From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 757A642C5A; Thu, 8 Jun 2023 08:56:24 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C115F42D40; Thu, 8 Jun 2023 08:55:52 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 3677742D2F for ; Thu, 8 Jun 2023 08:55:51 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357LwHmB023579; Wed, 7 Jun 2023 23:55:48 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=fbB26+QhBYPuN3Dhxe6+f8bH+mpX5ZHsYV7P89NF08o=; b=YyuJRdIXR6f5jhLiFx+zIvBEA5d6tHbYFTiHK+e96rrEmOfF26B0MqFv86ZUg6yNbT0y wf/y7eQ1ERl01w868vvqjeaU8Pgl3nUIV4PFFGmgGIDed1Tnwua6M8J0VQ8PDAq0BRQt MNotJ5kAp3X5EnAieW8ijNyfSvt7rsbHTTQWcyoX0LLo/Xp29AEOXZcJr0pTyXXCQmGO FzBRC9BCXRbhiMRrkyBGNMuICIX12tOaBGMs7DSepOYXKWoyel4e8jP5h9Si4mBvC88P U0UYEZNgcPyC2rfDQKCeoa6q1Jqn2sHxWdcNyoL3savOIbxkF+gD57dJayrzSv+VbKMa Yw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r329c1jum-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 23:55:43 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 23:55:34 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 23:55:34 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 78F4A3F7055; Wed, 7 Jun 2023 23:55:31 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v3 08/13] test/security: verify MACsec stats Date: Thu, 8 Jun 2023 12:24:53 +0530 Message-ID: <20230608065458.333670-9-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230608065458.333670-1-gakhil@marvell.com> References: <20230607151940.223417-1-gakhil@marvell.com> <20230608065458.333670-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: uZCShW3Q_MoYvbfKC6ejvcnn1JLhPpja X-Proofpoint-ORIG-GUID: uZCShW3Q_MoYvbfKC6ejvcnn1JLhPpja X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-08_04,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added cases to verify various stats of MACsec. Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 222 +++++++++++++++++++++++++ 1 file changed, 222 insertions(+) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 2a06f31f37..9cab3253f4 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -1438,6 +1438,140 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_decap_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_decap_stats = 1; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) { + printf("\nDecap stats case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nDecap stats case %d passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_verify_only_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_verify_only_stats = 1; + + size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_integrity_vectors[i]; + err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); + if (err) { + printf("\nVerify only stats case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nVerify only stats case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_err_cipher_vectors) / sizeof((list_mcs_err_cipher_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_err_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) + err = 0; + else + err = -1; + + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + +static int +test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_pkts_unchecked_stats = 1; + + size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_integrity_vectors[i]; + err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); + if (err) + err = -1; + else + err = 0; + + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + static int test_inline_macsec_out_pkts_untagged(const void *data __rte_unused) { @@ -1504,6 +1638,70 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_encap_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.encrypt = true; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_encap_stats = 1; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_ENCAP, &opts); + if (err) + err = -1; + else + err = 0; + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + +static int +test_inline_macsec_auth_only_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_auth_only_stats = 1; + + size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_integrity_vectors[i]; + err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts); + if (err) + err = -1; + else + err = 0; + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -1697,6 +1895,22 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec SA not in use", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_sa_not_in_use), + TEST_CASE_NAMED_ST( + "MACsec decap stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_decap_stats), + TEST_CASE_NAMED_ST( + "MACsec verify only stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_verify_only_stats), + TEST_CASE_NAMED_ST( + "MACsec pkts invalid stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_pkts_invalid_stats), + TEST_CASE_NAMED_ST( + "MACsec pkts unchecked stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_pkts_unchecked_stats), TEST_CASE_NAMED_ST( "MACsec out pkts untagged", ut_setup_inline_macsec, ut_teardown_inline_macsec, @@ -1705,6 +1919,14 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec out pkts too long", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_out_pkts_toolong), + TEST_CASE_NAMED_ST( + "MACsec Encap stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_encap_stats), + TEST_CASE_NAMED_ST( + "MACsec auth only stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_auth_only_stats), TEST_CASES_END() /**< NULL terminate unit test array */ }, -- 2.25.1