test/crypto: add TTL and hop limit decrement cases

author Volodymyr Fialko <vfialko@marvell.com>

Wed, 23 Feb 2022 10:40:45 +0000 (11:40 +0100)

committer Akhil Goyal <gakhil@marvell.com>

Wed, 23 Feb 2022 10:43:41 +0000 (11:43 +0100)
author Volodymyr Fialko <vfialko@marvell.com>
Wed, 23 Feb 2022 10:40:45 +0000 (11:40 +0100)
committer Akhil Goyal <gakhil@marvell.com>
Wed, 23 Feb 2022 10:43:41 +0000 (11:43 +0100)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c

index fc3c09d86f178112ce46a384012a0ac1c4ad5117..694b073f4f53f2ad3bff1e4f83c89fdf20457616 100644 (file)
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -10102,6 +10102,27 @@ test_PDCP_PROTO_all(void)
                 return TEST_SUCCESS;
  }
  
+static int
+test_ipsec_proto_ipv4_ttl_decrement(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags = {
+               .dec_ttl_or_hop_limit = true
+       };
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv6_hop_limit_decrement(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags = {
+               .ipv6 = true,
+               .dec_ttl_or_hop_limit = true
+       };
+
+       return test_ipsec_proto_all(&flags);
+}
+
  static int
  test_docsis_proto_uplink(const void *data)
  {
@@ -15158,6 +15179,14 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
                         ut_setup_security, ut_teardown,
                         test_ipsec_proto_pkt_esn_antireplay4096,
                         &pkt_aes_128_gcm),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel header IPv4 decrement inner TTL",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_ipv4_ttl_decrement),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel header IPv6 decrement inner hop limit",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_ipv6_hop_limit_decrement),
                 TEST_CASES_END() /**< NULL terminate unit test array */
         }
  };
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c

index 3887b051357bdf2a730c0a85a1a4a366e1fcd41f..f66360f4c40e6b5903d30b89d7792a1d7f8b92b9 100644 (file)
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -443,6 +443,9 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
                 if (flags->dscp == TEST_IPSEC_COPY_DSCP_INNER_0 ||
                     flags->dscp == TEST_IPSEC_COPY_DSCP_INNER_1)
                         td->ipsec_xform.options.copy_dscp = 1;
+
+               if (flags->dec_ttl_or_hop_limit)
+                       td->ipsec_xform.options.dec_ttl = 1;
         }
  }
  
@@ -650,6 +653,32 @@ test_ipsec_l4_csum_verify(struct rte_mbuf *m)
         return TEST_SUCCESS;
  }
  
+static int
+test_ipsec_ttl_or_hop_decrement_verify(void *received, void *expected)
+{
+       struct rte_ipv4_hdr *iph4_ex, *iph4_re;
+       struct rte_ipv6_hdr *iph6_ex, *iph6_re;
+
+       if (is_ipv4(received) && is_ipv4(expected)) {
+               iph4_ex = expected;
+               iph4_re = received;
+               iph4_ex->time_to_live -= 1;
+               if (iph4_re->time_to_live != iph4_ex->time_to_live)
+                       return TEST_FAILED;
+       } else if (!is_ipv4(received) && !is_ipv4(expected)) {
+               iph6_ex = expected;
+               iph6_re = received;
+               iph6_ex->hop_limits -= 1;
+               if (iph6_re->hop_limits != iph6_ex->hop_limits)
+                       return TEST_FAILED;
+       } else {
+               printf("IP header version miss match\n");
+               return TEST_FAILED;
+       }
+
+       return TEST_SUCCESS;
+}
+
  static int
  test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
                      bool silent, const struct ipsec_test_flags *flags)
@@ -740,6 +769,14 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
  
         memcpy(td_output_text, td->output_text.data + skip, len);
  
+       if ((td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&
+                               flags->dec_ttl_or_hop_limit) {
+               if (test_ipsec_ttl_or_hop_decrement_verify(output_text, td_output_text)) {
+                       printf("Inner TTL/hop limit decrement test failed\n");
+                       return TEST_FAILED;
+               }
+       }
+
         if (test_ipsec_pkt_update(td_output_text, flags)) {
                 printf("Could not update expected vector");
                 return TEST_FAILED;
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h

index a15c1d30154987b2ebcc83265db828e7ee97ab21..7529d2ae50c5b2a7661f6cc7b52eb28452d2aff7 100644 (file)
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -87,6 +87,7 @@ struct ipsec_test_flags {
         bool antireplay;
         enum df_flags df;
         enum dscp_flags dscp;
+       bool dec_ttl_or_hop_limit;
  };
  
  struct crypto_param {
author	Volodymyr Fialko <vfialko@marvell.com>
	Wed, 23 Feb 2022 10:40:45 +0000 (11:40 +0100)
committer	Akhil Goyal <gakhil@marvell.com>
	Wed, 23 Feb 2022 10:43:41 +0000 (11:43 +0100)
app/test/test_cryptodev.c		patch \| blob \| history
app/test/test_cryptodev_security_ipsec.c		patch \| blob \| history
app/test/test_cryptodev_security_ipsec.h		patch \| blob \| history