patch 'test/security: check for capabilities' has been queued to stable release 24.11.7

luca.boccassi at gmail.com luca.boccassi at gmail.com
Mon Jul 6 12:20:06 CEST 2026


Hi,

FYI, your patch has been queued to stable release 24.11.7

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 07/05/26. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/d51a4e1b6339194b440ce1b88388228398f0e46d

Thanks.

Luca Boccassi

---
>From d51a4e1b6339194b440ce1b88388228398f0e46d Mon Sep 17 00:00:00 2001
From: Bruce Richardson <bruce.richardson at intel.com>
Date: Mon, 22 Jun 2026 12:18:34 +0100
Subject: [PATCH] test/security: check for capabilities

[ upstream commit 144817406f251d31b4fe57099c7a20202b5d72de ]

Skip the test cases when the HW doesn't support the necessary offloads,
skipping the whole suite if necessary, e.g. if no IPsec capabilities are
present. For event-based tests, skip those if no eventdev is present.

Fixes: 86e2487c5f2c ("test/security: add cases for inline IPsec offload")

Signed-off-by: Bruce Richardson <bruce.richardson at intel.com>
Acked-by: Akhil Goyal <gakhil at marvell.com>
---
 app/test/test_security_inline_proto.c | 57 ++++++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index b3c3561874..fa7dd01f07 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -2012,10 +2012,25 @@ inline_ipsec_testsuite_setup(void)
 	}
 
 	memcpy(&local_port_conf, &port_conf, sizeof(port_conf));
+	local_port_conf.rxmode.offloads &= dev_info.rx_offload_capa;
+	local_port_conf.txmode.offloads &= dev_info.tx_offload_capa;
+
+	if (!(local_port_conf.rxmode.offloads & RTE_ETH_RX_OFFLOAD_SECURITY) ||
+	    !(local_port_conf.txmode.offloads & RTE_ETH_TX_OFFLOAD_SECURITY)) {
+		printf("Inline IPsec unsupported: required security offloads are missing\n");
+		return TEST_SKIPPED;
+	}
+
 	/* Add Multi seg flags */
 	if (sg_mode) {
 		uint32_t max_data_room;
 
+		if (!(dev_info.rx_offload_capa & RTE_ETH_RX_OFFLOAD_SCATTER) ||
+		    !(dev_info.tx_offload_capa & RTE_ETH_TX_OFFLOAD_MULTI_SEGS)) {
+			printf("SG mode unsupported: required scatter or multi-seg offloads are missing\n");
+			return TEST_SKIPPED;
+		}
+
 		if (dev_info.rx_desc_lim.nb_seg_max == 0) {
 			printf("SG mode unsupported: invalid max Rx segments (0)\n");
 			return TEST_SKIPPED;
@@ -2081,6 +2096,25 @@ inline_ipsec_testsuite_setup(void)
 		plaintext_len = 0;
 	}
 
+	/* Check that at least one inline IPsec capability is registered */
+	void *sec_ctx = rte_eth_dev_get_sec_ctx(port_id);
+	const struct rte_security_capability *cap;
+
+	if (sec_ctx == NULL) {
+		printf("No security context on port %d\n", port_id);
+		return TEST_SKIPPED;
+	}
+	for (cap = rte_security_capabilities_get(sec_ctx);
+			cap != NULL && cap->action != RTE_SECURITY_ACTION_TYPE_NONE; cap++) {
+		if (cap->action == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL &&
+				cap->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
+			break;
+	}
+	if (cap == NULL || cap->action == RTE_SECURITY_ACTION_TYPE_NONE) {
+		printf("No inline IPsec capabilities registered\n");
+		return TEST_SKIPPED;
+	}
+
 	return 0;
 }
 
@@ -2109,6 +2143,8 @@ event_inline_ipsec_testsuite_setup(void)
 	struct rte_event_dev_config eventdev_conf = {0};
 	struct rte_event_queue_conf eventq_conf = {0};
 	struct rte_event_port_conf ev_port_conf = {0};
+	struct rte_eth_conf local_port_conf;
+	struct rte_eth_dev_info dev_info;
 	const uint16_t nb_txd = 1024, nb_rxd = 1024;
 	uint16_t nb_rx_queue = 1, nb_tx_queue = 1;
 	uint8_t ev_queue_id = 0, tx_queue_id = 0;
@@ -2120,6 +2156,11 @@ event_inline_ipsec_testsuite_setup(void)
 
 	printf("Start event inline IPsec test.\n");
 
+	if (rte_event_dev_count() == 0) {
+		printf("Event inline IPsec unsupported: no event devices available\n");
+		return TEST_SKIPPED;
+	}
+
 	nb_ports = rte_eth_dev_count_avail();
 	if (nb_ports == 0) {
 		printf("Test require: 1 port, available: 0\n");
@@ -2151,9 +2192,23 @@ event_inline_ipsec_testsuite_setup(void)
 
 	/* configuring port 0 for the test is enough */
 	port_id = 0;
+	if (rte_eth_dev_info_get(port_id, &dev_info)) {
+		printf("Failed to get devinfo");
+		return -1;
+	}
+
+	memcpy(&local_port_conf, &port_conf, sizeof(port_conf));
+	local_port_conf.rxmode.offloads &= dev_info.rx_offload_capa;
+	local_port_conf.txmode.offloads &= dev_info.tx_offload_capa;
+	if ((local_port_conf.rxmode.offloads & RTE_ETH_RX_OFFLOAD_SECURITY) == 0 ||
+	    (local_port_conf.txmode.offloads & RTE_ETH_TX_OFFLOAD_SECURITY) == 0) {
+		printf("Event inline IPsec unsupported: required security offloads are missing\n");
+		return TEST_SKIPPED;
+	}
+
 	/* port configure */
 	ret = rte_eth_dev_configure(port_id, nb_rx_queue,
-				    nb_tx_queue, &port_conf);
+				    nb_tx_queue, &local_port_conf);
 	if (ret < 0) {
 		printf("Cannot configure device: err=%d, port=%d\n",
 			 ret, port_id);
-- 
2.47.3

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2026-07-03 12:55:47.241606808 +0100
+++ 0014-test-security-check-for-capabilities.patch	2026-07-03 12:55:46.590571884 +0100
@@ -1 +1 @@
-From 144817406f251d31b4fe57099c7a20202b5d72de Mon Sep 17 00:00:00 2001
+From d51a4e1b6339194b440ce1b88388228398f0e46d Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 144817406f251d31b4fe57099c7a20202b5d72de ]
+
@@ -11 +12,0 @@
-Cc: stable at dpdk.org
@@ -20 +21 @@
-index 36658f4778..0b1f7fbbab 100644
+index b3c3561874..fa7dd01f07 100644
@@ -23 +24 @@
-@@ -2063,10 +2063,25 @@ inline_ipsec_testsuite_setup(void)
+@@ -2012,10 +2012,25 @@ inline_ipsec_testsuite_setup(void)
@@ -49 +50 @@
-@@ -2132,6 +2147,25 @@ inline_ipsec_testsuite_setup(void)
+@@ -2081,6 +2096,25 @@ inline_ipsec_testsuite_setup(void)
@@ -75 +76 @@
-@@ -2160,6 +2194,8 @@ event_inline_ipsec_testsuite_setup(void)
+@@ -2109,6 +2143,8 @@ event_inline_ipsec_testsuite_setup(void)
@@ -84 +85 @@
-@@ -2171,6 +2207,11 @@ event_inline_ipsec_testsuite_setup(void)
+@@ -2120,6 +2156,11 @@ event_inline_ipsec_testsuite_setup(void)
@@ -96 +97 @@
-@@ -2202,9 +2243,23 @@ event_inline_ipsec_testsuite_setup(void)
+@@ -2151,9 +2192,23 @@ event_inline_ipsec_testsuite_setup(void)


More information about the stable mailing list