From patchwork Tue May 23 19:49:13 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Akhil Goyal <gakhil@marvell.com>
X-Patchwork-Id: 127242
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 71F8C42B83;
	Tue, 23 May 2023 21:50:56 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id E6B0842D77;
	Tue, 23 May 2023 21:50:25 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id DB77D42D75
 for <dev@dpdk.org>; Tue, 23 May 2023 21:50:24 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 34NHuJiF012380; Tue, 23 May 2023 12:50:22 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=hOI/eL7rP9oIXrDzx7lfEEzugxfxCHS7R/4ktSO5WyQ=;
 b=h1XyMsa3JGA9uuHAfOFeIln5GEkmMeENUPR0r2KzS7S73B0HFXOgdpFzhVmuD1EeoFga
 3IaE4uFUWwKOwcezm0R24BbvOeYOCaSkX9AZfffJkurkWEsoDLMegxRLoUBLNE8qYoLK
 20ZVvwWsrgcdm6jVCcC+FXPCx0llIeh4J/PsW5Nr5hWW2bDoocCOsiXiXVfunLR2684x
 +Nmh4FPFmPQk6kQGRMLbMCV+ax3e0n2uNOPldo9iiY44Q0RO4xYYL4bzAhmMakwzMAL7
 VQMoUAMh0g2u01vVceOTZNl/7SERIHXicJvz2KQfADi/Z/2YGpi/8nujN0u5r3skTRlI vg==
Received: from dc5-exch02.marvell.com ([199.233.59.182])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3qpwqk30wu-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Tue, 23 May 2023 12:50:22 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Tue, 23 May 2023 12:50:19 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Tue, 23 May 2023 12:50:19 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
 by maili.marvell.com (Postfix) with ESMTP id 1AEA85B6925;
 Tue, 23 May 2023 12:50:14 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>, Akhil Goyal <gakhil@marvell.com>
CC: <thomas@monjalon.net>, <olivier.matz@6wind.com>, <orika@nvidia.com>,
 <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>,
 <vattunuru@marvell.com>, <ferruh.yigit@amd.com>, <jerinj@marvell.com>,
 <adwivedi@marvell.com>
Subject: [PATCH 08/13] test/security: verify MACsec stats
Date: Wed, 24 May 2023 01:19:13 +0530
Message-ID: <20230523194918.1940212-9-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230523194918.1940212-1-gakhil@marvell.com>
References: <20220928124516.93050-5-gakhil@marvell.com>
 <20230523194918.1940212-1-gakhil@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: Ix4DWw8JjNt0cmJK7sP4FCBbFg2iLjQP
X-Proofpoint-GUID: Ix4DWw8JjNt0cmJK7sP4FCBbFg2iLjQP
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26
 definitions=2023-05-23_12,2023-05-23_02,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Added cases to verify various stats of MACsec.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_security_inline_macsec.c | 222 +++++++++++++++++++++++++
 1 file changed, 222 insertions(+)

diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index 9c4546fa38..a6d23f2769 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -1438,6 +1438,140 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused)
 	return all_err;
 }
 
+static int
+test_inline_macsec_decap_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_decap_stats = 1;
+
+	size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_cipher_vectors[i];
+		err = test_macsec(&cur_td, MCS_DECAP, &opts);
+		if (err) {
+			printf("\nDecap stats case %d failed", cur_td->test_idx);
+			err = -1;
+		} else {
+			printf("\nDecap stats case %d passed", cur_td->test_idx);
+			err = 0;
+		}
+		all_err += err;
+	}
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+
+	return all_err;
+}
+
+static int
+test_inline_macsec_verify_only_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_verify_only_stats = 1;
+
+	size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_integrity_vectors[i];
+		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
+		if (err) {
+			printf("\nVerify only stats case %d failed", cur_td->test_idx);
+			err = -1;
+		} else {
+			printf("\nVerify only stats case %d Passed", cur_td->test_idx);
+			err = 0;
+		}
+		all_err += err;
+	}
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+
+	return all_err;
+}
+
+static int
+test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+
+	size = (sizeof(list_mcs_err_cipher_vectors) / sizeof((list_mcs_err_cipher_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_err_cipher_vectors[i];
+		err = test_macsec(&cur_td, MCS_DECAP, &opts);
+		if (err)
+			err = 0;
+		else
+			err = -1;
+
+		all_err += err;
+	}
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
+static int
+test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_pkts_unchecked_stats = 1;
+
+	size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_integrity_vectors[i];
+		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
+		if (err)
+			err = -1;
+		else
+			err = 0;
+
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
 static int
 test_inline_macsec_out_pkts_untagged(const void *data __rte_unused)
 {
@@ -1504,6 +1638,70 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused)
 	return all_err;
 }
 
+static int
+test_inline_macsec_encap_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.encrypt = true;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_encap_stats = 1;
+
+	size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0]));
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_cipher_vectors[i];
+		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
+		if (err)
+			err = -1;
+		else
+			err = 0;
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
+static int
+test_inline_macsec_auth_only_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_auth_only_stats = 1;
+
+	size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_integrity_vectors[i];
+		err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts);
+		if (err)
+			err = -1;
+		else
+			err = 0;
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
 static int
 ut_setup_inline_macsec(void)
 {
@@ -1697,6 +1895,22 @@ static struct unit_test_suite inline_macsec_testsuite  = {
 			"MACsec SA not in use",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
 			test_inline_macsec_sa_not_in_use),
+		TEST_CASE_NAMED_ST(
+			"MACsec decap stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_decap_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec verify only stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_verify_only_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec pkts invalid stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_pkts_invalid_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec pkts unchecked stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_pkts_unchecked_stats),
 		TEST_CASE_NAMED_ST(
 			"MACsec out pkts untagged",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
@@ -1705,6 +1919,14 @@ static struct unit_test_suite inline_macsec_testsuite  = {
 			"MACsec out pkts too long",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
 			test_inline_macsec_out_pkts_toolong),
+		TEST_CASE_NAMED_ST(
+			"MACsec Encap stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_encap_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec auth only stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_auth_only_stats),
 
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	},