From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
Cc: <jerinj@marvell.com>, <adwivedi@marvell.com>, <vattunuru@marvell.com>
Subject: [PATCH 3/3] test/security: add capability verification for MACsec
Date: Mon, 31 Jul 2023 09:14:47 +0530 [thread overview]
Message-ID: <20230731034447.929506-3-gakhil@marvell.com> (raw)
In-Reply-To: <20230731034447.929506-1-gakhil@marvell.com>
From: Ankur Dwivedi <adwivedi@marvell.com>
Before running each MACsec test, the device capability is read. The
capability is then verified to check if the device supports a feature or
not. If the feature is not supported the test is skipped.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
---
app/test/test_security_inline_macsec.c | 368 ++++++++++++++++++++-----
1 file changed, 293 insertions(+), 75 deletions(-)
diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index bfb9e09752..954d6b789e 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -837,10 +837,60 @@ test_macsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
return 0;
}
+static int
+test_macsec_sec_caps_verify(const struct mcs_test_opts *opts,
+ const struct rte_security_capability *sec_cap, bool silent)
+{
+ if (opts->mtu > sec_cap->macsec.mtu) {
+ if (!silent)
+ RTE_LOG(INFO, USER1, "MTU size is not supported\n");
+ return -ENOTSUP;
+ }
+
+ if (opts->replay_protect == 1 && sec_cap->macsec.anti_replay == 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1, "Anti replay is not supported\n");
+ return -ENOTSUP;
+ }
+
+ if (opts->replay_win_sz > sec_cap->macsec.replay_win_sz) {
+ if (!silent)
+ RTE_LOG(INFO, USER1, "Replay window size is not "
+ "supported\n");
+ return -ENOTSUP;
+ }
+
+ if (opts->rekey_en == 1 && sec_cap->macsec.re_key == 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1, "Rekey is not supported\n");
+ return -ENOTSUP;
+ }
+
+ if (opts->sectag_insert_mode == 0 &&
+ sec_cap->macsec.relative_sectag_insert == 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1, "Relative offset sectag insert "
+ "not supported\n");
+ return -ENOTSUP;
+ }
+
+ if (opts->sectag_insert_mode == 1 &&
+ sec_cap->macsec.fixed_sectag_insert == 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1, "Fixed offset sectag insert "
+ "not supported\n");
+ return -ENOTSUP;
+ }
+
+ return 0;
+}
+
static int
test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts)
{
uint16_t rx_sa_id[MCS_MAX_FLOWS][RTE_SECURITY_MACSEC_NUM_AN] = {{0}};
+ struct rte_security_capability_idx sec_cap_idx;
+ const struct rte_security_capability *sec_cap;
uint16_t tx_sa_id[MCS_MAX_FLOWS][2] = {{0}};
uint16_t rx_sc_id[MCS_MAX_FLOWS] = {0};
uint16_t tx_sc_id[MCS_MAX_FLOWS] = {0};
@@ -864,6 +914,30 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
return TEST_SKIPPED;
}
+ sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
+ sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_MACSEC;
+ sec_cap_idx.macsec.alg = td[0]->alg;
+ sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
+ if (sec_cap == NULL) {
+ printf("No capabilities registered\n");
+ return TEST_SKIPPED;
+ }
+
+ if (test_macsec_sec_caps_verify(opts, sec_cap, false) != 0)
+ return TEST_SKIPPED;
+
+ if (opts->rekey_en) {
+ /* Verify the rekey td */
+ sec_cap_idx.macsec.alg = opts->rekey_td->alg;
+ sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
+ if (sec_cap == NULL) {
+ printf("No capabilities registered\n");
+ return TEST_SKIPPED;
+ }
+ if (test_macsec_sec_caps_verify(opts, sec_cap, false) != 0)
+ return TEST_SKIPPED;
+ }
+
tci_off = (opts->sectag_insert_mode == 1) ? RTE_ETHER_HDR_LEN :
RTE_ETHER_HDR_LEN + (opts->nb_vlan * RTE_VLAN_HLEN);
@@ -1186,6 +1260,7 @@ test_inline_macsec_encap_all(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1200,7 +1275,11 @@ test_inline_macsec_encap_all(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_ENCAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Cipher Auth Encryption case %d skipped\n", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\nCipher Auth Encryption case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1209,9 +1288,10 @@ test_inline_macsec_encap_all(const void *data __rte_unused)
}
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1220,6 +1300,7 @@ test_inline_macsec_decap_all(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1232,7 +1313,11 @@ test_inline_macsec_decap_all(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Cipher Auth Decryption case %d skipped\n", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\nCipher Auth Decryption case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1241,9 +1326,10 @@ test_inline_macsec_decap_all(const void *data __rte_unused)
}
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1252,6 +1338,7 @@ test_inline_macsec_auth_only_all(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1266,7 +1353,11 @@ test_inline_macsec_auth_only_all(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_integrity_vectors[i];
err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Auth Generate case %d skipped\n", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\nAuth Generate case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1275,9 +1366,10 @@ test_inline_macsec_auth_only_all(const void *data __rte_unused)
}
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1286,6 +1378,7 @@ test_inline_macsec_verify_only_all(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1299,7 +1392,11 @@ test_inline_macsec_verify_only_all(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_integrity_vectors[i];
err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Auth Verify case %d skipped\n", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\nAuth Verify case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1308,9 +1405,10 @@ test_inline_macsec_verify_only_all(const void *data __rte_unused)
}
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1319,6 +1417,7 @@ test_inline_macsec_encap_decap_all(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1334,7 +1433,11 @@ test_inline_macsec_encap_decap_all(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_ENCAP_DECAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Cipher Auth Encap-decap case %d skipped\n", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\nCipher Auth Encap-decap case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1343,9 +1446,10 @@ test_inline_macsec_encap_decap_all(const void *data __rte_unused)
}
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
@@ -1355,6 +1459,7 @@ test_inline_macsec_auth_verify_all(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1369,7 +1474,11 @@ test_inline_macsec_auth_verify_all(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_integrity_vectors[i];
err = test_macsec(&cur_td, MCS_AUTH_VERIFY, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Auth Generate + Verify case %d skipped\n", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\nAuth Generate + Verify case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1378,9 +1487,10 @@ test_inline_macsec_auth_verify_all(const void *data __rte_unused)
}
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1418,7 +1528,9 @@ test_inline_macsec_multi_flow(const void *data __rte_unused)
tv[i] = (const struct mcs_test_vector *)&iter[i];
}
err = test_macsec(tv, MCS_ENCAP_DECAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Cipher Auth Encryption multi flow skipped\n");
+ } else if (err) {
printf("\nCipher Auth Encryption multi flow failed");
err = -1;
} else {
@@ -1434,6 +1546,7 @@ test_inline_macsec_with_vlan(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1456,7 +1569,11 @@ test_inline_macsec_with_vlan(const void *data __rte_unused)
opts.nb_vlan = 2;
}
err = test_macsec(&cur_td, MCS_ENCAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("VLAN Encap case %d skipped", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\n VLAN Encap case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1477,7 +1594,11 @@ test_inline_macsec_with_vlan(const void *data __rte_unused)
opts.nb_vlan = 2;
}
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("VLAN Decap case %d skipped", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\n VLAN Decap case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1487,8 +1608,9 @@ test_inline_macsec_with_vlan(const void *data __rte_unused)
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, (2 * size) + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ 2 * size + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1497,6 +1619,7 @@ test_inline_macsec_pkt_drop(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1512,7 +1635,11 @@ test_inline_macsec_pkt_drop(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_err_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Packet drop case %d skipped", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\nPacket drop case %d passed", cur_td->test_idx);
err = 0;
} else {
@@ -1521,9 +1648,10 @@ test_inline_macsec_pkt_drop(const void *data __rte_unused)
}
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1532,6 +1660,7 @@ test_inline_macsec_untagged_rx(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1547,7 +1676,10 @@ test_inline_macsec_untagged_rx(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_untagged_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = 0;
else
err = -1;
@@ -1559,16 +1691,20 @@ test_inline_macsec_untagged_rx(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_untagged_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = 0;
else
err = -1;
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ 2 * size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1577,6 +1713,7 @@ test_inline_macsec_bad_tag_rx(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1592,7 +1729,10 @@ test_inline_macsec_bad_tag_rx(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_bad_tag_vectors[i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = -1;
else
err = 0;
@@ -1600,9 +1740,10 @@ test_inline_macsec_bad_tag_rx(const void *data __rte_unused)
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1611,6 +1752,7 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1626,7 +1768,10 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = -1;
else
err = 0;
@@ -1634,9 +1779,10 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused)
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1645,6 +1791,7 @@ test_inline_macsec_decap_stats(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1660,7 +1807,11 @@ test_inline_macsec_decap_stats(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Decap stats case %d skipped\n", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\nDecap stats case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1669,9 +1820,10 @@ test_inline_macsec_decap_stats(const void *data __rte_unused)
}
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1680,6 +1832,7 @@ test_inline_macsec_verify_only_stats(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1695,7 +1848,11 @@ test_inline_macsec_verify_only_stats(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_integrity_vectors[i];
err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Verify only stats case %d skipped\n", cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("\nVerify only stats case %d failed", cur_td->test_idx);
err = -1;
} else {
@@ -1704,9 +1861,10 @@ test_inline_macsec_verify_only_stats(const void *data __rte_unused)
}
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
- return all_err;
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1715,6 +1873,7 @@ test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1729,15 +1888,19 @@ test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_err_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = 0;
else
err = -1;
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1746,6 +1909,7 @@ test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE;
@@ -1761,7 +1925,10 @@ test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_integrity_vectors[i];
err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = -1;
else
err = 0;
@@ -1769,8 +1936,9 @@ test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused)
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1779,6 +1947,7 @@ test_inline_macsec_out_pkts_untagged(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1794,7 +1963,10 @@ test_inline_macsec_out_pkts_untagged(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_ENCAP, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = -1;
else
err = 0;
@@ -1802,8 +1974,9 @@ test_inline_macsec_out_pkts_untagged(const void *data __rte_unused)
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1812,6 +1985,7 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD;
@@ -1827,7 +2001,10 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_ENCAP, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = -1;
else
err = 0;
@@ -1835,8 +2012,9 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused)
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1845,6 +2023,7 @@ test_inline_macsec_encap_stats(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1860,15 +2039,20 @@ test_inline_macsec_encap_stats(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_cipher_vectors[i];
err = test_macsec(&cur_td, MCS_ENCAP, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = -1;
else
err = 0;
+
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1877,6 +2061,7 @@ test_inline_macsec_auth_only_stats(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1892,10 +2077,14 @@ test_inline_macsec_auth_only_stats(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_integrity_vectors[i];
err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts);
- if (err)
+ if (err == TEST_SKIPPED) {
+ skipped += 1;
+ err = 0;
+ } else if (err)
err = -1;
else
err = 0;
+
all_err += err;
}
@@ -1909,6 +2098,7 @@ test_inline_macsec_interrupts_all(const void *data __rte_unused)
struct mcs_err_vector err_vector = {0};
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
+ int skipped = 0;
int i, size;
int err, all_err = 0;
enum rte_eth_event_macsec_subtype subtype[] = {
@@ -1937,8 +2127,13 @@ test_inline_macsec_interrupts_all(const void *data __rte_unused)
for (i = 0; i < size; i++) {
cur_td = &list_mcs_intr_test_vectors[i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) &&
- (err_vector.event_subtype == subtype[i])) {
+ if (err == TEST_SKIPPED) {
+ printf("Sectag val err interrupt test case %d skipped",
+ cur_td->test_idx);
+ skipped += 1;
+ err = 0;
+ } else if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) &&
+ (err_vector.event_subtype == subtype[i])) {
printf("\nSectag val err interrupt test case %d passed",
cur_td->test_idx);
err = 0;
@@ -1952,8 +2147,9 @@ test_inline_macsec_interrupts_all(const void *data __rte_unused)
rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_MACSEC,
test_macsec_event_callback, &err_vector);
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1962,6 +2158,7 @@ test_inline_macsec_rekey_tx(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1979,7 +2176,11 @@ test_inline_macsec_rekey_tx(const void *data __rte_unused)
cur_td = &list_mcs_rekey_vectors[i];
opts.rekey_td = &list_mcs_rekey_vectors[++i];
err = test_macsec(&cur_td, MCS_ENCAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Tx hw rekey test case %d skipped\n", i);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("Tx hw rekey test case %d failed\n", i);
err = -1;
} else {
@@ -1989,8 +2190,9 @@ test_inline_macsec_rekey_tx(const void *data __rte_unused)
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size / 2 + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -1999,6 +2201,7 @@ test_inline_macsec_rekey_rx(const void *data __rte_unused)
const struct mcs_test_vector *cur_td;
struct mcs_test_opts opts = {0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -2014,7 +2217,11 @@ test_inline_macsec_rekey_rx(const void *data __rte_unused)
cur_td = &list_mcs_rekey_vectors[i];
opts.rekey_td = &list_mcs_rekey_vectors[++i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err) {
+ if (err == TEST_SKIPPED) {
+ printf("Rx rekey test case %d skipped\n", i);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
printf("Rx rekey test case %d failed\n", i);
err = -1;
} else {
@@ -2024,8 +2231,9 @@ test_inline_macsec_rekey_rx(const void *data __rte_unused)
all_err += err;
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size / 2 + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
@@ -2035,6 +2243,7 @@ test_inline_macsec_anti_replay(const void *data __rte_unused)
struct mcs_test_opts opts = {0};
uint16_t replay_win_sz[2] = {32, 0};
int err, all_err = 0;
+ int skipped = 0;
int i, size;
int j;
@@ -2055,21 +2264,30 @@ test_inline_macsec_anti_replay(const void *data __rte_unused)
opts.ar_td[1] = &list_mcs_anti_replay_vectors[++i];
opts.ar_td[2] = &list_mcs_anti_replay_vectors[++i];
err = test_macsec(&cur_td, MCS_DECAP, &opts);
- if (err) {
- printf("Replay window: %u, Anti replay test case %d failed\n",
- opts.replay_win_sz, i);
+ if (err == TEST_SKIPPED) {
+ printf("Replay window: %u, Anti replay test "
+ "case %d skipped\n", opts.replay_win_sz,
+ i);
+ skipped += 1;
+ err = 0;
+ } else if (err) {
+ printf("Replay window: %u, Anti replay test "
+ "case %d failed\n", opts.replay_win_sz,
+ i);
err = -1;
} else {
- printf("Replay window: %u, Anti replay test case %d passed\n",
- opts.replay_win_sz, i);
+ printf("Replay window: %u, Anti replay test "
+ "case %d passed\n", opts.replay_win_sz,
+ i);
err = 0;
}
all_err += err;
}
}
- printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
- return all_err;
+ printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+ size / 2 + all_err - skipped, -all_err, skipped);
+ return skipped > 0 ? TEST_SKIPPED : all_err;
}
static int
--
2.25.1
next prev parent reply other threads:[~2023-07-31 3:45 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-31 3:44 [PATCH 1/3] security: add MACsec algo in capability index Akhil Goyal
2023-07-31 3:44 ` [PATCH 2/3] net/cnxk: add MACsec capability Akhil Goyal
2023-07-31 3:44 ` Akhil Goyal [this message]
2023-09-19 13:54 ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
2023-09-19 13:54 ` [PATCH v2 1/3] security: add MACsec algo in capability index Akhil Goyal
2023-09-19 13:54 ` [PATCH v2 2/3] net/cnxk: add MACsec capability Akhil Goyal
2023-09-19 13:54 ` [PATCH v2 3/3] test/security: add capability verification for MACsec Akhil Goyal
2023-09-19 19:17 ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230731034447.929506-3-gakhil@marvell.com \
--to=gakhil@marvell.com \
--cc=adwivedi@marvell.com \
--cc=dev@dpdk.org \
--cc=jerinj@marvell.com \
--cc=vattunuru@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).