[PATCH] test/security: skip IPsec post process for negative tests

DPDK patches and discussions
 help / color / mirror / Atom feed

* [PATCH] test/security: skip IPsec post process for negative tests
@ 2024-10-03 10:37 Srujana Challa
  0 siblings, 0 replies; only message in thread
From: Srujana Challa @ 2024-10-03 10:37 UTC (permalink / raw)
  To: dev; +Cc: gakhil, anoobj, schalla

Skips calling test_ipsec_post_process for negative inline IPsec tests
as received packet might not be valid for a negative case.

Signed-off-by: Srujana Challa <schalla@marvell.com>
---
 app/test/test_cryptodev_security_ipsec.c |  1 +
 app/test/test_security_inline_proto.c    | 25 +++++++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 1aba1ad993..5fb5907473 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -916,6 +916,7 @@ test_ipsec_post_process(const struct rte_mbuf *m, const struct ipsec_test_data *
 		seg = seg->next;
 	}
 	len = RTE_MIN(len, data_len);
+	TEST_ASSERT(len <= IPSEC_TEXT_MAX_LEN, "Invalid packet length: %u", len);
 	/* Copy mbuf payload to continuous buffer */
 	output = rte_pktmbuf_read(m, 0, len, output_text);
 	if (output != output_text)
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 10f7e58caa..480469f672 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -1449,12 +1449,27 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
 	for (i = 0; i < nb_rx; i++) {
 		rte_pktmbuf_adj(rx_pkts_burst[i], RTE_ETHER_HDR_LEN);
 
-		ret = test_ipsec_post_process(rx_pkts_burst[i], td,
-					      res_d, silent, flags);
-		if (ret != TEST_SUCCESS) {
-			for ( ; i < nb_rx; i++)
+		/* For tests with status as error for test success,
+		 * skip verification
+		 */
+		if (td->ipsec_xform.direction ==
+		    RTE_SECURITY_IPSEC_SA_DIR_INGRESS && (flags->icv_corrupt ||
+		    flags->sa_expiry_pkts_hard || flags->tunnel_hdr_verify ||
+		    td->ar_packet)) {
+			if (!(rx_pkts_burst[i]->ol_flags &
+			    RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) {
 				rte_pktmbuf_free(rx_pkts_burst[i]);
-			goto out;
+				rx_pkts_burst[i] = NULL;
+				return TEST_FAILED;
+			}
+		} else {
+			ret = test_ipsec_post_process(rx_pkts_burst[i], td,
+						      res_d, silent, flags);
+			if (ret != TEST_SUCCESS) {
+				for ( ; i < nb_rx; i++)
+					rte_pktmbuf_free(rx_pkts_burst[i]);
+				goto out;
+			}
 		}
 
 		ret = test_ipsec_stats_verify(ctx, ses, flags,
-- 
2.25.1


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-10-03 10:37 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-03 10:37 [PATCH] test/security: skip IPsec post process for negative tests Srujana Challa

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).