* [dpdk-test-report] |WARNING| pw98271-98273 [PATCH] [3/3] test/crypto: add tunnel header verification tests
@ 2021-09-08 14:44 dpdklab
0 siblings, 0 replies; only message in thread
From: dpdklab @ 2021-09-08 14:44 UTC (permalink / raw)
To: test-report; +Cc: dpdk-test-reports
[-- Attachment #1: Type: text/plain, Size: 7366 bytes --]
Test-Label: iol-testing
Test-Status: WARNING
http://dpdk.org/patch/98271
_apply patch failure_
Submitter: Tejasree Kondoj <ktejasree@marvell.com>
Date: Wednesday, September 08 2021 08:21:11
Applied on: CommitID:b344eb5d941a7522ff27b6b7b5419f68c3fea9a0
Apply patch set 98271-98273 failed:
Checking patch doc/guides/rel_notes/release_21_11.rst...
error: while searching for:
soft and hard SA expiry limits. Limits can be either in units of packets or
bytes.
Known Issues
------------
error: patch failed: doc/guides/rel_notes/release_21_11.rst:136
Checking patch lib/security/rte_security.h...
error: while searching for:
* by the PMD.
*/
uint32_t iv_gen_disable : 1;
};
/** IPSec security association direction */
error: patch failed: lib/security/rte_security.h:195
Applying patch doc/guides/rel_notes/release_21_11.rst with 1 reject...
Rejected hunk #1.
Applying patch lib/security/rte_security.h with 1 reject...
Hunk #1 applied cleanly.
Rejected hunk #2.
diff a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst (rejected hunks)
@@ -136,6 +136,11 @@ ABI Changes
soft and hard SA expiry limits. Limits can be either in units of packets or
bytes.
+* security: add IPsec SA option to configure tunnel header verification
+
+ * Added SA option to indicate whether outer header verification need to be
+ done as part of inbound IPsec processing.
+
Known Issues
------------
diff a/lib/security/rte_security.h b/lib/security/rte_security.h (rejected hunks)
@@ -195,6 +203,15 @@ struct rte_security_ipsec_sa_options {
* by the PMD.
*/
uint32_t iv_gen_disable : 1;
+
+ /** Verify tunnel header in inbound
+ * * ``RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR``: Verify destination
+ * IP address.
+ *
+ * * ``RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR``: Verify both
+ * source and destination IP addresses.
+ */
+ uint32_t tunnel_hdr_verify : 2;
};
/** IPSec security association direction */
Checking patch drivers/common/cnxk/cnxk_security.c...
Hunk #1 succeeded at 117 (offset -82 lines).
Hunk #2 succeeded at 202 (offset -83 lines).
Checking patch drivers/common/cnxk/roc_ie_ot.h...
Hunk #1 succeeded at 203 (offset 23 lines).
Checking patch drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c...
error: while searching for:
#ifdef LA_IPSEC_DEBUG
sec_cap->ipsec.options.iv_gen_disable = 1;
#endif
}
}
error: patch failed: drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c:920
Applied patch drivers/common/cnxk/cnxk_security.c cleanly.
Applied patch drivers/common/cnxk/roc_ie_ot.h cleanly.
Applying patch drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c with 1 reject...
Rejected hunk #1.
diff a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c (rejected hunks)
@@ -920,6 +920,10 @@ cn10k_sec_caps_update(struct rte_security_capability *sec_cap)
#ifdef LA_IPSEC_DEBUG
sec_cap->ipsec.options.iv_gen_disable = 1;
#endif
+ } else {
+ if (sec_cap->ipsec.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
+ sec_cap->ipsec.options.tunnel_hdr_verify =
+ RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;
}
}
Checking patch app/test/test_cryptodev.c...
error: while searching for:
int salt_len, i, ret = TEST_SUCCESS;
struct rte_security_ctx *ctx;
uint8_t *input_text;
ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
error: patch failed: app/test/test_cryptodev.c:8876
error: while searching for:
/* Copy IPsec xform */
memcpy(&ipsec_xform, &td[0].ipsec_xform, sizeof(ipsec_xform));
memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
dir = ipsec_xform.direction;
ctx = rte_cryptodev_get_sec_ctx(dev_id);
sec_cap_idx.action = ut_params->type;
error: patch failed: app/test/test_cryptodev.c:8885
error: while searching for:
return test_ipsec_proto_all(&flags);
}
static int
test_PDCP_PROTO_all(void)
{
error: patch failed: app/test/test_cryptodev.c:9181
error: while searching for:
"Negative test: ICV corruption",
ut_setup_security, ut_teardown,
test_ipsec_proto_err_icv_corrupt),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
error: patch failed: app/test/test_cryptodev.c:14124
Checking patch app/test/test_cryptodev_security_ipsec.c...
error: app/test/test_cryptodev_security_ipsec.c: does not exist in index
Checking patch app/test/test_cryptodev_security_ipsec.h...
error: app/test/test_cryptodev_security_ipsec.h: does not exist in index
Checking patch app/test/test_cryptodev_security_ipsec_test_vectors.h...
error: app/test/test_cryptodev_security_ipsec_test_vectors.h: does not exist in index
Applying patch app/test/test_cryptodev.c with 4 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
diff a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c (rejected hunks)
@@ -8876,6 +8876,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
int salt_len, i, ret = TEST_SUCCESS;
struct rte_security_ctx *ctx;
uint8_t *input_text;
+ uint32_t verify;
ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
@@ -8885,11 +8886,19 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
/* Copy IPsec xform */
memcpy(&ipsec_xform, &td[0].ipsec_xform, sizeof(ipsec_xform));
+ dir = ipsec_xform.direction;
+ verify = flags->tunnel_hdr_verify;
+
+ if ((dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && verify) {
+ if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR)
+ src += 1;
+ else if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR)
+ dst += 1;
+ }
+
memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
- dir = ipsec_xform.direction;
-
ctx = rte_cryptodev_get_sec_ctx(dev_id);
sec_cap_idx.action = ut_params->type;
@@ -9181,6 +9190,30 @@ test_ipsec_proto_udp_encap(const void *data __rte_unused)
return test_ipsec_proto_all(&flags);
}
+static int
+test_ipsec_proto_tunnel_src_dst_addr_verify(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_dst_addr_verify(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR;
+
+ return test_ipsec_proto_all(&flags);
+}
+
static int
test_PDCP_PROTO_all(void)
{
@@ -14124,6 +14157,14 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"Negative test: ICV corruption",
ut_setup_security, ut_teardown,
test_ipsec_proto_err_icv_corrupt),
+ TEST_CASE_NAMED_ST(
+ "Tunnel dst addr verification",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_dst_addr_verify),
+ TEST_CASE_NAMED_ST(
+ "Tunnel src and dst addr verification",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_src_dst_addr_verify),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
https://lab.dpdk.org/results/dashboard/patchsets/18616/
UNH-IOL DPDK Community Lab
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-08 14:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-08 14:44 [dpdk-test-report] |WARNING| pw98271-98273 [PATCH] [3/3] test/crypto: add tunnel header verification tests dpdklab
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).