1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2022 Marvell. 3 */ 4 5 6 #include <stdio.h> 7 #include <inttypes.h> 8 9 #include <rte_ethdev.h> 10 #include <rte_malloc.h> 11 #include <rte_security.h> 12 13 #include "test.h" 14 #include "test_security_inline_proto_vectors.h" 15 #include "test_security_proto.h" 16 17 #ifdef RTE_EXEC_ENV_WINDOWS 18 static int 19 test_inline_ipsec(void) 20 { 21 printf("Inline ipsec not supported on Windows, skipping test\n"); 22 return TEST_SKIPPED; 23 } 24 25 static int 26 test_event_inline_ipsec(void) 27 { 28 printf("Event inline ipsec not supported on Windows, skipping test\n"); 29 return TEST_SKIPPED; 30 } 31 32 static int 33 test_inline_ipsec_sg(void) 34 { 35 printf("Inline ipsec SG not supported on Windows, skipping test\n"); 36 return TEST_SKIPPED; 37 } 38 39 #else 40 41 #include <rte_eventdev.h> 42 #include <rte_event_eth_rx_adapter.h> 43 #include <rte_event_eth_tx_adapter.h> 44 45 #define NB_ETHPORTS_USED 1 46 #define MEMPOOL_CACHE_SIZE 32 47 #define MAX_PKT_BURST 32 48 #define RX_DESC_DEFAULT 1024 49 #define TX_DESC_DEFAULT 1024 50 #define RTE_PORT_ALL (~(uint16_t)0x0) 51 52 #define RX_PTHRESH 8 /**< Default values of RX prefetch threshold reg. */ 53 #define RX_HTHRESH 8 /**< Default values of RX host threshold reg. */ 54 #define RX_WTHRESH 0 /**< Default values of RX write-back threshold reg. */ 55 56 #define TX_PTHRESH 32 /**< Default values of TX prefetch threshold reg. */ 57 #define TX_HTHRESH 0 /**< Default values of TX host threshold reg. */ 58 #define TX_WTHRESH 0 /**< Default values of TX write-back threshold reg. */ 59 60 #define MAX_TRAFFIC_BURST 2048 61 #define NB_MBUF 10240 62 63 #define ENCAP_DECAP_BURST_SZ 33 64 #define APP_REASS_TIMEOUT 10 65 66 extern struct ipsec_test_data pkt_aes_128_gcm; 67 extern struct ipsec_test_data pkt_aes_192_gcm; 68 extern struct ipsec_test_data pkt_aes_256_gcm; 69 extern struct ipsec_test_data pkt_aes_128_gcm_frag; 70 extern struct ipsec_test_data pkt_aes_128_cbc_null; 71 extern struct ipsec_test_data pkt_null_aes_xcbc; 72 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha384; 73 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha512; 74 extern struct ipsec_test_data pkt_3des_cbc_hmac_sha256; 75 extern struct ipsec_test_data pkt_3des_cbc_hmac_sha384; 76 extern struct ipsec_test_data pkt_3des_cbc_hmac_sha512; 77 extern struct ipsec_test_data pkt_3des_cbc_hmac_sha256_v6; 78 extern struct ipsec_test_data pkt_des_cbc_hmac_sha256; 79 extern struct ipsec_test_data pkt_des_cbc_hmac_sha384; 80 extern struct ipsec_test_data pkt_des_cbc_hmac_sha512; 81 extern struct ipsec_test_data pkt_des_cbc_hmac_sha256_v6; 82 extern struct ipsec_test_data pkt_aes_128_cbc_md5; 83 84 static struct rte_mempool *mbufpool; 85 static struct rte_mempool *sess_pool; 86 /* ethernet addresses of ports */ 87 static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS]; 88 89 static struct rte_eth_conf port_conf = { 90 .rxmode = { 91 .mq_mode = RTE_ETH_MQ_RX_NONE, 92 .offloads = RTE_ETH_RX_OFFLOAD_CHECKSUM | 93 RTE_ETH_RX_OFFLOAD_SECURITY, 94 }, 95 .txmode = { 96 .mq_mode = RTE_ETH_MQ_TX_NONE, 97 .offloads = RTE_ETH_TX_OFFLOAD_SECURITY | 98 RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE, 99 }, 100 .lpbk_mode = 1, /* enable loopback */ 101 }; 102 103 static struct rte_eth_rxconf rx_conf = { 104 .rx_thresh = { 105 .pthresh = RX_PTHRESH, 106 .hthresh = RX_HTHRESH, 107 .wthresh = RX_WTHRESH, 108 }, 109 .rx_free_thresh = 32, 110 }; 111 112 static struct rte_eth_txconf tx_conf = { 113 .tx_thresh = { 114 .pthresh = TX_PTHRESH, 115 .hthresh = TX_HTHRESH, 116 .wthresh = TX_WTHRESH, 117 }, 118 .tx_free_thresh = 32, /* Use PMD default values */ 119 .tx_rs_thresh = 32, /* Use PMD default values */ 120 }; 121 122 static uint16_t port_id; 123 static uint8_t eventdev_id; 124 static uint8_t rx_adapter_id; 125 static uint8_t tx_adapter_id; 126 static uint16_t plaintext_len; 127 static bool sg_mode; 128 129 static bool event_mode_enabled; 130 131 static uint64_t link_mbps; 132 133 static int ip_reassembly_dynfield_offset = -1; 134 135 static struct rte_flow *default_flow[RTE_MAX_ETHPORTS]; 136 137 /* Create Inline IPsec session */ 138 static int 139 create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, 140 void **sess, void **ctx, 141 uint32_t *ol_flags, const struct ipsec_test_flags *flags, 142 struct rte_security_session_conf *sess_conf) 143 { 144 uint16_t src_v6[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000, 145 0x0000, 0x001a}; 146 uint16_t dst_v6[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174, 147 0xe82c, 0x4887}; 148 uint32_t src_v4 = rte_cpu_to_be_32(RTE_IPV4(192, 168, 1, 2)); 149 uint32_t dst_v4 = rte_cpu_to_be_32(RTE_IPV4(192, 168, 1, 1)); 150 struct rte_security_capability_idx sec_cap_idx; 151 const struct rte_security_capability *sec_cap; 152 enum rte_security_ipsec_sa_direction dir; 153 void *sec_ctx; 154 uint32_t verify; 155 156 sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; 157 sess_conf->protocol = RTE_SECURITY_PROTOCOL_IPSEC; 158 sess_conf->ipsec = sa->ipsec_xform; 159 160 dir = sa->ipsec_xform.direction; 161 verify = flags->tunnel_hdr_verify; 162 163 if ((dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && verify) { 164 if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR) 165 src_v4 += 1; 166 else if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR) 167 dst_v4 += 1; 168 } 169 170 if (sa->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { 171 if (sa->ipsec_xform.tunnel.type == 172 RTE_SECURITY_IPSEC_TUNNEL_IPV4) { 173 memcpy(&sess_conf->ipsec.tunnel.ipv4.src_ip, &src_v4, 174 sizeof(src_v4)); 175 memcpy(&sess_conf->ipsec.tunnel.ipv4.dst_ip, &dst_v4, 176 sizeof(dst_v4)); 177 178 if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1) 179 sess_conf->ipsec.tunnel.ipv4.df = 0; 180 181 if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0) 182 sess_conf->ipsec.tunnel.ipv4.df = 1; 183 184 if (flags->dscp == TEST_IPSEC_SET_DSCP_0_INNER_1) 185 sess_conf->ipsec.tunnel.ipv4.dscp = 0; 186 187 if (flags->dscp == TEST_IPSEC_SET_DSCP_1_INNER_0) 188 sess_conf->ipsec.tunnel.ipv4.dscp = 189 TEST_IPSEC_DSCP_VAL; 190 } else { 191 if (flags->dscp == TEST_IPSEC_SET_DSCP_0_INNER_1) 192 sess_conf->ipsec.tunnel.ipv6.dscp = 0; 193 194 if (flags->dscp == TEST_IPSEC_SET_DSCP_1_INNER_0) 195 sess_conf->ipsec.tunnel.ipv6.dscp = 196 TEST_IPSEC_DSCP_VAL; 197 198 if (flags->flabel == TEST_IPSEC_SET_FLABEL_0_INNER_1) 199 sess_conf->ipsec.tunnel.ipv6.flabel = 0; 200 201 if (flags->flabel == TEST_IPSEC_SET_FLABEL_1_INNER_0) 202 sess_conf->ipsec.tunnel.ipv6.flabel = 203 TEST_IPSEC_FLABEL_VAL; 204 205 memcpy(&sess_conf->ipsec.tunnel.ipv6.src_addr, &src_v6, 206 sizeof(src_v6)); 207 memcpy(&sess_conf->ipsec.tunnel.ipv6.dst_addr, &dst_v6, 208 sizeof(dst_v6)); 209 } 210 } 211 212 /* Save SA as userdata for the security session. When 213 * the packet is received, this userdata will be 214 * retrieved using the metadata from the packet. 215 * 216 * The PMD is expected to set similar metadata for other 217 * operations, like rte_eth_event, which are tied to 218 * security session. In such cases, the userdata could 219 * be obtained to uniquely identify the security 220 * parameters denoted. 221 */ 222 223 sess_conf->userdata = (void *) sa; 224 225 sec_ctx = rte_eth_dev_get_sec_ctx(portid); 226 if (sec_ctx == NULL) { 227 printf("Ethernet device doesn't support security features.\n"); 228 return TEST_SKIPPED; 229 } 230 231 sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; 232 sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_IPSEC; 233 sec_cap_idx.ipsec.proto = sess_conf->ipsec.proto; 234 sec_cap_idx.ipsec.mode = sess_conf->ipsec.mode; 235 sec_cap_idx.ipsec.direction = sess_conf->ipsec.direction; 236 sec_cap = rte_security_capability_get(sec_ctx, &sec_cap_idx); 237 if (sec_cap == NULL) { 238 printf("No capabilities registered\n"); 239 return TEST_SKIPPED; 240 } 241 242 if (sa->aead || sa->aes_gmac) 243 memcpy(&sess_conf->ipsec.salt, sa->salt.data, 244 RTE_MIN(sizeof(sess_conf->ipsec.salt), sa->salt.len)); 245 246 /* Copy cipher session parameters */ 247 if (sa->aead) { 248 rte_memcpy(sess_conf->crypto_xform, &sa->xform.aead, 249 sizeof(struct rte_crypto_sym_xform)); 250 sess_conf->crypto_xform->aead.key.data = sa->key.data; 251 /* Verify crypto capabilities */ 252 if (test_sec_crypto_caps_aead_verify(sec_cap, sess_conf->crypto_xform) != 0) { 253 RTE_LOG(INFO, USER1, 254 "Crypto capabilities not supported\n"); 255 return TEST_SKIPPED; 256 } 257 } else { 258 if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { 259 rte_memcpy(&sess_conf->crypto_xform->cipher, 260 &sa->xform.chain.cipher.cipher, 261 sizeof(struct rte_crypto_cipher_xform)); 262 263 rte_memcpy(&sess_conf->crypto_xform->next->auth, 264 &sa->xform.chain.auth.auth, 265 sizeof(struct rte_crypto_auth_xform)); 266 sess_conf->crypto_xform->cipher.key.data = 267 sa->key.data; 268 sess_conf->crypto_xform->next->auth.key.data = 269 sa->auth_key.data; 270 /* Verify crypto capabilities */ 271 if (test_sec_crypto_caps_cipher_verify(sec_cap, 272 sess_conf->crypto_xform) != 0) { 273 RTE_LOG(INFO, USER1, 274 "Cipher crypto capabilities not supported\n"); 275 return TEST_SKIPPED; 276 } 277 278 if (test_sec_crypto_caps_auth_verify(sec_cap, 279 sess_conf->crypto_xform->next) != 0) { 280 RTE_LOG(INFO, USER1, 281 "Auth crypto capabilities not supported\n"); 282 return TEST_SKIPPED; 283 } 284 } else { 285 rte_memcpy(&sess_conf->crypto_xform->next->cipher, 286 &sa->xform.chain.cipher.cipher, 287 sizeof(struct rte_crypto_cipher_xform)); 288 rte_memcpy(&sess_conf->crypto_xform->auth, 289 &sa->xform.chain.auth.auth, 290 sizeof(struct rte_crypto_auth_xform)); 291 sess_conf->crypto_xform->auth.key.data = 292 sa->auth_key.data; 293 sess_conf->crypto_xform->next->cipher.key.data = 294 sa->key.data; 295 296 /* Verify crypto capabilities */ 297 if (test_sec_crypto_caps_cipher_verify(sec_cap, 298 sess_conf->crypto_xform->next) != 0) { 299 RTE_LOG(INFO, USER1, 300 "Cipher crypto capabilities not supported\n"); 301 return TEST_SKIPPED; 302 } 303 304 if (test_sec_crypto_caps_auth_verify(sec_cap, 305 sess_conf->crypto_xform) != 0) { 306 RTE_LOG(INFO, USER1, 307 "Auth crypto capabilities not supported\n"); 308 return TEST_SKIPPED; 309 } 310 } 311 } 312 313 if (test_ipsec_sec_caps_verify(&sess_conf->ipsec, sec_cap, false) != 0) 314 return TEST_SKIPPED; 315 316 if ((sa->ipsec_xform.direction == 317 RTE_SECURITY_IPSEC_SA_DIR_EGRESS) && 318 (sa->ipsec_xform.options.iv_gen_disable == 1)) { 319 /* Set env variable when IV generation is disabled */ 320 char arr[128]; 321 int len = 0, j = 0; 322 int iv_len = (sa->aead || sa->aes_gmac) ? 8 : 16; 323 324 for (; j < iv_len; j++) 325 len += snprintf(arr+len, sizeof(arr) - len, 326 "0x%x, ", sa->iv.data[j]); 327 setenv("ETH_SEC_IV_OVR", arr, 1); 328 } 329 330 *sess = rte_security_session_create(sec_ctx, sess_conf, sess_pool); 331 if (*sess == NULL) { 332 printf("SEC Session init failed.\n"); 333 return TEST_FAILED; 334 } 335 336 *ol_flags = sec_cap->ol_flags; 337 *ctx = sec_ctx; 338 339 return 0; 340 } 341 342 /* Check the link status of all ports in up to 3s, and print them finally */ 343 static void 344 check_all_ports_link_status(uint16_t port_num, uint32_t port_mask) 345 { 346 #define CHECK_INTERVAL 100 /* 100ms */ 347 #define MAX_CHECK_TIME 30 /* 3s (30 * 100ms) in total */ 348 uint16_t portid; 349 uint8_t count, all_ports_up, print_flag = 0; 350 struct rte_eth_link link; 351 int ret; 352 char link_status[RTE_ETH_LINK_MAX_STR_LEN]; 353 354 printf("Checking link statuses...\n"); 355 fflush(stdout); 356 for (count = 0; count <= MAX_CHECK_TIME; count++) { 357 all_ports_up = 1; 358 for (portid = 0; portid < port_num; portid++) { 359 if ((port_mask & (1 << portid)) == 0) 360 continue; 361 memset(&link, 0, sizeof(link)); 362 ret = rte_eth_link_get_nowait(portid, &link); 363 if (ret < 0) { 364 all_ports_up = 0; 365 if (print_flag == 1) 366 printf("Port %u link get failed: %s\n", 367 portid, rte_strerror(-ret)); 368 continue; 369 } 370 371 /* print link status if flag set */ 372 if (print_flag == 1) { 373 if (link.link_status && link_mbps == 0) 374 link_mbps = link.link_speed; 375 376 rte_eth_link_to_str(link_status, 377 sizeof(link_status), &link); 378 printf("Port %d %s\n", portid, link_status); 379 continue; 380 } 381 /* clear all_ports_up flag if any link down */ 382 if (link.link_status == RTE_ETH_LINK_DOWN) { 383 all_ports_up = 0; 384 break; 385 } 386 } 387 /* after finally printing all link status, get out */ 388 if (print_flag == 1) 389 break; 390 391 if (all_ports_up == 0) { 392 fflush(stdout); 393 rte_delay_ms(CHECK_INTERVAL); 394 } 395 396 /* set the print_flag if all ports up or timeout */ 397 if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) 398 print_flag = 1; 399 } 400 } 401 402 static void 403 print_ethaddr(const char *name, const struct rte_ether_addr *eth_addr) 404 { 405 char buf[RTE_ETHER_ADDR_FMT_SIZE]; 406 rte_ether_format_addr(buf, RTE_ETHER_ADDR_FMT_SIZE, eth_addr); 407 printf("%s%s", name, buf); 408 } 409 410 static void 411 copy_buf_to_pkt_segs(const uint8_t *buf, unsigned int len, 412 struct rte_mbuf *pkt, unsigned int offset) 413 { 414 unsigned int copied = 0; 415 unsigned int copy_len; 416 struct rte_mbuf *seg; 417 void *seg_buf; 418 419 seg = pkt; 420 while (offset >= rte_pktmbuf_tailroom(seg)) { 421 offset -= rte_pktmbuf_tailroom(seg); 422 seg = seg->next; 423 } 424 copy_len = seg->buf_len - seg->data_off - offset; 425 seg_buf = rte_pktmbuf_mtod_offset(seg, char *, offset); 426 while (len > copy_len) { 427 rte_memcpy(seg_buf, buf + copied, (size_t) copy_len); 428 len -= copy_len; 429 copied += copy_len; 430 seg->data_len += copy_len; 431 432 seg = seg->next; 433 copy_len = seg->buf_len - seg->data_off; 434 seg_buf = rte_pktmbuf_mtod(seg, void *); 435 } 436 rte_memcpy(seg_buf, buf + copied, (size_t) len); 437 seg->data_len = len; 438 439 pkt->pkt_len += copied + len; 440 } 441 442 static bool 443 is_outer_ipv4(struct ipsec_test_data *td) 444 { 445 bool outer_ipv4; 446 447 if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS || 448 td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) 449 outer_ipv4 = (((td->input_text.data[0] & 0xF0) >> 4) == IPVERSION); 450 else 451 outer_ipv4 = (td->ipsec_xform.tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4); 452 return outer_ipv4; 453 } 454 455 static inline struct rte_mbuf * 456 init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len, bool outer_ipv4) 457 { 458 struct rte_mbuf *pkt, *tail; 459 uint16_t space; 460 461 pkt = rte_pktmbuf_alloc(mp); 462 if (pkt == NULL) 463 return NULL; 464 465 if (outer_ipv4) { 466 rte_memcpy(rte_pktmbuf_append(pkt, RTE_ETHER_HDR_LEN), 467 &dummy_ipv4_eth_hdr, RTE_ETHER_HDR_LEN); 468 pkt->l3_len = sizeof(struct rte_ipv4_hdr); 469 } else { 470 rte_memcpy(rte_pktmbuf_append(pkt, RTE_ETHER_HDR_LEN), 471 &dummy_ipv6_eth_hdr, RTE_ETHER_HDR_LEN); 472 pkt->l3_len = sizeof(struct rte_ipv6_hdr); 473 } 474 pkt->l2_len = RTE_ETHER_HDR_LEN; 475 476 space = rte_pktmbuf_tailroom(pkt); 477 tail = pkt; 478 /* Error if SG mode is not enabled */ 479 if (!sg_mode && space < len) { 480 rte_pktmbuf_free(pkt); 481 return NULL; 482 } 483 /* Extra room for expansion */ 484 while (space < len) { 485 tail->next = rte_pktmbuf_alloc(mp); 486 if (!tail->next) 487 goto error; 488 tail = tail->next; 489 space += rte_pktmbuf_tailroom(tail); 490 pkt->nb_segs++; 491 } 492 493 if (pkt->buf_len > len + RTE_ETHER_HDR_LEN) 494 rte_memcpy(rte_pktmbuf_append(pkt, len), data, len); 495 else 496 copy_buf_to_pkt_segs(data, len, pkt, RTE_ETHER_HDR_LEN); 497 return pkt; 498 error: 499 rte_pktmbuf_free(pkt); 500 return NULL; 501 } 502 503 static int 504 init_mempools(unsigned int nb_mbuf) 505 { 506 void *sec_ctx; 507 uint16_t nb_sess = 512; 508 uint32_t sess_sz; 509 char s[64]; 510 511 if (mbufpool == NULL) { 512 snprintf(s, sizeof(s), "mbuf_pool"); 513 mbufpool = rte_pktmbuf_pool_create(s, nb_mbuf, 514 MEMPOOL_CACHE_SIZE, RTE_CACHE_LINE_SIZE, 515 RTE_MBUF_DEFAULT_BUF_SIZE, SOCKET_ID_ANY); 516 if (mbufpool == NULL) { 517 printf("Cannot init mbuf pool\n"); 518 return TEST_FAILED; 519 } 520 printf("Allocated mbuf pool\n"); 521 } 522 523 sec_ctx = rte_eth_dev_get_sec_ctx(port_id); 524 if (sec_ctx == NULL) { 525 printf("Device does not support Security ctx\n"); 526 return TEST_SKIPPED; 527 } 528 sess_sz = rte_security_session_get_size(sec_ctx); 529 if (sess_pool == NULL) { 530 snprintf(s, sizeof(s), "sess_pool"); 531 sess_pool = rte_mempool_create(s, nb_sess, sess_sz, 532 MEMPOOL_CACHE_SIZE, 0, 533 NULL, NULL, NULL, NULL, 534 SOCKET_ID_ANY, 0); 535 if (sess_pool == NULL) { 536 printf("Cannot init sess pool\n"); 537 return TEST_FAILED; 538 } 539 printf("Allocated sess pool\n"); 540 } 541 542 return 0; 543 } 544 545 static int 546 create_default_flow(uint16_t portid) 547 { 548 struct rte_flow_action action[2]; 549 struct rte_flow_item pattern[2]; 550 struct rte_flow_attr attr = {0}; 551 struct rte_flow_error err; 552 struct rte_flow *flow; 553 int ret; 554 555 /* Add the default rte_flow to enable SECURITY for all ESP packets */ 556 557 pattern[0].type = RTE_FLOW_ITEM_TYPE_ESP; 558 pattern[0].spec = NULL; 559 pattern[0].mask = NULL; 560 pattern[0].last = NULL; 561 pattern[1].type = RTE_FLOW_ITEM_TYPE_END; 562 563 action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; 564 action[0].conf = NULL; 565 action[1].type = RTE_FLOW_ACTION_TYPE_END; 566 action[1].conf = NULL; 567 568 attr.ingress = 1; 569 570 ret = rte_flow_validate(portid, &attr, pattern, action, &err); 571 if (ret) { 572 printf("\nValidate flow failed, ret = %d\n", ret); 573 return -1; 574 } 575 flow = rte_flow_create(portid, &attr, pattern, action, &err); 576 if (flow == NULL) { 577 printf("\nDefault flow rule create failed\n"); 578 return -1; 579 } 580 581 default_flow[portid] = flow; 582 583 return 0; 584 } 585 586 static void 587 destroy_default_flow(uint16_t portid) 588 { 589 struct rte_flow_error err; 590 int ret; 591 592 if (!default_flow[portid]) 593 return; 594 ret = rte_flow_destroy(portid, default_flow[portid], &err); 595 if (ret) { 596 printf("\nDefault flow rule destroy failed\n"); 597 return; 598 } 599 default_flow[portid] = NULL; 600 } 601 602 struct rte_mbuf **tx_pkts_burst; 603 struct rte_mbuf **rx_pkts_burst; 604 605 static int 606 compare_pkt_data(struct rte_mbuf *m, uint8_t *ref, unsigned int tot_len) 607 { 608 unsigned int len; 609 unsigned int nb_segs = m->nb_segs; 610 unsigned int matched = 0; 611 struct rte_mbuf *save = m; 612 613 while (m) { 614 len = tot_len; 615 if (len > m->data_len) 616 len = m->data_len; 617 if (len != 0) { 618 if (memcmp(rte_pktmbuf_mtod(m, char *), 619 ref + matched, len)) { 620 printf("\n====Reassembly case failed: Data Mismatch"); 621 rte_hexdump(stdout, "Reassembled", 622 rte_pktmbuf_mtod(m, char *), 623 len); 624 rte_hexdump(stdout, "reference", 625 ref + matched, 626 len); 627 return TEST_FAILED; 628 } 629 } 630 tot_len -= len; 631 matched += len; 632 m = m->next; 633 } 634 635 if (tot_len) { 636 printf("\n====Reassembly case failed: Data Missing %u", 637 tot_len); 638 printf("\n====nb_segs %u, tot_len %u", nb_segs, tot_len); 639 rte_pktmbuf_dump(stderr, save, -1); 640 return TEST_FAILED; 641 } 642 return TEST_SUCCESS; 643 } 644 645 static inline bool 646 is_ip_reassembly_incomplete(struct rte_mbuf *mbuf) 647 { 648 static uint64_t ip_reassembly_dynflag; 649 int ip_reassembly_dynflag_offset; 650 651 if (ip_reassembly_dynflag == 0) { 652 ip_reassembly_dynflag_offset = rte_mbuf_dynflag_lookup( 653 RTE_MBUF_DYNFLAG_IP_REASSEMBLY_INCOMPLETE_NAME, NULL); 654 if (ip_reassembly_dynflag_offset < 0) 655 return false; 656 ip_reassembly_dynflag = RTE_BIT64(ip_reassembly_dynflag_offset); 657 } 658 659 return (mbuf->ol_flags & ip_reassembly_dynflag) != 0; 660 } 661 662 static void 663 free_mbuf(struct rte_mbuf *mbuf) 664 { 665 rte_eth_ip_reassembly_dynfield_t dynfield; 666 667 if (!mbuf) 668 return; 669 670 if (!is_ip_reassembly_incomplete(mbuf)) { 671 rte_pktmbuf_free(mbuf); 672 } else { 673 if (ip_reassembly_dynfield_offset < 0) 674 return; 675 676 while (mbuf) { 677 dynfield = *RTE_MBUF_DYNFIELD(mbuf, 678 ip_reassembly_dynfield_offset, 679 rte_eth_ip_reassembly_dynfield_t *); 680 rte_pktmbuf_free(mbuf); 681 if (dynfield.nb_frags == 0) 682 break; 683 mbuf = dynfield.next_frag; 684 } 685 } 686 } 687 688 689 static int 690 get_and_verify_incomplete_frags(struct rte_mbuf *mbuf, 691 struct reassembly_vector *vector) 692 { 693 rte_eth_ip_reassembly_dynfield_t *dynfield[MAX_PKT_BURST]; 694 int j = 0, ret; 695 /** 696 * IP reassembly offload is incomplete, and fragments are listed in 697 * dynfield which can be reassembled in SW. 698 */ 699 printf("\nHW IP Reassembly is not complete; attempt SW IP Reassembly," 700 "\nMatching with original frags."); 701 702 if (ip_reassembly_dynfield_offset < 0) 703 return -1; 704 705 printf("\ncomparing frag: %d", j); 706 /* Skip Ethernet header comparison */ 707 rte_pktmbuf_adj(mbuf, RTE_ETHER_HDR_LEN); 708 ret = compare_pkt_data(mbuf, vector->frags[j]->data, 709 vector->frags[j]->len); 710 if (ret) 711 return ret; 712 j++; 713 dynfield[j] = RTE_MBUF_DYNFIELD(mbuf, ip_reassembly_dynfield_offset, 714 rte_eth_ip_reassembly_dynfield_t *); 715 printf("\ncomparing frag: %d", j); 716 /* Skip Ethernet header comparison */ 717 rte_pktmbuf_adj(dynfield[j]->next_frag, RTE_ETHER_HDR_LEN); 718 ret = compare_pkt_data(dynfield[j]->next_frag, vector->frags[j]->data, 719 vector->frags[j]->len); 720 if (ret) 721 return ret; 722 723 while ((dynfield[j]->nb_frags > 1) && 724 is_ip_reassembly_incomplete(dynfield[j]->next_frag)) { 725 j++; 726 dynfield[j] = RTE_MBUF_DYNFIELD(dynfield[j-1]->next_frag, 727 ip_reassembly_dynfield_offset, 728 rte_eth_ip_reassembly_dynfield_t *); 729 printf("\ncomparing frag: %d", j); 730 /* Skip Ethernet header comparison */ 731 rte_pktmbuf_adj(dynfield[j]->next_frag, RTE_ETHER_HDR_LEN); 732 ret = compare_pkt_data(dynfield[j]->next_frag, 733 vector->frags[j]->data, vector->frags[j]->len); 734 if (ret) 735 return ret; 736 } 737 return ret; 738 } 739 740 static int 741 event_tx_burst(struct rte_mbuf **tx_pkts, uint16_t nb_pkts) 742 { 743 struct rte_event ev; 744 int i, nb_sent = 0; 745 746 /* Convert packets to events */ 747 memset(&ev, 0, sizeof(ev)); 748 ev.sched_type = RTE_SCHED_TYPE_PARALLEL; 749 for (i = 0; i < nb_pkts; i++) { 750 ev.mbuf = tx_pkts[i]; 751 ev.mbuf->port = port_id; 752 nb_sent += rte_event_eth_tx_adapter_enqueue( 753 eventdev_id, port_id, &ev, 1, 0); 754 } 755 756 return nb_sent; 757 } 758 759 static int 760 event_rx_burst(struct rte_mbuf **rx_pkts, uint16_t nb_pkts_to_rx) 761 { 762 int nb_ev, nb_rx = 0, j = 0; 763 const int ms_per_pkt = 5; 764 struct rte_event ev; 765 766 do { 767 nb_ev = rte_event_dequeue_burst(eventdev_id, port_id, 768 &ev, 1, 0); 769 770 if (nb_ev == 0) { 771 rte_delay_ms(1); 772 continue; 773 } 774 775 /* Get packet from event */ 776 if (ev.event_type != RTE_EVENT_TYPE_ETHDEV) { 777 printf("Unsupported event type: %i\n", 778 ev.event_type); 779 continue; 780 } 781 rx_pkts[nb_rx++] = ev.mbuf; 782 } while (j++ < (nb_pkts_to_rx * ms_per_pkt) && nb_rx < nb_pkts_to_rx); 783 784 return nb_rx; 785 } 786 787 static int 788 verify_inbound_oop(struct ipsec_test_data *td, 789 bool silent, struct rte_mbuf *mbuf) 790 { 791 int ret = TEST_SUCCESS, rc; 792 struct rte_mbuf *orig; 793 uint32_t len; 794 void *data; 795 796 orig = *rte_security_oop_dynfield(mbuf); 797 if (!orig) { 798 if (!silent) 799 printf("\nUnable to get orig buffer OOP session"); 800 return TEST_FAILED; 801 } 802 803 /* Skip Ethernet header comparison */ 804 rte_pktmbuf_adj(orig, RTE_ETHER_HDR_LEN); 805 806 len = td->input_text.len; 807 if (orig->pkt_len != len) { 808 if (!silent) 809 printf("\nOriginal packet length mismatch, expected %u, got %u ", 810 len, orig->pkt_len); 811 ret = TEST_FAILED; 812 } 813 814 data = rte_pktmbuf_mtod(orig, void *); 815 rc = memcmp(data, td->input_text.data, len); 816 if (rc) { 817 ret = TEST_FAILED; 818 if (silent) 819 goto exit; 820 821 printf("TestCase %s line %d: %s\n", __func__, __LINE__, 822 "output text not as expected\n"); 823 824 rte_hexdump(stdout, "expected", td->input_text.data, len); 825 rte_hexdump(stdout, "actual", data, len); 826 } 827 exit: 828 rte_pktmbuf_free(orig); 829 return ret; 830 } 831 832 static int 833 test_ipsec_with_rx_inject(struct ip_pkt_vector *vector, const struct ipsec_test_flags *flags) 834 { 835 struct rte_security_session_conf sess_conf_out = {0}; 836 struct rte_security_session_conf sess_conf_in = {0}; 837 uint32_t nb_tx, burst_sz, nb_sent = 0, nb_inj = 0; 838 struct rte_crypto_sym_xform cipher_out = {0}; 839 struct rte_crypto_sym_xform cipher_in = {0}; 840 struct rte_crypto_sym_xform auth_out = {0}; 841 struct rte_crypto_sym_xform aead_out = {0}; 842 struct rte_crypto_sym_xform auth_in = {0}; 843 struct rte_crypto_sym_xform aead_in = {0}; 844 void *out_ses[ENCAP_DECAP_BURST_SZ] = {0}; 845 void *in_ses[ENCAP_DECAP_BURST_SZ] = {0}; 846 uint32_t i, j, nb_rx = 0, nb_inj_rx = 0; 847 struct rte_mbuf **inj_pkts_burst; 848 struct ipsec_test_data sa_data; 849 uint32_t ol_flags; 850 bool outer_ipv4; 851 int ret = 0; 852 void *ctx; 853 854 inj_pkts_burst = calloc(MAX_TRAFFIC_BURST, sizeof(void *)); 855 if (!inj_pkts_burst) 856 return TEST_FAILED; 857 858 burst_sz = vector->burst ? ENCAP_DECAP_BURST_SZ : 1; 859 nb_tx = burst_sz; 860 861 memcpy(&sa_data, vector->sa_data, sizeof(struct ipsec_test_data)); 862 sa_data.ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; 863 outer_ipv4 = is_outer_ipv4(&sa_data); 864 865 for (i = 0; i < nb_tx; i++) { 866 tx_pkts_burst[i] = init_packet(mbufpool, vector->full_pkt->data, 867 vector->full_pkt->len, outer_ipv4); 868 if (tx_pkts_burst[i] == NULL) { 869 ret = -1; 870 printf("\n packed init failed\n"); 871 goto out; 872 } 873 } 874 875 for (i = 0; i < burst_sz; i++) { 876 memcpy(&sa_data, vector->sa_data, sizeof(struct ipsec_test_data)); 877 /* Update SPI for every new SA */ 878 sa_data.ipsec_xform.spi += i; 879 sa_data.ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; 880 if (sa_data.aead) { 881 sess_conf_out.crypto_xform = &aead_out; 882 } else { 883 sess_conf_out.crypto_xform = &cipher_out; 884 sess_conf_out.crypto_xform->next = &auth_out; 885 } 886 887 /* Create Inline IPsec outbound session. */ 888 ret = create_inline_ipsec_session(&sa_data, port_id, &out_ses[i], &ctx, &ol_flags, 889 flags, &sess_conf_out); 890 if (ret) { 891 printf("\nInline outbound session create failed\n"); 892 goto out; 893 } 894 } 895 896 for (i = 0; i < nb_tx; i++) { 897 if (ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA) 898 rte_security_set_pkt_metadata(ctx, 899 out_ses[i], tx_pkts_burst[i], NULL); 900 tx_pkts_burst[i]->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD; 901 } 902 903 for (i = 0; i < burst_sz; i++) { 904 memcpy(&sa_data, vector->sa_data, sizeof(struct ipsec_test_data)); 905 /* Update SPI for every new SA */ 906 sa_data.ipsec_xform.spi += i; 907 sa_data.ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; 908 909 if (sa_data.aead) { 910 sess_conf_in.crypto_xform = &aead_in; 911 } else { 912 sess_conf_in.crypto_xform = &auth_in; 913 sess_conf_in.crypto_xform->next = &cipher_in; 914 } 915 /* Create Inline IPsec inbound session. */ 916 ret = create_inline_ipsec_session(&sa_data, port_id, &in_ses[i], &ctx, &ol_flags, 917 flags, &sess_conf_in); 918 if (ret) { 919 printf("\nInline inbound session create failed\n"); 920 goto out; 921 } 922 } 923 924 rte_delay_ms(1); 925 /* Create and receive encrypted packets */ 926 if (event_mode_enabled) 927 nb_sent = event_tx_burst(tx_pkts_burst, nb_tx); 928 else 929 nb_sent = rte_eth_tx_burst(port_id, 0, tx_pkts_burst, nb_tx); 930 if (nb_sent != nb_tx) { 931 ret = -1; 932 printf("\nFailed to tx %u pkts", nb_tx); 933 goto out; 934 } 935 936 rte_delay_ms(1); 937 938 /* Retry few times before giving up */ 939 nb_rx = 0; 940 j = 0; 941 if (event_mode_enabled) 942 nb_rx = event_rx_burst(rx_pkts_burst, nb_tx); 943 else 944 do { 945 nb_rx += rte_eth_rx_burst(port_id, 0, &rx_pkts_burst[nb_rx], 946 nb_tx - nb_rx); 947 j++; 948 if (nb_rx >= nb_tx) 949 break; 950 rte_delay_ms(1); 951 } while (j < 5 || !nb_rx); 952 953 /* Check for minimum number of Rx packets expected */ 954 if (nb_rx != nb_tx) { 955 printf("\nReceived less Rx pkts(%u)\n", nb_rx); 956 ret = TEST_FAILED; 957 goto out; 958 } 959 960 for (i = 0; i < nb_rx; i++) { 961 if (!(rx_pkts_burst[i]->packet_type & RTE_PTYPE_TUNNEL_ESP)) { 962 printf("\nNot received ESP packet, pytpe=%x\n", 963 rx_pkts_burst[i]->packet_type); 964 goto out; 965 } 966 rx_pkts_burst[i]->l2_len = RTE_ETHER_HDR_LEN; 967 } 968 969 /* Inject Packets */ 970 if (flags->rx_inject) 971 nb_inj = rte_security_inb_pkt_rx_inject(ctx, rx_pkts_burst, in_ses, nb_rx); 972 else { 973 printf("\nInject flag disabled, Failed to Inject %u pkts", nb_rx); 974 goto out; 975 } 976 if (nb_inj != nb_rx) { 977 ret = -1; 978 printf("\nFailed to Inject %u pkts", nb_rx); 979 goto out; 980 } 981 982 rte_delay_ms(1); 983 984 /* Retry few times before giving up */ 985 nb_inj_rx = 0; 986 j = 0; 987 if (event_mode_enabled) 988 nb_inj_rx = event_rx_burst(inj_pkts_burst, nb_inj); 989 else 990 do { 991 nb_inj_rx += rte_eth_rx_burst(port_id, 0, &inj_pkts_burst[nb_inj_rx], 992 nb_inj - nb_inj_rx); 993 j++; 994 if (nb_inj_rx >= nb_inj) 995 break; 996 rte_delay_ms(1); 997 } while (j < 5 || !nb_inj_rx); 998 999 /* Check for minimum number of Rx packets expected */ 1000 if (nb_inj_rx != nb_inj) { 1001 printf("\nReceived less Rx pkts(%u)\n", nb_inj_rx); 1002 ret = TEST_FAILED; 1003 goto out; 1004 } 1005 1006 for (i = 0; i < nb_inj_rx; i++) { 1007 if (inj_pkts_burst[i]->ol_flags & 1008 RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED || 1009 !(inj_pkts_burst[i]->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD)) { 1010 printf("\nsecurity offload failed\n"); 1011 ret = TEST_FAILED; 1012 break; 1013 } 1014 1015 if (vector->full_pkt->len + RTE_ETHER_HDR_LEN != 1016 inj_pkts_burst[i]->pkt_len) { 1017 printf("\nreassembled/decrypted packet length mismatch\n"); 1018 ret = TEST_FAILED; 1019 break; 1020 } 1021 rte_pktmbuf_adj(inj_pkts_burst[i], RTE_ETHER_HDR_LEN); 1022 ret = compare_pkt_data(inj_pkts_burst[i], vector->full_pkt->data, 1023 vector->full_pkt->len); 1024 if (ret != TEST_SUCCESS) 1025 break; 1026 } 1027 1028 out: 1029 /* Clear session data. */ 1030 for (i = 0; i < burst_sz; i++) { 1031 if (out_ses[i]) 1032 rte_security_session_destroy(ctx, out_ses[i]); 1033 if (in_ses[i]) 1034 rte_security_session_destroy(ctx, in_ses[i]); 1035 } 1036 1037 for (i = nb_sent; i < nb_tx; i++) 1038 free_mbuf(tx_pkts_burst[i]); 1039 for (i = 0; i < nb_rx; i++) 1040 free_mbuf(rx_pkts_burst[i]); 1041 for (i = 0; i < nb_inj_rx; i++) 1042 free_mbuf(inj_pkts_burst[i]); 1043 free(inj_pkts_burst); 1044 1045 return ret; 1046 } 1047 1048 static int 1049 test_ipsec_with_reassembly(struct reassembly_vector *vector, 1050 const struct ipsec_test_flags *flags) 1051 { 1052 void *out_ses[ENCAP_DECAP_BURST_SZ] = {0}; 1053 void *in_ses[ENCAP_DECAP_BURST_SZ] = {0}; 1054 struct rte_eth_ip_reassembly_params reass_capa = {0}; 1055 struct rte_security_session_conf sess_conf_out = {0}; 1056 struct rte_security_session_conf sess_conf_in = {0}; 1057 unsigned int nb_tx, burst_sz, nb_sent = 0; 1058 struct rte_crypto_sym_xform cipher_out = {0}; 1059 struct rte_crypto_sym_xform auth_out = {0}; 1060 struct rte_crypto_sym_xform aead_out = {0}; 1061 struct rte_crypto_sym_xform cipher_in = {0}; 1062 struct rte_crypto_sym_xform auth_in = {0}; 1063 struct rte_crypto_sym_xform aead_in = {0}; 1064 struct ipsec_test_data sa_data; 1065 void *ctx; 1066 unsigned int i, nb_rx = 0, j; 1067 uint32_t ol_flags; 1068 bool outer_ipv4; 1069 int ret = 0; 1070 1071 burst_sz = vector->burst ? ENCAP_DECAP_BURST_SZ : 1; 1072 nb_tx = vector->nb_frags * burst_sz; 1073 1074 rte_eth_ip_reassembly_capability_get(port_id, &reass_capa); 1075 if (reass_capa.max_frags < vector->nb_frags) 1076 return TEST_SKIPPED; 1077 1078 memset(tx_pkts_burst, 0, sizeof(tx_pkts_burst[0]) * nb_tx); 1079 memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * nb_tx); 1080 1081 memcpy(&sa_data, vector->sa_data, sizeof(struct ipsec_test_data)); 1082 sa_data.ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; 1083 outer_ipv4 = is_outer_ipv4(&sa_data); 1084 1085 for (i = 0; i < nb_tx; i += vector->nb_frags) { 1086 for (j = 0; j < vector->nb_frags; j++) { 1087 tx_pkts_burst[i+j] = init_packet(mbufpool, 1088 vector->frags[j]->data, 1089 vector->frags[j]->len, outer_ipv4); 1090 if (tx_pkts_burst[i+j] == NULL) { 1091 ret = -1; 1092 printf("\n packed init failed\n"); 1093 goto out; 1094 } 1095 } 1096 } 1097 1098 for (i = 0; i < burst_sz; i++) { 1099 memcpy(&sa_data, vector->sa_data, 1100 sizeof(struct ipsec_test_data)); 1101 /* Update SPI for every new SA */ 1102 sa_data.ipsec_xform.spi += i; 1103 sa_data.ipsec_xform.direction = 1104 RTE_SECURITY_IPSEC_SA_DIR_EGRESS; 1105 if (sa_data.aead) { 1106 sess_conf_out.crypto_xform = &aead_out; 1107 } else { 1108 sess_conf_out.crypto_xform = &cipher_out; 1109 sess_conf_out.crypto_xform->next = &auth_out; 1110 } 1111 1112 /* Create Inline IPsec outbound session. */ 1113 ret = create_inline_ipsec_session(&sa_data, port_id, 1114 &out_ses[i], &ctx, &ol_flags, flags, 1115 &sess_conf_out); 1116 if (ret) { 1117 printf("\nInline outbound session create failed\n"); 1118 goto out; 1119 } 1120 } 1121 1122 j = 0; 1123 for (i = 0; i < nb_tx; i++) { 1124 if (ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA) 1125 rte_security_set_pkt_metadata(ctx, 1126 out_ses[j], tx_pkts_burst[i], NULL); 1127 tx_pkts_burst[i]->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD; 1128 1129 /* Move to next SA after nb_frags */ 1130 if ((i + 1) % vector->nb_frags == 0) 1131 j++; 1132 } 1133 1134 for (i = 0; i < burst_sz; i++) { 1135 memcpy(&sa_data, vector->sa_data, 1136 sizeof(struct ipsec_test_data)); 1137 /* Update SPI for every new SA */ 1138 sa_data.ipsec_xform.spi += i; 1139 sa_data.ipsec_xform.direction = 1140 RTE_SECURITY_IPSEC_SA_DIR_INGRESS; 1141 1142 if (sa_data.aead) { 1143 sess_conf_in.crypto_xform = &aead_in; 1144 } else { 1145 sess_conf_in.crypto_xform = &auth_in; 1146 sess_conf_in.crypto_xform->next = &cipher_in; 1147 } 1148 /* Create Inline IPsec inbound session. */ 1149 ret = create_inline_ipsec_session(&sa_data, port_id, &in_ses[i], 1150 &ctx, &ol_flags, flags, &sess_conf_in); 1151 if (ret) { 1152 printf("\nInline inbound session create failed\n"); 1153 goto out; 1154 } 1155 } 1156 1157 /* Retrieve reassembly dynfield offset if available */ 1158 if (ip_reassembly_dynfield_offset < 0 && vector->nb_frags > 1) 1159 ip_reassembly_dynfield_offset = rte_mbuf_dynfield_lookup( 1160 RTE_MBUF_DYNFIELD_IP_REASSEMBLY_NAME, NULL); 1161 1162 1163 ret = create_default_flow(port_id); 1164 if (ret) 1165 goto out; 1166 1167 if (event_mode_enabled) 1168 nb_sent = event_tx_burst(tx_pkts_burst, nb_tx); 1169 else 1170 nb_sent = rte_eth_tx_burst(port_id, 0, tx_pkts_burst, nb_tx); 1171 if (nb_sent != nb_tx) { 1172 ret = -1; 1173 printf("\nFailed to tx %u pkts", nb_tx); 1174 goto out; 1175 } 1176 1177 rte_delay_ms(1); 1178 1179 /* Retry few times before giving up */ 1180 nb_rx = 0; 1181 j = 0; 1182 if (event_mode_enabled) 1183 nb_rx = event_rx_burst(rx_pkts_burst, nb_tx); 1184 else 1185 do { 1186 nb_rx += rte_eth_rx_burst(port_id, 0, &rx_pkts_burst[nb_rx], 1187 nb_tx - nb_rx); 1188 j++; 1189 if (nb_rx >= nb_tx) 1190 break; 1191 rte_delay_ms(1); 1192 } while (j < 5 || !nb_rx); 1193 1194 /* Check for minimum number of Rx packets expected */ 1195 if ((vector->nb_frags == 1 && nb_rx != nb_tx) || 1196 (vector->nb_frags > 1 && nb_rx < burst_sz)) { 1197 printf("\nreceived less Rx pkts(%u) pkts\n", nb_rx); 1198 ret = TEST_FAILED; 1199 goto out; 1200 } 1201 1202 for (i = 0; i < nb_rx; i++) { 1203 if (vector->nb_frags > 1 && 1204 is_ip_reassembly_incomplete(rx_pkts_burst[i])) { 1205 ret = get_and_verify_incomplete_frags(rx_pkts_burst[i], 1206 vector); 1207 if (ret != TEST_SUCCESS) 1208 break; 1209 continue; 1210 } 1211 1212 if (rx_pkts_burst[i]->ol_flags & 1213 RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED || 1214 !(rx_pkts_burst[i]->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD)) { 1215 printf("\nsecurity offload failed\n"); 1216 ret = TEST_FAILED; 1217 break; 1218 } 1219 1220 if (vector->full_pkt->len + RTE_ETHER_HDR_LEN != 1221 rx_pkts_burst[i]->pkt_len) { 1222 printf("\nreassembled/decrypted packet length mismatch\n"); 1223 ret = TEST_FAILED; 1224 break; 1225 } 1226 rte_pktmbuf_adj(rx_pkts_burst[i], RTE_ETHER_HDR_LEN); 1227 ret = compare_pkt_data(rx_pkts_burst[i], 1228 vector->full_pkt->data, 1229 vector->full_pkt->len); 1230 if (ret != TEST_SUCCESS) 1231 break; 1232 } 1233 1234 out: 1235 destroy_default_flow(port_id); 1236 1237 /* Clear session data. */ 1238 for (i = 0; i < burst_sz; i++) { 1239 if (out_ses[i]) 1240 rte_security_session_destroy(ctx, out_ses[i]); 1241 if (in_ses[i]) 1242 rte_security_session_destroy(ctx, in_ses[i]); 1243 } 1244 1245 for (i = nb_sent; i < nb_tx; i++) 1246 free_mbuf(tx_pkts_burst[i]); 1247 for (i = 0; i < nb_rx; i++) 1248 free_mbuf(rx_pkts_burst[i]); 1249 return ret; 1250 } 1251 1252 static int 1253 test_ipsec_inline_sa_exp_event_callback(uint16_t port_id, 1254 enum rte_eth_event_type type, void *param, void *ret_param) 1255 { 1256 struct sa_expiry_vector *vector = (struct sa_expiry_vector *)param; 1257 struct rte_eth_event_ipsec_desc *event_desc = NULL; 1258 1259 RTE_SET_USED(port_id); 1260 1261 if (type != RTE_ETH_EVENT_IPSEC) 1262 return -1; 1263 1264 event_desc = ret_param; 1265 if (event_desc == NULL) { 1266 printf("Event descriptor not set\n"); 1267 return -1; 1268 } 1269 vector->notify_event = true; 1270 if (event_desc->metadata != (uint64_t)vector->sa_data) { 1271 printf("Mismatch in event specific metadata\n"); 1272 return -1; 1273 } 1274 switch (event_desc->subtype) { 1275 case RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY: 1276 vector->event = RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY; 1277 break; 1278 case RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY: 1279 vector->event = RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY; 1280 break; 1281 case RTE_ETH_EVENT_IPSEC_SA_PKT_HARD_EXPIRY: 1282 vector->event = RTE_ETH_EVENT_IPSEC_SA_PKT_HARD_EXPIRY; 1283 break; 1284 case RTE_ETH_EVENT_IPSEC_SA_BYTE_HARD_EXPIRY: 1285 vector->event = RTE_ETH_EVENT_IPSEC_SA_BYTE_HARD_EXPIRY; 1286 break; 1287 default: 1288 printf("Invalid IPsec event reported\n"); 1289 return -1; 1290 } 1291 1292 return 0; 1293 } 1294 1295 static enum rte_eth_event_ipsec_subtype 1296 test_ipsec_inline_setup_expiry_vector(struct sa_expiry_vector *vector, 1297 const struct ipsec_test_flags *flags, 1298 struct ipsec_test_data *tdata) 1299 { 1300 enum rte_eth_event_ipsec_subtype event = RTE_ETH_EVENT_IPSEC_UNKNOWN; 1301 1302 vector->event = RTE_ETH_EVENT_IPSEC_UNKNOWN; 1303 vector->notify_event = false; 1304 vector->sa_data = (void *)tdata; 1305 if (flags->sa_expiry_pkts_soft) 1306 event = RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY; 1307 else if (flags->sa_expiry_bytes_soft) 1308 event = RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY; 1309 else if (flags->sa_expiry_pkts_hard) 1310 event = RTE_ETH_EVENT_IPSEC_SA_PKT_HARD_EXPIRY; 1311 else 1312 event = RTE_ETH_EVENT_IPSEC_SA_BYTE_HARD_EXPIRY; 1313 rte_eth_dev_callback_register(port_id, RTE_ETH_EVENT_IPSEC, 1314 test_ipsec_inline_sa_exp_event_callback, vector); 1315 1316 return event; 1317 } 1318 1319 static int 1320 test_ipsec_inline_proto_process(struct ipsec_test_data *td, 1321 struct ipsec_test_data *res_d, 1322 int nb_pkts, 1323 bool silent, 1324 const struct ipsec_test_flags *flags) 1325 { 1326 enum rte_eth_event_ipsec_subtype event = RTE_ETH_EVENT_IPSEC_UNKNOWN; 1327 struct rte_security_session_conf sess_conf = {0}; 1328 struct rte_crypto_sym_xform cipher = {0}; 1329 struct rte_crypto_sym_xform auth = {0}; 1330 struct rte_crypto_sym_xform aead = {0}; 1331 struct sa_expiry_vector vector = {0}; 1332 void *ctx; 1333 int nb_rx = 0, nb_sent; 1334 uint32_t ol_flags; 1335 int i, j = 0, ret; 1336 bool outer_ipv4; 1337 void *ses; 1338 1339 memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * nb_pkts); 1340 1341 if (flags->sa_expiry_pkts_soft || flags->sa_expiry_bytes_soft || 1342 flags->sa_expiry_pkts_hard || flags->sa_expiry_bytes_hard) { 1343 if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) 1344 return TEST_SUCCESS; 1345 event = test_ipsec_inline_setup_expiry_vector(&vector, flags, td); 1346 } 1347 1348 if (td->aead) { 1349 sess_conf.crypto_xform = &aead; 1350 } else { 1351 if (td->ipsec_xform.direction == 1352 RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { 1353 sess_conf.crypto_xform = &cipher; 1354 sess_conf.crypto_xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER; 1355 sess_conf.crypto_xform->next = &auth; 1356 sess_conf.crypto_xform->next->type = RTE_CRYPTO_SYM_XFORM_AUTH; 1357 } else { 1358 sess_conf.crypto_xform = &auth; 1359 sess_conf.crypto_xform->type = RTE_CRYPTO_SYM_XFORM_AUTH; 1360 sess_conf.crypto_xform->next = &cipher; 1361 sess_conf.crypto_xform->next->type = RTE_CRYPTO_SYM_XFORM_CIPHER; 1362 } 1363 } 1364 1365 /* Create Inline IPsec session. */ 1366 ret = create_inline_ipsec_session(td, port_id, &ses, &ctx, 1367 &ol_flags, flags, &sess_conf); 1368 if (ret) 1369 return ret; 1370 1371 if (flags->inb_oop && rte_security_oop_dynfield_offset < 0) { 1372 printf("\nDynamic field not available for inline inbound OOP"); 1373 ret = TEST_FAILED; 1374 goto out; 1375 } 1376 1377 if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { 1378 ret = create_default_flow(port_id); 1379 if (ret) 1380 goto out; 1381 } 1382 outer_ipv4 = is_outer_ipv4(td); 1383 1384 for (i = 0; i < nb_pkts; i++) { 1385 tx_pkts_burst[i] = init_packet(mbufpool, td->input_text.data, 1386 td->input_text.len, outer_ipv4); 1387 if (tx_pkts_burst[i] == NULL) { 1388 while (i--) 1389 rte_pktmbuf_free(tx_pkts_burst[i]); 1390 ret = TEST_FAILED; 1391 goto out; 1392 } 1393 1394 if (test_ipsec_pkt_update(rte_pktmbuf_mtod_offset(tx_pkts_burst[i], 1395 uint8_t *, RTE_ETHER_HDR_LEN), flags)) { 1396 while (i--) 1397 rte_pktmbuf_free(tx_pkts_burst[i]); 1398 ret = TEST_FAILED; 1399 goto out; 1400 } 1401 1402 if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { 1403 if (ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA) 1404 rte_security_set_pkt_metadata(ctx, ses, 1405 tx_pkts_burst[i], NULL); 1406 tx_pkts_burst[i]->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD; 1407 } 1408 } 1409 /* Send packet to ethdev for inline IPsec processing. */ 1410 if (event_mode_enabled) 1411 nb_sent = event_tx_burst(tx_pkts_burst, nb_pkts); 1412 else 1413 nb_sent = rte_eth_tx_burst(port_id, 0, tx_pkts_burst, nb_pkts); 1414 1415 if (nb_sent != nb_pkts) { 1416 printf("\nUnable to TX %d packets, sent: %i", nb_pkts, nb_sent); 1417 for ( ; nb_sent < nb_pkts; nb_sent++) 1418 rte_pktmbuf_free(tx_pkts_burst[nb_sent]); 1419 ret = TEST_FAILED; 1420 goto out; 1421 } 1422 1423 rte_pause(); 1424 1425 /* Receive back packet on loopback interface. */ 1426 if (event_mode_enabled) 1427 nb_rx = event_rx_burst(rx_pkts_burst, nb_sent); 1428 else 1429 do { 1430 rte_delay_ms(1); 1431 nb_rx += rte_eth_rx_burst(port_id, 0, 1432 &rx_pkts_burst[nb_rx], 1433 nb_sent - nb_rx); 1434 if (nb_rx >= nb_sent) 1435 break; 1436 } while (j++ < 5 || nb_rx == 0); 1437 1438 if (!flags->sa_expiry_pkts_hard && 1439 !flags->sa_expiry_bytes_hard && 1440 (nb_rx != nb_sent)) { 1441 printf("\nUnable to RX all %d packets, received(%i)", 1442 nb_sent, nb_rx); 1443 while (--nb_rx >= 0) 1444 rte_pktmbuf_free(rx_pkts_burst[nb_rx]); 1445 ret = TEST_FAILED; 1446 goto out; 1447 } 1448 1449 for (i = 0; i < nb_rx; i++) { 1450 rte_pktmbuf_adj(rx_pkts_burst[i], RTE_ETHER_HDR_LEN); 1451 1452 ret = test_ipsec_post_process(rx_pkts_burst[i], td, 1453 res_d, silent, flags); 1454 if (ret != TEST_SUCCESS) { 1455 for ( ; i < nb_rx; i++) 1456 rte_pktmbuf_free(rx_pkts_burst[i]); 1457 goto out; 1458 } 1459 1460 ret = test_ipsec_stats_verify(ctx, ses, flags, 1461 td->ipsec_xform.direction); 1462 if (ret != TEST_SUCCESS) { 1463 for ( ; i < nb_rx; i++) 1464 rte_pktmbuf_free(rx_pkts_burst[i]); 1465 goto out; 1466 } 1467 1468 if (flags->inb_oop) { 1469 ret = verify_inbound_oop(td, silent, rx_pkts_burst[i]); 1470 if (ret != TEST_SUCCESS) { 1471 for ( ; i < nb_rx; i++) 1472 rte_pktmbuf_free(rx_pkts_burst[i]); 1473 goto out; 1474 } 1475 } 1476 1477 rte_pktmbuf_free(rx_pkts_burst[i]); 1478 rx_pkts_burst[i] = NULL; 1479 } 1480 1481 out: 1482 if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) 1483 destroy_default_flow(port_id); 1484 if (flags->sa_expiry_pkts_soft || flags->sa_expiry_bytes_soft || 1485 flags->sa_expiry_pkts_hard || flags->sa_expiry_bytes_hard) { 1486 if (vector.notify_event && (vector.event == event)) 1487 ret = TEST_SUCCESS; 1488 else 1489 ret = TEST_FAILED; 1490 1491 rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_IPSEC, 1492 test_ipsec_inline_sa_exp_event_callback, &vector); 1493 } 1494 1495 /* Destroy session so that other cases can create the session again */ 1496 rte_security_session_destroy(ctx, ses); 1497 ses = NULL; 1498 1499 return ret; 1500 } 1501 1502 static int 1503 test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) 1504 { 1505 struct ipsec_test_data td_outb; 1506 struct ipsec_test_data td_inb; 1507 unsigned int i, nb_pkts = 1, pass_cnt = 0, fail_cnt = 0; 1508 int ret; 1509 1510 if (flags->iv_gen || flags->sa_expiry_pkts_soft || 1511 flags->sa_expiry_bytes_soft || 1512 flags->sa_expiry_bytes_hard || 1513 flags->sa_expiry_pkts_hard) 1514 nb_pkts = TEST_SEC_PKTS_MAX; 1515 1516 for (i = 0; i < RTE_DIM(sec_alg_list); i++) { 1517 test_ipsec_td_prepare(sec_alg_list[i].param1, 1518 sec_alg_list[i].param2, 1519 flags, &td_outb, 1); 1520 1521 if (!td_outb.aead) { 1522 enum rte_crypto_cipher_algorithm cipher_alg; 1523 enum rte_crypto_auth_algorithm auth_alg; 1524 1525 cipher_alg = td_outb.xform.chain.cipher.cipher.algo; 1526 auth_alg = td_outb.xform.chain.auth.auth.algo; 1527 1528 if (td_outb.aes_gmac && cipher_alg != RTE_CRYPTO_CIPHER_NULL) 1529 continue; 1530 1531 /* ICV is not applicable for NULL auth */ 1532 if (flags->icv_corrupt && 1533 auth_alg == RTE_CRYPTO_AUTH_NULL) 1534 continue; 1535 1536 /* IV is not applicable for NULL cipher */ 1537 if (flags->iv_gen && 1538 cipher_alg == RTE_CRYPTO_CIPHER_NULL) 1539 continue; 1540 } 1541 1542 if (flags->udp_encap) 1543 td_outb.ipsec_xform.options.udp_encap = 1; 1544 1545 if (flags->sa_expiry_bytes_soft) 1546 td_outb.ipsec_xform.life.bytes_soft_limit = 1547 (((td_outb.output_text.len + RTE_ETHER_HDR_LEN) 1548 * nb_pkts) >> 3) - 1; 1549 if (flags->sa_expiry_pkts_hard) 1550 td_outb.ipsec_xform.life.packets_hard_limit = TEST_SEC_PKTS_MAX - 1; 1551 if (flags->sa_expiry_bytes_hard) 1552 td_outb.ipsec_xform.life.bytes_hard_limit = 1553 (((td_outb.output_text.len + RTE_ETHER_HDR_LEN) 1554 * nb_pkts) >> 3) - 1; 1555 1556 ret = test_ipsec_inline_proto_process(&td_outb, &td_inb, nb_pkts, 1557 false, flags); 1558 if (ret == TEST_SKIPPED) 1559 continue; 1560 1561 if (ret == TEST_FAILED) { 1562 printf("\n TEST FAILED"); 1563 test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); 1564 fail_cnt++; 1565 continue; 1566 } 1567 1568 test_ipsec_td_update(&td_inb, &td_outb, 1, flags); 1569 1570 ret = test_ipsec_inline_proto_process(&td_inb, NULL, nb_pkts, 1571 false, flags); 1572 if (ret == TEST_SKIPPED) 1573 continue; 1574 1575 if (ret == TEST_FAILED) { 1576 printf("\n TEST FAILED"); 1577 test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); 1578 fail_cnt++; 1579 continue; 1580 } 1581 1582 if (flags->display_alg) 1583 test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); 1584 1585 pass_cnt++; 1586 } 1587 1588 printf("Tests passed: %d, failed: %d", pass_cnt, fail_cnt); 1589 if (fail_cnt > 0) 1590 return TEST_FAILED; 1591 if (pass_cnt > 0) 1592 return TEST_SUCCESS; 1593 else 1594 return TEST_SKIPPED; 1595 } 1596 1597 static int 1598 test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[], 1599 struct ipsec_test_data res_d[], 1600 int nb_pkts, 1601 bool silent, 1602 const struct ipsec_test_flags *flags) 1603 { 1604 struct rte_security_session_conf sess_conf = {0}; 1605 struct ipsec_test_data *res_d_tmp = NULL; 1606 struct rte_crypto_sym_xform cipher = {0}; 1607 struct rte_crypto_sym_xform auth = {0}; 1608 struct rte_crypto_sym_xform aead = {0}; 1609 struct rte_mbuf *rx_pkt = NULL; 1610 struct rte_mbuf *tx_pkt = NULL; 1611 int nb_rx, nb_sent; 1612 void *ses; 1613 void *ctx; 1614 uint32_t ol_flags; 1615 bool outer_ipv4; 1616 int i, ret; 1617 1618 if (td[0].aead) { 1619 sess_conf.crypto_xform = &aead; 1620 } else { 1621 if (td[0].ipsec_xform.direction == 1622 RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { 1623 sess_conf.crypto_xform = &cipher; 1624 sess_conf.crypto_xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER; 1625 sess_conf.crypto_xform->next = &auth; 1626 sess_conf.crypto_xform->next->type = RTE_CRYPTO_SYM_XFORM_AUTH; 1627 } else { 1628 sess_conf.crypto_xform = &auth; 1629 sess_conf.crypto_xform->type = RTE_CRYPTO_SYM_XFORM_AUTH; 1630 sess_conf.crypto_xform->next = &cipher; 1631 sess_conf.crypto_xform->next->type = RTE_CRYPTO_SYM_XFORM_CIPHER; 1632 } 1633 } 1634 1635 /* Create Inline IPsec session. */ 1636 ret = create_inline_ipsec_session(&td[0], port_id, &ses, &ctx, 1637 &ol_flags, flags, &sess_conf); 1638 if (ret) 1639 return ret; 1640 1641 if (td[0].ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { 1642 ret = create_default_flow(port_id); 1643 if (ret) 1644 goto out; 1645 } 1646 outer_ipv4 = is_outer_ipv4(td); 1647 1648 for (i = 0; i < nb_pkts; i++) { 1649 tx_pkt = init_packet(mbufpool, td[i].input_text.data, 1650 td[i].input_text.len, outer_ipv4); 1651 if (tx_pkt == NULL) { 1652 ret = TEST_FAILED; 1653 goto out; 1654 } 1655 1656 if (test_ipsec_pkt_update(rte_pktmbuf_mtod_offset(tx_pkt, 1657 uint8_t *, RTE_ETHER_HDR_LEN), flags)) { 1658 ret = TEST_FAILED; 1659 goto out; 1660 } 1661 1662 if (td[i].ipsec_xform.direction == 1663 RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { 1664 if (flags->antireplay) { 1665 sess_conf.ipsec.esn.value = 1666 td[i].ipsec_xform.esn.value; 1667 ret = rte_security_session_update(ctx, ses, 1668 &sess_conf); 1669 if (ret) { 1670 printf("Could not update ESN in session\n"); 1671 rte_pktmbuf_free(tx_pkt); 1672 ret = TEST_SKIPPED; 1673 goto out; 1674 } 1675 } 1676 if (ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA) 1677 rte_security_set_pkt_metadata(ctx, ses, 1678 tx_pkt, NULL); 1679 tx_pkt->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD; 1680 } 1681 1682 /* Send packet to ethdev for inline IPsec processing. */ 1683 if (event_mode_enabled) 1684 nb_sent = event_tx_burst(&tx_pkt, 1); 1685 else 1686 nb_sent = rte_eth_tx_burst(port_id, 0, &tx_pkt, 1); 1687 1688 if (nb_sent != 1) { 1689 printf("\nUnable to TX packets"); 1690 rte_pktmbuf_free(tx_pkt); 1691 ret = TEST_FAILED; 1692 goto out; 1693 } 1694 1695 rte_pause(); 1696 1697 /* Receive back packet on loopback interface. */ 1698 if (event_mode_enabled) 1699 nb_rx = event_rx_burst(&rx_pkt, nb_sent); 1700 else { 1701 do { 1702 rte_delay_ms(1); 1703 nb_rx = rte_eth_rx_burst(port_id, 0, &rx_pkt, 1); 1704 } while (nb_rx == 0); 1705 } 1706 rte_pktmbuf_adj(rx_pkt, RTE_ETHER_HDR_LEN); 1707 1708 if (res_d != NULL) 1709 res_d_tmp = &res_d[i]; 1710 1711 ret = test_ipsec_post_process(rx_pkt, &td[i], 1712 res_d_tmp, silent, flags); 1713 if (ret != TEST_SUCCESS) { 1714 rte_pktmbuf_free(rx_pkt); 1715 goto out; 1716 } 1717 1718 ret = test_ipsec_stats_verify(ctx, ses, flags, 1719 td->ipsec_xform.direction); 1720 if (ret != TEST_SUCCESS) { 1721 rte_pktmbuf_free(rx_pkt); 1722 goto out; 1723 } 1724 1725 rte_pktmbuf_free(rx_pkt); 1726 rx_pkt = NULL; 1727 tx_pkt = NULL; 1728 } 1729 1730 out: 1731 if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) 1732 destroy_default_flow(port_id); 1733 1734 /* Destroy session so that other cases can create the session again */ 1735 rte_security_session_destroy(ctx, ses); 1736 ses = NULL; 1737 1738 return ret; 1739 } 1740 1741 static int 1742 ut_setup_inline_ipsec_reassembly(void) 1743 { 1744 struct rte_eth_ip_reassembly_params reass_capa = {0}; 1745 int ret; 1746 1747 rte_eth_ip_reassembly_capability_get(port_id, &reass_capa); 1748 if (reass_capa.timeout_ms > APP_REASS_TIMEOUT) { 1749 reass_capa.timeout_ms = APP_REASS_TIMEOUT; 1750 rte_eth_ip_reassembly_conf_set(port_id, &reass_capa); 1751 } 1752 1753 /* Start event devices */ 1754 if (event_mode_enabled) { 1755 ret = rte_event_eth_rx_adapter_start(rx_adapter_id); 1756 if (ret < 0) { 1757 printf("Failed to start rx adapter %d\n", ret); 1758 return ret; 1759 } 1760 1761 ret = rte_event_dev_start(eventdev_id); 1762 if (ret < 0) { 1763 printf("Failed to start event device %d\n", ret); 1764 return ret; 1765 } 1766 } 1767 1768 /* Start device */ 1769 ret = rte_eth_dev_start(port_id); 1770 if (ret < 0) { 1771 printf("rte_eth_dev_start: err=%d, port=%d\n", 1772 ret, port_id); 1773 return ret; 1774 } 1775 /* always enable promiscuous */ 1776 ret = rte_eth_promiscuous_enable(port_id); 1777 if (ret != 0) { 1778 printf("rte_eth_promiscuous_enable: err=%s, port=%d\n", 1779 rte_strerror(-ret), port_id); 1780 return ret; 1781 } 1782 1783 check_all_ports_link_status(1, RTE_PORT_ALL); 1784 1785 return 0; 1786 } 1787 1788 static void 1789 ut_teardown_inline_ipsec_reassembly(void) 1790 { 1791 struct rte_eth_ip_reassembly_params reass_conf = {0}; 1792 uint16_t portid; 1793 int ret; 1794 1795 /* Stop event devices */ 1796 if (event_mode_enabled) 1797 rte_event_dev_stop(eventdev_id); 1798 1799 /* port tear down */ 1800 RTE_ETH_FOREACH_DEV(portid) { 1801 ret = rte_eth_dev_stop(portid); 1802 if (ret != 0) 1803 printf("rte_eth_dev_stop: err=%s, port=%u\n", 1804 rte_strerror(-ret), portid); 1805 1806 /* Clear reassembly configuration */ 1807 rte_eth_ip_reassembly_conf_set(portid, &reass_conf); 1808 } 1809 } 1810 static int 1811 ut_setup_inline_ipsec_rx_inj(void) 1812 { 1813 void *sec_ctx; 1814 int ret; 1815 1816 sec_ctx = rte_eth_dev_get_sec_ctx(port_id); 1817 ret = rte_security_rx_inject_configure(sec_ctx, port_id, true); 1818 if (ret) { 1819 printf("Could not enable Rx inject\n"); 1820 return TEST_SKIPPED; 1821 } 1822 1823 /* Start event devices */ 1824 if (event_mode_enabled) { 1825 ret = rte_event_dev_start(eventdev_id); 1826 if (ret < 0) { 1827 printf("Failed to start event device %d\n", ret); 1828 return ret; 1829 } 1830 } 1831 1832 /* Start device */ 1833 ret = rte_eth_dev_start(port_id); 1834 if (ret < 0) { 1835 printf("rte_eth_dev_start: err=%d, port=%d\n", 1836 ret, port_id); 1837 return ret; 1838 } 1839 /* always enable promiscuous */ 1840 ret = rte_eth_promiscuous_enable(port_id); 1841 if (ret != 0) { 1842 printf("rte_eth_promiscuous_enable: err=%s, port=%d\n", 1843 rte_strerror(-ret), port_id); 1844 return ret; 1845 } 1846 1847 check_all_ports_link_status(1, RTE_PORT_ALL); 1848 1849 return 0; 1850 } 1851 1852 static int 1853 ut_setup_inline_ipsec(void) 1854 { 1855 int ret; 1856 1857 /* Start event devices */ 1858 if (event_mode_enabled) { 1859 ret = rte_event_dev_start(eventdev_id); 1860 if (ret < 0) { 1861 printf("Failed to start event device %d\n", ret); 1862 return ret; 1863 } 1864 } 1865 1866 /* Start device */ 1867 ret = rte_eth_dev_start(port_id); 1868 if (ret < 0) { 1869 printf("rte_eth_dev_start: err=%d, port=%d\n", 1870 ret, port_id); 1871 return ret; 1872 } 1873 /* always enable promiscuous */ 1874 ret = rte_eth_promiscuous_enable(port_id); 1875 if (ret != 0) { 1876 printf("rte_eth_promiscuous_enable: err=%s, port=%d\n", 1877 rte_strerror(-ret), port_id); 1878 return ret; 1879 } 1880 1881 check_all_ports_link_status(1, RTE_PORT_ALL); 1882 1883 return 0; 1884 } 1885 1886 static void 1887 ut_teardown_inline_ipsec_rx_inj(void) 1888 { 1889 uint16_t portid; 1890 void *sec_ctx; 1891 int ret; 1892 1893 /* Stop event devices */ 1894 if (event_mode_enabled) 1895 rte_event_dev_stop(eventdev_id); 1896 1897 /* port tear down */ 1898 RTE_ETH_FOREACH_DEV(portid) { 1899 ret = rte_eth_dev_stop(portid); 1900 if (ret != 0) 1901 printf("rte_eth_dev_stop: err=%s, port=%u\n", 1902 rte_strerror(-ret), portid); 1903 1904 sec_ctx = rte_eth_dev_get_sec_ctx(portid); 1905 ret = rte_security_rx_inject_configure(sec_ctx, portid, false); 1906 if (ret) 1907 printf("Could not disable Rx inject\n"); 1908 1909 } 1910 } 1911 1912 static void 1913 ut_teardown_inline_ipsec(void) 1914 { 1915 uint16_t portid; 1916 int ret; 1917 1918 /* Stop event devices */ 1919 if (event_mode_enabled) 1920 rte_event_dev_stop(eventdev_id); 1921 1922 /* port tear down */ 1923 RTE_ETH_FOREACH_DEV(portid) { 1924 ret = rte_eth_dev_stop(portid); 1925 if (ret != 0) 1926 printf("rte_eth_dev_stop: err=%s, port=%u\n", 1927 rte_strerror(-ret), portid); 1928 } 1929 } 1930 1931 static int 1932 inline_ipsec_testsuite_setup(void) 1933 { 1934 struct rte_eth_conf local_port_conf; 1935 struct rte_eth_dev_info dev_info; 1936 uint16_t nb_rxd; 1937 uint16_t nb_txd; 1938 uint16_t nb_ports; 1939 int ret; 1940 uint16_t nb_rx_queue = 1, nb_tx_queue = 1; 1941 1942 printf("Start inline IPsec test.\n"); 1943 1944 nb_ports = rte_eth_dev_count_avail(); 1945 if (nb_ports < NB_ETHPORTS_USED) { 1946 printf("At least %u port(s) used for test\n", 1947 NB_ETHPORTS_USED); 1948 return TEST_SKIPPED; 1949 } 1950 1951 ret = init_mempools(NB_MBUF); 1952 if (ret) 1953 return ret; 1954 1955 if (tx_pkts_burst == NULL) { 1956 tx_pkts_burst = (struct rte_mbuf **)rte_calloc("tx_buff", 1957 MAX_TRAFFIC_BURST, 1958 sizeof(void *), 1959 RTE_CACHE_LINE_SIZE); 1960 if (!tx_pkts_burst) 1961 return TEST_FAILED; 1962 1963 rx_pkts_burst = (struct rte_mbuf **)rte_calloc("rx_buff", 1964 MAX_TRAFFIC_BURST, 1965 sizeof(void *), 1966 RTE_CACHE_LINE_SIZE); 1967 if (!rx_pkts_burst) 1968 return TEST_FAILED; 1969 } 1970 1971 printf("Generate %d packets\n", MAX_TRAFFIC_BURST); 1972 1973 nb_rxd = RX_DESC_DEFAULT; 1974 nb_txd = TX_DESC_DEFAULT; 1975 1976 /* configuring port 0 for the test is enough */ 1977 port_id = 0; 1978 if (rte_eth_dev_info_get(0, &dev_info)) { 1979 printf("Failed to get devinfo"); 1980 return -1; 1981 } 1982 1983 memcpy(&local_port_conf, &port_conf, sizeof(port_conf)); 1984 /* Add Multi seg flags */ 1985 if (sg_mode) { 1986 uint16_t max_data_room = RTE_MBUF_DEFAULT_DATAROOM * 1987 dev_info.rx_desc_lim.nb_seg_max; 1988 1989 local_port_conf.rxmode.offloads |= RTE_ETH_RX_OFFLOAD_SCATTER; 1990 local_port_conf.txmode.offloads |= RTE_ETH_TX_OFFLOAD_MULTI_SEGS; 1991 local_port_conf.rxmode.mtu = RTE_MIN(dev_info.max_mtu, max_data_room - 256); 1992 } 1993 1994 /* port configure */ 1995 ret = rte_eth_dev_configure(port_id, nb_rx_queue, 1996 nb_tx_queue, &local_port_conf); 1997 if (ret < 0) { 1998 printf("Cannot configure device: err=%d, port=%d\n", 1999 ret, port_id); 2000 return ret; 2001 } 2002 ret = rte_eth_macaddr_get(port_id, &ports_eth_addr[port_id]); 2003 if (ret < 0) { 2004 printf("Cannot get mac address: err=%d, port=%d\n", 2005 ret, port_id); 2006 return ret; 2007 } 2008 printf("Port %u ", port_id); 2009 print_ethaddr("Address:", &ports_eth_addr[port_id]); 2010 printf("\n"); 2011 2012 /* tx queue setup */ 2013 ret = rte_eth_tx_queue_setup(port_id, 0, nb_txd, 2014 SOCKET_ID_ANY, &tx_conf); 2015 if (ret < 0) { 2016 printf("rte_eth_tx_queue_setup: err=%d, port=%d\n", 2017 ret, port_id); 2018 return ret; 2019 } 2020 /* rx queue steup */ 2021 ret = rte_eth_rx_queue_setup(port_id, 0, nb_rxd, SOCKET_ID_ANY, 2022 &rx_conf, mbufpool); 2023 if (ret < 0) { 2024 printf("rte_eth_rx_queue_setup: err=%d, port=%d\n", 2025 ret, port_id); 2026 return ret; 2027 } 2028 2029 test_sec_alg_list_populate(); 2030 2031 /* Change the plaintext size for tests without Known vectors */ 2032 if (sg_mode) { 2033 /* Leave space of 256B as ESP packet would be bigger and we 2034 * expect packets to be received back on same interface. 2035 * Without SG mode, default value is picked. 2036 */ 2037 plaintext_len = local_port_conf.rxmode.mtu - 256; 2038 } else { 2039 plaintext_len = 0; 2040 } 2041 2042 return 0; 2043 } 2044 2045 static void 2046 inline_ipsec_testsuite_teardown(void) 2047 { 2048 uint16_t portid; 2049 int ret; 2050 2051 /* port tear down */ 2052 RTE_ETH_FOREACH_DEV(portid) { 2053 ret = rte_eth_dev_reset(portid); 2054 if (ret != 0) 2055 printf("rte_eth_dev_reset: err=%s, port=%u\n", 2056 rte_strerror(-ret), port_id); 2057 } 2058 rte_free(tx_pkts_burst); 2059 rte_free(rx_pkts_burst); 2060 } 2061 2062 static int 2063 event_inline_ipsec_testsuite_setup(void) 2064 { 2065 struct rte_event_eth_rx_adapter_queue_conf queue_conf = {0}; 2066 struct rte_event_dev_info evdev_default_conf = {0}; 2067 struct rte_event_dev_config eventdev_conf = {0}; 2068 struct rte_event_queue_conf eventq_conf = {0}; 2069 struct rte_event_port_conf ev_port_conf = {0}; 2070 const uint16_t nb_txd = 1024, nb_rxd = 1024; 2071 uint16_t nb_rx_queue = 1, nb_tx_queue = 1; 2072 uint8_t ev_queue_id = 0, tx_queue_id = 0; 2073 int nb_eventqueue = 1, nb_eventport = 1; 2074 const int all_queues = -1; 2075 uint32_t caps = 0; 2076 uint16_t nb_ports; 2077 int ret; 2078 2079 printf("Start event inline IPsec test.\n"); 2080 2081 nb_ports = rte_eth_dev_count_avail(); 2082 if (nb_ports == 0) { 2083 printf("Test require: 1 port, available: 0\n"); 2084 return TEST_SKIPPED; 2085 } 2086 2087 init_mempools(NB_MBUF); 2088 2089 if (tx_pkts_burst == NULL) { 2090 tx_pkts_burst = (struct rte_mbuf **)rte_calloc("tx_buff", 2091 MAX_TRAFFIC_BURST, 2092 sizeof(void *), 2093 RTE_CACHE_LINE_SIZE); 2094 if (!tx_pkts_burst) 2095 return -1; 2096 2097 rx_pkts_burst = (struct rte_mbuf **)rte_calloc("rx_buff", 2098 MAX_TRAFFIC_BURST, 2099 sizeof(void *), 2100 RTE_CACHE_LINE_SIZE); 2101 if (!rx_pkts_burst) 2102 return -1; 2103 2104 } 2105 2106 printf("Generate %d packets\n", MAX_TRAFFIC_BURST); 2107 2108 /* configuring port 0 for the test is enough */ 2109 port_id = 0; 2110 /* port configure */ 2111 ret = rte_eth_dev_configure(port_id, nb_rx_queue, 2112 nb_tx_queue, &port_conf); 2113 if (ret < 0) { 2114 printf("Cannot configure device: err=%d, port=%d\n", 2115 ret, port_id); 2116 return ret; 2117 } 2118 2119 /* Tx queue setup */ 2120 ret = rte_eth_tx_queue_setup(port_id, 0, nb_txd, 2121 SOCKET_ID_ANY, &tx_conf); 2122 if (ret < 0) { 2123 printf("rte_eth_tx_queue_setup: err=%d, port=%d\n", 2124 ret, port_id); 2125 return ret; 2126 } 2127 2128 /* rx queue steup */ 2129 ret = rte_eth_rx_queue_setup(port_id, 0, nb_rxd, SOCKET_ID_ANY, 2130 &rx_conf, mbufpool); 2131 if (ret < 0) { 2132 printf("rte_eth_rx_queue_setup: err=%d, port=%d\n", 2133 ret, port_id); 2134 return ret; 2135 } 2136 2137 /* Setup eventdev */ 2138 eventdev_id = 0; 2139 rx_adapter_id = 0; 2140 tx_adapter_id = 0; 2141 2142 /* Get default conf of eventdev */ 2143 ret = rte_event_dev_info_get(eventdev_id, &evdev_default_conf); 2144 if (ret < 0) { 2145 printf("Error in getting event device info[devID:%d]\n", 2146 eventdev_id); 2147 return ret; 2148 } 2149 2150 /* Get Tx adapter capabilities */ 2151 ret = rte_event_eth_tx_adapter_caps_get(eventdev_id, tx_adapter_id, &caps); 2152 if (ret < 0) { 2153 printf("Failed to get event device %d eth tx adapter" 2154 " capabilities for port %d\n", 2155 eventdev_id, port_id); 2156 return ret; 2157 } 2158 if (!(caps & RTE_EVENT_ETH_TX_ADAPTER_CAP_INTERNAL_PORT)) 2159 tx_queue_id = nb_eventqueue++; 2160 2161 eventdev_conf.nb_events_limit = 2162 evdev_default_conf.max_num_events; 2163 eventdev_conf.nb_event_queue_flows = 2164 evdev_default_conf.max_event_queue_flows; 2165 eventdev_conf.nb_event_port_dequeue_depth = 2166 evdev_default_conf.max_event_port_dequeue_depth; 2167 eventdev_conf.nb_event_port_enqueue_depth = 2168 evdev_default_conf.max_event_port_enqueue_depth; 2169 2170 eventdev_conf.nb_event_queues = nb_eventqueue; 2171 eventdev_conf.nb_event_ports = nb_eventport; 2172 2173 /* Configure event device */ 2174 2175 ret = rte_event_dev_configure(eventdev_id, &eventdev_conf); 2176 if (ret < 0) { 2177 printf("Error in configuring event device\n"); 2178 return ret; 2179 } 2180 2181 /* Configure event queue */ 2182 eventq_conf.schedule_type = RTE_SCHED_TYPE_PARALLEL; 2183 eventq_conf.nb_atomic_flows = 1024; 2184 eventq_conf.nb_atomic_order_sequences = 1024; 2185 2186 /* Setup the queue */ 2187 ret = rte_event_queue_setup(eventdev_id, ev_queue_id, &eventq_conf); 2188 if (ret < 0) { 2189 printf("Failed to setup event queue %d\n", ret); 2190 return ret; 2191 } 2192 2193 /* Configure event port */ 2194 ret = rte_event_port_setup(eventdev_id, port_id, NULL); 2195 if (ret < 0) { 2196 printf("Failed to setup event port %d\n", ret); 2197 return ret; 2198 } 2199 2200 /* Make event queue - event port link */ 2201 ret = rte_event_port_link(eventdev_id, port_id, NULL, NULL, 1); 2202 if (ret < 0) { 2203 printf("Failed to link event port %d\n", ret); 2204 return ret; 2205 } 2206 2207 /* Setup port conf */ 2208 ev_port_conf.new_event_threshold = 1200; 2209 ev_port_conf.dequeue_depth = 2210 evdev_default_conf.max_event_port_dequeue_depth; 2211 ev_port_conf.enqueue_depth = 2212 evdev_default_conf.max_event_port_enqueue_depth; 2213 2214 /* Create Rx adapter */ 2215 ret = rte_event_eth_rx_adapter_create(rx_adapter_id, eventdev_id, 2216 &ev_port_conf); 2217 if (ret < 0) { 2218 printf("Failed to create rx adapter %d\n", ret); 2219 return ret; 2220 } 2221 2222 /* Setup queue conf */ 2223 queue_conf.ev.queue_id = ev_queue_id; 2224 queue_conf.ev.sched_type = RTE_SCHED_TYPE_PARALLEL; 2225 queue_conf.ev.event_type = RTE_EVENT_TYPE_ETHDEV; 2226 2227 /* Add queue to the adapter */ 2228 ret = rte_event_eth_rx_adapter_queue_add(rx_adapter_id, port_id, 2229 all_queues, &queue_conf); 2230 if (ret < 0) { 2231 printf("Failed to add eth queue to rx adapter %d\n", ret); 2232 return ret; 2233 } 2234 2235 /* Start rx adapter */ 2236 ret = rte_event_eth_rx_adapter_start(rx_adapter_id); 2237 if (ret < 0) { 2238 printf("Failed to start rx adapter %d\n", ret); 2239 return ret; 2240 } 2241 2242 /* Create tx adapter */ 2243 ret = rte_event_eth_tx_adapter_create(tx_adapter_id, eventdev_id, 2244 &ev_port_conf); 2245 if (ret < 0) { 2246 printf("Failed to create tx adapter %d\n", ret); 2247 return ret; 2248 } 2249 2250 /* Add queue to the adapter */ 2251 ret = rte_event_eth_tx_adapter_queue_add(tx_adapter_id, port_id, 2252 all_queues); 2253 if (ret < 0) { 2254 printf("Failed to add eth queue to tx adapter %d\n", ret); 2255 return ret; 2256 } 2257 /* Setup Tx queue & port */ 2258 if (tx_queue_id) { 2259 /* Setup the queue */ 2260 ret = rte_event_queue_setup(eventdev_id, tx_queue_id, 2261 &eventq_conf); 2262 if (ret < 0) { 2263 printf("Failed to setup tx event queue %d\n", ret); 2264 return ret; 2265 } 2266 /* Link Tx event queue to Tx port */ 2267 ret = rte_event_port_link(eventdev_id, port_id, 2268 &tx_queue_id, NULL, 1); 2269 if (ret != 1) { 2270 printf("Failed to link event queue to port\n"); 2271 return ret; 2272 } 2273 } 2274 2275 /* Start tx adapter */ 2276 ret = rte_event_eth_tx_adapter_start(tx_adapter_id); 2277 if (ret < 0) { 2278 printf("Failed to start tx adapter %d\n", ret); 2279 return ret; 2280 } 2281 2282 /* Start eventdev */ 2283 ret = rte_event_dev_start(eventdev_id); 2284 if (ret < 0) { 2285 printf("Failed to start event device %d\n", ret); 2286 return ret; 2287 } 2288 2289 event_mode_enabled = true; 2290 2291 test_sec_alg_list_populate(); 2292 2293 return 0; 2294 } 2295 2296 static void 2297 event_inline_ipsec_testsuite_teardown(void) 2298 { 2299 uint16_t portid; 2300 int ret; 2301 2302 event_mode_enabled = false; 2303 2304 /* Stop and release rx adapter */ 2305 ret = rte_event_eth_rx_adapter_stop(rx_adapter_id); 2306 if (ret < 0) 2307 printf("Failed to stop rx adapter %d\n", ret); 2308 ret = rte_event_eth_rx_adapter_queue_del(rx_adapter_id, port_id, -1); 2309 if (ret < 0) 2310 printf("Failed to remove rx adapter queues %d\n", ret); 2311 ret = rte_event_eth_rx_adapter_free(rx_adapter_id); 2312 if (ret < 0) 2313 printf("Failed to free rx adapter %d\n", ret); 2314 2315 /* Stop and release tx adapter */ 2316 ret = rte_event_eth_tx_adapter_stop(tx_adapter_id); 2317 if (ret < 0) 2318 printf("Failed to stop tx adapter %d\n", ret); 2319 ret = rte_event_eth_tx_adapter_queue_del(tx_adapter_id, port_id, -1); 2320 if (ret < 0) 2321 printf("Failed to remove tx adapter queues %d\n", ret); 2322 ret = rte_event_eth_tx_adapter_free(tx_adapter_id); 2323 if (ret < 0) 2324 printf("Failed to free tx adapter %d\n", ret); 2325 2326 /* Stop and release event devices */ 2327 rte_event_dev_stop(eventdev_id); 2328 ret = rte_event_dev_close(eventdev_id); 2329 if (ret < 0) 2330 printf("Failed to close event dev %d, %d\n", eventdev_id, ret); 2331 2332 /* port tear down */ 2333 RTE_ETH_FOREACH_DEV(portid) { 2334 ret = rte_eth_dev_reset(portid); 2335 if (ret != 0) 2336 printf("rte_eth_dev_reset: err=%s, port=%u\n", 2337 rte_strerror(-ret), port_id); 2338 } 2339 2340 rte_free(tx_pkts_burst); 2341 rte_free(rx_pkts_burst); 2342 } 2343 2344 static int 2345 test_inline_ip_reassembly(const void *testdata) 2346 { 2347 struct reassembly_vector reassembly_td = {0}; 2348 const struct reassembly_vector *td = testdata; 2349 struct ip_reassembly_test_packet full_pkt; 2350 struct ip_reassembly_test_packet frags[MAX_FRAGS]; 2351 uint16_t extra_data, extra_data_sum = 0; 2352 struct ipsec_test_flags flags = {0}; 2353 int i = 0; 2354 2355 reassembly_td.sa_data = td->sa_data; 2356 reassembly_td.nb_frags = td->nb_frags; 2357 reassembly_td.burst = td->burst; 2358 2359 memcpy(&full_pkt, td->full_pkt, 2360 sizeof(struct ip_reassembly_test_packet)); 2361 reassembly_td.full_pkt = &full_pkt; 2362 2363 for (; i < reassembly_td.nb_frags; i++) { 2364 memcpy(&frags[i], td->frags[i], 2365 sizeof(struct ip_reassembly_test_packet)); 2366 reassembly_td.frags[i] = &frags[i]; 2367 2368 /* Add extra data for multi-seg test on all fragments except last one */ 2369 extra_data = 0; 2370 if (plaintext_len && reassembly_td.frags[i]->len < plaintext_len && 2371 (i != reassembly_td.nb_frags - 1)) 2372 extra_data = ((plaintext_len - reassembly_td.frags[i]->len) & ~0x7ULL); 2373 2374 test_vector_payload_populate(reassembly_td.frags[i], 2375 (i == 0) ? true : false, extra_data, extra_data_sum); 2376 extra_data_sum += extra_data; 2377 } 2378 test_vector_payload_populate(reassembly_td.full_pkt, true, extra_data_sum, 0); 2379 2380 return test_ipsec_with_reassembly(&reassembly_td, &flags); 2381 } 2382 2383 static int 2384 test_ipsec_inline_proto_known_vec(const void *test_data) 2385 { 2386 struct ipsec_test_data td_outb; 2387 struct ipsec_test_flags flags; 2388 2389 memset(&flags, 0, sizeof(flags)); 2390 2391 memcpy(&td_outb, test_data, sizeof(td_outb)); 2392 2393 if (td_outb.aead || 2394 td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL) { 2395 /* Disable IV gen to be able to test with known vectors */ 2396 td_outb.ipsec_xform.options.iv_gen_disable = 1; 2397 } 2398 2399 return test_ipsec_inline_proto_process(&td_outb, NULL, 1, 2400 false, &flags); 2401 } 2402 2403 static int 2404 test_ipsec_inline_proto_known_vec_inb(const void *test_data) 2405 { 2406 const struct ipsec_test_data *td = test_data; 2407 struct ipsec_test_flags flags; 2408 struct ipsec_test_data td_inb; 2409 2410 memset(&flags, 0, sizeof(flags)); 2411 2412 if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) 2413 test_ipsec_td_in_from_out(td, &td_inb); 2414 else 2415 memcpy(&td_inb, td, sizeof(td_inb)); 2416 2417 return test_ipsec_inline_proto_process(&td_inb, NULL, 1, false, &flags); 2418 } 2419 2420 static int 2421 test_ipsec_inline_proto_oop_inb(const void *test_data) 2422 { 2423 const struct ipsec_test_data *td = test_data; 2424 struct ipsec_test_flags flags; 2425 struct ipsec_test_data td_inb; 2426 2427 memset(&flags, 0, sizeof(flags)); 2428 flags.inb_oop = true; 2429 2430 if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) 2431 test_ipsec_td_in_from_out(td, &td_inb); 2432 else 2433 memcpy(&td_inb, td, sizeof(td_inb)); 2434 2435 td_inb.ipsec_xform.options.ingress_oop = true; 2436 2437 return test_ipsec_inline_proto_process(&td_inb, NULL, 1, false, &flags); 2438 } 2439 2440 static int 2441 test_ipsec_inline_proto_rx_inj_inb(const void *test_data) 2442 { 2443 const struct ip_pkt_vector *td = test_data; 2444 struct ip_reassembly_test_packet full_pkt; 2445 struct ipsec_test_flags flags = {0}; 2446 struct ip_pkt_vector out_td = {0}; 2447 uint16_t extra_data = 0; 2448 2449 flags.rx_inject = true; 2450 2451 out_td.sa_data = td->sa_data; 2452 out_td.burst = td->burst; 2453 2454 memcpy(&full_pkt, td->full_pkt, 2455 sizeof(struct ip_reassembly_test_packet)); 2456 out_td.full_pkt = &full_pkt; 2457 2458 /* Add extra data for multi-seg test */ 2459 if (plaintext_len && out_td.full_pkt->len < plaintext_len) 2460 extra_data = ((plaintext_len - out_td.full_pkt->len) & ~0x7ULL); 2461 2462 test_vector_payload_populate(out_td.full_pkt, true, extra_data, 0); 2463 2464 return test_ipsec_with_rx_inject(&out_td, &flags); 2465 } 2466 2467 static int 2468 test_ipsec_inline_proto_display_list(void) 2469 { 2470 struct ipsec_test_flags flags; 2471 2472 memset(&flags, 0, sizeof(flags)); 2473 2474 flags.display_alg = true; 2475 flags.plaintext_len = plaintext_len; 2476 2477 return test_ipsec_inline_proto_all(&flags); 2478 } 2479 2480 static int 2481 test_ipsec_inline_proto_udp_encap(void) 2482 { 2483 struct ipsec_test_flags flags; 2484 2485 memset(&flags, 0, sizeof(flags)); 2486 2487 flags.udp_encap = true; 2488 flags.plaintext_len = plaintext_len; 2489 2490 return test_ipsec_inline_proto_all(&flags); 2491 } 2492 2493 static int 2494 test_ipsec_inline_proto_udp_ports_verify(void) 2495 { 2496 struct ipsec_test_flags flags; 2497 2498 memset(&flags, 0, sizeof(flags)); 2499 2500 flags.udp_encap = true; 2501 flags.udp_ports_verify = true; 2502 flags.plaintext_len = plaintext_len; 2503 2504 return test_ipsec_inline_proto_all(&flags); 2505 } 2506 2507 static int 2508 test_ipsec_inline_proto_err_icv_corrupt(void) 2509 { 2510 struct ipsec_test_flags flags; 2511 2512 memset(&flags, 0, sizeof(flags)); 2513 2514 flags.icv_corrupt = true; 2515 flags.plaintext_len = plaintext_len; 2516 2517 return test_ipsec_inline_proto_all(&flags); 2518 } 2519 2520 static int 2521 test_ipsec_inline_proto_tunnel_dst_addr_verify(void) 2522 { 2523 struct ipsec_test_flags flags; 2524 2525 memset(&flags, 0, sizeof(flags)); 2526 2527 flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR; 2528 flags.plaintext_len = plaintext_len; 2529 2530 return test_ipsec_inline_proto_all(&flags); 2531 } 2532 2533 static int 2534 test_ipsec_inline_proto_tunnel_src_dst_addr_verify(void) 2535 { 2536 struct ipsec_test_flags flags; 2537 2538 memset(&flags, 0, sizeof(flags)); 2539 2540 flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR; 2541 flags.plaintext_len = plaintext_len; 2542 2543 return test_ipsec_inline_proto_all(&flags); 2544 } 2545 2546 static int 2547 test_ipsec_inline_proto_inner_ip_csum(void) 2548 { 2549 struct ipsec_test_flags flags; 2550 2551 memset(&flags, 0, sizeof(flags)); 2552 2553 flags.ip_csum = true; 2554 flags.plaintext_len = plaintext_len; 2555 2556 return test_ipsec_inline_proto_all(&flags); 2557 } 2558 2559 static int 2560 test_ipsec_inline_proto_inner_l4_csum(void) 2561 { 2562 struct ipsec_test_flags flags; 2563 2564 memset(&flags, 0, sizeof(flags)); 2565 2566 flags.l4_csum = true; 2567 flags.plaintext_len = plaintext_len; 2568 2569 return test_ipsec_inline_proto_all(&flags); 2570 } 2571 2572 static int 2573 test_ipsec_inline_proto_tunnel_v4_in_v4(void) 2574 { 2575 struct ipsec_test_flags flags; 2576 2577 memset(&flags, 0, sizeof(flags)); 2578 2579 flags.ipv6 = false; 2580 flags.tunnel_ipv6 = false; 2581 flags.plaintext_len = plaintext_len; 2582 2583 return test_ipsec_inline_proto_all(&flags); 2584 } 2585 2586 static int 2587 test_ipsec_inline_proto_tunnel_v6_in_v6(void) 2588 { 2589 struct ipsec_test_flags flags; 2590 2591 memset(&flags, 0, sizeof(flags)); 2592 2593 flags.ipv6 = true; 2594 flags.tunnel_ipv6 = true; 2595 flags.plaintext_len = plaintext_len; 2596 2597 return test_ipsec_inline_proto_all(&flags); 2598 } 2599 2600 static int 2601 test_ipsec_inline_proto_tunnel_v4_in_v6(void) 2602 { 2603 struct ipsec_test_flags flags; 2604 2605 memset(&flags, 0, sizeof(flags)); 2606 2607 flags.ipv6 = false; 2608 flags.tunnel_ipv6 = true; 2609 flags.plaintext_len = plaintext_len; 2610 2611 return test_ipsec_inline_proto_all(&flags); 2612 } 2613 2614 static int 2615 test_ipsec_inline_proto_tunnel_v6_in_v4(void) 2616 { 2617 struct ipsec_test_flags flags; 2618 2619 memset(&flags, 0, sizeof(flags)); 2620 2621 flags.ipv6 = true; 2622 flags.tunnel_ipv6 = false; 2623 flags.plaintext_len = plaintext_len; 2624 2625 return test_ipsec_inline_proto_all(&flags); 2626 } 2627 2628 static int 2629 test_ipsec_inline_proto_transport_v4(void) 2630 { 2631 struct ipsec_test_flags flags; 2632 2633 memset(&flags, 0, sizeof(flags)); 2634 2635 flags.ipv6 = false; 2636 flags.transport = true; 2637 flags.plaintext_len = plaintext_len; 2638 2639 return test_ipsec_inline_proto_all(&flags); 2640 } 2641 2642 static int 2643 test_ipsec_inline_proto_transport_l4_csum(void) 2644 { 2645 struct ipsec_test_flags flags = { 2646 .l4_csum = true, 2647 .transport = true, 2648 .plaintext_len = plaintext_len, 2649 }; 2650 2651 return test_ipsec_inline_proto_all(&flags); 2652 } 2653 2654 static int 2655 test_ipsec_inline_proto_stats(void) 2656 { 2657 struct ipsec_test_flags flags; 2658 2659 memset(&flags, 0, sizeof(flags)); 2660 2661 flags.stats_success = true; 2662 flags.plaintext_len = plaintext_len; 2663 2664 return test_ipsec_inline_proto_all(&flags); 2665 } 2666 2667 static int 2668 test_ipsec_inline_proto_pkt_fragment(void) 2669 { 2670 struct ipsec_test_flags flags; 2671 2672 memset(&flags, 0, sizeof(flags)); 2673 2674 flags.fragment = true; 2675 flags.plaintext_len = plaintext_len; 2676 2677 return test_ipsec_inline_proto_all(&flags); 2678 2679 } 2680 2681 static int 2682 test_ipsec_inline_proto_copy_df_inner_0(void) 2683 { 2684 struct ipsec_test_flags flags; 2685 2686 memset(&flags, 0, sizeof(flags)); 2687 2688 flags.df = TEST_IPSEC_COPY_DF_INNER_0; 2689 flags.plaintext_len = plaintext_len; 2690 2691 return test_ipsec_inline_proto_all(&flags); 2692 } 2693 2694 static int 2695 test_ipsec_inline_proto_copy_df_inner_1(void) 2696 { 2697 struct ipsec_test_flags flags; 2698 2699 memset(&flags, 0, sizeof(flags)); 2700 2701 flags.df = TEST_IPSEC_COPY_DF_INNER_1; 2702 flags.plaintext_len = plaintext_len; 2703 2704 return test_ipsec_inline_proto_all(&flags); 2705 } 2706 2707 static int 2708 test_ipsec_inline_proto_set_df_0_inner_1(void) 2709 { 2710 struct ipsec_test_flags flags; 2711 2712 memset(&flags, 0, sizeof(flags)); 2713 2714 flags.df = TEST_IPSEC_SET_DF_0_INNER_1; 2715 flags.plaintext_len = plaintext_len; 2716 2717 return test_ipsec_inline_proto_all(&flags); 2718 } 2719 2720 static int 2721 test_ipsec_inline_proto_set_df_1_inner_0(void) 2722 { 2723 struct ipsec_test_flags flags; 2724 2725 memset(&flags, 0, sizeof(flags)); 2726 2727 flags.df = TEST_IPSEC_SET_DF_1_INNER_0; 2728 flags.plaintext_len = plaintext_len; 2729 2730 return test_ipsec_inline_proto_all(&flags); 2731 } 2732 2733 static int 2734 test_ipsec_inline_proto_ipv4_copy_dscp_inner_0(void) 2735 { 2736 struct ipsec_test_flags flags; 2737 2738 memset(&flags, 0, sizeof(flags)); 2739 2740 flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_0; 2741 flags.plaintext_len = plaintext_len; 2742 2743 return test_ipsec_inline_proto_all(&flags); 2744 } 2745 2746 static int 2747 test_ipsec_inline_proto_ipv4_copy_dscp_inner_1(void) 2748 { 2749 struct ipsec_test_flags flags; 2750 2751 memset(&flags, 0, sizeof(flags)); 2752 2753 flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_1; 2754 flags.plaintext_len = plaintext_len; 2755 2756 return test_ipsec_inline_proto_all(&flags); 2757 } 2758 2759 static int 2760 test_ipsec_inline_proto_ipv4_set_dscp_0_inner_1(void) 2761 { 2762 struct ipsec_test_flags flags; 2763 2764 memset(&flags, 0, sizeof(flags)); 2765 2766 flags.dscp = TEST_IPSEC_SET_DSCP_0_INNER_1; 2767 flags.plaintext_len = plaintext_len; 2768 2769 return test_ipsec_inline_proto_all(&flags); 2770 } 2771 2772 static int 2773 test_ipsec_inline_proto_ipv4_set_dscp_1_inner_0(void) 2774 { 2775 struct ipsec_test_flags flags; 2776 2777 memset(&flags, 0, sizeof(flags)); 2778 2779 flags.dscp = TEST_IPSEC_SET_DSCP_1_INNER_0; 2780 flags.plaintext_len = plaintext_len; 2781 2782 return test_ipsec_inline_proto_all(&flags); 2783 } 2784 2785 static int 2786 test_ipsec_inline_proto_ipv6_copy_dscp_inner_0(void) 2787 { 2788 struct ipsec_test_flags flags; 2789 2790 memset(&flags, 0, sizeof(flags)); 2791 2792 flags.ipv6 = true; 2793 flags.tunnel_ipv6 = true; 2794 flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_0; 2795 flags.plaintext_len = plaintext_len; 2796 2797 return test_ipsec_inline_proto_all(&flags); 2798 } 2799 2800 static int 2801 test_ipsec_inline_proto_ipv6_copy_dscp_inner_1(void) 2802 { 2803 struct ipsec_test_flags flags; 2804 2805 memset(&flags, 0, sizeof(flags)); 2806 2807 flags.ipv6 = true; 2808 flags.tunnel_ipv6 = true; 2809 flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_1; 2810 flags.plaintext_len = plaintext_len; 2811 2812 return test_ipsec_inline_proto_all(&flags); 2813 } 2814 2815 static int 2816 test_ipsec_inline_proto_ipv6_set_dscp_0_inner_1(void) 2817 { 2818 struct ipsec_test_flags flags; 2819 2820 memset(&flags, 0, sizeof(flags)); 2821 2822 flags.ipv6 = true; 2823 flags.tunnel_ipv6 = true; 2824 flags.dscp = TEST_IPSEC_SET_DSCP_0_INNER_1; 2825 flags.plaintext_len = plaintext_len; 2826 2827 return test_ipsec_inline_proto_all(&flags); 2828 } 2829 2830 static int 2831 test_ipsec_inline_proto_ipv6_set_dscp_1_inner_0(void) 2832 { 2833 struct ipsec_test_flags flags; 2834 2835 memset(&flags, 0, sizeof(flags)); 2836 2837 flags.ipv6 = true; 2838 flags.tunnel_ipv6 = true; 2839 flags.dscp = TEST_IPSEC_SET_DSCP_1_INNER_0; 2840 flags.plaintext_len = plaintext_len; 2841 2842 return test_ipsec_inline_proto_all(&flags); 2843 } 2844 2845 static int 2846 test_ipsec_inline_proto_ipv6_copy_flabel_inner_0(void) 2847 { 2848 struct ipsec_test_flags flags; 2849 2850 memset(&flags, 0, sizeof(flags)); 2851 2852 flags.ipv6 = true; 2853 flags.tunnel_ipv6 = true; 2854 flags.flabel = TEST_IPSEC_COPY_FLABEL_INNER_0; 2855 2856 return test_ipsec_inline_proto_all(&flags); 2857 } 2858 2859 static int 2860 test_ipsec_inline_proto_ipv6_copy_flabel_inner_1(void) 2861 { 2862 struct ipsec_test_flags flags; 2863 2864 memset(&flags, 0, sizeof(flags)); 2865 2866 flags.ipv6 = true; 2867 flags.tunnel_ipv6 = true; 2868 flags.flabel = TEST_IPSEC_COPY_FLABEL_INNER_1; 2869 2870 return test_ipsec_inline_proto_all(&flags); 2871 } 2872 2873 static int 2874 test_ipsec_inline_proto_ipv6_set_flabel_0_inner_1(void) 2875 { 2876 struct ipsec_test_flags flags; 2877 2878 memset(&flags, 0, sizeof(flags)); 2879 2880 flags.ipv6 = true; 2881 flags.tunnel_ipv6 = true; 2882 flags.flabel = TEST_IPSEC_SET_FLABEL_0_INNER_1; 2883 2884 return test_ipsec_inline_proto_all(&flags); 2885 } 2886 2887 static int 2888 test_ipsec_inline_proto_ipv6_set_flabel_1_inner_0(void) 2889 { 2890 struct ipsec_test_flags flags; 2891 2892 memset(&flags, 0, sizeof(flags)); 2893 2894 flags.ipv6 = true; 2895 flags.tunnel_ipv6 = true; 2896 flags.flabel = TEST_IPSEC_SET_FLABEL_1_INNER_0; 2897 2898 return test_ipsec_inline_proto_all(&flags); 2899 } 2900 2901 static int 2902 test_ipsec_inline_proto_ipv4_ttl_decrement(void) 2903 { 2904 struct ipsec_test_flags flags = { 2905 .dec_ttl_or_hop_limit = true, 2906 .plaintext_len = plaintext_len, 2907 }; 2908 2909 return test_ipsec_inline_proto_all(&flags); 2910 } 2911 2912 static int 2913 test_ipsec_inline_proto_ipv6_hop_limit_decrement(void) 2914 { 2915 struct ipsec_test_flags flags = { 2916 .ipv6 = true, 2917 .dec_ttl_or_hop_limit = true, 2918 .plaintext_len = plaintext_len, 2919 }; 2920 2921 return test_ipsec_inline_proto_all(&flags); 2922 } 2923 2924 static int 2925 test_ipsec_inline_proto_iv_gen(void) 2926 { 2927 struct ipsec_test_flags flags; 2928 2929 memset(&flags, 0, sizeof(flags)); 2930 2931 flags.iv_gen = true; 2932 flags.plaintext_len = plaintext_len; 2933 2934 return test_ipsec_inline_proto_all(&flags); 2935 } 2936 2937 static int 2938 test_ipsec_inline_proto_sa_pkt_soft_expiry(void) 2939 { 2940 struct ipsec_test_flags flags = { 2941 .sa_expiry_pkts_soft = true, 2942 .plaintext_len = plaintext_len, 2943 }; 2944 return test_ipsec_inline_proto_all(&flags); 2945 } 2946 static int 2947 test_ipsec_inline_proto_sa_byte_soft_expiry(void) 2948 { 2949 struct ipsec_test_flags flags = { 2950 .sa_expiry_bytes_soft = true, 2951 .plaintext_len = plaintext_len, 2952 }; 2953 return test_ipsec_inline_proto_all(&flags); 2954 } 2955 2956 static int 2957 test_ipsec_inline_proto_sa_pkt_hard_expiry(void) 2958 { 2959 struct ipsec_test_flags flags = { 2960 .sa_expiry_pkts_hard = true 2961 }; 2962 2963 return test_ipsec_inline_proto_all(&flags); 2964 } 2965 2966 static int 2967 test_ipsec_inline_proto_sa_byte_hard_expiry(void) 2968 { 2969 struct ipsec_test_flags flags = { 2970 .sa_expiry_bytes_hard = true 2971 }; 2972 2973 return test_ipsec_inline_proto_all(&flags); 2974 } 2975 2976 static int 2977 test_ipsec_inline_proto_known_vec_fragmented(const void *test_data) 2978 { 2979 struct ipsec_test_data td_outb; 2980 struct ipsec_test_flags flags; 2981 2982 memset(&flags, 0, sizeof(flags)); 2983 flags.fragment = true; 2984 flags.plaintext_len = plaintext_len; 2985 2986 memcpy(&td_outb, test_data, sizeof(td_outb)); 2987 2988 /* Disable IV gen to be able to test with known vectors */ 2989 td_outb.ipsec_xform.options.iv_gen_disable = 1; 2990 2991 return test_ipsec_inline_proto_process(&td_outb, NULL, 1, false, 2992 &flags); 2993 } 2994 2995 static int 2996 test_ipsec_inline_pkt_replay(const void *test_data, const uint64_t esn[], 2997 bool replayed_pkt[], uint32_t nb_pkts, bool esn_en, 2998 uint64_t winsz) 2999 { 3000 struct ipsec_test_data td_outb[TEST_SEC_PKTS_MAX]; 3001 struct ipsec_test_data td_inb[TEST_SEC_PKTS_MAX]; 3002 struct ipsec_test_flags flags; 3003 uint32_t i, ret = 0; 3004 3005 memset(&flags, 0, sizeof(flags)); 3006 flags.antireplay = true; 3007 flags.plaintext_len = plaintext_len; 3008 3009 for (i = 0; i < nb_pkts; i++) { 3010 memcpy(&td_outb[i], test_data, sizeof(td_outb[0])); 3011 td_outb[i].ipsec_xform.options.iv_gen_disable = 1; 3012 td_outb[i].ipsec_xform.replay_win_sz = winsz; 3013 td_outb[i].ipsec_xform.options.esn = esn_en; 3014 } 3015 3016 for (i = 0; i < nb_pkts; i++) 3017 td_outb[i].ipsec_xform.esn.value = esn[i]; 3018 3019 ret = test_ipsec_inline_proto_process_with_esn(td_outb, td_inb, 3020 nb_pkts, true, &flags); 3021 if (ret != TEST_SUCCESS) 3022 return ret; 3023 3024 test_ipsec_td_update(td_inb, td_outb, nb_pkts, &flags); 3025 3026 for (i = 0; i < nb_pkts; i++) { 3027 td_inb[i].ipsec_xform.options.esn = esn_en; 3028 /* Set antireplay flag for packets to be dropped */ 3029 td_inb[i].ar_packet = replayed_pkt[i]; 3030 } 3031 3032 ret = test_ipsec_inline_proto_process_with_esn(td_inb, NULL, nb_pkts, 3033 true, &flags); 3034 3035 return ret; 3036 } 3037 3038 static int 3039 test_ipsec_inline_proto_pkt_antireplay(const void *test_data, uint64_t winsz) 3040 { 3041 3042 uint32_t nb_pkts = 5; 3043 bool replayed_pkt[5]; 3044 uint64_t esn[5]; 3045 3046 /* 1. Advance the TOP of the window to WS * 2 */ 3047 esn[0] = winsz * 2; 3048 /* 2. Test sequence number within the new window(WS + 1) */ 3049 esn[1] = winsz + 1; 3050 /* 3. Test sequence number less than the window BOTTOM */ 3051 esn[2] = winsz; 3052 /* 4. Test sequence number in the middle of the window */ 3053 esn[3] = winsz + (winsz / 2); 3054 /* 5. Test replay of the packet in the middle of the window */ 3055 esn[4] = winsz + (winsz / 2); 3056 3057 replayed_pkt[0] = false; 3058 replayed_pkt[1] = false; 3059 replayed_pkt[2] = true; 3060 replayed_pkt[3] = false; 3061 replayed_pkt[4] = true; 3062 3063 return test_ipsec_inline_pkt_replay(test_data, esn, replayed_pkt, 3064 nb_pkts, false, winsz); 3065 } 3066 3067 static int 3068 test_ipsec_inline_proto_pkt_antireplay1024(const void *test_data) 3069 { 3070 return test_ipsec_inline_proto_pkt_antireplay(test_data, 1024); 3071 } 3072 3073 static int 3074 test_ipsec_inline_proto_pkt_antireplay2048(const void *test_data) 3075 { 3076 return test_ipsec_inline_proto_pkt_antireplay(test_data, 2048); 3077 } 3078 3079 static int 3080 test_ipsec_inline_proto_pkt_antireplay4096(const void *test_data) 3081 { 3082 return test_ipsec_inline_proto_pkt_antireplay(test_data, 4096); 3083 } 3084 3085 static int 3086 test_ipsec_inline_proto_pkt_esn_antireplay(const void *test_data, uint64_t winsz) 3087 { 3088 3089 uint32_t nb_pkts = 7; 3090 bool replayed_pkt[7]; 3091 uint64_t esn[7]; 3092 3093 /* Set the initial sequence number */ 3094 esn[0] = (uint64_t)(0xFFFFFFFF - winsz); 3095 /* 1. Advance the TOP of the window to (1<<32 + WS/2) */ 3096 esn[1] = (uint64_t)((1ULL << 32) + (winsz / 2)); 3097 /* 2. Test sequence number within new window (1<<32 + WS/2 + 1) */ 3098 esn[2] = (uint64_t)((1ULL << 32) - (winsz / 2) + 1); 3099 /* 3. Test with sequence number within window (1<<32 - 1) */ 3100 esn[3] = (uint64_t)((1ULL << 32) - 1); 3101 /* 4. Test with sequence number within window (1<<32 - 1) */ 3102 esn[4] = (uint64_t)(1ULL << 32); 3103 /* 5. Test with duplicate sequence number within 3104 * new window (1<<32 - 1) 3105 */ 3106 esn[5] = (uint64_t)((1ULL << 32) - 1); 3107 /* 6. Test with duplicate sequence number within new window (1<<32) */ 3108 esn[6] = (uint64_t)(1ULL << 32); 3109 3110 replayed_pkt[0] = false; 3111 replayed_pkt[1] = false; 3112 replayed_pkt[2] = false; 3113 replayed_pkt[3] = false; 3114 replayed_pkt[4] = false; 3115 replayed_pkt[5] = true; 3116 replayed_pkt[6] = true; 3117 3118 return test_ipsec_inline_pkt_replay(test_data, esn, replayed_pkt, nb_pkts, 3119 true, winsz); 3120 } 3121 3122 static int 3123 test_ipsec_inline_proto_pkt_esn_antireplay1024(const void *test_data) 3124 { 3125 return test_ipsec_inline_proto_pkt_esn_antireplay(test_data, 1024); 3126 } 3127 3128 static int 3129 test_ipsec_inline_proto_pkt_esn_antireplay2048(const void *test_data) 3130 { 3131 return test_ipsec_inline_proto_pkt_esn_antireplay(test_data, 2048); 3132 } 3133 3134 static int 3135 test_ipsec_inline_proto_pkt_esn_antireplay4096(const void *test_data) 3136 { 3137 return test_ipsec_inline_proto_pkt_esn_antireplay(test_data, 4096); 3138 } 3139 3140 static struct unit_test_suite inline_ipsec_testsuite = { 3141 .suite_name = "Inline IPsec Ethernet Device Unit Test Suite", 3142 .unit_test_cases = { 3143 TEST_CASE_NAMED_WITH_DATA( 3144 "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", 3145 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3146 test_ipsec_inline_proto_known_vec, &pkt_aes_128_gcm), 3147 TEST_CASE_NAMED_WITH_DATA( 3148 "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", 3149 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3150 test_ipsec_inline_proto_known_vec, &pkt_aes_192_gcm), 3151 TEST_CASE_NAMED_WITH_DATA( 3152 "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", 3153 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3154 test_ipsec_inline_proto_known_vec, &pkt_aes_256_gcm), 3155 TEST_CASE_NAMED_WITH_DATA( 3156 "Outbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])", 3157 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3158 test_ipsec_inline_proto_known_vec, 3159 &pkt_aes_128_cbc_md5), 3160 TEST_CASE_NAMED_WITH_DATA( 3161 "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])", 3162 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3163 test_ipsec_inline_proto_known_vec, 3164 &pkt_aes_128_cbc_hmac_sha256), 3165 TEST_CASE_NAMED_WITH_DATA( 3166 "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])", 3167 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3168 test_ipsec_inline_proto_known_vec, 3169 &pkt_aes_128_cbc_hmac_sha384), 3170 TEST_CASE_NAMED_WITH_DATA( 3171 "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])", 3172 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3173 test_ipsec_inline_proto_known_vec, 3174 &pkt_aes_128_cbc_hmac_sha512), 3175 TEST_CASE_NAMED_WITH_DATA( 3176 "Outbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA256 [16B ICV])", 3177 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3178 test_ipsec_inline_proto_known_vec, 3179 &pkt_3des_cbc_hmac_sha256), 3180 TEST_CASE_NAMED_WITH_DATA( 3181 "Outbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA384 [24B ICV])", 3182 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3183 test_ipsec_inline_proto_known_vec, 3184 &pkt_3des_cbc_hmac_sha384), 3185 TEST_CASE_NAMED_WITH_DATA( 3186 "Outbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA512 [32B ICV])", 3187 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3188 test_ipsec_inline_proto_known_vec, 3189 &pkt_3des_cbc_hmac_sha512), 3190 TEST_CASE_NAMED_WITH_DATA( 3191 "Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)", 3192 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3193 test_ipsec_inline_proto_known_vec, &pkt_aes_256_gcm_v6), 3194 TEST_CASE_NAMED_WITH_DATA( 3195 "Outbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])", 3196 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3197 test_ipsec_inline_proto_known_vec, 3198 &pkt_aes_128_cbc_hmac_sha256_v6), 3199 TEST_CASE_NAMED_WITH_DATA( 3200 "Outbound known vector (ESP tunnel mode IPv6 3DES-CBC HMAC-SHA256 [16B ICV])", 3201 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3202 test_ipsec_inline_proto_known_vec, 3203 &pkt_3des_cbc_hmac_sha256_v6), 3204 TEST_CASE_NAMED_WITH_DATA( 3205 "Outbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])", 3206 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3207 test_ipsec_inline_proto_known_vec, 3208 &pkt_null_aes_xcbc), 3209 TEST_CASE_NAMED_WITH_DATA( 3210 "Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])", 3211 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3212 test_ipsec_inline_proto_known_vec, 3213 &pkt_des_cbc_hmac_sha256), 3214 TEST_CASE_NAMED_WITH_DATA( 3215 "Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])", 3216 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3217 test_ipsec_inline_proto_known_vec, 3218 &pkt_des_cbc_hmac_sha384), 3219 TEST_CASE_NAMED_WITH_DATA( 3220 "Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])", 3221 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3222 test_ipsec_inline_proto_known_vec, 3223 &pkt_des_cbc_hmac_sha512), 3224 TEST_CASE_NAMED_WITH_DATA( 3225 "Outbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])", 3226 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3227 test_ipsec_inline_proto_known_vec, 3228 &pkt_des_cbc_hmac_sha256_v6), 3229 3230 TEST_CASE_NAMED_WITH_DATA( 3231 "Outbound fragmented packet", 3232 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3233 test_ipsec_inline_proto_known_vec_fragmented, 3234 &pkt_aes_128_gcm_frag), 3235 3236 TEST_CASE_NAMED_WITH_DATA( 3237 "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", 3238 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3239 test_ipsec_inline_proto_known_vec_inb, &pkt_aes_128_gcm), 3240 TEST_CASE_NAMED_WITH_DATA( 3241 "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", 3242 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3243 test_ipsec_inline_proto_known_vec_inb, &pkt_aes_192_gcm), 3244 TEST_CASE_NAMED_WITH_DATA( 3245 "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", 3246 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3247 test_ipsec_inline_proto_known_vec_inb, &pkt_aes_256_gcm), 3248 TEST_CASE_NAMED_WITH_DATA( 3249 "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)", 3250 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3251 test_ipsec_inline_proto_known_vec_inb, &pkt_aes_128_cbc_null), 3252 TEST_CASE_NAMED_WITH_DATA( 3253 "Inbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])", 3254 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3255 test_ipsec_inline_proto_known_vec_inb, 3256 &pkt_aes_128_cbc_md5), 3257 TEST_CASE_NAMED_WITH_DATA( 3258 "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])", 3259 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3260 test_ipsec_inline_proto_known_vec_inb, 3261 &pkt_aes_128_cbc_hmac_sha256), 3262 TEST_CASE_NAMED_WITH_DATA( 3263 "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])", 3264 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3265 test_ipsec_inline_proto_known_vec_inb, 3266 &pkt_aes_128_cbc_hmac_sha384), 3267 TEST_CASE_NAMED_WITH_DATA( 3268 "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])", 3269 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3270 test_ipsec_inline_proto_known_vec_inb, 3271 &pkt_aes_128_cbc_hmac_sha512), 3272 TEST_CASE_NAMED_WITH_DATA( 3273 "Inbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA256 [16B ICV])", 3274 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3275 test_ipsec_inline_proto_known_vec_inb, 3276 &pkt_3des_cbc_hmac_sha256), 3277 TEST_CASE_NAMED_WITH_DATA( 3278 "Inbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA384 [24B ICV])", 3279 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3280 test_ipsec_inline_proto_known_vec_inb, 3281 &pkt_3des_cbc_hmac_sha384), 3282 TEST_CASE_NAMED_WITH_DATA( 3283 "Inbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA512 [32B ICV])", 3284 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3285 test_ipsec_inline_proto_known_vec_inb, 3286 &pkt_3des_cbc_hmac_sha512), 3287 TEST_CASE_NAMED_WITH_DATA( 3288 "Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)", 3289 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3290 test_ipsec_inline_proto_known_vec_inb, &pkt_aes_256_gcm_v6), 3291 TEST_CASE_NAMED_WITH_DATA( 3292 "Inbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])", 3293 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3294 test_ipsec_inline_proto_known_vec_inb, 3295 &pkt_aes_128_cbc_hmac_sha256_v6), 3296 TEST_CASE_NAMED_WITH_DATA( 3297 "Inbound known vector (ESP tunnel mode IPv6 3DES-CBC HMAC-SHA256 [16B ICV])", 3298 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3299 test_ipsec_inline_proto_known_vec_inb, 3300 &pkt_3des_cbc_hmac_sha256_v6), 3301 TEST_CASE_NAMED_WITH_DATA( 3302 "Inbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])", 3303 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3304 test_ipsec_inline_proto_known_vec_inb, 3305 &pkt_null_aes_xcbc), 3306 TEST_CASE_NAMED_WITH_DATA( 3307 "Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])", 3308 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3309 test_ipsec_inline_proto_known_vec_inb, 3310 &pkt_des_cbc_hmac_sha256), 3311 TEST_CASE_NAMED_WITH_DATA( 3312 "Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])", 3313 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3314 test_ipsec_inline_proto_known_vec_inb, 3315 &pkt_des_cbc_hmac_sha384), 3316 TEST_CASE_NAMED_WITH_DATA( 3317 "Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])", 3318 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3319 test_ipsec_inline_proto_known_vec_inb, 3320 &pkt_des_cbc_hmac_sha512), 3321 TEST_CASE_NAMED_WITH_DATA( 3322 "Inbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])", 3323 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3324 test_ipsec_inline_proto_known_vec_inb, 3325 &pkt_des_cbc_hmac_sha256_v6), 3326 3327 3328 TEST_CASE_NAMED_ST( 3329 "Combined test alg list", 3330 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3331 test_ipsec_inline_proto_display_list), 3332 3333 TEST_CASE_NAMED_ST( 3334 "UDP encapsulation", 3335 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3336 test_ipsec_inline_proto_udp_encap), 3337 TEST_CASE_NAMED_ST( 3338 "UDP encapsulation ports verification test", 3339 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3340 test_ipsec_inline_proto_udp_ports_verify), 3341 TEST_CASE_NAMED_ST( 3342 "Negative test: ICV corruption", 3343 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3344 test_ipsec_inline_proto_err_icv_corrupt), 3345 TEST_CASE_NAMED_ST( 3346 "Tunnel dst addr verification", 3347 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3348 test_ipsec_inline_proto_tunnel_dst_addr_verify), 3349 TEST_CASE_NAMED_ST( 3350 "Tunnel src and dst addr verification", 3351 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3352 test_ipsec_inline_proto_tunnel_src_dst_addr_verify), 3353 TEST_CASE_NAMED_ST( 3354 "Inner IP checksum", 3355 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3356 test_ipsec_inline_proto_inner_ip_csum), 3357 TEST_CASE_NAMED_ST( 3358 "Inner L4 checksum", 3359 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3360 test_ipsec_inline_proto_inner_l4_csum), 3361 TEST_CASE_NAMED_ST( 3362 "Tunnel IPv4 in IPv4", 3363 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3364 test_ipsec_inline_proto_tunnel_v4_in_v4), 3365 TEST_CASE_NAMED_ST( 3366 "Tunnel IPv6 in IPv6", 3367 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3368 test_ipsec_inline_proto_tunnel_v6_in_v6), 3369 TEST_CASE_NAMED_ST( 3370 "Tunnel IPv4 in IPv6", 3371 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3372 test_ipsec_inline_proto_tunnel_v4_in_v6), 3373 TEST_CASE_NAMED_ST( 3374 "Tunnel IPv6 in IPv4", 3375 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3376 test_ipsec_inline_proto_tunnel_v6_in_v4), 3377 TEST_CASE_NAMED_ST( 3378 "Transport IPv4", 3379 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3380 test_ipsec_inline_proto_transport_v4), 3381 TEST_CASE_NAMED_ST( 3382 "Transport l4 checksum", 3383 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3384 test_ipsec_inline_proto_transport_l4_csum), 3385 TEST_CASE_NAMED_ST( 3386 "Statistics: success", 3387 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3388 test_ipsec_inline_proto_stats), 3389 TEST_CASE_NAMED_ST( 3390 "Fragmented packet", 3391 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3392 test_ipsec_inline_proto_pkt_fragment), 3393 TEST_CASE_NAMED_ST( 3394 "Tunnel header copy DF (inner 0)", 3395 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3396 test_ipsec_inline_proto_copy_df_inner_0), 3397 TEST_CASE_NAMED_ST( 3398 "Tunnel header copy DF (inner 1)", 3399 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3400 test_ipsec_inline_proto_copy_df_inner_1), 3401 TEST_CASE_NAMED_ST( 3402 "Tunnel header set DF 0 (inner 1)", 3403 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3404 test_ipsec_inline_proto_set_df_0_inner_1), 3405 TEST_CASE_NAMED_ST( 3406 "Tunnel header set DF 1 (inner 0)", 3407 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3408 test_ipsec_inline_proto_set_df_1_inner_0), 3409 TEST_CASE_NAMED_ST( 3410 "Tunnel header IPv4 copy DSCP (inner 0)", 3411 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3412 test_ipsec_inline_proto_ipv4_copy_dscp_inner_0), 3413 TEST_CASE_NAMED_ST( 3414 "Tunnel header IPv4 copy DSCP (inner 1)", 3415 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3416 test_ipsec_inline_proto_ipv4_copy_dscp_inner_1), 3417 TEST_CASE_NAMED_ST( 3418 "Tunnel header IPv4 set DSCP 0 (inner 1)", 3419 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3420 test_ipsec_inline_proto_ipv4_set_dscp_0_inner_1), 3421 TEST_CASE_NAMED_ST( 3422 "Tunnel header IPv4 set DSCP 1 (inner 0)", 3423 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3424 test_ipsec_inline_proto_ipv4_set_dscp_1_inner_0), 3425 TEST_CASE_NAMED_ST( 3426 "Tunnel header IPv6 copy DSCP (inner 0)", 3427 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3428 test_ipsec_inline_proto_ipv6_copy_dscp_inner_0), 3429 TEST_CASE_NAMED_ST( 3430 "Tunnel header IPv6 copy DSCP (inner 1)", 3431 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3432 test_ipsec_inline_proto_ipv6_copy_dscp_inner_1), 3433 TEST_CASE_NAMED_ST( 3434 "Tunnel header IPv6 set DSCP 0 (inner 1)", 3435 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3436 test_ipsec_inline_proto_ipv6_set_dscp_0_inner_1), 3437 TEST_CASE_NAMED_ST( 3438 "Tunnel header IPv6 set DSCP 1 (inner 0)", 3439 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3440 test_ipsec_inline_proto_ipv6_set_dscp_1_inner_0), 3441 TEST_CASE_NAMED_ST( 3442 "Tunnel header IPv6 copy FLABEL (inner 0)", 3443 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3444 test_ipsec_inline_proto_ipv6_copy_flabel_inner_0), 3445 TEST_CASE_NAMED_ST( 3446 "Tunnel header IPv6 copy FLABEL (inner 1)", 3447 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3448 test_ipsec_inline_proto_ipv6_copy_flabel_inner_1), 3449 TEST_CASE_NAMED_ST( 3450 "Tunnel header IPv6 set FLABEL 0 (inner 1)", 3451 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3452 test_ipsec_inline_proto_ipv6_set_flabel_0_inner_1), 3453 TEST_CASE_NAMED_ST( 3454 "Tunnel header IPv6 set FLABEL 1 (inner 0)", 3455 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3456 test_ipsec_inline_proto_ipv6_set_flabel_1_inner_0), 3457 TEST_CASE_NAMED_ST( 3458 "Tunnel header IPv4 decrement inner TTL", 3459 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3460 test_ipsec_inline_proto_ipv4_ttl_decrement), 3461 TEST_CASE_NAMED_ST( 3462 "Tunnel header IPv6 decrement inner hop limit", 3463 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3464 test_ipsec_inline_proto_ipv6_hop_limit_decrement), 3465 TEST_CASE_NAMED_ST( 3466 "IV generation", 3467 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3468 test_ipsec_inline_proto_iv_gen), 3469 TEST_CASE_NAMED_ST( 3470 "SA soft expiry with packet limit", 3471 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3472 test_ipsec_inline_proto_sa_pkt_soft_expiry), 3473 TEST_CASE_NAMED_ST( 3474 "SA soft expiry with byte limit", 3475 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3476 test_ipsec_inline_proto_sa_byte_soft_expiry), 3477 TEST_CASE_NAMED_ST( 3478 "SA hard expiry with packet limit", 3479 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3480 test_ipsec_inline_proto_sa_pkt_hard_expiry), 3481 TEST_CASE_NAMED_ST( 3482 "SA hard expiry with byte limit", 3483 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3484 test_ipsec_inline_proto_sa_byte_hard_expiry), 3485 3486 TEST_CASE_NAMED_WITH_DATA( 3487 "Antireplay with window size 1024", 3488 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3489 test_ipsec_inline_proto_pkt_antireplay1024, 3490 &pkt_aes_128_gcm), 3491 TEST_CASE_NAMED_WITH_DATA( 3492 "Antireplay with window size 2048", 3493 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3494 test_ipsec_inline_proto_pkt_antireplay2048, 3495 &pkt_aes_128_gcm), 3496 TEST_CASE_NAMED_WITH_DATA( 3497 "Antireplay with window size 4096", 3498 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3499 test_ipsec_inline_proto_pkt_antireplay4096, 3500 &pkt_aes_128_gcm), 3501 TEST_CASE_NAMED_WITH_DATA( 3502 "ESN and Antireplay with window size 1024", 3503 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3504 test_ipsec_inline_proto_pkt_esn_antireplay1024, 3505 &pkt_aes_128_gcm), 3506 TEST_CASE_NAMED_WITH_DATA( 3507 "ESN and Antireplay with window size 2048", 3508 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3509 test_ipsec_inline_proto_pkt_esn_antireplay2048, 3510 &pkt_aes_128_gcm), 3511 TEST_CASE_NAMED_WITH_DATA( 3512 "ESN and Antireplay with window size 4096", 3513 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3514 test_ipsec_inline_proto_pkt_esn_antireplay4096, 3515 &pkt_aes_128_gcm), 3516 3517 TEST_CASE_NAMED_WITH_DATA( 3518 "IPv4 Reassembly with 2 fragments", 3519 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3520 test_inline_ip_reassembly, &ipv4_2frag_vector), 3521 TEST_CASE_NAMED_WITH_DATA( 3522 "IPv6 Reassembly with 2 fragments", 3523 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3524 test_inline_ip_reassembly, &ipv6_2frag_vector), 3525 TEST_CASE_NAMED_WITH_DATA( 3526 "IPv4 Reassembly with 4 fragments", 3527 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3528 test_inline_ip_reassembly, &ipv4_4frag_vector), 3529 TEST_CASE_NAMED_WITH_DATA( 3530 "IPv6 Reassembly with 4 fragments", 3531 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3532 test_inline_ip_reassembly, &ipv6_4frag_vector), 3533 TEST_CASE_NAMED_WITH_DATA( 3534 "IPv4 Reassembly with 5 fragments", 3535 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3536 test_inline_ip_reassembly, &ipv4_5frag_vector), 3537 TEST_CASE_NAMED_WITH_DATA( 3538 "IPv6 Reassembly with 5 fragments", 3539 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3540 test_inline_ip_reassembly, &ipv6_5frag_vector), 3541 TEST_CASE_NAMED_WITH_DATA( 3542 "IPv4 Reassembly with incomplete fragments", 3543 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3544 test_inline_ip_reassembly, &ipv4_incomplete_vector), 3545 TEST_CASE_NAMED_WITH_DATA( 3546 "IPv4 Reassembly with overlapping fragments", 3547 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3548 test_inline_ip_reassembly, &ipv4_overlap_vector), 3549 TEST_CASE_NAMED_WITH_DATA( 3550 "IPv4 Reassembly with out of order fragments", 3551 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3552 test_inline_ip_reassembly, &ipv4_out_of_order_vector), 3553 TEST_CASE_NAMED_WITH_DATA( 3554 "IPv4 Reassembly with burst of 4 fragments", 3555 ut_setup_inline_ipsec_reassembly, ut_teardown_inline_ipsec_reassembly, 3556 test_inline_ip_reassembly, &ipv4_4frag_burst_vector), 3557 TEST_CASE_NAMED_WITH_DATA( 3558 "Inbound Out-Of-Place processing", 3559 ut_setup_inline_ipsec, ut_teardown_inline_ipsec, 3560 test_ipsec_inline_proto_oop_inb, 3561 &pkt_aes_128_gcm), 3562 TEST_CASE_NAMED_WITH_DATA( 3563 "Inbound Rx Inject processing", 3564 ut_setup_inline_ipsec_rx_inj, ut_teardown_inline_ipsec_rx_inj, 3565 test_ipsec_inline_proto_rx_inj_inb, &ipv4_vector), 3566 3567 TEST_CASES_END() /**< NULL terminate unit test array */ 3568 }, 3569 }; 3570 3571 3572 static int 3573 test_inline_ipsec(void) 3574 { 3575 inline_ipsec_testsuite.setup = inline_ipsec_testsuite_setup; 3576 inline_ipsec_testsuite.teardown = inline_ipsec_testsuite_teardown; 3577 return unit_test_suite_runner(&inline_ipsec_testsuite); 3578 } 3579 3580 3581 static int 3582 test_inline_ipsec_sg(void) 3583 { 3584 int rc; 3585 3586 inline_ipsec_testsuite.setup = inline_ipsec_testsuite_setup; 3587 inline_ipsec_testsuite.teardown = inline_ipsec_testsuite_teardown; 3588 3589 sg_mode = true; 3590 /* Run the tests */ 3591 rc = unit_test_suite_runner(&inline_ipsec_testsuite); 3592 sg_mode = false; 3593 3594 port_conf.rxmode.offloads &= ~RTE_ETH_RX_OFFLOAD_SCATTER; 3595 port_conf.txmode.offloads &= ~RTE_ETH_TX_OFFLOAD_MULTI_SEGS; 3596 return rc; 3597 } 3598 3599 static int 3600 test_event_inline_ipsec(void) 3601 { 3602 inline_ipsec_testsuite.setup = event_inline_ipsec_testsuite_setup; 3603 inline_ipsec_testsuite.teardown = event_inline_ipsec_testsuite_teardown; 3604 return unit_test_suite_runner(&inline_ipsec_testsuite); 3605 } 3606 3607 #endif /* !RTE_EXEC_ENV_WINDOWS */ 3608 3609 REGISTER_TEST_COMMAND(inline_ipsec_autotest, test_inline_ipsec); 3610 REGISTER_TEST_COMMAND(inline_ipsec_sg_autotest, test_inline_ipsec_sg); 3611 REGISTER_TEST_COMMAND(event_inline_ipsec_autotest, test_event_inline_ipsec); 3612