diff options
| -rw-r--r-- | test/validation/api/ipsec/ipsec.c | 46 | ||||
| -rw-r--r-- | test/validation/api/ipsec/ipsec.h | 8 | ||||
| -rw-r--r-- | test/validation/api/ipsec/ipsec_test_out.c | 92 |
3 files changed, 138 insertions, 8 deletions
diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 1458e9953..2d48edc56 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -18,7 +18,6 @@ struct suite_context_s suite_context; #define PKT_POOL_NUM 64 -#define PKT_POOL_LEN (1 * 1024) #define PACKET_USER_PTR ((void *)0x1212fefe) #define IPSEC_SA_CTX ((void *)0xfefefafa) @@ -817,6 +816,35 @@ static void ipsec_pkt_auth_err_set(odp_packet_t pkt) odp_packet_copy_from_mem(pkt, len - sizeof(data), sizeof(data), &data); } +static void ipsec_pkt_v4_check_udp_encap(odp_packet_t pkt) +{ + uint32_t l3_off = odp_packet_l3_offset(pkt); + odph_ipv4hdr_t ip; + + odp_packet_copy_to_mem(pkt, l3_off, sizeof(ip), &ip); + + CU_ASSERT(ip.proto == ODPH_IPPROTO_UDP); +} + +static void ipsec_pkt_v6_check_udp_encap(odp_packet_t pkt) +{ + uint32_t l3_off = odp_packet_l3_offset(pkt); + odph_ipv6hdr_ext_t ext; + odph_ipv6hdr_t ip; + uint8_t next_hdr; + + odp_packet_copy_to_mem(pkt, l3_off, sizeof(ip), &ip); + + next_hdr = ip.next_hdr; + + if (ip.next_hdr == ODPH_IPPROTO_HOPOPTS) { + odp_packet_copy_to_mem(pkt, l3_off + sizeof(ip), sizeof(ext), &ext); + next_hdr = ext.next_hdr; + } + + CU_ASSERT(next_hdr == ODPH_IPPROTO_UDP); +} + void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) { int num_out = part->num_pkt; @@ -961,6 +989,14 @@ void ipsec_check_out_in_one(const ipsec_test_part *part, if (part->flags.stats == IPSEC_TEST_STATS_AUTH_ERR) ipsec_pkt_auth_err_set(pkto[i]); + if (part->flags.udp_encap) { + if ((!part->flags.tunnel && part->flags.v6) || + (part->flags.tunnel && part->flags.tunnel_is_v6)) + ipsec_pkt_v6_check_udp_encap(pkto[i]); + else + ipsec_pkt_v4_check_udp_encap(pkto[i]); + } + pkt_in.len = odp_packet_len(pkto[i]); pkt_in.l2_offset = odp_packet_l2_offset(pkto[i]); pkt_in.l3_offset = odp_packet_l3_offset(pkto[i]); @@ -1049,19 +1085,19 @@ int ipsec_init(odp_instance_t *inst, odp_ipsec_op_mode_t mode) } odp_pool_param_init(¶ms); - params.pkt.seg_len = PKT_POOL_LEN; - params.pkt.len = PKT_POOL_LEN; + params.pkt.seg_len = MAX_PKT_LEN; + params.pkt.len = MAX_PKT_LEN; params.pkt.num = PKT_POOL_NUM; params.type = ODP_POOL_PACKET; if (pool_capa.pkt.max_seg_len && - PKT_POOL_LEN > pool_capa.pkt.max_seg_len) { + MAX_PKT_LEN > pool_capa.pkt.max_seg_len) { fprintf(stderr, "Warning: small packet segment length\n"); params.pkt.seg_len = pool_capa.pkt.max_seg_len; } if (pool_capa.pkt.max_len && - PKT_POOL_LEN > pool_capa.pkt.max_len) { + MAX_PKT_LEN > pool_capa.pkt.max_len) { fprintf(stderr, "Pool max packet length too small\n"); return -1; } diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index 3bbcb7b64..8b332b2f7 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -36,12 +36,14 @@ struct suite_context_s { extern struct suite_context_s suite_context; +#define MAX_PKT_LEN 1024 + typedef struct { uint32_t len; uint32_t l2_offset; uint32_t l3_offset; uint32_t l4_offset; - uint8_t data[256]; + uint8_t data[MAX_PKT_LEN]; } ipsec_test_packet; #define _ODP_PROTO_L3_TYPE_UNDEF ((odp_proto_l3_type_t)-1) @@ -60,6 +62,10 @@ typedef struct { odp_bool_t ah; odp_bool_t inline_hdr_in_packet; odp_bool_t test_sa_seq_num; + odp_bool_t v6; + odp_bool_t tunnel; + odp_bool_t tunnel_is_v6; + odp_bool_t udp_encap; enum ipsec_test_stats stats; } ipsec_test_flags; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 6f285d59a..8b279f152 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -395,6 +395,18 @@ static void test_out_in_common(ipsec_test_flags *flags, const odp_crypto_key_t *cipher_key_extra, const odp_crypto_key_t *auth_key_extra) { + odp_ipsec_tunnel_param_t *tun_ptr = NULL; + odp_ipsec_tunnel_param_t tunnel; + uint32_t src_v4 = IPV4ADDR(10, 0, 111, 2); + uint32_t dst_v4 = IPV4ADDR(10, 0, 222, 2); + uint8_t src_v6[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst_v6[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; odp_ipsec_sa_param_t param; odp_ipsec_stats_t stats; odp_ipsec_sa_t sa_out; @@ -407,22 +419,46 @@ static void test_out_in_common(ipsec_test_flags *flags, (auth == ODP_AUTH_ALG_NULL)) return; + if (flags->tunnel) { + if (flags->tunnel_is_v6) { + memset(&tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + tunnel.type = ODP_IPSEC_TUNNEL_IPV6; + tunnel.ipv6.src_addr = &src_v6; + tunnel.ipv6.dst_addr = &dst_v6; + tunnel.ipv6.hlimit = 64; + tun_ptr = &tunnel; + } else { + memset(&tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + tunnel.type = ODP_IPSEC_TUNNEL_IPV4; + tunnel.ipv4.src_addr = &src_v4; + tunnel.ipv4.dst_addr = &dst_v4; + tunnel.ipv4.ttl = 64; + tun_ptr = &tunnel; + } + } + ipsec_sa_param_fill(¶m, - false, flags->ah, 123, NULL, + false, flags->ah, 123, tun_ptr, cipher, cipher_key, auth, auth_key, cipher_key_extra, auth_key_extra); + if (flags->udp_encap) + param.opt.udp_encap = 1; + sa_out = odp_ipsec_sa_create(¶m); CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa_out); ipsec_sa_param_fill(¶m, - true, flags->ah, 123, NULL, + true, flags->ah, 123, tun_ptr, cipher, cipher_key, auth, auth_key, cipher_key_extra, auth_key_extra); + if (flags->udp_encap) + param.opt.udp_encap = 1; + sa_in = odp_ipsec_sa_create(¶m); CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa_in); @@ -446,6 +482,16 @@ static void test_out_in_common(ipsec_test_flags *flags, }, }; + if (flags->v6) { + test.pkt_in = &pkt_ipv6_icmp_0; + test.out[0].l3_type = ODP_PROTO_L3_TYPE_IPV6; + test.out[0].l4_type = ODP_PROTO_L4_TYPE_ICMPV6; + test.out[0].pkt_res = &pkt_ipv6_icmp_0; + test.in[0].l3_type = ODP_PROTO_L3_TYPE_IPV6; + test.in[0].l4_type = ODP_PROTO_L4_TYPE_ICMPV6; + test.in[0].pkt_res = &pkt_ipv6_icmp_0; + } + test.flags = *flags; if (flags->stats == IPSEC_TEST_STATS_PROTO_ERR) @@ -1495,6 +1541,47 @@ static void test_ipsec_stats(void) printf("\n "); } +static void test_udp_encap(void) +{ + ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + flags.udp_encap = 1; + flags.tunnel = 0; + + printf("\n IPv4 Transport"); + flags.v6 = 0; + test_esp_out_in_all(&flags); + + printf("\n IPv6 Transport"); + flags.v6 = 1; + test_esp_out_in_all(&flags); + + flags.tunnel = 1; + + printf("\n IPv4-in-IPv4 Tunnel"); + flags.v6 = 0; + flags.tunnel_is_v6 = 0; + test_esp_out_in_all(&flags); + + printf("\n IPv4-in-IPv6 Tunnel"); + flags.v6 = 0; + flags.tunnel_is_v6 = 1; + test_esp_out_in_all(&flags); + + printf("\n IPv6-in-IPv4 Tunnel"); + flags.v6 = 1; + flags.tunnel_is_v6 = 0; + test_esp_out_in_all(&flags); + + printf("\n IPv6-in-IPv6 Tunnel"); + flags.v6 = 1; + flags.tunnel_is_v6 = 1; + test_esp_out_in_all(&flags); + + printf("\n "); +} + odp_testinfo_t ipsec_out_suite[] = { ODP_TEST_INFO(ipsec_test_capability), ODP_TEST_INFO(ipsec_test_default_values), @@ -1555,5 +1642,6 @@ odp_testinfo_t ipsec_out_suite[] = { is_out_mode_inline), ODP_TEST_INFO(test_ah_out_in_all), ODP_TEST_INFO(test_ipsec_stats), + ODP_TEST_INFO(test_udp_encap), ODP_TEST_INFO_NULL, }; |