From 9ec50a52534d32698ebe82bc85834b2cea5ff6e6 Mon Sep 17 00:00:00 2001 From: Tejasree Kondoj Date: Wed, 29 Sep 2021 08:55:14 +0530 Subject: [PATCH] test/crypto: add UDP encapsulation port verification Added UDP encapsulation ports verification test cases for IPsec inbound. Signed-off-by: Tejasree Kondoj Acked-by: Akhil Goyal --- app/test/test_cryptodev.c | 17 +++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 11 +++++++++++ app/test/test_cryptodev_security_ipsec.h | 1 + doc/guides/rel_notes/release_21_11.rst | 1 + 4 files changed, 30 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 665d19c0a4..5f0d023451 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9262,6 +9262,19 @@ test_ipsec_proto_tunnel_dst_addr_verify(const void *data __rte_unused) return test_ipsec_proto_all(&flags); } +static int +test_ipsec_proto_udp_ports_verify(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.udp_encap = true; + flags.udp_ports_verify = true; + + return test_ipsec_proto_all(&flags); +} + static int test_PDCP_PROTO_all(void) { @@ -14194,6 +14207,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "UDP encapsulation", ut_setup_security, ut_teardown, test_ipsec_proto_udp_encap), + TEST_CASE_NAMED_ST( + "UDP encapsulation ports verification test", + ut_setup_security, ut_teardown, + test_ipsec_proto_udp_ports_verify), TEST_CASE_NAMED_ST( "SA expiry packets soft", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index f040630655..764e77bbff 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -36,6 +36,14 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, return -ENOTSUP; } + if (ipsec_xform->options.udp_ports_verify == 1 && + sec_cap->ipsec.options.udp_ports_verify == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "UDP encapsulation ports " + "verification is not supported\n"); + return -ENOTSUP; + } + if (ipsec_xform->options.copy_dscp == 1 && sec_cap->ipsec.options.copy_dscp == 0) { if (!silent) @@ -216,6 +224,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], if (flags->udp_encap) td_inb[i].ipsec_xform.options.udp_encap = 1; + if (flags->udp_ports_verify) + td_inb[i].ipsec_xform.options.udp_ports_verify = 1; + td_inb[i].ipsec_xform.options.tunnel_hdr_verify = flags->tunnel_hdr_verify; diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index a65cb54eae..0416005520 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -55,6 +55,7 @@ struct ipsec_test_flags { bool iv_gen; uint32_t tunnel_hdr_verify; bool udp_encap; + bool udp_ports_verify; }; struct crypto_param { diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 309045ec8a..671cc485a4 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -137,6 +137,7 @@ New Features * Added tests to verify error reporting with ICV corruption. * Added tests to verify IV generation. * Added tests to verify UDP encapsulation. + * Added tests to verify UDP encapsulation ports. * Added tests to validate packets soft expiry. * Added tests to validate packets hard expiry. * Added tests to verify tunnel header verification in IPsec inbound. -- 2.20.1