[v4,5/5] test/crypto: add UDP encapsulation test cases
Checks
Commit Message
From: Tejasree Kondoj <ktejasree@marvell.com>
Adding UDP encapsulation test cases.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
app/test/test_cryptodev.c | 19 +++++++++++++++++++
app/test/test_cryptodev_security_ipsec.c | 28 ++++++++++++++++++++++++++++
app/test/test_cryptodev_security_ipsec.h | 1 +
doc/guides/rel_notes/release_21_11.rst | 7 +++++++
4 files changed, 55 insertions(+)
Comments
> Subject: [PATCH v4 5/5] test/crypto: add UDP encapsulation test cases
Test/crypto: add UDP encapsulated IPSec cases
>
> From: Tejasree Kondoj <ktejasree@marvell.com>
>
> Adding UDP encapsulation test cases.
Elaborate the description as well
Apart from that,
Acked-by: Akhil Goyal <gakhil@marvell.com>
>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
> +* **Added lookaside protocol (IPsec) tests in dpdk-test.**
> +
> + * Added known vector tests (AES-GCM 128, 192, 256).
> + * Added tests to verify error reporting with ICV corruption.
> + * Added tests to verify IV generation.
> + * Added tests to verify UDP encapsulation.
> +
If each case is added as a separate bullet in release notes,
Then each of them should be added in the corresponding patch.
@@ -8942,6 +8942,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
sec_cap_idx.ipsec.mode = ipsec_xform.mode;
sec_cap_idx.ipsec.direction = ipsec_xform.direction;
+ if (flags->udp_encap)
+ ipsec_xform.options.udp_encap = 1;
+
sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
if (sec_cap == NULL)
return TEST_SKIPPED;
@@ -9153,6 +9156,18 @@ test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
}
static int
+test_ipsec_proto_udp_encap(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.udp_encap = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14068,6 +14083,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_iv_gen),
TEST_CASE_NAMED_ST(
+ "UDP encapsulation",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_udp_encap),
+ TEST_CASE_NAMED_ST(
"Negative test: ICV corruption",
ut_setup_security, ut_teardown,
test_ipsec_proto_err_icv_corrupt),
@@ -7,6 +7,7 @@
#include <rte_esp.h>
#include <rte_ip.h>
#include <rte_security.h>
+#include <rte_udp.h>
#include "test.h"
#include "test_cryptodev_security_ipsec.h"
@@ -183,6 +184,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],
int icv_pos = td_inb[i].input_text.len - 4;
td_inb[i].input_text.data[icv_pos] += 1;
}
+
+ if (flags->udp_encap)
+ td_inb[i].ipsec_xform.options.udp_encap = 1;
}
}
@@ -268,6 +272,30 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
return TEST_SUCCESS;
+ if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+ flags->udp_encap) {
+ const struct rte_ipv4_hdr *iph4;
+ const struct rte_ipv6_hdr *iph6;
+
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ iph4 = (const struct rte_ipv4_hdr *)output_text;
+ if (iph4->next_proto_id != IPPROTO_UDP) {
+ printf("UDP header is not found\n");
+ return TEST_FAILED;
+ }
+ } else {
+ iph6 = (const struct rte_ipv6_hdr *)output_text;
+ if (iph6->proto != IPPROTO_UDP) {
+ printf("UDP header is not found\n");
+ return TEST_FAILED;
+ }
+ }
+
+ len -= sizeof(struct rte_udp_hdr);
+ output_text += sizeof(struct rte_udp_hdr);
+ }
+
if (len != td->output_text.len) {
printf("Output length (%d) not matching with expected (%d)\n",
len, td->output_text.len);
@@ -51,6 +51,7 @@ struct ipsec_test_flags {
bool display_alg;
bool icv_corrupt;
bool iv_gen;
+ bool udp_encap;
};
struct crypto_param {
@@ -87,6 +87,13 @@ New Features
Added command-line options to specify total number of processes and
current process ID. Each process owns subset of Rx and Tx queues.
+* **Added lookaside protocol (IPsec) tests in dpdk-test.**
+
+ * Added known vector tests (AES-GCM 128, 192, 256).
+ * Added tests to verify error reporting with ICV corruption.
+ * Added tests to verify IV generation.
+ * Added tests to verify UDP encapsulation.
+
Removed Items
-------------