From: Aakash Sasidharan <asasidharan@marvell.com>
To: Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>,
Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Cc: <gakhil@marvell.com>, <jerinj@marvell.com>, <anoobj@marvell.com>,
<vvelumuri@marvell.com>, <asasidharan@marvell.com>,
<dev@dpdk.org>
Subject: [PATCH v4 2/2] test/ipsec: add unit test for stateless processing
Date: Fri, 4 Oct 2024 12:04:43 +0530 [thread overview]
Message-ID: <20241004063443.179264-2-asasidharan@marvell.com> (raw)
In-Reply-To: <20241004063443.179264-1-asasidharan@marvell.com>
Add unit test for IPsec stateless processing.
Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
app/test/test_ipsec.c | 113 ++++++++++++++++++++++++++++++++++++------
1 file changed, 99 insertions(+), 14 deletions(-)
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 6cb1bac1e7..ac63c3b6d3 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -53,6 +53,7 @@ test_ipsec(void)
#define BURST_SIZE 32
#define REORDER_PKTS 1
#define DEQUEUE_COUNT 1000
+#define SQN_START 255
struct user_params {
enum rte_crypto_sym_xform_type auth;
@@ -82,6 +83,7 @@ struct ipsec_unitest_params {
struct rte_security_ipsec_xform ipsec_xform;
+ struct rte_ipsec_state ipsec_state;
struct rte_ipsec_sa_prm sa_prm;
struct rte_ipsec_session ss[MAX_NB_SAS];
@@ -91,6 +93,7 @@ struct ipsec_unitest_params {
*testbuf[BURST_SIZE];
uint16_t pkt_index;
+ bool is_stateless;
};
struct ipsec_test_cfg {
@@ -773,8 +776,13 @@ crypto_ipsec(uint16_t num_pkts)
struct rte_ipsec_group grp[1];
/* call crypto prepare */
- k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
- ut_params->cop, num_pkts);
+ if (ut_params->is_stateless && (ut_params->ipsec_state.sqn != 0))
+ k = rte_ipsec_pkt_crypto_prepare_stateless(&ut_params->ss[0],
+ ut_params->ibuf, ut_params->cop, num_pkts, &ut_params->ipsec_state);
+ else
+ k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
+ ut_params->cop, num_pkts);
+
if (k != num_pkts) {
RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
return TEST_FAILED;
@@ -1322,23 +1330,35 @@ crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
}
static int
-test_ipsec_crypto_outb_burst_null_null(int i)
+test_ipsec_verify_sqn(struct ipsec_unitest_params *ut_params,
+ uint16_t num_pkts, uint32_t sqn_start)
+{
+ struct rte_esp_hdr esph;
+ uint8_t *obuf_data;
+ uint32_t sqn;
+ uint16_t j;
+
+ for (j = 0; j < num_pkts; j++) {
+ obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
+
+ memcpy(&esph, obuf_data + sizeof(ipv4_outer), sizeof(esph));
+ sqn = rte_be_to_cpu_32(esph.seq);
+ TEST_ASSERT_EQUAL(sqn, sqn_start + j,
+ "Invalid sequence number in packet %u\n", j);
+ }
+
+ return 0;
+}
+
+static int
+test_ipsec_crypto_outb_single_burst_null_null(int i, uint32_t sqn_start)
{
struct ipsec_testsuite_params *ts_params = &testsuite_params;
struct ipsec_unitest_params *ut_params = &unittest_params;
uint16_t num_pkts = test_cfg[i].num_pkts;
uint16_t j;
- int32_t rc;
-
- /* create rte_ipsec_sa*/
- rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
- test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
- if (rc != 0) {
- RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
- return rc;
- }
+ int rc = 0;
- /* Generate input mbuf data */
for (j = 0; j < num_pkts && rc == 0; j++) {
ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
null_plain_data, sizeof(null_plain_data),
@@ -1351,7 +1371,7 @@ test_ipsec_crypto_outb_burst_null_null(int i)
ut_params->testbuf[j] = setup_test_string_tunneled(
ts_params->mbuf_pool,
null_plain_data, test_cfg[i].pkt_sz,
- OUTBOUND_SPI, j + 1);
+ OUTBOUND_SPI, j + sqn_start);
if (ut_params->testbuf[j] == NULL)
rc = TEST_FAILED;
}
@@ -1374,10 +1394,73 @@ test_ipsec_crypto_outb_burst_null_null(int i)
if (rc == TEST_FAILED)
test_ipsec_dump_buffers(ut_params, i);
+ test_ipsec_verify_sqn(ut_params, num_pkts, sqn_start);
+
+ return rc;
+}
+
+static int
+test_ipsec_crypto_outb_burst_null_null(int i)
+{
+ struct ipsec_unitest_params *ut_params = &unittest_params;
+ uint32_t sqn_start;
+ int32_t rc;
+
+ /* create rte_ipsec_sa*/
+ rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
+ test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
+ if (rc != 0) {
+ RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
+ return rc;
+ }
+
+ /* Generate input mbuf data and test normal IPsec processing */
+ sqn_start = 1;
+ rc = test_ipsec_crypto_outb_single_burst_null_null(i, sqn_start);
+ if (rc != 0) {
+ RTE_LOG(ERR, USER1, "burst failed, cfg %d\n", i);
+ return rc;
+ }
+
+ if (ut_params->is_stateless) {
+
+ /* Generate input mbuf data for stateless IPsec processing. */
+ sqn_start = ut_params->ipsec_state.sqn = SQN_START;
+ rc = test_ipsec_crypto_outb_single_burst_null_null(i, sqn_start);
+ if (rc != 0) {
+ RTE_LOG(ERR, USER1, "stateless burst failed, cfg %d\n", i);
+ return rc;
+ }
+ }
+
destroy_sa(0);
return rc;
}
+static int
+test_ipsec_crypto_outb_burst_stateless_null_null_wrapper(void)
+{
+ struct ipsec_unitest_params *ut_params = &unittest_params;
+ int rc = 0;
+ int i;
+
+ ut_params->ipsec_xform.spi = OUTBOUND_SPI;
+ ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
+ ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
+ ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
+ ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+ ut_params->is_stateless = true;
+
+ for (i = 0; i < num_cfg && rc == 0; i++) {
+ ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
+ ut_params->ipsec_state.sqn = 0;
+ rc = test_ipsec_crypto_outb_burst_null_null(i);
+
+ }
+
+ return rc;
+}
+
static int
test_ipsec_crypto_outb_burst_null_null_wrapper(void)
{
@@ -2496,6 +2579,8 @@ static struct unit_test_suite ipsec_testsuite = {
test_ipsec_crypto_inb_burst_null_null_wrapper),
TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
test_ipsec_crypto_outb_burst_null_null_wrapper),
+ TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
+ test_ipsec_crypto_outb_burst_stateless_null_null_wrapper),
TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
--
2.25.1
prev parent reply other threads:[~2024-10-04 6:34 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-07 10:25 [PATCH] ipsec: allow stateless IPsec processing Aakash Sasidharan
2024-09-08 11:57 ` [PATCH v2] " Aakash Sasidharan
2024-09-17 17:13 ` Konstantin Ananyev
2024-09-20 2:12 ` Aakash Sasidharan
2024-09-20 5:53 ` Aakash Sasidharan
2024-09-25 11:59 ` Aakash Sasidharan
2024-10-03 13:45 ` [PATCH v3 1/2] " Aakash Sasidharan
2024-10-03 13:45 ` [PATCH v3 2/2] test/ipsec: add unit test for stateless processing Aakash Sasidharan
2024-10-04 6:34 ` [PATCH v4 1/2] ipsec: allow stateless IPsec processing Aakash Sasidharan
2024-10-04 6:34 ` Aakash Sasidharan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241004063443.179264-2-asasidharan@marvell.com \
--to=asasidharan@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=vladimir.medvedkin@intel.com \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).