DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH 1/3] security: add MACsec algo in capability index
@ 2023-07-31  3:44 Akhil Goyal
  2023-07-31  3:44 ` [PATCH 2/3] net/cnxk: add MACsec capability Akhil Goyal
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Akhil Goyal @ 2023-07-31  3:44 UTC (permalink / raw)
  To: dev; +Cc: jerinj, adwivedi, vattunuru

From: Ankur Dwivedi <adwivedi@marvell.com>

This patch adds the MACsec algorithm field in security capability index
structure. This field is compared against the MACsec alg to return the
correct capability.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
---
 lib/security/rte_security.c | 4 ++++
 lib/security/rte_security.h | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index c4d64bb8e9..2d729b735b 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -282,6 +282,10 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 				if (capability->docsis.direction ==
 							idx->docsis.direction)
 					return capability;
+			} else if (idx->protocol ==
+						RTE_SECURITY_PROTOCOL_MACSEC) {
+				if (idx->macsec.alg == capability->macsec.alg)
+					return capability;
 			}
 		}
 	}
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 3b2df526ba..5459002d43 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -1251,6 +1251,9 @@ struct rte_security_capability_idx {
 		struct {
 			enum rte_security_docsis_direction direction;
 		} docsis;
+		struct {
+			enum rte_security_macsec_alg alg;
+		} macsec;
 	};
 };
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 2/3] net/cnxk: add MACsec capability
  2023-07-31  3:44 [PATCH 1/3] security: add MACsec algo in capability index Akhil Goyal
@ 2023-07-31  3:44 ` Akhil Goyal
  2023-07-31  3:44 ` [PATCH 3/3] test/security: add capability verification for MACsec Akhil Goyal
  2023-09-19 13:54 ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
  2 siblings, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2023-07-31  3:44 UTC (permalink / raw)
  To: dev; +Cc: jerinj, adwivedi, vattunuru

From: Ankur Dwivedi <adwivedi@marvell.com>

Adds the MACsec capability for CN10K-B.

The ethernet security capability structure is populated based on the
feature supported by the device.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
---
 drivers/common/cnxk/roc_features.h  |   6 ++
 drivers/common/cnxk/roc_mcs.h       |   3 +
 drivers/net/cnxk/cn10k_ethdev_sec.c | 120 +++++++++++++++++++++++++++-
 3 files changed, 125 insertions(+), 4 deletions(-)

diff --git a/drivers/common/cnxk/roc_features.h b/drivers/common/cnxk/roc_features.h
index 815f800e7a..d5d0c0c901 100644
--- a/drivers/common/cnxk/roc_features.h
+++ b/drivers/common/cnxk/roc_features.h
@@ -71,4 +71,10 @@ roc_feature_bphy_has_macsec(void)
 {
 	return roc_model_is_cnf10kb();
 }
+
+static inline bool
+roc_feature_nix_has_inl_ipsec(void)
+{
+	return !roc_model_is_cnf10kb();
+}
 #endif
diff --git a/drivers/common/cnxk/roc_mcs.h b/drivers/common/cnxk/roc_mcs.h
index afac6c92e2..602f1cae1d 100644
--- a/drivers/common/cnxk/roc_mcs.h
+++ b/drivers/common/cnxk/roc_mcs.h
@@ -7,6 +7,9 @@
 
 #define MCS_AES_GCM_256_KEYLEN 32
 
+#define ROC_MCS_MAX_AR_WINSZ BIT_ULL(31)
+#define ROC_MCS_MAX_MTU      (BIT_ULL(16) - 1)
+
 struct roc_mcs_alloc_rsrc_req {
 	uint8_t rsrc_type;
 	uint8_t rsrc_cnt; /* Resources count */
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index b98fc9378e..a7473922af 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -303,7 +303,7 @@ static struct rte_cryptodev_capabilities cn10k_eth_sec_crypto_caps[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
-static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
+static const struct rte_security_capability cn10k_eth_sec_ipsec_capabilities[] = {
 	{	/* IPsec Inline Protocol ESP Tunnel Ingress */
 		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
@@ -401,11 +401,100 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
 		.crypto_capabilities = cn10k_eth_sec_crypto_caps,
 		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
 	},
-	{
-		.action = RTE_SECURITY_ACTION_TYPE_NONE
-	}
 };
 
+static const struct rte_security_capability cn10k_eth_sec_macsec_capabilities[] = {
+	{	/* MACsec Inline Protocol, AES-GCM-128 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+	{	/* MACsec Inline Protocol, AES-GCM-256 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_256,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+	{	/* MACsec Inline Protocol, AES-GCM-XPN-128 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+	{	/* MACsec Inline Protocol, AES-GCM-XPN-256 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+};
+
+#define SEC_CAPS_LEN (RTE_DIM(cn10k_eth_sec_ipsec_capabilities) + \
+		RTE_DIM(cn10k_eth_sec_macsec_capabilities) + 1)
+
+static struct rte_security_capability cn10k_eth_sec_capabilities[SEC_CAPS_LEN];
+
 static inline void
 cnxk_pktmbuf_free_no_cache(struct rte_mbuf *mbuf)
 {
@@ -1093,15 +1182,38 @@ cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess,
 	return 0;
 }
 
+static void
+eth_sec_caps_add(struct rte_security_capability eth_sec_caps[], uint32_t *idx,
+		 const struct rte_security_capability *caps, uint32_t nb_caps)
+{
+	PLT_VERIFY(*idx + nb_caps < SEC_CAPS_LEN);
+
+	rte_memcpy(&eth_sec_caps[*idx], caps, nb_caps * sizeof(caps[0]));
+	*idx += nb_caps;
+}
+
 void
 cn10k_eth_sec_ops_override(void)
 {
 	static int init_once;
+	uint32_t idx = 0;
 
 	if (init_once)
 		return;
 	init_once = 1;
 
+	if (roc_feature_nix_has_inl_ipsec())
+		eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx,
+				 cn10k_eth_sec_ipsec_capabilities,
+				 RTE_DIM(cn10k_eth_sec_ipsec_capabilities));
+
+	if (roc_feature_nix_has_macsec())
+		eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx,
+				 cn10k_eth_sec_macsec_capabilities,
+				 RTE_DIM(cn10k_eth_sec_macsec_capabilities));
+
+	cn10k_eth_sec_capabilities[idx].action = RTE_SECURITY_ACTION_TYPE_NONE;
+
 	/* Update platform specific ops */
 	cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create;
 	cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 3/3] test/security: add capability verification for MACsec
  2023-07-31  3:44 [PATCH 1/3] security: add MACsec algo in capability index Akhil Goyal
  2023-07-31  3:44 ` [PATCH 2/3] net/cnxk: add MACsec capability Akhil Goyal
@ 2023-07-31  3:44 ` Akhil Goyal
  2023-09-19 13:54 ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
  2 siblings, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2023-07-31  3:44 UTC (permalink / raw)
  To: dev; +Cc: jerinj, adwivedi, vattunuru

From: Ankur Dwivedi <adwivedi@marvell.com>

Before running each MACsec test, the device capability is read. The
capability is then verified to check if the device supports a feature or
not. If the feature is not supported the test is skipped.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
---
 app/test/test_security_inline_macsec.c | 368 ++++++++++++++++++++-----
 1 file changed, 293 insertions(+), 75 deletions(-)

diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index bfb9e09752..954d6b789e 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -837,10 +837,60 @@ test_macsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
 	return 0;
 }
 
+static int
+test_macsec_sec_caps_verify(const struct mcs_test_opts *opts,
+		const struct rte_security_capability *sec_cap, bool silent)
+{
+	if (opts->mtu > sec_cap->macsec.mtu) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "MTU size is not supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->replay_protect == 1 && sec_cap->macsec.anti_replay == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Anti replay is not supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->replay_win_sz > sec_cap->macsec.replay_win_sz) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Replay window size is not "
+					"supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->rekey_en == 1 && sec_cap->macsec.re_key == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Rekey is not supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->sectag_insert_mode == 0 &&
+			sec_cap->macsec.relative_sectag_insert == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Relative offset sectag insert "
+					"not supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->sectag_insert_mode == 1 &&
+			sec_cap->macsec.fixed_sectag_insert == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Fixed offset sectag insert "
+					"not supported\n");
+		return -ENOTSUP;
+	}
+
+	return 0;
+}
+
 static int
 test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts)
 {
 	uint16_t rx_sa_id[MCS_MAX_FLOWS][RTE_SECURITY_MACSEC_NUM_AN] = {{0}};
+	struct rte_security_capability_idx sec_cap_idx;
+	const struct rte_security_capability *sec_cap;
 	uint16_t tx_sa_id[MCS_MAX_FLOWS][2] = {{0}};
 	uint16_t rx_sc_id[MCS_MAX_FLOWS] = {0};
 	uint16_t tx_sc_id[MCS_MAX_FLOWS] = {0};
@@ -864,6 +914,30 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 		return TEST_SKIPPED;
 	}
 
+	sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
+	sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_MACSEC;
+	sec_cap_idx.macsec.alg = td[0]->alg;
+	sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
+	if (sec_cap == NULL) {
+		printf("No capabilities registered\n");
+		return TEST_SKIPPED;
+	}
+
+	if (test_macsec_sec_caps_verify(opts, sec_cap, false) != 0)
+		return TEST_SKIPPED;
+
+	if (opts->rekey_en) {
+		/* Verify the rekey td */
+		sec_cap_idx.macsec.alg = opts->rekey_td->alg;
+		sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
+		if (sec_cap == NULL) {
+			printf("No capabilities registered\n");
+			return TEST_SKIPPED;
+		}
+		if (test_macsec_sec_caps_verify(opts, sec_cap, false) != 0)
+			return TEST_SKIPPED;
+	}
+
 	tci_off = (opts->sectag_insert_mode == 1) ? RTE_ETHER_HDR_LEN :
 			RTE_ETHER_HDR_LEN + (opts->nb_vlan * RTE_VLAN_HLEN);
 
@@ -1186,6 +1260,7 @@ test_inline_macsec_encap_all(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1200,7 +1275,11 @@ test_inline_macsec_encap_all(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Cipher Auth Encryption case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nCipher Auth Encryption case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1209,9 +1288,10 @@ test_inline_macsec_encap_all(const void *data __rte_unused)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1220,6 +1300,7 @@ test_inline_macsec_decap_all(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1232,7 +1313,11 @@ test_inline_macsec_decap_all(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Cipher Auth Decryption case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nCipher Auth Decryption case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1241,9 +1326,10 @@ test_inline_macsec_decap_all(const void *data __rte_unused)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1252,6 +1338,7 @@ test_inline_macsec_auth_only_all(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1266,7 +1353,11 @@ test_inline_macsec_auth_only_all(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Auth Generate case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nAuth Generate case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1275,9 +1366,10 @@ test_inline_macsec_auth_only_all(const void *data __rte_unused)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1286,6 +1378,7 @@ test_inline_macsec_verify_only_all(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1299,7 +1392,11 @@ test_inline_macsec_verify_only_all(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Auth Verify case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nAuth Verify case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1308,9 +1405,10 @@ test_inline_macsec_verify_only_all(const void *data __rte_unused)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1319,6 +1417,7 @@ test_inline_macsec_encap_decap_all(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1334,7 +1433,11 @@ test_inline_macsec_encap_decap_all(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Cipher Auth Encap-decap case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nCipher Auth Encap-decap case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1343,9 +1446,10 @@ test_inline_macsec_encap_decap_all(const void *data __rte_unused)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 
@@ -1355,6 +1459,7 @@ test_inline_macsec_auth_verify_all(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1369,7 +1474,11 @@ test_inline_macsec_auth_verify_all(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_AUTH_VERIFY, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Auth Generate + Verify case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nAuth Generate + Verify case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1378,9 +1487,10 @@ test_inline_macsec_auth_verify_all(const void *data __rte_unused)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1418,7 +1528,9 @@ test_inline_macsec_multi_flow(const void *data __rte_unused)
 		tv[i] = (const struct mcs_test_vector *)&iter[i];
 	}
 	err = test_macsec(tv, MCS_ENCAP_DECAP, &opts);
-	if (err) {
+	if (err == TEST_SKIPPED) {
+		printf("Cipher Auth Encryption multi flow skipped\n");
+	} else if (err) {
 		printf("\nCipher Auth Encryption multi flow failed");
 		err = -1;
 	} else {
@@ -1434,6 +1546,7 @@ test_inline_macsec_with_vlan(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1456,7 +1569,11 @@ test_inline_macsec_with_vlan(const void *data __rte_unused)
 			opts.nb_vlan = 2;
 		}
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("VLAN Encap case %d skipped", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\n VLAN Encap case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1477,7 +1594,11 @@ test_inline_macsec_with_vlan(const void *data __rte_unused)
 			opts.nb_vlan = 2;
 		}
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("VLAN Decap case %d skipped", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\n VLAN Decap case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1487,8 +1608,9 @@ test_inline_macsec_with_vlan(const void *data __rte_unused)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, (2 * size) + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			2 * size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1497,6 +1619,7 @@ test_inline_macsec_pkt_drop(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1512,7 +1635,11 @@ test_inline_macsec_pkt_drop(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_err_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Packet drop case %d skipped", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nPacket drop case %d passed", cur_td->test_idx);
 			err = 0;
 		} else {
@@ -1521,9 +1648,10 @@ test_inline_macsec_pkt_drop(const void *data __rte_unused)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1532,6 +1660,7 @@ test_inline_macsec_untagged_rx(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1547,7 +1676,10 @@ test_inline_macsec_untagged_rx(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_untagged_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = 0;
 		else
 			err = -1;
@@ -1559,16 +1691,20 @@ test_inline_macsec_untagged_rx(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_untagged_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = 0;
 		else
 			err = -1;
 
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			2 * size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1577,6 +1713,7 @@ test_inline_macsec_bad_tag_rx(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1592,7 +1729,10 @@ test_inline_macsec_bad_tag_rx(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_bad_tag_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1600,9 +1740,10 @@ test_inline_macsec_bad_tag_rx(const void *data __rte_unused)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1611,6 +1752,7 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1626,7 +1768,10 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1634,9 +1779,10 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1645,6 +1791,7 @@ test_inline_macsec_decap_stats(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1660,7 +1807,11 @@ test_inline_macsec_decap_stats(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Decap stats case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nDecap stats case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1669,9 +1820,10 @@ test_inline_macsec_decap_stats(const void *data __rte_unused)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1680,6 +1832,7 @@ test_inline_macsec_verify_only_stats(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1695,7 +1848,11 @@ test_inline_macsec_verify_only_stats(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Verify only stats case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nVerify only stats case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1704,9 +1861,10 @@ test_inline_macsec_verify_only_stats(const void *data __rte_unused)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1715,6 +1873,7 @@ test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1729,15 +1888,19 @@ test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_err_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = 0;
 		else
 			err = -1;
 
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1746,6 +1909,7 @@ test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE;
@@ -1761,7 +1925,10 @@ test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1769,8 +1936,9 @@ test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1779,6 +1947,7 @@ test_inline_macsec_out_pkts_untagged(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1794,7 +1963,10 @@ test_inline_macsec_out_pkts_untagged(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1802,8 +1974,9 @@ test_inline_macsec_out_pkts_untagged(const void *data __rte_unused)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1812,6 +1985,7 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD;
@@ -1827,7 +2001,10 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1835,8 +2012,9 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1845,6 +2023,7 @@ test_inline_macsec_encap_stats(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1860,15 +2039,20 @@ test_inline_macsec_encap_stats(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
+
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1877,6 +2061,7 @@ test_inline_macsec_auth_only_stats(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1892,10 +2077,14 @@ test_inline_macsec_auth_only_stats(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
+
 		all_err += err;
 	}
 
@@ -1909,6 +2098,7 @@ test_inline_macsec_interrupts_all(const void *data __rte_unused)
 	struct mcs_err_vector err_vector = {0};
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
+	int skipped = 0;
 	int i, size;
 	int err, all_err = 0;
 	enum rte_eth_event_macsec_subtype subtype[] =  {
@@ -1937,8 +2127,13 @@ test_inline_macsec_interrupts_all(const void *data __rte_unused)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_intr_test_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) &&
-		    (err_vector.event_subtype == subtype[i])) {
+		if (err == TEST_SKIPPED) {
+			printf("Sectag val err interrupt test case %d skipped",
+			       cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) &&
+			   (err_vector.event_subtype == subtype[i])) {
 			printf("\nSectag val err interrupt test case %d passed",
 			       cur_td->test_idx);
 			err = 0;
@@ -1952,8 +2147,9 @@ test_inline_macsec_interrupts_all(const void *data __rte_unused)
 	rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_MACSEC,
 			test_macsec_event_callback, &err_vector);
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1962,6 +2158,7 @@ test_inline_macsec_rekey_tx(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1979,7 +2176,11 @@ test_inline_macsec_rekey_tx(const void *data __rte_unused)
 		cur_td = &list_mcs_rekey_vectors[i];
 		opts.rekey_td = &list_mcs_rekey_vectors[++i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Tx hw rekey test case %d skipped\n", i);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("Tx hw rekey test case %d failed\n", i);
 			err = -1;
 		} else {
@@ -1989,8 +2190,9 @@ test_inline_macsec_rekey_tx(const void *data __rte_unused)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size / 2 + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1999,6 +2201,7 @@ test_inline_macsec_rekey_rx(const void *data __rte_unused)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -2014,7 +2217,11 @@ test_inline_macsec_rekey_rx(const void *data __rte_unused)
 		cur_td = &list_mcs_rekey_vectors[i];
 		opts.rekey_td = &list_mcs_rekey_vectors[++i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Rx rekey test case %d skipped\n", i);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("Rx rekey test case %d failed\n", i);
 			err = -1;
 		} else {
@@ -2024,8 +2231,9 @@ test_inline_macsec_rekey_rx(const void *data __rte_unused)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size / 2 + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -2035,6 +2243,7 @@ test_inline_macsec_anti_replay(const void *data __rte_unused)
 	struct mcs_test_opts opts = {0};
 	uint16_t replay_win_sz[2] = {32, 0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 	int j;
 
@@ -2055,21 +2264,30 @@ test_inline_macsec_anti_replay(const void *data __rte_unused)
 			opts.ar_td[1] = &list_mcs_anti_replay_vectors[++i];
 			opts.ar_td[2] = &list_mcs_anti_replay_vectors[++i];
 			err = test_macsec(&cur_td, MCS_DECAP, &opts);
-			if (err) {
-				printf("Replay window: %u, Anti replay test case %d failed\n",
-				       opts.replay_win_sz, i);
+			if (err == TEST_SKIPPED) {
+				printf("Replay window: %u, Anti replay test "
+				       "case %d skipped\n", opts.replay_win_sz,
+				       i);
+				skipped += 1;
+				err = 0;
+			} else if (err) {
+				printf("Replay window: %u, Anti replay test "
+				       "case %d failed\n", opts.replay_win_sz,
+				       i);
 				err = -1;
 			} else {
-				printf("Replay window: %u, Anti replay test case %d passed\n",
-				       opts.replay_win_sz, i);
+				printf("Replay window: %u, Anti replay test "
+				       "case %d passed\n", opts.replay_win_sz,
+				       i);
 				err = 0;
 			}
 			all_err += err;
 		}
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size / 2 + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
-- 
2.25.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v2 0/3] MACsec capability verification
  2023-07-31  3:44 [PATCH 1/3] security: add MACsec algo in capability index Akhil Goyal
  2023-07-31  3:44 ` [PATCH 2/3] net/cnxk: add MACsec capability Akhil Goyal
  2023-07-31  3:44 ` [PATCH 3/3] test/security: add capability verification for MACsec Akhil Goyal
@ 2023-09-19 13:54 ` Akhil Goyal
  2023-09-19 13:54   ` [PATCH v2 1/3] security: add MACsec algo in capability index Akhil Goyal
                     ` (3 more replies)
  2 siblings, 4 replies; 8+ messages in thread
From: Akhil Goyal @ 2023-09-19 13:54 UTC (permalink / raw)
  To: dev; +Cc: adwivedi, jerinj, vattunuru, Akhil Goyal

Changes in v2: Fixed clang build issue in 3/3 patch.

Ankur Dwivedi (3):
  security: add MACsec algo in capability index
  net/cnxk: add MACsec capability
  test/security: add capability verification for MACsec

 app/test/test_security_inline_macsec.c | 373 ++++++++++++++++++++-----
 drivers/common/cnxk/roc_features.h     |   6 +
 drivers/common/cnxk/roc_mcs.h          |   3 +
 drivers/net/cnxk/cn10k_ethdev_sec.c    | 120 +++++++-
 lib/security/rte_security.c            |   4 +
 lib/security/rte_security.h            |   3 +
 6 files changed, 428 insertions(+), 81 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v2 1/3] security: add MACsec algo in capability index
  2023-09-19 13:54 ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
@ 2023-09-19 13:54   ` Akhil Goyal
  2023-09-19 13:54   ` [PATCH v2 2/3] net/cnxk: add MACsec capability Akhil Goyal
                     ` (2 subsequent siblings)
  3 siblings, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2023-09-19 13:54 UTC (permalink / raw)
  To: dev; +Cc: adwivedi, jerinj, vattunuru, Akhil Goyal

From: Ankur Dwivedi <adwivedi@marvell.com>

This patch adds the MACsec algorithm field in security capability index
structure. This field is compared against the MACsec alg to return the
correct capability.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 lib/security/rte_security.c | 4 ++++
 lib/security/rte_security.h | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index c4d64bb8e9..2d729b735b 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -282,6 +282,10 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 				if (capability->docsis.direction ==
 							idx->docsis.direction)
 					return capability;
+			} else if (idx->protocol ==
+						RTE_SECURITY_PROTOCOL_MACSEC) {
+				if (idx->macsec.alg == capability->macsec.alg)
+					return capability;
 			}
 		}
 	}
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index c6550f4d8d..439bbb957f 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -1252,6 +1252,9 @@ struct rte_security_capability_idx {
 		struct {
 			enum rte_security_docsis_direction direction;
 		} docsis;
+		struct {
+			enum rte_security_macsec_alg alg;
+		} macsec;
 	};
 };
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v2 2/3] net/cnxk: add MACsec capability
  2023-09-19 13:54 ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
  2023-09-19 13:54   ` [PATCH v2 1/3] security: add MACsec algo in capability index Akhil Goyal
@ 2023-09-19 13:54   ` Akhil Goyal
  2023-09-19 13:54   ` [PATCH v2 3/3] test/security: add capability verification for MACsec Akhil Goyal
  2023-09-19 19:17   ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
  3 siblings, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2023-09-19 13:54 UTC (permalink / raw)
  To: dev; +Cc: adwivedi, jerinj, vattunuru, Akhil Goyal

From: Ankur Dwivedi <adwivedi@marvell.com>

Adds the MACsec capability for CN10K-B.

The ethernet security capability structure is populated based on the
feature supported by the device.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/common/cnxk/roc_features.h  |   6 ++
 drivers/common/cnxk/roc_mcs.h       |   3 +
 drivers/net/cnxk/cn10k_ethdev_sec.c | 120 +++++++++++++++++++++++++++-
 3 files changed, 125 insertions(+), 4 deletions(-)

diff --git a/drivers/common/cnxk/roc_features.h b/drivers/common/cnxk/roc_features.h
index 815f800e7a..d5d0c0c901 100644
--- a/drivers/common/cnxk/roc_features.h
+++ b/drivers/common/cnxk/roc_features.h
@@ -71,4 +71,10 @@ roc_feature_bphy_has_macsec(void)
 {
 	return roc_model_is_cnf10kb();
 }
+
+static inline bool
+roc_feature_nix_has_inl_ipsec(void)
+{
+	return !roc_model_is_cnf10kb();
+}
 #endif
diff --git a/drivers/common/cnxk/roc_mcs.h b/drivers/common/cnxk/roc_mcs.h
index afac6c92e2..602f1cae1d 100644
--- a/drivers/common/cnxk/roc_mcs.h
+++ b/drivers/common/cnxk/roc_mcs.h
@@ -7,6 +7,9 @@
 
 #define MCS_AES_GCM_256_KEYLEN 32
 
+#define ROC_MCS_MAX_AR_WINSZ BIT_ULL(31)
+#define ROC_MCS_MAX_MTU      (BIT_ULL(16) - 1)
+
 struct roc_mcs_alloc_rsrc_req {
 	uint8_t rsrc_type;
 	uint8_t rsrc_cnt; /* Resources count */
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index b98fc9378e..a7473922af 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -303,7 +303,7 @@ static struct rte_cryptodev_capabilities cn10k_eth_sec_crypto_caps[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
-static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
+static const struct rte_security_capability cn10k_eth_sec_ipsec_capabilities[] = {
 	{	/* IPsec Inline Protocol ESP Tunnel Ingress */
 		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
@@ -401,11 +401,100 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
 		.crypto_capabilities = cn10k_eth_sec_crypto_caps,
 		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
 	},
-	{
-		.action = RTE_SECURITY_ACTION_TYPE_NONE
-	}
 };
 
+static const struct rte_security_capability cn10k_eth_sec_macsec_capabilities[] = {
+	{	/* MACsec Inline Protocol, AES-GCM-128 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+	{	/* MACsec Inline Protocol, AES-GCM-256 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_256,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+	{	/* MACsec Inline Protocol, AES-GCM-XPN-128 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+	{	/* MACsec Inline Protocol, AES-GCM-XPN-256 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+};
+
+#define SEC_CAPS_LEN (RTE_DIM(cn10k_eth_sec_ipsec_capabilities) + \
+		RTE_DIM(cn10k_eth_sec_macsec_capabilities) + 1)
+
+static struct rte_security_capability cn10k_eth_sec_capabilities[SEC_CAPS_LEN];
+
 static inline void
 cnxk_pktmbuf_free_no_cache(struct rte_mbuf *mbuf)
 {
@@ -1093,15 +1182,38 @@ cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess,
 	return 0;
 }
 
+static void
+eth_sec_caps_add(struct rte_security_capability eth_sec_caps[], uint32_t *idx,
+		 const struct rte_security_capability *caps, uint32_t nb_caps)
+{
+	PLT_VERIFY(*idx + nb_caps < SEC_CAPS_LEN);
+
+	rte_memcpy(&eth_sec_caps[*idx], caps, nb_caps * sizeof(caps[0]));
+	*idx += nb_caps;
+}
+
 void
 cn10k_eth_sec_ops_override(void)
 {
 	static int init_once;
+	uint32_t idx = 0;
 
 	if (init_once)
 		return;
 	init_once = 1;
 
+	if (roc_feature_nix_has_inl_ipsec())
+		eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx,
+				 cn10k_eth_sec_ipsec_capabilities,
+				 RTE_DIM(cn10k_eth_sec_ipsec_capabilities));
+
+	if (roc_feature_nix_has_macsec())
+		eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx,
+				 cn10k_eth_sec_macsec_capabilities,
+				 RTE_DIM(cn10k_eth_sec_macsec_capabilities));
+
+	cn10k_eth_sec_capabilities[idx].action = RTE_SECURITY_ACTION_TYPE_NONE;
+
 	/* Update platform specific ops */
 	cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create;
 	cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v2 3/3] test/security: add capability verification for MACsec
  2023-09-19 13:54 ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
  2023-09-19 13:54   ` [PATCH v2 1/3] security: add MACsec algo in capability index Akhil Goyal
  2023-09-19 13:54   ` [PATCH v2 2/3] net/cnxk: add MACsec capability Akhil Goyal
@ 2023-09-19 13:54   ` Akhil Goyal
  2023-09-19 19:17   ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
  3 siblings, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2023-09-19 13:54 UTC (permalink / raw)
  To: dev; +Cc: adwivedi, jerinj, vattunuru, Akhil Goyal

From: Ankur Dwivedi <adwivedi@marvell.com>

Before running each MACsec test, the device capability is read. The
capability is then verified to check if the device supports a feature or
not. If the feature is not supported the test is skipped.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_security_inline_macsec.c | 373 ++++++++++++++++++++-----
 1 file changed, 296 insertions(+), 77 deletions(-)

diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index 475f2aec83..40fdfda942 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -837,10 +837,60 @@ test_macsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
 	return 0;
 }
 
+static int
+test_macsec_sec_caps_verify(const struct mcs_test_opts *opts,
+		const struct rte_security_capability *sec_cap, bool silent)
+{
+	if (opts->mtu > sec_cap->macsec.mtu) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "MTU size is not supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->replay_protect == 1 && sec_cap->macsec.anti_replay == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Anti replay is not supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->replay_win_sz > sec_cap->macsec.replay_win_sz) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Replay window size is not "
+					"supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->rekey_en == 1 && sec_cap->macsec.re_key == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Rekey is not supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->sectag_insert_mode == 0 &&
+			sec_cap->macsec.relative_sectag_insert == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Relative offset sectag insert "
+					"not supported\n");
+		return -ENOTSUP;
+	}
+
+	if (opts->sectag_insert_mode == 1 &&
+			sec_cap->macsec.fixed_sectag_insert == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1, "Fixed offset sectag insert "
+					"not supported\n");
+		return -ENOTSUP;
+	}
+
+	return 0;
+}
+
 static int
 test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts)
 {
 	uint16_t rx_sa_id[MCS_MAX_FLOWS][RTE_SECURITY_MACSEC_NUM_AN] = {{0}};
+	struct rte_security_capability_idx sec_cap_idx;
+	const struct rte_security_capability *sec_cap;
 	uint16_t tx_sa_id[MCS_MAX_FLOWS][2] = {{0}};
 	uint16_t rx_sc_id[MCS_MAX_FLOWS] = {0};
 	uint16_t tx_sc_id[MCS_MAX_FLOWS] = {0};
@@ -864,6 +914,30 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 		return TEST_SKIPPED;
 	}
 
+	sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
+	sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_MACSEC;
+	sec_cap_idx.macsec.alg = td[0]->alg;
+	sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
+	if (sec_cap == NULL) {
+		printf("No capabilities registered\n");
+		return TEST_SKIPPED;
+	}
+
+	if (test_macsec_sec_caps_verify(opts, sec_cap, false) != 0)
+		return TEST_SKIPPED;
+
+	if (opts->rekey_en) {
+		/* Verify the rekey td */
+		sec_cap_idx.macsec.alg = opts->rekey_td->alg;
+		sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
+		if (sec_cap == NULL) {
+			printf("No capabilities registered\n");
+			return TEST_SKIPPED;
+		}
+		if (test_macsec_sec_caps_verify(opts, sec_cap, false) != 0)
+			return TEST_SKIPPED;
+	}
+
 	tci_off = (opts->sectag_insert_mode == 1) ? RTE_ETHER_HDR_LEN :
 			RTE_ETHER_HDR_LEN + (opts->nb_vlan * RTE_VLAN_HLEN);
 
@@ -1186,6 +1260,7 @@ test_inline_macsec_encap_all(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1200,7 +1275,11 @@ test_inline_macsec_encap_all(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Cipher Auth Encryption case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nCipher Auth Encryption case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1209,9 +1288,10 @@ test_inline_macsec_encap_all(void)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1220,6 +1300,7 @@ test_inline_macsec_decap_all(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1232,7 +1313,11 @@ test_inline_macsec_decap_all(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Cipher Auth Decryption case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nCipher Auth Decryption case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1241,9 +1326,10 @@ test_inline_macsec_decap_all(void)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1252,6 +1338,7 @@ test_inline_macsec_auth_only_all(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1266,7 +1353,11 @@ test_inline_macsec_auth_only_all(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Auth Generate case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nAuth Generate case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1275,9 +1366,10 @@ test_inline_macsec_auth_only_all(void)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1286,6 +1378,7 @@ test_inline_macsec_verify_only_all(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1299,7 +1392,11 @@ test_inline_macsec_verify_only_all(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Auth Verify case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nAuth Verify case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1308,9 +1405,10 @@ test_inline_macsec_verify_only_all(void)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1319,6 +1417,7 @@ test_inline_macsec_encap_decap_all(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1334,7 +1433,11 @@ test_inline_macsec_encap_decap_all(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Cipher Auth Encap-decap case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nCipher Auth Encap-decap case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1343,9 +1446,10 @@ test_inline_macsec_encap_decap_all(void)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 
@@ -1355,6 +1459,7 @@ test_inline_macsec_auth_verify_all(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1369,7 +1474,11 @@ test_inline_macsec_auth_verify_all(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_AUTH_VERIFY, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Auth Generate + Verify case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nAuth Generate + Verify case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1378,9 +1487,10 @@ test_inline_macsec_auth_verify_all(void)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1418,7 +1528,9 @@ test_inline_macsec_multi_flow(void)
 		tv[i] = (const struct mcs_test_vector *)&iter[i];
 	}
 	err = test_macsec(tv, MCS_ENCAP_DECAP, &opts);
-	if (err) {
+	if (err == TEST_SKIPPED) {
+		printf("Cipher Auth Encryption multi flow skipped\n");
+	} else if (err) {
 		printf("\nCipher Auth Encryption multi flow failed");
 		err = -1;
 	} else {
@@ -1434,6 +1546,7 @@ test_inline_macsec_with_vlan(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1456,7 +1569,11 @@ test_inline_macsec_with_vlan(void)
 			opts.nb_vlan = 2;
 		}
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("VLAN Encap case %d skipped", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\n VLAN Encap case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1477,7 +1594,11 @@ test_inline_macsec_with_vlan(void)
 			opts.nb_vlan = 2;
 		}
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("VLAN Decap case %d skipped", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\n VLAN Decap case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1487,8 +1608,9 @@ test_inline_macsec_with_vlan(void)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, (2 * size) + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			2 * size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1497,6 +1619,7 @@ test_inline_macsec_pkt_drop(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1512,7 +1635,11 @@ test_inline_macsec_pkt_drop(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_err_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Packet drop case %d skipped", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nPacket drop case %d passed", cur_td->test_idx);
 			err = 0;
 		} else {
@@ -1521,9 +1648,10 @@ test_inline_macsec_pkt_drop(void)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1532,6 +1660,7 @@ test_inline_macsec_untagged_rx(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1547,7 +1676,10 @@ test_inline_macsec_untagged_rx(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_untagged_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = 0;
 		else
 			err = -1;
@@ -1559,16 +1691,20 @@ test_inline_macsec_untagged_rx(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_untagged_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = 0;
 		else
 			err = -1;
 
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			2 * size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1577,6 +1713,7 @@ test_inline_macsec_bad_tag_rx(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1592,7 +1729,10 @@ test_inline_macsec_bad_tag_rx(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_bad_tag_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1600,9 +1740,10 @@ test_inline_macsec_bad_tag_rx(void)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1611,6 +1752,7 @@ test_inline_macsec_sa_not_in_use(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1626,7 +1768,10 @@ test_inline_macsec_sa_not_in_use(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1634,9 +1779,10 @@ test_inline_macsec_sa_not_in_use(void)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1645,6 +1791,7 @@ test_inline_macsec_decap_stats(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1660,7 +1807,11 @@ test_inline_macsec_decap_stats(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Decap stats case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nDecap stats case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1669,9 +1820,10 @@ test_inline_macsec_decap_stats(void)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1680,6 +1832,7 @@ test_inline_macsec_verify_only_stats(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1695,7 +1848,11 @@ test_inline_macsec_verify_only_stats(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Verify only stats case %d skipped\n", cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("\nVerify only stats case %d failed", cur_td->test_idx);
 			err = -1;
 		} else {
@@ -1704,9 +1861,10 @@ test_inline_macsec_verify_only_stats(void)
 		}
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
 
-	return all_err;
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1715,6 +1873,7 @@ test_inline_macsec_pkts_invalid_stats(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1729,15 +1888,19 @@ test_inline_macsec_pkts_invalid_stats(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_err_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = 0;
 		else
 			err = -1;
 
 		all_err += err;
 	}
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1746,6 +1909,7 @@ test_inline_macsec_pkts_unchecked_stats(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE;
@@ -1761,7 +1925,10 @@ test_inline_macsec_pkts_unchecked_stats(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1769,8 +1936,9 @@ test_inline_macsec_pkts_unchecked_stats(void)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1779,6 +1947,7 @@ test_inline_macsec_out_pkts_untagged(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1794,7 +1963,10 @@ test_inline_macsec_out_pkts_untagged(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1802,8 +1974,9 @@ test_inline_macsec_out_pkts_untagged(void)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1812,6 +1985,7 @@ test_inline_macsec_out_pkts_toolong(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD;
@@ -1827,7 +2001,10 @@ test_inline_macsec_out_pkts_toolong(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
@@ -1835,8 +2012,9 @@ test_inline_macsec_out_pkts_toolong(void)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1845,6 +2023,7 @@ test_inline_macsec_encap_stats(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1860,15 +2039,20 @@ test_inline_macsec_encap_stats(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_cipher_vectors[i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
+
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1877,6 +2061,7 @@ test_inline_macsec_auth_only_stats(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1892,15 +2077,20 @@ test_inline_macsec_auth_only_stats(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_integrity_vectors[i];
 		err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts);
-		if (err)
+		if (err == TEST_SKIPPED) {
+			skipped += 1;
+			err = 0;
+		} else if (err)
 			err = -1;
 		else
 			err = 0;
+
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1909,6 +2099,7 @@ test_inline_macsec_interrupts_all(void)
 	struct mcs_err_vector err_vector = {0};
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
+	int skipped = 0;
 	int i, size;
 	int err, all_err = 0;
 	enum rte_eth_event_macsec_subtype subtype[] =  {
@@ -1937,8 +2128,13 @@ test_inline_macsec_interrupts_all(void)
 	for (i = 0; i < size; i++) {
 		cur_td = &list_mcs_intr_test_vectors[i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) &&
-		    (err_vector.event_subtype == subtype[i])) {
+		if (err == TEST_SKIPPED) {
+			printf("Sectag val err interrupt test case %d skipped",
+			       cur_td->test_idx);
+			skipped += 1;
+			err = 0;
+		} else if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) &&
+			   (err_vector.event_subtype == subtype[i])) {
 			printf("\nSectag val err interrupt test case %d passed",
 			       cur_td->test_idx);
 			err = 0;
@@ -1952,8 +2148,9 @@ test_inline_macsec_interrupts_all(void)
 	rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_MACSEC,
 			test_macsec_event_callback, &err_vector);
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1962,6 +2159,7 @@ test_inline_macsec_rekey_tx(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -1979,7 +2177,11 @@ test_inline_macsec_rekey_tx(void)
 		cur_td = &list_mcs_rekey_vectors[i];
 		opts.rekey_td = &list_mcs_rekey_vectors[++i];
 		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Tx hw rekey test case %d skipped\n", i);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("Tx hw rekey test case %d failed\n", i);
 			err = -1;
 		} else {
@@ -1989,8 +2191,9 @@ test_inline_macsec_rekey_tx(void)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size / 2 + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -1999,6 +2202,7 @@ test_inline_macsec_rekey_rx(void)
 	const struct mcs_test_vector *cur_td;
 	struct mcs_test_opts opts = {0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 
 	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
@@ -2014,7 +2218,11 @@ test_inline_macsec_rekey_rx(void)
 		cur_td = &list_mcs_rekey_vectors[i];
 		opts.rekey_td = &list_mcs_rekey_vectors[++i];
 		err = test_macsec(&cur_td, MCS_DECAP, &opts);
-		if (err) {
+		if (err == TEST_SKIPPED) {
+			printf("Rx rekey test case %d skipped\n", i);
+			skipped += 1;
+			err = 0;
+		} else if (err) {
 			printf("Rx rekey test case %d failed\n", i);
 			err = -1;
 		} else {
@@ -2024,8 +2232,9 @@ test_inline_macsec_rekey_rx(void)
 		all_err += err;
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size / 2 + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
@@ -2035,6 +2244,7 @@ test_inline_macsec_anti_replay(void)
 	struct mcs_test_opts opts = {0};
 	uint16_t replay_win_sz[2] = {32, 0};
 	int err, all_err = 0;
+	int skipped = 0;
 	int i, size;
 	int j;
 
@@ -2055,21 +2265,30 @@ test_inline_macsec_anti_replay(void)
 			opts.ar_td[1] = &list_mcs_anti_replay_vectors[++i];
 			opts.ar_td[2] = &list_mcs_anti_replay_vectors[++i];
 			err = test_macsec(&cur_td, MCS_DECAP, &opts);
-			if (err) {
-				printf("Replay window: %u, Anti replay test case %d failed\n",
-				       opts.replay_win_sz, i);
+			if (err == TEST_SKIPPED) {
+				printf("Replay window: %u, Anti replay test "
+				       "case %d skipped\n", opts.replay_win_sz,
+				       i);
+				skipped += 1;
+				err = 0;
+			} else if (err) {
+				printf("Replay window: %u, Anti replay test "
+				       "case %d failed\n", opts.replay_win_sz,
+				       i);
 				err = -1;
 			} else {
-				printf("Replay window: %u, Anti replay test case %d passed\n",
-				       opts.replay_win_sz, i);
+				printf("Replay window: %u, Anti replay test "
+				       "case %d passed\n", opts.replay_win_sz,
+				       i);
 				err = 0;
 			}
 			all_err += err;
 		}
 	}
 
-	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
-	return all_err;
+	printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__,
+			size / 2 + all_err - skipped, -all_err, skipped);
+	return skipped > 0 ? TEST_SKIPPED : all_err;
 }
 
 static int
-- 
2.25.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* RE: [PATCH v2 0/3] MACsec capability verification
  2023-09-19 13:54 ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
                     ` (2 preceding siblings ...)
  2023-09-19 13:54   ` [PATCH v2 3/3] test/security: add capability verification for MACsec Akhil Goyal
@ 2023-09-19 19:17   ` Akhil Goyal
  3 siblings, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2023-09-19 19:17 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: Ankur Dwivedi, Jerin Jacob Kollanukkaran, Vamsi Krishna Attunuru

> Subject: [PATCH v2 0/3] MACsec capability verification
> 
> Changes in v2: Fixed clang build issue in 3/3 patch.
> 
> Ankur Dwivedi (3):
>   security: add MACsec algo in capability index
>   net/cnxk: add MACsec capability
>   test/security: add capability verification for MACsec
> 
>  app/test/test_security_inline_macsec.c | 373 ++++++++++++++++++++-----
>  drivers/common/cnxk/roc_features.h     |   6 +
>  drivers/common/cnxk/roc_mcs.h          |   3 +
>  drivers/net/cnxk/cn10k_ethdev_sec.c    | 120 +++++++-
>  lib/security/rte_security.c            |   4 +
>  lib/security/rte_security.h            |   3 +
>  6 files changed, 428 insertions(+), 81 deletions(-)
> 
Series Applied to dpdk-next-crypto


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2023-09-19 19:17 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-31  3:44 [PATCH 1/3] security: add MACsec algo in capability index Akhil Goyal
2023-07-31  3:44 ` [PATCH 2/3] net/cnxk: add MACsec capability Akhil Goyal
2023-07-31  3:44 ` [PATCH 3/3] test/security: add capability verification for MACsec Akhil Goyal
2023-09-19 13:54 ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal
2023-09-19 13:54   ` [PATCH v2 1/3] security: add MACsec algo in capability index Akhil Goyal
2023-09-19 13:54   ` [PATCH v2 2/3] net/cnxk: add MACsec capability Akhil Goyal
2023-09-19 13:54   ` [PATCH v2 3/3] test/security: add capability verification for MACsec Akhil Goyal
2023-09-19 19:17   ` [PATCH v2 0/3] MACsec capability verification Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).