diff mbox series

[v2,13/13] test/crypto: add copy and set DF cases

Message ID	1638788880-650-14-git-send-email-anoobj@marvell.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Anoob Joseph <anoobj@marvell.com> To: Akhil Goyal <gakhil@marvell.com>, Declan Doherty <declan.doherty@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>, "Pablo de Lara" <pablo.de.lara.guarch@intel.com> CC: Anoob Joseph <anoobj@marvell.com>, Jerin Jacob <jerinj@marvell.com>, Archana Muniganti <marchana@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com>, Hemant Agrawal <hemant.agrawal@nxp.com>, "Radu Nicolau" <radu.nicolau@intel.com>, Ciara Power <ciara.power@intel.com>, Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org> Subject: [PATCH v2 13/13] test/crypto: add copy and set DF cases Date: Mon, 6 Dec 2021 16:38:00 +0530 Message-ID: <1638788880-650-14-git-send-email-anoobj@marvell.com> In-Reply-To: <1638788880-650-1-git-send-email-anoobj@marvell.com> References: <1638777528-553-1-git-send-email-anoobj@marvell.com> <1638788880-650-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	Add new cases to lookaside IPsec tests \| [v2,00/13] Add new cases to lookaside IPsec tests [v2,01/13] test/crypto: add IPsec aes-cbc known vectors [v2,02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 known vectors [v2,03/13] test/crypto: add chained operations in combined cases [v2,04/13] test/crypto: add IPv6 tunnel mode cases [v2,05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors [v2,06/13] test/crypto: add IPsec fragmented packet known vectors [v2,07/13] test/crypto: add transport mode cases [v2,08/13] test/crypto: add security stats cases [v2,09/13] test/crypto: add lookaside IPsec AES-CTR known vectors [v2,10/13] test/crypto: add fragmented packet case [v2,11/13] test/crypto: skip null auth in ICV corrupt case [v2,12/13] test/crypto: add aes xcbc known vectors [v2,13/13] test/crypto: add copy and set DF cases

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK
ci/github-robot: build	success	github build: passed
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/intel-Testing	success	Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	warning	Testing issues

Commit Message

Anoob Joseph Dec. 6, 2021, 11:08 a.m. UTC

  Add test cases to verify copy DF and set DF options with lookaside IPsec
offload.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 app/test/test_cryptodev.c                | 75 ++++++++++++++++++++++++++++++++
 app/test/test_cryptodev_security_ipsec.c | 71 ++++++++++++++++++++++++++++--
 app/test/test_cryptodev_security_ipsec.h | 10 +++++
 doc/guides/rel_notes/release_22_03.rst   |  1 +
 4 files changed, 154 insertions(+), 3 deletions(-)

diff mbox series

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 203b4a4..f808719 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9169,6 +9169,13 @@  test_ipsec_proto_process(const struct ipsec_test_data td[],
 			       sizeof(src));
 			memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
 			       sizeof(dst));
+
+			if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+				ipsec_xform.tunnel.ipv4.df = 0;
+
+			if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0)
+				ipsec_xform.tunnel.ipv4.df = 1;
+
 		} else {
 			memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
 			       sizeof(v6_src));
@@ -9282,6 +9289,9 @@  test_ipsec_proto_process(const struct ipsec_test_data td[],
 		memcpy(input_text, td[i].input_text.data,
 		       td[i].input_text.len);
 
+		if (test_ipsec_pkt_update(input_text, flags))
+			return TEST_FAILED;
+
 		/* Generate crypto op data structure */
 		ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 					RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -9700,6 +9710,55 @@  test_ipsec_proto_pkt_fragment(const void *data __rte_unused)
 	flags.fragment = true;
 
 	return test_ipsec_proto_all(&flags);
+
+}
+
+static int
+test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.df = TEST_IPSEC_COPY_DF_INNER_0;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.df = TEST_IPSEC_COPY_DF_INNER_1;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.df = TEST_IPSEC_SET_DF_0_INNER_1;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.df = TEST_IPSEC_SET_DF_1_INNER_0;
+
+	return test_ipsec_proto_all(&flags);
 }
 
 static int
@@ -14724,6 +14783,22 @@  static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Fragmented packet",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_pkt_fragment),
+		TEST_CASE_NAMED_ST(
+			"Tunnel header copy DF (inner 0)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_copy_df_inner_0),
+		TEST_CASE_NAMED_ST(
+			"Tunnel header copy DF (inner 1)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_copy_df_inner_1),
+		TEST_CASE_NAMED_ST(
+			"Tunnel header set DF 0 (inner 1)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_set_df_0_inner_1),
+		TEST_CASE_NAMED_ST(
+			"Tunnel header set DF 1 (inner 0)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_set_df_1_inner_0),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 94e5213..e662ea2 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -427,6 +427,9 @@  test_ipsec_td_prepare(const struct crypto_param *param1,
 			ip->hdr_checksum = rte_ipv4_cksum(ip);
 		}
 
+		if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+		    flags->df == TEST_IPSEC_COPY_DF_INNER_1)
+			td->ipsec_xform.options.copy_df = 1;
 	}
 }
 
@@ -640,6 +643,7 @@  test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 {
 	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
 	uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+	uint8_t td_output_text[4096];
 	int ret;
 
 	/* For tests with status as error for test success, skip verification */
@@ -720,16 +724,21 @@  test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		return ret;
 	}
 
+	memcpy(td_output_text, td->output_text.data + skip, len);
 
-	if (memcmp(output_text, td->output_text.data + skip, len)) {
+	if (test_ipsec_pkt_update(td_output_text, flags)) {
+		printf("Could not update expected vector");
+		return TEST_FAILED;
+	}
+
+	if (memcmp(output_text, td_output_text, len)) {
 		if (silent)
 			return TEST_FAILED;
 
 		printf("TestCase %s line %d: %s\n", __func__, __LINE__,
 			"output text not as expected\n");
 
-		rte_hexdump(stdout, "expected", td->output_text.data + skip,
-			    len);
+		rte_hexdump(stdout, "expected", td_output_text, len);
 		rte_hexdump(stdout, "actual", output_text, len);
 		return TEST_FAILED;
 	}
@@ -797,10 +806,27 @@  test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		} else {
 			if (td->ipsec_xform.tunnel.type ==
 					RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+				uint16_t f_off;
+
 				if (is_valid_ipv4_pkt(iph4) == false) {
 					printf("Tunnel outer header is not IPv4\n");
 					return TEST_FAILED;
 				}
+
+				f_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+				if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+				    flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+					if (!(f_off & RTE_IPV4_HDR_DF_FLAG)) {
+						printf("DF bit is not set\n");
+						return TEST_FAILED;
+					}
+				} else {
+					if ((f_off & RTE_IPV4_HDR_DF_FLAG)) {
+						printf("DF bit is set\n");
+						return TEST_FAILED;
+					}
+				}
 			} else {
 				iph6 = (const struct rte_ipv6_hdr *)output_text;
 				if (is_valid_ipv6_pkt(iph6) == false) {
@@ -909,3 +935,42 @@  test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 
 	return ret;
 }
+
+int
+test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags)
+{
+	struct rte_ipv4_hdr *iph4;
+	bool cksum_dirty = false;
+	uint16_t frag_off;
+
+	iph4 = (struct rte_ipv4_hdr *)pkt;
+
+	if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+	    flags->df == TEST_IPSEC_SET_DF_0_INNER_1 ||
+	    flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+	    flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+
+		if (!is_ipv4(iph4)) {
+			printf("Invalid packet type");
+			return -1;
+		}
+
+		frag_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+		if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+		    flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+			frag_off |= RTE_IPV4_HDR_DF_FLAG;
+		else
+			frag_off &= ~RTE_IPV4_HDR_DF_FLAG;
+
+		iph4->fragment_offset = rte_cpu_to_be_16(frag_off);
+		cksum_dirty = true;
+	}
+
+	if (cksum_dirty && is_ipv4(iph4)) {
+		iph4->hdr_checksum = 0;
+		iph4->hdr_checksum = rte_ipv4_cksum(iph4);
+	}
+
+	return 0;
+}
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 6e27eba..12a9b77 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -50,6 +50,13 @@  struct ipsec_test_data {
 	} xform;
 };
 
+enum df_flags {
+	TEST_IPSEC_COPY_DF_INNER_0 = 1,
+	TEST_IPSEC_COPY_DF_INNER_1,
+	TEST_IPSEC_SET_DF_0_INNER_1,
+	TEST_IPSEC_SET_DF_1_INNER_0,
+};
+
 struct ipsec_test_flags {
 	bool display_alg;
 	bool sa_expiry_pkts_soft;
@@ -66,6 +73,7 @@  struct ipsec_test_flags {
 	bool transport;
 	bool fragment;
 	bool stats_success;
+	enum df_flags df;
 };
 
 struct crypto_param {
@@ -226,4 +234,6 @@  int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 			    const struct ipsec_test_flags *flags,
 			    enum rte_security_ipsec_sa_direction dir);
 
+int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
+
 #endif
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index a7d0e53..1c6b846 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -72,6 +72,7 @@  New Features
   * Added tunnel mode fragment packet tests.
   * Added security stats tests.
   * Added AES-CTR tests.
+  * Added set/copy DF tests.
 
 
 Removed Items