diff mbox series

[v2,08/13] test/security: verify MACsec stats

Message ID	20230607151940.223417-9-gakhil@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Akhil Goyal <gakhil@marvell.com> To: <dev@dpdk.org> CC: <thomas@monjalon.net>, <olivier.matz@6wind.com>, <orika@nvidia.com>, <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>, <vattunuru@marvell.com>, <ferruh.yigit@amd.com>, <andrew.rybchenko@oktetlabs.ru>, <jerinj@marvell.com>, <adwivedi@marvell.com>, Akhil Goyal <gakhil@marvell.com> Subject: [PATCH v2 08/13] test/security: verify MACsec stats Date: Wed, 7 Jun 2023 20:49:35 +0530 Message-ID: <20230607151940.223417-9-gakhil@marvell.com> In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	Add MACsec unit test cases \| [v2,00/13] Add MACsec unit test cases [v2,01/13] security: add direction in SA/SC configuration [v2,02/13] security: add MACsec packet number threshold [v2,03/13] test/security: add inline MACsec cases [v2,04/13] test/security: add MACsec integrity cases [v2,05/13] test/security: verify multi flow MACsec [v2,06/13] test/security: add MACsec VLAN cases [v2,07/13] test/security: add MACsec negative cases [v2,08/13] test/security: verify MACsec stats [v2,09/13] test/security: verify MACsec interrupts [v2,10/13] test/security: verify MACsec Tx HW rekey [v2,11/13] test/security: verify MACsec Rx rekey [v2,12/13] test/security: verify MACsec anti replay [v2,13/13] test/security: remove no MACsec support case

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Akhil Goyal June 7, 2023, 3:19 p.m. UTC

  Added cases to verify various stats of MACsec.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_security_inline_macsec.c | 222 +++++++++++++++++++++++++
 1 file changed, 222 insertions(+)

diff mbox series

Patch

diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index 2a06f31f37..9cab3253f4 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -1438,6 +1438,140 @@  test_inline_macsec_sa_not_in_use(const void *data __rte_unused)
 	return all_err;
 }
 
+static int
+test_inline_macsec_decap_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_decap_stats = 1;
+
+	size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_cipher_vectors[i];
+		err = test_macsec(&cur_td, MCS_DECAP, &opts);
+		if (err) {
+			printf("\nDecap stats case %d failed", cur_td->test_idx);
+			err = -1;
+		} else {
+			printf("\nDecap stats case %d passed", cur_td->test_idx);
+			err = 0;
+		}
+		all_err += err;
+	}
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+
+	return all_err;
+}
+
+static int
+test_inline_macsec_verify_only_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_verify_only_stats = 1;
+
+	size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_integrity_vectors[i];
+		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
+		if (err) {
+			printf("\nVerify only stats case %d failed", cur_td->test_idx);
+			err = -1;
+		} else {
+			printf("\nVerify only stats case %d Passed", cur_td->test_idx);
+			err = 0;
+		}
+		all_err += err;
+	}
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+
+	return all_err;
+}
+
+static int
+test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+
+	size = (sizeof(list_mcs_err_cipher_vectors) / sizeof((list_mcs_err_cipher_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_err_cipher_vectors[i];
+		err = test_macsec(&cur_td, MCS_DECAP, &opts);
+		if (err)
+			err = 0;
+		else
+			err = -1;
+
+		all_err += err;
+	}
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
+static int
+test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_pkts_unchecked_stats = 1;
+
+	size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_integrity_vectors[i];
+		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
+		if (err)
+			err = -1;
+		else
+			err = 0;
+
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
 static int
 test_inline_macsec_out_pkts_untagged(const void *data __rte_unused)
 {
@@ -1504,6 +1638,70 @@  test_inline_macsec_out_pkts_toolong(const void *data __rte_unused)
 	return all_err;
 }
 
+static int
+test_inline_macsec_encap_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.encrypt = true;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_encap_stats = 1;
+
+	size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0]));
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_cipher_vectors[i];
+		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
+		if (err)
+			err = -1;
+		else
+			err = 0;
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
+static int
+test_inline_macsec_auth_only_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_auth_only_stats = 1;
+
+	size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_integrity_vectors[i];
+		err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts);
+		if (err)
+			err = -1;
+		else
+			err = 0;
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
 static int
 ut_setup_inline_macsec(void)
 {
@@ -1697,6 +1895,22 @@  static struct unit_test_suite inline_macsec_testsuite  = {
 			"MACsec SA not in use",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
 			test_inline_macsec_sa_not_in_use),
+		TEST_CASE_NAMED_ST(
+			"MACsec decap stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_decap_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec verify only stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_verify_only_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec pkts invalid stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_pkts_invalid_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec pkts unchecked stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_pkts_unchecked_stats),
 		TEST_CASE_NAMED_ST(
 			"MACsec out pkts untagged",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
@@ -1705,6 +1919,14 @@  static struct unit_test_suite inline_macsec_testsuite  = {
 			"MACsec out pkts too long",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
 			test_inline_macsec_out_pkts_toolong),
+		TEST_CASE_NAMED_ST(
+			"MACsec Encap stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_encap_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec auth only stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_auth_only_stats),
 
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	},