test_ipsec_csum_init(&td->input_text.data, false, true);
}
- if (flags->tunnel_ipv6)
- td->ipsec_xform.tunnel.type =
- RTE_SECURITY_IPSEC_TUNNEL_IPV6;
- else
- td->ipsec_xform.tunnel.type =
- RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+ if (flags->transport) {
+ td->ipsec_xform.mode =
+ RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT;
+ } else {
+ td->ipsec_xform.mode =
+ RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
+
+ if (flags->tunnel_ipv6)
+ td->ipsec_xform.tunnel.type =
+ RTE_SECURITY_IPSEC_TUNNEL_IPV6;
+ else
+ td->ipsec_xform.tunnel.type =
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+ }
+
+ if (flags->stats_success)
+ td->ipsec_xform.options.stats = 1;
+
+ if (flags->fragment) {
+ struct rte_ipv4_hdr *ip;
+ ip = (struct rte_ipv4_hdr *)&td->input_text.data;
+ ip->fragment_offset = 4;
+ ip->hdr_checksum = rte_ipv4_cksum(ip);
+ }
}
}
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
int ret;
- if (flags->iv_gen &&
- td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
- ret = test_ipsec_iv_verify_push(m, td);
- if (ret != TEST_SUCCESS)
- return ret;
- }
-
if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
const struct rte_ipv4_hdr *iph4;
const struct rte_ipv6_hdr *iph6;
- if (td->ipsec_xform.tunnel.type ==
- RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
- iph4 = (const struct rte_ipv4_hdr *)output_text;
- if (is_valid_ipv4_pkt(iph4) == false) {
- printf("Outer header is not IPv4\n");
- return TEST_FAILED;
+ if (flags->iv_gen) {
+ ret = test_ipsec_iv_verify_push(m, td);
+ if (ret != TEST_SUCCESS)
+ return ret;
+ }
+
+ iph4 = (const struct rte_ipv4_hdr *)output_text;
+
+ if (td->ipsec_xform.mode ==
+ RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) {
+ if (flags->ipv6) {
+ iph6 = (const struct rte_ipv6_hdr *)output_text;
+ if (is_valid_ipv6_pkt(iph6) == false) {
+ printf("Transport packet is not IPv6\n");
+ return TEST_FAILED;
+ }
+ } else {
+ if (is_valid_ipv4_pkt(iph4) == false) {
+ printf("Transport packet is not IPv4\n");
+ return TEST_FAILED;
+ }
}
} else {
- iph6 = (const struct rte_ipv6_hdr *)output_text;
- if (is_valid_ipv6_pkt(iph6) == false) {
- printf("Outer header is not IPv6\n");
- return TEST_FAILED;
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ if (is_valid_ipv4_pkt(iph4) == false) {
+ printf("Tunnel outer header is not IPv4\n");
+ return TEST_FAILED;
+ }
+ } else {
+ iph6 = (const struct rte_ipv6_hdr *)output_text;
+ if (is_valid_ipv6_pkt(iph6) == false) {
+ printf("Tunnel outer header is not IPv6\n");
+ return TEST_FAILED;
+ }
}
}
}
return ret;
}
+
+int
+test_ipsec_stats_verify(struct rte_security_ctx *ctx,
+ struct rte_security_session *sess,
+ const struct ipsec_test_flags *flags,
+ enum rte_security_ipsec_sa_direction dir)
+{
+ struct rte_security_stats stats = {0};
+ int ret = TEST_SUCCESS;
+
+ if (flags->stats_success) {
+ if (rte_security_session_stats_get(ctx, sess, &stats) < 0)
+ return TEST_FAILED;
+
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ if (stats.ipsec.opackets != 1 ||
+ stats.ipsec.oerrors != 0)
+ ret = TEST_FAILED;
+ } else {
+ if (stats.ipsec.ipackets != 1 ||
+ stats.ipsec.ierrors != 0)
+ ret = TEST_FAILED;
+ }
+ }
+
+ return ret;
+}