Re: [PATCH v2 2/2] devtools: report commit id on partial fixes
On Fri, 2021-12-03 at 08:54 +0100, christian.ehrha...@canonical.com wrote: > From: Christian Ehrhardt > > The candidate list for backports lists partial fixes like: > "(21.02 (partially fixed in 21.08))" > That is useful to identify fixes menat for later releases, but > indirectly applying to older ones as well. > > While the devscript has no access to the stable tree to fully check > if the respective interim commit is present there, reporting the commit > id will still help to check it later - because only if the interim commit > id is in the stable tree, then also the new fix is a real candidate > for backporting. > > The above would become "(21.02 (partially fixed in c30751afc360 @ 21.08))" > > Signed-off-by: Christian Ehrhardt > --- > devtools/git-log-fixes.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/devtools/git-log-fixes.sh b/devtools/git-log-fixes.sh > index 27ec9088d4..a1b548948a 100755 > --- a/devtools/git-log-fixes.sh > +++ b/devtools/git-log-fixes.sh > @@ -76,7 +76,7 @@ origin_version () # ... > # look chained fix of fix recursively > local rootver="$(origin_version $roothashes)" > [ -n "$rootver" ] || continue > - echo "$rootver (partially fixed in $origver)" > + echo "$rootver (partially fixed in $origin @ $origver)" > else > echo "$origver" > fi Acked-by: Xueming Li
Re: [PATCH v2 1/2] devtools: don't include headline "fix" in backports
On Fri, 2021-12-03 at 08:54 +0100, christian.ehrha...@canonical.com wrote: > From: Christian Ehrhardt > > It was important in the past to select anything with "fix" in the > headline, but recently more often created false positives and work > to sort tihngs out than identifying many helpful patches. > > The community and processes aroudn DPDK matured enough that developers > (rightfully) expect to rely on "Fixes:" and "stable@" marking for > backprots. > > Therefore do no more include patches that just include the word fix > in the backport candidate list. > > Signed-off-by: Christian Ehrhardt > --- > devtools/git-log-fixes.sh | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/devtools/git-log-fixes.sh b/devtools/git-log-fixes.sh > index 210c8dcf25..27ec9088d4 100755 > --- a/devtools/git-log-fixes.sh > +++ b/devtools/git-log-fixes.sh > @@ -13,7 +13,7 @@ print_help () > cat <<- END_OF_HELP > > Find fixes to backport on previous versions. > - It looks for the word "fix" in the headline or a tag "Fixes" or > "Reverts". > + It looks for a tag "Fixes" or "Reverts" and for recipient > sta...@dpdk.org. > The oldest bug origin is printed as well as partially fixed versions. > END_OF_HELP > } > @@ -109,8 +109,7 @@ while read id headline ; do > origins=$(origin_filter $id) > stable=$(stable_tag $id) > fixes=$(fixes_tag $id) > - [ "$stable" = "S" ] || [ "$fixes" = "F" ] || [ -n "$origins" ] || \ > - echo "$headline" | grep -q fix || continue > + [ "$stable" = "S" ] || [ "$fixes" = "F" ] || [ -n "$origins" ] || > continue > version=$(commit_version $id) > if [ -n "$origins" ] ; then > origver="$(origin_version $origins)" Yes, most of them are faked ones, thanks for fixing this. Acked-by: Xueming Li
Re: [dpdk-dev] [PATCH] ethdev: support queue-based priority flow control
On Sun, 5 Dec 2021 12:33:57 +0530 Jerin Jacob wrote: > On Sat, Dec 4, 2021 at 11:08 PM Stephen Hemminger > wrote: > > > > On Sat, 4 Dec 2021 22:54:58 +0530 > > wrote: > > > > > + /** > > > + * Maximum supported traffic class as per PFC (802.1Qbb) > > > specification. > > > + * > > > + * Based on device support and use-case need, there are two > > > different > > > + * ways to enable PFC. The first case is the port level PFC > > > + * configuration, in this case, rte_eth_dev_priority_flow_ctrl_set() > > > + * API shall be used to configure the PFC, and PFC frames will be > > > + * generated using based on VLAN TC value. > > > + * The second case is the queue level PFC configuration, in this > > > case, > > > + * Any packet field content can be used to steer the packet to the > > > + * specific queue using rte_flow or RSS and then use > > > + * rte_eth_dev_priority_flow_ctrl_queue_set() to set the TC mapping > > > + * on each queue. Based on congestion selected on the specific > > > queue, > > > + * configured TC shall be used to generate PFC frames. > > > + * > > > + * When set to non zero value, application must use queue level > > > + * PFC configuration via rte_eth_dev_priority_flow_ctrl_queue_set() > > > API > > > + * instead of port level PFC configuration via > > > + * rte_eth_dev_priority_flow_ctrl_set() API to realize > > > + * PFC configuration. > > > + */ > > > + uint8_t pfc_queue_tc_max; > > > + uint8_t reserved_8s[7]; > > > + uint64_t reserved_64s[1]; /**< Reserved for future fields */ > > > void *reserved_ptrs[2]; /**< Reserved for future fields */ > > > > Not sure you can claim ABI compatibility because the previous versions of > > DPDK > > did not enforce that reserved fields must be zero. The Linux kernel > > learned this when adding flags for new system calls; reserved fields only > > work if you enforce that application must set them to zero. > > In this case it rte_eth_dev_info is an out parameter and implementation of > rte_eth_dev_info_get() already memseting to 0. > Do you still see any other ABI issue? > > See rte_eth_dev_info_get() > /* > * Init dev_info before port_id check since caller does not have > * return status and does not know if get is successful or not. > */ > memset(dev_info, 0, sizeof(struct rte_eth_dev_info)); The concern was from the misreading comment. It talks about what application should do. Could you reword the comment so that it describes what pfc_queue_tc_max is here and move the flow control set part of the comment to where the API for that is.
Re: vmxnet3 no longer functional on DPDK 21.11
- On Nov 30, 2021, at 7:42 AM, Bruce Richardson bruce.richard...@intel.com wrote: > On Mon, Nov 29, 2021 at 02:45:15PM -0600, Lewis Donzis wrote: >>Hello. >>We just upgraded from 21.08 to 21.11 and it's rather astounding the >>number of incompatible changes in three months. Not a big deal, just >>kind of a surprise, that's all. >>Anyway, the problem is that the vmxnet3 driver is no longer functional >>on FreeBSD. >>In drivers/net/vmxnet3/vmxnet3_ethdev.c, vmxnet3_dev_start() gets an >>error calling rte_intr_enable(). So it logs "interrupt enable failed" >>and returns an error. >>In lib/eal/freebsd/eal_interrupts.c, rte_intr_enable() is returning an >>error because rte_intr_dev_fd_get(intr_handle) is returning -1. >>I don't see how that could ever return anything other than -1 since it >>appears that there is no code that ever calls rte_intr_dev_fd_set() >>with a value other than -1 on FreeBSD. Also weird to me is that even >>if it didn't get an error, the switch statement that follows looks like >>it will return an error in every case. >>Nonetheless, it worked in 21.08, and I can't quite see why the >>difference, so I must be missing something. >>For the moment, I just commented the "return -EIO" in vmxnet3_ethdev.c, >>and it's now working again, but that's obviously not the correct >>solution. >>Can someone who's knowledgable about this mechanism perhaps explain a >>little bit about what's going on? I'll be happy to help troubleshoot. >>It seems like it must be something simple, but I just don't see it yet. > > Hi > > if you have the chance, it would be useful if you could use "git bisect" to > identify the commit in 21.11 that broke this driver. Looking through the > logs for 21.11 I can't identify any particular likely-looking commit, so > bisect is likely a good way to start looking into this. > > Regards, > /Bruce Hi, Bruce. git bisect is very time-consuming and very cool! I went back to 21.08, about 1100 commits, and worked through the process, but then I realized that I had forgotten to run ninja on one of the steps, so I did it again. I also re-checked it after the bisect, just to make sure that c87d435a4d79739c0cec2ed280b94b41cb908af7 is good, and 7a0935239b9eb817c65c03554a9954ddb8ea5044 is bad. Thanks, lew Here's the result: root@fbdev:/usr/local/share/dpdk-git # git bisect start root@fbdev:/usr/local/share/dpdk-git # git bisect bad root@fbdev:/usr/local/share/dpdk-git # git bisect good 74bd4072996e64b0051d24d8d641554d225db196 Bisecting: 556 revisions left to test after this (roughly 9 steps) [e2a289a788c0a128a15bc0f1099af7c031201ac5] net/ngbe: add mailbox process operations root@fbdev:/usr/local/share/dpdk-git # git bisect bad Bisecting: 277 revisions left to test after this (roughly 8 steps) [5906be5af6570db8b70b307c96aace0b096d1a2c] ethdev: fix ID spelling in comments and log messages root@fbdev:/usr/local/share/dpdk-git # git bisect bad Bisecting: 138 revisions left to test after this (roughly 7 steps) [a7c236b894a848c7bb9afb773a7e3c13615abaa8] net/cnxk: support meter ops get root@fbdev:/usr/local/share/dpdk-git # git bisect bad Bisecting: 69 revisions left to test after this (roughly 6 steps) [14fc81aed73842d976dd19a93ca47e22d61c1759] ethdev: update modify field flow action root@fbdev:/usr/local/share/dpdk-git # git bisect bad Bisecting: 34 revisions left to test after this (roughly 5 steps) [cdea571becb4dabf9962455f671af0c99594e380] common/sfc_efx/base: add flag to use Rx prefix user flag root@fbdev:/usr/local/share/dpdk-git # git bisect good Bisecting: 17 revisions left to test after this (roughly 4 steps) [7a0935239b9eb817c65c03554a9954ddb8ea5044] ethdev: make fast-path functions to use new flat array root@fbdev:/usr/local/share/dpdk-git # git bisect bad Bisecting: 8 revisions left to test after this (roughly 3 steps) [012bf708c20f4b23d055717e28f8de74887113d8] net/sfc: support group flows in tunnel offload root@fbdev:/usr/local/share/dpdk-git # git bisect good Bisecting: 4 revisions left to test after this (roughly 2 steps) [9df2d8f5cc9653d6413cb2240c067ea455ab7c3c] net/sfc: support counters in tunnel offload jump rules root@fbdev:/usr/local/share/dpdk-git # git bisect good Bisecting: 2 revisions left to test after this (roughly 1 step) [c024496ae8c8c075b0d0a3b43119475787b24b45] ethdev: allocate max space for internal queue array root@fbdev:/usr/local/share/dpdk-git # git bisect good Bisecting: 0 revisions left to test after this (roughly 1 step) [c87d435a4d79739c0cec2ed280b94b41cb908af7] ethdev: copy fast-path API into separate structure root@fbdev:/usr/local/share/dpdk-git # git bisect good 7a0935239b9eb817c65c03554a9954ddb8ea5044 is the first bad commit commit 7a0935239b9eb817c65c03554a9954ddb8ea5044 Author: Konstantin Ananyev Date: Wed Oct 13 14:37:02 2021 +0100 ethdev: make fast-path functions to use new flat array Rework fast-path eth
Re: [PATCH v3 4/5] common/cnxk: link REE support to ROC files
On Tue, Nov 30, 2021 at 1:30 AM wrote:
>
> From: Liron Himi
>
> add references to REE files from ROC files
>
> Signed-off-by: Liron Himi
> ---
> cnxk_logtype_nix;
> cnxk_logtype_npa;
> cnxk_logtype_npc;
> + cnxk_logtype_ree;
> cnxk_logtype_sso;
> cnxk_logtype_tim;
> cnxk_logtype_tm;
> @@ -347,6 +348,21 @@ INTERNAL {
> roc_tim_lf_enable;
> roc_tim_lf_free;
> roc_se_ctx_swap;
> -
> + roc_ree_af_reg_read;
> + roc_ree_af_reg_write;
> + roc_ree_config_lf;
> + roc_ree_dev_fini;
> + roc_ree_dev_init;
> + roc_ree_err_intr_register;
> + roc_ree_err_intr_unregister;
> + roc_ree_iq_disable;
> + roc_ree_iq_enable;
> + roc_ree_msix_offsets_get;
> + roc_ree_qp_get_base;
> + roc_ree_queues_attach;
> + roc_ree_queues_detach;
> + roc_ree_rule_db_get;
> + roc_ree_rule_db_len_get;
> + roc_ree_rule_db_prog;
We don't update .map files in a separate patch. Please update this to
the respective patch.
In short, this 4/5 patch can be squashed to respective patches.
Rest looks good to me. We can merge the next version if there are no
other comments.
> local: *;
> };
> --
> 2.28.0
>
RE: [PATCH] examples/ipsec-secgw: fix event dev start sequence
> Subject: [PATCH] examples/ipsec-secgw: fix event dev start sequence
>
> Start eventdev after complete initialization of event dev, rx adapter and tx
> adapter.
>
> Fixes: e0b0e55c8f15 ("examples/ipsec-secgw: add framework for event
> helper")
> Cc: ano...@marvell.com
> Cc: sta...@dpdk.org
>
> Signed-off-by: Nithin Dabilpuram
Acked-by: Anoob Joseph
RE: [EXT] Re: [PATCH v3 4/5] common/cnxk: link REE support to ROC files
Hi,
This patch is not just for map update.
what about all other changes?
Liron Himi
Park Azorim, Kyriat Arie, Petah Tikva, 49527, Israel
Mobile: +972.52.3329169
-Original Message-
From: Jerin Jacob
Sent: Monday, 6 December 2021 07:08
To: Liron Himi
Cc: Jerin Jacob Kollanukkaran ; dpdk-dev
Subject: [EXT] Re: [PATCH v3 4/5] common/cnxk: link REE support to ROC files
External Email
--
On Tue, Nov 30, 2021 at 1:30 AM wrote:
>
> From: Liron Himi
>
> add references to REE files from ROC files
>
> Signed-off-by: Liron Himi
> ---
> cnxk_logtype_nix;
> cnxk_logtype_npa;
> cnxk_logtype_npc;
> + cnxk_logtype_ree;
> cnxk_logtype_sso;
> cnxk_logtype_tim;
> cnxk_logtype_tm;
> @@ -347,6 +348,21 @@ INTERNAL {
> roc_tim_lf_enable;
> roc_tim_lf_free;
> roc_se_ctx_swap;
> -
> + roc_ree_af_reg_read;
> + roc_ree_af_reg_write;
> + roc_ree_config_lf;
> + roc_ree_dev_fini;
> + roc_ree_dev_init;
> + roc_ree_err_intr_register;
> + roc_ree_err_intr_unregister;
> + roc_ree_iq_disable;
> + roc_ree_iq_enable;
> + roc_ree_msix_offsets_get;
> + roc_ree_qp_get_base;
> + roc_ree_queues_attach;
> + roc_ree_queues_detach;
> + roc_ree_rule_db_get;
> + roc_ree_rule_db_len_get;
> + roc_ree_rule_db_prog;
We don't update .map files in a separate patch. Please update this to the
respective patch.
In short, this 4/5 patch can be squashed to respective patches.
Rest looks good to me. We can merge the next version if there are no other
comments.
> local: *;
> };
> --
> 2.28.0
>
[PATCH 00/13] Add new cases to lookaside IPsec tests
Add new tests to lookaside IPsec tests. * Support for chained operations. * AES-CBC 128 NULL auth known vector tests. * AES-CBC 128 HMAC-SHA256 known vector tests. * AES-CBC 128 HMAC-SHA384 known vector tests. * AES-CBC 128 HMAC-SHA512 known vector tests. * NULL cipher AES-XCBC known vector tests. * Tunnel mode tests * IPv6 in IPv6 * IPv4 in IPv4 * IPv4 in IPv6 * IPv6 in IPv4 * IPv4 transport mode tests. * Security stats tests. * AES-CTR tests. * set/copy DF tests. Ankur Dwivedi (1): test/crypto: add security stats cases Anoob Joseph (5): test/crypto: add IPsec aes-cbc known vectors test/crypto: add chained operations in combined cases test/crypto: add transport mode cases test/crypto: add aes xcbc known vectors test/crypto: add copy and set DF cases Tejasree Kondoj (7): test/crypto: add IPsec AES-CBC-HMAC-SHA256 known vectors test/crypto: add IPv6 tunnel mode cases test/crypto: add IPsec HMAC-SHA384/512 known vectors test/crypto: add IPsec fragmented packet known vectors test/crypto: add lookaside IPsec AES-CTR known vectors test/crypto: add fragmented packet case test/crypto: skip null auth in ICV corrupt case app/test/test_cryptodev.c | 395 +- app/test/test_cryptodev_security_ipsec.c | 352 - app/test/test_cryptodev_security_ipsec.h | 113 +++ .../test_cryptodev_security_ipsec_test_vectors.h | 828 + doc/guides/rel_notes/release_22_03.rst | 18 + 5 files changed, 1664 insertions(+), 42 deletions(-) -- 2.7.4
[PATCH 01/13] test/crypto: add IPsec aes-cbc known vectors
Extend the framework to support chained operations and add
AES-CBC 128 known vector tests.
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c | 62 ++--
app/test/test_cryptodev_security_ipsec.c | 51 ++
app/test/test_cryptodev_security_ipsec.h | 8 ++
.../test_cryptodev_security_ipsec_test_vectors.h | 110 +
4 files changed, 222 insertions(+), 9 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 293f59b..1e4b690 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9191,23 +9191,59 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
return TEST_SKIPPED;
}
} else {
- /* Only AEAD supported now */
- return TEST_SKIPPED;
+ memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher,
+ sizeof(ut_params->cipher_xform));
+ memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth,
+ sizeof(ut_params->auth_xform));
+ ut_params->cipher_xform.cipher.key.data = td[0].key.data;
+ ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+ ut_params->auth_xform.auth.key.data = td[0].key.data;
+
+ /* Verify crypto capabilities */
+
+ if (test_ipsec_crypto_caps_cipher_verify(
+ sec_cap,
+ &ut_params->cipher_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Cipher crypto capabilities not
supported\n");
+ return TEST_SKIPPED;
+ }
+
+ if (test_ipsec_crypto_caps_auth_verify(
+ sec_cap,
+ &ut_params->auth_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Auth crypto capabilities not
supported\n");
+ return TEST_SKIPPED;
+ }
}
if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0)
return TEST_SKIPPED;
- salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
- memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
-
struct rte_security_session_conf sess_conf = {
.action_type = ut_params->type,
.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
- .ipsec = ipsec_xform,
- .crypto_xform = &ut_params->aead_xform,
};
+ if (td[0].aead) {
+ salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
+ memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
+ sess_conf.ipsec = ipsec_xform;
+ sess_conf.crypto_xform = &ut_params->aead_xform;
+ } else {
+ sess_conf.ipsec = ipsec_xform;
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ sess_conf.crypto_xform = &ut_params->cipher_xform;
+ ut_params->cipher_xform.next = &ut_params->auth_xform;
+ } else {
+ sess_conf.crypto_xform = &ut_params->auth_xform;
+ ut_params->auth_xform.next = &ut_params->cipher_xform;
+ }
+ }
+
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
ts_params->session_mpool,
@@ -9316,14 +9352,18 @@ test_ipsec_proto_known_vec(const void *test_data)
}
static int
-test_ipsec_proto_known_vec_inb(const void *td_outb)
+test_ipsec_proto_known_vec_inb(const void *test_data)
{
+ const struct ipsec_test_data *td = test_data;
struct ipsec_test_flags flags;
struct ipsec_test_data td_inb;
memset(&flags, 0, sizeof(flags));
- test_ipsec_td_in_from_out(td_outb, &td_inb);
+ if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+ test_ipsec_td_in_from_out(td, &td_inb);
+ else
+ memcpy(&td_inb, td, sizeof(td_inb));
return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags);
}
@@ -14394,6 +14434,10 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM
256)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC
128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null),
TEST_CASE_NAMED_ST(
[PATCH 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 known vectors
From: Tejasree Kondoj
Adding lookaside IPsec AES-CBC-HMAC-SHA256 test cases.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c | 12 ++-
app/test/test_cryptodev_security_ipsec.h | 3 +
.../test_cryptodev_security_ipsec_test_vectors.h | 109 +
3 files changed, 123 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 1e4b690..3fa618d 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9197,7 +9197,7 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
sizeof(ut_params->auth_xform));
ut_params->cipher_xform.cipher.key.data = td[0].key.data;
ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
- ut_params->auth_xform.auth.key.data = td[0].key.data;
+ ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
/* Verify crypto capabilities */
@@ -14423,6 +14423,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec, &pkt_aes_256_gcm),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC
128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
@@ -14438,6 +14443,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Inbound known vector (ESP tunnel mode IPv4 AES-CBC
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128
HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha256),
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 91c6cd4..70a264a 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -14,6 +14,9 @@ struct ipsec_test_data {
struct {
uint8_t data[32];
} key;
+ struct {
+ uint8_t data[32];
+ } auth_key;
struct {
uint8_t data[1024];
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h
b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index bf831e9..16c88fe 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -434,4 +434,113 @@ struct ipsec_test_data pkt_aes_128_cbc_null = {
},
};
+struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
+ .key = {
+ .data = {
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x0a, 0x0b, 0x0c, 0x0f, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+ 0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+ 0xc0, 0xa8, 0x01, 0x70,
+
+ /* UDP */
+ 0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+ 0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 50,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x45, 0x00, 0x00, 0x7c, 0x00, 0x01, 0x00, 0x00,
+ 0x40, 0x32, 0x52, 0x4d, 0x14, 0x00, 0x00, 0x01,
+ 0x14, 0x00, 0x00, 0x02,
+
+ /* ESP */
+
[PATCH 03/13] test/crypto: add chained operations in combined cases
Extend lookaside IPsec combined mode cases to cover chained operations
also.
Currently covering combinations of,
Ciphers,
1. AES-128-CBC
Auth,
1. NULL
2. SHA2-256 [16B ICV]
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c| 11 +++--
app/test/test_cryptodev_security_ipsec.c | 77 +---
app/test/test_cryptodev_security_ipsec.h | 36 +++
3 files changed, 103 insertions(+), 21 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 3fa618d..2a7ede6 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -835,6 +835,8 @@ ipsec_proto_testsuite_setup(void)
ret = TEST_SKIPPED;
}
+ test_ipsec_alg_list_populate();
+
/*
* Stop the device. Device would be started again by individual test
* case setup routine.
@@ -9381,9 +9383,9 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
flags->sa_expiry_pkts_hard)
nb_pkts = IPSEC_TEST_PACKETS_MAX;
- for (i = 0; i < RTE_DIM(aead_list); i++) {
- test_ipsec_td_prepare(&aead_list[i],
- NULL,
+ for (i = 0; i < RTE_DIM(alg_list); i++) {
+ test_ipsec_td_prepare(alg_list[i].param1,
+ alg_list[i].param2,
flags,
td_outb,
nb_pkts);
@@ -9407,7 +9409,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
return TEST_FAILED;
if (flags->display_alg)
- test_ipsec_display_alg(&aead_list[i], NULL);
+ test_ipsec_display_alg(alg_list[i].param1,
+ alg_list[i].param2);
pass_cnt++;
}
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 45960bf..5f67dc0 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -15,7 +15,29 @@
#define IV_LEN_MAX 16
-extern struct ipsec_test_data pkt_aes_256_gcm;
+struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
+ (RTE_DIM(cipher_list) *
+ RTE_DIM(auth_list))];
+
+void
+test_ipsec_alg_list_populate(void)
+{
+ unsigned long i, j, index = 0;
+
+ for (i = 0; i < RTE_DIM(aead_list); i++) {
+ alg_list[index].param1 = &aead_list[i];
+ alg_list[index].param2 = NULL;
+ index++;
+ }
+
+ for (i = 0; i < RTE_DIM(cipher_list); i++) {
+ for (j = 0; j < RTE_DIM(auth_list); j++) {
+ alg_list[index].param1 = &cipher_list[i];
+ alg_list[index].param2 = &auth_list[j];
+ index++;
+ }
+ }
+}
int
test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
@@ -293,18 +315,31 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
for (i = 0; i < nb_td; i++) {
td = &td_array[i];
- /* Copy template for packet & key fields */
- memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
- /* Override fields based on param */
+ /* Prepare fields based on param */
+
+ if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ /* Copy template for packet & key fields */
+ memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
- if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
td->aead = true;
- else
+ td->xform.aead.aead.algo = param1->alg.aead;
+ td->xform.aead.aead.key.length = param1->key_length;
+ } else {
+ /* Copy template for packet & key fields */
+ memcpy(td, &pkt_aes_128_cbc_hmac_sha256, sizeof(*td));
+
td->aead = false;
+ td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
+ td->xform.chain.cipher.cipher.key.length =
+ param1->key_length;
+ td->xform.chain.auth.auth.algo = param2->alg.auth;
+ td->xform.chain.auth.auth.key.length =
+ param2->key_length;
+ td->xform.chain.auth.auth.digest_length =
+ param2->digest_length;
- td->xform.aead.aead.algo = param1->alg.aead;
- td->xform.aead.aead.key.length = param1->key_length;
+ }
if (flags->iv_gen)
td->ipsec_xform.options.iv_gen_disable = 0;
@@ -324,8 +359,6 @@ test_ipsec_td_prepare(const struct crypto_p
[PATCH 04/13] test/crypto: add IPv6 tunnel mode cases
From: Tejasree Kondoj
Add IPv6 known vector and combined mode tests.
Following modes are added:
Tunnel IPv6 in IPv6
Tunnel IPv4 in IPv4
Tunnel IPv4 in IPv6
Tunnel IPv6 in IPv4
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c | 102 ++-
app/test/test_cryptodev_security_ipsec.c | 74 +++-
app/test/test_cryptodev_security_ipsec.h | 4 +
.../test_cryptodev_security_ipsec_test_vectors.h | 202 +
4 files changed, 378 insertions(+), 4 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 2a7ede6..f2c677d 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9125,6 +9125,10 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
bool silent,
const struct ipsec_test_flags *flags)
{
+ uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x, 0x,
+ 0x, 0x001a};
+ uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174,
+ 0xe82c, 0x4887};
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
struct rte_security_capability_idx sec_cap_idx;
@@ -9158,8 +9162,16 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
dst += 1;
}
- memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
- memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
+ memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+ } else {
+ memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+ sizeof(v6_src));
+ memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+ sizeof(v6_dst));
+ }
ctx = rte_cryptodev_get_sec_ctx(dev_id);
@@ -9555,6 +9567,58 @@ test_ipsec_proto_inner_l4_csum(const void *data
__rte_unused)
}
static int
+test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14431,6 +14495,15 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-GCM
128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-CBC
128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
@@ -14451,6 +14524,15 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 AES-GCM
128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes
[PATCH 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors
From: Tejasree Kondoj
Add lookaside IPsec HMAC-SHA384/512 known vectors.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c | 20 ++
app/test/test_cryptodev_security_ipsec.h | 14 +-
.../test_cryptodev_security_ipsec_test_vectors.h | 213 +
3 files changed, 246 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f2c677d..cb335fc 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -14495,6 +14495,16 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC
128 HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC
128 HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
"Outbound known vector (ESP tunnel mode IPv6 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
@@ -14525,6 +14535,16 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha256),
TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128
HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128
HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv6 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6),
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 69e81ae..d74eee7 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -15,7 +15,7 @@ struct ipsec_test_data {
uint8_t data[32];
} key;
struct {
- uint8_t data[32];
+ uint8_t data[64];
} auth_key;
struct {
@@ -113,6 +113,18 @@ static const struct crypto_param auth_list[] = {
.key_length = 32,
.digest_length = 16,
},
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC,
+ .key_length = 48,
+ .digest_length = 24,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC,
+ .key_length = 64,
+ .digest_length = 32,
+ },
};
struct crypto_param_comb {
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h
b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index 04ccbf0..b8661f7 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -640,6 +640,219 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
},
};
+struct ipsec_test_data pkt_aes_128_cbc_hmac_sha384 = {
+ .key = {
+ .data = {
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x0a, 0x0b, 0x0c, 0x0f, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+ 0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x0
