From: dpdklab@iol.unh.edu
To: test-report@dpdk.org
Cc: dpdk-test-reports@iol.unh.edu
Subject: [dpdk-test-report] |WARNING| pw98204-98209 [PATCH] [v2, 6/6] examples/ipsec-secgw: clear soft expiry configuration
Date: Tue, 7 Sep 2021 13:49:21 -0400 (EDT) [thread overview]
Message-ID: <20210907174921.5F92CA600@noxus.dpdklab.iol.unh.edu> (raw)
[-- Attachment #1: Type: text/plain, Size: 9420 bytes --]
Test-Label: iol-testing
Test-Status: WARNING
http://dpdk.org/patch/98204
_apply patch failure_
Submitter: Anoob Joseph <anoobj@marvell.com>
Date: Tuesday, September 07 2021 16:32:52
Applied on: CommitID:b344eb5d941a7522ff27b6b7b5419f68c3fea9a0
Apply patch set 98204-98209 failed:
Checking patch app/test/test_cryptodev_security_ipsec_test_vectors.h...
error: app/test/test_cryptodev_security_ipsec_test_vectors.h: does not exist in index
Checking patch doc/guides/rel_notes/deprecation.rst...
Checking patch doc/guides/rel_notes/release_21_11.rst...
Hunk #1 succeeded at 91 (offset -11 lines).
error: while searching for:
* Added IPsec SA option to disable IV generation to allow known vector
tests as well as usage of application provided IV on supported PMDs.
Known Issues
------------
error: patch failed: doc/guides/rel_notes/release_21_11.rst:123
Checking patch examples/ipsec-secgw/ipsec.c...
Checking patch examples/ipsec-secgw/ipsec.h...
Checking patch lib/cryptodev/rte_crypto.h...
Checking patch lib/security/rte_security.h...
Hunk #1 succeeded at 192 (offset -14 lines).
Hunk #2 succeeded at 235 (offset -14 lines).
Applied patch doc/guides/rel_notes/deprecation.rst cleanly.
Applying patch doc/guides/rel_notes/release_21_11.rst with 1 reject...
Hunk #1 applied cleanly.
Rejected hunk #2.
Applied patch examples/ipsec-secgw/ipsec.c cleanly.
Applied patch examples/ipsec-secgw/ipsec.h cleanly.
Applied patch lib/cryptodev/rte_crypto.h cleanly.
Applied patch lib/security/rte_security.h cleanly.
diff a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst (rejected hunks)
@@ -123,6 +130,12 @@ ABI Changes
* Added IPsec SA option to disable IV generation to allow known vector
tests as well as usage of application provided IV on supported PMDs.
+* security: add IPsec SA lifetime configuration
+
+ * Added IPsec SA lifetime configuration to allow applications to configure
+ soft and hard SA expiry limits. Limits can be either in units of packets or
+ bytes.
+
Known Issues
------------
Checking patch drivers/common/cnxk/cnxk_security.c...
Hunk #1 succeeded at 99 (offset -62 lines).
Hunk #2 succeeded at 193 (offset -63 lines).
Hunk #3 succeeded at 341 (offset -64 lines).
Checking patch drivers/crypto/cnxk/cn10k_cryptodev_ops.c...
Hunk #1 succeeded at 291 (offset -57 lines).
error: while searching for:
goto temp_sess_free;
}
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
cn10k_cpt_sec_post_process(cop, res);
return;
}
/* Verify authentication data if required */
if (unlikely(infl_req->op_flags &
CPT_OP_FLAGS_AUTH_VERIFY)) {
error: patch failed: drivers/crypto/cnxk/cn10k_cryptodev_ops.c:364
Hunk #3 succeeded at 367 (offset -51 lines).
Checking patch drivers/crypto/cnxk/cn9k_ipsec.c...
error: drivers/crypto/cnxk/cn9k_ipsec.c: does not exist in index
Applied patch drivers/common/cnxk/cnxk_security.c cleanly.
Applying patch drivers/crypto/cnxk/cn10k_cryptodev_ops.c with 1 reject...
Hunk #1 applied cleanly.
Rejected hunk #2.
Hunk #3 applied cleanly.
diff a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c (rejected hunks)
@@ -364,13 +396,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
goto temp_sess_free;
}
- cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
- if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- cn10k_cpt_sec_post_process(cop, res);
- return;
- }
-
/* Verify authentication data if required */
if (unlikely(infl_req->op_flags &
CPT_OP_FLAGS_AUTH_VERIFY)) {
Checking patch app/test/test_cryptodev.c...
error: while searching for:
/* Process crypto operation */
process_crypto_request(dev_id, ut_params->op);
ret = test_ipsec_status_check(ut_params->op, flags, dir);
if (ret != TEST_SUCCESS)
goto crypto_op_free;
error: patch failed: app/test/test_cryptodev.c:8997
error: while searching for:
unsigned int i, nb_pkts = 1, pass_cnt = 0;
int ret;
if (flags->iv_gen)
nb_pkts = IPSEC_TEST_PACKETS_MAX;
for (i = 0; i < RTE_DIM(aead_list); i++) {
error: patch failed: app/test/test_cryptodev.c:9067
error: while searching for:
}
static int
test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
{
struct ipsec_test_flags flags;
error: patch failed: app/test/test_cryptodev.c:9132
error: while searching for:
ut_setup_security, ut_teardown,
test_ipsec_proto_udp_encap),
TEST_CASE_NAMED_ST(
"Negative test: ICV corruption",
ut_setup_security, ut_teardown,
test_ipsec_proto_err_icv_corrupt),
error: patch failed: app/test/test_cryptodev.c:14087
Checking patch app/test/test_cryptodev_security_ipsec.c...
error: app/test/test_cryptodev_security_ipsec.c: does not exist in index
Checking patch app/test/test_cryptodev_security_ipsec.h...
error: app/test/test_cryptodev_security_ipsec.h: does not exist in index
Applying patch app/test/test_cryptodev.c with 4 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
diff a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c (rejected hunks)
@@ -8997,7 +8997,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
/* Process crypto operation */
process_crypto_request(dev_id, ut_params->op);
- ret = test_ipsec_status_check(ut_params->op, flags, dir);
+ ret = test_ipsec_status_check(ut_params->op, flags, dir, i + 1);
if (ret != TEST_SUCCESS)
goto crypto_op_free;
@@ -9067,7 +9067,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
unsigned int i, nb_pkts = 1, pass_cnt = 0;
int ret;
- if (flags->iv_gen)
+ if (flags->iv_gen ||
+ flags->sa_expiry_pkts_soft)
nb_pkts = IPSEC_TEST_PACKETS_MAX;
for (i = 0; i < RTE_DIM(aead_list); i++) {
@@ -9132,6 +9133,18 @@ test_ipsec_proto_iv_gen(const void *data __rte_unused)
}
static int
+test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.sa_expiry_pkts_soft = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
{
struct ipsec_test_flags flags;
@@ -14087,6 +14100,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_udp_encap),
TEST_CASE_NAMED_ST(
+ "SA expiry packets soft",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_sa_exp_pkts_soft),
+ TEST_CASE_NAMED_ST(
"Negative test: ICV corruption",
ut_setup_security, ut_teardown,
test_ipsec_proto_err_icv_corrupt),
Checking patch app/test/test_cryptodev.c...
error: while searching for:
int ret;
if (flags->iv_gen ||
flags->sa_expiry_pkts_soft)
nb_pkts = IPSEC_TEST_PACKETS_MAX;
for (i = 0; i < RTE_DIM(aead_list); i++) {
error: patch failed: app/test/test_cryptodev.c:9068
error: while searching for:
}
static int
test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
{
struct ipsec_test_flags flags;
error: patch failed: app/test/test_cryptodev.c:9145
error: while searching for:
ut_setup_security, ut_teardown,
test_ipsec_proto_sa_exp_pkts_soft),
TEST_CASE_NAMED_ST(
"Negative test: ICV corruption",
ut_setup_security, ut_teardown,
test_ipsec_proto_err_icv_corrupt),
error: patch failed: app/test/test_cryptodev.c:14104
Checking patch app/test/test_cryptodev_security_ipsec.c...
error: app/test/test_cryptodev_security_ipsec.c: does not exist in index
Checking patch app/test/test_cryptodev_security_ipsec.h...
error: app/test/test_cryptodev_security_ipsec.h: does not exist in index
Applying patch app/test/test_cryptodev.c with 3 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
diff a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c (rejected hunks)
@@ -9068,7 +9068,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
int ret;
if (flags->iv_gen ||
- flags->sa_expiry_pkts_soft)
+ flags->sa_expiry_pkts_soft ||
+ flags->sa_expiry_pkts_hard)
nb_pkts = IPSEC_TEST_PACKETS_MAX;
for (i = 0; i < RTE_DIM(aead_list); i++) {
@@ -9145,6 +9146,18 @@ test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused)
}
static int
+test_ipsec_proto_sa_exp_pkts_hard(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.sa_expiry_pkts_hard = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
{
struct ipsec_test_flags flags;
@@ -14104,6 +14117,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_sa_exp_pkts_soft),
TEST_CASE_NAMED_ST(
+ "SA expiry packets hard",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_sa_exp_pkts_hard),
+ TEST_CASE_NAMED_ST(
"Negative test: ICV corruption",
ut_setup_security, ut_teardown,
test_ipsec_proto_err_icv_corrupt),
Checking patch examples/ipsec-secgw/ipsec.c...
error: examples/ipsec-secgw/ipsec.c: does not match index
Checking patch examples/ipsec-secgw/ipsec.h...
error: examples/ipsec-secgw/ipsec.h: does not match index
https://lab.dpdk.org/results/dashboard/patchsets/18605/
UNH-IOL DPDK Community Lab
reply other threads:[~2021-09-07 17:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210907174921.5F92CA600@noxus.dpdklab.iol.unh.edu \
--to=dpdklab@iol.unh.edu \
--cc=dpdk-test-reports@iol.unh.edu \
--cc=test-report@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).