From patchwork Wed Jun  7 15:19:35 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Akhil Goyal <gakhil@marvell.com>
X-Patchwork-Id: 128332
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id EC5BC42C4E;
	Wed,  7 Jun 2023 17:21:02 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 9B5B142D52;
	Wed,  7 Jun 2023 17:20:26 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id B5A16410F6
 for <dev@dpdk.org>; Wed,  7 Jun 2023 17:20:24 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 357Dvlvv028208; Wed, 7 Jun 2023 08:20:21 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=fbB26+QhBYPuN3Dhxe6+f8bH+mpX5ZHsYV7P89NF08o=;
 b=ApoWeVHJIyal3s1lb1f57pVahlWiLTzqw3d5oqvMKqLgipYuWGwkMwYV1vOPVmsXMcYI
 cFW0lsT7tTUimEhPzseOgQB++WFYgkRABdZ1rQanrC/l5d7mAXYZgD6PGmCgA+nzyHsh
 5/OB7m2y759dymfRB4qIPtikyMzN4ds0J/5voskHwGevZaU2sfa+AVMXYXkL7fqbBfkF
 YkTLvJ6nwr84Oa4dK7ARDVMPKRD4lkq8l/hp2fnbuBNHLLYxM7J5wPIktGh42h5CXOMm
 hX8SCzDdfmjP4gvhcrairi0F3xJNgjhDKxA+ZoC/Fco1dh59uuJLxaSXHCJXhPFyRprQ 1g==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv6ah-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 07 Jun 2023 08:20:21 -0700
Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Wed, 7 Jun 2023 08:20:20 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Wed, 7 Jun 2023 08:20:19 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
 by maili.marvell.com (Postfix) with ESMTP id BDB023F708E;
 Wed,  7 Jun 2023 08:20:15 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <thomas@monjalon.net>, <olivier.matz@6wind.com>, <orika@nvidia.com>,
 <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>,
 <vattunuru@marvell.com>, <ferruh.yigit@amd.com>,
 <andrew.rybchenko@oktetlabs.ru>, <jerinj@marvell.com>,
 <adwivedi@marvell.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH v2 08/13] test/security: verify MACsec stats
Date: Wed, 7 Jun 2023 20:49:35 +0530
Message-ID: <20230607151940.223417-9-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com>
References: <20230523194918.1940212-1-gakhil@marvell.com>
 <20230607151940.223417-1-gakhil@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: HauvHj_KYOmVpUxGwivozYGFZjUjwOhh
X-Proofpoint-GUID: HauvHj_KYOmVpUxGwivozYGFZjUjwOhh
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26
 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Added cases to verify various stats of MACsec.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_security_inline_macsec.c | 222 +++++++++++++++++++++++++
 1 file changed, 222 insertions(+)

diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index 2a06f31f37..9cab3253f4 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -1438,6 +1438,140 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused)
 	return all_err;
 }
 
+static int
+test_inline_macsec_decap_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_decap_stats = 1;
+
+	size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_cipher_vectors[i];
+		err = test_macsec(&cur_td, MCS_DECAP, &opts);
+		if (err) {
+			printf("\nDecap stats case %d failed", cur_td->test_idx);
+			err = -1;
+		} else {
+			printf("\nDecap stats case %d passed", cur_td->test_idx);
+			err = 0;
+		}
+		all_err += err;
+	}
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+
+	return all_err;
+}
+
+static int
+test_inline_macsec_verify_only_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_verify_only_stats = 1;
+
+	size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_integrity_vectors[i];
+		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
+		if (err) {
+			printf("\nVerify only stats case %d failed", cur_td->test_idx);
+			err = -1;
+		} else {
+			printf("\nVerify only stats case %d Passed", cur_td->test_idx);
+			err = 0;
+		}
+		all_err += err;
+	}
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+
+	return all_err;
+}
+
+static int
+test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+
+	size = (sizeof(list_mcs_err_cipher_vectors) / sizeof((list_mcs_err_cipher_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_err_cipher_vectors[i];
+		err = test_macsec(&cur_td, MCS_DECAP, &opts);
+		if (err)
+			err = 0;
+		else
+			err = -1;
+
+		all_err += err;
+	}
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
+static int
+test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_pkts_unchecked_stats = 1;
+
+	size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_integrity_vectors[i];
+		err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts);
+		if (err)
+			err = -1;
+		else
+			err = 0;
+
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
 static int
 test_inline_macsec_out_pkts_untagged(const void *data __rte_unused)
 {
@@ -1504,6 +1638,70 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused)
 	return all_err;
 }
 
+static int
+test_inline_macsec_encap_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.encrypt = true;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_encap_stats = 1;
+
+	size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0]));
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_cipher_vectors[i];
+		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
+		if (err)
+			err = -1;
+		else
+			err = 0;
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
+static int
+test_inline_macsec_auth_only_stats(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.sectag_insert_mode = 1;
+	opts.mtu = RTE_ETHER_MTU;
+	opts.check_auth_only_stats = 1;
+
+	size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_integrity_vectors[i];
+		err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts);
+		if (err)
+			err = -1;
+		else
+			err = 0;
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+	return all_err;
+}
+
 static int
 ut_setup_inline_macsec(void)
 {
@@ -1697,6 +1895,22 @@ static struct unit_test_suite inline_macsec_testsuite  = {
 			"MACsec SA not in use",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
 			test_inline_macsec_sa_not_in_use),
+		TEST_CASE_NAMED_ST(
+			"MACsec decap stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_decap_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec verify only stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_verify_only_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec pkts invalid stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_pkts_invalid_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec pkts unchecked stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_pkts_unchecked_stats),
 		TEST_CASE_NAMED_ST(
 			"MACsec out pkts untagged",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
@@ -1705,6 +1919,14 @@ static struct unit_test_suite inline_macsec_testsuite  = {
 			"MACsec out pkts too long",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
 			test_inline_macsec_out_pkts_toolong),
+		TEST_CASE_NAMED_ST(
+			"MACsec Encap stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_encap_stats),
+		TEST_CASE_NAMED_ST(
+			"MACsec auth only stats",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_auth_only_stats),
 
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	},