sizeof(src));
memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
sizeof(dst));
+
+ if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+ ipsec_xform.tunnel.ipv4.df = 0;
+
+ if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0)
+ ipsec_xform.tunnel.ipv4.df = 1;
+
} else {
memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
sizeof(v6_src));
memcpy(input_text, td[i].input_text.data,
td[i].input_text.len);
+ if (test_ipsec_pkt_update(input_text, flags))
+ return TEST_FAILED;
+
/* Generate crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
flags.fragment = true;
+ return test_ipsec_proto_all(&flags);
+
+}
+
+static int
+test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_0_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_1_INNER_0;
+
return test_ipsec_proto_all(&flags);
}
"Fragmented packet",
ut_setup_security, ut_teardown,
test_ipsec_proto_pkt_fragment),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 0 (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_0_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 1 (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_1_inner_0),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
ip->hdr_checksum = rte_ipv4_cksum(ip);
}
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+ flags->df == TEST_IPSEC_COPY_DF_INNER_1)
+ td->ipsec_xform.options.copy_df = 1;
}
}
{
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+ uint8_t td_output_text[4096];
int ret;
/* For tests with status as error for test success, skip verification */
return ret;
}
+ memcpy(td_output_text, td->output_text.data + skip, len);
- if (memcmp(output_text, td->output_text.data + skip, len)) {
+ if (test_ipsec_pkt_update(td_output_text, flags)) {
+ printf("Could not update expected vector");
+ return TEST_FAILED;
+ }
+
+ if (memcmp(output_text, td_output_text, len)) {
if (silent)
return TEST_FAILED;
printf("TestCase %s line %d: %s\n", __func__, __LINE__,
"output text not as expected\n");
- rte_hexdump(stdout, "expected", td->output_text.data + skip,
- len);
+ rte_hexdump(stdout, "expected", td_output_text, len);
rte_hexdump(stdout, "actual", output_text, len);
return TEST_FAILED;
}
} else {
if (td->ipsec_xform.tunnel.type ==
RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ uint16_t f_off;
+
if (is_valid_ipv4_pkt(iph4) == false) {
printf("Tunnel outer header is not IPv4\n");
return TEST_FAILED;
}
+
+ f_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+ flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+ if (!(f_off & RTE_IPV4_HDR_DF_FLAG)) {
+ printf("DF bit is not set\n");
+ return TEST_FAILED;
+ }
+ } else {
+ if ((f_off & RTE_IPV4_HDR_DF_FLAG)) {
+ printf("DF bit is set\n");
+ return TEST_FAILED;
+ }
+ }
} else {
iph6 = (const struct rte_ipv6_hdr *)output_text;
if (is_valid_ipv6_pkt(iph6) == false) {
return ret;
}
+
+int
+test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags)
+{
+ struct rte_ipv4_hdr *iph4;
+ bool cksum_dirty = false;
+ uint16_t frag_off;
+
+ iph4 = (struct rte_ipv4_hdr *)pkt;
+
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+ flags->df == TEST_IPSEC_SET_DF_0_INNER_1 ||
+ flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+ flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+
+ if (!is_ipv4(iph4)) {
+ printf("Invalid packet type");
+ return -1;
+ }
+
+ frag_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+ flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+ frag_off |= RTE_IPV4_HDR_DF_FLAG;
+ else
+ frag_off &= ~RTE_IPV4_HDR_DF_FLAG;
+
+ iph4->fragment_offset = rte_cpu_to_be_16(frag_off);
+ cksum_dirty = true;
+ }
+
+ if (cksum_dirty && is_ipv4(iph4)) {
+ iph4->hdr_checksum = 0;
+ iph4->hdr_checksum = rte_ipv4_cksum(iph4);
+ }
+
+ return 0;
+}
} xform;
};
+enum df_flags {
+ TEST_IPSEC_COPY_DF_INNER_0 = 1,
+ TEST_IPSEC_COPY_DF_INNER_1,
+ TEST_IPSEC_SET_DF_0_INNER_1,
+ TEST_IPSEC_SET_DF_1_INNER_0,
+};
+
struct ipsec_test_flags {
bool display_alg;
bool sa_expiry_pkts_soft;
bool transport;
bool fragment;
bool stats_success;
+ enum df_flags df;
};
struct crypto_param {
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir);
+int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
+
#endif
git.droids-corp.org / dpdk.git / commitdiff