@@ -8997,7 +8997,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
/* Process crypto operation */
process_crypto_request(dev_id, ut_params->op);
- ret = test_ipsec_status_check(ut_params->op, flags, dir);
+ ret = test_ipsec_status_check(ut_params->op, flags, dir, i + 1);
if (ret != TEST_SUCCESS)
goto crypto_op_free;
@@ -9067,7 +9067,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
unsigned int i, nb_pkts = 1, pass_cnt = 0;
int ret;
- if (flags->iv_gen)
+ if (flags->iv_gen ||
+ flags->sa_expiry_pkts_soft)
nb_pkts = IPSEC_TEST_PACKETS_MAX;
for (i = 0; i < RTE_DIM(aead_list); i++) {
@@ -9132,6 +9133,18 @@ test_ipsec_proto_iv_gen(const void *data __rte_unused)
}
static int
+test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.sa_expiry_pkts_soft = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
{
struct ipsec_test_flags flags;
@@ -14087,6 +14100,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_udp_encap),
TEST_CASE_NAMED_ST(
+ "SA expiry packets soft",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_sa_exp_pkts_soft),
+ TEST_CASE_NAMED_ST(
"Negative test: ICV corruption",
ut_setup_security, ut_teardown,
test_ipsec_proto_err_icv_corrupt),
@@ -173,6 +173,10 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
if (flags->iv_gen)
td->ipsec_xform.options.iv_gen_disable = 0;
+
+ if (flags->sa_expiry_pkts_soft)
+ td->ipsec_xform.life.packets_soft_limit =
+ IPSEC_TEST_PACKETS_MAX - 1;
}
RTE_SET_USED(param2);
@@ -395,7 +399,8 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
int
test_ipsec_status_check(struct rte_crypto_op *op,
const struct ipsec_test_flags *flags,
- enum rte_security_ipsec_sa_direction dir)
+ enum rte_security_ipsec_sa_direction dir,
+ int pkt_num)
{
int ret = TEST_SUCCESS;
@@ -406,7 +411,16 @@ test_ipsec_status_check(struct rte_crypto_op *op,
}
} else {
if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
- printf("Security op processing failed\n");
+ printf("Security op processing failed [pkt_num: %d]\n",
+ pkt_num);
+ ret = TEST_FAILED;
+ }
+ }
+
+ if (flags->sa_expiry_pkts_soft && pkt_num == IPSEC_TEST_PACKETS_MAX) {
+ if (!(op->aux_flags &
+ RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY)) {
+ printf("SA soft expiry (pkts) test failed\n");
ret = TEST_FAILED;
}
}
@@ -49,6 +49,7 @@ struct ipsec_test_data {
struct ipsec_test_flags {
bool display_alg;
+ bool sa_expiry_pkts_soft;
bool icv_corrupt;
bool iv_gen;
bool udp_encap;
@@ -114,6 +115,7 @@ int test_ipsec_post_process(struct rte_mbuf *m,
int test_ipsec_status_check(struct rte_crypto_op *op,
const struct ipsec_test_flags *flags,
- enum rte_security_ipsec_sa_direction dir);
+ enum rte_security_ipsec_sa_direction dir,
+ int pkt_num);
#endif
Add tests to validate packets soft expiry handling. Signed-off-by: Anoob Joseph <anoobj@marvell.com> --- app/test/test_cryptodev.c | 21 +++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.c | 18 ++++++++++++++++-- app/test/test_cryptodev_security_ipsec.h | 4 +++- 3 files changed, 38 insertions(+), 5 deletions(-)