:52 [PATCH 0/2] Add new IPsec test cases Volodymyr Fialko
2022-02-18 12:52 ` [PATCH 1/2] test/crypto: add TTL and hop limit decrement cases Volodymyr Fialko
2022-02-18 12:52 ` [PATCH 2/2] test/crypto: add L4 checksum case for transport mode Volodymyr Fialko
2022-02-22 19:41 ` [EXT] [PATCH 0/2] Add new IPsec test cases Akhil Goyal
2022-02-23 10:40 ` [PATCH v2 " Volodymyr Fialko
2022-02-23 10:40 ` Volodymyr Fialko [this message]
2022-02-23 10:48 ` [PATCH v2 1/2] test/crypto: add TTL and hop limit decrement cases Akhil Goyal
2022-02-23 10:40 ` [PATCH v2 2/2] test/crypto: add L4 checksum case for transport mode Volodymyr Fialko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220223104046.1231153-2-vfialko@marvell.com \
--to=vfialko@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).