test/security: skip IPsec post-process for negative tests

Skips calling test_ipsec_post_process for negative inline IPsec tests
as received packet might not be valid for a negative case.

Signed-off

test/security: skip IPsec post-process for negative tests

Skips calling test_ipsec_post_process for negative inline IPsec tests
as received packet might not be valid for a negative case.

Signed-off-by: Srujana Challa <schalla@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: add inline IPsec Rx inject

Add test for inline IPsec Rx inject verification. This test case
will inject the known vector to crypto HW from ethdev and
verifies it back with decrypted p

test/security: add inline IPsec Rx inject

Add test for inline IPsec Rx inject verification. This test case
will inject the known vector to crypto HW from ethdev and
verifies it back with decrypted packet from ethdev Rx.

Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>

show more ...

test/crypto: move algorithm framework to common

Moved algorithm list and the associated framework to common files
(test_security_proto.c & .h) to be able to use same framework for other
security off

test/crypto: move algorithm framework to common

Moved algorithm list and the associated framework to common files
(test_security_proto.c & .h) to be able to use same framework for other
security offload tests such as TLS record.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/crypto: move algorithm display routines to common

The functions that are used for printing algorithms in case of IPsec can
be moved to the common header, test_security_proto.h. The same could b

test/crypto: move algorithm display routines to common

The functions that are used for printing algorithms in case of IPsec can
be moved to the common header, test_security_proto.h. The same could be
used for other security protocol testing.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/crypto: move security capabilities checks

Move routines performing security caps verifications to a separate file
to allow the usage of same for other protocol tests such as TLS record.

Signed

test/crypto: move security capabilities checks

Move routines performing security caps verifications to a separate file
to allow the usage of same for other protocol tests such as TLS record.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

security: hide security context

rte_security_ctx is used by all security APIs to identify
which device security_op it need to call and hence it should
be opaque to the application.
Hence, it is now

security: hide security context

rte_security_ctx is used by all security APIs to identify
which device security_op it need to call and hence it should
be opaque to the application.
Hence, it is now moved to internal header file and all
APIs will now take an opaque pointer for it.
The fast path inline APIs like set metadata need to get flags
from security_ctx. The flags are now retrieved using inline APIs
which use macros to get the offset of flags in security_ctx.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>

show more ...

security: introduce out-of-place inline ingress

Similar to out-of-place (OOP) processing support that exists for
Lookaside crypto/security sessions, Inline ingress security
sessions may also need ou

security: introduce out-of-place inline ingress

Similar to out-of-place (OOP) processing support that exists for
Lookaside crypto/security sessions, Inline ingress security
sessions may also need out of place processing in usecases
where original encrypted packet needs to be retained for post
processing. So for NIC's which have such a kind of HW support,
a new SA option is provided to indicate whether OOP needs to
be enabled on that Inline ingress security session or not.

Since for inline ingress sessions, packet is not received by
CPU until the processing is done, we can only have per-SA
option and not per-packet option like Lookaside sessions.

Also remove reserved_opts field from the rte_security_ipsec_sa_options
struct as mentioned in deprecation notice.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test: fix named test macro

Currently, the TEST_CASE_NAMED_ST macro is implemented in a way that
is identical to TEST_CASE_NAMED_WITH_DATA. In particular, it expects
the test function to have a data

test: fix named test macro

Currently, the TEST_CASE_NAMED_ST macro is implemented in a way that
is identical to TEST_CASE_NAMED_WITH_DATA. In particular, it expects
the test function to have a data argument, which is why a bunch of tests
have an unused data arguments.

Fix this by adjusting the macro to not expect a test function with data
arguments, and adjust the dependent test cases accordingly.

Fixes: 474f12024dd9 ("test/crypto: add lookaside IPsec cases")
Cc: stable@dpdk.org

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

show more ...

test/security: fix event inline IPsec reassembly tests

Event Inline IPsec test suite stuck for reassembly tests
because corresponding Tx and Rx calls are not done and
reassembly flags were not set d

test/security: fix event inline IPsec reassembly tests

Event Inline IPsec test suite stuck for reassembly tests
because corresponding Tx and Rx calls are not done and
reassembly flags were not set during event dev initialization.

Fixes: 108646569579 ("test/security: add event inline IPsec cases")
Cc: stable@dpdk.org

Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: test inline reassembly with multi-segment

Support testing inline reassembly with multi seg in
inline ipsec multi seg test command.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marve

test/security: test inline reassembly with multi-segment

Support testing inline reassembly with multi seg in
inline ipsec multi seg test command.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: add multi-segment inline IPsec cases

Add support to run multi-seg inline ipsec test using
new test command `inline_ipsec_sg_autotest`

Signed-off-by: Nithin Dabilpuram <ndabilpuram@ma

test/security: add multi-segment inline IPsec cases

Add support to run multi-seg inline ipsec test using
new test command `inline_ipsec_sg_autotest`

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: update anti-replay cases for event mode

When event mode is enabled,
send and receive packets via event dev.
Updated the antireplay cases to enable event mode.

Signed-off-by: Vidya Sa

test/security: update anti-replay cases for event mode

When event mode is enabled,
send and receive packets via event dev.
Updated the antireplay cases to enable event mode.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: add MD5 cases

Add unit test cases for MD5 auth algo.
Add the test vectors for MD5 auth algo.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil

test/security: add MD5 cases

Add unit test cases for MD5 auth algo.
Add the test vectors for MD5 auth algo.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: add DES and 3DES cases

Add unit test cases and test vectors for DES-CBC
and 3DES-CBC.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvel

test/security: add DES and 3DES cases

Add unit test cases and test vectors for DES-CBC
and 3DES-CBC.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

ethdev: remove Rx header split port offload

As announced in the deprecation note, remove the Rx offload flag
'RTE_ETH_RX_OFFLOAD_HEADER_SPLIT' and 'split_hdr_size' field from
the structure 'rte_eth_

ethdev: remove Rx header split port offload

As announced in the deprecation note, remove the Rx offload flag
'RTE_ETH_RX_OFFLOAD_HEADER_SPLIT' and 'split_hdr_size' field from
the structure 'rte_eth_rxmode'. Meanwhile, the place where the examples
and apps initialize the 'split_hdr_size' field, and where the drivers
check if the 'split_hdr_size' value is 0 are also removed.

User can still use `RTE_ETH_RX_OFFLOAD_BUFFER_SPLIT` for per-queue packet
split offload, which is configured by 'rte_eth_rxseg_split'.

Signed-off-by: Xuan Ding <xuan.ding@intel.com>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

show more ...

remove prefix to some local macros in apps and examples

RTE_TEST_[RT]X_DESC_DEFAULT and RTE_TEST_[RT]X_DESC_MAX macros have been
copied in a lot of app/ and examples/ code.
Those macros are local to

remove prefix to some local macros in apps and examples

RTE_TEST_[RT]X_DESC_DEFAULT and RTE_TEST_[RT]X_DESC_MAX macros have been
copied in a lot of app/ and examples/ code.
Those macros are local to each program.

They are not related to a DPDK public header/API, drop the RTE_TEST_
prefix.

Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>

show more ...

security: hide session structure

Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This fi

security: hide session structure

Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>

show more ...

security: remove private mempool usage

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.

To address this, the API will now take only 1 m

security: remove private mempool usage

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.

To address this, the API will now take only 1 mempool
object instead of 2. With this change, the library layer
will get the object from mempool and session priv data is
stored contiguously in the same mempool object.

User need to ensure that the mempool created in application
is big enough for session private data as well. This can be
ensured if the pool is created after getting size of session
priv data using API rte_security_session_get_size().

Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>

show more ...

test/security: add inline IPsec SA hard expiry cases

Patch adds hard expiry unit tests for both packet
and byte limits.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <

test/security: add inline IPsec SA hard expiry cases

Patch adds hard expiry unit tests for both packet
and byte limits.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: add inline IPsec SA soft expiry cases

Patch adds unit tests for packet & byte soft expiry events.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <gakhil@

test/security: add inline IPsec SA soft expiry cases

Patch adds unit tests for packet & byte soft expiry events.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: update L2 header based on tunnel IP version

Update L2 header based on tunnel IP version in the application
as driver/HW is not expected to update L2 ether type post
Outbound Inline pr

test/security: update L2 header based on tunnel IP version

Update L2 header based on tunnel IP version in the application
as driver/HW is not expected to update L2 ether type post
Outbound Inline protocol offload processing.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: add event inline IPsec cases

Enable ability to run inline security tests using event
API(rte_event_eth_tx_adapter_enqueue/rte_event_dequeue_burst).
New test command - event_inline_ips

test/security: add event inline IPsec cases

Enable ability to run inline security tests using event
API(rte_event_eth_tx_adapter_enqueue/rte_event_dequeue_burst).
New test command - event_inline_ipsec_autotest will run same list of
test cases as inline_ipsec_autotest, but packets will go through eventdev.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

test/security: add inline IPsec IPv6 flow label cases

Patch adds unit tests for IPv6 flow label set & copy
operations.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Fan Zhang <roy

test/security: add inline IPsec IPv6 flow label cases

Patch adds unit tests for IPv6 flow label set & copy
operations.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

show more ...

test/security: add ESN and anti-replay for inline IPsec

Added cases to test anti replay for inline IPsec processing
with and without extended sequence number support.

Signed-off-by: Akhil Goyal <ga

test/security: add ESN and anti-replay for inline IPsec

Added cases to test anti replay for inline IPsec processing
with and without extended sequence number support.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

show more ...

test/security: add more inline IPsec functional cases

Added more inline IPsec functional verification cases.
These cases do not have known vectors but are verified
using encap + decap test for all t

test/security: add more inline IPsec functional cases

Added more inline IPsec functional verification cases.
These cases do not have known vectors but are verified
using encap + decap test for all the algo combinations.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

show more ...