From patchwork Fri Sep 29 07:16:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 132177 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 398984266D; Fri, 29 Sep 2023 09:16:52 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4CA43402BE; Fri, 29 Sep 2023 09:16:49 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 85657402B1 for ; Fri, 29 Sep 2023 09:16:47 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38T273bG031717; Fri, 29 Sep 2023 00:16:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=UDfJ76SlKJh5394R5cbYc19jLkuPx2mi9rMiqmuIb7o=; b=DA9fB5MXKWRvsP6JzA2ZJK25Lk8Im7pVXZjyQ1jqJfBBfh7lf6VJB3hMNEgL881OMpV3 8JWQJ8ZjdmJrgnXssTbHH7GR2f+8BO9jh05Q6msOA16L7dXZD4oorioOhc3/JML7FfFl I41GvhxrrNW1xzfeFI4itoaJt5UmhywqSmjGNkLCyS4PYLlBfi8JH8EAbL0iml1vBAiR XUHomt3KBLcaJB4Af9kRpQRvOBNOEdPpc7KMMOCJBfR0lR5rbtRZS7PSmksRwTum2EmX xPg8zZu0G+Ke/R/5lE77nBbw/fS0lni7H19ep4lLUxj6LeQCCuyeTMqh4DrtrSB+gD3A Ew== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3td7y6v6h8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 29 Sep 2023 00:16:46 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Fri, 29 Sep 2023 00:16:44 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Fri, 29 Sep 2023 00:16:44 -0700 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 07D025B6945; Fri, 29 Sep 2023 00:16:40 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob , Konstantin Ananyev CC: Vidya Sagar Velumuri , Hemant Agrawal , , , , , Ciara Power Subject: [PATCH v2 2/2] test/cryptodev: add Rx inject test Date: Fri, 29 Sep 2023 12:46:35 +0530 Message-ID: <20230929071636.796-2-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230929071636.796-1-anoobj@marvell.com> References: <20230811114510.576-1-anoobj@marvell.com> <20230929071636.796-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: o4ZkL3hBgUCFNEDRnhwsDlOnxH4IDcqR X-Proofpoint-GUID: o4ZkL3hBgUCFNEDRnhwsDlOnxH4IDcqR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-09-29_05,2023-09-28_03,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add test to verify Rx inject. The test case added would push a known vector to cryptodev which would be injected to ethdev Rx. The test case verifies that the packet is received from ethdev Rx and is processed successfully. It also verifies that the userdata matches with the expectation. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 341 +++++++++++++++++++---- app/test/test_cryptodev_security_ipsec.h | 1 + 2 files changed, 289 insertions(+), 53 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index f2112e181e..420f60553d 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17,6 +17,7 @@ #include #include +#include #include #include #include @@ -1426,6 +1427,93 @@ ut_setup_security(void) return dev_configure_and_start(0); } +static int +ut_setup_security_rx_inject(void) +{ + struct rte_mempool *mbuf_pool = rte_mempool_lookup("CRYPTO_MBUFPOOL"); + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_eth_conf port_conf = { + .rxmode = { + .offloads = RTE_ETH_RX_OFFLOAD_CHECKSUM | + RTE_ETH_RX_OFFLOAD_SECURITY, + }, + .txmode = { + .offloads = RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE, + }, + .lpbk_mode = 1, /* Enable loopback */ + }; + struct rte_cryptodev_info dev_info; + struct rte_eth_rxconf rx_conf = { + .rx_thresh = { + .pthresh = 8, + .hthresh = 8, + .wthresh = 8, + }, + .rx_free_thresh = 32, + }; + uint16_t nb_ports; + void *sec_ctx; + int ret; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY_RX_INJECT) || + !(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) { + RTE_LOG(INFO, USER1, "Feature requirements for IPsec Rx inject test case not met\n" + ); + return TEST_SKIPPED; + } + + sec_ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); + if (sec_ctx == NULL) + return TEST_SKIPPED; + + nb_ports = rte_eth_dev_count_avail(); + if (nb_ports == 0) + return TEST_SKIPPED; + + ret = rte_eth_dev_configure(0 /* port_id */, + 1 /* nb_rx_queue */, + 0 /* nb_tx_queue */, + &port_conf); + if (ret) { + printf("Could not configure ethdev port 0 [err=%d]\n", ret); + return TEST_SKIPPED; + } + + /* Rx queue setup */ + ret = rte_eth_rx_queue_setup(0 /* port_id */, + 0 /* rx_queue_id */, + 1024 /* nb_rx_desc */, + SOCKET_ID_ANY, + &rx_conf, + mbuf_pool); + if (ret) { + printf("Could not setup eth port 0 queue 0\n"); + return TEST_SKIPPED; + } + + ret = rte_security_rx_inject_configure(sec_ctx, 0, true); + if (ret) { + printf("Could not enable Rx inject offload"); + return TEST_SKIPPED; + } + + ret = rte_eth_dev_start(0); + if (ret) { + printf("Could not start ethdev"); + return TEST_SKIPPED; + } + + ret = rte_eth_promiscuous_enable(0); + if (ret) { + printf("Could not enable promiscuous mode"); + return TEST_SKIPPED; + } + + /* Configure and start cryptodev with no features disabled */ + return dev_configure_and_start(0); +} + void ut_teardown(void) { @@ -1478,6 +1566,33 @@ ut_teardown(void) rte_cryptodev_stop(ts_params->valid_devs[0]); } +static void +ut_teardown_rx_inject(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + void *sec_ctx; + int ret; + + if (rte_eth_dev_count_avail() != 0) { + ret = rte_eth_dev_reset(0); + if (ret) + printf("Could not reset eth port 0"); + + } + + ut_teardown(); + + sec_ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); + if (sec_ctx == NULL) + return; + + ret = rte_security_rx_inject_configure(sec_ctx, 0, false); + if (ret) { + printf("Could not disable Rx inject offload"); + return; + } +} + static int test_device_configure_invalid_dev_id(void) { @@ -9875,6 +9990,137 @@ ext_mbuf_create(struct rte_mempool *mbuf_pool, int pkt_len, return NULL; } +static int +test_ipsec_proto_crypto_op_enq(struct crypto_testsuite_params *ts_params, + struct crypto_unittest_params *ut_params, + struct rte_security_ipsec_xform *ipsec_xform, + const struct ipsec_test_data *td, + const struct ipsec_test_flags *flags, + int pkt_num) +{ + uint8_t dev_id = ts_params->valid_devs[0]; + enum rte_security_ipsec_sa_direction dir; + int ret; + + dir = ipsec_xform->direction; + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!ut_params->op) { + printf("Could not allocate crypto op"); + return TEST_FAILED; + } + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + + /* Copy IV in crypto operation when IV generation is disabled */ + if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + ipsec_xform->options.iv_gen_disable == 1) { + uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op, + uint8_t *, + IV_OFFSET); + int len; + + if (td->aead) + len = td->xform.aead.aead.iv.length; + else if (td->aes_gmac) + len = td->xform.chain.auth.auth.iv.length; + else + len = td->xform.chain.cipher.cipher.iv.length; + + memcpy(iv, td->iv.data, len); + } + + /* Process crypto operation */ + process_crypto_request(dev_id, ut_params->op); + + ret = test_ipsec_status_check(td, ut_params->op, flags, dir, pkt_num); + + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + return ret; +} + +static int +test_ipsec_proto_mbuf_enq(struct crypto_testsuite_params *ts_params, + struct crypto_unittest_params *ut_params, + void *ctx) +{ + struct rte_ether_hdr *hdr; + struct rte_mbuf *m; + uint64_t timeout; + void **sec_sess; + void *userdata; + int ret; + + RTE_SET_USED(ts_params); + + hdr = (void *)rte_pktmbuf_prepend(ut_params->ibuf, sizeof(struct rte_ether_hdr)); + hdr->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4); + + ut_params->ibuf->l2_len = sizeof(struct rte_ether_hdr); + + sec_sess = &ut_params->sec_session; + ret = rte_security_inb_pkt_rx_inject(ctx, &ut_params->ibuf, sec_sess, 1); + + if (ret != 1) + return TEST_FAILED; + + ut_params->ibuf = NULL; + + /* Add a timeout for 1 s */ + timeout = rte_get_tsc_cycles() + rte_get_tsc_hz(); + + do { + /* Get packet from port 0, queue 0 */ + ret = rte_eth_rx_burst(0, 0, &m, 1); + } while ((ret == 0) && (rte_get_tsc_cycles() > timeout)); + + if (ret == 0) { + printf("Could not receive packets from ethdev\n"); + return TEST_FAILED; + } + + if (m == NULL) { + printf("Received mbuf is NULL\n"); + return TEST_FAILED; + } + + ut_params->ibuf = m; + + if (!(m->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD)) { + printf("Received packet is not Rx security processed\n"); + return TEST_FAILED; + } + + if (m->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED) { + printf("Received packet has failed Rx security processing\n"); + return TEST_FAILED; + } + + /* + * 'ut_params' is set as userdata. Verify that the field is returned + * correctly. + */ + userdata = (void *)*rte_security_dynfield(m); + if (userdata != ut_params) { + printf("Userdata retrieved not matching expected\n"); + return TEST_FAILED; + } + + /* Trim L2 header */ + rte_pktmbuf_adj(m, sizeof(struct rte_ether_hdr)); + + return TEST_SUCCESS; +} + static int test_ipsec_proto_process(const struct ipsec_test_data td[], struct ipsec_test_data res_d[], @@ -10064,6 +10310,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], } } + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->rx_inject) + sess_conf.userdata = ut_params; + /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, ts_params->session_mpool); @@ -10086,8 +10335,10 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Copy test data before modification */ memcpy(input_text, td[i].input_text.data, td[i].input_text.len); - if (test_ipsec_pkt_update(input_text, flags)) - return TEST_FAILED; + if (test_ipsec_pkt_update(input_text, flags)) { + ret = TEST_FAILED; + goto mbuf_free; + } /* Setup source mbuf payload */ if (flags->use_ext_mbuf) { @@ -10099,50 +10350,18 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, input_text); } - /* Generate crypto op data structure */ - ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, - RTE_CRYPTO_OP_TYPE_SYMMETRIC); - if (!ut_params->op) { - printf("TestCase %s line %d: %s\n", - __func__, __LINE__, - "failed to allocate crypto op"); - ret = TEST_FAILED; - goto crypto_op_free; - } - - /* Attach session to operation */ - rte_security_attach_session(ut_params->op, - ut_params->sec_session); - - /* Set crypto operation mbufs */ - ut_params->op->sym->m_src = ut_params->ibuf; - ut_params->op->sym->m_dst = NULL; - - /* Copy IV in crypto operation when IV generation is disabled */ - if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && - ipsec_xform.options.iv_gen_disable == 1) { - uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op, - uint8_t *, - IV_OFFSET); - int len; - - if (td[i].aead) - len = td[i].xform.aead.aead.iv.length; - else if (td[i].aes_gmac) - len = td[i].xform.chain.auth.auth.iv.length; - else - len = td[i].xform.chain.cipher.cipher.iv.length; - - memcpy(iv, td[i].iv.data, len); - } - - /* Process crypto operation */ - process_crypto_request(dev_id, ut_params->op); + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->rx_inject) + ret = test_ipsec_proto_mbuf_enq(ts_params, ut_params, + ctx); + else + ret = test_ipsec_proto_crypto_op_enq(ts_params, + ut_params, + &ipsec_xform, + &td[i], flags, + i + 1); - ret = test_ipsec_status_check(&td[i], ut_params->op, flags, dir, - i + 1); if (ret != TEST_SUCCESS) - goto crypto_op_free; + goto mbuf_free; if (res_d != NULL) res_d_tmp = &res_d[i]; @@ -10150,24 +10369,18 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], ret = test_ipsec_post_process(ut_params->ibuf, &td[i], res_d_tmp, silent, flags); if (ret != TEST_SUCCESS) - goto crypto_op_free; + goto mbuf_free; ret = test_ipsec_stats_verify(ctx, ut_params->sec_session, flags, dir); if (ret != TEST_SUCCESS) - goto crypto_op_free; - - rte_crypto_op_free(ut_params->op); - ut_params->op = NULL; + goto mbuf_free; rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; } -crypto_op_free: - rte_crypto_op_free(ut_params->op); - ut_params->op = NULL; - +mbuf_free: if (flags->use_ext_mbuf) ext_mbuf_memzone_free(nb_segs); @@ -10256,6 +10469,24 @@ test_ipsec_proto_known_vec_fragmented(const void *test_data) return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); } +static int +test_ipsec_proto_known_vec_inb_rx_inject(const void *test_data) +{ + const struct ipsec_test_data *td = test_data; + struct ipsec_test_flags flags; + struct ipsec_test_data td_inb; + + memset(&flags, 0, sizeof(flags)); + flags.rx_inject = true; + + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) + test_ipsec_td_in_from_out(td, &td_inb); + else + memcpy(&td_inb, td, sizeof(td_inb)); + + return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags); +} + static int test_ipsec_proto_all(const struct ipsec_test_flags *flags) { @@ -16319,6 +16550,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Multi-segmented external mbuf mode", ut_setup_security, ut_teardown, test_ipsec_proto_sgl_ext_mbuf), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128) Rx inject", + ut_setup_security_rx_inject, ut_teardown_rx_inject, + test_ipsec_proto_known_vec_inb_rx_inject, &pkt_aes_128_gcm), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 8587fc4577..d7fc562751 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -112,6 +112,7 @@ struct ipsec_test_flags { uint32_t plaintext_len; int nb_segs_in_mbuf; bool inb_oop; + bool rx_inject; }; struct crypto_param {