1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2010-2014 Intel Corporation
3 */
4
5 #include "test.h"
6
7 #include <stdio.h>
8 #include <stdint.h>
9 #include <stdlib.h>
10 #include <string.h>
11
12 #ifdef RTE_EXEC_ENV_WINDOWS
13 static int
test_ipsec_sad(void)14 test_ipsec_sad(void)
15 {
16 printf("ipsec_sad not supported on Windows, skipping test\n");
17 return TEST_SKIPPED;
18 }
19
20 #else
21
22 #include <rte_ipsec_sad.h>
23 #include <rte_memory.h>
24
25 #include "test_xmmt_ops.h"
26
27 typedef int32_t (*rte_ipsec_sad_test)(void);
28
29 static int32_t test_create_invalid(void);
30 static int32_t test_find_existing(void);
31 static int32_t test_multiple_create(void);
32 static int32_t test_add_invalid(void);
33 static int32_t test_delete_invalid(void);
34 static int32_t test_lookup_invalid(void);
35 static int32_t test_lookup_basic(void);
36 static int32_t test_lookup_adv(void);
37 static int32_t test_lookup_order(void);
38
39 #define MAX_SA 100000
40 #define PASS 0
41 #define SPI 0xdead /* spi to install */
42 #define DIP 0xbeef /* dip to install */
43 #define SIP 0xf00d /* sip to install */
44 #define BAD 0xbad /* some random value not installed into the table */
45
46 /*
47 * Check that rte_ipsec_sad_create fails gracefully for incorrect user input
48 * arguments
49 */
50 int32_t
test_create_invalid(void)51 test_create_invalid(void)
52 {
53 struct rte_ipsec_sad *sad = NULL;
54 struct rte_ipsec_sad_conf config;
55
56 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
57 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = MAX_SA;
58 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = MAX_SA;
59 config.socket_id = SOCKET_ID_ANY;
60 config.flags = 0;
61
62 /* name == NULL */
63 sad = rte_ipsec_sad_create(NULL, &config);
64 RTE_TEST_ASSERT(sad == NULL,
65 "Call succeeded with invalid parameters\n");
66
67 /* max_sa for every type = 0 */
68 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = 0;
69 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = 0;
70 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = 0;
71 sad = rte_ipsec_sad_create(__func__, &config);
72 RTE_TEST_ASSERT(sad == NULL,
73 "Call succeeded with invalid parameters\n");
74 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
75 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = MAX_SA;
76 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = MAX_SA;
77
78 /* socket_id < -1 is invalid */
79 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
80 config.socket_id = -2;
81 sad = rte_ipsec_sad_create(__func__, &config);
82 RTE_TEST_ASSERT(sad == NULL,
83 "Call succeeded with invalid parameters\n");
84 config.socket_id = SOCKET_ID_ANY;
85
86 return TEST_SUCCESS;
87 }
88
89 /*
90 * Test rte_ipsec_sad_find_existing()
91 * Create SAD and try to find it by it's name
92 */
93 int32_t
test_find_existing(void)94 test_find_existing(void)
95 {
96 const char *name1 = "sad_one";
97 const char *name2 = "sad_two";
98 struct rte_ipsec_sad *one, *two, *tmp;
99 struct rte_ipsec_sad_conf config;
100
101 config.socket_id = SOCKET_ID_ANY;
102 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
103 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = 0;
104 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = 0;
105 one = rte_ipsec_sad_create(name1, &config);
106 RTE_TEST_ASSERT_NOT_NULL(one, "Failed to create SAD\n");
107 two = rte_ipsec_sad_create(name2, &config);
108 RTE_TEST_ASSERT_NOT_NULL(two, "Failed to create SAD\n");
109
110 /* Find non existing */
111 tmp = rte_ipsec_sad_find_existing("sad_three");
112 RTE_TEST_ASSERT(tmp == NULL,
113 "rte_ipsec_sad_find_existing returns invalid SAD\n");
114
115 tmp = rte_ipsec_sad_find_existing(name1);
116 RTE_TEST_ASSERT(tmp == one,
117 "rte_ipsec_sad_find_existing returns invalid SAD\n");
118
119 tmp = rte_ipsec_sad_find_existing(name2);
120 RTE_TEST_ASSERT(tmp == two,
121 "rte_ipsec_sad_find_existing returns invalid SAD\n");
122
123 rte_ipsec_sad_destroy(one);
124 rte_ipsec_sad_destroy(two);
125 return TEST_SUCCESS;
126 }
127
128 /*
129 * Create ipsec sad then delete it 10 times
130 * Use a slightly different max_sa each time
131 */
132 int32_t
test_multiple_create(void)133 test_multiple_create(void)
134 {
135 int i;
136 struct rte_ipsec_sad *sad = NULL;
137 struct rte_ipsec_sad_conf config;
138
139 config.socket_id = SOCKET_ID_ANY;
140 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = MAX_SA;
141 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = MAX_SA;
142
143 for (i = 0; i < 10; i++) {
144 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA - i;
145 sad = rte_ipsec_sad_create(__func__, &config);
146 RTE_TEST_ASSERT_NOT_NULL(sad, "Failed to create SAD\n");
147 rte_ipsec_sad_destroy(sad);
148 }
149 return TEST_SUCCESS;
150 }
151
152 static int32_t
__test_add_invalid(int ipv6,union rte_ipsec_sad_key * tuple)153 __test_add_invalid(int ipv6, union rte_ipsec_sad_key *tuple)
154 {
155 int status;
156 struct rte_ipsec_sad *sad = NULL;
157 struct rte_ipsec_sad_conf config;
158 uint64_t tmp;
159 void *sa = &tmp;
160
161 /* sad == NULL*/
162 status = rte_ipsec_sad_add(NULL, tuple,
163 RTE_IPSEC_SAD_SPI_DIP_SIP, sa);
164 RTE_TEST_ASSERT(status < 0,
165 "Call succeeded with invalid parameters\n");
166
167 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
168 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = MAX_SA;
169 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = MAX_SA;
170 config.socket_id = SOCKET_ID_ANY;
171 config.flags = 0;
172 if (ipv6)
173 config.flags = RTE_IPSEC_SAD_FLAG_IPV6;
174
175 sad = rte_ipsec_sad_create(__func__, &config);
176 RTE_TEST_ASSERT_NOT_NULL(sad, "Failed to create SAD\n");
177
178 /* key == NULL*/
179 status = rte_ipsec_sad_add(sad, NULL, RTE_IPSEC_SAD_SPI_DIP_SIP, sa);
180 RTE_TEST_ASSERT(status < 0,
181 "Call succeeded with invalid parameters\n");
182
183 /* len is incorrect*/
184 status = rte_ipsec_sad_add(sad, tuple,
185 RTE_IPSEC_SAD_SPI_DIP_SIP + 1, sa);
186 RTE_TEST_ASSERT(status < 0,
187 "Call succeeded with invalid parameters\n");
188
189 /* sa == NULL*/
190 status = rte_ipsec_sad_add(sad, tuple,
191 RTE_IPSEC_SAD_SPI_DIP_SIP, NULL);
192 RTE_TEST_ASSERT(status < 0,
193 "Call succeeded with invalid parameters\n");
194
195 /* sa is not aligned*/
196 status = rte_ipsec_sad_add(sad, tuple,
197 RTE_IPSEC_SAD_SPI_DIP_SIP, (void *)((uint8_t *)sa + 1));
198 RTE_TEST_ASSERT(status < 0,
199 "Call succeeded with invalid parameters\n");
200
201 rte_ipsec_sad_destroy(sad);
202
203 return TEST_SUCCESS;
204 }
205
206 /*
207 * Check that rte_ipsec_sad_add fails gracefully
208 * for incorrect user input arguments
209 */
210 int32_t
test_add_invalid(void)211 test_add_invalid(void)
212 {
213 int status;
214 struct rte_ipsec_sadv4_key tuple_v4 = {10, 20, 30};
215 struct rte_ipsec_sadv6_key tuple_v6 = {10, {20, }, {30, } };
216
217 status = __test_add_invalid(0, (union rte_ipsec_sad_key *)&tuple_v4);
218 if (status != TEST_SUCCESS)
219 return status;
220
221 status = __test_add_invalid(1, (union rte_ipsec_sad_key *)&tuple_v6);
222
223 return status;
224
225 }
226
227 static int32_t
__test_delete_invalid(int ipv6,union rte_ipsec_sad_key * tuple)228 __test_delete_invalid(int ipv6, union rte_ipsec_sad_key *tuple)
229 {
230 int status;
231 struct rte_ipsec_sad *sad = NULL;
232 struct rte_ipsec_sad_conf config;
233
234 /* sad == NULL*/
235 status = rte_ipsec_sad_del(NULL, tuple, RTE_IPSEC_SAD_SPI_DIP_SIP);
236 RTE_TEST_ASSERT(status < 0,
237 "Call succeeded with invalid parameters\n");
238
239 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
240 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = MAX_SA;
241 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = MAX_SA;
242 config.socket_id = SOCKET_ID_ANY;
243 config.flags = 0;
244 if (ipv6)
245 config.flags = RTE_IPSEC_SAD_FLAG_IPV6;
246
247 sad = rte_ipsec_sad_create(__func__, &config);
248 RTE_TEST_ASSERT_NOT_NULL(sad, "Failed to create SAD\n");
249
250 /* key == NULL*/
251 status = rte_ipsec_sad_del(sad, NULL, RTE_IPSEC_SAD_SPI_DIP_SIP);
252 RTE_TEST_ASSERT(status < 0,
253 "Call succeeded with invalid parameters\n");
254
255 /* len is incorrect */
256 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP_SIP + 1);
257 RTE_TEST_ASSERT(status < 0,
258 "Call succeeded with invalid parameters\n");
259
260 rte_ipsec_sad_destroy(sad);
261
262 return TEST_SUCCESS;
263 }
264
265 /*
266 * Check that rte_ipsec_sad_delete fails gracefully for incorrect user input
267 * arguments
268 */
269 int32_t
test_delete_invalid(void)270 test_delete_invalid(void)
271 {
272 int status;
273 struct rte_ipsec_sadv4_key tuple_v4 = {SPI, DIP, SIP};
274 struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, },
275 {0xf0, 0x0d, } };
276
277 status = __test_delete_invalid(0, (union rte_ipsec_sad_key *)&tuple_v4);
278 if (status != TEST_SUCCESS)
279 return status;
280
281 status = __test_delete_invalid(1, (union rte_ipsec_sad_key *)&tuple_v6);
282
283 return status;
284 }
285
286 static int32_t
__test_lookup_invalid(int ipv6,union rte_ipsec_sad_key * tuple)287 __test_lookup_invalid(int ipv6, union rte_ipsec_sad_key *tuple)
288 {
289 int status;
290 struct rte_ipsec_sad *sad = NULL;
291 struct rte_ipsec_sad_conf config;
292 const union rte_ipsec_sad_key *key_arr[] = {tuple};
293 void *sa[1];
294
295 status = rte_ipsec_sad_lookup(NULL, key_arr, sa, 1);
296 RTE_TEST_ASSERT(status < 0,
297 "Call succeeded with invalid parameters\n");
298
299 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
300 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = MAX_SA;
301 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = MAX_SA;
302 config.socket_id = SOCKET_ID_ANY;
303 config.flags = 0;
304 if (ipv6)
305 config.flags = RTE_IPSEC_SAD_FLAG_IPV6;
306
307 sad = rte_ipsec_sad_create(__func__, &config);
308 RTE_TEST_ASSERT_NOT_NULL(sad, "Failed to create SAD\n");
309
310 status = rte_ipsec_sad_lookup(sad, NULL, sa, 1);
311 RTE_TEST_ASSERT(status < 0,
312 "Call succeeded with invalid parameters\n");
313
314 status = rte_ipsec_sad_lookup(sad, key_arr, NULL, 1);
315 RTE_TEST_ASSERT(status < 0,
316 "Call succeeded with invalid parameters\n");
317
318 rte_ipsec_sad_destroy(sad);
319
320 return TEST_SUCCESS;
321 }
322
323 /*
324 * Check that rte_ipsec_sad_lookup fails gracefully for incorrect user input
325 * arguments
326 */
327 int32_t
test_lookup_invalid(void)328 test_lookup_invalid(void)
329 {
330 int status;
331 struct rte_ipsec_sadv4_key tuple_v4 = {10, 20, 30};
332 struct rte_ipsec_sadv6_key tuple_v6 = {10, {20, }, {30, } };
333
334 status = __test_lookup_invalid(0,
335 (union rte_ipsec_sad_key *)&tuple_v4);
336 if (status != TEST_SUCCESS)
337 return status;
338
339 status = __test_lookup_invalid(1,
340 (union rte_ipsec_sad_key *)&tuple_v6);
341
342 return status;
343 }
344
345 static int32_t
__test_lookup_basic(int ipv6,union rte_ipsec_sad_key * tuple,union rte_ipsec_sad_key * tuple_1)346 __test_lookup_basic(int ipv6, union rte_ipsec_sad_key *tuple,
347 union rte_ipsec_sad_key *tuple_1)
348 {
349 int status;
350 struct rte_ipsec_sad *sad = NULL;
351 struct rte_ipsec_sad_conf config;
352 const union rte_ipsec_sad_key *key_arr[] = {tuple};
353
354 uint64_t tmp;
355 void *sa[1];
356
357 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
358 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = MAX_SA;
359 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = MAX_SA;
360 config.socket_id = SOCKET_ID_ANY;
361 config.flags = 0;
362 if (ipv6)
363 config.flags = RTE_IPSEC_SAD_FLAG_IPV6;
364
365 sad = rte_ipsec_sad_create(__func__, &config);
366 RTE_TEST_ASSERT_NOT_NULL(sad, "Failed to create SAD\n");
367
368 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 1);
369 RTE_TEST_ASSERT((status == 0) && (sa[0] == NULL),
370 "Lookup returns an unexpected result\n");
371
372 sa[0] = &tmp;
373 status = rte_ipsec_sad_add(sad, tuple, RTE_IPSEC_SAD_SPI_ONLY, sa[0]);
374 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
375
376 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 1);
377 RTE_TEST_ASSERT((status == 1) && (sa[0] == &tmp),
378 "Lookup returns an unexpected result\n");
379
380 key_arr[0] = tuple_1;
381 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 1);
382 RTE_TEST_ASSERT((status == 1) && (sa[0] == &tmp),
383 "Lookup returns an unexpected result\n");
384 key_arr[0] = tuple;
385
386 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_ONLY);
387 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
388
389 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 1);
390 RTE_TEST_ASSERT((status == 0) && (sa[0] == NULL),
391 "Lookup returns an unexpected result\n");
392
393 rte_ipsec_sad_destroy(sad);
394
395 return TEST_SUCCESS;
396 }
397
398 /*
399 * Lookup missing key, then add it as RTE_IPSEC_SAD_SPI_ONLY, lookup it again,
400 * lookup different key with the same SPI, then delete it and repeat lookup
401 */
402 int32_t
test_lookup_basic(void)403 test_lookup_basic(void)
404 {
405 int status;
406 struct rte_ipsec_sadv4_key tuple_v4 = {SPI, DIP, SIP};
407 struct rte_ipsec_sadv4_key tuple_v4_1 = {SPI, BAD, BAD};
408 struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, },
409 {0xf0, 0x0d, } };
410 struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, {0x0b, 0xad, },
411 {0x0b, 0xad, } };
412
413 status = __test_lookup_basic(0, (union rte_ipsec_sad_key *)&tuple_v4,
414 (union rte_ipsec_sad_key *)&tuple_v4_1);
415 if (status != TEST_SUCCESS)
416 return status;
417
418 status = __test_lookup_basic(1, (union rte_ipsec_sad_key *)&tuple_v6,
419 (union rte_ipsec_sad_key *)&tuple_v6_1);
420
421 return status;
422 }
423
424 static int32_t
__test_lookup_adv(int ipv6,union rte_ipsec_sad_key * tuple,const union rte_ipsec_sad_key ** key_arr)425 __test_lookup_adv(int ipv6, union rte_ipsec_sad_key *tuple,
426 const union rte_ipsec_sad_key **key_arr)
427 {
428 int status;
429 struct rte_ipsec_sad *sad = NULL;
430 struct rte_ipsec_sad_conf config;
431 uint64_t tmp1, tmp2, tmp3;
432 void *install_sa;
433 void *sa[4];
434
435 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
436 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = MAX_SA;
437 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = MAX_SA;
438 config.socket_id = SOCKET_ID_ANY;
439 config.flags = 0;
440 if (ipv6)
441 config.flags = RTE_IPSEC_SAD_FLAG_IPV6;
442 sad = rte_ipsec_sad_create(__func__, &config);
443 RTE_TEST_ASSERT_NOT_NULL(sad, "Failed to create SAD\n");
444
445 /* lookup with empty table */
446 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 4);
447 RTE_TEST_ASSERT(status == 0, "Lookup returns an unexpected result\n");
448 RTE_TEST_ASSERT(sa[0] == NULL,
449 "Lookup returns an unexpected result\n");
450 RTE_TEST_ASSERT(sa[1] == NULL,
451 "Lookup returns an unexpected result\n");
452 RTE_TEST_ASSERT(sa[2] == NULL,
453 "Lookup returns an unexpected result\n");
454 RTE_TEST_ASSERT(sa[3] == NULL,
455 "Lookup returns an unexpected result\n");
456
457 /* lookup with one RTE_IPSEC_SAD_SPI_ONLY rule */
458 install_sa = &tmp1;
459 status = rte_ipsec_sad_add(sad, tuple,
460 RTE_IPSEC_SAD_SPI_ONLY, install_sa);
461 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
462
463 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 4);
464 RTE_TEST_ASSERT(status == 3, "Lookup returns an unexpected result\n");
465 RTE_TEST_ASSERT(sa[0] == &tmp1,
466 "Lookup returns an unexpected result\n");
467 RTE_TEST_ASSERT(sa[1] == &tmp1,
468 "Lookup returns an unexpected result\n");
469 RTE_TEST_ASSERT(sa[2] == &tmp1,
470 "Lookup returns an unexpected result\n");
471 RTE_TEST_ASSERT(sa[3] == NULL,
472 "Lookup returns an unexpected result\n");
473
474 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_ONLY);
475 RTE_TEST_ASSERT(status == 0, "Failde to delete a rule\n");
476
477 /* lookup with one RTE_IPSEC_SAD_SPI_DIP rule */
478 install_sa = &tmp2;
479 status = rte_ipsec_sad_add(sad, tuple,
480 RTE_IPSEC_SAD_SPI_DIP, install_sa);
481 RTE_TEST_ASSERT(status == 0, "failed to add a rule\n");
482
483 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 4);
484 RTE_TEST_ASSERT(status == 2, "Lookup returns an unexpected result\n");
485 RTE_TEST_ASSERT(sa[0] == &tmp2,
486 "Lookup returns an unexpected result\n");
487 RTE_TEST_ASSERT(sa[1] == &tmp2,
488 "Lookup returns an unexpected result\n");
489 RTE_TEST_ASSERT(sa[2] == NULL,
490 "Lookup returns an unexpected result\n");
491 RTE_TEST_ASSERT(sa[3] == NULL,
492 "Lookup returns an unexpected result\n");
493
494 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP);
495 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
496
497 /* lookup with one RTE_IPSEC_SAD_SPI_DIP_SIP rule */
498 install_sa = &tmp3;
499 status = rte_ipsec_sad_add(sad, tuple,
500 RTE_IPSEC_SAD_SPI_DIP_SIP, install_sa);
501 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
502
503 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 4);
504 RTE_TEST_ASSERT(status == 1, "Lookup returns an unexpected result\n");
505 RTE_TEST_ASSERT(sa[0] == &tmp3,
506 "Lookup returns an unexpected result\n");
507 RTE_TEST_ASSERT(sa[1] == NULL,
508 "Lookup returns an unexpected result\n");
509 RTE_TEST_ASSERT(sa[2] == NULL,
510 "Lookup returns an unexpected result\n");
511 RTE_TEST_ASSERT(sa[3] == NULL,
512 "Lookup returns an unexpected result\n");
513
514 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP_SIP);
515 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
516
517 /* lookup with two RTE_IPSEC_SAD_ONLY and RTE_IPSEC_SAD_DIP rules */
518 install_sa = &tmp1;
519 status = rte_ipsec_sad_add(sad, tuple,
520 RTE_IPSEC_SAD_SPI_ONLY, install_sa);
521 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
522 install_sa = &tmp2;
523 status = rte_ipsec_sad_add(sad, tuple,
524 RTE_IPSEC_SAD_SPI_DIP, install_sa);
525 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
526
527 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 4);
528 RTE_TEST_ASSERT(status == 3, "Lookup returns an unexpected result\n");
529 RTE_TEST_ASSERT(sa[0] == &tmp2,
530 "Lookup returns an unexpected result\n");
531 RTE_TEST_ASSERT(sa[1] == &tmp2,
532 "Lookup returns an unexpected result\n");
533 RTE_TEST_ASSERT(sa[2] == &tmp1,
534 "Lookup returns an unexpected result\n");
535 RTE_TEST_ASSERT(sa[3] == NULL,
536 "Lookup returns an unexpected result\n");
537
538 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_ONLY);
539 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
540 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP);
541 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
542
543 /* lookup with two RTE_IPSEC_SAD_ONLY and RTE_IPSEC_SAD_DIP_SIP rules */
544 install_sa = &tmp1;
545 status = rte_ipsec_sad_add(sad, tuple,
546 RTE_IPSEC_SAD_SPI_ONLY, install_sa);
547 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
548 install_sa = &tmp3;
549 status = rte_ipsec_sad_add(sad, tuple,
550 RTE_IPSEC_SAD_SPI_DIP_SIP, install_sa);
551 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
552
553 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 4);
554 RTE_TEST_ASSERT(status == 3, "Lookup returns an unexpected result\n");
555 RTE_TEST_ASSERT(sa[0] == &tmp3,
556 "Lookup returns an unexpected result\n");
557 RTE_TEST_ASSERT(sa[1] == &tmp1,
558 "Lookup returns an unexpected result\n");
559 RTE_TEST_ASSERT(sa[2] == &tmp1,
560 "Lookup returns an unexpected result\n");
561 RTE_TEST_ASSERT(sa[3] == NULL,
562 "Lookup returns an unexpected result\n");
563
564 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_ONLY);
565 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
566 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP_SIP);
567 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
568
569 /* lookup with two RTE_IPSEC_SAD_DIP and RTE_IPSEC_SAD_DIP_SIP rules */
570 install_sa = &tmp2;
571 status = rte_ipsec_sad_add(sad, tuple,
572 RTE_IPSEC_SAD_SPI_DIP, install_sa);
573 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
574 install_sa = &tmp3;
575 status = rte_ipsec_sad_add(sad, tuple,
576 RTE_IPSEC_SAD_SPI_DIP_SIP, install_sa);
577 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
578
579 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 4);
580 RTE_TEST_ASSERT(status == 2, "Lookup returns an unexpected result\n");
581 RTE_TEST_ASSERT(sa[0] == &tmp3,
582 "Lookup returns an unexpected result\n");
583 RTE_TEST_ASSERT(sa[1] == &tmp2,
584 "Lookup returns an unexpected result\n");
585 RTE_TEST_ASSERT(sa[2] == NULL,
586 "Lookup returns an unexpected result\n");
587 RTE_TEST_ASSERT(sa[3] == NULL,
588 "Lookup returns an unexpected result\n");
589
590 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP);
591 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
592 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP_SIP);
593 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
594
595 /*
596 * lookup with three RTE_IPSEC_SAD_DIP, RTE_IPSEC_SAD_DIP and
597 * RTE_IPSEC_SAD_DIP_SIP rules
598 */
599 install_sa = &tmp1;
600 status = rte_ipsec_sad_add(sad, tuple,
601 RTE_IPSEC_SAD_SPI_ONLY, install_sa);
602 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
603 install_sa = &tmp2;
604 status = rte_ipsec_sad_add(sad, tuple,
605 RTE_IPSEC_SAD_SPI_DIP, install_sa);
606 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
607 install_sa = &tmp3;
608 status = rte_ipsec_sad_add(sad, tuple,
609 RTE_IPSEC_SAD_SPI_DIP_SIP, install_sa);
610 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
611
612 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 4);
613 RTE_TEST_ASSERT(status == 3, "Lookup returns an unexpected result\n");
614 RTE_TEST_ASSERT(sa[0] == &tmp3,
615 "Lookup returns an unexpected result\n");
616 RTE_TEST_ASSERT(sa[1] == &tmp2,
617 "Lookup returns an unexpected result\n");
618 RTE_TEST_ASSERT(sa[2] == &tmp1,
619 "Lookup returns an unexpected result\n");
620 RTE_TEST_ASSERT(sa[3] == NULL,
621 "Lookup returns an unexpected result\n");
622
623 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_ONLY);
624 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
625 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP);
626 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
627 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP_SIP);
628 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
629
630 rte_ipsec_sad_destroy(sad);
631
632 return TEST_SUCCESS;
633 }
634
635 /*
636 * Lookup different keys in a table with:
637 * - RTE_IPSEC_SAD_SPI_ONLY
638 * - RTE_IPSEC_SAD_SPI_DIP
639 * - RTE_IPSEC_SAD_SPI_SIP
640 * - RTE_IPSEC_SAD_SPI_ONLY/RTE_IPSEC_SAD_SPI_DIP
641 * - RTE_IPSEC_SAD_SPI_ONLY/RTE_IPSEC_SAD_SPI_DIP_SIP
642 * - RTE_IPSEC_SAD_SPI_DIP/RTE_IPSEC_SAD_SPI_DIP_SIP
643 * - RTE_IPSEC_SAD_SPI_ONLY/RTE_IPSEC_SAD_SPI_DIP/RTE_IPSEC_SAD_SPI_DIP_SIP
644 * length of rule installed.
645 */
646 int32_t
test_lookup_adv(void)647 test_lookup_adv(void)
648 {
649 int status;
650 /* key to install*/
651 struct rte_ipsec_sadv4_key tuple_v4 = {SPI, DIP, SIP};
652 struct rte_ipsec_sadv4_key tuple_v4_1 = {SPI, DIP, BAD};
653 struct rte_ipsec_sadv4_key tuple_v4_2 = {SPI, BAD, SIP};
654 struct rte_ipsec_sadv4_key tuple_v4_3 = {BAD, DIP, SIP};
655
656 /* key to install*/
657 struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, },
658 {0xf0, 0x0d, } };
659 struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, {0xbe, 0xef, },
660 {0x0b, 0xad, } };
661 struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI, {0x0b, 0xad, },
662 {0xf0, 0x0d, } };
663 struct rte_ipsec_sadv6_key tuple_v6_3 = {BAD, {0xbe, 0xef, },
664 {0xf0, 0x0d, } };
665
666 const union rte_ipsec_sad_key *key_arr[] = {
667 (union rte_ipsec_sad_key *)&tuple_v4,
668 (union rte_ipsec_sad_key *)&tuple_v4_1,
669 (union rte_ipsec_sad_key *)&tuple_v4_2,
670 (union rte_ipsec_sad_key *)&tuple_v4_3
671 };
672
673 status = __test_lookup_adv(0, (union rte_ipsec_sad_key *)&tuple_v4,
674 key_arr);
675 if (status != TEST_SUCCESS)
676 return status;
677 key_arr[0] = (union rte_ipsec_sad_key *)&tuple_v6;
678 key_arr[1] = (union rte_ipsec_sad_key *)&tuple_v6_1;
679 key_arr[2] = (union rte_ipsec_sad_key *)&tuple_v6_2;
680 key_arr[3] = (union rte_ipsec_sad_key *)&tuple_v6_3;
681 status = __test_lookup_adv(1, (union rte_ipsec_sad_key *)&tuple_v6,
682 key_arr);
683
684 return status;
685 }
686
687
688 static int32_t
__test_lookup_order(int ipv6,union rte_ipsec_sad_key * tuple,union rte_ipsec_sad_key * tuple_1,union rte_ipsec_sad_key * tuple_2)689 __test_lookup_order(int ipv6, union rte_ipsec_sad_key *tuple,
690 union rte_ipsec_sad_key *tuple_1, union rte_ipsec_sad_key *tuple_2)
691 {
692 int status;
693 struct rte_ipsec_sad *sad = NULL;
694 struct rte_ipsec_sad_conf config;
695 const union rte_ipsec_sad_key *key_arr[] = {tuple, tuple_1, tuple_2,};
696 uint64_t tmp1, tmp2, tmp3;
697 void *install_sa;
698 void *sa[3];
699
700 config.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = MAX_SA;
701 config.max_sa[RTE_IPSEC_SAD_SPI_DIP] = MAX_SA;
702 config.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = MAX_SA;
703 config.socket_id = SOCKET_ID_ANY;
704 config.flags = 0;
705 if (ipv6)
706 config.flags = RTE_IPSEC_SAD_FLAG_IPV6;
707 sad = rte_ipsec_sad_create(__func__, &config);
708 RTE_TEST_ASSERT_NOT_NULL(sad, "Failed to create SAD\n");
709
710 /* install RTE_IPSEC_SAD_SPI_ONLY */
711 install_sa = &tmp1;
712 status = rte_ipsec_sad_add(sad, tuple,
713 RTE_IPSEC_SAD_SPI_ONLY, install_sa);
714 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
715
716 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 3);
717 RTE_TEST_ASSERT(status == 3, "Lookup returns an unexpected result\n");
718 RTE_TEST_ASSERT(sa[0] == &tmp1,
719 "Lookup returns an unexpected result\n");
720 RTE_TEST_ASSERT(sa[1] == &tmp1,
721 "Lookup returns an unexpected result\n");
722 RTE_TEST_ASSERT(sa[2] == &tmp1,
723 "Lookup returns an unexpected result\n");
724
725 /* add RTE_IPSEC_SAD_SPI_DIP */
726 install_sa = &tmp2;
727 status = rte_ipsec_sad_add(sad, tuple,
728 RTE_IPSEC_SAD_SPI_DIP, install_sa);
729 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
730
731 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 3);
732 RTE_TEST_ASSERT(status == 3, "Lookup returns an unexpected result\n");
733 RTE_TEST_ASSERT(sa[0] == &tmp2,
734 "Lookup returns an unexpected result\n");
735 RTE_TEST_ASSERT(sa[1] == &tmp2,
736 "Lookup returns an unexpected result\n");
737 RTE_TEST_ASSERT(sa[2] == &tmp1,
738 "Lookup returns an unexpected result\n");
739
740 /* add RTE_IPSEC_SAD_SPI_DIP_SIP */
741 install_sa = &tmp3;
742 status = rte_ipsec_sad_add(sad, tuple,
743 RTE_IPSEC_SAD_SPI_DIP_SIP, install_sa);
744 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
745
746 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 3);
747 RTE_TEST_ASSERT(status == 3, "Lookup returns an unexpected result\n");
748 RTE_TEST_ASSERT(sa[0] == &tmp3,
749 "Lookup returns an unexpected result\n");
750 RTE_TEST_ASSERT(sa[1] == &tmp2,
751 "Lookup returns an unexpected result\n");
752 RTE_TEST_ASSERT(sa[2] == &tmp1,
753 "Lookup returns an unexpected result\n");
754
755 /* delete RTE_IPSEC_SAD_SPI_ONLY */
756 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_ONLY);
757 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
758
759 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 3);
760 RTE_TEST_ASSERT(status == 2, "Lookup returns an unexpected result\n");
761 RTE_TEST_ASSERT(sa[0] == &tmp3,
762 "Lookup returns an unexpected result\n");
763 RTE_TEST_ASSERT(sa[1] == &tmp2,
764 "Lookup returns an unexpected result\n");
765 RTE_TEST_ASSERT(sa[2] == NULL,
766 "Lookup returns an unexpected result\n");
767
768 /* delete RTE_IPSEC_SAD_SPI_DIP */
769 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP);
770 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
771
772 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 3);
773 RTE_TEST_ASSERT(status == 1, "Lookup returns an unexpected result\n");
774 RTE_TEST_ASSERT(sa[0] == &tmp3,
775 "Lookup returns an unexpected result\n");
776 RTE_TEST_ASSERT(sa[1] == NULL,
777 "Lookup returns an unexpected result\n");
778 RTE_TEST_ASSERT(sa[2] == NULL,
779 "Lookup returns an unexpected result\n");
780
781 /* delete RTE_IPSEC_SAD_SPI_DIP_SIP */
782 status = rte_ipsec_sad_del(sad, tuple, RTE_IPSEC_SAD_SPI_DIP_SIP);
783 RTE_TEST_ASSERT(status == 0, "Failed to delete a rule\n");
784
785 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 3);
786 RTE_TEST_ASSERT(status == 0, "Lookup returns an unexpected result\n");
787 RTE_TEST_ASSERT(sa[0] == NULL,
788 "Lookup returns an unexpected result\n");
789 RTE_TEST_ASSERT(sa[1] == NULL,
790 "Lookup returns an unexpected result\n");
791 RTE_TEST_ASSERT(sa[2] == NULL,
792 "Lookup returns an unexpected result\n");
793
794 /* add RTE_IPSEC_SAD_SPI_DIP_SIP */
795 install_sa = &tmp3;
796 status = rte_ipsec_sad_add(sad, tuple,
797 RTE_IPSEC_SAD_SPI_DIP_SIP, install_sa);
798 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
799
800 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 3);
801 RTE_TEST_ASSERT(status == 1, "Lookup returns an unexpected result\n");
802 RTE_TEST_ASSERT(sa[0] == &tmp3,
803 "Lookup returns an unexpected result\n");
804 RTE_TEST_ASSERT(sa[1] == NULL,
805 "Lookup returns an unexpected result\n");
806 RTE_TEST_ASSERT(sa[2] == NULL,
807 "Lookup returns an unexpected result\n");
808
809 /* add RTE_IPSEC_SAD_SPI_DIP */
810 install_sa = &tmp2;
811 status = rte_ipsec_sad_add(sad, tuple,
812 RTE_IPSEC_SAD_SPI_DIP, install_sa);
813 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
814
815 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 3);
816 RTE_TEST_ASSERT(status == 2, "Lookup returns an unexpected result\n");
817 RTE_TEST_ASSERT(sa[0] == &tmp3,
818 "Lookup returns an unexpected result\n");
819 RTE_TEST_ASSERT(sa[1] == &tmp2,
820 "Lookup returns an unexpected result\n");
821 RTE_TEST_ASSERT(sa[2] == NULL,
822 "Lookup returns an unexpected result\n");
823
824 /* add RTE_IPSEC_SAD_SPI_ONLY */
825 install_sa = &tmp1;
826 status = rte_ipsec_sad_add(sad, tuple,
827 RTE_IPSEC_SAD_SPI_ONLY, install_sa);
828 RTE_TEST_ASSERT(status == 0, "Failed to add a rule\n");
829
830 status = rte_ipsec_sad_lookup(sad, key_arr, sa, 3);
831 RTE_TEST_ASSERT(status == 3, "Lookup returns an unexpected result\n");
832 RTE_TEST_ASSERT(sa[0] == &tmp3,
833 "Lookup returns an unexpected result\n");
834 RTE_TEST_ASSERT(sa[1] == &tmp2,
835 "Lookup returns an unexpected result\n");
836 RTE_TEST_ASSERT(sa[2] == &tmp1,
837 "Lookup returns an unexpected result\n");
838
839 rte_ipsec_sad_destroy(sad);
840 return TEST_SUCCESS;
841 }
842
843 /*
844 * Check an order of add and delete
845 */
846 int32_t
test_lookup_order(void)847 test_lookup_order(void)
848 {
849 int status;
850 /* key to install*/
851 struct rte_ipsec_sadv4_key tuple_v4 = {SPI, DIP, SIP};
852 struct rte_ipsec_sadv4_key tuple_v4_1 = {SPI, DIP, BAD};
853 struct rte_ipsec_sadv4_key tuple_v4_2 = {SPI, BAD, SIP};
854 /* key to install*/
855 struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, },
856 {0xf0, 0x0d, } };
857 struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, {0xbe, 0xef, },
858 {0x0b, 0xad, } };
859 struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI, {0x0b, 0xad, },
860 {0xf0, 0x0d, } };
861
862 status = __test_lookup_order(0, (union rte_ipsec_sad_key *)&tuple_v4,
863 (union rte_ipsec_sad_key *)&tuple_v4_1,
864 (union rte_ipsec_sad_key *)&tuple_v4_2);
865 if (status != TEST_SUCCESS)
866 return status;
867
868 status = __test_lookup_order(1, (union rte_ipsec_sad_key *)&tuple_v6,
869 (union rte_ipsec_sad_key *)&tuple_v6_1,
870 (union rte_ipsec_sad_key *)&tuple_v6_2);
871 return status;
872 }
873
874 static struct unit_test_suite ipsec_sad_tests = {
875 .suite_name = "ipsec sad autotest",
876 .setup = NULL,
877 .teardown = NULL,
878 .unit_test_cases = {
879 TEST_CASE(test_create_invalid),
880 TEST_CASE(test_find_existing),
881 TEST_CASE(test_multiple_create),
882 TEST_CASE(test_add_invalid),
883 TEST_CASE(test_delete_invalid),
884 TEST_CASE(test_lookup_invalid),
885 TEST_CASE(test_lookup_basic),
886 TEST_CASE(test_lookup_adv),
887 TEST_CASE(test_lookup_order),
888 TEST_CASES_END()
889 }
890 };
891
892 static int
test_ipsec_sad(void)893 test_ipsec_sad(void)
894 {
895 return unit_test_suite_runner(&ipsec_sad_tests);
896 }
897
898 #endif /* !RTE_EXEC_ENV_WINDOWS */
899
900 REGISTER_TEST_COMMAND(ipsec_sad_autotest, test_ipsec_sad);
901