From patchwork Sat Sep 24 13:57:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 116819 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 181B6A0542; Sat, 24 Sep 2022 15:58:18 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0C9C142BF1; Sat, 24 Sep 2022 15:58:18 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 69F4942BEA for ; Sat, 24 Sep 2022 15:58:16 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28ODfgfi012635; Sat, 24 Sep 2022 06:58:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=TZVREXbzzTUdM7H1DA6tOjOty30YSicvkc2k+Z7Ej60=; b=Wy+TC6bVsZ/9SZqUJyMkzTXrfY3y9kqr2vZs1nTON8j/U05n8+NkVZJli8qezZV3jIqf 43VCewqLhgTCHtslmAkwT1K6avS4WMB9Y6yBJtOZCz+qrIrIfEoS/Rg2khBlg+RcxSO5 XCvc+On33BVXgy9FZQ+aDZQwyBmDLRBzXdBGqxLMwkTuXHkAAtK2Ml9kMSzfqni1ryad oMb7SF80HiSyxvI1S+sMBdhKPqvgVy9gSdJMUS4v/5QwFJ5BENM9UsQPWOSbdOrI4xqK o9UcAkc7YFYJXF03h5oOFbd1StQlPlPaVy2qSQYIK3qm96a1QQpNuBp+imbhPz+wxfaZ xg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3jt1dp06ym-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 24 Sep 2022 06:58:15 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 24 Sep 2022 06:58:13 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sat, 24 Sep 2022 06:58:13 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 73D163F706C; Sat, 24 Sep 2022 06:58:09 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , , Akhil Goyal Subject: [PATCH v5 1/3] ethdev: add IPsec SA expiry event subtypes Date: Sat, 24 Sep 2022 19:27:56 +0530 Message-ID: <20220924135758.3402392-2-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220924135758.3402392-1-gakhil@marvell.com> References: <20220416192530.173895-8-gakhil@marvell.com> <20220924135758.3402392-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 50V_shAf8Tzt6PRKxQp-kESTg5vsBDME X-Proofpoint-GUID: 50V_shAf8Tzt6PRKxQp-kESTg5vsBDME X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-24_06,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vamsi Attunuru Patch adds new event subtypes for notifying expiry events upon reaching IPsec SA soft packet expiry and hard packet/byte expiry limits. Signed-off-by: Vamsi Attunuru Signed-off-by: Akhil Goyal Acked-by: Thomas Monjalon --- lib/ethdev/rte_ethdev.h | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h index 2e783536c1..d730676a0e 100644 --- a/lib/ethdev/rte_ethdev.h +++ b/lib/ethdev/rte_ethdev.h @@ -3875,8 +3875,26 @@ enum rte_eth_event_ipsec_subtype { RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW, /** Soft time expiry of SA */ RTE_ETH_EVENT_IPSEC_SA_TIME_EXPIRY, - /** Soft byte expiry of SA */ + /** + * Soft byte expiry of SA determined by @ref bytes_soft_limit + * defined in @ref rte_security_ipsec_lifetime + */ RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY, + /** + * Soft packet expiry of SA determined by @ref packets_soft_limit + * defined in @ref rte_security_ipsec_lifetime + */ + RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY, + /** + * Hard byte expiry of SA determined by @ref bytes_hard_limit + * defined in @ref rte_security_ipsec_lifetime + */ + RTE_ETH_EVENT_IPSEC_SA_BYTE_HARD_EXPIRY, + /** + * Hard packet expiry of SA determined by @ref packets_hard_limit + * defined in @ref rte_security_ipsec_lifetime + */ + RTE_ETH_EVENT_IPSEC_SA_PKT_HARD_EXPIRY, /** Max value of this enum */ RTE_ETH_EVENT_IPSEC_MAX }; @@ -3898,6 +3916,9 @@ struct rte_eth_event_ipsec_desc { * - @ref RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW * - @ref RTE_ETH_EVENT_IPSEC_SA_TIME_EXPIRY * - @ref RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY + * - @ref RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY + * - @ref RTE_ETH_EVENT_IPSEC_SA_BYTE_HARD_EXPIRY + * - @ref RTE_ETH_EVENT_IPSEC_SA_PKT_HARD_EXPIRY * * @see struct rte_security_session_conf * From patchwork Sat Sep 24 13:57:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 116820 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3CFC6A0542; Sat, 24 Sep 2022 15:58:23 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E405742C02; Sat, 24 Sep 2022 15:58:22 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 83A4D42BFD for ; Sat, 24 Sep 2022 15:58:21 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28ODV3J9017723; Sat, 24 Sep 2022 06:58:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=4qUpm3G+9OVbdTv9c6AsAZ3+NtsGLq8CgmJh3zsrXiE=; b=Ki8ELoO9frKq+6JnNdLJDPwVFp3nZo3cij2pj+vdS4j+HIKGxOtAzj7qE1khUqw6LW2o OsBn222Lcs5LYAJaM8yUX6ai0/e5G3Q9+az6TIZXGJRAEJXk3v1CGKMWYH8zMIbqiuD0 IQ1Ynb7VN7xr6dDVZ97yblK4FNsg8habFs9sItRwaTv9hX8smO8T6bSQGWnGrKkcPNVe Km4cVEDMSFgwNuaS0r2EJgb6QwaihtxlEgYJFaBNQLtXZ64jBHjC9TL6Qkl7cBUF43+g NBfvPi6lvySCNj6BUWyW0rhoRNCHGeoVaTQRbxAhhicM7ObpUaoNNUDiGhyqXm41zXby qg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jsy8r0haf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 24 Sep 2022 06:58:20 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 24 Sep 2022 06:58:19 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sat, 24 Sep 2022 06:58:19 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id A2B013F70A8; Sat, 24 Sep 2022 06:58:15 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Subject: [PATCH v5 2/3] test/security: add inline IPsec SA soft expiry cases Date: Sat, 24 Sep 2022 19:27:57 +0530 Message-ID: <20220924135758.3402392-3-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220924135758.3402392-1-gakhil@marvell.com> References: <20220416192530.173895-8-gakhil@marvell.com> <20220924135758.3402392-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: V_YZpXcygBdvMPSsmmpgQ5aT-6oqw-TE X-Proofpoint-ORIG-GUID: V_YZpXcygBdvMPSsmmpgQ5aT-6oqw-TE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-24_06,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vamsi Attunuru Patch adds unit tests for packet & byte soft expiry events. Signed-off-by: Vamsi Attunuru --- app/test/test_cryptodev_security_ipsec.h | 2 + app/test/test_security_inline_proto.c | 105 +++++++++++++++++- app/test/test_security_inline_proto_vectors.h | 6 + 3 files changed, 112 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 744dd64a9e..9a3c021dd8 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -86,6 +86,8 @@ struct ipsec_test_flags { bool display_alg; bool sa_expiry_pkts_soft; bool sa_expiry_pkts_hard; + bool sa_expiry_bytes_soft; + bool sa_expiry_bytes_hard; bool icv_corrupt; bool iv_gen; uint32_t tunnel_hdr_verify; diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 5f26a04b06..5747ee0990 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -947,6 +947,62 @@ event_rx_burst(struct rte_mbuf **rx_pkts, uint16_t nb_pkts_to_rx) return nb_rx; } +static int +test_ipsec_inline_sa_exp_event_callback(uint16_t port_id, + enum rte_eth_event_type type, void *param, void *ret_param) +{ + struct sa_expiry_vector *vector = (struct sa_expiry_vector *)param; + struct rte_eth_event_ipsec_desc *event_desc = NULL; + + RTE_SET_USED(port_id); + + if (type != RTE_ETH_EVENT_IPSEC) + return -1; + + event_desc = ret_param; + if (event_desc == NULL) { + printf("Event descriptor not set\n"); + return -1; + } + vector->notify_event = true; + if (event_desc->metadata != (uint64_t)vector->sa_data) { + printf("Mismatch in event specific metadata\n"); + return -1; + } + if (event_desc->subtype == RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY) { + vector->event = RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY; + return 0; + } else if (event_desc->subtype == RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY) { + vector->event = RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY; + return 0; + } else if (event_desc->subtype >= RTE_ETH_EVENT_IPSEC_MAX) { + printf("Invalid IPsec event reported\n"); + return -1; + } + + return -1; +} + +static enum rte_eth_event_ipsec_subtype +test_ipsec_inline_setup_expiry_vector(struct sa_expiry_vector *vector, + const struct ipsec_test_flags *flags, + struct ipsec_test_data *tdata) +{ + enum rte_eth_event_ipsec_subtype event = RTE_ETH_EVENT_IPSEC_UNKNOWN; + + vector->event = RTE_ETH_EVENT_IPSEC_UNKNOWN; + vector->notify_event = false; + vector->sa_data = (void *)tdata; + if (flags->sa_expiry_pkts_soft) + event = RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY; + else + event = RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY; + rte_eth_dev_callback_register(port_id, RTE_ETH_EVENT_IPSEC, + test_ipsec_inline_sa_exp_event_callback, vector); + + return event; +} + static int test_ipsec_inline_proto_process(struct ipsec_test_data *td, struct ipsec_test_data *res_d, @@ -954,10 +1010,12 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, bool silent, const struct ipsec_test_flags *flags) { + enum rte_eth_event_ipsec_subtype event = RTE_ETH_EVENT_IPSEC_UNKNOWN; struct rte_security_session_conf sess_conf = {0}; struct rte_crypto_sym_xform cipher = {0}; struct rte_crypto_sym_xform auth = {0}; struct rte_crypto_sym_xform aead = {0}; + struct sa_expiry_vector vector = {0}; struct rte_security_session *ses; struct rte_security_ctx *ctx; int nb_rx = 0, nb_sent; @@ -966,6 +1024,12 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * nb_pkts); + if (flags->sa_expiry_pkts_soft || flags->sa_expiry_bytes_soft) { + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + return TEST_SUCCESS; + event = test_ipsec_inline_setup_expiry_vector(&vector, flags, td); + } + if (td->aead) { sess_conf.crypto_xform = &aead; } else { @@ -1083,6 +1147,15 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, out: if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) destroy_default_flow(port_id); + if (flags->sa_expiry_pkts_soft || flags->sa_expiry_bytes_soft) { + if (vector.notify_event && (vector.event == event)) + ret = TEST_SUCCESS; + else + ret = TEST_FAILED; + + rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_IPSEC, + test_ipsec_inline_sa_exp_event_callback, &vector); + } /* Destroy session so that other cases can create the session again */ rte_security_session_destroy(ctx, ses); @@ -1100,6 +1173,7 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) int ret; if (flags->iv_gen || flags->sa_expiry_pkts_soft || + flags->sa_expiry_bytes_soft || flags->sa_expiry_pkts_hard) nb_pkts = IPSEC_TEST_PACKETS_MAX; @@ -1132,6 +1206,11 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) if (flags->udp_encap) td_outb.ipsec_xform.options.udp_encap = 1; + if (flags->sa_expiry_bytes_soft) + td_outb.ipsec_xform.life.bytes_soft_limit = + (((td_outb.output_text.len + RTE_ETHER_HDR_LEN) + * nb_pkts) >> 3) - 1; + ret = test_ipsec_inline_proto_process(&td_outb, &td_inb, nb_pkts, false, flags); if (ret == TEST_SKIPPED) @@ -2242,6 +2321,23 @@ test_ipsec_inline_proto_iv_gen(const void *data __rte_unused) return test_ipsec_inline_proto_all(&flags); } +static int +test_ipsec_inline_proto_sa_pkt_soft_expiry(const void *data __rte_unused) +{ + struct ipsec_test_flags flags = { + .sa_expiry_pkts_soft = true + }; + return test_ipsec_inline_proto_all(&flags); +} +static int +test_ipsec_inline_proto_sa_byte_soft_expiry(const void *data __rte_unused) +{ + struct ipsec_test_flags flags = { + .sa_expiry_bytes_soft = true + }; + return test_ipsec_inline_proto_all(&flags); +} + static int test_ipsec_inline_proto_known_vec_fragmented(const void *test_data) { @@ -2644,7 +2740,14 @@ static struct unit_test_suite inline_ipsec_testsuite = { "IV generation", ut_setup_inline_ipsec, ut_teardown_inline_ipsec, test_ipsec_inline_proto_iv_gen), - + TEST_CASE_NAMED_ST( + "SA soft expiry with packet limit", + ut_setup_inline_ipsec, ut_teardown_inline_ipsec, + test_ipsec_inline_proto_sa_pkt_soft_expiry), + TEST_CASE_NAMED_ST( + "SA soft expiry with byte limit", + ut_setup_inline_ipsec, ut_teardown_inline_ipsec, + test_ipsec_inline_proto_sa_byte_soft_expiry), TEST_CASE_NAMED_WITH_DATA( "Antireplay with window size 1024", diff --git a/app/test/test_security_inline_proto_vectors.h b/app/test/test_security_inline_proto_vectors.h index c18965d80f..003537e200 100644 --- a/app/test/test_security_inline_proto_vectors.h +++ b/app/test/test_security_inline_proto_vectors.h @@ -36,6 +36,12 @@ struct reassembly_vector { bool burst; }; +struct sa_expiry_vector { + struct ipsec_session_data *sa_data; + enum rte_eth_event_ipsec_subtype event; + bool notify_event; +}; + /* The source file includes below test vectors */ /* IPv6: * From patchwork Sat Sep 24 13:57:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 116821 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 99B21A0542; Sat, 24 Sep 2022 15:58:29 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1E0A442C0E; Sat, 24 Sep 2022 15:58:29 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 5160442C00 for ; Sat, 24 Sep 2022 15:58:27 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28ODmlm0000328; Sat, 24 Sep 2022 06:58:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Xri7ylwBuqlgjEgcIiBOjWiuPcoiD2BlyzOtb2FkRCg=; b=e+QLCQlOXcm62IGMVHmSGjKVDU5puLY12w9a7itCfAEHiHLOYS9wbzChG3eR0b3DQ3a4 IXURaSJ/cEAFOlLqrBE4KR5TuijfufpQiT9F9wOzmOYSx7qKH0bwDm7X+2xz3PvE6Zwo Qk7t0JOzh3ykwmDDjAgMO2HyPmf6Y86NSfXEnfnK+zfsXr9vMv8RKSnOwDK2X2ZL3lW/ KlGiWahTineY0HNlgs43JgXsLyft/QFyb47OAj29OgUf26/ibo0HXH7qF/HlJoi6Vp5X 4NPvrdJENNDGP5L1D5iMi5gRNJRF8t7UAjEIXBUm3u4UdALv5xgtVoFIBzIVvpFxgLRO dw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3jt1dp0719-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 24 Sep 2022 06:58:26 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 24 Sep 2022 06:58:24 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sat, 24 Sep 2022 06:58:24 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 1951C3F70A0; Sat, 24 Sep 2022 06:58:20 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Subject: [PATCH v5 3/3] test/security: add inline IPsec SA hard expiry cases Date: Sat, 24 Sep 2022 19:27:58 +0530 Message-ID: <20220924135758.3402392-4-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220924135758.3402392-1-gakhil@marvell.com> References: <20220416192530.173895-8-gakhil@marvell.com> <20220924135758.3402392-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 9yO1_A5IVTZwq0m_Ffc83u_H2iBMu1N1 X-Proofpoint-GUID: 9yO1_A5IVTZwq0m_Ffc83u_H2iBMu1N1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-24_06,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vamsi Attunuru Patch adds hard expiry unit tests for both packet and byte limits. Signed-off-by: Vamsi Attunuru --- app/test/test_security_inline_proto.c | 71 +++++++++++++++++++++++---- 1 file changed, 61 insertions(+), 10 deletions(-) diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 5747ee0990..8d0dd7765c 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -969,18 +969,25 @@ test_ipsec_inline_sa_exp_event_callback(uint16_t port_id, printf("Mismatch in event specific metadata\n"); return -1; } - if (event_desc->subtype == RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY) { + switch (event_desc->subtype) { + case RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY: vector->event = RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY; - return 0; - } else if (event_desc->subtype == RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY) { + break; + case RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY: vector->event = RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY; - return 0; - } else if (event_desc->subtype >= RTE_ETH_EVENT_IPSEC_MAX) { + break; + case RTE_ETH_EVENT_IPSEC_SA_PKT_HARD_EXPIRY: + vector->event = RTE_ETH_EVENT_IPSEC_SA_PKT_HARD_EXPIRY; + break; + case RTE_ETH_EVENT_IPSEC_SA_BYTE_HARD_EXPIRY: + vector->event = RTE_ETH_EVENT_IPSEC_SA_BYTE_HARD_EXPIRY; + break; + default: printf("Invalid IPsec event reported\n"); return -1; } - return -1; + return 0; } static enum rte_eth_event_ipsec_subtype @@ -995,8 +1002,12 @@ test_ipsec_inline_setup_expiry_vector(struct sa_expiry_vector *vector, vector->sa_data = (void *)tdata; if (flags->sa_expiry_pkts_soft) event = RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY; - else + else if (flags->sa_expiry_bytes_soft) event = RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY; + else if (flags->sa_expiry_pkts_hard) + event = RTE_ETH_EVENT_IPSEC_SA_PKT_HARD_EXPIRY; + else + event = RTE_ETH_EVENT_IPSEC_SA_BYTE_HARD_EXPIRY; rte_eth_dev_callback_register(port_id, RTE_ETH_EVENT_IPSEC, test_ipsec_inline_sa_exp_event_callback, vector); @@ -1024,7 +1035,8 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * nb_pkts); - if (flags->sa_expiry_pkts_soft || flags->sa_expiry_bytes_soft) { + if (flags->sa_expiry_pkts_soft || flags->sa_expiry_bytes_soft || + flags->sa_expiry_pkts_hard || flags->sa_expiry_bytes_hard) { if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) return TEST_SUCCESS; event = test_ipsec_inline_setup_expiry_vector(&vector, flags, td); @@ -1112,7 +1124,9 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, break; } while (j++ < 5 || nb_rx == 0); - if (nb_rx != nb_sent) { + if (!flags->sa_expiry_pkts_hard && + !flags->sa_expiry_bytes_hard && + (nb_rx != nb_sent)) { printf("\nUnable to RX all %d packets, received(%i)", nb_sent, nb_rx); while (--nb_rx >= 0) @@ -1147,7 +1161,8 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, out: if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) destroy_default_flow(port_id); - if (flags->sa_expiry_pkts_soft || flags->sa_expiry_bytes_soft) { + if (flags->sa_expiry_pkts_soft || flags->sa_expiry_bytes_soft || + flags->sa_expiry_pkts_hard || flags->sa_expiry_bytes_hard) { if (vector.notify_event && (vector.event == event)) ret = TEST_SUCCESS; else @@ -1174,6 +1189,7 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) if (flags->iv_gen || flags->sa_expiry_pkts_soft || flags->sa_expiry_bytes_soft || + flags->sa_expiry_bytes_hard || flags->sa_expiry_pkts_hard) nb_pkts = IPSEC_TEST_PACKETS_MAX; @@ -1210,6 +1226,13 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) td_outb.ipsec_xform.life.bytes_soft_limit = (((td_outb.output_text.len + RTE_ETHER_HDR_LEN) * nb_pkts) >> 3) - 1; + if (flags->sa_expiry_pkts_hard) + td_outb.ipsec_xform.life.packets_hard_limit = + IPSEC_TEST_PACKETS_MAX - 1; + if (flags->sa_expiry_bytes_hard) + td_outb.ipsec_xform.life.bytes_hard_limit = + (((td_outb.output_text.len + RTE_ETHER_HDR_LEN) + * nb_pkts) >> 3) - 1; ret = test_ipsec_inline_proto_process(&td_outb, &td_inb, nb_pkts, false, flags); @@ -2338,6 +2361,26 @@ test_ipsec_inline_proto_sa_byte_soft_expiry(const void *data __rte_unused) return test_ipsec_inline_proto_all(&flags); } +static int +test_ipsec_inline_proto_sa_pkt_hard_expiry(const void *data __rte_unused) +{ + struct ipsec_test_flags flags = { + .sa_expiry_pkts_hard = true + }; + + return test_ipsec_inline_proto_all(&flags); +} + +static int +test_ipsec_inline_proto_sa_byte_hard_expiry(const void *data __rte_unused) +{ + struct ipsec_test_flags flags = { + .sa_expiry_bytes_hard = true + }; + + return test_ipsec_inline_proto_all(&flags); +} + static int test_ipsec_inline_proto_known_vec_fragmented(const void *test_data) { @@ -2748,6 +2791,14 @@ static struct unit_test_suite inline_ipsec_testsuite = { "SA soft expiry with byte limit", ut_setup_inline_ipsec, ut_teardown_inline_ipsec, test_ipsec_inline_proto_sa_byte_soft_expiry), + TEST_CASE_NAMED_ST( + "SA hard expiry with packet limit", + ut_setup_inline_ipsec, ut_teardown_inline_ipsec, + test_ipsec_inline_proto_sa_pkt_hard_expiry), + TEST_CASE_NAMED_ST( + "SA hard expiry with byte limit", + ut_setup_inline_ipsec, ut_teardown_inline_ipsec, + test_ipsec_inline_proto_sa_byte_hard_expiry), TEST_CASE_NAMED_WITH_DATA( "Antireplay with window size 1024",