test/crypto: add IPsec transport mode cases
Added IPsec transport mode test cases for IPv4 packets in the test app. Signed-off-by: Anoob Joseph <anoobj@marvell.com> Acked-by: Akhil Goyal <gakhil@marvell.com>
This commit is contained in:
parent
b7986bde8e
commit
65d68c7cd7
@ -9162,16 +9162,20 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
|
||||
dst += 1;
|
||||
}
|
||||
|
||||
if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
|
||||
if (td->ipsec_xform.tunnel.type ==
|
||||
RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
|
||||
memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
|
||||
memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
|
||||
memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src,
|
||||
sizeof(src));
|
||||
memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
|
||||
sizeof(dst));
|
||||
} else {
|
||||
memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
|
||||
sizeof(v6_src));
|
||||
memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
|
||||
sizeof(v6_dst));
|
||||
}
|
||||
}
|
||||
|
||||
ctx = rte_cryptodev_get_sec_ctx(dev_id);
|
||||
|
||||
@ -9635,6 +9639,19 @@ test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
|
||||
return test_ipsec_proto_all(&flags);
|
||||
}
|
||||
|
||||
static int
|
||||
test_ipsec_proto_transport_v4(const void *data __rte_unused)
|
||||
{
|
||||
struct ipsec_test_flags flags;
|
||||
|
||||
memset(&flags, 0, sizeof(flags));
|
||||
|
||||
flags.ipv6 = false;
|
||||
flags.transport = true;
|
||||
|
||||
return test_ipsec_proto_all(&flags);
|
||||
}
|
||||
|
||||
static int
|
||||
test_PDCP_PROTO_all(void)
|
||||
{
|
||||
@ -14635,6 +14652,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
|
||||
"Tunnel IPv6 in IPv4",
|
||||
ut_setup_security, ut_teardown,
|
||||
test_ipsec_proto_tunnel_v6_in_v4),
|
||||
TEST_CASE_NAMED_ST(
|
||||
"Transport IPv4",
|
||||
ut_setup_security, ut_teardown,
|
||||
test_ipsec_proto_transport_v4),
|
||||
TEST_CASES_END() /**< NULL terminate unit test array */
|
||||
}
|
||||
};
|
||||
|
@ -400,12 +400,21 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
|
||||
test_ipsec_csum_init(&td->input_text.data, false, true);
|
||||
}
|
||||
|
||||
if (flags->transport) {
|
||||
td->ipsec_xform.mode =
|
||||
RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT;
|
||||
} else {
|
||||
td->ipsec_xform.mode =
|
||||
RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
|
||||
|
||||
if (flags->tunnel_ipv6)
|
||||
td->ipsec_xform.tunnel.type =
|
||||
RTE_SECURITY_IPSEC_TUNNEL_IPV6;
|
||||
else
|
||||
td->ipsec_xform.tunnel.type =
|
||||
RTE_SECURITY_IPSEC_TUNNEL_IPV4;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
@ -748,32 +757,48 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
|
||||
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
|
||||
int ret;
|
||||
|
||||
if (flags->iv_gen &&
|
||||
td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
|
||||
if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
|
||||
const struct rte_ipv4_hdr *iph4;
|
||||
const struct rte_ipv6_hdr *iph6;
|
||||
|
||||
if (flags->iv_gen) {
|
||||
ret = test_ipsec_iv_verify_push(m, td);
|
||||
if (ret != TEST_SUCCESS)
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
|
||||
const struct rte_ipv4_hdr *iph4;
|
||||
const struct rte_ipv6_hdr *iph6;
|
||||
iph4 = (const struct rte_ipv4_hdr *)output_text;
|
||||
|
||||
if (td->ipsec_xform.mode ==
|
||||
RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) {
|
||||
if (flags->ipv6) {
|
||||
iph6 = (const struct rte_ipv6_hdr *)output_text;
|
||||
if (is_valid_ipv6_pkt(iph6) == false) {
|
||||
printf("Transport packet is not IPv6\n");
|
||||
return TEST_FAILED;
|
||||
}
|
||||
} else {
|
||||
if (is_valid_ipv4_pkt(iph4) == false) {
|
||||
printf("Transport packet is not IPv4\n");
|
||||
return TEST_FAILED;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (td->ipsec_xform.tunnel.type ==
|
||||
RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
|
||||
iph4 = (const struct rte_ipv4_hdr *)output_text;
|
||||
if (is_valid_ipv4_pkt(iph4) == false) {
|
||||
printf("Outer header is not IPv4\n");
|
||||
printf("Tunnel outer header is not IPv4\n");
|
||||
return TEST_FAILED;
|
||||
}
|
||||
} else {
|
||||
iph6 = (const struct rte_ipv6_hdr *)output_text;
|
||||
if (is_valid_ipv6_pkt(iph6) == false) {
|
||||
printf("Outer header is not IPv6\n");
|
||||
printf("Tunnel outer header is not IPv6\n");
|
||||
return TEST_FAILED;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* In case of known vector tests & all inbound tests, res_d provided
|
||||
|
@ -63,6 +63,7 @@ struct ipsec_test_flags {
|
||||
bool l4_csum;
|
||||
bool ipv6;
|
||||
bool tunnel_ipv6;
|
||||
bool transport;
|
||||
bool fragment;
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user