From patchwork Thu Feb 17 17:23:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 107768 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0BEDAA0032; Thu, 17 Feb 2022 18:24:05 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A3AE84114B; Thu, 17 Feb 2022 18:24:01 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id BC38B41150 for ; Thu, 17 Feb 2022 18:23:59 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 21HGGOAu014330; Thu, 17 Feb 2022 09:23:55 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=ftP7vfNivl9yBKeqXfRJZWeXYFAv9NaSi8Uk4hIwnVw=; b=fOACUe9n456Tz0PhyNt1TUaeSgcwghXLcrrKwzulP4MCu6yCxLdtOigK/K6SAkCWPeRX BNlfA7UJr1ZlY/CY6wdlcEimc1hkozOb0WelOxY60etJfknKduvWj/hCyKFfhn0CvwJn nX24Vc8qt+X08KyLHlsulfbyNfOrFRSTJqZ/R61u/aHqhZugqSBvyxHuREWYY6OTfNRp bfgMr5IsvXI55iZnoaTAzerOQQg1DqYCJapLUOpowRluHpBhU0RN0ONrO6KFhhB40k+z JHIyYKU3bvKHSXRu8N0qsIrHF1teU2OB+bxYkuJyV9NPSUJENrSFaSoFJmmserVLhmNk NQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3e9sqrgb3m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 17 Feb 2022 09:23:55 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 17 Feb 2022 09:23:53 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 17 Feb 2022 09:23:53 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id 794D43F7074; Thu, 17 Feb 2022 09:23:49 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , , Akhil Goyal , Nithin Dabilpuram Subject: [PATCH v3 1/4] app/test: add unit cases for inline IPsec offload Date: Thu, 17 Feb 2022 22:53:38 +0530 Message-ID: <20220217172341.607360-2-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220217172341.607360-1-gakhil@marvell.com> References: <20220120164804.4163645-1-gakhil@marvell.com> <20220217172341.607360-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: SgOIuvdQjTvYmo_CW3Xsi8KbQbHVCZ5m X-Proofpoint-GUID: SgOIuvdQjTvYmo_CW3Xsi8KbQbHVCZ5m X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-02-17_06,2022-02-17_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org A new test suite is added in test app to test inline IPsec protocol offload. In this patch, a couple of predefined plain and cipher test vectors are used to verify the IPsec functionality without the need of external traffic generators. The sent packet is loopbacked onto the same interface which is received and matched with the expected output. The test suite can be updated further with other functional test cases. The testsuite can be run using: RTE> inline_ipsec_autotest Signed-off-by: Akhil Goyal Signed-off-by: Nithin Dabilpuram --- MAINTAINERS | 2 +- app/test/meson.build | 4 + app/test/test_security_inline_proto.c | 757 ++++++++++++++++++ app/test/test_security_inline_proto_vectors.h | 185 +++++ 4 files changed, 947 insertions(+), 1 deletion(-) create mode 100644 app/test/test_security_inline_proto.c create mode 100644 app/test/test_security_inline_proto_vectors.h diff --git a/MAINTAINERS b/MAINTAINERS index d5cd0a6c2f..52eee9b2b3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -439,7 +439,7 @@ M: Akhil Goyal T: git://dpdk.org/next/dpdk-next-crypto F: lib/security/ F: doc/guides/prog_guide/rte_security.rst -F: app/test/test_security.c +F: app/test/test_security* Compression API - EXPERIMENTAL M: Fan Zhang diff --git a/app/test/meson.build b/app/test/meson.build index 5fc1dd1b7b..5804b888c9 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -355,6 +355,10 @@ if not is_windows and dpdk_conf.has('RTE_LIB_TELEMETRY') test_sources += ['test_telemetry_json.c', 'test_telemetry_data.c'] fast_tests += [['telemetry_json_autotest', true], ['telemetry_data_autotest', true]] endif +if not is_windows + test_sources += ['test_security_inline_proto.c'] + fast_tests += [['inline_ipsec_autotest', false]] +endif if dpdk_conf.has('RTE_LIB_PIPELINE') # pipeline lib depends on port and table libs, so those must be present # if pipeline library is. diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c new file mode 100644 index 0000000000..e2b95de68e --- /dev/null +++ b/app/test/test_security_inline_proto.c @@ -0,0 +1,757 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "test_security_inline_proto_vectors.h" +#include "test.h" + +#define NB_ETHPORTS_USED (1) +#define NB_SOCKETS (2) +#define MEMPOOL_CACHE_SIZE 32 +#define MAX_PKT_BURST (32) +#define RTE_TEST_RX_DESC_DEFAULT (1024) +#define RTE_TEST_TX_DESC_DEFAULT (1024) +#define RTE_PORT_ALL (~(uint16_t)0x0) + +/* + * RX and TX Prefetch, Host, and Write-back threshold values should be + * carefully set for optimal performance. Consult the network + * controller's datasheet and supporting DPDK documentation for guidance + * on how these parameters should be set. + */ +#define RX_PTHRESH 8 /**< Default values of RX prefetch threshold reg. */ +#define RX_HTHRESH 8 /**< Default values of RX host threshold reg. */ +#define RX_WTHRESH 0 /**< Default values of RX write-back threshold reg. */ + +#define TX_PTHRESH 32 /**< Default values of TX prefetch threshold reg. */ +#define TX_HTHRESH 0 /**< Default values of TX host threshold reg. */ +#define TX_WTHRESH 0 /**< Default values of TX write-back threshold reg. */ + +#define MAX_TRAFFIC_BURST 2048 + +#define NB_MBUF 10240 + +#define APP_REASS_TIMEOUT 10 + +static struct rte_mempool *mbufpool[NB_SOCKETS]; +static struct rte_mempool *sess_pool[NB_SOCKETS]; +static struct rte_mempool *sess_priv_pool[NB_SOCKETS]; +/* ethernet addresses of ports */ +static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS]; + +static struct rte_eth_conf port_conf = { + .rxmode = { + .mq_mode = RTE_ETH_MQ_RX_NONE, + .split_hdr_size = 0, + .offloads = RTE_ETH_RX_OFFLOAD_CHECKSUM | + RTE_ETH_RX_OFFLOAD_SECURITY, + }, + .txmode = { + .mq_mode = RTE_ETH_MQ_TX_NONE, + .offloads = RTE_ETH_TX_OFFLOAD_SECURITY | + RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE, + }, + .lpbk_mode = 1, /* enable loopback */ +}; + +static struct rte_eth_rxconf rx_conf = { + .rx_thresh = { + .pthresh = RX_PTHRESH, + .hthresh = RX_HTHRESH, + .wthresh = RX_WTHRESH, + }, + .rx_free_thresh = 32, +}; + +static struct rte_eth_txconf tx_conf = { + .tx_thresh = { + .pthresh = TX_PTHRESH, + .hthresh = TX_HTHRESH, + .wthresh = TX_WTHRESH, + }, + .tx_free_thresh = 32, /* Use PMD default values */ + .tx_rs_thresh = 32, /* Use PMD default values */ +}; + +enum { + LCORE_INVALID = 0, + LCORE_AVAIL, + LCORE_USED, +}; + +struct lcore_cfg { + uint8_t status; + uint8_t socketid; + uint16_t nb_ports; + uint16_t port; +} __rte_cache_aligned; + +struct lcore_cfg lcore_cfg; + +static uint64_t link_mbps; + +static struct rte_flow *default_flow[RTE_MAX_ETHPORTS]; + +/* Create Inline IPsec session */ +static int +create_inline_ipsec_session(struct ipsec_session_data *sa, + uint16_t portid, struct rte_ipsec_session *ips, + enum rte_security_ipsec_sa_direction dir, + enum rte_security_ipsec_tunnel_type tun_type) +{ + int32_t ret = 0; + struct rte_security_ctx *sec_ctx; + uint32_t src_v4 = rte_cpu_to_be_32(RTE_IPV4(192, 168, 1, 2)); + uint32_t dst_v4 = rte_cpu_to_be_32(RTE_IPV4(192, 168, 1, 1)); + uint16_t src_v6[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000, + 0x0000, 0x001a}; + uint16_t dst_v6[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174, + 0xe82c, 0x4887}; + struct rte_security_session_conf sess_conf = { + .action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = sa->ipsec_xform, + .crypto_xform = &sa->xform.aead, + .userdata = NULL, + }; + sess_conf.ipsec.direction = dir; + + const struct rte_security_capability *sec_cap; + + sec_ctx = (struct rte_security_ctx *) + rte_eth_dev_get_sec_ctx(portid); + + if (sec_ctx == NULL) { + printf("Ethernet device doesn't support security features.\n"); + return TEST_SKIPPED; + } + + sess_conf.crypto_xform->aead.key.data = sa->key.data; + + /* Save SA as userdata for the security session. When + * the packet is received, this userdata will be + * retrieved using the metadata from the packet. + * + * The PMD is expected to set similar metadata for other + * operations, like rte_eth_event, which are tied to + * security session. In such cases, the userdata could + * be obtained to uniquely identify the security + * parameters denoted. + */ + + sess_conf.userdata = (void *) sa; + sess_conf.ipsec.tunnel.type = tun_type; + if (tun_type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + memcpy(&sess_conf.ipsec.tunnel.ipv4.src_ip, &src_v4, + sizeof(src_v4)); + memcpy(&sess_conf.ipsec.tunnel.ipv4.dst_ip, &dst_v4, + sizeof(dst_v4)); + } else { + memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &src_v6, + sizeof(src_v6)); + memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &dst_v6, + sizeof(dst_v6)); + } + ips->security.ses = rte_security_session_create(sec_ctx, + &sess_conf, sess_pool[lcore_cfg.socketid], + sess_priv_pool[lcore_cfg.socketid]); + if (ips->security.ses == NULL) { + printf("SEC Session init failed: err: %d\n", ret); + return TEST_FAILED; + } + + sec_cap = rte_security_capabilities_get(sec_ctx); + if (sec_cap == NULL) { + printf("No capabilities registered\n"); + return TEST_SKIPPED; + } + + /* iterate until ESP tunnel*/ + while (sec_cap->action != + RTE_SECURITY_ACTION_TYPE_NONE) { + if (sec_cap->action == sess_conf.action_type && + sec_cap->protocol == + RTE_SECURITY_PROTOCOL_IPSEC && + sec_cap->ipsec.mode == + sess_conf.ipsec.mode && + sec_cap->ipsec.direction == dir) + break; + sec_cap++; + } + + if (sec_cap->action == RTE_SECURITY_ACTION_TYPE_NONE) { + printf("No suitable security capability found\n"); + return TEST_SKIPPED; + } + + ips->security.ol_flags = sec_cap->ol_flags; + ips->security.ctx = sec_ctx; + + return 0; +} + +/* Check the link status of all ports in up to 3s, and print them finally */ +static void +check_all_ports_link_status(uint16_t port_num, uint32_t port_mask) +{ +#define CHECK_INTERVAL 100 /* 100ms */ +#define MAX_CHECK_TIME 30 /* 3s (30 * 100ms) in total */ + uint16_t portid; + uint8_t count, all_ports_up, print_flag = 0; + struct rte_eth_link link; + int ret; + char link_status[RTE_ETH_LINK_MAX_STR_LEN]; + + printf("Checking link statuses...\n"); + fflush(stdout); + for (count = 0; count <= MAX_CHECK_TIME; count++) { + all_ports_up = 1; + for (portid = 0; portid < port_num; portid++) { + if ((port_mask & (1 << portid)) == 0) + continue; + memset(&link, 0, sizeof(link)); + ret = rte_eth_link_get_nowait(portid, &link); + if (ret < 0) { + all_ports_up = 0; + if (print_flag == 1) + printf("Port %u link get failed: %s\n", + portid, rte_strerror(-ret)); + continue; + } + + /* print link status if flag set */ + if (print_flag == 1) { + if (link.link_status && link_mbps == 0) + link_mbps = link.link_speed; + + rte_eth_link_to_str(link_status, + sizeof(link_status), &link); + printf("Port %d %s\n", portid, link_status); + continue; + } + /* clear all_ports_up flag if any link down */ + if (link.link_status == RTE_ETH_LINK_DOWN) { + all_ports_up = 0; + break; + } + } + /* after finally printing all link status, get out */ + if (print_flag == 1) + break; + + if (all_ports_up == 0) { + fflush(stdout); + rte_delay_ms(CHECK_INTERVAL); + } + + /* set the print_flag if all ports up or timeout */ + if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) + print_flag = 1; + } +} + +static void +print_ethaddr(const char *name, const struct rte_ether_addr *eth_addr) +{ + char buf[RTE_ETHER_ADDR_FMT_SIZE]; + rte_ether_format_addr(buf, RTE_ETHER_ADDR_FMT_SIZE, eth_addr); + printf("%s%s", name, buf); +} + +static void +copy_buf_to_pkt_segs(void *buf, unsigned int len, + struct rte_mbuf *pkt, unsigned int offset) +{ + struct rte_mbuf *seg; + void *seg_buf; + unsigned int copy_len; + + seg = pkt; + while (offset >= seg->data_len) { + offset -= seg->data_len; + seg = seg->next; + } + copy_len = seg->data_len - offset; + seg_buf = rte_pktmbuf_mtod_offset(seg, char *, offset); + while (len > copy_len) { + rte_memcpy(seg_buf, buf, (size_t) copy_len); + len -= copy_len; + buf = ((char *) buf + copy_len); + seg = seg->next; + seg_buf = rte_pktmbuf_mtod(seg, void *); + } + rte_memcpy(seg_buf, buf, (size_t) len); +} + +static inline void +copy_buf_to_pkt(void *buf, unsigned int len, + struct rte_mbuf *pkt, unsigned int offset) +{ + if (offset + len <= pkt->data_len) { + rte_memcpy(rte_pktmbuf_mtod_offset(pkt, char *, offset), buf, + (size_t) len); + return; + } + copy_buf_to_pkt_segs(buf, len, pkt, offset); +} + +static inline int +init_traffic(struct rte_mempool *mp, + struct rte_mbuf **pkts_burst, + struct ipsec_test_packet *vectors[], + uint32_t nb_pkts) +{ + struct rte_mbuf *pkt; + uint32_t i; + + for (i = 0; i < nb_pkts; i++) { + pkt = rte_pktmbuf_alloc(mp); + if (pkt == NULL) + return TEST_FAILED; + + pkt->data_len = vectors[i]->len; + pkt->pkt_len = vectors[i]->len; + copy_buf_to_pkt(vectors[i]->data, vectors[i]->len, + pkt, vectors[i]->l2_offset); + + pkts_burst[i] = pkt; + } + return i; +} + +static int +init_lcore(void) +{ + unsigned int lcore_id; + + for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) { + lcore_cfg.socketid = + rte_lcore_to_socket_id(lcore_id); + if (rte_lcore_is_enabled(lcore_id) == 0) { + lcore_cfg.status = LCORE_INVALID; + continue; + } else { + lcore_cfg.status = LCORE_AVAIL; + break; + } + } + return 0; +} + +static int +init_mempools(unsigned int nb_mbuf) +{ + struct rte_security_ctx *sec_ctx; + int socketid; + unsigned int lcore_id; + uint16_t nb_sess = 512; + uint32_t sess_sz; + char s[64]; + + for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) { + if (rte_lcore_is_enabled(lcore_id) == 0) + continue; + + socketid = rte_lcore_to_socket_id(lcore_id); + if (socketid >= NB_SOCKETS) + printf("Socket %d of lcore %u is out of range %d\n", + socketid, lcore_id, NB_SOCKETS); + + if (mbufpool[socketid] == NULL) { + snprintf(s, sizeof(s), "mbuf_pool_%d", socketid); + mbufpool[socketid] = rte_pktmbuf_pool_create(s, nb_mbuf, + MEMPOOL_CACHE_SIZE, 0, + RTE_MBUF_DEFAULT_BUF_SIZE, socketid); + if (mbufpool[socketid] == NULL) + printf("Cannot init mbuf pool on socket %d\n", + socketid); + printf("Allocated mbuf pool on socket %d\n", socketid); + } + + sec_ctx = rte_eth_dev_get_sec_ctx(lcore_cfg.port); + if (sec_ctx == NULL) + continue; + + sess_sz = rte_security_session_get_size(sec_ctx); + if (sess_pool[socketid] == NULL) { + snprintf(s, sizeof(s), "sess_pool_%d", socketid); + sess_pool[socketid] = + rte_mempool_create(s, nb_sess, + sess_sz, + MEMPOOL_CACHE_SIZE, 0, + NULL, NULL, NULL, NULL, + socketid, 0); + if (sess_pool[socketid] == NULL) { + printf("Cannot init sess pool on socket %d\n", + socketid); + return TEST_FAILED; + } + printf("Allocated sess pool on socket %d\n", socketid); + } + if (sess_priv_pool[socketid] == NULL) { + snprintf(s, sizeof(s), "sess_priv_pool_%d", socketid); + sess_priv_pool[socketid] = + rte_mempool_create(s, nb_sess, + sess_sz, + MEMPOOL_CACHE_SIZE, 0, + NULL, NULL, NULL, NULL, + socketid, 0); + if (sess_priv_pool[socketid] == NULL) { + printf("Cannot init sess_priv pool on socket %d\n", + socketid); + return TEST_FAILED; + } + printf("Allocated sess_priv pool on socket %d\n", + socketid); + } + } + return 0; +} + +static void +create_default_flow(uint16_t port_id) +{ + struct rte_flow_action action[2]; + struct rte_flow_item pattern[2]; + struct rte_flow_attr attr = {0}; + struct rte_flow_error err; + struct rte_flow *flow; + int ret; + + /* Add the default rte_flow to enable SECURITY for all ESP packets */ + + pattern[0].type = RTE_FLOW_ITEM_TYPE_ESP; + pattern[0].spec = NULL; + pattern[0].mask = NULL; + pattern[0].last = NULL; + pattern[1].type = RTE_FLOW_ITEM_TYPE_END; + + action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; + action[0].conf = NULL; + action[1].type = RTE_FLOW_ACTION_TYPE_END; + action[1].conf = NULL; + + attr.ingress = 1; + + ret = rte_flow_validate(port_id, &attr, pattern, action, &err); + if (ret) + return; + + flow = rte_flow_create(port_id, &attr, pattern, action, &err); + if (flow == NULL) { + printf("\nDefault flow rule create failed\n"); + return; + } + + default_flow[port_id] = flow; +} + +static void +destroy_default_flow(uint16_t port_id) +{ + struct rte_flow_error err; + int ret; + if (!default_flow[port_id]) + return; + ret = rte_flow_destroy(port_id, default_flow[port_id], &err); + if (ret) { + printf("\nDefault flow rule destroy failed\n"); + return; + } + default_flow[port_id] = NULL; +} + +struct rte_mbuf **tx_pkts_burst; +struct rte_mbuf **rx_pkts_burst; + +static int +test_ipsec(struct reassembly_vector *vector, + enum rte_security_ipsec_sa_direction dir, + enum rte_security_ipsec_tunnel_type tun_type) +{ + struct rte_eth_ip_reassembly_params reass_capa = {0}; + unsigned int i, portid, nb_rx = 0, nb_tx = 1; + struct rte_mbuf *pkts_burst[MAX_PKT_BURST]; + struct rte_ipsec_session ips = {0}; + + portid = lcore_cfg.port; + rte_eth_ip_reassembly_capability_get(portid, &reass_capa); + if (reass_capa.max_frags < nb_tx) + return TEST_SKIPPED; + + init_traffic(mbufpool[lcore_cfg.socketid], + tx_pkts_burst, vector->frags, nb_tx); + + /* Create Inline IPsec session. */ + if (create_inline_ipsec_session(vector->sa_data, portid, &ips, dir, + tun_type)) + return TEST_FAILED; + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + create_default_flow(portid); + else { + for (i = 0; i < nb_tx; i++) { + if (ips.security.ol_flags & + RTE_SECURITY_TX_OLOAD_NEED_MDATA) + rte_security_set_pkt_metadata(ips.security.ctx, + ips.security.ses, tx_pkts_burst[i], NULL); + tx_pkts_burst[i]->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD; + tx_pkts_burst[i]->l2_len = 14; + } + } + + nb_tx = rte_eth_tx_burst(portid, 0, tx_pkts_burst, nb_tx); + + rte_pause(); + + int j = 0; + do { + nb_rx = rte_eth_rx_burst(portid, 0, pkts_burst, MAX_PKT_BURST); + rte_delay_ms(100); + j++; + } while (nb_rx == 0 && j < 5); + + destroy_default_flow(portid); + + /* Destroy session so that other cases can create the session again */ + rte_security_session_destroy(ips.security.ctx, ips.security.ses); + + /* Compare results with known vectors. */ + if (nb_rx == 1) { + if (memcmp(rte_pktmbuf_mtod(pkts_burst[0], char *), + vector->full_pkt->data, + (size_t) vector->full_pkt->len)) { + printf("\n====Inline IPsec case failed: Data Mismatch"); + rte_hexdump(stdout, "received", + rte_pktmbuf_mtod(pkts_burst[0], char *), + vector->full_pkt->len); + rte_hexdump(stdout, "reference", + vector->full_pkt->data, + vector->full_pkt->len); + return TEST_FAILED; + } + return TEST_SUCCESS; + } else + return TEST_FAILED; +} + +static int +ut_setup_inline_ipsec(void) +{ + uint16_t portid = lcore_cfg.port; + int ret; + + /* Start device */ + ret = rte_eth_dev_start(portid); + if (ret < 0) { + printf("rte_eth_dev_start: err=%d, port=%d\n", + ret, portid); + return ret; + } + /* always enable promiscuous */ + ret = rte_eth_promiscuous_enable(portid); + if (ret != 0) { + printf("rte_eth_promiscuous_enable: err=%s, port=%d\n", + rte_strerror(-ret), portid); + return ret; + } + lcore_cfg.port = portid; + check_all_ports_link_status(1, RTE_PORT_ALL); + + return 0; +} + +static void +ut_teardown_inline_ipsec(void) +{ + uint16_t portid = lcore_cfg.port; + int socketid = lcore_cfg.socketid; + int ret; + + /* port tear down */ + RTE_ETH_FOREACH_DEV(portid) { + if (socketid != rte_eth_dev_socket_id(portid)) + continue; + + ret = rte_eth_dev_stop(portid); + if (ret != 0) + printf("rte_eth_dev_stop: err=%s, port=%u\n", + rte_strerror(-ret), portid); + } +} + +static int +testsuite_setup(void) +{ + uint16_t nb_rxd; + uint16_t nb_txd; + uint16_t nb_ports; + int socketid, ret; + uint16_t nb_rx_queue = 1, nb_tx_queue = 1; + uint16_t portid = lcore_cfg.port; + struct rte_eth_ip_reassembly_params reass_capa = {0}; + + printf("Start inline IPsec test.\n"); + + nb_ports = rte_eth_dev_count_avail(); + if (nb_ports < NB_ETHPORTS_USED) { + printf("At least %u port(s) used for test\n", + NB_ETHPORTS_USED); + return -1; + } + + init_lcore(); + + init_mempools(NB_MBUF); + + socketid = lcore_cfg.socketid; + if (tx_pkts_burst == NULL) { + tx_pkts_burst = (struct rte_mbuf **) + rte_calloc_socket("tx_buff", + MAX_TRAFFIC_BURST * nb_ports, + sizeof(void *), + RTE_CACHE_LINE_SIZE, socketid); + if (!tx_pkts_burst) + return -1; + + rx_pkts_burst = (struct rte_mbuf **) + rte_calloc_socket("rx_buff", + MAX_TRAFFIC_BURST * nb_ports, + sizeof(void *), + RTE_CACHE_LINE_SIZE, socketid); + if (!rx_pkts_burst) + return -1; + } + + printf("Generate %d packets @socket %d\n", + MAX_TRAFFIC_BURST * nb_ports, socketid); + + nb_rxd = RTE_TEST_RX_DESC_DEFAULT; + nb_txd = RTE_TEST_TX_DESC_DEFAULT; + + /* port configure */ + ret = rte_eth_dev_configure(portid, nb_rx_queue, + nb_tx_queue, &port_conf); + if (ret < 0) { + printf("Cannot configure device: err=%d, port=%d\n", + ret, portid); + return ret; + } + ret = rte_eth_macaddr_get(portid, &ports_eth_addr[portid]); + if (ret < 0) { + printf("Cannot get mac address: err=%d, port=%d\n", + ret, portid); + return ret; + } + printf("Port %u ", portid); + print_ethaddr("Address:", &ports_eth_addr[portid]); + printf("\n"); + + /* tx queue setup */ + ret = rte_eth_tx_queue_setup(portid, 0, nb_txd, + socketid, &tx_conf); + if (ret < 0) { + printf("rte_eth_tx_queue_setup: err=%d, port=%d\n", + ret, portid); + return ret; + } + /* rx queue steup */ + ret = rte_eth_rx_queue_setup(portid, 0, nb_rxd, + socketid, &rx_conf, + mbufpool[socketid]); + if (ret < 0) { + printf("rte_eth_rx_queue_setup: err=%d, port=%d\n", + ret, portid); + return ret; + } + + rte_eth_ip_reassembly_capability_get(portid, &reass_capa); + + if (reass_capa.timeout_ms > APP_REASS_TIMEOUT) { + reass_capa.timeout_ms = APP_REASS_TIMEOUT; + rte_eth_ip_reassembly_conf_set(portid, &reass_capa); + } + + return 0; +} + +static void +testsuite_teardown(void) +{ + int ret; + uint16_t portid = lcore_cfg.port; + uint16_t socketid = lcore_cfg.socketid; + + /* port tear down */ + RTE_ETH_FOREACH_DEV(portid) { + if (socketid != rte_eth_dev_socket_id(portid)) + continue; + + ret = rte_eth_dev_reset(portid); + if (ret != 0) + printf("rte_eth_dev_reset: err=%s, port=%u\n", + rte_strerror(-ret), portid); + } +} +static int +test_ipsec_ipv4_encap_nofrag(void) +{ + struct reassembly_vector ipv4_nofrag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_gcm128_cipher, + .frags[0] = &pkt_ipv4_plain, + .nb_frags = 1, + }; + return test_ipsec(&ipv4_nofrag_case, + RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_ipsec_ipv4_decap_nofrag(void) +{ + struct reassembly_vector ipv4_nofrag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_plain, + .frags[0] = &pkt_ipv4_gcm128_cipher, + .nb_frags = 1, + }; + return test_ipsec(&ipv4_nofrag_case, + RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static struct unit_test_suite inline_ipsec_testsuite = { + .suite_name = "Inline IPsec Ethernet Device Unit Test Suite", + .setup = testsuite_setup, + .teardown = testsuite_teardown, + .unit_test_cases = { + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_ipsec_ipv4_encap_nofrag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_ipsec_ipv4_decap_nofrag), + + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + +static int +test_inline_ipsec(void) +{ + return unit_test_suite_runner(&inline_ipsec_testsuite); +} + +REGISTER_TEST_COMMAND(inline_ipsec_autotest, test_inline_ipsec); diff --git a/app/test/test_security_inline_proto_vectors.h b/app/test/test_security_inline_proto_vectors.h new file mode 100644 index 0000000000..94d2f0145c --- /dev/null +++ b/app/test/test_security_inline_proto_vectors.h @@ -0,0 +1,185 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ +#ifndef _TEST_INLINE_IPSEC_REASSEMBLY_VECTORS_H_ +#define _TEST_INLINE_IPSEC_REASSEMBLY_VECTORS_H_ + +#define MAX_FRAG_LEN 1500 +#define MAX_FRAGS 6 +#define MAX_PKT_LEN (MAX_FRAG_LEN * MAX_FRAGS) +struct ipsec_session_data { + struct { + uint8_t data[32]; + } key; + struct { + uint8_t data[4]; + unsigned int len; + } salt; + struct { + uint8_t data[16]; + } iv; + struct rte_security_ipsec_xform ipsec_xform; + bool aead; + union { + struct { + struct rte_crypto_sym_xform cipher; + struct rte_crypto_sym_xform auth; + } chain; + struct rte_crypto_sym_xform aead; + } xform; +}; + +struct ipsec_test_packet { + uint32_t len; + uint32_t l2_offset; + uint32_t l3_offset; + uint32_t l4_offset; + uint8_t data[MAX_PKT_LEN]; +}; + +struct reassembly_vector { + struct ipsec_session_data *sa_data; + struct ipsec_test_packet *full_pkt; + struct ipsec_test_packet *frags[MAX_FRAGS]; + uint16_t nb_frags; +}; + +struct ipsec_test_packet pkt_ipv4_plain = { + .len = 76, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x3e, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x11, 0x4d, 0xcc, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* UDP */ + 0x0a, 0x98, 0x00, 0x35, 0x00, 0x2a, 0x23, 0x43, + 0xb2, 0xd0, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x03, 0x73, 0x69, 0x70, + 0x09, 0x63, 0x79, 0x62, 0x65, 0x72, 0x63, 0x69, + 0x74, 0x79, 0x02, 0x64, 0x6b, 0x00, 0x00, 0x01, + 0x00, 0x01, + }, +}; + +struct ipsec_test_packet pkt_ipv4_gcm128_cipher = { + .len = 130, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP - outer header */ + 0x45, 0x00, 0x00, 0x74, 0x00, 0x01, 0x00, 0x00, + 0x40, 0x32, 0xf7, 0x03, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* ESP */ + 0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + + /* Data */ + 0xde, 0xb2, 0x2c, 0xd9, 0xb0, 0x7c, 0x72, 0xc1, + 0x6e, 0x3a, 0x65, 0xbe, 0xeb, 0x8d, 0xf3, 0x04, + 0xa5, 0xa5, 0x89, 0x7d, 0x33, 0xae, 0x53, 0x0f, + 0x1b, 0xa7, 0x6d, 0x5d, 0x11, 0x4d, 0x2a, 0x5c, + 0x3d, 0xe8, 0x18, 0x27, 0xc1, 0x0e, 0x9a, 0x4f, + 0x51, 0x33, 0x0d, 0x0e, 0xec, 0x41, 0x66, 0x42, + 0xcf, 0xbb, 0x85, 0xa5, 0xb4, 0x7e, 0x48, 0xa4, + 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd4, + 0x29, 0xc7, 0x37, 0x57, 0x9f, 0xf1, 0x9e, 0x58, + 0xcf, 0xfc, 0x60, 0x7a, 0x3b, 0xce, 0x89, 0x94, + }, +}; + +static inline void +test_vector_payload_populate(struct ipsec_test_packet *pkt, + bool first_frag) +{ + uint32_t i = pkt->l4_offset; + + /** + * For non-fragmented packets and first frag, skip 8 bytes from + * l4_offset for UDP header. + */ + if (first_frag) + i += 8; + + for (; i < pkt->len; i++) + pkt->data[i] = 0x58; +} + +struct ipsec_session_data conf_aes_128_gcm = { + .key = { + .data = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }, + }, + + .salt = { + .data = { + 0xca, 0xfe, 0xba, 0xbe + }, + .len = 4, + }, + + .iv = { + .data = { + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 + }, + }, + + .ipsec_xform = { + .spi = 0xa5f8, + .salt = 0xbebafeca, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, + .options.ip_reassembly_en = 1, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .replay_win_sz = 0, + }, + + .aead = true, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 12, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 12, + }, + }, + }, +}; +#endif From patchwork Thu Feb 17 17:23:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 107769 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 326E4A0032; Thu, 17 Feb 2022 18:24:11 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9E30741152; Thu, 17 Feb 2022 18:24:05 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 3FD1641142 for ; Thu, 17 Feb 2022 18:24:04 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 21HGH4ov014913; Thu, 17 Feb 2022 09:23:59 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=56/M3p0K8QRmrYKH+4Dgp+XuTr0GulICP9ekGxBbq7Q=; b=Pp2z3sRcmaoPAN1d2dNrzRLp9A7/2/ZD9mw2B54QcbuTGT9pcL/S7cNk27rnYY+2mM3y ZzCrsv8Ckq1JE8Nr8nTEZ45584PZKfpLyL4cnSqzXas0bU9vdEma7CfxZ7mqttlv605x gOYG0gCQosfTf5GxNSiKhyboZD93JpAha+EtmRNi6CXezYlEsT+KDfzK2n+21d68UEKs W7+ReslqCfsPLFw2k4Rv9nN5fcv4rHqNFXawHGicx3oBYM1SvSmx201Hb2ot1+fubLHE W8KgrLb2bR79x64RmUM7Ch4pPCfKpXiOXszFfZVxOGzNjypggSdWl71GlurThNvJyZFu 7A== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3e9sqrgb3x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 17 Feb 2022 09:23:59 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 17 Feb 2022 09:23:58 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 17 Feb 2022 09:23:57 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id EFC783F706F; Thu, 17 Feb 2022 09:23:53 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , , Akhil Goyal , Nithin Dabilpuram Subject: [PATCH v3 2/4] app/test: add IP reassembly case with no frags Date: Thu, 17 Feb 2022 22:53:39 +0530 Message-ID: <20220217172341.607360-3-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220217172341.607360-1-gakhil@marvell.com> References: <20220120164804.4163645-1-gakhil@marvell.com> <20220217172341.607360-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 5MJSvuy-De27nAcBdi4xI-BykajPvhRa X-Proofpoint-GUID: 5MJSvuy-De27nAcBdi4xI-BykajPvhRa X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-02-17_06,2022-02-17_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org test_inline_ipsec testsuite is extended to test IP reassembly of inbound fragmented packets. The fragmented packet is sent on an interface which encrypts the packet and then it is loopbacked on the same interface which decrypts the packet and then attempts IP reassembly of the decrypted packets. In this patch, a case is added for packets without fragmentation to verify the complete path. Other cases are added in subsequent patches. Signed-off-by: Akhil Goyal Signed-off-by: Nithin Dabilpuram --- app/test/test_security_inline_proto.c | 326 ++++++++++++++++++ app/test/test_security_inline_proto_vectors.h | 1 + 2 files changed, 327 insertions(+) diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index e2b95de68e..3fbf8105e1 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -25,6 +25,8 @@ #define RTE_TEST_TX_DESC_DEFAULT (1024) #define RTE_PORT_ALL (~(uint16_t)0x0) +#define ENCAP_DECAP_BURST_SZ 33 + /* * RX and TX Prefetch, Host, and Write-back threshold values should be * carefully set for optimal performance. Consult the network @@ -102,6 +104,8 @@ struct lcore_cfg lcore_cfg; static uint64_t link_mbps; +static int ip_reassembly_dynfield_offset = -1; + static struct rte_flow *default_flow[RTE_MAX_ETHPORTS]; /* Create Inline IPsec session */ @@ -476,6 +480,294 @@ destroy_default_flow(uint16_t port_id) struct rte_mbuf **tx_pkts_burst; struct rte_mbuf **rx_pkts_burst; +static int +compare_pkt_data(struct rte_mbuf *m, uint8_t *ref, unsigned int tot_len) +{ + unsigned int len; + unsigned int nb_segs = m->nb_segs; + unsigned int matched = 0; + struct rte_mbuf *save = m; + + while (m && nb_segs != 0) { + len = tot_len; + if (len > m->data_len) + len = m->data_len; + if (len != 0) { + if (memcmp(rte_pktmbuf_mtod(m, char *), + ref + matched, len)) { + printf("\n====Reassembly case failed: Data Mismatch"); + rte_hexdump(stdout, "Reassembled", + rte_pktmbuf_mtod(m, char *), + len); + rte_hexdump(stdout, "reference", + ref + matched, + len); + return TEST_FAILED; + } + } + tot_len -= len; + matched += len; + m = m->next; + nb_segs--; + } + + if (tot_len) { + printf("\n====Reassembly case failed: Data Missing %u", + tot_len); + printf("\n====nb_segs %u, tot_len %u", nb_segs, tot_len); + rte_pktmbuf_dump(stderr, save, -1); + return TEST_FAILED; + } + return TEST_SUCCESS; +} + +static inline bool +is_ip_reassembly_incomplete(struct rte_mbuf *mbuf) +{ + static uint64_t ip_reassembly_dynflag; + int ip_reassembly_dynflag_offset; + + if (ip_reassembly_dynflag == 0) { + ip_reassembly_dynflag_offset = rte_mbuf_dynflag_lookup( + RTE_MBUF_DYNFLAG_IP_REASSEMBLY_INCOMPLETE_NAME, NULL); + if (ip_reassembly_dynflag_offset < 0) + return false; + ip_reassembly_dynflag = RTE_BIT64(ip_reassembly_dynflag_offset); + } + + return (mbuf->ol_flags & ip_reassembly_dynflag) != 0; +} + +static void +free_mbuf(struct rte_mbuf *mbuf) +{ + rte_eth_ip_reassembly_dynfield_t dynfield; + + if (!mbuf) + return; + + if (!is_ip_reassembly_incomplete(mbuf)) { + rte_pktmbuf_free(mbuf); + } else { + if (ip_reassembly_dynfield_offset < 0) + return; + + while (mbuf) { + dynfield = *RTE_MBUF_DYNFIELD(mbuf, + ip_reassembly_dynfield_offset, + rte_eth_ip_reassembly_dynfield_t *); + rte_pktmbuf_free(mbuf); + mbuf = dynfield.next_frag; + } + } +} + + +static int +get_and_verify_incomplete_frags(struct rte_mbuf *mbuf, + struct reassembly_vector *vector) +{ + rte_eth_ip_reassembly_dynfield_t *dynfield[MAX_PKT_BURST]; + int j = 0, ret; + /** + * IP reassembly offload is incomplete, and fragments are listed in + * dynfield which can be reassembled in SW. + */ + printf("\nHW IP Reassembly is not complete; attempt SW IP Reassembly," + "\nMatching with original frags."); + + if (ip_reassembly_dynfield_offset < 0) + return -1; + + printf("\ncomparing frag: %d", j); + ret = compare_pkt_data(mbuf, vector->frags[j]->data, + vector->frags[j]->len); + if (ret) + return ret; + j++; + dynfield[j] = RTE_MBUF_DYNFIELD(mbuf, ip_reassembly_dynfield_offset, + rte_eth_ip_reassembly_dynfield_t *); + printf("\ncomparing frag: %d", j); + ret = compare_pkt_data(dynfield[j]->next_frag, vector->frags[j]->data, + vector->frags[j]->len); + if (ret) + return ret; + + while ((dynfield[j]->nb_frags > 1) && + is_ip_reassembly_incomplete(dynfield[j]->next_frag)) { + j++; + dynfield[j] = RTE_MBUF_DYNFIELD(dynfield[j-1]->next_frag, + ip_reassembly_dynfield_offset, + rte_eth_ip_reassembly_dynfield_t *); + printf("\ncomparing frag: %d", j); + ret = compare_pkt_data(dynfield[j]->next_frag, + vector->frags[j]->data, vector->frags[j]->len); + if (ret) + return ret; + } + return ret; +} + +static int +test_ipsec_encap_decap(struct reassembly_vector *vector, + enum rte_security_ipsec_tunnel_type tun_type) +{ + struct rte_ipsec_session out_ips[ENCAP_DECAP_BURST_SZ] = {0}; + struct rte_ipsec_session in_ips[ENCAP_DECAP_BURST_SZ] = {0}; + struct rte_eth_ip_reassembly_params reass_capa = {0}; + unsigned int nb_tx, burst_sz, nb_sent = 0; + unsigned int i, portid, nb_rx = 0, j; + struct ipsec_session_data sa_data; + int ret = 0; + + burst_sz = vector->burst ? ENCAP_DECAP_BURST_SZ : 1; + + portid = lcore_cfg.port; + rte_eth_ip_reassembly_capability_get(portid, &reass_capa); + if (reass_capa.max_frags < vector->nb_frags) + return TEST_SKIPPED; + + nb_tx = vector->nb_frags * burst_sz; + memset(tx_pkts_burst, 0, sizeof(tx_pkts_burst[0]) * nb_tx); + memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * nb_tx); + + for (i = 0; i < nb_tx; i += vector->nb_frags) { + ret = init_traffic(mbufpool[lcore_cfg.socketid], + &tx_pkts_burst[i], vector->frags, + vector->nb_frags); + if (ret != vector->nb_frags) { + ret = -1; + goto out; + } + } + + for (i = 0; i < burst_sz; i++) { + memcpy(&sa_data, vector->sa_data, sizeof(sa_data)); + /* Update SPI for every new SA */ + sa_data.ipsec_xform.spi += i; + + /* Create Inline IPsec outbound session. */ + ret = create_inline_ipsec_session(&sa_data, portid, &out_ips[i], + RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + tun_type); + if (ret) + goto out; + } + + j = 0; + for (i = 0; i < nb_tx; i++) { + if (out_ips[j].security.ol_flags & + RTE_SECURITY_TX_OLOAD_NEED_MDATA) + rte_security_set_pkt_metadata(out_ips[j].security.ctx, + out_ips[j].security.ses, tx_pkts_burst[i], NULL); + tx_pkts_burst[i]->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD; + tx_pkts_burst[i]->l2_len = RTE_ETHER_HDR_LEN; + + /* Move to next SA after nb_frags */ + if ((i + 1) % vector->nb_frags == 0) + j++; + } + + for (i = 0; i < burst_sz; i++) { + memcpy(&sa_data, vector->sa_data, sizeof(sa_data)); + /* Update SPI for every new SA */ + sa_data.ipsec_xform.spi += i; + + /* Create Inline IPsec inbound session. */ + ret = create_inline_ipsec_session(&sa_data, portid, &in_ips[i], + RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + tun_type); + if (ret) + goto out; + } + + /* Retrieve reassembly dynfield offset if available */ + if (ip_reassembly_dynfield_offset < 0 && vector->nb_frags > 1) + ip_reassembly_dynfield_offset = rte_mbuf_dynfield_lookup( + RTE_MBUF_DYNFIELD_IP_REASSEMBLY_NAME, NULL); + + + create_default_flow(portid); + + nb_sent = rte_eth_tx_burst(portid, 0, tx_pkts_burst, nb_tx); + if (nb_sent != nb_tx) { + ret = -1; + printf("\nFailed to tx %u pkts", nb_tx); + goto out; + } + + rte_delay_ms(100); + + /* Retry few times before giving up */ + nb_rx = 0; + j = 0; + do { + nb_rx += rte_eth_rx_burst(portid, 0, &rx_pkts_burst[nb_rx], + nb_tx - nb_rx); + j++; + if (nb_rx >= nb_tx) + break; + rte_delay_ms(100); + } while (j < 5 || !nb_rx); + + /* Check for minimum number of Rx packets expected */ + if ((vector->nb_frags == 1 && nb_rx != nb_tx) || + (vector->nb_frags > 1 && nb_rx < burst_sz)) { + printf("\nreceived less Rx pkts(%u) pkts\n", nb_rx); + ret = TEST_FAILED; + goto out; + } + + for (i = 0; i < nb_rx; i++) { + if (vector->nb_frags > 1 && + is_ip_reassembly_incomplete(rx_pkts_burst[i])) { + ret = get_and_verify_incomplete_frags(rx_pkts_burst[i], + vector); + if (ret != TEST_SUCCESS) + break; + continue; + } + + if (rx_pkts_burst[i]->ol_flags & + RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED || + !(rx_pkts_burst[i]->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD)) { + printf("\nsecurity offload failed\n"); + ret = TEST_FAILED; + break; + } + + if (vector->full_pkt->len != rx_pkts_burst[i]->pkt_len) { + printf("\nreassembled/decrypted packet length mismatch\n"); + ret = TEST_FAILED; + break; + } + ret = compare_pkt_data(rx_pkts_burst[i], + vector->full_pkt->data, + vector->full_pkt->len); + if (ret != TEST_SUCCESS) + break; + } + +out: + destroy_default_flow(portid); + + /* Clear session data. */ + for (i = 0; i < burst_sz; i++) { + if (out_ips[i].security.ses) + rte_security_session_destroy(out_ips[i].security.ctx, + out_ips[i].security.ses); + if (in_ips[i].security.ses) + rte_security_session_destroy(in_ips[i].security.ctx, + in_ips[i].security.ses); + } + + for (i = nb_sent; i < nb_tx; i++) + free_mbuf(tx_pkts_burst[i]); + for (i = 0; i < nb_rx; i++) + free_mbuf(rx_pkts_burst[i]); + return ret; +} + static int test_ipsec(struct reassembly_vector *vector, enum rte_security_ipsec_sa_direction dir, @@ -732,6 +1024,34 @@ test_ipsec_ipv4_decap_nofrag(void) RTE_SECURITY_IPSEC_TUNNEL_IPV4); } +static int +test_reassembly_ipv4_nofrag(void) +{ + struct reassembly_vector ipv4_nofrag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_plain, + .frags[0] = &pkt_ipv4_plain, + .nb_frags = 1, + }; + return test_ipsec_encap_decap(&ipv4_nofrag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + + +static int +test_ipsec_ipv4_burst_encap_decap(void) +{ + struct reassembly_vector ipv4_nofrag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_plain, + .frags[0] = &pkt_ipv4_plain, + .nb_frags = 1, + .burst = true, + }; + return test_ipsec_encap_decap(&ipv4_nofrag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + static struct unit_test_suite inline_ipsec_testsuite = { .suite_name = "Inline IPsec Ethernet Device Unit Test Suite", .setup = testsuite_setup, @@ -743,6 +1063,12 @@ static struct unit_test_suite inline_ipsec_testsuite = { TEST_CASE_ST(ut_setup_inline_ipsec, ut_teardown_inline_ipsec, test_ipsec_ipv4_decap_nofrag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv4_nofrag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_ipsec_ipv4_burst_encap_decap), TEST_CASES_END() /**< NULL terminate unit test array */ } diff --git a/app/test/test_security_inline_proto_vectors.h b/app/test/test_security_inline_proto_vectors.h index 94d2f0145c..2ee1b3fc41 100644 --- a/app/test/test_security_inline_proto_vectors.h +++ b/app/test/test_security_inline_proto_vectors.h @@ -42,6 +42,7 @@ struct reassembly_vector { struct ipsec_test_packet *full_pkt; struct ipsec_test_packet *frags[MAX_FRAGS]; uint16_t nb_frags; + bool burst; }; struct ipsec_test_packet pkt_ipv4_plain = { From patchwork Thu Feb 17 17:23:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 107770 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 282E7A0032; Thu, 17 Feb 2022 18:24:19 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E206B4113F; Thu, 17 Feb 2022 18:24:09 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id CFA9D4115F for ; Thu, 17 Feb 2022 18:24:07 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 21HFRp5i025799; Thu, 17 Feb 2022 09:24:04 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=7zdVw70cme4x7gJcTqgbpsFOkucqn1HSr6ujG9IsRrI=; b=VGAtPE37TBx8Co8dzKSAixl+iWvqbVJSGU8bCRFhaBlsHSzaJVYg2isRrTW74n0xz3/B SHiSe9FuywD/gHhAK4zmtEavT5llerTH5lfbLsXaAaGlfe6VYN4hVfyXrQPIcn0mkLGw c1M4NbGXDuw2wJjelGatt1l00+wzabyzjN+72nZU6KI/NswQcyNw0jfSd+qny4tuyODs 7n0yMaClY45mcZtgG+B4kVXCJ190QE+qKOtRmXgDSYIdqse7/f605aXNVAX4l6Tq/5Um QZpsFh1D11dYxo1Cm579PRPlGgVtW+kpbly3gs1yG1IKsSAI+1v3pePAGx/I9EFSwIw9 1Q== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3e9kktswbj-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 17 Feb 2022 09:24:04 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 17 Feb 2022 09:24:02 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 17 Feb 2022 09:24:02 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id 708743F7074; Thu, 17 Feb 2022 09:23:58 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , , Akhil Goyal Subject: [PATCH v3 3/4] app/test: add IP reassembly cases with multiple fragments Date: Thu, 17 Feb 2022 22:53:40 +0530 Message-ID: <20220217172341.607360-4-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220217172341.607360-1-gakhil@marvell.com> References: <20220120164804.4163645-1-gakhil@marvell.com> <20220217172341.607360-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: mCarXsF8vOBrT6wxqz5ibS56Ibre430a X-Proofpoint-GUID: mCarXsF8vOBrT6wxqz5ibS56Ibre430a X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-02-17_06,2022-02-17_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org More cases are added in test_inline_ipsec test suite to verify packets having multiple IP(v4/v6) fragments. These fragments are encrypted and then decrypted as per inline IPsec processing and then an attempt is made to reassemble the fragments. The reassembled packet content is matched with the known test vectors. Signed-off-by: Akhil Goyal --- app/test/test_security_inline_proto.c | 147 ++++- app/test/test_security_inline_proto_vectors.h | 592 ++++++++++++++++++ 2 files changed, 738 insertions(+), 1 deletion(-) diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 3fbf8105e1..9c9e34ca0d 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -1037,7 +1037,6 @@ test_reassembly_ipv4_nofrag(void) RTE_SECURITY_IPSEC_TUNNEL_IPV4); } - static int test_ipsec_ipv4_burst_encap_decap(void) { @@ -1052,6 +1051,134 @@ test_ipsec_ipv4_burst_encap_decap(void) RTE_SECURITY_IPSEC_TUNNEL_IPV4); } +static int +test_reassembly_ipv4_2frag(void) +{ + struct reassembly_vector ipv4_2frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p1, + .frags[0] = &pkt_ipv4_udp_p1_f1, + .frags[1] = &pkt_ipv4_udp_p1_f2, + .nb_frags = 2, + }; + test_vector_payload_populate(&pkt_ipv4_udp_p1, true); + test_vector_payload_populate(&pkt_ipv4_udp_p1_f1, true); + test_vector_payload_populate(&pkt_ipv4_udp_p1_f2, false); + + return test_ipsec_encap_decap(&ipv4_2frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_ipv6_2frag(void) +{ + struct reassembly_vector ipv6_2frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv6_udp_p1, + .frags[0] = &pkt_ipv6_udp_p1_f1, + .frags[1] = &pkt_ipv6_udp_p1_f2, + .nb_frags = 2, + }; + test_vector_payload_populate(&pkt_ipv6_udp_p1, true); + test_vector_payload_populate(&pkt_ipv6_udp_p1_f1, true); + test_vector_payload_populate(&pkt_ipv6_udp_p1_f2, false); + + return test_ipsec_encap_decap(&ipv6_2frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV6); +} + +static int +test_reassembly_ipv4_4frag(void) +{ + struct reassembly_vector ipv4_4frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p2, + .frags[0] = &pkt_ipv4_udp_p2_f1, + .frags[1] = &pkt_ipv4_udp_p2_f2, + .frags[2] = &pkt_ipv4_udp_p2_f3, + .frags[3] = &pkt_ipv4_udp_p2_f4, + .nb_frags = 4, + }; + test_vector_payload_populate(&pkt_ipv4_udp_p2, true); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f1, true); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f2, false); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f3, false); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f4, false); + + return test_ipsec_encap_decap(&ipv4_4frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_ipv6_4frag(void) +{ + struct reassembly_vector ipv6_4frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv6_udp_p2, + .frags[0] = &pkt_ipv6_udp_p2_f1, + .frags[1] = &pkt_ipv6_udp_p2_f2, + .frags[2] = &pkt_ipv6_udp_p2_f3, + .frags[3] = &pkt_ipv6_udp_p2_f4, + .nb_frags = 4, + }; + test_vector_payload_populate(&pkt_ipv6_udp_p2, true); + test_vector_payload_populate(&pkt_ipv6_udp_p2_f1, true); + test_vector_payload_populate(&pkt_ipv6_udp_p2_f2, false); + test_vector_payload_populate(&pkt_ipv6_udp_p2_f3, false); + test_vector_payload_populate(&pkt_ipv6_udp_p2_f4, false); + + return test_ipsec_encap_decap(&ipv6_4frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV6); +} + +static int +test_reassembly_ipv4_5frag(void) +{ + struct reassembly_vector ipv4_5frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p3, + .frags[0] = &pkt_ipv4_udp_p3_f1, + .frags[1] = &pkt_ipv4_udp_p3_f2, + .frags[2] = &pkt_ipv4_udp_p3_f3, + .frags[3] = &pkt_ipv4_udp_p3_f4, + .frags[4] = &pkt_ipv4_udp_p3_f5, + .nb_frags = 5, + }; + test_vector_payload_populate(&pkt_ipv4_udp_p3, true); + test_vector_payload_populate(&pkt_ipv4_udp_p3_f1, true); + test_vector_payload_populate(&pkt_ipv4_udp_p3_f2, false); + test_vector_payload_populate(&pkt_ipv4_udp_p3_f3, false); + test_vector_payload_populate(&pkt_ipv4_udp_p3_f4, false); + test_vector_payload_populate(&pkt_ipv4_udp_p3_f5, false); + + return test_ipsec_encap_decap(&ipv4_5frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_ipv6_5frag(void) +{ + struct reassembly_vector ipv6_5frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv6_udp_p3, + .frags[0] = &pkt_ipv6_udp_p3_f1, + .frags[1] = &pkt_ipv6_udp_p3_f2, + .frags[2] = &pkt_ipv6_udp_p3_f3, + .frags[3] = &pkt_ipv6_udp_p3_f4, + .frags[4] = &pkt_ipv6_udp_p3_f5, + .nb_frags = 5, + }; + test_vector_payload_populate(&pkt_ipv6_udp_p3, true); + test_vector_payload_populate(&pkt_ipv6_udp_p3_f1, true); + test_vector_payload_populate(&pkt_ipv6_udp_p3_f2, false); + test_vector_payload_populate(&pkt_ipv6_udp_p3_f3, false); + test_vector_payload_populate(&pkt_ipv6_udp_p3_f4, false); + test_vector_payload_populate(&pkt_ipv6_udp_p3_f5, false); + + return test_ipsec_encap_decap(&ipv6_5frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV6); +} + static struct unit_test_suite inline_ipsec_testsuite = { .suite_name = "Inline IPsec Ethernet Device Unit Test Suite", .setup = testsuite_setup, @@ -1069,6 +1196,24 @@ static struct unit_test_suite inline_ipsec_testsuite = { TEST_CASE_ST(ut_setup_inline_ipsec, ut_teardown_inline_ipsec, test_ipsec_ipv4_burst_encap_decap), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv4_2frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv6_2frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv4_4frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv6_4frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv4_5frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv6_5frag), TEST_CASES_END() /**< NULL terminate unit test array */ } diff --git a/app/test/test_security_inline_proto_vectors.h b/app/test/test_security_inline_proto_vectors.h index 2ee1b3fc41..d12bd2fcf0 100644 --- a/app/test/test_security_inline_proto_vectors.h +++ b/app/test/test_security_inline_proto_vectors.h @@ -4,6 +4,47 @@ #ifndef _TEST_INLINE_IPSEC_REASSEMBLY_VECTORS_H_ #define _TEST_INLINE_IPSEC_REASSEMBLY_VECTORS_H_ +/* The source file includes below test vectors */ +/* IPv6: + * + * 1) pkt_ipv6_udp_p1 + * pkt_ipv6_udp_p1_f1 + * pkt_ipv6_udp_p1_f2 + * + * 2) pkt_ipv6_udp_p2 + * pkt_ipv6_udp_p2_f1 + * pkt_ipv6_udp_p2_f2 + * pkt_ipv6_udp_p2_f3 + * pkt_ipv6_udp_p2_f4 + * + * 3) pkt_ipv6_udp_p3 + * pkt_ipv6_udp_p3_f1 + * pkt_ipv6_udp_p3_f2 + * pkt_ipv6_udp_p3_f3 + * pkt_ipv6_udp_p3_f4 + * pkt_ipv6_udp_p3_f5 + */ + +/* IPv4: + * + * 1) pkt_ipv4_udp_p1 + * pkt_ipv4_udp_p1_f1 + * pkt_ipv4_udp_p1_f2 + * + * 2) pkt_ipv4_udp_p2 + * pkt_ipv4_udp_p2_f1 + * pkt_ipv4_udp_p2_f2 + * pkt_ipv4_udp_p2_f3 + * pkt_ipv4_udp_p2_f4 + * + * 3) pkt_ipv4_udp_p3 + * pkt_ipv4_udp_p3_f1 + * pkt_ipv4_udp_p3_f2 + * pkt_ipv4_udp_p3_f3 + * pkt_ipv4_udp_p3_f4 + * pkt_ipv4_udp_p3_f5 + */ + #define MAX_FRAG_LEN 1500 #define MAX_FRAGS 6 #define MAX_PKT_LEN (MAX_FRAG_LEN * MAX_FRAGS) @@ -45,6 +86,557 @@ struct reassembly_vector { bool burst; }; +struct ipsec_test_packet pkt_ipv6_udp_p1 = { + .len = 1514, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0xb4, 0x2C, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x05, 0xb4, 0x2b, 0xe8, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p1_f1 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x00, 0x01, 0x5c, 0x92, 0xac, 0xf1, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x05, 0xb4, 0x2b, 0xe8, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p1_f2 = { + .len = 186, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x84, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x05, 0x38, 0x5c, 0x92, 0xac, 0xf1, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2 = { + .len = 4496, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x11, 0x5a, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x11, 0x5a, 0x8a, 0x11, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2_f1 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x00, 0x01, 0x64, 0x6c, 0x68, 0x9f, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x11, 0x5a, 0x8a, 0x11, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2_f2 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x05, 0x39, 0x64, 0x6c, 0x68, 0x9f, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2_f3 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x0a, 0x71, 0x64, 0x6c, 0x68, 0x9f, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2_f4 = { + .len = 496, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x01, 0xba, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x0f, 0xa8, 0x64, 0x6c, 0x68, 0x9f, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3 = { + .len = 5796, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x16, 0x6e, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x16, 0x6e, 0x2f, 0x99, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f1 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x00, 0x01, 0x65, 0xcf, 0x5a, 0xae, + + /* UDP */ + 0x80, 0x00, 0x27, 0x10, 0x16, 0x6e, 0x2f, 0x99, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f2 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x05, 0x39, 0x65, 0xcf, 0x5a, 0xae, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f3 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x0a, 0x71, 0x65, 0xcf, 0x5a, 0xae, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f4 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x0f, 0xa9, 0x65, 0xcf, 0x5a, 0xae, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f5 = { + .len = 460, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x01, 0x96, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x14, 0xe0, 0x65, 0xcf, 0x5a, 0xae, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p1 = { + .len = 1514, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0xdc, 0x00, 0x01, 0x00, 0x00, + 0x40, 0x11, 0x66, 0x0d, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x05, 0xc8, 0xb8, 0x4c, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p1_f1 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x01, 0x20, 0x00, + 0x40, 0x11, 0x46, 0x5d, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x05, 0xc8, 0xb8, 0x4c, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p1_f2 = { + .len = 114, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x64, 0x00, 0x01, 0x00, 0xaf, + 0x40, 0x11, 0x6a, 0xd6, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2 = { + .len = 4496, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x11, 0x82, 0x00, 0x02, 0x00, 0x00, + 0x40, 0x11, 0x5a, 0x66, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x11, 0x6e, 0x16, 0x76, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2_f1 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x02, 0x20, 0x00, + 0x40, 0x11, 0x46, 0x5c, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x11, 0x6e, 0x16, 0x76, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2_f2 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x02, 0x20, 0xaf, + 0x40, 0x11, 0x45, 0xad, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2_f3 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x02, 0x21, 0x5e, + 0x40, 0x11, 0x44, 0xfe, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2_f4 = { + .len = 296, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x01, 0x1a, 0x00, 0x02, 0x02, 0x0d, + 0x40, 0x11, 0x68, 0xc1, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3 = { + .len = 5796, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x16, 0x96, 0x00, 0x03, 0x00, 0x00, + 0x40, 0x11, 0x55, 0x51, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x16, 0x82, 0xbb, 0xfd, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f1 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x03, 0x20, 0x00, + 0x40, 0x11, 0x46, 0x5b, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x80, 0x00, 0x27, 0x10, 0x16, 0x82, 0xbb, 0xfd, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f2 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x03, 0x20, 0xaf, + 0x40, 0x11, 0x45, 0xac, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f3 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x03, 0x21, 0x5e, + 0x40, 0x11, 0x44, 0xfd, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f4 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x03, 0x22, 0x0d, + 0x40, 0x11, 0x44, 0x4e, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f5 = { + .len = 196, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xb6, 0x00, 0x03, 0x02, 0xbc, + 0x40, 0x11, 0x68, 0x75, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + struct ipsec_test_packet pkt_ipv4_plain = { .len = 76, .l2_offset = 0, From patchwork Thu Feb 17 17:23:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 107771 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EF210A0032; Thu, 17 Feb 2022 18:24:24 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D9E9A41158; Thu, 17 Feb 2022 18:24:13 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 0E8CE41157 for ; Thu, 17 Feb 2022 18:24:11 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 21HGG9Lk013894; Thu, 17 Feb 2022 09:24:08 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=hCZGDY8tqgwwJ0N1cWWJhyjzf2bG4xvdlyjS4W70ldo=; b=UlAbb4ZLnoe1Z8qmZeFGf3v9M9VVHYMnSRWo3VP+uoeExCpasv3+4n5C+4vuWlwsZNIU kC7uqMNOlA6PXbYW1ciwX+deoEfTAKT7JD+t99v64dz3JgJtOwHivd3TFI9RG9WVwzuF wWC8+3Nx5guPNWyUJr9raYqP9vqaupn1vmUlVPORxvJKvHv0NpOYG6BFe6f7kl5uE/dN HjN68zHjnFcy1tS5TCRVRoKidLOtCogB+G+F7n/J1nlx+ChD0EmvEGrZygA6snOGob9q pQLKtouhnL04al7X8nKI1G1cDTGRWkNdvzdQ6h1KIBlTmXRv7TP6XrM/zcD1vQ4hNFWQ 4g== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3e9sqrgb6f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 17 Feb 2022 09:24:07 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 17 Feb 2022 09:24:06 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 17 Feb 2022 09:24:06 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id ACC2C3F708A; Thu, 17 Feb 2022 09:24:02 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , , Akhil Goyal Subject: [PATCH v3 4/4] app/test: add IP reassembly negative cases Date: Thu, 17 Feb 2022 22:53:41 +0530 Message-ID: <20220217172341.607360-5-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220217172341.607360-1-gakhil@marvell.com> References: <20220120164804.4163645-1-gakhil@marvell.com> <20220217172341.607360-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: UWwEOJFSzKd5sUxjNhluS9sLCVjDo3Bj X-Proofpoint-GUID: UWwEOJFSzKd5sUxjNhluS9sLCVjDo3Bj X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-02-17_06,2022-02-17_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org test_inline_ipsec testsuite is added with cases where the IP reassembly is incomplete and software will need to reassemble them later. The failure cases added are: - all fragments are not received. - same fragment is received more than once. - out of order fragments. Signed-off-by: Akhil Goyal --- app/test/test_security_inline_proto.c | 71 +++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 9c9e34ca0d..cae8b083bc 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -1179,6 +1179,68 @@ test_reassembly_ipv6_5frag(void) RTE_SECURITY_IPSEC_TUNNEL_IPV6); } +static int +test_reassembly_incomplete(void) +{ + /* Negative test case, not sending all fragments. */ + struct reassembly_vector ipv4_incomplete_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p2, + .frags[0] = &pkt_ipv4_udp_p2_f1, + .frags[1] = &pkt_ipv4_udp_p2_f2, + .nb_frags = 2, + }; + test_vector_payload_populate(&pkt_ipv4_udp_p2, true); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f1, true); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f2, false); + + return test_ipsec_encap_decap(&ipv4_incomplete_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_overlap(void) +{ + /* Negative test case, sending 1 fragment twice. */ + struct reassembly_vector ipv4_overlap_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p1, + .frags[0] = &pkt_ipv4_udp_p1_f1, + .frags[1] = &pkt_ipv4_udp_p1_f1, /* Overlap */ + .frags[2] = &pkt_ipv4_udp_p1_f2, + .nb_frags = 3, + }; + test_vector_payload_populate(&pkt_ipv4_udp_p2, true); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f1, true); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f2, false); + + return test_ipsec_encap_decap(&ipv4_overlap_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_out_of_order(void) +{ + /* Negative test case, out of order fragments. */ + struct reassembly_vector ipv4_ooo_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p2, + .frags[0] = &pkt_ipv4_udp_p2_f1, + .frags[1] = &pkt_ipv4_udp_p2_f3, + .frags[2] = &pkt_ipv4_udp_p2_f4, + .frags[3] = &pkt_ipv4_udp_p2_f2, + .nb_frags = 4, + }; + test_vector_payload_populate(&pkt_ipv4_udp_p2, true); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f1, true); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f2, false); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f3, false); + test_vector_payload_populate(&pkt_ipv4_udp_p2_f4, false); + + return test_ipsec_encap_decap(&ipv4_ooo_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + static struct unit_test_suite inline_ipsec_testsuite = { .suite_name = "Inline IPsec Ethernet Device Unit Test Suite", .setup = testsuite_setup, @@ -1214,6 +1276,15 @@ static struct unit_test_suite inline_ipsec_testsuite = { TEST_CASE_ST(ut_setup_inline_ipsec, ut_teardown_inline_ipsec, test_reassembly_ipv6_5frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_incomplete), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_overlap), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_out_of_order), TEST_CASES_END() /**< NULL terminate unit test array */ }