From patchwork Mon Jan 3 15:08:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 105576 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 874F6A04A3; Mon, 3 Jan 2022 16:08:42 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 57A22410E0; Mon, 3 Jan 2022 16:08:41 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 897074069F for ; Mon, 3 Jan 2022 16:08:39 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 2037tVUC029250; Mon, 3 Jan 2022 07:08:37 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=UDF/kwG/ou8SIjIDgcfAhSL3dAl0RGzW1PrCA9M0nBQ=; b=cEH8IN31sbnDOq6VikArq4xG1ThCMxShSEOGdDGltZ/o3ei1G1VBxMnON/oBj/QkPNd7 G44YJMzKEsUgb0mzaYyDpVA851PhjtuwM7vQTti9qNoOc4I3dwUugFfsqDh3K6C63Nn5 yTf/bXRvKjOU6YCAzZM0yx09OZm+QKq9jNItfLaYftXGywibtyEn6XV4oVY7A67gqzbG kTS1Y+YdSMnkxG91zOuMOeOFuZSANhC2YJYFBKFqsD/FFkJfpbHQES88RE0TihobD36z znz/mDSlBnBAHHsp41YLkcnm6bz5EFoklD6A54ehhrGJqsO5ywmHbZpLLsm6bqDOw4tn 5Q== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3dbw5w6mn1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jan 2022 07:08:37 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 3 Jan 2022 07:08:35 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 3 Jan 2022 07:08:35 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id AE7FC3F70A9; Mon, 3 Jan 2022 07:08:31 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , Akhil Goyal Subject: [PATCH 1/8] ethdev: introduce IP reassembly offload Date: Mon, 3 Jan 2022 20:38:06 +0530 Message-ID: <20220103150813.1694888-2-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220103150813.1694888-1-gakhil@marvell.com> References: <20210823100259.1619886-1-gakhil@marvell.com> <20220103150813.1694888-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: DScuw4DURZV6zyA64O7l_XQMtRi_oknu X-Proofpoint-GUID: DScuw4DURZV6zyA64O7l_XQMtRi_oknu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-03_06,2022-01-01_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org IP Reassembly is a costly operation if it is done in software. The operation becomes even more costlier if IP fragmants are encrypted. However, if it is offloaded to HW, it can considerably save application cycles. Hence, a new offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is introduced in ethdev for devices which can attempt reassembly of packets in hardware. rte_eth_dev_info is updated with the reassembly capabilities which a device can support. The resulting reassembled packet would be a typical segmented mbuf in case of success. And if reassembly of fragments is failed or is incomplete (if fragments do not come before the reass_timeout), the mbuf ol_flags can be updated. This is updated in a subsequent patch. Signed-off-by: Akhil Goyal Acked-by: Konstantin Ananyev --- doc/guides/nics/features.rst | 12 ++++++++++++ lib/ethdev/rte_ethdev.c | 1 + lib/ethdev/rte_ethdev.h | 32 +++++++++++++++++++++++++++++++- 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/doc/guides/nics/features.rst b/doc/guides/nics/features.rst index 27be2d2576..1dfdee9602 100644 --- a/doc/guides/nics/features.rst +++ b/doc/guides/nics/features.rst @@ -602,6 +602,18 @@ Supports inner packet L4 checksum. ``tx_offload_capa,tx_queue_offload_capa:RTE_ETH_TX_OFFLOAD_OUTER_UDP_CKSUM``. +.. _nic_features_ip_reassembly: + +IP reassembly +------------- + +Supports IP reassembly in hardware. + +* **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY``. +* **[provides] mbuf**: ``mbuf.ol_flags:RTE_MBUF_F_RX_IP_REASSEMBLY_INCOMPLETE``. +* **[provides] rte_eth_dev_info**: ``reass_capa``. + + .. _nic_features_shared_rx_queue: Shared Rx queue diff --git a/lib/ethdev/rte_ethdev.c b/lib/ethdev/rte_ethdev.c index a1d475a292..d9a03f12f9 100644 --- a/lib/ethdev/rte_ethdev.c +++ b/lib/ethdev/rte_ethdev.c @@ -126,6 +126,7 @@ static const struct { RTE_RX_OFFLOAD_BIT2STR(OUTER_UDP_CKSUM), RTE_RX_OFFLOAD_BIT2STR(RSS_HASH), RTE_RX_OFFLOAD_BIT2STR(BUFFER_SPLIT), + RTE_RX_OFFLOAD_BIT2STR(IP_REASSEMBLY), }; #undef RTE_RX_OFFLOAD_BIT2STR diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h index fa299c8ad7..11427b2e4d 100644 --- a/lib/ethdev/rte_ethdev.h +++ b/lib/ethdev/rte_ethdev.h @@ -1586,6 +1586,7 @@ struct rte_eth_conf { #define RTE_ETH_RX_OFFLOAD_RSS_HASH RTE_BIT64(19) #define DEV_RX_OFFLOAD_RSS_HASH RTE_ETH_RX_OFFLOAD_RSS_HASH #define RTE_ETH_RX_OFFLOAD_BUFFER_SPLIT RTE_BIT64(20) +#define RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY RTE_BIT64(21) #define RTE_ETH_RX_OFFLOAD_CHECKSUM (RTE_ETH_RX_OFFLOAD_IPV4_CKSUM | \ RTE_ETH_RX_OFFLOAD_UDP_CKSUM | \ @@ -1781,6 +1782,33 @@ enum rte_eth_representor_type { RTE_ETH_REPRESENTOR_PF, /**< representor of Physical Function. */ }; +/* Flag to offload IP reassembly for IPv4 packets. */ +#define RTE_ETH_DEV_REASSEMBLY_F_IPV4 (RTE_BIT32(0)) +/* Flag to offload IP reassembly for IPv6 packets. */ +#define RTE_ETH_DEV_REASSEMBLY_F_IPV6 (RTE_BIT32(1)) +/** + * @warning + * @b EXPERIMENTAL: this structure may change without prior notice. + * + * A structure used to set IP reassembly configuration. + * + * If RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY flag is set in offloads field, + * the PMD will attempt IP reassembly for the received packets as per + * properties defined in this structure: + * + */ +struct rte_eth_ip_reass_params { + /** Maximum time in ms which PMD can wait for other fragments. */ + uint32_t reass_timeout; + /** Maximum number of fragments that can be reassembled. */ + uint16_t max_frags; + /** + * Flags to enable reassembly of packet types - + * RTE_ETH_DEV_REASSEMBLY_F_xxx. + */ + uint16_t flags; +}; + /** * A structure used to retrieve the contextual information of * an Ethernet device, such as the controlling driver of the @@ -1841,8 +1869,10 @@ struct rte_eth_dev_info { * embedded managed interconnect/switch. */ struct rte_eth_switch_info switch_info; + /** IP reassembly offload capabilities that a device can support. */ + struct rte_eth_ip_reass_params reass_capa; - uint64_t reserved_64s[2]; /**< Reserved for future fields */ + uint64_t reserved_64s[1]; /**< Reserved for future fields */ void *reserved_ptrs[2]; /**< Reserved for future fields */ }; From patchwork Mon Jan 3 15:08:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 105577 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CFA68A04A3; Mon, 3 Jan 2022 16:08:47 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5A1E441148; Mon, 3 Jan 2022 16:08:44 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 71A1D41147 for ; Mon, 3 Jan 2022 16:08:42 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 203CaiOA024063; Mon, 3 Jan 2022 07:08:40 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=lU/Sg/voS9Qilz4GaOPR8SbmHvQb+dILuMkoZ+bwxwY=; b=SVfZXU6wN3xcSmZV74wCQ8dEJ+0Vdtz6zPkrOkN7GH54vwH1wA5cyYSuom7PB/Trcaiw zx7wnsKsSJSZJyWu7+kxEYe2fmGfNk3KG5c+LaHV3H8noK/WkWnyitumEw1CZtw4tY52 DaA1gqYMVfJRWXR+WVfqQg0XEama6nnJPGDHM8oxNcxcmXJf7S7ysANon0bI7rQTzDtQ grDK5d0ezJmLWzDsFaaEzaFjzo2n34Ro7HycFrKk/aI7am7gFKmU0R4QrkeXPeLKAIdT 66MTbKaYiRciDfj2WSKHbkNqFOif0YOTMLzbHzilgX9kouTBUR6xRbxg/f6VMGyLfuwN mQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3dbmvswf97-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jan 2022 07:08:40 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 3 Jan 2022 07:08:39 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 3 Jan 2022 07:08:39 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id AAB263F7095; Mon, 3 Jan 2022 07:08:35 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , Akhil Goyal Subject: [PATCH 2/8] ethdev: add dev op for IP reassembly configuration Date: Mon, 3 Jan 2022 20:38:07 +0530 Message-ID: <20220103150813.1694888-3-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220103150813.1694888-1-gakhil@marvell.com> References: <20210823100259.1619886-1-gakhil@marvell.com> <20220103150813.1694888-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: a9J0H2sfedvGpTuZCeiVBQPc9ZZroZRW X-Proofpoint-GUID: a9J0H2sfedvGpTuZCeiVBQPc9ZZroZRW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-03_06,2022-01-01_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org A new ethernet device op is added to give application control over the IP reassembly configuration. This operation is an optional call from the application, default values are set by PMD and exposed via rte_eth_dev_info. Application should always first retreive the capabilities from rte_eth_dev_info and then set the fields accordingly. Signed-off-by: Akhil Goyal --- lib/ethdev/ethdev_driver.h | 19 +++++++++++++++++++ lib/ethdev/rte_ethdev.c | 30 ++++++++++++++++++++++++++++++ lib/ethdev/rte_ethdev.h | 28 ++++++++++++++++++++++++++++ lib/ethdev/version.map | 3 +++ 4 files changed, 80 insertions(+) diff --git a/lib/ethdev/ethdev_driver.h b/lib/ethdev/ethdev_driver.h index d95605a355..0ed53c14f3 100644 --- a/lib/ethdev/ethdev_driver.h +++ b/lib/ethdev/ethdev_driver.h @@ -990,6 +990,22 @@ typedef int (*eth_representor_info_get_t)(struct rte_eth_dev *dev, typedef int (*eth_rx_metadata_negotiate_t)(struct rte_eth_dev *dev, uint64_t *features); +/** + * @internal + * Set configuration parameters for enabling IP reassembly offload in hardware. + * + * @param dev + * Port (ethdev) handle + * + * @param[in] conf + * Configuration parameters for IP reassembly. + * + * @return + * Negative errno value on error, zero otherwise + */ +typedef int (*eth_ip_reassembly_conf_set_t)(struct rte_eth_dev *dev, + struct rte_eth_ip_reass_params *conf); + /** * @internal A structure containing the functions exported by an Ethernet driver. */ @@ -1186,6 +1202,9 @@ struct eth_dev_ops { * kinds of metadata to the PMD */ eth_rx_metadata_negotiate_t rx_metadata_negotiate; + + /** Set IP reassembly configuration */ + eth_ip_reassembly_conf_set_t ip_reassembly_conf_set; }; /** diff --git a/lib/ethdev/rte_ethdev.c b/lib/ethdev/rte_ethdev.c index d9a03f12f9..ecc6c1fe37 100644 --- a/lib/ethdev/rte_ethdev.c +++ b/lib/ethdev/rte_ethdev.c @@ -6473,6 +6473,36 @@ rte_eth_rx_metadata_negotiate(uint16_t port_id, uint64_t *features) (*dev->dev_ops->rx_metadata_negotiate)(dev, features)); } +int +rte_eth_ip_reassembly_conf_set(uint16_t port_id, + struct rte_eth_ip_reass_params *conf) +{ + struct rte_eth_dev *dev; + + RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV); + dev = &rte_eth_devices[port_id]; + + if ((dev->data->dev_conf.rxmode.offloads & + RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY) == 0) { + RTE_ETHDEV_LOG(ERR, + "The port (ID=%"PRIu16") is not configured for IP reassembly\n", + port_id); + return -EINVAL; + } + + + if (conf == NULL) { + RTE_ETHDEV_LOG(ERR, + "Invalid IP reassembly configuration (NULL)\n"); + return -EINVAL; + } + + RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->ip_reassembly_conf_set, + -ENOTSUP); + return eth_err(port_id, + (*dev->dev_ops->ip_reassembly_conf_set)(dev, conf)); +} + RTE_LOG_REGISTER_DEFAULT(rte_eth_dev_logtype, INFO); RTE_INIT(ethdev_init_telemetry) diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h index 11427b2e4d..891f9a6e06 100644 --- a/lib/ethdev/rte_ethdev.h +++ b/lib/ethdev/rte_ethdev.h @@ -5218,6 +5218,34 @@ int rte_eth_representor_info_get(uint16_t port_id, __rte_experimental int rte_eth_rx_metadata_negotiate(uint16_t port_id, uint64_t *features); +/** + * @warning + * @b EXPERIMENTAL: this API may change without prior notice + * + * Set IP reassembly configuration parameters if device rx offload + * flag (RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY) is enabled and the PMD + * supports IP reassembly offload. User should first check the + * reass_capa in rte_eth_dev_info before setting the configuration. + * The values of configuration parameters must not exceed the device + * capabilities. The use of this API is optional and if called, it + * should be called before rte_eth_dev_start(). + * + * @param port_id + * The port identifier of the device. + * @param conf + * A pointer to rte_eth_ip_reass_params structure. + * @return + * - (-ENOTSUP) if offload configuration is not supported by device. + * - (-EINVAL) if offload is not enabled in rte_eth_conf. + * - (-ENODEV) if *port_id* invalid. + * - (-EIO) if device is removed. + * - (0) on success. + */ +__rte_experimental +int rte_eth_ip_reassembly_conf_set(uint16_t port_id, + struct rte_eth_ip_reass_params *conf); + + #include /** diff --git a/lib/ethdev/version.map b/lib/ethdev/version.map index c2fb0669a4..f08fe72044 100644 --- a/lib/ethdev/version.map +++ b/lib/ethdev/version.map @@ -256,6 +256,9 @@ EXPERIMENTAL { rte_flow_flex_item_create; rte_flow_flex_item_release; rte_flow_pick_transfer_proxy; + + #added in 22.03 + rte_eth_ip_reassembly_conf_set; }; INTERNAL { From patchwork Mon Jan 3 15:08:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 105578 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D86DEA04A3; Mon, 3 Jan 2022 16:08:53 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8DEFB4114A; Mon, 3 Jan 2022 16:08:48 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 4EB4741140 for ; Mon, 3 Jan 2022 16:08:46 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 203CYssE024887; Mon, 3 Jan 2022 07:08:44 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=mKGWMUszaF/3HqAKOR01CZWPOBfRBsNVTwEfZRNEXW0=; b=E+SEbs6us45ufBb4SUesjKOKPPdq7+Nq+QphIcW0F6UPswZDjq6VHVVhBXzf+CVYODrC 1lV6e/Ot4uLId4peBxL49Pn0HLpihTVn6iYtzNkz4rSlKSU7XdpnsUCxiE0ooeXL3pZk sscZvYv4qAK0ZQVIR6E5RQqqukt6C/IJJzfbfF/V5iAn56Rem4ikkXeqVFgFsdHUudIE AjYUbIouxxCs3pVvq/Nkj4spIdfNeQhKMNESMnTDnPseV4C+2UtBadjbCIp3fZF9qdU6 djt1UKU7iZ44DKOeAH5110rrlI1n4+oTX5wI/ayYbbM4laBYekiDqNfF5ymT5ylS8kJb WA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3dbmvswf9c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jan 2022 07:08:44 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 3 Jan 2022 07:08:43 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 3 Jan 2022 07:08:43 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id A6CD13F70A9; Mon, 3 Jan 2022 07:08:39 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , Akhil Goyal Subject: [PATCH 3/8] ethdev: add mbuf dynfield for incomplete IP reassembly Date: Mon, 3 Jan 2022 20:38:08 +0530 Message-ID: <20220103150813.1694888-4-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220103150813.1694888-1-gakhil@marvell.com> References: <20210823100259.1619886-1-gakhil@marvell.com> <20220103150813.1694888-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: zrpnrIphG8LezQAY7D3EiedDNxx590ES X-Proofpoint-GUID: zrpnrIphG8LezQAY7D3EiedDNxx590ES X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-03_06,2022-01-01_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hardware IP reassembly may be incomplete for multiple reasons like reassembly timeout reached, duplicate fragments, etc. To save application cycles to process these packets again, a new mbuf ol_flag (RTE_MBUF_F_RX_IPREASSEMBLY_INCOMPLETE) is added to show that the mbuf received is not reassembled properly. Now if this flag is set, application can retreive corresponding chain of mbufs using mbuf dynfield set by the PMD. Now, it will be upto application to either drop those fragments or wait for more time. Signed-off-by: Akhil Goyal --- lib/ethdev/ethdev_driver.h | 8 ++++++ lib/ethdev/rte_ethdev.c | 16 +++++++++++ lib/ethdev/rte_ethdev.h | 57 ++++++++++++++++++++++++++++++++++++++ lib/ethdev/version.map | 2 ++ lib/mbuf/rte_mbuf_core.h | 3 +- 5 files changed, 85 insertions(+), 1 deletion(-) diff --git a/lib/ethdev/ethdev_driver.h b/lib/ethdev/ethdev_driver.h index 0ed53c14f3..9a0bab9a61 100644 --- a/lib/ethdev/ethdev_driver.h +++ b/lib/ethdev/ethdev_driver.h @@ -1671,6 +1671,14 @@ int rte_eth_hairpin_queue_peer_unbind(uint16_t cur_port, uint16_t cur_queue, uint32_t direction); +/** + * @internal + * Register mbuf dynamic field for IP reassembly incomplete case. + */ +__rte_internal +int +rte_eth_ip_reass_dynfield_register(void); + /* * Legacy ethdev API used internally by drivers. diff --git a/lib/ethdev/rte_ethdev.c b/lib/ethdev/rte_ethdev.c index ecc6c1fe37..d53ce4eaca 100644 --- a/lib/ethdev/rte_ethdev.c +++ b/lib/ethdev/rte_ethdev.c @@ -6503,6 +6503,22 @@ rte_eth_ip_reassembly_conf_set(uint16_t port_id, (*dev->dev_ops->ip_reassembly_conf_set)(dev, conf)); } +#define RTE_ETH_IP_REASS_DYNFIELD_NAME "rte_eth_ip_reass_dynfield" +int rte_eth_ip_reass_dynfield_offset = -1; + +int +rte_eth_ip_reass_dynfield_register(void) +{ + static const struct rte_mbuf_dynfield dynfield_desc = { + .name = RTE_ETH_IP_REASS_DYNFIELD_NAME, + .size = sizeof(rte_eth_ip_reass_dynfield_t), + .align = __alignof__(rte_eth_ip_reass_dynfield_t), + }; + rte_eth_ip_reass_dynfield_offset = + rte_mbuf_dynfield_register(&dynfield_desc); + return rte_eth_ip_reass_dynfield_offset; +} + RTE_LOG_REGISTER_DEFAULT(rte_eth_dev_logtype, INFO); RTE_INIT(ethdev_init_telemetry) diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h index 891f9a6e06..c4024d2265 100644 --- a/lib/ethdev/rte_ethdev.h +++ b/lib/ethdev/rte_ethdev.h @@ -5245,6 +5245,63 @@ __rte_experimental int rte_eth_ip_reassembly_conf_set(uint16_t port_id, struct rte_eth_ip_reass_params *conf); +/** + * In case of IP reassembly offload failure, ol_flags in mbuf will be set + * with RTE_MBUF_F_RX_IPREASSEMBLY_INCOMPLETE and packets will be returned + * without alteration. The application can retrieve the attached fragments + * using mbuf dynamic field. + */ +typedef struct { + /** + * Next fragment packet. Application should fetch dynamic field of + * each fragment until a NULL is received and nb_frags is 0. + */ + struct rte_mbuf *next_frag; + /** Time spent(in ms) by HW in waiting for further fragments. */ + uint16_t time_spent; + /** Number of more fragments attached in mbuf dynamic fields. */ + uint16_t nb_frags; +} rte_eth_ip_reass_dynfield_t; + +extern int rte_eth_ip_reass_dynfield_offset; + +/** + * @warning + * @b EXPERIMENTAL: this API may change without prior notice + * + * Get pointer to mbuf dynamic field for getting incomplete + * reassembled fragments. + * + * For performance reason, no check is done, + * the dynamic field may not be registered. + * @see rte_eth_ip_reass_dynfield_is_registered + * + * @param mbuf packet to access + * @return pointer to mbuf dynamic field + */ +__rte_experimental +static inline rte_eth_ip_reass_dynfield_t * +rte_eth_ip_reass_dynfield(struct rte_mbuf *mbuf) +{ + return RTE_MBUF_DYNFIELD(mbuf, + rte_eth_ip_reass_dynfield_offset, + rte_eth_ip_reass_dynfield_t *); +} + +/** + * @warning + * @b EXPERIMENTAL: this API may change without prior notice + * + * Check whether the dynamic field is registered. + * + * @return true if rte_eth_ip_reass_dynfield_register() has been called. + */ +__rte_experimental +static inline bool rte_eth_ip_reass_dynfield_is_registered(void) +{ + return rte_eth_ip_reass_dynfield_offset >= 0; +} + #include diff --git a/lib/ethdev/version.map b/lib/ethdev/version.map index f08fe72044..e824b776b1 100644 --- a/lib/ethdev/version.map +++ b/lib/ethdev/version.map @@ -259,6 +259,7 @@ EXPERIMENTAL { #added in 22.03 rte_eth_ip_reassembly_conf_set; + rte_eth_ip_reass_dynfield_offset; }; INTERNAL { @@ -282,6 +283,7 @@ INTERNAL { rte_eth_hairpin_queue_peer_bind; rte_eth_hairpin_queue_peer_unbind; rte_eth_hairpin_queue_peer_update; + rte_eth_ip_reass_dynfield_register; rte_eth_representor_id_get; rte_eth_switch_domain_alloc; rte_eth_switch_domain_free; diff --git a/lib/mbuf/rte_mbuf_core.h b/lib/mbuf/rte_mbuf_core.h index 321a419c71..2cd1f95ae4 100644 --- a/lib/mbuf/rte_mbuf_core.h +++ b/lib/mbuf/rte_mbuf_core.h @@ -233,10 +233,11 @@ extern "C" { #define PKT_RX_OUTER_L4_CKSUM_INVALID \ RTE_DEPRECATED(PKT_RX_OUTER_L4_CKSUM_INVALID) \ RTE_MBUF_F_RX_OUTER_L4_CKSUM_INVALID +#define RTE_MBUF_F_RX_IPREASSEMBLY_INCOMPLETE (1ULL << 23) /* add new RX flags here, don't forget to update RTE_MBUF_F_FIRST_FREE */ -#define RTE_MBUF_F_FIRST_FREE (1ULL << 23) +#define RTE_MBUF_F_FIRST_FREE (1ULL << 24) #define PKT_FIRST_FREE RTE_DEPRECATED(PKT_FIRST_FREE) RTE_MBUF_F_FIRST_FREE #define RTE_MBUF_F_LAST_FREE (1ULL << 40) #define PKT_LAST_FREE RTE_DEPRECATED(PKT_LAST_FREE) RTE_MBUF_F_LAST_FREE From patchwork Mon Jan 3 15:08:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 105579 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EEA0EA04A3; Mon, 3 Jan 2022 16:09:00 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1645541151; Mon, 3 Jan 2022 16:08:52 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 7768E41157 for ; Mon, 3 Jan 2022 16:08:50 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 203CKtEQ014034; Mon, 3 Jan 2022 07:08:48 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=XSe2LylU43TrfcMxzyMFSgvnN8CVyUa1EQyTsnnTuUc=; b=Hl0eI9u/uvN7zKlNdc8fu4zvlZLdiTo+NZFcCwg86IBv9Azpi2HiN8MBblQpXiybnqLN iAMhQIUUAJfht86LtLcjcpo9co6WLp67gcQlAHQu9/Ol0UbNfFAfc4t65mYX4ND4+Aai DnXh7FSv920QDoGipzNJ+GFkEhR/DJc4odmAcV+G6mSMV6X92DmBywcrCJO0m/dveajE D72tu262XAHg3UmCHOo/L/vgUFN1NCYw1YFnGVFP+bbreNHkLiVGjANGdXaAHuRIaCwV P/PfaZbzEJbkCW4169RnORQrukKw3FjoxV3jWkaNOCOL3XY2wjiju+BHZuUzBngnrxXm 9A== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3dbmvswf9j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jan 2022 07:08:48 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 3 Jan 2022 07:08:47 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 3 Jan 2022 07:08:47 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id A2A353F7095; Mon, 3 Jan 2022 07:08:43 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , Akhil Goyal Subject: [PATCH 4/8] security: add IPsec option for IP reassembly Date: Mon, 3 Jan 2022 20:38:09 +0530 Message-ID: <20220103150813.1694888-5-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220103150813.1694888-1-gakhil@marvell.com> References: <20210823100259.1619886-1-gakhil@marvell.com> <20220103150813.1694888-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 8KcPi5FeMDLfysfzvMVD7C1H_oz-LTsq X-Proofpoint-GUID: 8KcPi5FeMDLfysfzvMVD7C1H_oz-LTsq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-03_06,2022-01-01_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org A new option is added in IPsec to enable and attempt reassembly of inbound packets. Signed-off-by: Akhil Goyal --- lib/security/rte_security.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 1228b6c8b1..168b837a82 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -264,6 +264,16 @@ struct rte_security_ipsec_sa_options { */ uint32_t l4_csum_enable : 1; + /** Enable reassembly on incoming packets. + * + * * 1: Enable driver to try reassembly of encrypted IP packets for + * this SA, if supported by the driver. This feature will work + * only if rx_offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is set in + * inline Ethernet device. + * * 0: Disable reassembly of packets (default). + */ + uint32_t reass_en : 1; + /** Reserved bit fields for future extension * * User should ensure reserved_opts is cleared as it may change in @@ -271,7 +281,7 @@ struct rte_security_ipsec_sa_options { * * Note: Reduce number of bits in reserved_opts for every new option. */ - uint32_t reserved_opts : 18; + uint32_t reserved_opts : 17; }; /** IPSec security association direction */ From patchwork Mon Jan 3 15:08:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 105580 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5ED22A04A3; Mon, 3 Jan 2022 16:09:07 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 20DFB41153; Mon, 3 Jan 2022 16:08:56 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 9C3EB41152 for ; Mon, 3 Jan 2022 16:08:54 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 203CCe1M013971; Mon, 3 Jan 2022 07:08:52 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Fmwyo8Lfzr2/kwgrgOdM1uHMHH3GfInBhn9aU1872jA=; b=doBUeExjaPAQoaWfINkQ4g/LbFNEQGD7J3yinkjFsqe86fGyPPQorAPga8jPVstMe65w B7Y5LmbgHGnrFOQpSqX8QW02IkQcPtQrBZt/WBvWRZ3KBP4UEwiorJ22sp15wDqJMPCK 27z+5TgKnZ6ConFQeakOFsw1QK+dO7jLs1+d/3PXDkH1PWZaP/guLbS8CcYfT/aaI67L +zOVCc5sFwnrgbcI/9/C1a33ahhDLqWGHy3AWAgEzuLk4fOYwXMG21n6omLlLteRJxrX HHPFhale0pkhKq2T7n0X/92lrRAUkw/FNTonWlxx8AaVxSePHlRmC7djxVWkUCRmyhCY xg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3dbmvswf9q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jan 2022 07:08:52 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 3 Jan 2022 07:08:51 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 3 Jan 2022 07:08:51 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id A89E13F70C0; Mon, 3 Jan 2022 07:08:47 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , Akhil Goyal Subject: [PATCH 5/8] app/test: add unit cases for inline IPsec offload Date: Mon, 3 Jan 2022 20:38:10 +0530 Message-ID: <20220103150813.1694888-6-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220103150813.1694888-1-gakhil@marvell.com> References: <20210823100259.1619886-1-gakhil@marvell.com> <20220103150813.1694888-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: qgOLBXcyE7j4Y_UkmHNFbZ9AYuLeTBuV X-Proofpoint-GUID: qgOLBXcyE7j4Y_UkmHNFbZ9AYuLeTBuV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-03_06,2022-01-01_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org A new test suite is added in test app to test inline IPsec protocol offload. In this patch, a couple of predefined plain and cipher test vectors are used to verify the IPsec functionality without the need of external traffic generators. The sent packet is loopbacked onto the same interface which is received and matched with the expected output. The test suite can be updated further with other functional test cases. The testsuite can be run using: RTE> inline_ipsec_autotest Signed-off-by: Akhil Goyal --- app/test/meson.build | 1 + app/test/test_inline_ipsec.c | 728 ++++++++++++++++++ .../test_inline_ipsec_reassembly_vectors.h | 198 +++++ 3 files changed, 927 insertions(+) create mode 100644 app/test/test_inline_ipsec.c create mode 100644 app/test/test_inline_ipsec_reassembly_vectors.h diff --git a/app/test/meson.build b/app/test/meson.build index 2b480adfba..9c88240e3f 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -74,6 +74,7 @@ test_sources = files( 'test_hash_readwrite.c', 'test_hash_perf.c', 'test_hash_readwrite_lf_perf.c', + 'test_inline_ipsec.c', 'test_interrupts.c', 'test_ipfrag.c', 'test_ipsec.c', diff --git a/app/test/test_inline_ipsec.c b/app/test/test_inline_ipsec.c new file mode 100644 index 0000000000..54b56ba9e8 --- /dev/null +++ b/app/test/test_inline_ipsec.c @@ -0,0 +1,728 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "test_inline_ipsec_reassembly_vectors.h" +#include "test.h" + +#define NB_ETHPORTS_USED (1) +#define NB_SOCKETS (2) +#define MEMPOOL_CACHE_SIZE 32 +#define MAX_PKT_BURST (32) +#define RTE_TEST_RX_DESC_DEFAULT (1024) +#define RTE_TEST_TX_DESC_DEFAULT (1024) +#define RTE_PORT_ALL (~(uint16_t)0x0) + +/* + * RX and TX Prefetch, Host, and Write-back threshold values should be + * carefully set for optimal performance. Consult the network + * controller's datasheet and supporting DPDK documentation for guidance + * on how these parameters should be set. + */ +#define RX_PTHRESH 8 /**< Default values of RX prefetch threshold reg. */ +#define RX_HTHRESH 8 /**< Default values of RX host threshold reg. */ +#define RX_WTHRESH 0 /**< Default values of RX write-back threshold reg. */ + +#define TX_PTHRESH 32 /**< Default values of TX prefetch threshold reg. */ +#define TX_HTHRESH 0 /**< Default values of TX host threshold reg. */ +#define TX_WTHRESH 0 /**< Default values of TX write-back threshold reg. */ + +#define MAX_TRAFFIC_BURST 2048 + +#define NB_MBUF 1024 + +#define APP_REASS_TIMEOUT 20 + +static struct rte_mempool *mbufpool[NB_SOCKETS]; +static struct rte_mempool *sess_pool[NB_SOCKETS]; +static struct rte_mempool *sess_priv_pool[NB_SOCKETS]; +/* ethernet addresses of ports */ +static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS]; + +static struct rte_eth_conf port_conf = { + .rxmode = { + .mq_mode = RTE_ETH_MQ_RX_NONE, + .split_hdr_size = 0, + .offloads = RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY | + RTE_ETH_RX_OFFLOAD_CHECKSUM | + RTE_ETH_RX_OFFLOAD_SECURITY, + }, + .txmode = { + .mq_mode = RTE_ETH_MQ_TX_NONE, + .offloads = RTE_ETH_TX_OFFLOAD_SECURITY | + RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE, + }, + .lpbk_mode = 1, /* enable loopback */ +}; + +static struct rte_eth_rxconf rx_conf = { + .rx_thresh = { + .pthresh = RX_PTHRESH, + .hthresh = RX_HTHRESH, + .wthresh = RX_WTHRESH, + }, + .rx_free_thresh = 32, +}; + +static struct rte_eth_txconf tx_conf = { + .tx_thresh = { + .pthresh = TX_PTHRESH, + .hthresh = TX_HTHRESH, + .wthresh = TX_WTHRESH, + }, + .tx_free_thresh = 32, /* Use PMD default values */ + .tx_rs_thresh = 32, /* Use PMD default values */ +}; + +enum { + LCORE_INVALID = 0, + LCORE_AVAIL, + LCORE_USED, +}; + +struct lcore_cfg { + uint8_t status; + uint8_t socketid; + uint16_t nb_ports; + uint16_t port; +} __rte_cache_aligned; + +struct lcore_cfg lcore_cfg; + +static uint64_t link_mbps; + +/* Create Inline IPsec session */ +static int +create_inline_ipsec_session(struct ipsec_session_data *sa, + uint16_t portid, struct rte_ipsec_session *ips, + enum rte_security_ipsec_sa_direction dir, + enum rte_security_ipsec_tunnel_type tun_type) +{ + int32_t ret = 0; + struct rte_security_ctx *sec_ctx; + uint32_t src_v4 = rte_cpu_to_be_32(RTE_IPV4(192, 168, 1, 0)); + uint32_t dst_v4 = rte_cpu_to_be_32(RTE_IPV4(192, 168, 1, 1)); + uint16_t src_v6[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000, + 0x0000, 0x001a}; + uint16_t dst_v6[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174, + 0xe82c, 0x4887}; + struct rte_security_session_conf sess_conf = { + .action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = sa->ipsec_xform, + .crypto_xform = &sa->xform.aead, + .userdata = NULL, + }; + sess_conf.ipsec.direction = dir; + + const struct rte_security_capability *sec_cap; + + sec_ctx = (struct rte_security_ctx *) + rte_eth_dev_get_sec_ctx(portid); + + if (sec_ctx == NULL) { + printf("Ethernet device doesn't support security features.\n"); + return TEST_SKIPPED; + } + + sess_conf.crypto_xform->aead.key.data = sa->key.data; + + /* Save SA as userdata for the security session. When + * the packet is received, this userdata will be + * retrieved using the metadata from the packet. + * + * The PMD is expected to set similar metadata for other + * operations, like rte_eth_event, which are tied to + * security session. In such cases, the userdata could + * be obtained to uniquely identify the security + * parameters denoted. + */ + + sess_conf.userdata = (void *) sa; + sess_conf.ipsec.tunnel.type = tun_type; + if (tun_type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + memcpy(&sess_conf.ipsec.tunnel.ipv4.src_ip, &src_v4, + sizeof(src_v4)); + memcpy(&sess_conf.ipsec.tunnel.ipv4.dst_ip, &dst_v4, + sizeof(dst_v4)); + } else { + memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &src_v6, + sizeof(src_v6)); + memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &dst_v6, + sizeof(dst_v6)); + } + ips->security.ses = rte_security_session_create(sec_ctx, + &sess_conf, sess_pool[lcore_cfg.socketid], + sess_priv_pool[lcore_cfg.socketid]); + if (ips->security.ses == NULL) { + printf("SEC Session init failed: err: %d\n", ret); + return TEST_FAILED; + } + + sec_cap = rte_security_capabilities_get(sec_ctx); + if (sec_cap == NULL) { + printf("No capabilities registered\n"); + return TEST_SKIPPED; + } + + /* iterate until ESP tunnel*/ + while (sec_cap->action != + RTE_SECURITY_ACTION_TYPE_NONE) { + if (sec_cap->action == sess_conf.action_type && + sec_cap->protocol == + RTE_SECURITY_PROTOCOL_IPSEC && + sec_cap->ipsec.mode == + sess_conf.ipsec.mode && + sec_cap->ipsec.direction == dir) + break; + sec_cap++; + } + + if (sec_cap->action == RTE_SECURITY_ACTION_TYPE_NONE) { + printf("No suitable security capability found\n"); + return TEST_SKIPPED; + } + + ips->security.ol_flags = sec_cap->ol_flags; + ips->security.ctx = sec_ctx; + + return 0; +} + +/* Check the link status of all ports in up to 3s, and print them finally */ +static void +check_all_ports_link_status(uint16_t port_num, uint32_t port_mask) +{ +#define CHECK_INTERVAL 100 /* 100ms */ +#define MAX_CHECK_TIME 30 /* 3s (30 * 100ms) in total */ + uint16_t portid; + uint8_t count, all_ports_up, print_flag = 0; + struct rte_eth_link link; + int ret; + char link_status[RTE_ETH_LINK_MAX_STR_LEN]; + + printf("Checking link statuses...\n"); + fflush(stdout); + for (count = 0; count <= MAX_CHECK_TIME; count++) { + all_ports_up = 1; + for (portid = 0; portid < port_num; portid++) { + if ((port_mask & (1 << portid)) == 0) + continue; + memset(&link, 0, sizeof(link)); + ret = rte_eth_link_get_nowait(portid, &link); + if (ret < 0) { + all_ports_up = 0; + if (print_flag == 1) + printf("Port %u link get failed: %s\n", + portid, rte_strerror(-ret)); + continue; + } + + /* print link status if flag set */ + if (print_flag == 1) { + if (link.link_status && link_mbps == 0) + link_mbps = link.link_speed; + + rte_eth_link_to_str(link_status, + sizeof(link_status), &link); + printf("Port %d %s\n", portid, link_status); + continue; + } + /* clear all_ports_up flag if any link down */ + if (link.link_status == RTE_ETH_LINK_DOWN) { + all_ports_up = 0; + break; + } + } + /* after finally printing all link status, get out */ + if (print_flag == 1) + break; + + if (all_ports_up == 0) { + fflush(stdout); + rte_delay_ms(CHECK_INTERVAL); + } + + /* set the print_flag if all ports up or timeout */ + if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) + print_flag = 1; + } +} + +static void +print_ethaddr(const char *name, const struct rte_ether_addr *eth_addr) +{ + char buf[RTE_ETHER_ADDR_FMT_SIZE]; + rte_ether_format_addr(buf, RTE_ETHER_ADDR_FMT_SIZE, eth_addr); + printf("%s%s", name, buf); +} + +static void +copy_buf_to_pkt_segs(void *buf, unsigned len, struct rte_mbuf *pkt, + unsigned offset) +{ + struct rte_mbuf *seg; + void *seg_buf; + unsigned copy_len; + + seg = pkt; + while (offset >= seg->data_len) { + offset -= seg->data_len; + seg = seg->next; + } + copy_len = seg->data_len - offset; + seg_buf = rte_pktmbuf_mtod_offset(seg, char *, offset); + while (len > copy_len) { + rte_memcpy(seg_buf, buf, (size_t) copy_len); + len -= copy_len; + buf = ((char *) buf + copy_len); + seg = seg->next; + seg_buf = rte_pktmbuf_mtod(seg, void *); + } + rte_memcpy(seg_buf, buf, (size_t) len); +} + +static inline void +copy_buf_to_pkt(void *buf, unsigned len, struct rte_mbuf *pkt, unsigned offset) +{ + if (offset + len <= pkt->data_len) { + rte_memcpy(rte_pktmbuf_mtod_offset(pkt, char *, offset), buf, + (size_t) len); + return; + } + copy_buf_to_pkt_segs(buf, len, pkt, offset); +} + +static inline int +init_traffic(struct rte_mempool *mp, + struct rte_mbuf **pkts_burst, + struct ipsec_test_packet *vectors[], + uint32_t nb_pkts) +{ + struct rte_mbuf *pkt; + uint32_t i; + + for (i = 0; i < nb_pkts; i++) { + pkt = rte_pktmbuf_alloc(mp); + if (pkt == NULL) { + return TEST_FAILED; + } + pkt->data_len = vectors[i]->len; + pkt->pkt_len = vectors[i]->len; + copy_buf_to_pkt(vectors[i]->data, vectors[i]->len, + pkt, vectors[i]->l2_offset); + + pkts_burst[i] = pkt; + } + return i; +} + +static int +init_lcore(void) +{ + unsigned lcore_id; + + for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) { + lcore_cfg.socketid = + rte_lcore_to_socket_id(lcore_id); + if (rte_lcore_is_enabled(lcore_id) == 0) { + lcore_cfg.status = LCORE_INVALID; + continue; + } else { + lcore_cfg.status = LCORE_AVAIL; + break; + } + } + return 0; +} + +static int +init_mempools(unsigned nb_mbuf) +{ + struct rte_security_ctx *sec_ctx; + int socketid; + unsigned lcore_id; + uint16_t nb_sess = 64; + uint32_t sess_sz; + char s[64]; + + for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) { + if (rte_lcore_is_enabled(lcore_id) == 0) + continue; + + socketid = rte_lcore_to_socket_id(lcore_id); + if (socketid >= NB_SOCKETS) { + rte_exit(EXIT_FAILURE, + "Socket %d of lcore %u is out of range %d\n", + socketid, lcore_id, NB_SOCKETS); + } + if (mbufpool[socketid] == NULL) { + snprintf(s, sizeof(s), "mbuf_pool_%d", socketid); + mbufpool[socketid] = + rte_pktmbuf_pool_create(s, nb_mbuf, + MEMPOOL_CACHE_SIZE, 0, + RTE_MBUF_DEFAULT_BUF_SIZE, socketid); + if (mbufpool[socketid] == NULL) + rte_exit(EXIT_FAILURE, + "Cannot init mbuf pool on socket %d\n", + socketid); + else + printf("Allocated mbuf pool on socket %d\n", + socketid); + } + + sec_ctx = rte_eth_dev_get_sec_ctx(lcore_cfg.port); + if (sec_ctx == NULL) + continue; + + sess_sz = rte_security_session_get_size(sec_ctx); + if (sess_pool[socketid] == NULL) { + snprintf(s, sizeof(s), "sess_pool_%d", socketid); + sess_pool[socketid] = + rte_mempool_create(s, nb_sess, + sess_sz, + MEMPOOL_CACHE_SIZE, 0, + NULL, NULL, NULL, NULL, + socketid, 0); + if (sess_pool[socketid] == NULL) { + printf("Cannot init sess pool on socket %d\n", + socketid); + return TEST_FAILED; + } else + printf("Allocated sess pool on socket %d\n", + socketid); + } + if (sess_priv_pool[socketid] == NULL) { + snprintf(s, sizeof(s), "sess_priv_pool_%d", socketid); + sess_priv_pool[socketid] = + rte_mempool_create(s, nb_sess, + sess_sz, + MEMPOOL_CACHE_SIZE, 0, + NULL, NULL, NULL, NULL, + socketid, 0); + if (sess_priv_pool[socketid] == NULL) { + printf("Cannot init sess_priv pool on socket %d\n", + socketid); + return TEST_FAILED; + } else + printf("Allocated sess_priv pool on socket %d\n", + socketid); + } + } + return 0; +} + +static void +create_default_flow(uint16_t port_id) +{ + struct rte_flow_action action[2]; + struct rte_flow_item pattern[2]; + struct rte_flow_attr attr = {0}; + struct rte_flow_error err; + struct rte_flow *flow; + int ret; + + /* Add the default rte_flow to enable SECURITY for all ESP packets */ + + pattern[0].type = RTE_FLOW_ITEM_TYPE_ESP; + pattern[0].spec = NULL; + pattern[0].mask = NULL; + pattern[0].last = NULL; + pattern[1].type = RTE_FLOW_ITEM_TYPE_END; + + action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; + action[0].conf = NULL; + action[1].type = RTE_FLOW_ACTION_TYPE_END; + action[1].conf = NULL; + + attr.ingress = 1; + + ret = rte_flow_validate(port_id, &attr, pattern, action, &err); + if (ret) + return; + + flow = rte_flow_create(port_id, &attr, pattern, action, &err); + if (flow == NULL) + return; +} + +struct rte_mbuf **tx_pkts_burst; + +static int +test_ipsec(struct reassembly_vector *vector, + enum rte_security_ipsec_sa_direction dir, + enum rte_security_ipsec_tunnel_type tun_type) +{ + struct rte_mbuf *pkts_burst[MAX_PKT_BURST]; + unsigned i, portid, nb_rx = 0, nb_tx = 1; + struct rte_ipsec_session ips = {0}; + struct rte_eth_dev_info dev_info = {0}; + + portid = lcore_cfg.port; + rte_eth_dev_info_get(portid, &dev_info); + if (dev_info.reass_capa.max_frags < nb_tx) + return TEST_SKIPPED; + + init_traffic(mbufpool[lcore_cfg.socketid], + tx_pkts_burst, vector->frags, nb_tx); + + /* Create Inline IPsec session. */ + if (create_inline_ipsec_session(vector->sa_data, portid, &ips, dir, + tun_type)) + return TEST_FAILED; + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + create_default_flow(portid); + else { + for (i = 0; i < nb_tx; i++) { + if (ips.security.ol_flags & + RTE_SECURITY_TX_OLOAD_NEED_MDATA) + rte_security_set_pkt_metadata(ips.security.ctx, + ips.security.ses, tx_pkts_burst[i], NULL); + tx_pkts_burst[i]->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD; + tx_pkts_burst[i]->l2_len = 14; + } + } + + nb_tx = rte_eth_tx_burst(portid, 0, tx_pkts_burst, nb_tx); + + rte_pause(); + + do { + nb_rx = rte_eth_rx_burst(portid, 0, pkts_burst, MAX_PKT_BURST); + } while (nb_rx == 0); + + /* Destroy session so that other cases can create the session again */ + rte_security_session_destroy(ips.security.ctx, ips.security.ses); + + /* Compare results with known vectors. */ + if (nb_rx == 1) { + if (memcmp(rte_pktmbuf_mtod(pkts_burst[0], char *), + vector->full_pkt->data, + (size_t) vector->full_pkt->len)) { + printf("\n====Inline IPsec case failed: Data Mismatch"); + rte_hexdump(stdout, "received", + rte_pktmbuf_mtod(pkts_burst[0], char *), + vector->full_pkt->len); + rte_hexdump(stdout, "reference", + vector->full_pkt->data, + vector->full_pkt->len); + return TEST_FAILED; + } + return TEST_SUCCESS; + } else + return TEST_FAILED; +} + +static int +ut_setup_inline_ipsec(void) +{ + uint16_t portid = lcore_cfg.port; + int ret; + + /* Set IP reassembly configuration. */ + struct rte_eth_dev_info dev_info = {0}; + rte_eth_dev_info_get(portid, &dev_info); + + ret = rte_eth_ip_reassembly_conf_set(portid, &dev_info.reass_capa); + if (ret < 0) { + printf("IP reassembly configuration err=%d, port=%d\n", + ret, portid); + return ret; + } + + /* Start device */ + ret = rte_eth_dev_start(portid); + if (ret < 0) { + printf("rte_eth_dev_start: err=%d, port=%d\n", + ret, portid); + return ret; + } + /* always eanble promiscuous */ + ret = rte_eth_promiscuous_enable(portid); + if (ret != 0) { + printf("rte_eth_promiscuous_enable: err=%s, port=%d\n", + rte_strerror(-ret), portid); + return ret; + } + lcore_cfg.port = portid; + check_all_ports_link_status(1, RTE_PORT_ALL); + + return 0; +} + +static void +ut_teardown_inline_ipsec(void) +{ + uint16_t portid = lcore_cfg.port; + int socketid = lcore_cfg.socketid; + int ret; + + /* port tear down */ + RTE_ETH_FOREACH_DEV(portid) { + if (socketid != rte_eth_dev_socket_id(portid)) + continue; + + ret = rte_eth_dev_stop(portid); + if (ret != 0) + printf("rte_eth_dev_stop: err=%s, port=%u\n", + rte_strerror(-ret), portid); + } +} + +static int +testsuite_setup(void) +{ + uint16_t nb_rxd; + uint16_t nb_txd; + uint16_t nb_ports; + int socketid, ret; + uint16_t nb_rx_queue = 1, nb_tx_queue = 1; + uint16_t portid = lcore_cfg.port; + + printf("Start inline IPsec test.\n"); + + nb_ports = rte_eth_dev_count_avail(); + if (nb_ports < NB_ETHPORTS_USED) { + printf("At least %u port(s) used for test\n", + NB_ETHPORTS_USED); + return -1; + } + + init_lcore(); + + init_mempools(NB_MBUF); + + socketid = lcore_cfg.socketid; + if (tx_pkts_burst == NULL) { + tx_pkts_burst = (struct rte_mbuf **) + rte_calloc_socket("tx_buff", + MAX_TRAFFIC_BURST * nb_ports, + sizeof(void *), + RTE_CACHE_LINE_SIZE, socketid); + if (!tx_pkts_burst) + return -1; + } + + printf("Generate %d packets @socket %d\n", + MAX_TRAFFIC_BURST * nb_ports, socketid); + + nb_rxd = RTE_TEST_RX_DESC_DEFAULT; + nb_txd = RTE_TEST_TX_DESC_DEFAULT; + + /* port configure */ + ret = rte_eth_dev_configure(portid, nb_rx_queue, + nb_tx_queue, &port_conf); + if (ret < 0) { + printf("Cannot configure device: err=%d, port=%d\n", + ret, portid); + return ret; + } + ret = rte_eth_macaddr_get(portid, &ports_eth_addr[portid]); + if (ret < 0) { + printf("Cannot get mac address: err=%d, port=%d\n", + ret, portid); + return ret; + } + printf("Port %u ", portid); + print_ethaddr("Address:", &ports_eth_addr[portid]); + printf("\n"); + + /* tx queue setup */ + ret = rte_eth_tx_queue_setup(portid, 0, nb_txd, + socketid, &tx_conf); + if (ret < 0) { + printf("rte_eth_tx_queue_setup: err=%d, port=%d\n", + ret, portid); + return ret; + } + /* rx queue steup */ + ret = rte_eth_rx_queue_setup(portid, 0, nb_rxd, + socketid, &rx_conf, + mbufpool[socketid]); + if (ret < 0) { + printf("rte_eth_rx_queue_setup: err=%d, port=%d\n", + ret, portid); + return ret; + } + + + return 0; +} + +static void +testsuite_teardown(void) +{ + int ret; + uint16_t portid = lcore_cfg.port; + uint16_t socketid = lcore_cfg.socketid; + + /* port tear down */ + RTE_ETH_FOREACH_DEV(portid) { + if (socketid != rte_eth_dev_socket_id(portid)) + continue; + + ret = rte_eth_dev_stop(portid); + if (ret != 0) + printf("rte_eth_dev_stop: err=%s, port=%u\n", + rte_strerror(-ret), portid); + } +} +static int +test_ipsec_ipv4_encap_nofrag(void) { + struct reassembly_vector ipv4_nofrag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_gcm128_cipher, + .frags[0] = &pkt_ipv4_plain, + }; + return test_ipsec(&ipv4_nofrag_case, + RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_ipsec_ipv4_decap_nofrag(void) { + struct reassembly_vector ipv4_nofrag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_plain, + .frags[0] = &pkt_ipv4_gcm128_cipher, + }; + return test_ipsec(&ipv4_nofrag_case, + RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static struct unit_test_suite inline_ipsec_testsuite = { + .suite_name = "Inline IPsec Ethernet Device Unit Test Suite", + .setup = testsuite_setup, + .teardown = testsuite_teardown, + .unit_test_cases = { + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_ipsec_ipv4_encap_nofrag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_ipsec_ipv4_decap_nofrag), + + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + +static int +test_inline_ipsec(void) +{ + return unit_test_suite_runner(&inline_ipsec_testsuite); +} + +REGISTER_TEST_COMMAND(inline_ipsec_autotest, test_inline_ipsec); diff --git a/app/test/test_inline_ipsec_reassembly_vectors.h b/app/test/test_inline_ipsec_reassembly_vectors.h new file mode 100644 index 0000000000..68066a0957 --- /dev/null +++ b/app/test/test_inline_ipsec_reassembly_vectors.h @@ -0,0 +1,198 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ +#ifndef _TEST_INLINE_IPSEC_REASSEMBLY_VECTORS_H_ +#define _TEST_INLINE_IPSEC_REASSEMBLY_VECTORS_H_ + +#define MAX_FRAG_LEN 1500 +#define MAX_FRAGS 6 +#define MAX_PKT_LEN (MAX_FRAG_LEN * MAX_FRAGS) +struct ipsec_session_data { + struct { + uint8_t data[32]; + } key; + struct { + uint8_t data[4]; + unsigned int len; + } salt; + struct { + uint8_t data[16]; + } iv; + struct rte_security_ipsec_xform ipsec_xform; + bool aead; + union { + struct { + struct rte_crypto_sym_xform cipher; + struct rte_crypto_sym_xform auth; + } chain; + struct rte_crypto_sym_xform aead; + } xform; +}; + +struct ipsec_test_packet { + uint32_t len; + uint32_t l2_offset; + uint32_t l3_offset; + uint32_t l4_offset; + uint8_t data[MAX_PKT_LEN]; +}; + +struct reassembly_vector { + struct ipsec_session_data *sa_data; + struct ipsec_test_packet *full_pkt; + struct ipsec_test_packet *frags[MAX_FRAGS]; +}; + +struct ipsec_test_packet pkt_ipv4_plain = { + .len = 76, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x3e, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x11, 0x4d, 0xcc, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* UDP */ + 0x0a, 0x98, 0x00, 0x35, 0x00, 0x2a, 0x23, 0x43, + 0xb2, 0xd0, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x03, 0x73, 0x69, 0x70, + 0x09, 0x63, 0x79, 0x62, 0x65, 0x72, 0x63, 0x69, + 0x74, 0x79, 0x02, 0x64, 0x6b, 0x00, 0x00, 0x01, + 0x00, 0x01, + }, +}; + +struct ipsec_test_packet pkt_ipv4_gcm128_cipher = { + .len = 130, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP - outer header */ + 0x45, 0x00, 0x00, 0x74, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x32, 0x4d, 0x75, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* ESP */ + 0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + + /* Data */ + 0xde, 0xb2, 0x2c, 0xd9, 0xb0, 0x7c, 0x72, 0xc1, + 0x6e, 0x3a, 0x65, 0xbe, 0xeb, 0x8d, 0xf3, 0x04, + 0xa5, 0xa5, 0x89, 0x7d, 0x33, 0xae, 0x53, 0x0f, + 0x1b, 0xa7, 0x6d, 0x5d, 0x11, 0x4d, 0x2a, 0x5c, + 0x3d, 0xe8, 0x18, 0x27, 0xc1, 0x0e, 0x9a, 0x4f, + 0x51, 0x33, 0x0d, 0x0e, 0xec, 0x41, 0x66, 0x42, + 0xcf, 0xbb, 0x85, 0xa5, 0xb4, 0x7e, 0x48, 0xa4, + 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd4, + 0x29, 0xc7, 0x37, 0x57, 0x9f, 0xf1, 0x9e, 0x58, + 0xcf, 0xfc, 0x60, 0x7a, 0x3b, 0xce, 0x89, 0x94, + }, +}; + +static inline void +test_vector_payload_populate(struct ipsec_test_packet *pkt, + bool first_frag) +{ + uint32_t i = pkt->l4_offset; + + /* For non-fragmented packets and first frag, skip 8 bytes from + * l4_offset for UDP header */ + + if (first_frag) + i += 8; + + for (; i < pkt->len; i++) + pkt->data[i] = 0x58; +} + +static inline unsigned int +reass_test_vectors_init(struct reassembly_vector *vector) +{ + unsigned int i = 0; + + if (vector->frags[0] != NULL && vector->frags[1] == NULL) + return 1; + + test_vector_payload_populate(vector->full_pkt, true); + for (;vector->frags[i] != NULL && i < MAX_FRAGS; i++) + test_vector_payload_populate(vector->frags[i], + (i == 0) ? true : false); + return i; +} + +struct ipsec_session_data conf_aes_128_gcm = { + .key = { + .data = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }, + }, + + .salt = { + .data = { + 0xca, 0xfe, 0xba, 0xbe + }, + .len = 4, + }, + + .iv = { + .data = { + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 + }, + }, + + .ipsec_xform = { + .spi = 0xa5f8, + .salt = 0xbebafeca, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, + .options.reass_en = 1, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .replay_win_sz = 0, + }, + + .aead = true, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 12, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 12, + }, + }, + }, +}; +#endif From patchwork Mon Jan 3 15:08:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 105581 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CA091A04A3; Mon, 3 Jan 2022 16:09:15 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8425341157; Mon, 3 Jan 2022 16:09:00 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A46D241163 for ; Mon, 3 Jan 2022 16:08:58 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 203EHCRc016199; Mon, 3 Jan 2022 07:08:57 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=5H+QgDl6fSeP8VOwPTWuGfducSDVELPSdF0yL0oAw20=; b=SYWuwMet1c1J3/t9XLaG77upXI9K7kCu/CmzMUTMyAxcRdmoZB9nC4Icqw4rwXXydx6h O1zDdTXI6iPUMNaIuDmD1Rt7g7k93RSRQ96QZDESzBPiH/QwShJeFTjDXRzNVlTw44qD oOYr2OUUGoD42oFY+rMGl/U7rBNdUCbAqy69MzA4yn+caRienuwd/nxnFjtKY1MTar6G MlvV97L18yToJJfrpkjdJa/wRikhLa3invCRhFL0QFV4cAi0iDC9VH+UsPynTC6h6Yjn O31Qp+VMPW3FAJNUPnDrcNAOrH0bMEmz+RfX5tbi44D1fYSygPN3BsRFNB//tX6mRXbV 6Q== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3dbmvswf9v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jan 2022 07:08:56 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 3 Jan 2022 07:08:55 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 3 Jan 2022 07:08:55 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id A6A333F7095; Mon, 3 Jan 2022 07:08:51 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , Akhil Goyal Subject: [PATCH 6/8] app/test: add IP reassembly case with no frags Date: Mon, 3 Jan 2022 20:38:11 +0530 Message-ID: <20220103150813.1694888-7-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220103150813.1694888-1-gakhil@marvell.com> References: <20210823100259.1619886-1-gakhil@marvell.com> <20220103150813.1694888-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: uXlSU5zjxSSocHUgw4a4tAvlG4onli6h X-Proofpoint-GUID: uXlSU5zjxSSocHUgw4a4tAvlG4onli6h X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-03_06,2022-01-01_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org test_inline_ipsec testsuite is extended to test IP reassembly of inbound fragmented packets. The fragmented packet is sent on an interface which encrypts the packet and then it is loopbacked on the same interface which decrypts the packet and then attempts IP reassembly of the decrypted packets. In this patch, a case is added for packets without fragmentation to verify the complete path. Other cases are added in subsequent patches. Signed-off-by: Akhil Goyal --- app/test/test_inline_ipsec.c | 154 +++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) diff --git a/app/test/test_inline_ipsec.c b/app/test/test_inline_ipsec.c index 54b56ba9e8..f704725c0f 100644 --- a/app/test/test_inline_ipsec.c +++ b/app/test/test_inline_ipsec.c @@ -460,6 +460,145 @@ create_default_flow(uint16_t port_id) struct rte_mbuf **tx_pkts_burst; +static int +compare_pkt_data(struct rte_mbuf *m, uint8_t *ref, unsigned int tot_len) +{ + unsigned int len; + unsigned int nb_segs = m->nb_segs; + unsigned int matched = 0; + + while (m && nb_segs != 0) { + len = tot_len; + if (len > m->data_len) + len = m->data_len; + if (len != 0) { + if (memcmp(rte_pktmbuf_mtod(m, char *), + ref + matched, len)) { + printf("\n====Reassembly case failed: Data Mismatch"); + rte_hexdump(stdout, "Reassembled", + rte_pktmbuf_mtod(m, char *), + len); + rte_hexdump(stdout, "reference", + ref + matched, + len); + return TEST_FAILED; + } + } + tot_len -= len; + matched += len; + m = m->next; + nb_segs--; + } + return TEST_SUCCESS; +} + +static int +test_reassembly(struct reassembly_vector *vector, + enum rte_security_ipsec_tunnel_type tun_type) +{ + struct rte_mbuf *pkts_burst[MAX_PKT_BURST]; + unsigned i, portid, nb_rx = 0, nb_tx = 0; + struct rte_ipsec_session out_ips = {0}; + struct rte_ipsec_session in_ips = {0}; + struct rte_eth_dev_info dev_info = {0}; + int ret = 0; + + /* Initialize mbuf with test vectors. */ + nb_tx = reass_test_vectors_init(vector); + + portid = lcore_cfg.port; + rte_eth_dev_info_get(portid, &dev_info); + if (dev_info.reass_capa.max_frags < nb_tx) + return TEST_SKIPPED; + + /** + * Set some finite value in timeout incase PMD support much + * more than requied in this app. + */ + if (dev_info.reass_capa.reass_timeout > APP_REASS_TIMEOUT) { + dev_info.reass_capa.reass_timeout = APP_REASS_TIMEOUT; + rte_eth_ip_reassembly_conf_set(portid, &dev_info.reass_capa); + } + + init_traffic(mbufpool[lcore_cfg.socketid], + tx_pkts_burst, vector->frags, nb_tx); + + /* Create Inline IPsec outbound session. */ + ret = create_inline_ipsec_session(vector->sa_data, portid, &out_ips, + RTE_SECURITY_IPSEC_SA_DIR_EGRESS, tun_type); + if (ret) + return ret; + for (i = 0; i < nb_tx; i++) { + if (out_ips.security.ol_flags & + RTE_SECURITY_TX_OLOAD_NEED_MDATA) + rte_security_set_pkt_metadata(out_ips.security.ctx, + out_ips.security.ses, tx_pkts_burst[i], NULL); + tx_pkts_burst[i]->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD; + tx_pkts_burst[i]->l2_len = RTE_ETHER_HDR_LEN; + } + /* Create Inline IPsec inbound session. */ + create_inline_ipsec_session(vector->sa_data, portid, &in_ips, + RTE_SECURITY_IPSEC_SA_DIR_INGRESS, tun_type); + create_default_flow(portid); + + nb_tx = rte_eth_tx_burst(portid, 0, tx_pkts_burst, nb_tx); + + rte_pause(); + + do { + nb_rx = rte_eth_rx_burst(portid, 0, pkts_burst, MAX_PKT_BURST); + for (i = 0; i < nb_rx; i++) { + if ((pkts_burst[i]->ol_flags & + RTE_MBUF_F_RX_IPREASSEMBLY_INCOMPLETE) && + rte_eth_ip_reass_dynfield_is_registered()) { + rte_eth_ip_reass_dynfield_t *dynfield[MAX_PKT_BURST]; + int j = 0; + + dynfield[j] = rte_eth_ip_reass_dynfield(pkts_burst[i]); + while ((dynfield[j]->next_frag->ol_flags & + RTE_MBUF_F_RX_IPREASSEMBLY_INCOMPLETE) && + dynfield[j]->nb_frags > 0) { + + rte_pktmbuf_dump(stdout, + dynfield[j]->next_frag, + dynfield[j]->next_frag->data_len); + j++; + dynfield[j] = rte_eth_ip_reass_dynfield( + dynfield[j-1]->next_frag); + } + /** + * IP reassembly offload is incomplete, and + * fragments are listed in dynfield which + * can be reassembled in SW. + */ + printf("\nHW IP Reassembly failed," + "\nAttempt SW IP Reassembly," + "\nmbuf is chained with fragments.\n"); + } + } + } while (nb_rx == 0); + + /* Clear session data. */ + rte_security_session_destroy(out_ips.security.ctx, + out_ips.security.ses); + rte_security_session_destroy(in_ips.security.ctx, + in_ips.security.ses); + + /* Compare results with known vectors. */ + if (nb_rx == 1) { + if (vector->full_pkt->len == pkts_burst[0]->pkt_len) + return compare_pkt_data(pkts_burst[0], + vector->full_pkt->data, + vector->full_pkt->len); + else { + rte_pktmbuf_dump(stdout, pkts_burst[0], + pkts_burst[0]->pkt_len); + } + } + + return TEST_FAILED; +} + static int test_ipsec(struct reassembly_vector *vector, enum rte_security_ipsec_sa_direction dir, @@ -703,6 +842,18 @@ test_ipsec_ipv4_decap_nofrag(void) { RTE_SECURITY_IPSEC_TUNNEL_IPV4); } +static int +test_reassembly_ipv4_nofrag(void) { + struct reassembly_vector ipv4_nofrag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_plain, + .frags[0] = &pkt_ipv4_plain, + }; + return test_reassembly(&ipv4_nofrag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + + static struct unit_test_suite inline_ipsec_testsuite = { .suite_name = "Inline IPsec Ethernet Device Unit Test Suite", .setup = testsuite_setup, @@ -714,6 +865,9 @@ static struct unit_test_suite inline_ipsec_testsuite = { TEST_CASE_ST(ut_setup_inline_ipsec, ut_teardown_inline_ipsec, test_ipsec_ipv4_decap_nofrag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv4_nofrag), TEST_CASES_END() /**< NULL terminate unit test array */ } From patchwork Mon Jan 3 15:08:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 105582 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 19C75A04A3; Mon, 3 Jan 2022 16:09:21 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9BFB441150; Mon, 3 Jan 2022 16:09:03 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 7710A4114B for ; Mon, 3 Jan 2022 16:09:02 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 203DZ57p005990; Mon, 3 Jan 2022 07:09:00 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=MWpscHXcADkAxvwpxu9ajVDrclaHUT+PpvOIkMm5c+4=; b=ETGciKZPI908O0kTTI1ug8Y+L4IodCbb8cTu0uUd4wJHij1g6q1sxaKJaz62g4IRneN7 3zuM2jrDlhdekDiabDWzxVWfrs/WGtDnnEHeMHYcTMInvBThOnC5r57y7SkoN8esiOuG jyDE2k7kLX/YhfpTXWg4F5YQ4Pptp6QI4qFKKX9GKel/xC0h1oennnj0ugLVrHz4+OvK zQIyhUtFm89G4x1blLP4QcEkMZY1rXZbRQWic7EZO8nu6BxdpRBmtP3ODKUiuQP4KoCs rmOPeTVAXJeAqcNvrR5FIQnYFdStXk+3y0fR+6vf7Nf6Aha4NsCCdzLhR5h/eHvhcTPA Jw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3dbmvswfa3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jan 2022 07:09:00 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 3 Jan 2022 07:08:59 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 3 Jan 2022 07:08:59 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id A2E633F70A9; Mon, 3 Jan 2022 07:08:55 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , Akhil Goyal Subject: [PATCH 7/8] app/test: add IP reassembly cases with multiple fragments Date: Mon, 3 Jan 2022 20:38:12 +0530 Message-ID: <20220103150813.1694888-8-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220103150813.1694888-1-gakhil@marvell.com> References: <20210823100259.1619886-1-gakhil@marvell.com> <20220103150813.1694888-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: TBjDgoUas_UVifvBIPr84KtVNN2QdPUy X-Proofpoint-GUID: TBjDgoUas_UVifvBIPr84KtVNN2QdPUy X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-03_06,2022-01-01_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org More cases are added in test_inline_ipsec test suite to verify packets having multiple IP(v4/v6) fragments. These fragments are encrypted and then decrypted as per inline IPsec processing and then an attempt is made to reassemble the fragments. The reassembled packet content is matched with the known test vectors. Signed-off-by: Akhil Goyal --- app/test/test_inline_ipsec.c | 101 +++ .../test_inline_ipsec_reassembly_vectors.h | 592 ++++++++++++++++++ 2 files changed, 693 insertions(+) diff --git a/app/test/test_inline_ipsec.c b/app/test/test_inline_ipsec.c index f704725c0f..3f3731760d 100644 --- a/app/test/test_inline_ipsec.c +++ b/app/test/test_inline_ipsec.c @@ -853,6 +853,89 @@ test_reassembly_ipv4_nofrag(void) { RTE_SECURITY_IPSEC_TUNNEL_IPV4); } +static int +test_reassembly_ipv4_2frag(void) { + struct reassembly_vector ipv4_2frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p1, + .frags[0] = &pkt_ipv4_udp_p1_f1, + .frags[1] = &pkt_ipv4_udp_p1_f2, + + }; + return test_reassembly(&ipv4_2frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_ipv6_2frag(void) { + struct reassembly_vector ipv6_2frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv6_udp_p1, + .frags[0] = &pkt_ipv6_udp_p1_f1, + .frags[1] = &pkt_ipv6_udp_p1_f2, + }; + return test_reassembly(&ipv6_2frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV6); +} + +static int +test_reassembly_ipv4_4frag(void) { + struct reassembly_vector ipv4_4frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p2, + .frags[0] = &pkt_ipv4_udp_p2_f1, + .frags[1] = &pkt_ipv4_udp_p2_f2, + .frags[2] = &pkt_ipv4_udp_p2_f3, + .frags[3] = &pkt_ipv4_udp_p2_f4, + }; + return test_reassembly(&ipv4_4frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_ipv6_4frag(void) { + struct reassembly_vector ipv6_4frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv6_udp_p2, + .frags[0] = &pkt_ipv6_udp_p2_f1, + .frags[1] = &pkt_ipv6_udp_p2_f2, + .frags[2] = &pkt_ipv6_udp_p2_f3, + .frags[3] = &pkt_ipv6_udp_p2_f4, + }; + return test_reassembly(&ipv6_4frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV6); +} + +static int +test_reassembly_ipv4_5frag(void) { + struct reassembly_vector ipv4_5frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p3, + .frags[0] = &pkt_ipv4_udp_p3_f1, + .frags[1] = &pkt_ipv4_udp_p3_f2, + .frags[2] = &pkt_ipv4_udp_p3_f3, + .frags[3] = &pkt_ipv4_udp_p3_f4, + .frags[4] = &pkt_ipv4_udp_p3_f5, + }; + return test_reassembly(&ipv4_5frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_ipv6_5frag(void) { + struct reassembly_vector ipv6_5frag_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv6_udp_p3, + .frags[0] = &pkt_ipv6_udp_p3_f1, + .frags[1] = &pkt_ipv6_udp_p3_f2, + .frags[2] = &pkt_ipv6_udp_p3_f3, + .frags[3] = &pkt_ipv6_udp_p3_f4, + .frags[4] = &pkt_ipv6_udp_p3_f5, + }; + return test_reassembly(&ipv6_5frag_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV6); +} + static struct unit_test_suite inline_ipsec_testsuite = { .suite_name = "Inline IPsec Ethernet Device Unit Test Suite", @@ -868,6 +951,24 @@ static struct unit_test_suite inline_ipsec_testsuite = { TEST_CASE_ST(ut_setup_inline_ipsec, ut_teardown_inline_ipsec, test_reassembly_ipv4_nofrag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv4_2frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv6_2frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv4_4frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv6_4frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv4_5frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_ipv6_5frag), TEST_CASES_END() /**< NULL terminate unit test array */ } diff --git a/app/test/test_inline_ipsec_reassembly_vectors.h b/app/test/test_inline_ipsec_reassembly_vectors.h index 68066a0957..04cc3367c1 100644 --- a/app/test/test_inline_ipsec_reassembly_vectors.h +++ b/app/test/test_inline_ipsec_reassembly_vectors.h @@ -4,6 +4,47 @@ #ifndef _TEST_INLINE_IPSEC_REASSEMBLY_VECTORS_H_ #define _TEST_INLINE_IPSEC_REASSEMBLY_VECTORS_H_ +/* The source file includes below test vectors */ +/* IPv6: + * + * 1) pkt_ipv6_udp_p1 + * pkt_ipv6_udp_p1_f1 + * pkt_ipv6_udp_p1_f2 + * + * 2) pkt_ipv6_udp_p2 + * pkt_ipv6_udp_p2_f1 + * pkt_ipv6_udp_p2_f2 + * pkt_ipv6_udp_p2_f3 + * pkt_ipv6_udp_p2_f4 + * + * 3) pkt_ipv6_udp_p3 + * pkt_ipv6_udp_p3_f1 + * pkt_ipv6_udp_p3_f2 + * pkt_ipv6_udp_p3_f3 + * pkt_ipv6_udp_p3_f4 + * pkt_ipv6_udp_p3_f5 + */ + +/* IPv4: + * + * 1) pkt_ipv4_udp_p1 + * pkt_ipv4_udp_p1_f1 + * pkt_ipv4_udp_p1_f2 + * + * 2) pkt_ipv4_udp_p2 + * pkt_ipv4_udp_p2_f1 + * pkt_ipv4_udp_p2_f2 + * pkt_ipv4_udp_p2_f3 + * pkt_ipv4_udp_p2_f4 + * + * 3) pkt_ipv4_udp_p3 + * pkt_ipv4_udp_p3_f1 + * pkt_ipv4_udp_p3_f2 + * pkt_ipv4_udp_p3_f3 + * pkt_ipv4_udp_p3_f4 + * pkt_ipv4_udp_p3_f5 + */ + #define MAX_FRAG_LEN 1500 #define MAX_FRAGS 6 #define MAX_PKT_LEN (MAX_FRAG_LEN * MAX_FRAGS) @@ -43,6 +84,557 @@ struct reassembly_vector { struct ipsec_test_packet *frags[MAX_FRAGS]; }; +struct ipsec_test_packet pkt_ipv6_udp_p1 = { + .len = 1514, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0xb4, 0x2C, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x05, 0xb4, 0x2b, 0xe8, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p1_f1 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x00, 0x01, 0x5c, 0x92, 0xac, 0xf1, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x05, 0xb4, 0x2b, 0xe8, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p1_f2 = { + .len = 186, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x84, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x05, 0x38, 0x5c, 0x92, 0xac, 0xf1, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2 = { + .len = 4496, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x11, 0x5a, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x11, 0x5a, 0x8a, 0x11, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2_f1 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x00, 0x01, 0x64, 0x6c, 0x68, 0x9f, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x11, 0x5a, 0x8a, 0x11, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2_f2 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x05, 0x39, 0x64, 0x6c, 0x68, 0x9f, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2_f3 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x0a, 0x71, 0x64, 0x6c, 0x68, 0x9f, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p2_f4 = { + .len = 496, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x01, 0xba, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x0f, 0xa8, 0x64, 0x6c, 0x68, 0x9f, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3 = { + .len = 5796, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x16, 0x6e, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x16, 0x6e, 0x2f, 0x99, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f1 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x00, 0x01, 0x65, 0xcf, 0x5a, 0xae, + + /* UDP */ + 0x80, 0x00, 0x27, 0x10, 0x16, 0x6e, 0x2f, 0x99, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f2 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x05, 0x39, 0x65, 0xcf, 0x5a, 0xae, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f3 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x0a, 0x71, 0x65, 0xcf, 0x5a, 0xae, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f4 = { + .len = 1398, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x05, 0x40, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x0f, 0xa9, 0x65, 0xcf, 0x5a, 0xae, + }, +}; + +struct ipsec_test_packet pkt_ipv6_udp_p3_f5 = { + .len = 460, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x01, 0x96, 0x2c, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x0d, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x00, 0x00, 0x02, + 0x11, 0x00, 0x14, 0xe0, 0x65, 0xcf, 0x5a, 0xae, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p1 = { + .len = 1514, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0xdc, 0x00, 0x01, 0x00, 0x00, + 0x40, 0x11, 0x66, 0x0d, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x05, 0xc8, 0xb8, 0x4c, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p1_f1 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x01, 0x20, 0x00, + 0x40, 0x11, 0x46, 0x5d, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x05, 0xc8, 0xb8, 0x4c, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p1_f2 = { + .len = 114, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x64, 0x00, 0x01, 0x00, 0xaf, + 0x40, 0x11, 0x6a, 0xd6, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2 = { + .len = 4496, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x11, 0x82, 0x00, 0x02, 0x00, 0x00, + 0x40, 0x11, 0x5a, 0x66, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x11, 0x6e, 0x16, 0x76, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2_f1 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x02, 0x20, 0x00, + 0x40, 0x11, 0x46, 0x5c, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x11, 0x6e, 0x16, 0x76, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2_f2 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x02, 0x20, 0xaf, + 0x40, 0x11, 0x45, 0xad, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2_f3 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x02, 0x21, 0x5e, + 0x40, 0x11, 0x44, 0xfe, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p2_f4 = { + .len = 296, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x01, 0x1a, 0x00, 0x02, 0x02, 0x0d, + 0x40, 0x11, 0x68, 0xc1, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3 = { + .len = 5796, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x16, 0x96, 0x00, 0x03, 0x00, 0x00, + 0x40, 0x11, 0x55, 0x51, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x08, 0x00, 0x27, 0x10, 0x16, 0x82, 0xbb, 0xfd, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f1 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x03, 0x20, 0x00, + 0x40, 0x11, 0x46, 0x5b, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + + /* UDP */ + 0x80, 0x00, 0x27, 0x10, 0x16, 0x82, 0xbb, 0xfd, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f2 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x03, 0x20, 0xaf, + 0x40, 0x11, 0x45, 0xac, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f3 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x03, 0x21, 0x5e, + 0x40, 0x11, 0x44, 0xfd, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f4 = { + .len = 1434, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x05, 0x8c, 0x00, 0x03, 0x22, 0x0d, + 0x40, 0x11, 0x44, 0x4e, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + +struct ipsec_test_packet pkt_ipv4_udp_p3_f5 = { + .len = 196, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xb6, 0x00, 0x03, 0x02, 0xbc, + 0x40, 0x11, 0x68, 0x75, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, + }, +}; + struct ipsec_test_packet pkt_ipv4_plain = { .len = 76, .l2_offset = 0, From patchwork Mon Jan 3 15:08:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 105583 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CF349A04A3; Mon, 3 Jan 2022 16:09:27 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 056D141141; Mon, 3 Jan 2022 16:09:08 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 46D7941174 for ; Mon, 3 Jan 2022 16:09:06 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 203CKtES014034; Mon, 3 Jan 2022 07:09:04 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Y3XXfLyQOlxkDNwYxWk9L7VMMB2vaN4nnTo5QEmYcTw=; b=Lj+dX2cbxRx4jw1T5lAjXBLrcQOdZLHxaY5dNSH9dC6oNAsXu5Aqkq+M2FRIjFuQ0ZHe TB4ecuPGra9M5okZVh3SSBp3JAzzrt/CHFb6EDugzOp3GMXrse0Qn8NZyNYmPbMNtEKb OUBsJ3r8IjmiHrIhoOpD3neRL06/LoWGGV9P+HZG+jfF9Ny1IEpwSyY6XpSfOdDd7Oqz e5D90w9732kx00Hf8mAa0gB7zBBTL35rmuI7NNl8nvI6qnq5wfBupKHljvTganfoKbib Kf8MlQepgp91zEchJZ3ASqzdHYh1HoZIuufkxxZ3t6kPmuzQ88cMy4ZrerqCuKMBA5y4 0w== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3dbmvswfah-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jan 2022 07:09:04 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 3 Jan 2022 07:09:03 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 3 Jan 2022 07:09:03 -0800 Received: from localhost.localdomain (unknown [10.28.48.55]) by maili.marvell.com (Postfix) with ESMTP id 9E7293F7095; Mon, 3 Jan 2022 07:08:59 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , , , Akhil Goyal Subject: [PATCH 8/8] app/test: add IP reassembly negative cases Date: Mon, 3 Jan 2022 20:38:13 +0530 Message-ID: <20220103150813.1694888-9-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220103150813.1694888-1-gakhil@marvell.com> References: <20210823100259.1619886-1-gakhil@marvell.com> <20220103150813.1694888-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 3Lnl4Wf_gp5NxwTuxJ_o5Avj9o_EmdL6 X-Proofpoint-GUID: 3Lnl4Wf_gp5NxwTuxJ_o5Avj9o_EmdL6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-03_06,2022-01-01_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org test_inline_ipsec testsuite is added with cases where the IP reassembly is incomplete and software will need to reassemble them later. The failure cases added are: - all fragments are not received. - same fragment is received more than once. - out of order fragments. Signed-off-by: Akhil Goyal --- app/test/test_inline_ipsec.c | 53 ++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/app/test/test_inline_ipsec.c b/app/test/test_inline_ipsec.c index 3f3731760d..0d74e23359 100644 --- a/app/test/test_inline_ipsec.c +++ b/app/test/test_inline_ipsec.c @@ -936,6 +936,50 @@ test_reassembly_ipv6_5frag(void) { RTE_SECURITY_IPSEC_TUNNEL_IPV6); } +static int +test_reassembly_incomplete(void) { + /* Negative test case, not sending all fragments. */ + struct reassembly_vector ipv4_incomplete_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p2, + .frags[0] = &pkt_ipv4_udp_p2_f1, + .frags[1] = &pkt_ipv4_udp_p2_f2, + .frags[2] = NULL, + .frags[3] = NULL, + }; + return test_reassembly(&ipv4_incomplete_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_overlap(void) { + /* Negative test case, sending 1 fragment twice. */ + struct reassembly_vector ipv4_overlap_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p2, + .frags[0] = &pkt_ipv4_udp_p2_f1, + .frags[1] = &pkt_ipv4_udp_p2_f2, + .frags[2] = &pkt_ipv4_udp_p2_f2, /* overlap */ + .frags[3] = &pkt_ipv4_udp_p2_f3, + }; + return test_reassembly(&ipv4_overlap_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} + +static int +test_reassembly_out_of_order(void) { + /* Negative test case, sending 1 fragment twice. */ + struct reassembly_vector ipv4_ooo_case = { + .sa_data = &conf_aes_128_gcm, + .full_pkt = &pkt_ipv4_udp_p2, + .frags[0] = &pkt_ipv4_udp_p2_f4, + .frags[1] = &pkt_ipv4_udp_p2_f3, + .frags[2] = &pkt_ipv4_udp_p2_f1, + .frags[3] = &pkt_ipv4_udp_p2_f2, + }; + return test_reassembly(&ipv4_ooo_case, + RTE_SECURITY_IPSEC_TUNNEL_IPV4); +} static struct unit_test_suite inline_ipsec_testsuite = { .suite_name = "Inline IPsec Ethernet Device Unit Test Suite", @@ -969,6 +1013,15 @@ static struct unit_test_suite inline_ipsec_testsuite = { TEST_CASE_ST(ut_setup_inline_ipsec, ut_teardown_inline_ipsec, test_reassembly_ipv6_5frag), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_incomplete), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_overlap), + TEST_CASE_ST(ut_setup_inline_ipsec, + ut_teardown_inline_ipsec, + test_reassembly_out_of_order), TEST_CASES_END() /**< NULL terminate unit test array */ }