[PATCH] test/security: skip IPsec post process for negative tests

Srujana Challa schalla at marvell.com
Thu Oct 3 12:37:39 CEST 2024

Previous message (by thread): [PATCH v2] vhost: restrict set max queue pair API to VDUSE
Next message (by thread): [PATCH] test/security: skip IPsec post process for negative tests
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Skips calling test_ipsec_post_process for negative inline IPsec tests
as received packet might not be valid for a negative case.

Signed-off-by: Srujana Challa <schalla at marvell.com>
---
 app/test/test_cryptodev_security_ipsec.c |  1 +
 app/test/test_security_inline_proto.c    | 25 +++++++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 1aba1ad993..5fb5907473 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -916,6 +916,7 @@ test_ipsec_post_process(const struct rte_mbuf *m, const struct ipsec_test_data *
 		seg = seg->next;
 	}
 	len = RTE_MIN(len, data_len);
+	TEST_ASSERT(len <= IPSEC_TEXT_MAX_LEN, "Invalid packet length: %u", len);
 	/* Copy mbuf payload to continuous buffer */
 	output = rte_pktmbuf_read(m, 0, len, output_text);
 	if (output != output_text)
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 10f7e58caa..480469f672 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -1449,12 +1449,27 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
 	for (i = 0; i < nb_rx; i++) {
 		rte_pktmbuf_adj(rx_pkts_burst[i], RTE_ETHER_HDR_LEN);
 
-		ret = test_ipsec_post_process(rx_pkts_burst[i], td,
-					      res_d, silent, flags);
-		if (ret != TEST_SUCCESS) {
-			for ( ; i < nb_rx; i++)
+		/* For tests with status as error for test success,
+		 * skip verification
+		 */
+		if (td->ipsec_xform.direction ==
+		    RTE_SECURITY_IPSEC_SA_DIR_INGRESS && (flags->icv_corrupt ||
+		    flags->sa_expiry_pkts_hard || flags->tunnel_hdr_verify ||
+		    td->ar_packet)) {
+			if (!(rx_pkts_burst[i]->ol_flags &
+			    RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) {
 				rte_pktmbuf_free(rx_pkts_burst[i]);
-			goto out;
+				rx_pkts_burst[i] = NULL;
+				return TEST_FAILED;
+			}
+		} else {
+			ret = test_ipsec_post_process(rx_pkts_burst[i], td,
+						      res_d, silent, flags);
+			if (ret != TEST_SUCCESS) {
+				for ( ; i < nb_rx; i++)
+					rte_pktmbuf_free(rx_pkts_burst[i]);
+				goto out;
+			}
 		}
 
 		ret = test_ipsec_stats_verify(ctx, ses, flags,
-- 
2.25.1

Previous message (by thread): [PATCH v2] vhost: restrict set max queue pair API to VDUSE
Next message (by thread): [PATCH] test/security: skip IPsec post process for negative tests
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list