1993ea577SAkhil Goyal /* SPDX-License-Identifier: BSD-3-Clause 2993ea577SAkhil Goyal * Copyright(C) 2023 Marvell. 3993ea577SAkhil Goyal */ 4993ea577SAkhil Goyal 5993ea577SAkhil Goyal #include <stdio.h> 6993ea577SAkhil Goyal #include <inttypes.h> 7993ea577SAkhil Goyal 8993ea577SAkhil Goyal #include <rte_ethdev.h> 9993ea577SAkhil Goyal #include <rte_malloc.h> 10993ea577SAkhil Goyal #include <rte_security.h> 11993ea577SAkhil Goyal 12993ea577SAkhil Goyal #include "test.h" 13993ea577SAkhil Goyal #include "test_security_inline_macsec_vectors.h" 14993ea577SAkhil Goyal 15993ea577SAkhil Goyal #ifdef RTE_EXEC_ENV_WINDOWS 16993ea577SAkhil Goyal static int 17993ea577SAkhil Goyal test_inline_macsec(void) 18993ea577SAkhil Goyal { 19993ea577SAkhil Goyal printf("Inline MACsec not supported on Windows, skipping test\n"); 20993ea577SAkhil Goyal return TEST_SKIPPED; 21993ea577SAkhil Goyal } 22993ea577SAkhil Goyal 23993ea577SAkhil Goyal #else 24993ea577SAkhil Goyal 25993ea577SAkhil Goyal #define NB_ETHPORTS_USED 1 26993ea577SAkhil Goyal #define MEMPOOL_CACHE_SIZE 32 27993ea577SAkhil Goyal #define RTE_TEST_RX_DESC_DEFAULT 1024 28993ea577SAkhil Goyal #define RTE_TEST_TX_DESC_DEFAULT 1024 29993ea577SAkhil Goyal #define RTE_PORT_ALL (~(uint16_t)0x0) 30993ea577SAkhil Goyal 31993ea577SAkhil Goyal #define RX_PTHRESH 8 /**< Default values of RX prefetch threshold reg. */ 32993ea577SAkhil Goyal #define RX_HTHRESH 8 /**< Default values of RX host threshold reg. */ 33993ea577SAkhil Goyal #define RX_WTHRESH 0 /**< Default values of RX write-back threshold reg. */ 34993ea577SAkhil Goyal 35993ea577SAkhil Goyal #define TX_PTHRESH 32 /**< Default values of TX prefetch threshold reg. */ 36993ea577SAkhil Goyal #define TX_HTHRESH 0 /**< Default values of TX host threshold reg. */ 37993ea577SAkhil Goyal #define TX_WTHRESH 0 /**< Default values of TX write-back threshold reg. */ 38993ea577SAkhil Goyal 39993ea577SAkhil Goyal #define MAX_TRAFFIC_BURST 2048 40993ea577SAkhil Goyal #define NB_MBUF 10240 41993ea577SAkhil Goyal 42993ea577SAkhil Goyal #define MCS_INVALID_SA 0xFFFF 43993ea577SAkhil Goyal #define MCS_DEFAULT_PN_THRESHOLD 0xFFFFF 44993ea577SAkhil Goyal 45993ea577SAkhil Goyal static struct rte_mempool *mbufpool; 46993ea577SAkhil Goyal static struct rte_mempool *sess_pool; 47993ea577SAkhil Goyal /* ethernet addresses of ports */ 48993ea577SAkhil Goyal static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS]; 49993ea577SAkhil Goyal 50993ea577SAkhil Goyal struct mcs_test_opts { 51993ea577SAkhil Goyal int val_frames; 52993ea577SAkhil Goyal int nb_td; 53993ea577SAkhil Goyal uint16_t mtu; 54993ea577SAkhil Goyal uint8_t sa_in_use; 55993ea577SAkhil Goyal bool encrypt; 56993ea577SAkhil Goyal bool protect_frames; 57993ea577SAkhil Goyal uint8_t sectag_insert_mode; 58993ea577SAkhil Goyal uint8_t nb_vlan; 59993ea577SAkhil Goyal uint32_t replay_win_sz; 60993ea577SAkhil Goyal uint8_t replay_protect; 61993ea577SAkhil Goyal uint8_t rekey_en; 62993ea577SAkhil Goyal const struct mcs_test_vector *rekey_td; 63993ea577SAkhil Goyal bool dump_all_stats; 64993ea577SAkhil Goyal uint8_t check_untagged_rx; 65993ea577SAkhil Goyal uint8_t check_bad_tag_cnt; 66993ea577SAkhil Goyal uint8_t check_sa_not_in_use; 67993ea577SAkhil Goyal uint8_t check_decap_stats; 68993ea577SAkhil Goyal uint8_t check_verify_only_stats; 69993ea577SAkhil Goyal uint8_t check_pkts_invalid_stats; 70993ea577SAkhil Goyal uint8_t check_pkts_unchecked_stats; 71993ea577SAkhil Goyal uint8_t check_out_pkts_untagged; 72993ea577SAkhil Goyal uint8_t check_out_pkts_toolong; 73993ea577SAkhil Goyal uint8_t check_encap_stats; 74993ea577SAkhil Goyal uint8_t check_auth_only_stats; 75993ea577SAkhil Goyal uint8_t check_sectag_interrupts; 76993ea577SAkhil Goyal }; 77993ea577SAkhil Goyal 78993ea577SAkhil Goyal static struct rte_eth_conf port_conf = { 79993ea577SAkhil Goyal .rxmode = { 80993ea577SAkhil Goyal .mq_mode = RTE_ETH_MQ_RX_NONE, 81993ea577SAkhil Goyal .offloads = RTE_ETH_RX_OFFLOAD_CHECKSUM | 82993ea577SAkhil Goyal RTE_ETH_RX_OFFLOAD_MACSEC_STRIP, 83993ea577SAkhil Goyal }, 84993ea577SAkhil Goyal .txmode = { 85993ea577SAkhil Goyal .mq_mode = RTE_ETH_MQ_TX_NONE, 86993ea577SAkhil Goyal .offloads = RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE | 87993ea577SAkhil Goyal RTE_ETH_TX_OFFLOAD_MACSEC_INSERT, 88993ea577SAkhil Goyal }, 89993ea577SAkhil Goyal .lpbk_mode = 1, /* enable loopback */ 90993ea577SAkhil Goyal }; 91993ea577SAkhil Goyal 92993ea577SAkhil Goyal static struct rte_eth_rxconf rx_conf = { 93993ea577SAkhil Goyal .rx_thresh = { 94993ea577SAkhil Goyal .pthresh = RX_PTHRESH, 95993ea577SAkhil Goyal .hthresh = RX_HTHRESH, 96993ea577SAkhil Goyal .wthresh = RX_WTHRESH, 97993ea577SAkhil Goyal }, 98993ea577SAkhil Goyal .rx_free_thresh = 32, 99993ea577SAkhil Goyal }; 100993ea577SAkhil Goyal 101993ea577SAkhil Goyal static struct rte_eth_txconf tx_conf = { 102993ea577SAkhil Goyal .tx_thresh = { 103993ea577SAkhil Goyal .pthresh = TX_PTHRESH, 104993ea577SAkhil Goyal .hthresh = TX_HTHRESH, 105993ea577SAkhil Goyal .wthresh = TX_WTHRESH, 106993ea577SAkhil Goyal }, 107993ea577SAkhil Goyal .tx_free_thresh = 32, /* Use PMD default values */ 108993ea577SAkhil Goyal .tx_rs_thresh = 32, /* Use PMD default values */ 109993ea577SAkhil Goyal }; 110993ea577SAkhil Goyal 111993ea577SAkhil Goyal static uint16_t port_id; 112993ea577SAkhil Goyal 113993ea577SAkhil Goyal static uint64_t link_mbps; 114993ea577SAkhil Goyal 115993ea577SAkhil Goyal static struct rte_flow *default_tx_flow[RTE_MAX_ETHPORTS]; 116993ea577SAkhil Goyal static struct rte_flow *default_rx_flow[RTE_MAX_ETHPORTS]; 117993ea577SAkhil Goyal 118993ea577SAkhil Goyal static struct rte_mbuf **tx_pkts_burst; 119993ea577SAkhil Goyal static struct rte_mbuf **rx_pkts_burst; 120993ea577SAkhil Goyal 121993ea577SAkhil Goyal static inline struct rte_mbuf * 122993ea577SAkhil Goyal init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len) 123993ea577SAkhil Goyal { 124993ea577SAkhil Goyal struct rte_mbuf *pkt; 125993ea577SAkhil Goyal 126993ea577SAkhil Goyal pkt = rte_pktmbuf_alloc(mp); 127993ea577SAkhil Goyal if (pkt == NULL) 128993ea577SAkhil Goyal return NULL; 129993ea577SAkhil Goyal 130993ea577SAkhil Goyal rte_memcpy(rte_pktmbuf_append(pkt, len), data, len); 131993ea577SAkhil Goyal 132993ea577SAkhil Goyal return pkt; 133993ea577SAkhil Goyal } 134993ea577SAkhil Goyal 135993ea577SAkhil Goyal static int 136993ea577SAkhil Goyal init_mempools(unsigned int nb_mbuf) 137993ea577SAkhil Goyal { 138993ea577SAkhil Goyal struct rte_security_ctx *sec_ctx; 139993ea577SAkhil Goyal uint16_t nb_sess = 512; 140993ea577SAkhil Goyal uint32_t sess_sz; 141993ea577SAkhil Goyal char s[64]; 142993ea577SAkhil Goyal 143993ea577SAkhil Goyal if (mbufpool == NULL) { 144993ea577SAkhil Goyal snprintf(s, sizeof(s), "mbuf_pool"); 145993ea577SAkhil Goyal mbufpool = rte_pktmbuf_pool_create(s, nb_mbuf, 146993ea577SAkhil Goyal MEMPOOL_CACHE_SIZE, 0, 147993ea577SAkhil Goyal RTE_MBUF_DEFAULT_BUF_SIZE, SOCKET_ID_ANY); 148993ea577SAkhil Goyal if (mbufpool == NULL) { 149993ea577SAkhil Goyal printf("Cannot init mbuf pool\n"); 150993ea577SAkhil Goyal return TEST_FAILED; 151993ea577SAkhil Goyal } 152993ea577SAkhil Goyal printf("Allocated mbuf pool\n"); 153993ea577SAkhil Goyal } 154993ea577SAkhil Goyal 155993ea577SAkhil Goyal sec_ctx = rte_eth_dev_get_sec_ctx(port_id); 156993ea577SAkhil Goyal if (sec_ctx == NULL) { 157993ea577SAkhil Goyal printf("Device does not support Security ctx\n"); 158993ea577SAkhil Goyal return TEST_SKIPPED; 159993ea577SAkhil Goyal } 160993ea577SAkhil Goyal sess_sz = rte_security_session_get_size(sec_ctx); 161993ea577SAkhil Goyal if (sess_pool == NULL) { 162993ea577SAkhil Goyal snprintf(s, sizeof(s), "sess_pool"); 163993ea577SAkhil Goyal sess_pool = rte_mempool_create(s, nb_sess, sess_sz, 164993ea577SAkhil Goyal MEMPOOL_CACHE_SIZE, 0, 165993ea577SAkhil Goyal NULL, NULL, NULL, NULL, 166993ea577SAkhil Goyal SOCKET_ID_ANY, 0); 167993ea577SAkhil Goyal if (sess_pool == NULL) { 168993ea577SAkhil Goyal printf("Cannot init sess pool\n"); 169993ea577SAkhil Goyal return TEST_FAILED; 170993ea577SAkhil Goyal } 171993ea577SAkhil Goyal printf("Allocated sess pool\n"); 172993ea577SAkhil Goyal } 173993ea577SAkhil Goyal 174993ea577SAkhil Goyal return 0; 175993ea577SAkhil Goyal } 176993ea577SAkhil Goyal 177993ea577SAkhil Goyal static void 178993ea577SAkhil Goyal fill_macsec_sa_conf(const struct mcs_test_vector *td, struct rte_security_macsec_sa *sa, 179993ea577SAkhil Goyal enum rte_security_macsec_direction dir, uint8_t an, uint8_t tci_off) 180993ea577SAkhil Goyal { 181993ea577SAkhil Goyal sa->dir = dir; 182993ea577SAkhil Goyal 183993ea577SAkhil Goyal sa->key.data = td->sa_key.data; 184993ea577SAkhil Goyal sa->key.length = td->sa_key.len; 185993ea577SAkhil Goyal 186993ea577SAkhil Goyal memcpy((uint8_t *)sa->salt, (const uint8_t *)td->salt, RTE_SECURITY_MACSEC_SALT_LEN); 187993ea577SAkhil Goyal 188993ea577SAkhil Goyal /* AN is set as per the value in secure packet in test vector */ 189993ea577SAkhil Goyal sa->an = an & RTE_MACSEC_AN_MASK; 190993ea577SAkhil Goyal 191993ea577SAkhil Goyal sa->ssci = td->ssci; 192993ea577SAkhil Goyal sa->xpn = td->xpn; 193993ea577SAkhil Goyal /* Starting packet number which is expected to come next. 194993ea577SAkhil Goyal * It is take from the test vector so that we can match the out packet. 195993ea577SAkhil Goyal */ 196993ea577SAkhil Goyal sa->next_pn = *(const uint32_t *)(&td->secure_pkt.data[tci_off + 2]); 197993ea577SAkhil Goyal } 198993ea577SAkhil Goyal 199993ea577SAkhil Goyal static void 200993ea577SAkhil Goyal fill_macsec_sc_conf(const struct mcs_test_vector *td, 201993ea577SAkhil Goyal struct rte_security_macsec_sc *sc_conf, 202993ea577SAkhil Goyal const struct mcs_test_opts *opts, 203993ea577SAkhil Goyal enum rte_security_macsec_direction dir, 204993ea577SAkhil Goyal uint16_t sa_id[], uint8_t tci_off) 205993ea577SAkhil Goyal { 206993ea577SAkhil Goyal uint8_t i; 207993ea577SAkhil Goyal 208993ea577SAkhil Goyal sc_conf->dir = dir; 209ad344741SAkhil Goyal sc_conf->pn_threshold = ((uint64_t)td->xpn << 32) | 210ad344741SAkhil Goyal rte_be_to_cpu_32(*(const uint32_t *)(&td->secure_pkt.data[tci_off + 2])); 211993ea577SAkhil Goyal if (dir == RTE_SECURITY_MACSEC_DIR_TX) { 212993ea577SAkhil Goyal sc_conf->sc_tx.sa_id = sa_id[0]; 213993ea577SAkhil Goyal if (sa_id[1] != MCS_INVALID_SA) { 214993ea577SAkhil Goyal sc_conf->sc_tx.sa_id_rekey = sa_id[1]; 215993ea577SAkhil Goyal sc_conf->sc_tx.re_key_en = 1; 216993ea577SAkhil Goyal } 217993ea577SAkhil Goyal sc_conf->sc_tx.active = 1; 218993ea577SAkhil Goyal /* is SCI valid */ 219993ea577SAkhil Goyal if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) { 220993ea577SAkhil Goyal memcpy(&sc_conf->sc_tx.sci, &td->secure_pkt.data[tci_off + 6], 221993ea577SAkhil Goyal sizeof(sc_conf->sc_tx.sci)); 222993ea577SAkhil Goyal sc_conf->sc_tx.sci = rte_be_to_cpu_64(sc_conf->sc_tx.sci); 223993ea577SAkhil Goyal } else if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) { 224993ea577SAkhil Goyal /* sci = source_mac + port_id when ES.bit = 1 & SC.bit = 0 */ 225993ea577SAkhil Goyal const uint8_t *smac = td->plain_pkt.data + RTE_ETHER_ADDR_LEN; 226993ea577SAkhil Goyal uint8_t *ptr = (uint8_t *)&sc_conf->sc_tx.sci; 227993ea577SAkhil Goyal 228993ea577SAkhil Goyal ptr[0] = 0x01; 229993ea577SAkhil Goyal ptr[1] = 0; 230993ea577SAkhil Goyal for (i = 0; i < RTE_ETHER_ADDR_LEN; i++) 231993ea577SAkhil Goyal ptr[2 + i] = smac[RTE_ETHER_ADDR_LEN - 1 - i]; 232993ea577SAkhil Goyal } else { 233993ea577SAkhil Goyal /* use some default SCI */ 234993ea577SAkhil Goyal sc_conf->sc_tx.sci = 0xf1341e023a2b1c5d; 235993ea577SAkhil Goyal } 236ad344741SAkhil Goyal if (td->xpn > 0) 237ad344741SAkhil Goyal sc_conf->sc_tx.is_xpn = 1; 238993ea577SAkhil Goyal } else { 239993ea577SAkhil Goyal for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { 240993ea577SAkhil Goyal sc_conf->sc_rx.sa_id[i] = sa_id[i]; 241993ea577SAkhil Goyal sc_conf->sc_rx.sa_in_use[i] = opts->sa_in_use; 242993ea577SAkhil Goyal } 243993ea577SAkhil Goyal sc_conf->sc_rx.active = 1; 244ad344741SAkhil Goyal if (td->xpn > 0) 245ad344741SAkhil Goyal sc_conf->sc_rx.is_xpn = 1; 246993ea577SAkhil Goyal } 247993ea577SAkhil Goyal } 248993ea577SAkhil Goyal 249993ea577SAkhil Goyal 250993ea577SAkhil Goyal /* Create Inline MACsec session */ 251993ea577SAkhil Goyal static int 252993ea577SAkhil Goyal fill_session_conf(const struct mcs_test_vector *td, uint16_t portid __rte_unused, 253993ea577SAkhil Goyal const struct mcs_test_opts *opts, 254993ea577SAkhil Goyal struct rte_security_session_conf *sess_conf, 255993ea577SAkhil Goyal enum rte_security_macsec_direction dir, 256993ea577SAkhil Goyal uint16_t sc_id, 257993ea577SAkhil Goyal uint8_t tci_off) 258993ea577SAkhil Goyal { 259993ea577SAkhil Goyal sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; 260993ea577SAkhil Goyal sess_conf->protocol = RTE_SECURITY_PROTOCOL_MACSEC; 261993ea577SAkhil Goyal sess_conf->macsec.dir = dir; 262993ea577SAkhil Goyal sess_conf->macsec.alg = td->alg; 263993ea577SAkhil Goyal sess_conf->macsec.cipher_off = 0; 264993ea577SAkhil Goyal if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) { 265993ea577SAkhil Goyal sess_conf->macsec.sci = rte_be_to_cpu_64(*(const uint64_t *) 266993ea577SAkhil Goyal (&td->secure_pkt.data[tci_off + 6])); 267993ea577SAkhil Goyal } else if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) { 268993ea577SAkhil Goyal /* sci = source_mac + port_id when ES.bit = 1 & SC.bit = 0 */ 269993ea577SAkhil Goyal const uint8_t *smac = td->plain_pkt.data + RTE_ETHER_ADDR_LEN; 270993ea577SAkhil Goyal uint8_t *ptr = (uint8_t *)&sess_conf->macsec.sci; 271993ea577SAkhil Goyal uint8_t j; 272993ea577SAkhil Goyal 273993ea577SAkhil Goyal ptr[0] = 0x01; 274993ea577SAkhil Goyal ptr[1] = 0; 275993ea577SAkhil Goyal for (j = 0; j < RTE_ETHER_ADDR_LEN; j++) 276993ea577SAkhil Goyal ptr[2 + j] = smac[RTE_ETHER_ADDR_LEN - 1 - j]; 277993ea577SAkhil Goyal } 278993ea577SAkhil Goyal sess_conf->macsec.sc_id = sc_id; 279993ea577SAkhil Goyal if (dir == RTE_SECURITY_MACSEC_DIR_TX) { 280993ea577SAkhil Goyal sess_conf->macsec.tx_secy.mtu = opts->mtu; 281993ea577SAkhil Goyal sess_conf->macsec.tx_secy.sectag_off = (opts->sectag_insert_mode == 1) ? 282993ea577SAkhil Goyal 2 * RTE_ETHER_ADDR_LEN : 283993ea577SAkhil Goyal RTE_VLAN_HLEN; 284993ea577SAkhil Goyal sess_conf->macsec.tx_secy.sectag_insert_mode = opts->sectag_insert_mode; 285993ea577SAkhil Goyal sess_conf->macsec.tx_secy.ctrl_port_enable = 1; 286993ea577SAkhil Goyal sess_conf->macsec.tx_secy.sectag_version = 0; 287993ea577SAkhil Goyal sess_conf->macsec.tx_secy.end_station = 288993ea577SAkhil Goyal (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) >> 6; 289993ea577SAkhil Goyal sess_conf->macsec.tx_secy.send_sci = 290993ea577SAkhil Goyal (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) >> 5; 291993ea577SAkhil Goyal sess_conf->macsec.tx_secy.scb = 292993ea577SAkhil Goyal (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SCB) >> 4; 293993ea577SAkhil Goyal sess_conf->macsec.tx_secy.encrypt = opts->encrypt; 294993ea577SAkhil Goyal sess_conf->macsec.tx_secy.protect_frames = opts->protect_frames; 295993ea577SAkhil Goyal sess_conf->macsec.tx_secy.icv_include_da_sa = 1; 296993ea577SAkhil Goyal } else { 297993ea577SAkhil Goyal sess_conf->macsec.rx_secy.replay_win_sz = opts->replay_win_sz; 298993ea577SAkhil Goyal sess_conf->macsec.rx_secy.replay_protect = opts->replay_protect; 299993ea577SAkhil Goyal sess_conf->macsec.rx_secy.icv_include_da_sa = 1; 300993ea577SAkhil Goyal sess_conf->macsec.rx_secy.ctrl_port_enable = 1; 301993ea577SAkhil Goyal sess_conf->macsec.rx_secy.preserve_sectag = 0; 302993ea577SAkhil Goyal sess_conf->macsec.rx_secy.preserve_icv = 0; 303993ea577SAkhil Goyal sess_conf->macsec.rx_secy.validate_frames = opts->val_frames; 304993ea577SAkhil Goyal } 305993ea577SAkhil Goyal 306993ea577SAkhil Goyal return 0; 307993ea577SAkhil Goyal } 308993ea577SAkhil Goyal 309993ea577SAkhil Goyal static int 310993ea577SAkhil Goyal create_default_flow(const struct mcs_test_vector *td, uint16_t portid, 311993ea577SAkhil Goyal enum rte_security_macsec_direction dir, void *sess) 312993ea577SAkhil Goyal { 313993ea577SAkhil Goyal struct rte_flow_action action[2]; 314993ea577SAkhil Goyal struct rte_flow_item pattern[2]; 315993ea577SAkhil Goyal struct rte_flow_attr attr = {0}; 316993ea577SAkhil Goyal struct rte_flow_error err; 317993ea577SAkhil Goyal struct rte_flow *flow; 318993ea577SAkhil Goyal struct rte_flow_item_eth eth = { .hdr.ether_type = 0, }; 319993ea577SAkhil Goyal static const struct rte_flow_item_eth eth_mask = { 320993ea577SAkhil Goyal .hdr.dst_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00", 321993ea577SAkhil Goyal .hdr.src_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00", 322993ea577SAkhil Goyal .hdr.ether_type = RTE_BE16(0x0000), 323993ea577SAkhil Goyal }; 324993ea577SAkhil Goyal 325993ea577SAkhil Goyal int ret; 326993ea577SAkhil Goyal 327993ea577SAkhil Goyal eth.has_vlan = 0; 328993ea577SAkhil Goyal if (dir == RTE_SECURITY_MACSEC_DIR_TX) 329993ea577SAkhil Goyal memcpy(ð.hdr, td->plain_pkt.data, RTE_ETHER_HDR_LEN); 330993ea577SAkhil Goyal else 331993ea577SAkhil Goyal memcpy(ð.hdr, td->secure_pkt.data, RTE_ETHER_HDR_LEN); 332993ea577SAkhil Goyal 333993ea577SAkhil Goyal pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH; 334993ea577SAkhil Goyal pattern[0].spec = ð 335993ea577SAkhil Goyal pattern[0].mask = ð_mask; 336993ea577SAkhil Goyal pattern[0].last = NULL; 337993ea577SAkhil Goyal pattern[1].type = RTE_FLOW_ITEM_TYPE_END; 338993ea577SAkhil Goyal 339993ea577SAkhil Goyal action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; 340993ea577SAkhil Goyal action[0].conf = sess; 341993ea577SAkhil Goyal action[1].type = RTE_FLOW_ACTION_TYPE_END; 342993ea577SAkhil Goyal action[1].conf = NULL; 343993ea577SAkhil Goyal 344993ea577SAkhil Goyal attr.ingress = (dir == RTE_SECURITY_MACSEC_DIR_RX) ? 1 : 0; 345993ea577SAkhil Goyal attr.egress = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? 1 : 0; 346993ea577SAkhil Goyal 347993ea577SAkhil Goyal ret = rte_flow_validate(portid, &attr, pattern, action, &err); 348993ea577SAkhil Goyal if (ret) { 349993ea577SAkhil Goyal printf("\nValidate flow failed, ret = %d\n", ret); 350993ea577SAkhil Goyal return -1; 351993ea577SAkhil Goyal } 352993ea577SAkhil Goyal flow = rte_flow_create(portid, &attr, pattern, action, &err); 353993ea577SAkhil Goyal if (flow == NULL) { 354993ea577SAkhil Goyal printf("\nDefault flow rule create failed\n"); 355993ea577SAkhil Goyal return -1; 356993ea577SAkhil Goyal } 357993ea577SAkhil Goyal 358993ea577SAkhil Goyal if (dir == RTE_SECURITY_MACSEC_DIR_TX) 359993ea577SAkhil Goyal default_tx_flow[portid] = flow; 360993ea577SAkhil Goyal else 361993ea577SAkhil Goyal default_rx_flow[portid] = flow; 362993ea577SAkhil Goyal 363993ea577SAkhil Goyal return 0; 364993ea577SAkhil Goyal } 365993ea577SAkhil Goyal 366993ea577SAkhil Goyal static void 367993ea577SAkhil Goyal destroy_default_flow(uint16_t portid) 368993ea577SAkhil Goyal { 369993ea577SAkhil Goyal struct rte_flow_error err; 370993ea577SAkhil Goyal int ret; 371993ea577SAkhil Goyal 372993ea577SAkhil Goyal if (default_tx_flow[portid]) { 373993ea577SAkhil Goyal ret = rte_flow_destroy(portid, default_tx_flow[portid], &err); 374993ea577SAkhil Goyal if (ret) { 375993ea577SAkhil Goyal printf("\nDefault Tx flow rule destroy failed\n"); 376993ea577SAkhil Goyal return; 377993ea577SAkhil Goyal } 378993ea577SAkhil Goyal default_tx_flow[portid] = NULL; 379993ea577SAkhil Goyal } 380993ea577SAkhil Goyal if (default_rx_flow[portid]) { 381993ea577SAkhil Goyal ret = rte_flow_destroy(portid, default_rx_flow[portid], &err); 382993ea577SAkhil Goyal if (ret) { 383993ea577SAkhil Goyal printf("\nDefault Rx flow rule destroy failed\n"); 384993ea577SAkhil Goyal return; 385993ea577SAkhil Goyal } 386993ea577SAkhil Goyal default_rx_flow[portid] = NULL; 387993ea577SAkhil Goyal } 388993ea577SAkhil Goyal } 389993ea577SAkhil Goyal 390993ea577SAkhil Goyal static void 391993ea577SAkhil Goyal print_ethaddr(const char *name, const struct rte_ether_addr *eth_addr) 392993ea577SAkhil Goyal { 393993ea577SAkhil Goyal char buf[RTE_ETHER_ADDR_FMT_SIZE]; 394993ea577SAkhil Goyal rte_ether_format_addr(buf, RTE_ETHER_ADDR_FMT_SIZE, eth_addr); 395993ea577SAkhil Goyal printf("%s%s", name, buf); 396993ea577SAkhil Goyal } 397993ea577SAkhil Goyal 398993ea577SAkhil Goyal /* Check the link status of all ports in up to 3s, and print them finally */ 399993ea577SAkhil Goyal static void 400993ea577SAkhil Goyal check_all_ports_link_status(uint16_t port_num, uint32_t port_mask) 401993ea577SAkhil Goyal { 402993ea577SAkhil Goyal #define CHECK_INTERVAL 100 /* 100ms */ 403993ea577SAkhil Goyal #define MAX_CHECK_TIME 30 /* 3s (30 * 100ms) in total */ 404993ea577SAkhil Goyal uint16_t portid; 405993ea577SAkhil Goyal uint8_t count, all_ports_up, print_flag = 0; 406993ea577SAkhil Goyal struct rte_eth_link link; 407993ea577SAkhil Goyal int ret; 408993ea577SAkhil Goyal char link_status[RTE_ETH_LINK_MAX_STR_LEN]; 409993ea577SAkhil Goyal 410993ea577SAkhil Goyal printf("Checking link statuses...\n"); 411993ea577SAkhil Goyal fflush(stdout); 412993ea577SAkhil Goyal for (count = 0; count <= MAX_CHECK_TIME; count++) { 413993ea577SAkhil Goyal all_ports_up = 1; 414993ea577SAkhil Goyal for (portid = 0; portid < port_num; portid++) { 415993ea577SAkhil Goyal if ((port_mask & (1 << portid)) == 0) 416993ea577SAkhil Goyal continue; 417993ea577SAkhil Goyal memset(&link, 0, sizeof(link)); 418993ea577SAkhil Goyal ret = rte_eth_link_get_nowait(portid, &link); 419993ea577SAkhil Goyal if (ret < 0) { 420993ea577SAkhil Goyal all_ports_up = 0; 421993ea577SAkhil Goyal if (print_flag == 1) 422993ea577SAkhil Goyal printf("Port %u link get failed: %s\n", 423993ea577SAkhil Goyal portid, rte_strerror(-ret)); 424993ea577SAkhil Goyal continue; 425993ea577SAkhil Goyal } 426993ea577SAkhil Goyal 427993ea577SAkhil Goyal /* print link status if flag set */ 428993ea577SAkhil Goyal if (print_flag == 1) { 429993ea577SAkhil Goyal if (link.link_status && link_mbps == 0) 430993ea577SAkhil Goyal link_mbps = link.link_speed; 431993ea577SAkhil Goyal 432993ea577SAkhil Goyal rte_eth_link_to_str(link_status, 433993ea577SAkhil Goyal sizeof(link_status), &link); 434993ea577SAkhil Goyal printf("Port %d %s\n", portid, link_status); 435993ea577SAkhil Goyal continue; 436993ea577SAkhil Goyal } 437993ea577SAkhil Goyal /* clear all_ports_up flag if any link down */ 438993ea577SAkhil Goyal if (link.link_status == RTE_ETH_LINK_DOWN) { 439993ea577SAkhil Goyal all_ports_up = 0; 440993ea577SAkhil Goyal break; 441993ea577SAkhil Goyal } 442993ea577SAkhil Goyal } 443993ea577SAkhil Goyal /* after finally printing all link status, get out */ 444993ea577SAkhil Goyal if (print_flag == 1) 445993ea577SAkhil Goyal break; 446993ea577SAkhil Goyal 447993ea577SAkhil Goyal if (all_ports_up == 0) 448993ea577SAkhil Goyal fflush(stdout); 449993ea577SAkhil Goyal 450993ea577SAkhil Goyal /* set the print_flag if all ports up or timeout */ 451993ea577SAkhil Goyal if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) 452993ea577SAkhil Goyal print_flag = 1; 453993ea577SAkhil Goyal } 454993ea577SAkhil Goyal } 455993ea577SAkhil Goyal 456993ea577SAkhil Goyal static int 457993ea577SAkhil Goyal test_macsec_post_process(struct rte_mbuf *m, const struct mcs_test_vector *td, 458993ea577SAkhil Goyal enum mcs_op op, uint8_t check_out_pkts_untagged) 459993ea577SAkhil Goyal { 460993ea577SAkhil Goyal const uint8_t *dptr; 461993ea577SAkhil Goyal uint16_t pkt_len; 462993ea577SAkhil Goyal 463993ea577SAkhil Goyal if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || 464993ea577SAkhil Goyal op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY || 465993ea577SAkhil Goyal check_out_pkts_untagged == 1) { 466993ea577SAkhil Goyal dptr = td->plain_pkt.data; 467993ea577SAkhil Goyal pkt_len = td->plain_pkt.len; 468993ea577SAkhil Goyal } else { 469993ea577SAkhil Goyal dptr = td->secure_pkt.data; 470993ea577SAkhil Goyal pkt_len = td->secure_pkt.len; 471993ea577SAkhil Goyal } 472993ea577SAkhil Goyal 473993ea577SAkhil Goyal if (memcmp(rte_pktmbuf_mtod(m, uint8_t *), dptr, pkt_len)) { 474993ea577SAkhil Goyal printf("\nData comparison failed for td."); 475993ea577SAkhil Goyal rte_pktmbuf_dump(stdout, m, m->pkt_len); 476993ea577SAkhil Goyal rte_hexdump(stdout, "expected_data", dptr, pkt_len); 477993ea577SAkhil Goyal return TEST_FAILED; 478993ea577SAkhil Goyal } 479993ea577SAkhil Goyal 480993ea577SAkhil Goyal return TEST_SUCCESS; 481993ea577SAkhil Goyal } 482993ea577SAkhil Goyal 483993ea577SAkhil Goyal static void 484993ea577SAkhil Goyal mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op, 485993ea577SAkhil Goyal void *rx_sess, void *tx_sess, 486993ea577SAkhil Goyal uint8_t rx_sc_id, uint8_t tx_sc_id, 487993ea577SAkhil Goyal uint16_t rx_sa_id[], uint16_t tx_sa_id[]) 488993ea577SAkhil Goyal { 489993ea577SAkhil Goyal struct rte_security_stats sess_stats = {0}; 490993ea577SAkhil Goyal struct rte_security_macsec_secy_stats *secy_stat; 491993ea577SAkhil Goyal struct rte_security_macsec_sc_stats sc_stat = {0}; 492993ea577SAkhil Goyal struct rte_security_macsec_sa_stats sa_stat = {0}; 493993ea577SAkhil Goyal int i; 494993ea577SAkhil Goyal 495993ea577SAkhil Goyal if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || 496993ea577SAkhil Goyal op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { 497993ea577SAkhil Goyal printf("\n********* RX SECY STATS ************\n"); 498993ea577SAkhil Goyal rte_security_session_stats_get(ctx, rx_sess, &sess_stats); 499993ea577SAkhil Goyal secy_stat = &sess_stats.macsec; 500993ea577SAkhil Goyal 501993ea577SAkhil Goyal if (secy_stat->ctl_pkt_bcast_cnt) 502993ea577SAkhil Goyal printf("RX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", 503993ea577SAkhil Goyal secy_stat->ctl_pkt_bcast_cnt); 504993ea577SAkhil Goyal if (secy_stat->ctl_pkt_mcast_cnt) 505993ea577SAkhil Goyal printf("RX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", 506993ea577SAkhil Goyal secy_stat->ctl_pkt_mcast_cnt); 507993ea577SAkhil Goyal if (secy_stat->ctl_pkt_ucast_cnt) 508993ea577SAkhil Goyal printf("RX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", 509993ea577SAkhil Goyal secy_stat->ctl_pkt_ucast_cnt); 510993ea577SAkhil Goyal if (secy_stat->ctl_octet_cnt) 511993ea577SAkhil Goyal printf("RX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt); 512993ea577SAkhil Goyal if (secy_stat->unctl_pkt_bcast_cnt) 513993ea577SAkhil Goyal printf("RX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", 514993ea577SAkhil Goyal secy_stat->unctl_pkt_bcast_cnt); 515993ea577SAkhil Goyal if (secy_stat->unctl_pkt_mcast_cnt) 516993ea577SAkhil Goyal printf("RX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", 517993ea577SAkhil Goyal secy_stat->unctl_pkt_mcast_cnt); 518993ea577SAkhil Goyal if (secy_stat->unctl_pkt_ucast_cnt) 519993ea577SAkhil Goyal printf("RX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", 520993ea577SAkhil Goyal secy_stat->unctl_pkt_ucast_cnt); 521993ea577SAkhil Goyal if (secy_stat->unctl_octet_cnt) 522993ea577SAkhil Goyal printf("RX: unctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->unctl_octet_cnt); 523993ea577SAkhil Goyal /* Valid only for RX */ 524993ea577SAkhil Goyal if (secy_stat->octet_decrypted_cnt) 525993ea577SAkhil Goyal printf("RX: octet_decrypted_cnt: 0x%" PRIx64 "\n", 526993ea577SAkhil Goyal secy_stat->octet_decrypted_cnt); 527993ea577SAkhil Goyal if (secy_stat->octet_validated_cnt) 528993ea577SAkhil Goyal printf("RX: octet_validated_cnt: 0x%" PRIx64 "\n", 529993ea577SAkhil Goyal secy_stat->octet_validated_cnt); 530993ea577SAkhil Goyal if (secy_stat->pkt_port_disabled_cnt) 531993ea577SAkhil Goyal printf("RX: pkt_port_disabled_cnt: 0x%" PRIx64 "\n", 532993ea577SAkhil Goyal secy_stat->pkt_port_disabled_cnt); 533993ea577SAkhil Goyal if (secy_stat->pkt_badtag_cnt) 534993ea577SAkhil Goyal printf("RX: pkt_badtag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_badtag_cnt); 535993ea577SAkhil Goyal if (secy_stat->pkt_nosa_cnt) 536993ea577SAkhil Goyal printf("RX: pkt_nosa_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_nosa_cnt); 537993ea577SAkhil Goyal if (secy_stat->pkt_nosaerror_cnt) 538993ea577SAkhil Goyal printf("RX: pkt_nosaerror_cnt: 0x%" PRIx64 "\n", 539993ea577SAkhil Goyal secy_stat->pkt_nosaerror_cnt); 540993ea577SAkhil Goyal if (secy_stat->pkt_tagged_ctl_cnt) 541993ea577SAkhil Goyal printf("RX: pkt_tagged_ctl_cnt: 0x%" PRIx64 "\n", 542993ea577SAkhil Goyal secy_stat->pkt_tagged_ctl_cnt); 543993ea577SAkhil Goyal if (secy_stat->pkt_untaged_cnt) 544993ea577SAkhil Goyal printf("RX: pkt_untaged_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_untaged_cnt); 545993ea577SAkhil Goyal if (secy_stat->pkt_ctl_cnt) 546993ea577SAkhil Goyal printf("RX: pkt_ctl_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_ctl_cnt); 547993ea577SAkhil Goyal if (secy_stat->pkt_notag_cnt) 548993ea577SAkhil Goyal printf("RX: pkt_notag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_notag_cnt); 549993ea577SAkhil Goyal printf("\n"); 550993ea577SAkhil Goyal printf("\n********** RX SC[%u] STATS **************\n", rx_sc_id); 551993ea577SAkhil Goyal 552993ea577SAkhil Goyal rte_security_macsec_sc_stats_get(ctx, rx_sc_id, RTE_SECURITY_MACSEC_DIR_RX, 553993ea577SAkhil Goyal &sc_stat); 554993ea577SAkhil Goyal /* RX */ 555993ea577SAkhil Goyal if (sc_stat.hit_cnt) 556993ea577SAkhil Goyal printf("RX hit_cnt: 0x%" PRIx64 "\n", sc_stat.hit_cnt); 557993ea577SAkhil Goyal if (sc_stat.pkt_invalid_cnt) 558993ea577SAkhil Goyal printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_invalid_cnt); 559993ea577SAkhil Goyal if (sc_stat.pkt_late_cnt) 560993ea577SAkhil Goyal printf("RX pkt_late_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_late_cnt); 561993ea577SAkhil Goyal if (sc_stat.pkt_notvalid_cnt) 562993ea577SAkhil Goyal printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_notvalid_cnt); 563993ea577SAkhil Goyal if (sc_stat.pkt_unchecked_cnt) 564993ea577SAkhil Goyal printf("RX pkt_unchecked_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_unchecked_cnt); 565993ea577SAkhil Goyal if (sc_stat.pkt_delay_cnt) 566993ea577SAkhil Goyal printf("RX pkt_delay_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_delay_cnt); 567993ea577SAkhil Goyal if (sc_stat.pkt_ok_cnt) 568993ea577SAkhil Goyal printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_ok_cnt); 569993ea577SAkhil Goyal if (sc_stat.octet_decrypt_cnt) 570993ea577SAkhil Goyal printf("RX octet_decrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_decrypt_cnt); 571993ea577SAkhil Goyal if (sc_stat.octet_validate_cnt) 572993ea577SAkhil Goyal printf("RX octet_validate_cnt: 0x%" PRIx64 "\n", 573993ea577SAkhil Goyal sc_stat.octet_validate_cnt); 574993ea577SAkhil Goyal printf("\n"); 575993ea577SAkhil Goyal for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { 576993ea577SAkhil Goyal printf("\n********** RX SA[%u] STATS ****************\n", rx_sa_id[i]); 577993ea577SAkhil Goyal memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); 578993ea577SAkhil Goyal rte_security_macsec_sa_stats_get(ctx, rx_sa_id[i], 579993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_RX, &sa_stat); 580993ea577SAkhil Goyal 581993ea577SAkhil Goyal /* RX */ 582993ea577SAkhil Goyal if (sa_stat.pkt_invalid_cnt) 583993ea577SAkhil Goyal printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n", 584993ea577SAkhil Goyal sa_stat.pkt_invalid_cnt); 585993ea577SAkhil Goyal if (sa_stat.pkt_nosaerror_cnt) 586993ea577SAkhil Goyal printf("RX pkt_nosaerror_cnt: 0x%" PRIx64 "\n", 587993ea577SAkhil Goyal sa_stat.pkt_nosaerror_cnt); 588993ea577SAkhil Goyal if (sa_stat.pkt_notvalid_cnt) 589993ea577SAkhil Goyal printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n", 590993ea577SAkhil Goyal sa_stat.pkt_notvalid_cnt); 591993ea577SAkhil Goyal if (sa_stat.pkt_ok_cnt) 592993ea577SAkhil Goyal printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_ok_cnt); 593993ea577SAkhil Goyal if (sa_stat.pkt_nosa_cnt) 594993ea577SAkhil Goyal printf("RX pkt_nosa_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_nosa_cnt); 595993ea577SAkhil Goyal printf("\n"); 596993ea577SAkhil Goyal } 597993ea577SAkhil Goyal } 598993ea577SAkhil Goyal 599993ea577SAkhil Goyal if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || 600993ea577SAkhil Goyal op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { 601993ea577SAkhil Goyal memset(&sess_stats, 0, sizeof(struct rte_security_stats)); 602993ea577SAkhil Goyal rte_security_session_stats_get(ctx, tx_sess, &sess_stats); 603993ea577SAkhil Goyal secy_stat = &sess_stats.macsec; 604993ea577SAkhil Goyal 605993ea577SAkhil Goyal printf("\n********* TX SECY STATS ************\n"); 606993ea577SAkhil Goyal if (secy_stat->ctl_pkt_bcast_cnt) 607993ea577SAkhil Goyal printf("TX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", 608993ea577SAkhil Goyal secy_stat->ctl_pkt_bcast_cnt); 609993ea577SAkhil Goyal if (secy_stat->ctl_pkt_mcast_cnt) 610993ea577SAkhil Goyal printf("TX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", 611993ea577SAkhil Goyal secy_stat->ctl_pkt_mcast_cnt); 612993ea577SAkhil Goyal if (secy_stat->ctl_pkt_ucast_cnt) 613993ea577SAkhil Goyal printf("TX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", 614993ea577SAkhil Goyal secy_stat->ctl_pkt_ucast_cnt); 615993ea577SAkhil Goyal if (secy_stat->ctl_octet_cnt) 616993ea577SAkhil Goyal printf("TX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt); 617993ea577SAkhil Goyal if (secy_stat->unctl_pkt_bcast_cnt) 618993ea577SAkhil Goyal printf("TX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", 619993ea577SAkhil Goyal secy_stat->unctl_pkt_bcast_cnt); 620993ea577SAkhil Goyal if (secy_stat->unctl_pkt_mcast_cnt) 621993ea577SAkhil Goyal printf("TX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", 622993ea577SAkhil Goyal secy_stat->unctl_pkt_mcast_cnt); 623993ea577SAkhil Goyal if (secy_stat->unctl_pkt_ucast_cnt) 624993ea577SAkhil Goyal printf("TX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", 625993ea577SAkhil Goyal secy_stat->unctl_pkt_ucast_cnt); 626993ea577SAkhil Goyal if (secy_stat->unctl_octet_cnt) 627993ea577SAkhil Goyal printf("TX: unctl_octet_cnt: 0x%" PRIx64 "\n", 628993ea577SAkhil Goyal secy_stat->unctl_octet_cnt); 629993ea577SAkhil Goyal /* Valid only for TX */ 630993ea577SAkhil Goyal if (secy_stat->octet_encrypted_cnt) 631993ea577SAkhil Goyal printf("TX: octet_encrypted_cnt: 0x%" PRIx64 "\n", 632993ea577SAkhil Goyal secy_stat->octet_encrypted_cnt); 633993ea577SAkhil Goyal if (secy_stat->octet_protected_cnt) 634993ea577SAkhil Goyal printf("TX: octet_protected_cnt: 0x%" PRIx64 "\n", 635993ea577SAkhil Goyal secy_stat->octet_protected_cnt); 636993ea577SAkhil Goyal if (secy_stat->pkt_noactivesa_cnt) 637993ea577SAkhil Goyal printf("TX: pkt_noactivesa_cnt: 0x%" PRIx64 "\n", 638993ea577SAkhil Goyal secy_stat->pkt_noactivesa_cnt); 639993ea577SAkhil Goyal if (secy_stat->pkt_toolong_cnt) 640993ea577SAkhil Goyal printf("TX: pkt_toolong_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_toolong_cnt); 641993ea577SAkhil Goyal if (secy_stat->pkt_untagged_cnt) 642993ea577SAkhil Goyal printf("TX: pkt_untagged_cnt: 0x%" PRIx64 "\n", 643993ea577SAkhil Goyal secy_stat->pkt_untagged_cnt); 644993ea577SAkhil Goyal 645993ea577SAkhil Goyal 646993ea577SAkhil Goyal memset(&sc_stat, 0, sizeof(struct rte_security_macsec_sc_stats)); 647993ea577SAkhil Goyal rte_security_macsec_sc_stats_get(ctx, tx_sc_id, RTE_SECURITY_MACSEC_DIR_TX, 648993ea577SAkhil Goyal &sc_stat); 649993ea577SAkhil Goyal printf("\n********** TX SC[%u] STATS **************\n", tx_sc_id); 650993ea577SAkhil Goyal if (sc_stat.pkt_encrypt_cnt) 651993ea577SAkhil Goyal printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_encrypt_cnt); 652993ea577SAkhil Goyal if (sc_stat.pkt_protected_cnt) 653993ea577SAkhil Goyal printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_protected_cnt); 654993ea577SAkhil Goyal if (sc_stat.octet_encrypt_cnt) 655993ea577SAkhil Goyal printf("TX octet_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_encrypt_cnt); 656993ea577SAkhil Goyal 657993ea577SAkhil Goyal memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); 658993ea577SAkhil Goyal rte_security_macsec_sa_stats_get(ctx, tx_sa_id[0], 659993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX, &sa_stat); 660993ea577SAkhil Goyal printf("\n********** TX SA[%u] STATS ****************\n", tx_sa_id[0]); 661993ea577SAkhil Goyal if (sa_stat.pkt_encrypt_cnt) 662993ea577SAkhil Goyal printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_encrypt_cnt); 663993ea577SAkhil Goyal if (sa_stat.pkt_protected_cnt) 664993ea577SAkhil Goyal printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_protected_cnt); 665993ea577SAkhil Goyal } 666993ea577SAkhil Goyal } 667993ea577SAkhil Goyal 668993ea577SAkhil Goyal static int 6697c3b1decSAkhil Goyal mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op, 6707c3b1decSAkhil Goyal const struct mcs_test_opts *opts, 6717c3b1decSAkhil Goyal const struct mcs_test_vector *td, 6727c3b1decSAkhil Goyal void *rx_sess, void *tx_sess, 6737c3b1decSAkhil Goyal uint8_t rx_sc_id, uint8_t tx_sc_id, 6747c3b1decSAkhil Goyal uint16_t rx_sa_id[], uint16_t tx_sa_id[]) 6757c3b1decSAkhil Goyal { 6767c3b1decSAkhil Goyal struct rte_security_stats sess_stats = {0}; 6777c3b1decSAkhil Goyal struct rte_security_macsec_secy_stats *secy_stat; 6787c3b1decSAkhil Goyal struct rte_security_macsec_sc_stats sc_stat = {0}; 6797c3b1decSAkhil Goyal struct rte_security_macsec_sa_stats sa_stat = {0}; 6807c3b1decSAkhil Goyal int i; 6817c3b1decSAkhil Goyal 6827c3b1decSAkhil Goyal if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || 6837c3b1decSAkhil Goyal op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { 6847c3b1decSAkhil Goyal rte_security_session_stats_get(ctx, rx_sess, &sess_stats); 6857c3b1decSAkhil Goyal secy_stat = &sess_stats.macsec; 6867c3b1decSAkhil Goyal 6877c3b1decSAkhil Goyal if ((opts->check_untagged_rx && secy_stat->pkt_notag_cnt != 1) || 6887c3b1decSAkhil Goyal (opts->check_untagged_rx && secy_stat->pkt_untaged_cnt != 1)) 6897c3b1decSAkhil Goyal return TEST_FAILED; 6907c3b1decSAkhil Goyal 6917c3b1decSAkhil Goyal if (opts->check_bad_tag_cnt && secy_stat->pkt_badtag_cnt != 1) 6927c3b1decSAkhil Goyal return TEST_FAILED; 6937c3b1decSAkhil Goyal 6947c3b1decSAkhil Goyal if (opts->check_sa_not_in_use && secy_stat->pkt_nosaerror_cnt != 1) 6957c3b1decSAkhil Goyal return TEST_FAILED; 6967c3b1decSAkhil Goyal 6977c3b1decSAkhil Goyal if (opts->check_decap_stats && secy_stat->octet_decrypted_cnt != 6987c3b1decSAkhil Goyal (uint16_t)(td->plain_pkt.len - 2 * RTE_ETHER_ADDR_LEN)) 6997c3b1decSAkhil Goyal return TEST_FAILED; 7007c3b1decSAkhil Goyal 7017c3b1decSAkhil Goyal if (opts->check_verify_only_stats && secy_stat->octet_validated_cnt != 7027c3b1decSAkhil Goyal (uint16_t)(td->plain_pkt.len - 2 * RTE_ETHER_ADDR_LEN)) 7037c3b1decSAkhil Goyal return TEST_FAILED; 7047c3b1decSAkhil Goyal 7057c3b1decSAkhil Goyal rte_security_macsec_sc_stats_get(ctx, rx_sc_id, 7067c3b1decSAkhil Goyal RTE_SECURITY_MACSEC_DIR_RX, &sc_stat); 7077c3b1decSAkhil Goyal 7087c3b1decSAkhil Goyal if ((opts->check_decap_stats || opts->check_verify_only_stats) && 7097c3b1decSAkhil Goyal sc_stat.pkt_ok_cnt != 1) 7107c3b1decSAkhil Goyal return TEST_FAILED; 7117c3b1decSAkhil Goyal 7127c3b1decSAkhil Goyal if (opts->check_pkts_invalid_stats && sc_stat.pkt_notvalid_cnt != 1) 7137c3b1decSAkhil Goyal return TEST_FAILED; 7147c3b1decSAkhil Goyal 7157c3b1decSAkhil Goyal if (opts->check_pkts_unchecked_stats && sc_stat.pkt_unchecked_cnt != 1) 7167c3b1decSAkhil Goyal return TEST_FAILED; 7177c3b1decSAkhil Goyal 7187c3b1decSAkhil Goyal for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { 7197c3b1decSAkhil Goyal memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); 7207c3b1decSAkhil Goyal rte_security_macsec_sa_stats_get(ctx, rx_sa_id[i], 7217c3b1decSAkhil Goyal RTE_SECURITY_MACSEC_DIR_RX, &sa_stat); 7227c3b1decSAkhil Goyal 7237c3b1decSAkhil Goyal } 7247c3b1decSAkhil Goyal } 7257c3b1decSAkhil Goyal 7267c3b1decSAkhil Goyal if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || 7277c3b1decSAkhil Goyal op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { 7287c3b1decSAkhil Goyal memset(&sess_stats, 0, sizeof(struct rte_security_stats)); 7297c3b1decSAkhil Goyal rte_security_session_stats_get(ctx, tx_sess, &sess_stats); 7307c3b1decSAkhil Goyal secy_stat = &sess_stats.macsec; 7317c3b1decSAkhil Goyal 7327c3b1decSAkhil Goyal if (opts->check_out_pkts_untagged && secy_stat->pkt_untagged_cnt != 1) 7337c3b1decSAkhil Goyal return TEST_FAILED; 7347c3b1decSAkhil Goyal 7357c3b1decSAkhil Goyal if (opts->check_out_pkts_toolong && secy_stat->pkt_toolong_cnt != 1) 7367c3b1decSAkhil Goyal return TEST_FAILED; 7377c3b1decSAkhil Goyal 7387c3b1decSAkhil Goyal if (opts->check_encap_stats && secy_stat->octet_encrypted_cnt != 7397c3b1decSAkhil Goyal (uint16_t)(td->plain_pkt.len - 2 * RTE_ETHER_ADDR_LEN)) 7407c3b1decSAkhil Goyal return TEST_FAILED; 7417c3b1decSAkhil Goyal 7427c3b1decSAkhil Goyal if (opts->check_auth_only_stats && secy_stat->octet_protected_cnt != 7437c3b1decSAkhil Goyal (uint16_t)(td->plain_pkt.len - 2 * RTE_ETHER_ADDR_LEN)) 7447c3b1decSAkhil Goyal return TEST_FAILED; 7457c3b1decSAkhil Goyal 7467c3b1decSAkhil Goyal 7477c3b1decSAkhil Goyal memset(&sc_stat, 0, sizeof(struct rte_security_macsec_sc_stats)); 7487c3b1decSAkhil Goyal rte_security_macsec_sc_stats_get(ctx, tx_sc_id, RTE_SECURITY_MACSEC_DIR_TX, 7497c3b1decSAkhil Goyal &sc_stat); 7507c3b1decSAkhil Goyal 7517c3b1decSAkhil Goyal if (opts->check_encap_stats && sc_stat.pkt_encrypt_cnt != 1) 7527c3b1decSAkhil Goyal return TEST_FAILED; 7537c3b1decSAkhil Goyal 7547c3b1decSAkhil Goyal if (opts->check_auth_only_stats && sc_stat.pkt_protected_cnt != 1) 7557c3b1decSAkhil Goyal return TEST_FAILED; 7567c3b1decSAkhil Goyal 7577c3b1decSAkhil Goyal memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); 7587c3b1decSAkhil Goyal rte_security_macsec_sa_stats_get(ctx, tx_sa_id[0], 7597c3b1decSAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX, &sa_stat); 7607c3b1decSAkhil Goyal } 7617c3b1decSAkhil Goyal 7627c3b1decSAkhil Goyal return 0; 7637c3b1decSAkhil Goyal } 7647c3b1decSAkhil Goyal 7657c3b1decSAkhil Goyal static int 766339b9354SAnkur Dwivedi test_macsec_event_callback(uint16_t port_id, enum rte_eth_event_type type, 767339b9354SAnkur Dwivedi void *param, void *ret_param) 768339b9354SAnkur Dwivedi { 769339b9354SAnkur Dwivedi struct mcs_err_vector *vector = (struct mcs_err_vector *)param; 770339b9354SAnkur Dwivedi struct rte_eth_event_macsec_desc *event_desc = NULL; 771339b9354SAnkur Dwivedi 772339b9354SAnkur Dwivedi RTE_SET_USED(port_id); 773339b9354SAnkur Dwivedi 774339b9354SAnkur Dwivedi if (type != RTE_ETH_EVENT_MACSEC) 775339b9354SAnkur Dwivedi return -1; 776339b9354SAnkur Dwivedi 777339b9354SAnkur Dwivedi event_desc = ret_param; 778339b9354SAnkur Dwivedi if (event_desc == NULL) { 779339b9354SAnkur Dwivedi printf("Event descriptor not set\n"); 780339b9354SAnkur Dwivedi return -1; 781339b9354SAnkur Dwivedi } 782339b9354SAnkur Dwivedi vector->notify_event = true; 783339b9354SAnkur Dwivedi 784339b9354SAnkur Dwivedi switch (event_desc->type) { 785339b9354SAnkur Dwivedi case RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR: 786339b9354SAnkur Dwivedi vector->event = RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR; 787339b9354SAnkur Dwivedi switch (event_desc->subtype) { 788339b9354SAnkur Dwivedi case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_V_EQ1: 789339b9354SAnkur Dwivedi vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_V_EQ1; 790339b9354SAnkur Dwivedi break; 791339b9354SAnkur Dwivedi case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_E_EQ0_C_EQ1: 792339b9354SAnkur Dwivedi vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_E_EQ0_C_EQ1; 793339b9354SAnkur Dwivedi break; 794339b9354SAnkur Dwivedi case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SL_GTE48: 795339b9354SAnkur Dwivedi vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SL_GTE48; 796339b9354SAnkur Dwivedi break; 797339b9354SAnkur Dwivedi case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_ES_EQ1_SC_EQ1: 798339b9354SAnkur Dwivedi vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_ES_EQ1_SC_EQ1; 799339b9354SAnkur Dwivedi break; 800339b9354SAnkur Dwivedi case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SC_EQ1_SCB_EQ1: 801339b9354SAnkur Dwivedi vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SC_EQ1_SCB_EQ1; 802339b9354SAnkur Dwivedi break; 803339b9354SAnkur Dwivedi default: 804339b9354SAnkur Dwivedi printf("\nUnknown Macsec event subtype: %d", event_desc->subtype); 805339b9354SAnkur Dwivedi } 806339b9354SAnkur Dwivedi break; 807339b9354SAnkur Dwivedi case RTE_ETH_EVENT_MACSEC_RX_SA_PN_HARD_EXP: 808339b9354SAnkur Dwivedi vector->event = RTE_ETH_EVENT_MACSEC_RX_SA_PN_HARD_EXP; 809339b9354SAnkur Dwivedi break; 810339b9354SAnkur Dwivedi case RTE_ETH_EVENT_MACSEC_RX_SA_PN_SOFT_EXP: 811339b9354SAnkur Dwivedi vector->event = RTE_ETH_EVENT_MACSEC_RX_SA_PN_SOFT_EXP; 812339b9354SAnkur Dwivedi break; 813339b9354SAnkur Dwivedi case RTE_ETH_EVENT_MACSEC_TX_SA_PN_HARD_EXP: 814339b9354SAnkur Dwivedi vector->event = RTE_ETH_EVENT_MACSEC_TX_SA_PN_HARD_EXP; 815339b9354SAnkur Dwivedi break; 816339b9354SAnkur Dwivedi case RTE_ETH_EVENT_MACSEC_TX_SA_PN_SOFT_EXP: 817339b9354SAnkur Dwivedi vector->event = RTE_ETH_EVENT_MACSEC_TX_SA_PN_SOFT_EXP; 818339b9354SAnkur Dwivedi break; 819339b9354SAnkur Dwivedi case RTE_ETH_EVENT_MACSEC_SA_NOT_VALID: 820339b9354SAnkur Dwivedi vector->event = RTE_ETH_EVENT_MACSEC_SA_NOT_VALID; 821339b9354SAnkur Dwivedi break; 822339b9354SAnkur Dwivedi default: 823339b9354SAnkur Dwivedi printf("Invalid MACsec event reported\n"); 824339b9354SAnkur Dwivedi return -1; 825339b9354SAnkur Dwivedi } 826339b9354SAnkur Dwivedi 827339b9354SAnkur Dwivedi return 0; 828339b9354SAnkur Dwivedi } 829339b9354SAnkur Dwivedi 830339b9354SAnkur Dwivedi static int 831993ea577SAkhil Goyal test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts) 832993ea577SAkhil Goyal { 833993ea577SAkhil Goyal uint16_t rx_sa_id[MCS_MAX_FLOWS][RTE_SECURITY_MACSEC_NUM_AN] = {{0}}; 834993ea577SAkhil Goyal uint16_t tx_sa_id[MCS_MAX_FLOWS][2] = {{0}}; 835993ea577SAkhil Goyal uint16_t rx_sc_id[MCS_MAX_FLOWS] = {0}; 836993ea577SAkhil Goyal uint16_t tx_sc_id[MCS_MAX_FLOWS] = {0}; 837993ea577SAkhil Goyal void *rx_sess[MCS_MAX_FLOWS] = {0}; 838993ea577SAkhil Goyal void *tx_sess[MCS_MAX_FLOWS] = {0}; 839993ea577SAkhil Goyal struct rte_security_session_conf sess_conf = {0}; 840993ea577SAkhil Goyal struct rte_security_macsec_sa sa_conf = {0}; 841993ea577SAkhil Goyal struct rte_security_macsec_sc sc_conf = {0}; 842ad344741SAkhil Goyal struct mcs_err_vector err_vector = {0}; 843993ea577SAkhil Goyal struct rte_security_ctx *ctx; 844993ea577SAkhil Goyal int nb_rx = 0, nb_sent; 845993ea577SAkhil Goyal int i, j = 0, ret, id, an = 0; 846993ea577SAkhil Goyal uint8_t tci_off; 847993ea577SAkhil Goyal 848993ea577SAkhil Goyal memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td); 849993ea577SAkhil Goyal 850993ea577SAkhil Goyal ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id); 851993ea577SAkhil Goyal if (ctx == NULL) { 852993ea577SAkhil Goyal printf("Ethernet device doesn't support security features.\n"); 853993ea577SAkhil Goyal return TEST_SKIPPED; 854993ea577SAkhil Goyal } 855993ea577SAkhil Goyal 856993ea577SAkhil Goyal tci_off = (opts->sectag_insert_mode == 1) ? RTE_ETHER_HDR_LEN : 857993ea577SAkhil Goyal RTE_ETHER_HDR_LEN + (opts->nb_vlan * RTE_VLAN_HLEN); 858993ea577SAkhil Goyal 859993ea577SAkhil Goyal for (i = 0, j = 0; i < opts->nb_td; i++) { 860993ea577SAkhil Goyal if (op == MCS_DECAP || op == MCS_VERIFY_ONLY) 861993ea577SAkhil Goyal tx_pkts_burst[j] = init_packet(mbufpool, td[i]->secure_pkt.data, 862993ea577SAkhil Goyal td[i]->secure_pkt.len); 863993ea577SAkhil Goyal else { 864993ea577SAkhil Goyal tx_pkts_burst[j] = init_packet(mbufpool, td[i]->plain_pkt.data, 865993ea577SAkhil Goyal td[i]->plain_pkt.len); 866993ea577SAkhil Goyal 867993ea577SAkhil Goyal tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC; 868993ea577SAkhil Goyal } 869993ea577SAkhil Goyal if (tx_pkts_burst[j] == NULL) { 870993ea577SAkhil Goyal while (j--) 871993ea577SAkhil Goyal rte_pktmbuf_free(tx_pkts_burst[j]); 872993ea577SAkhil Goyal ret = TEST_FAILED; 873993ea577SAkhil Goyal goto out; 874993ea577SAkhil Goyal } 875993ea577SAkhil Goyal j++; 876993ea577SAkhil Goyal 877ad344741SAkhil Goyal if (opts->rekey_en) { 878ad344741SAkhil Goyal 879ad344741SAkhil Goyal err_vector.td = td[i]; 880ad344741SAkhil Goyal err_vector.rekey_td = opts->rekey_td; 881ad344741SAkhil Goyal err_vector.event = RTE_ETH_EVENT_MACSEC_UNKNOWN; 882ad344741SAkhil Goyal err_vector.event_subtype = RTE_ETH_SUBEVENT_MACSEC_UNKNOWN; 883ad344741SAkhil Goyal rte_eth_dev_callback_register(port_id, RTE_ETH_EVENT_MACSEC, 884ad344741SAkhil Goyal test_macsec_event_callback, &err_vector); 885ad344741SAkhil Goyal if (op == MCS_DECAP || op == MCS_VERIFY_ONLY) 886ad344741SAkhil Goyal tx_pkts_burst[j] = init_packet(mbufpool, 887ad344741SAkhil Goyal opts->rekey_td->secure_pkt.data, 888ad344741SAkhil Goyal opts->rekey_td->secure_pkt.len); 889ad344741SAkhil Goyal else { 890ad344741SAkhil Goyal tx_pkts_burst[j] = init_packet(mbufpool, 891ad344741SAkhil Goyal opts->rekey_td->plain_pkt.data, 892ad344741SAkhil Goyal opts->rekey_td->plain_pkt.len); 893ad344741SAkhil Goyal 894ad344741SAkhil Goyal tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC; 895ad344741SAkhil Goyal } 896ad344741SAkhil Goyal if (tx_pkts_burst[j] == NULL) { 897ad344741SAkhil Goyal while (j--) 898ad344741SAkhil Goyal rte_pktmbuf_free(tx_pkts_burst[j]); 899ad344741SAkhil Goyal ret = TEST_FAILED; 900ad344741SAkhil Goyal goto out; 901ad344741SAkhil Goyal } 902ad344741SAkhil Goyal j++; 903ad344741SAkhil Goyal } 904ad344741SAkhil Goyal 905993ea577SAkhil Goyal if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || 906993ea577SAkhil Goyal op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { 907993ea577SAkhil Goyal for (an = 0; an < RTE_SECURITY_MACSEC_NUM_AN; an++) { 908*4885ba24SAnkur Dwivedi if (opts->rekey_en && an == 909*4885ba24SAnkur Dwivedi (opts->rekey_td->secure_pkt.data[tci_off] & 910*4885ba24SAnkur Dwivedi RTE_MACSEC_AN_MASK)) 911*4885ba24SAnkur Dwivedi fill_macsec_sa_conf(opts->rekey_td, &sa_conf, 912*4885ba24SAnkur Dwivedi RTE_SECURITY_MACSEC_DIR_RX, an, tci_off); 913*4885ba24SAnkur Dwivedi else 914993ea577SAkhil Goyal /* For simplicity, using same SA conf for all AN */ 915993ea577SAkhil Goyal fill_macsec_sa_conf(td[i], &sa_conf, 916993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_RX, an, tci_off); 917993ea577SAkhil Goyal id = rte_security_macsec_sa_create(ctx, &sa_conf); 918993ea577SAkhil Goyal if (id < 0) { 919993ea577SAkhil Goyal printf("MACsec SA create failed : %d.\n", id); 920993ea577SAkhil Goyal return TEST_FAILED; 921993ea577SAkhil Goyal } 922993ea577SAkhil Goyal rx_sa_id[i][an] = (uint16_t)id; 923993ea577SAkhil Goyal } 924993ea577SAkhil Goyal fill_macsec_sc_conf(td[i], &sc_conf, opts, 925993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_RX, rx_sa_id[i], tci_off); 926993ea577SAkhil Goyal id = rte_security_macsec_sc_create(ctx, &sc_conf); 927993ea577SAkhil Goyal if (id < 0) { 928993ea577SAkhil Goyal printf("MACsec SC create failed : %d.\n", id); 929993ea577SAkhil Goyal goto out; 930993ea577SAkhil Goyal } 931993ea577SAkhil Goyal rx_sc_id[i] = (uint16_t)id; 932993ea577SAkhil Goyal 933993ea577SAkhil Goyal /* Create Inline IPsec session. */ 934993ea577SAkhil Goyal ret = fill_session_conf(td[i], port_id, opts, &sess_conf, 935993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_RX, rx_sc_id[i], tci_off); 936993ea577SAkhil Goyal if (ret) 937993ea577SAkhil Goyal return TEST_FAILED; 938993ea577SAkhil Goyal 939993ea577SAkhil Goyal rx_sess[i] = rte_security_session_create(ctx, &sess_conf, 940993ea577SAkhil Goyal sess_pool); 941993ea577SAkhil Goyal if (rx_sess[i] == NULL) { 942993ea577SAkhil Goyal printf("SEC Session init failed.\n"); 943993ea577SAkhil Goyal return TEST_FAILED; 944993ea577SAkhil Goyal } 945993ea577SAkhil Goyal ret = create_default_flow(td[i], port_id, 946993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_RX, rx_sess[i]); 947993ea577SAkhil Goyal if (ret) 948993ea577SAkhil Goyal goto out; 949993ea577SAkhil Goyal } 950993ea577SAkhil Goyal if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || 951993ea577SAkhil Goyal op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { 952993ea577SAkhil Goyal int id; 953993ea577SAkhil Goyal 954993ea577SAkhil Goyal fill_macsec_sa_conf(td[i], &sa_conf, 955993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX, 956993ea577SAkhil Goyal td[i]->secure_pkt.data[tci_off] & RTE_MACSEC_AN_MASK, 957993ea577SAkhil Goyal tci_off); 958993ea577SAkhil Goyal id = rte_security_macsec_sa_create(ctx, &sa_conf); 959993ea577SAkhil Goyal if (id < 0) { 960993ea577SAkhil Goyal printf("MACsec SA create failed : %d.\n", id); 961993ea577SAkhil Goyal return TEST_FAILED; 962993ea577SAkhil Goyal } 963993ea577SAkhil Goyal tx_sa_id[i][0] = (uint16_t)id; 964993ea577SAkhil Goyal tx_sa_id[i][1] = MCS_INVALID_SA; 965ad344741SAkhil Goyal if (opts->rekey_en) { 966ad344741SAkhil Goyal memset(&sa_conf, 0, sizeof(struct rte_security_macsec_sa)); 967ad344741SAkhil Goyal fill_macsec_sa_conf(opts->rekey_td, &sa_conf, 968ad344741SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX, 969ad344741SAkhil Goyal opts->rekey_td->secure_pkt.data[tci_off] & 970ad344741SAkhil Goyal RTE_MACSEC_AN_MASK, 971ad344741SAkhil Goyal tci_off); 972ad344741SAkhil Goyal id = rte_security_macsec_sa_create(ctx, &sa_conf); 973ad344741SAkhil Goyal if (id < 0) { 974ad344741SAkhil Goyal printf("MACsec rekey SA create failed : %d.\n", id); 975ad344741SAkhil Goyal goto out; 976ad344741SAkhil Goyal } 977ad344741SAkhil Goyal tx_sa_id[i][1] = (uint16_t)id; 978ad344741SAkhil Goyal } 979993ea577SAkhil Goyal fill_macsec_sc_conf(td[i], &sc_conf, opts, 980993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX, tx_sa_id[i], tci_off); 981993ea577SAkhil Goyal id = rte_security_macsec_sc_create(ctx, &sc_conf); 982993ea577SAkhil Goyal if (id < 0) { 983993ea577SAkhil Goyal printf("MACsec SC create failed : %d.\n", id); 984993ea577SAkhil Goyal goto out; 985993ea577SAkhil Goyal } 986993ea577SAkhil Goyal tx_sc_id[i] = (uint16_t)id; 987993ea577SAkhil Goyal 988993ea577SAkhil Goyal /* Create Inline IPsec session. */ 989993ea577SAkhil Goyal ret = fill_session_conf(td[i], port_id, opts, &sess_conf, 990993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX, tx_sc_id[i], tci_off); 991993ea577SAkhil Goyal if (ret) 992993ea577SAkhil Goyal return TEST_FAILED; 993993ea577SAkhil Goyal 994993ea577SAkhil Goyal tx_sess[i] = rte_security_session_create(ctx, &sess_conf, 995993ea577SAkhil Goyal sess_pool); 996993ea577SAkhil Goyal if (tx_sess[i] == NULL) { 997993ea577SAkhil Goyal printf("SEC Session init failed.\n"); 998993ea577SAkhil Goyal return TEST_FAILED; 999993ea577SAkhil Goyal } 1000993ea577SAkhil Goyal ret = create_default_flow(td[i], port_id, 1001993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX, tx_sess[i]); 1002993ea577SAkhil Goyal if (ret) 1003993ea577SAkhil Goyal goto out; 1004993ea577SAkhil Goyal } 1005993ea577SAkhil Goyal } 1006993ea577SAkhil Goyal 1007993ea577SAkhil Goyal /* Send packet to ethdev for inline MACsec processing. */ 1008993ea577SAkhil Goyal nb_sent = rte_eth_tx_burst(port_id, 0, tx_pkts_burst, j); 1009993ea577SAkhil Goyal 1010993ea577SAkhil Goyal if (nb_sent != j) { 1011993ea577SAkhil Goyal printf("\nUnable to TX %d packets, sent: %i", j, nb_sent); 1012993ea577SAkhil Goyal for ( ; nb_sent < j; nb_sent++) 1013993ea577SAkhil Goyal rte_pktmbuf_free(tx_pkts_burst[nb_sent]); 1014993ea577SAkhil Goyal ret = TEST_FAILED; 1015993ea577SAkhil Goyal goto out; 1016993ea577SAkhil Goyal } 1017993ea577SAkhil Goyal 1018993ea577SAkhil Goyal rte_pause(); 1019993ea577SAkhil Goyal 1020993ea577SAkhil Goyal /* Receive back packet on loopback interface. */ 1021993ea577SAkhil Goyal do { 1022993ea577SAkhil Goyal nb_rx += rte_eth_rx_burst(port_id, 0, 1023993ea577SAkhil Goyal &rx_pkts_burst[nb_rx], 1024993ea577SAkhil Goyal nb_sent - nb_rx); 1025993ea577SAkhil Goyal if (nb_rx >= nb_sent) 1026993ea577SAkhil Goyal break; 1027993ea577SAkhil Goyal rte_delay_ms(1); 1028993ea577SAkhil Goyal } while (j++ < 5 && nb_rx == 0); 1029993ea577SAkhil Goyal 1030993ea577SAkhil Goyal if (nb_rx != nb_sent) { 1031993ea577SAkhil Goyal printf("\nUnable to RX all %d packets, received(%i)", 1032993ea577SAkhil Goyal nb_sent, nb_rx); 1033993ea577SAkhil Goyal while (--nb_rx >= 0) 1034993ea577SAkhil Goyal rte_pktmbuf_free(rx_pkts_burst[nb_rx]); 1035993ea577SAkhil Goyal ret = TEST_FAILED; 1036339b9354SAnkur Dwivedi if (opts->check_sectag_interrupts == 1) 1037339b9354SAnkur Dwivedi ret = TEST_SUCCESS; 1038993ea577SAkhil Goyal goto out; 1039993ea577SAkhil Goyal } 1040993ea577SAkhil Goyal 1041ad344741SAkhil Goyal if (opts->rekey_en) { 1042ad344741SAkhil Goyal switch (err_vector.event) { 1043ad344741SAkhil Goyal case RTE_ETH_EVENT_MACSEC_TX_SA_PN_SOFT_EXP: 1044ad344741SAkhil Goyal printf("Received RTE_ETH_EVENT_MACSEC_TX_SA_PN_SOFT_EXP event\n"); 1045ad344741SAkhil Goyal /* The first sa is active now, so the 0th sa can be 1046ad344741SAkhil Goyal * reconfigured. Using the same key as zeroeth sa, but 1047ad344741SAkhil Goyal * other key can also be configured. 1048ad344741SAkhil Goyal */ 1049ad344741SAkhil Goyal rte_security_macsec_sa_destroy(ctx, tx_sa_id[0][0], 1050ad344741SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX); 1051ad344741SAkhil Goyal fill_macsec_sa_conf(td[0], &sa_conf, 1052ad344741SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX, 1053ad344741SAkhil Goyal td[0]->secure_pkt.data[tci_off] & 1054ad344741SAkhil Goyal RTE_MACSEC_AN_MASK, tci_off); 1055ad344741SAkhil Goyal id = rte_security_macsec_sa_create(ctx, &sa_conf); 1056ad344741SAkhil Goyal if (id < 0) { 1057ad344741SAkhil Goyal printf("MACsec SA create failed : %d.\n", id); 1058ad344741SAkhil Goyal return TEST_FAILED; 1059ad344741SAkhil Goyal } 1060ad344741SAkhil Goyal tx_sa_id[0][0] = (uint16_t)id; 1061ad344741SAkhil Goyal break; 1062*4885ba24SAnkur Dwivedi case RTE_ETH_EVENT_MACSEC_RX_SA_PN_SOFT_EXP: 1063*4885ba24SAnkur Dwivedi printf("Received RTE_ETH_EVENT_MACSEC_RX_SA_PN_SOFT_EXP event\n"); 1064*4885ba24SAnkur Dwivedi break; 1065ad344741SAkhil Goyal default: 1066ad344741SAkhil Goyal printf("Received unsupported event\n"); 1067ad344741SAkhil Goyal } 1068ad344741SAkhil Goyal } 1069ad344741SAkhil Goyal 1070993ea577SAkhil Goyal for (i = 0; i < nb_rx; i++) { 1071ad344741SAkhil Goyal if (opts->rekey_en && i == 1) { 1072ad344741SAkhil Goyal /* The second received packet is matched with 1073ad344741SAkhil Goyal * rekey td 1074ad344741SAkhil Goyal */ 1075ad344741SAkhil Goyal ret = test_macsec_post_process(rx_pkts_burst[i], 1076ad344741SAkhil Goyal opts->rekey_td, op, 1077993ea577SAkhil Goyal opts->check_out_pkts_untagged); 1078ad344741SAkhil Goyal } else { 1079ad344741SAkhil Goyal ret = test_macsec_post_process(rx_pkts_burst[i], td[i], 1080ad344741SAkhil Goyal op, opts->check_out_pkts_untagged); 1081ad344741SAkhil Goyal } 1082993ea577SAkhil Goyal if (ret != TEST_SUCCESS) { 1083993ea577SAkhil Goyal for ( ; i < nb_rx; i++) 1084993ea577SAkhil Goyal rte_pktmbuf_free(rx_pkts_burst[i]); 1085993ea577SAkhil Goyal goto out; 1086993ea577SAkhil Goyal } 1087993ea577SAkhil Goyal 1088993ea577SAkhil Goyal rte_pktmbuf_free(rx_pkts_burst[i]); 1089993ea577SAkhil Goyal rx_pkts_burst[i] = NULL; 1090993ea577SAkhil Goyal } 1091993ea577SAkhil Goyal out: 10927c3b1decSAkhil Goyal if (opts->check_out_pkts_toolong == 1 || 10937c3b1decSAkhil Goyal opts->check_sa_not_in_use == 1 || 10947c3b1decSAkhil Goyal opts->check_bad_tag_cnt == 1) 10957c3b1decSAkhil Goyal ret = TEST_SUCCESS; 10967c3b1decSAkhil Goyal 1097993ea577SAkhil Goyal for (i = 0; i < opts->nb_td; i++) { 1098993ea577SAkhil Goyal if (opts->dump_all_stats) { 1099993ea577SAkhil Goyal mcs_stats_dump(ctx, op, 1100993ea577SAkhil Goyal rx_sess[i], tx_sess[i], 1101993ea577SAkhil Goyal rx_sc_id[i], tx_sc_id[i], 1102993ea577SAkhil Goyal rx_sa_id[i], tx_sa_id[i]); 11037c3b1decSAkhil Goyal } else { 11047c3b1decSAkhil Goyal if (ret == TEST_SUCCESS) 11057c3b1decSAkhil Goyal ret = mcs_stats_check(ctx, op, opts, td[i], 11067c3b1decSAkhil Goyal rx_sess[i], tx_sess[i], 11077c3b1decSAkhil Goyal rx_sc_id[i], tx_sc_id[i], 11087c3b1decSAkhil Goyal rx_sa_id[i], tx_sa_id[i]); 1109993ea577SAkhil Goyal } 1110993ea577SAkhil Goyal } 1111993ea577SAkhil Goyal 1112993ea577SAkhil Goyal destroy_default_flow(port_id); 1113993ea577SAkhil Goyal 1114ad344741SAkhil Goyal if (opts->rekey_en) 1115ad344741SAkhil Goyal rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_MACSEC, 1116ad344741SAkhil Goyal test_macsec_event_callback, &err_vector); 1117ad344741SAkhil Goyal 1118993ea577SAkhil Goyal /* Destroy session so that other cases can create the session again */ 1119993ea577SAkhil Goyal for (i = 0; i < opts->nb_td; i++) { 1120993ea577SAkhil Goyal if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || 1121993ea577SAkhil Goyal op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { 1122993ea577SAkhil Goyal rte_security_session_destroy(ctx, tx_sess[i]); 1123993ea577SAkhil Goyal tx_sess[i] = NULL; 1124993ea577SAkhil Goyal rte_security_macsec_sc_destroy(ctx, tx_sc_id[i], 1125993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX); 1126993ea577SAkhil Goyal rte_security_macsec_sa_destroy(ctx, tx_sa_id[i][0], 1127993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX); 1128ad344741SAkhil Goyal if (opts->rekey_en) { 1129ad344741SAkhil Goyal rte_security_macsec_sa_destroy(ctx, tx_sa_id[i][1], 1130ad344741SAkhil Goyal RTE_SECURITY_MACSEC_DIR_TX); 1131ad344741SAkhil Goyal } 1132993ea577SAkhil Goyal } 1133993ea577SAkhil Goyal if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || 1134993ea577SAkhil Goyal op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { 1135993ea577SAkhil Goyal rte_security_session_destroy(ctx, rx_sess[i]); 1136993ea577SAkhil Goyal rx_sess[i] = NULL; 1137993ea577SAkhil Goyal rte_security_macsec_sc_destroy(ctx, rx_sc_id[i], 1138993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_RX); 1139993ea577SAkhil Goyal for (j = 0; j < RTE_SECURITY_MACSEC_NUM_AN; j++) { 1140993ea577SAkhil Goyal rte_security_macsec_sa_destroy(ctx, rx_sa_id[i][j], 1141993ea577SAkhil Goyal RTE_SECURITY_MACSEC_DIR_RX); 1142993ea577SAkhil Goyal } 1143993ea577SAkhil Goyal } 1144993ea577SAkhil Goyal } 1145993ea577SAkhil Goyal 1146993ea577SAkhil Goyal return ret; 1147993ea577SAkhil Goyal } 1148993ea577SAkhil Goyal 1149993ea577SAkhil Goyal static int 1150993ea577SAkhil Goyal test_inline_macsec_encap_all(const void *data __rte_unused) 1151993ea577SAkhil Goyal { 1152993ea577SAkhil Goyal const struct mcs_test_vector *cur_td; 1153993ea577SAkhil Goyal struct mcs_test_opts opts = {0}; 1154993ea577SAkhil Goyal int err, all_err = 0; 1155993ea577SAkhil Goyal int i, size; 1156993ea577SAkhil Goyal 1157993ea577SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1158993ea577SAkhil Goyal opts.encrypt = true; 1159993ea577SAkhil Goyal opts.protect_frames = true; 1160993ea577SAkhil Goyal opts.sa_in_use = 1; 1161993ea577SAkhil Goyal opts.nb_td = 1; 1162993ea577SAkhil Goyal opts.sectag_insert_mode = 1; 1163993ea577SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1164993ea577SAkhil Goyal 1165993ea577SAkhil Goyal size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); 1166993ea577SAkhil Goyal for (i = 0; i < size; i++) { 1167993ea577SAkhil Goyal cur_td = &list_mcs_cipher_vectors[i]; 1168993ea577SAkhil Goyal err = test_macsec(&cur_td, MCS_ENCAP, &opts); 1169993ea577SAkhil Goyal if (err) { 1170993ea577SAkhil Goyal printf("\nCipher Auth Encryption case %d failed", cur_td->test_idx); 1171993ea577SAkhil Goyal err = -1; 1172993ea577SAkhil Goyal } else { 1173993ea577SAkhil Goyal printf("\nCipher Auth Encryption case %d Passed", cur_td->test_idx); 1174993ea577SAkhil Goyal err = 0; 1175993ea577SAkhil Goyal } 1176993ea577SAkhil Goyal all_err += err; 1177993ea577SAkhil Goyal } 1178993ea577SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1179993ea577SAkhil Goyal 1180993ea577SAkhil Goyal return all_err; 1181993ea577SAkhil Goyal } 1182993ea577SAkhil Goyal 1183993ea577SAkhil Goyal static int 1184993ea577SAkhil Goyal test_inline_macsec_decap_all(const void *data __rte_unused) 1185993ea577SAkhil Goyal { 1186993ea577SAkhil Goyal const struct mcs_test_vector *cur_td; 1187993ea577SAkhil Goyal struct mcs_test_opts opts = {0}; 1188993ea577SAkhil Goyal int err, all_err = 0; 1189993ea577SAkhil Goyal int i, size; 1190993ea577SAkhil Goyal 1191993ea577SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1192993ea577SAkhil Goyal opts.sa_in_use = 1; 1193993ea577SAkhil Goyal opts.nb_td = 1; 1194993ea577SAkhil Goyal opts.sectag_insert_mode = 1; 1195993ea577SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1196993ea577SAkhil Goyal 1197993ea577SAkhil Goyal size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); 1198993ea577SAkhil Goyal for (i = 0; i < size; i++) { 1199993ea577SAkhil Goyal cur_td = &list_mcs_cipher_vectors[i]; 1200993ea577SAkhil Goyal err = test_macsec(&cur_td, MCS_DECAP, &opts); 1201993ea577SAkhil Goyal if (err) { 1202993ea577SAkhil Goyal printf("\nCipher Auth Decryption case %d failed", cur_td->test_idx); 1203993ea577SAkhil Goyal err = -1; 1204993ea577SAkhil Goyal } else { 1205993ea577SAkhil Goyal printf("\nCipher Auth Decryption case %d Passed", cur_td->test_idx); 1206993ea577SAkhil Goyal err = 0; 1207993ea577SAkhil Goyal } 1208993ea577SAkhil Goyal all_err += err; 1209993ea577SAkhil Goyal } 1210993ea577SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1211993ea577SAkhil Goyal 1212993ea577SAkhil Goyal return all_err; 1213993ea577SAkhil Goyal } 1214993ea577SAkhil Goyal 1215993ea577SAkhil Goyal static int 12162da0c0a7SAkhil Goyal test_inline_macsec_auth_only_all(const void *data __rte_unused) 12172da0c0a7SAkhil Goyal { 12182da0c0a7SAkhil Goyal const struct mcs_test_vector *cur_td; 12192da0c0a7SAkhil Goyal struct mcs_test_opts opts = {0}; 12202da0c0a7SAkhil Goyal int err, all_err = 0; 12212da0c0a7SAkhil Goyal int i, size; 12222da0c0a7SAkhil Goyal 12232da0c0a7SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 12242da0c0a7SAkhil Goyal opts.protect_frames = true; 12252da0c0a7SAkhil Goyal opts.sa_in_use = 1; 12262da0c0a7SAkhil Goyal opts.nb_td = 1; 12272da0c0a7SAkhil Goyal opts.sectag_insert_mode = 1; 12282da0c0a7SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 12292da0c0a7SAkhil Goyal 12302da0c0a7SAkhil Goyal size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); 12312da0c0a7SAkhil Goyal 12322da0c0a7SAkhil Goyal for (i = 0; i < size; i++) { 12332da0c0a7SAkhil Goyal cur_td = &list_mcs_integrity_vectors[i]; 12342da0c0a7SAkhil Goyal err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts); 12352da0c0a7SAkhil Goyal if (err) { 12362da0c0a7SAkhil Goyal printf("\nAuth Generate case %d failed", cur_td->test_idx); 12372da0c0a7SAkhil Goyal err = -1; 12382da0c0a7SAkhil Goyal } else { 12392da0c0a7SAkhil Goyal printf("\nAuth Generate case %d Passed", cur_td->test_idx); 12402da0c0a7SAkhil Goyal err = 0; 12412da0c0a7SAkhil Goyal } 12422da0c0a7SAkhil Goyal all_err += err; 12432da0c0a7SAkhil Goyal } 12442da0c0a7SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 12452da0c0a7SAkhil Goyal 12462da0c0a7SAkhil Goyal return all_err; 12472da0c0a7SAkhil Goyal } 12482da0c0a7SAkhil Goyal 12492da0c0a7SAkhil Goyal static int 12502da0c0a7SAkhil Goyal test_inline_macsec_verify_only_all(const void *data __rte_unused) 12512da0c0a7SAkhil Goyal { 12522da0c0a7SAkhil Goyal const struct mcs_test_vector *cur_td; 12532da0c0a7SAkhil Goyal struct mcs_test_opts opts = {0}; 12542da0c0a7SAkhil Goyal int err, all_err = 0; 12552da0c0a7SAkhil Goyal int i, size; 12562da0c0a7SAkhil Goyal 12572da0c0a7SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 12582da0c0a7SAkhil Goyal opts.sa_in_use = 1; 12592da0c0a7SAkhil Goyal opts.nb_td = 1; 12602da0c0a7SAkhil Goyal opts.sectag_insert_mode = 1; 12612da0c0a7SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 12622da0c0a7SAkhil Goyal 12632da0c0a7SAkhil Goyal size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); 12642da0c0a7SAkhil Goyal 12652da0c0a7SAkhil Goyal for (i = 0; i < size; i++) { 12662da0c0a7SAkhil Goyal cur_td = &list_mcs_integrity_vectors[i]; 12672da0c0a7SAkhil Goyal err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); 12682da0c0a7SAkhil Goyal if (err) { 12692da0c0a7SAkhil Goyal printf("\nAuth Verify case %d failed", cur_td->test_idx); 12702da0c0a7SAkhil Goyal err = -1; 12712da0c0a7SAkhil Goyal } else { 12722da0c0a7SAkhil Goyal printf("\nAuth Verify case %d Passed", cur_td->test_idx); 12732da0c0a7SAkhil Goyal err = 0; 12742da0c0a7SAkhil Goyal } 12752da0c0a7SAkhil Goyal all_err += err; 12762da0c0a7SAkhil Goyal } 12772da0c0a7SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 12782da0c0a7SAkhil Goyal 12792da0c0a7SAkhil Goyal return all_err; 12802da0c0a7SAkhil Goyal } 12812da0c0a7SAkhil Goyal 12822da0c0a7SAkhil Goyal static int 12832da0c0a7SAkhil Goyal test_inline_macsec_encap_decap_all(const void *data __rte_unused) 12842da0c0a7SAkhil Goyal { 12852da0c0a7SAkhil Goyal const struct mcs_test_vector *cur_td; 12862da0c0a7SAkhil Goyal struct mcs_test_opts opts = {0}; 12872da0c0a7SAkhil Goyal int err, all_err = 0; 12882da0c0a7SAkhil Goyal int i, size; 12892da0c0a7SAkhil Goyal 12902da0c0a7SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 12912da0c0a7SAkhil Goyal opts.encrypt = true; 12922da0c0a7SAkhil Goyal opts.protect_frames = true; 12932da0c0a7SAkhil Goyal opts.sa_in_use = 1; 12942da0c0a7SAkhil Goyal opts.nb_td = 1; 12952da0c0a7SAkhil Goyal opts.sectag_insert_mode = 1; 12962da0c0a7SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 12972da0c0a7SAkhil Goyal 12982da0c0a7SAkhil Goyal size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); 12992da0c0a7SAkhil Goyal 13002da0c0a7SAkhil Goyal for (i = 0; i < size; i++) { 13012da0c0a7SAkhil Goyal cur_td = &list_mcs_cipher_vectors[i]; 13022da0c0a7SAkhil Goyal err = test_macsec(&cur_td, MCS_ENCAP_DECAP, &opts); 13032da0c0a7SAkhil Goyal if (err) { 13042da0c0a7SAkhil Goyal printf("\nCipher Auth Encap-decap case %d failed", cur_td->test_idx); 13052da0c0a7SAkhil Goyal err = -1; 13062da0c0a7SAkhil Goyal } else { 13072da0c0a7SAkhil Goyal printf("\nCipher Auth Encap-decap case %d Passed", cur_td->test_idx); 13082da0c0a7SAkhil Goyal err = 0; 13092da0c0a7SAkhil Goyal } 13102da0c0a7SAkhil Goyal all_err += err; 13112da0c0a7SAkhil Goyal } 13122da0c0a7SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 13132da0c0a7SAkhil Goyal 13142da0c0a7SAkhil Goyal return all_err; 13152da0c0a7SAkhil Goyal } 13162da0c0a7SAkhil Goyal 13172da0c0a7SAkhil Goyal 13182da0c0a7SAkhil Goyal static int 13192da0c0a7SAkhil Goyal test_inline_macsec_auth_verify_all(const void *data __rte_unused) 13202da0c0a7SAkhil Goyal { 13212da0c0a7SAkhil Goyal const struct mcs_test_vector *cur_td; 13222da0c0a7SAkhil Goyal struct mcs_test_opts opts = {0}; 13232da0c0a7SAkhil Goyal int err, all_err = 0; 13242da0c0a7SAkhil Goyal int i, size; 13252da0c0a7SAkhil Goyal 13262da0c0a7SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 13272da0c0a7SAkhil Goyal opts.protect_frames = true; 13282da0c0a7SAkhil Goyal opts.sa_in_use = 1; 13292da0c0a7SAkhil Goyal opts.nb_td = 1; 13302da0c0a7SAkhil Goyal opts.sectag_insert_mode = 1; 13312da0c0a7SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 13322da0c0a7SAkhil Goyal 13332da0c0a7SAkhil Goyal size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); 13342da0c0a7SAkhil Goyal 13352da0c0a7SAkhil Goyal for (i = 0; i < size; i++) { 13362da0c0a7SAkhil Goyal cur_td = &list_mcs_integrity_vectors[i]; 13372da0c0a7SAkhil Goyal err = test_macsec(&cur_td, MCS_AUTH_VERIFY, &opts); 13382da0c0a7SAkhil Goyal if (err) { 13392da0c0a7SAkhil Goyal printf("\nAuth Generate + Verify case %d failed", cur_td->test_idx); 13402da0c0a7SAkhil Goyal err = -1; 13412da0c0a7SAkhil Goyal } else { 13422da0c0a7SAkhil Goyal printf("\nAuth Generate + Verify case %d Passed", cur_td->test_idx); 13432da0c0a7SAkhil Goyal err = 0; 13442da0c0a7SAkhil Goyal } 13452da0c0a7SAkhil Goyal all_err += err; 13462da0c0a7SAkhil Goyal } 13472da0c0a7SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 13482da0c0a7SAkhil Goyal 13492da0c0a7SAkhil Goyal return all_err; 13502da0c0a7SAkhil Goyal } 13512da0c0a7SAkhil Goyal 13522da0c0a7SAkhil Goyal static int 1353e3d83ea4SAkhil Goyal test_inline_macsec_multi_flow(const void *data __rte_unused) 1354e3d83ea4SAkhil Goyal { 1355e3d83ea4SAkhil Goyal const struct mcs_test_vector *tv[MCS_MAX_FLOWS]; 1356e3d83ea4SAkhil Goyal struct mcs_test_vector iter[MCS_MAX_FLOWS]; 1357e3d83ea4SAkhil Goyal struct mcs_test_opts opts = {0}; 1358e3d83ea4SAkhil Goyal int i, err; 1359e3d83ea4SAkhil Goyal 1360e3d83ea4SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1361e3d83ea4SAkhil Goyal opts.encrypt = true; 1362e3d83ea4SAkhil Goyal opts.protect_frames = true; 1363e3d83ea4SAkhil Goyal opts.sa_in_use = 1; 1364e3d83ea4SAkhil Goyal opts.nb_td = MCS_MAX_FLOWS; 1365e3d83ea4SAkhil Goyal opts.sectag_insert_mode = 1; 1366e3d83ea4SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1367e3d83ea4SAkhil Goyal 1368e3d83ea4SAkhil Goyal for (i = 0; i < MCS_MAX_FLOWS; i++) { 1369e3d83ea4SAkhil Goyal memcpy(&iter[i].sa_key.data, sa_key, MCS_MULTI_FLOW_TD_KEY_SZ); 1370e3d83ea4SAkhil Goyal memcpy(&iter[i].plain_pkt.data, eth_addrs[i], 2 * RTE_ETHER_ADDR_LEN); 1371e3d83ea4SAkhil Goyal memcpy(&iter[i].plain_pkt.data[2 * RTE_ETHER_ADDR_LEN], plain_user_data, 1372e3d83ea4SAkhil Goyal MCS_MULTI_FLOW_TD_PLAIN_DATA_SZ); 1373e3d83ea4SAkhil Goyal memcpy(&iter[i].secure_pkt.data, eth_addrs[i], 2 * RTE_ETHER_ADDR_LEN); 1374e3d83ea4SAkhil Goyal memcpy(&iter[i].secure_pkt.data[2 * RTE_ETHER_ADDR_LEN], secure_user_data, 1375e3d83ea4SAkhil Goyal MCS_MULTI_FLOW_TD_SECURE_DATA_SZ); 1376e3d83ea4SAkhil Goyal iter[i].sa_key.len = MCS_MULTI_FLOW_TD_KEY_SZ; 1377e3d83ea4SAkhil Goyal iter[i].plain_pkt.len = MCS_MULTI_FLOW_TD_PLAIN_DATA_SZ + 1378e3d83ea4SAkhil Goyal (2 * RTE_ETHER_ADDR_LEN); 1379e3d83ea4SAkhil Goyal iter[i].secure_pkt.len = MCS_MULTI_FLOW_TD_SECURE_DATA_SZ + 1380e3d83ea4SAkhil Goyal (2 * RTE_ETHER_ADDR_LEN); 1381e3d83ea4SAkhil Goyal iter[i].alg = RTE_SECURITY_MACSEC_ALG_GCM_128; 1382e3d83ea4SAkhil Goyal iter[i].ssci = 0x0; 1383e3d83ea4SAkhil Goyal iter[i].xpn = 0x0; 1384e3d83ea4SAkhil Goyal tv[i] = (const struct mcs_test_vector *)&iter[i]; 1385e3d83ea4SAkhil Goyal } 1386e3d83ea4SAkhil Goyal err = test_macsec(tv, MCS_ENCAP_DECAP, &opts); 1387e3d83ea4SAkhil Goyal if (err) { 1388e3d83ea4SAkhil Goyal printf("\nCipher Auth Encryption multi flow failed"); 1389e3d83ea4SAkhil Goyal err = -1; 1390e3d83ea4SAkhil Goyal } else { 1391e3d83ea4SAkhil Goyal printf("\nCipher Auth Encryption multi flow Passed"); 1392e3d83ea4SAkhil Goyal err = 0; 1393e3d83ea4SAkhil Goyal } 1394e3d83ea4SAkhil Goyal return err; 1395e3d83ea4SAkhil Goyal } 1396e3d83ea4SAkhil Goyal 1397e3d83ea4SAkhil Goyal static int 1398e67246cbSAkhil Goyal test_inline_macsec_with_vlan(const void *data __rte_unused) 1399e67246cbSAkhil Goyal { 1400e67246cbSAkhil Goyal const struct mcs_test_vector *cur_td; 1401e67246cbSAkhil Goyal struct mcs_test_opts opts = {0}; 1402e67246cbSAkhil Goyal int err, all_err = 0; 1403e67246cbSAkhil Goyal int i, size; 1404e67246cbSAkhil Goyal 1405e67246cbSAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1406e67246cbSAkhil Goyal opts.protect_frames = true; 1407e67246cbSAkhil Goyal opts.sa_in_use = 1; 1408e67246cbSAkhil Goyal opts.nb_td = 1; 1409e67246cbSAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1410e67246cbSAkhil Goyal 1411e67246cbSAkhil Goyal size = (sizeof(list_mcs_vlan_vectors) / sizeof((list_mcs_vlan_vectors)[0])); 1412e67246cbSAkhil Goyal 1413e67246cbSAkhil Goyal for (i = 0; i < size; i++) { 1414e67246cbSAkhil Goyal cur_td = &list_mcs_vlan_vectors[i]; 1415e67246cbSAkhil Goyal if (i == 0) { 1416e67246cbSAkhil Goyal opts.sectag_insert_mode = 1; 1417e67246cbSAkhil Goyal } else if (i == 1) { 1418e67246cbSAkhil Goyal opts.sectag_insert_mode = 0; /* offset from special E-type */ 1419e67246cbSAkhil Goyal opts.nb_vlan = 1; 1420e67246cbSAkhil Goyal } else if (i == 2) { 1421e67246cbSAkhil Goyal opts.sectag_insert_mode = 0; /* offset from special E-type */ 1422e67246cbSAkhil Goyal opts.nb_vlan = 2; 1423e67246cbSAkhil Goyal } 1424e67246cbSAkhil Goyal err = test_macsec(&cur_td, MCS_ENCAP, &opts); 1425e67246cbSAkhil Goyal if (err) { 1426e67246cbSAkhil Goyal printf("\n VLAN Encap case %d failed", cur_td->test_idx); 1427e67246cbSAkhil Goyal err = -1; 1428e67246cbSAkhil Goyal } else { 1429e67246cbSAkhil Goyal printf("\n VLAN Encap case %d passed", cur_td->test_idx); 1430e67246cbSAkhil Goyal err = 0; 1431e67246cbSAkhil Goyal } 1432e67246cbSAkhil Goyal all_err += err; 1433e67246cbSAkhil Goyal } 1434e67246cbSAkhil Goyal for (i = 0; i < size; i++) { 1435e67246cbSAkhil Goyal cur_td = &list_mcs_vlan_vectors[i]; 1436e67246cbSAkhil Goyal if (i == 0) { 1437e67246cbSAkhil Goyal opts.sectag_insert_mode = 1; 1438e67246cbSAkhil Goyal } else if (i == 1) { 1439e67246cbSAkhil Goyal opts.sectag_insert_mode = 0; /* offset from special E-type */ 1440e67246cbSAkhil Goyal opts.nb_vlan = 1; 1441e67246cbSAkhil Goyal } else if (i == 2) { 1442e67246cbSAkhil Goyal opts.sectag_insert_mode = 0; /* offset from special E-type */ 1443e67246cbSAkhil Goyal opts.nb_vlan = 2; 1444e67246cbSAkhil Goyal } 1445e67246cbSAkhil Goyal err = test_macsec(&cur_td, MCS_DECAP, &opts); 1446e67246cbSAkhil Goyal if (err) { 1447e67246cbSAkhil Goyal printf("\n VLAN Decap case %d failed", cur_td->test_idx); 1448e67246cbSAkhil Goyal err = -1; 1449e67246cbSAkhil Goyal } else { 1450e67246cbSAkhil Goyal printf("\n VLAN Decap case %d passed", cur_td->test_idx); 1451e67246cbSAkhil Goyal err = 0; 1452e67246cbSAkhil Goyal } 1453e67246cbSAkhil Goyal all_err += err; 1454e67246cbSAkhil Goyal } 1455e67246cbSAkhil Goyal 1456e67246cbSAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, (2 * size) + all_err, -all_err); 1457e67246cbSAkhil Goyal return all_err; 1458e67246cbSAkhil Goyal } 1459e67246cbSAkhil Goyal 1460e67246cbSAkhil Goyal static int 14617c3b1decSAkhil Goyal test_inline_macsec_pkt_drop(const void *data __rte_unused) 14627c3b1decSAkhil Goyal { 14637c3b1decSAkhil Goyal const struct mcs_test_vector *cur_td; 14647c3b1decSAkhil Goyal struct mcs_test_opts opts = {0}; 14657c3b1decSAkhil Goyal int err, all_err = 0; 14667c3b1decSAkhil Goyal int i, size; 14677c3b1decSAkhil Goyal 14687c3b1decSAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 14697c3b1decSAkhil Goyal opts.encrypt = true; 14707c3b1decSAkhil Goyal opts.protect_frames = true; 14717c3b1decSAkhil Goyal opts.sa_in_use = 1; 14727c3b1decSAkhil Goyal opts.nb_td = 1; 14737c3b1decSAkhil Goyal opts.sectag_insert_mode = 1; 14747c3b1decSAkhil Goyal opts.mtu = RTE_ETHER_MTU; 14757c3b1decSAkhil Goyal 14767c3b1decSAkhil Goyal size = (sizeof(list_mcs_err_cipher_vectors) / sizeof((list_mcs_err_cipher_vectors)[0])); 14777c3b1decSAkhil Goyal 14787c3b1decSAkhil Goyal for (i = 0; i < size; i++) { 14797c3b1decSAkhil Goyal cur_td = &list_mcs_err_cipher_vectors[i]; 14807c3b1decSAkhil Goyal err = test_macsec(&cur_td, MCS_DECAP, &opts); 14817c3b1decSAkhil Goyal if (err) { 14827c3b1decSAkhil Goyal printf("\nPacket drop case %d passed", cur_td->test_idx); 14837c3b1decSAkhil Goyal err = 0; 14847c3b1decSAkhil Goyal } else { 14857c3b1decSAkhil Goyal printf("\nPacket drop case %d failed", cur_td->test_idx); 14867c3b1decSAkhil Goyal err = -1; 14877c3b1decSAkhil Goyal } 14887c3b1decSAkhil Goyal all_err += err; 14897c3b1decSAkhil Goyal } 14907c3b1decSAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 14917c3b1decSAkhil Goyal 14927c3b1decSAkhil Goyal return all_err; 14937c3b1decSAkhil Goyal } 14947c3b1decSAkhil Goyal 14957c3b1decSAkhil Goyal static int 14967c3b1decSAkhil Goyal test_inline_macsec_untagged_rx(const void *data __rte_unused) 14977c3b1decSAkhil Goyal { 14987c3b1decSAkhil Goyal const struct mcs_test_vector *cur_td; 14997c3b1decSAkhil Goyal struct mcs_test_opts opts = {0}; 15007c3b1decSAkhil Goyal int err, all_err = 0; 15017c3b1decSAkhil Goyal int i, size; 15027c3b1decSAkhil Goyal 15037c3b1decSAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 15047c3b1decSAkhil Goyal opts.sa_in_use = 1; 15057c3b1decSAkhil Goyal opts.nb_td = 1; 15067c3b1decSAkhil Goyal opts.sectag_insert_mode = 1; 15077c3b1decSAkhil Goyal opts.mtu = RTE_ETHER_MTU; 15087c3b1decSAkhil Goyal opts.check_untagged_rx = 1; 15097c3b1decSAkhil Goyal 15107c3b1decSAkhil Goyal size = (sizeof(list_mcs_untagged_cipher_vectors) / 15117c3b1decSAkhil Goyal sizeof((list_mcs_untagged_cipher_vectors)[0])); 15127c3b1decSAkhil Goyal 15137c3b1decSAkhil Goyal for (i = 0; i < size; i++) { 15147c3b1decSAkhil Goyal cur_td = &list_mcs_untagged_cipher_vectors[i]; 15157c3b1decSAkhil Goyal err = test_macsec(&cur_td, MCS_DECAP, &opts); 15167c3b1decSAkhil Goyal if (err) 15177c3b1decSAkhil Goyal err = 0; 15187c3b1decSAkhil Goyal else 15197c3b1decSAkhil Goyal err = -1; 15207c3b1decSAkhil Goyal 15217c3b1decSAkhil Goyal all_err += err; 15227c3b1decSAkhil Goyal } 15237c3b1decSAkhil Goyal 15247c3b1decSAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD; 15257c3b1decSAkhil Goyal for (i = 0; i < size; i++) { 15267c3b1decSAkhil Goyal cur_td = &list_mcs_untagged_cipher_vectors[i]; 15277c3b1decSAkhil Goyal err = test_macsec(&cur_td, MCS_DECAP, &opts); 15287c3b1decSAkhil Goyal if (err) 15297c3b1decSAkhil Goyal err = 0; 15307c3b1decSAkhil Goyal else 15317c3b1decSAkhil Goyal err = -1; 15327c3b1decSAkhil Goyal 15337c3b1decSAkhil Goyal all_err += err; 15347c3b1decSAkhil Goyal } 15357c3b1decSAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 15367c3b1decSAkhil Goyal 15377c3b1decSAkhil Goyal return all_err; 15387c3b1decSAkhil Goyal } 15397c3b1decSAkhil Goyal 15407c3b1decSAkhil Goyal static int 15417c3b1decSAkhil Goyal test_inline_macsec_bad_tag_rx(const void *data __rte_unused) 15427c3b1decSAkhil Goyal { 15437c3b1decSAkhil Goyal const struct mcs_test_vector *cur_td; 15447c3b1decSAkhil Goyal struct mcs_test_opts opts = {0}; 15457c3b1decSAkhil Goyal int err, all_err = 0; 15467c3b1decSAkhil Goyal int i, size; 15477c3b1decSAkhil Goyal 15487c3b1decSAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 15497c3b1decSAkhil Goyal opts.protect_frames = true; 15507c3b1decSAkhil Goyal opts.sa_in_use = 1; 15517c3b1decSAkhil Goyal opts.nb_td = 1; 15527c3b1decSAkhil Goyal opts.sectag_insert_mode = 1; 15537c3b1decSAkhil Goyal opts.mtu = RTE_ETHER_MTU; 15547c3b1decSAkhil Goyal opts.check_bad_tag_cnt = 1; 15557c3b1decSAkhil Goyal 15567c3b1decSAkhil Goyal size = (sizeof(list_mcs_bad_tag_vectors) / sizeof((list_mcs_bad_tag_vectors)[0])); 15577c3b1decSAkhil Goyal 15587c3b1decSAkhil Goyal for (i = 0; i < size; i++) { 15597c3b1decSAkhil Goyal cur_td = &list_mcs_bad_tag_vectors[i]; 15607c3b1decSAkhil Goyal err = test_macsec(&cur_td, MCS_DECAP, &opts); 15617c3b1decSAkhil Goyal if (err) 15627c3b1decSAkhil Goyal err = -1; 15637c3b1decSAkhil Goyal else 15647c3b1decSAkhil Goyal err = 0; 15657c3b1decSAkhil Goyal 15667c3b1decSAkhil Goyal all_err += err; 15677c3b1decSAkhil Goyal } 15687c3b1decSAkhil Goyal 15697c3b1decSAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 15707c3b1decSAkhil Goyal 15717c3b1decSAkhil Goyal return all_err; 15727c3b1decSAkhil Goyal } 15737c3b1decSAkhil Goyal 15747c3b1decSAkhil Goyal static int 15757c3b1decSAkhil Goyal test_inline_macsec_sa_not_in_use(const void *data __rte_unused) 15767c3b1decSAkhil Goyal { 15777c3b1decSAkhil Goyal const struct mcs_test_vector *cur_td; 15787c3b1decSAkhil Goyal struct mcs_test_opts opts = {0}; 15797c3b1decSAkhil Goyal int err, all_err = 0; 15807c3b1decSAkhil Goyal int i, size; 15817c3b1decSAkhil Goyal 15827c3b1decSAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 15837c3b1decSAkhil Goyal opts.protect_frames = true; 15847c3b1decSAkhil Goyal opts.sa_in_use = 0; 15857c3b1decSAkhil Goyal opts.nb_td = 1; 15867c3b1decSAkhil Goyal opts.sectag_insert_mode = 1; 15877c3b1decSAkhil Goyal opts.mtu = RTE_ETHER_MTU; 15887c3b1decSAkhil Goyal opts.check_sa_not_in_use = 1; 15897c3b1decSAkhil Goyal 15907c3b1decSAkhil Goyal size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); 15917c3b1decSAkhil Goyal 15927c3b1decSAkhil Goyal for (i = 0; i < size; i++) { 15937c3b1decSAkhil Goyal cur_td = &list_mcs_cipher_vectors[i]; 15947c3b1decSAkhil Goyal err = test_macsec(&cur_td, MCS_DECAP, &opts); 15957c3b1decSAkhil Goyal if (err) 15967c3b1decSAkhil Goyal err = -1; 15977c3b1decSAkhil Goyal else 15987c3b1decSAkhil Goyal err = 0; 15997c3b1decSAkhil Goyal 16007c3b1decSAkhil Goyal all_err += err; 16017c3b1decSAkhil Goyal } 16027c3b1decSAkhil Goyal 16037c3b1decSAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 16047c3b1decSAkhil Goyal 16057c3b1decSAkhil Goyal return all_err; 16067c3b1decSAkhil Goyal } 16077c3b1decSAkhil Goyal 16087c3b1decSAkhil Goyal static int 1609164757d6SAkhil Goyal test_inline_macsec_decap_stats(const void *data __rte_unused) 1610164757d6SAkhil Goyal { 1611164757d6SAkhil Goyal const struct mcs_test_vector *cur_td; 1612164757d6SAkhil Goyal struct mcs_test_opts opts = {0}; 1613164757d6SAkhil Goyal int err, all_err = 0; 1614164757d6SAkhil Goyal int i, size; 1615164757d6SAkhil Goyal 1616164757d6SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1617164757d6SAkhil Goyal opts.protect_frames = true; 1618164757d6SAkhil Goyal opts.sa_in_use = 1; 1619164757d6SAkhil Goyal opts.nb_td = 1; 1620164757d6SAkhil Goyal opts.sectag_insert_mode = 1; 1621164757d6SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1622164757d6SAkhil Goyal opts.check_decap_stats = 1; 1623164757d6SAkhil Goyal 1624164757d6SAkhil Goyal size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); 1625164757d6SAkhil Goyal 1626164757d6SAkhil Goyal for (i = 0; i < size; i++) { 1627164757d6SAkhil Goyal cur_td = &list_mcs_cipher_vectors[i]; 1628164757d6SAkhil Goyal err = test_macsec(&cur_td, MCS_DECAP, &opts); 1629164757d6SAkhil Goyal if (err) { 1630164757d6SAkhil Goyal printf("\nDecap stats case %d failed", cur_td->test_idx); 1631164757d6SAkhil Goyal err = -1; 1632164757d6SAkhil Goyal } else { 1633164757d6SAkhil Goyal printf("\nDecap stats case %d passed", cur_td->test_idx); 1634164757d6SAkhil Goyal err = 0; 1635164757d6SAkhil Goyal } 1636164757d6SAkhil Goyal all_err += err; 1637164757d6SAkhil Goyal } 1638164757d6SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1639164757d6SAkhil Goyal 1640164757d6SAkhil Goyal return all_err; 1641164757d6SAkhil Goyal } 1642164757d6SAkhil Goyal 1643164757d6SAkhil Goyal static int 1644164757d6SAkhil Goyal test_inline_macsec_verify_only_stats(const void *data __rte_unused) 1645164757d6SAkhil Goyal { 1646164757d6SAkhil Goyal const struct mcs_test_vector *cur_td; 1647164757d6SAkhil Goyal struct mcs_test_opts opts = {0}; 1648164757d6SAkhil Goyal int err, all_err = 0; 1649164757d6SAkhil Goyal int i, size; 1650164757d6SAkhil Goyal 1651164757d6SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1652164757d6SAkhil Goyal opts.protect_frames = true; 1653164757d6SAkhil Goyal opts.sa_in_use = 1; 1654164757d6SAkhil Goyal opts.nb_td = 1; 1655164757d6SAkhil Goyal opts.sectag_insert_mode = 1; 1656164757d6SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1657164757d6SAkhil Goyal opts.check_verify_only_stats = 1; 1658164757d6SAkhil Goyal 1659164757d6SAkhil Goyal size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); 1660164757d6SAkhil Goyal 1661164757d6SAkhil Goyal for (i = 0; i < size; i++) { 1662164757d6SAkhil Goyal cur_td = &list_mcs_integrity_vectors[i]; 1663164757d6SAkhil Goyal err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); 1664164757d6SAkhil Goyal if (err) { 1665164757d6SAkhil Goyal printf("\nVerify only stats case %d failed", cur_td->test_idx); 1666164757d6SAkhil Goyal err = -1; 1667164757d6SAkhil Goyal } else { 1668164757d6SAkhil Goyal printf("\nVerify only stats case %d Passed", cur_td->test_idx); 1669164757d6SAkhil Goyal err = 0; 1670164757d6SAkhil Goyal } 1671164757d6SAkhil Goyal all_err += err; 1672164757d6SAkhil Goyal } 1673164757d6SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1674164757d6SAkhil Goyal 1675164757d6SAkhil Goyal return all_err; 1676164757d6SAkhil Goyal } 1677164757d6SAkhil Goyal 1678164757d6SAkhil Goyal static int 1679164757d6SAkhil Goyal test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused) 1680164757d6SAkhil Goyal { 1681164757d6SAkhil Goyal const struct mcs_test_vector *cur_td; 1682164757d6SAkhil Goyal struct mcs_test_opts opts = {0}; 1683164757d6SAkhil Goyal int err, all_err = 0; 1684164757d6SAkhil Goyal int i, size; 1685164757d6SAkhil Goyal 1686164757d6SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1687164757d6SAkhil Goyal opts.protect_frames = true; 1688164757d6SAkhil Goyal opts.sa_in_use = 1; 1689164757d6SAkhil Goyal opts.nb_td = 1; 1690164757d6SAkhil Goyal opts.sectag_insert_mode = 1; 1691164757d6SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1692164757d6SAkhil Goyal 1693164757d6SAkhil Goyal size = (sizeof(list_mcs_err_cipher_vectors) / sizeof((list_mcs_err_cipher_vectors)[0])); 1694164757d6SAkhil Goyal 1695164757d6SAkhil Goyal for (i = 0; i < size; i++) { 1696164757d6SAkhil Goyal cur_td = &list_mcs_err_cipher_vectors[i]; 1697164757d6SAkhil Goyal err = test_macsec(&cur_td, MCS_DECAP, &opts); 1698164757d6SAkhil Goyal if (err) 1699164757d6SAkhil Goyal err = 0; 1700164757d6SAkhil Goyal else 1701164757d6SAkhil Goyal err = -1; 1702164757d6SAkhil Goyal 1703164757d6SAkhil Goyal all_err += err; 1704164757d6SAkhil Goyal } 1705164757d6SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1706164757d6SAkhil Goyal return all_err; 1707164757d6SAkhil Goyal } 1708164757d6SAkhil Goyal 1709164757d6SAkhil Goyal static int 1710164757d6SAkhil Goyal test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused) 1711164757d6SAkhil Goyal { 1712164757d6SAkhil Goyal const struct mcs_test_vector *cur_td; 1713164757d6SAkhil Goyal struct mcs_test_opts opts = {0}; 1714164757d6SAkhil Goyal int err, all_err = 0; 1715164757d6SAkhil Goyal int i, size; 1716164757d6SAkhil Goyal 1717164757d6SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE; 1718164757d6SAkhil Goyal opts.protect_frames = true; 1719164757d6SAkhil Goyal opts.sa_in_use = 1; 1720164757d6SAkhil Goyal opts.nb_td = 1; 1721164757d6SAkhil Goyal opts.sectag_insert_mode = 1; 1722164757d6SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1723164757d6SAkhil Goyal opts.check_pkts_unchecked_stats = 1; 1724164757d6SAkhil Goyal 1725164757d6SAkhil Goyal size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); 1726164757d6SAkhil Goyal 1727164757d6SAkhil Goyal for (i = 0; i < size; i++) { 1728164757d6SAkhil Goyal cur_td = &list_mcs_integrity_vectors[i]; 1729164757d6SAkhil Goyal err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); 1730164757d6SAkhil Goyal if (err) 1731164757d6SAkhil Goyal err = -1; 1732164757d6SAkhil Goyal else 1733164757d6SAkhil Goyal err = 0; 1734164757d6SAkhil Goyal 1735164757d6SAkhil Goyal all_err += err; 1736164757d6SAkhil Goyal } 1737164757d6SAkhil Goyal 1738164757d6SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1739164757d6SAkhil Goyal return all_err; 1740164757d6SAkhil Goyal } 1741164757d6SAkhil Goyal 1742164757d6SAkhil Goyal static int 17437c3b1decSAkhil Goyal test_inline_macsec_out_pkts_untagged(const void *data __rte_unused) 17447c3b1decSAkhil Goyal { 17457c3b1decSAkhil Goyal const struct mcs_test_vector *cur_td; 17467c3b1decSAkhil Goyal struct mcs_test_opts opts = {0}; 17477c3b1decSAkhil Goyal int err, all_err = 0; 17487c3b1decSAkhil Goyal int i, size; 17497c3b1decSAkhil Goyal 17507c3b1decSAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 17517c3b1decSAkhil Goyal opts.encrypt = false; 17527c3b1decSAkhil Goyal opts.protect_frames = false; 17537c3b1decSAkhil Goyal opts.sa_in_use = 1; 17547c3b1decSAkhil Goyal opts.nb_td = 1; 17557c3b1decSAkhil Goyal opts.sectag_insert_mode = 1; 17567c3b1decSAkhil Goyal opts.mtu = RTE_ETHER_MTU; 17577c3b1decSAkhil Goyal opts.check_out_pkts_untagged = 1; 17587c3b1decSAkhil Goyal 17597c3b1decSAkhil Goyal size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); 17607c3b1decSAkhil Goyal for (i = 0; i < size; i++) { 17617c3b1decSAkhil Goyal cur_td = &list_mcs_cipher_vectors[i]; 17627c3b1decSAkhil Goyal err = test_macsec(&cur_td, MCS_ENCAP, &opts); 17637c3b1decSAkhil Goyal if (err) 17647c3b1decSAkhil Goyal err = -1; 17657c3b1decSAkhil Goyal else 17667c3b1decSAkhil Goyal err = 0; 17677c3b1decSAkhil Goyal 17687c3b1decSAkhil Goyal all_err += err; 17697c3b1decSAkhil Goyal } 17707c3b1decSAkhil Goyal 17717c3b1decSAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 17727c3b1decSAkhil Goyal return all_err; 17737c3b1decSAkhil Goyal } 17747c3b1decSAkhil Goyal 17757c3b1decSAkhil Goyal static int 17767c3b1decSAkhil Goyal test_inline_macsec_out_pkts_toolong(const void *data __rte_unused) 17777c3b1decSAkhil Goyal { 17787c3b1decSAkhil Goyal const struct mcs_test_vector *cur_td; 17797c3b1decSAkhil Goyal struct mcs_test_opts opts = {0}; 17807c3b1decSAkhil Goyal int err, all_err = 0; 17817c3b1decSAkhil Goyal int i, size; 17827c3b1decSAkhil Goyal 17837c3b1decSAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD; 17847c3b1decSAkhil Goyal opts.encrypt = true; 17857c3b1decSAkhil Goyal opts.protect_frames = true; 17867c3b1decSAkhil Goyal opts.sa_in_use = 1; 17877c3b1decSAkhil Goyal opts.nb_td = 1; 17887c3b1decSAkhil Goyal opts.sectag_insert_mode = 1; 17897c3b1decSAkhil Goyal opts.mtu = 50; 17907c3b1decSAkhil Goyal opts.check_out_pkts_toolong = 1; 17917c3b1decSAkhil Goyal 17927c3b1decSAkhil Goyal size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); 17937c3b1decSAkhil Goyal for (i = 0; i < size; i++) { 17947c3b1decSAkhil Goyal cur_td = &list_mcs_cipher_vectors[i]; 17957c3b1decSAkhil Goyal err = test_macsec(&cur_td, MCS_ENCAP, &opts); 17967c3b1decSAkhil Goyal if (err) 17977c3b1decSAkhil Goyal err = -1; 17987c3b1decSAkhil Goyal else 17997c3b1decSAkhil Goyal err = 0; 18007c3b1decSAkhil Goyal 18017c3b1decSAkhil Goyal all_err += err; 18027c3b1decSAkhil Goyal } 18037c3b1decSAkhil Goyal 18047c3b1decSAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 18057c3b1decSAkhil Goyal return all_err; 18067c3b1decSAkhil Goyal } 18077c3b1decSAkhil Goyal 18087c3b1decSAkhil Goyal static int 1809164757d6SAkhil Goyal test_inline_macsec_encap_stats(const void *data __rte_unused) 1810164757d6SAkhil Goyal { 1811164757d6SAkhil Goyal const struct mcs_test_vector *cur_td; 1812164757d6SAkhil Goyal struct mcs_test_opts opts = {0}; 1813164757d6SAkhil Goyal int err, all_err = 0; 1814164757d6SAkhil Goyal int i, size; 1815164757d6SAkhil Goyal 1816164757d6SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1817164757d6SAkhil Goyal opts.encrypt = true; 1818164757d6SAkhil Goyal opts.protect_frames = true; 1819164757d6SAkhil Goyal opts.sa_in_use = 1; 1820164757d6SAkhil Goyal opts.nb_td = 1; 1821164757d6SAkhil Goyal opts.sectag_insert_mode = 1; 1822164757d6SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1823164757d6SAkhil Goyal opts.check_encap_stats = 1; 1824164757d6SAkhil Goyal 1825164757d6SAkhil Goyal size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); 1826164757d6SAkhil Goyal for (i = 0; i < size; i++) { 1827164757d6SAkhil Goyal cur_td = &list_mcs_cipher_vectors[i]; 1828164757d6SAkhil Goyal err = test_macsec(&cur_td, MCS_ENCAP, &opts); 1829164757d6SAkhil Goyal if (err) 1830164757d6SAkhil Goyal err = -1; 1831164757d6SAkhil Goyal else 1832164757d6SAkhil Goyal err = 0; 1833164757d6SAkhil Goyal all_err += err; 1834164757d6SAkhil Goyal } 1835164757d6SAkhil Goyal 1836164757d6SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1837164757d6SAkhil Goyal return all_err; 1838164757d6SAkhil Goyal } 1839164757d6SAkhil Goyal 1840164757d6SAkhil Goyal static int 1841164757d6SAkhil Goyal test_inline_macsec_auth_only_stats(const void *data __rte_unused) 1842164757d6SAkhil Goyal { 1843164757d6SAkhil Goyal const struct mcs_test_vector *cur_td; 1844164757d6SAkhil Goyal struct mcs_test_opts opts = {0}; 1845164757d6SAkhil Goyal int err, all_err = 0; 1846164757d6SAkhil Goyal int i, size; 1847164757d6SAkhil Goyal 1848164757d6SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1849164757d6SAkhil Goyal opts.protect_frames = true; 1850164757d6SAkhil Goyal opts.sa_in_use = 1; 1851164757d6SAkhil Goyal opts.nb_td = 1; 1852164757d6SAkhil Goyal opts.sectag_insert_mode = 1; 1853164757d6SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1854164757d6SAkhil Goyal opts.check_auth_only_stats = 1; 1855164757d6SAkhil Goyal 1856164757d6SAkhil Goyal size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); 1857164757d6SAkhil Goyal 1858164757d6SAkhil Goyal for (i = 0; i < size; i++) { 1859164757d6SAkhil Goyal cur_td = &list_mcs_integrity_vectors[i]; 1860164757d6SAkhil Goyal err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts); 1861164757d6SAkhil Goyal if (err) 1862164757d6SAkhil Goyal err = -1; 1863164757d6SAkhil Goyal else 1864164757d6SAkhil Goyal err = 0; 1865164757d6SAkhil Goyal all_err += err; 1866164757d6SAkhil Goyal } 1867164757d6SAkhil Goyal 1868164757d6SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1869164757d6SAkhil Goyal return all_err; 1870164757d6SAkhil Goyal } 1871164757d6SAkhil Goyal 1872164757d6SAkhil Goyal static int 1873339b9354SAnkur Dwivedi test_inline_macsec_interrupts_all(const void *data __rte_unused) 1874339b9354SAnkur Dwivedi { 1875339b9354SAnkur Dwivedi struct mcs_err_vector err_vector = {0}; 1876339b9354SAnkur Dwivedi const struct mcs_test_vector *cur_td; 1877339b9354SAnkur Dwivedi struct mcs_test_opts opts = {0}; 1878339b9354SAnkur Dwivedi int i, size; 1879339b9354SAnkur Dwivedi int err, all_err = 0; 1880339b9354SAnkur Dwivedi enum rte_eth_event_macsec_subtype subtype[] = { 1881339b9354SAnkur Dwivedi RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_V_EQ1, 1882339b9354SAnkur Dwivedi RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_E_EQ0_C_EQ1, 1883339b9354SAnkur Dwivedi RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SL_GTE48, 1884339b9354SAnkur Dwivedi RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_ES_EQ1_SC_EQ1, 1885339b9354SAnkur Dwivedi RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SC_EQ1_SCB_EQ1, 1886339b9354SAnkur Dwivedi }; 1887339b9354SAnkur Dwivedi 1888339b9354SAnkur Dwivedi opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1889339b9354SAnkur Dwivedi opts.protect_frames = true; 1890339b9354SAnkur Dwivedi opts.sa_in_use = 1; 1891339b9354SAnkur Dwivedi opts.nb_td = 1; 1892339b9354SAnkur Dwivedi opts.sectag_insert_mode = 1; 1893339b9354SAnkur Dwivedi opts.mtu = RTE_ETHER_MTU; 1894339b9354SAnkur Dwivedi opts.check_sectag_interrupts = 1; 1895339b9354SAnkur Dwivedi 1896339b9354SAnkur Dwivedi err_vector.event = RTE_ETH_EVENT_MACSEC_UNKNOWN; 1897339b9354SAnkur Dwivedi err_vector.event_subtype = RTE_ETH_SUBEVENT_MACSEC_UNKNOWN; 1898339b9354SAnkur Dwivedi rte_eth_dev_callback_register(port_id, RTE_ETH_EVENT_MACSEC, 1899339b9354SAnkur Dwivedi test_macsec_event_callback, &err_vector); 1900339b9354SAnkur Dwivedi 1901339b9354SAnkur Dwivedi size = (sizeof(list_mcs_intr_test_vectors) / sizeof((list_mcs_intr_test_vectors)[0])); 1902339b9354SAnkur Dwivedi 1903339b9354SAnkur Dwivedi for (i = 0; i < size; i++) { 1904339b9354SAnkur Dwivedi cur_td = &list_mcs_intr_test_vectors[i]; 1905339b9354SAnkur Dwivedi err = test_macsec(&cur_td, MCS_DECAP, &opts); 1906339b9354SAnkur Dwivedi if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) && 1907339b9354SAnkur Dwivedi (err_vector.event_subtype == subtype[i])) { 1908339b9354SAnkur Dwivedi printf("\nSectag val err interrupt test case %d passed", 1909339b9354SAnkur Dwivedi cur_td->test_idx); 1910339b9354SAnkur Dwivedi err = 0; 1911339b9354SAnkur Dwivedi } else { 1912339b9354SAnkur Dwivedi printf("\nSectag val err interrupt test case %d failed", 1913339b9354SAnkur Dwivedi cur_td->test_idx); 1914339b9354SAnkur Dwivedi err = -1; 1915339b9354SAnkur Dwivedi } 1916339b9354SAnkur Dwivedi all_err += err; 1917339b9354SAnkur Dwivedi } 1918339b9354SAnkur Dwivedi rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_MACSEC, 1919339b9354SAnkur Dwivedi test_macsec_event_callback, &err_vector); 1920339b9354SAnkur Dwivedi 1921339b9354SAnkur Dwivedi printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1922339b9354SAnkur Dwivedi return all_err; 1923339b9354SAnkur Dwivedi } 1924339b9354SAnkur Dwivedi 1925339b9354SAnkur Dwivedi static int 1926ad344741SAkhil Goyal test_inline_macsec_rekey_tx(const void *data __rte_unused) 1927ad344741SAkhil Goyal { 1928ad344741SAkhil Goyal const struct mcs_test_vector *cur_td; 1929ad344741SAkhil Goyal struct mcs_test_opts opts = {0}; 1930ad344741SAkhil Goyal int err, all_err = 0; 1931ad344741SAkhil Goyal int i, size; 1932ad344741SAkhil Goyal 1933ad344741SAkhil Goyal opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1934ad344741SAkhil Goyal opts.protect_frames = true; 1935ad344741SAkhil Goyal opts.encrypt = true; 1936ad344741SAkhil Goyal opts.sa_in_use = 1; 1937ad344741SAkhil Goyal opts.nb_td = 1; 1938ad344741SAkhil Goyal opts.sectag_insert_mode = 1; 1939ad344741SAkhil Goyal opts.mtu = RTE_ETHER_MTU; 1940ad344741SAkhil Goyal opts.rekey_en = 1; 1941ad344741SAkhil Goyal 1942ad344741SAkhil Goyal size = (sizeof(list_mcs_rekey_vectors) / sizeof((list_mcs_rekey_vectors)[0])); 1943ad344741SAkhil Goyal 1944ad344741SAkhil Goyal for (i = 0; i < size; i++) { 1945ad344741SAkhil Goyal cur_td = &list_mcs_rekey_vectors[i]; 1946ad344741SAkhil Goyal opts.rekey_td = &list_mcs_rekey_vectors[++i]; 1947ad344741SAkhil Goyal err = test_macsec(&cur_td, MCS_ENCAP, &opts); 1948ad344741SAkhil Goyal if (err) { 1949ad344741SAkhil Goyal printf("Tx hw rekey test case %d failed\n", i); 1950ad344741SAkhil Goyal err = -1; 1951ad344741SAkhil Goyal } else { 1952ad344741SAkhil Goyal printf("Tx hw rekey test case %d passed\n", i); 1953ad344741SAkhil Goyal err = 0; 1954ad344741SAkhil Goyal } 1955ad344741SAkhil Goyal all_err += err; 1956ad344741SAkhil Goyal } 1957ad344741SAkhil Goyal 1958ad344741SAkhil Goyal printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1959ad344741SAkhil Goyal return all_err; 1960ad344741SAkhil Goyal } 1961ad344741SAkhil Goyal 1962ad344741SAkhil Goyal static int 1963*4885ba24SAnkur Dwivedi test_inline_macsec_rekey_rx(const void *data __rte_unused) 1964*4885ba24SAnkur Dwivedi { 1965*4885ba24SAnkur Dwivedi const struct mcs_test_vector *cur_td; 1966*4885ba24SAnkur Dwivedi struct mcs_test_opts opts = {0}; 1967*4885ba24SAnkur Dwivedi int err, all_err = 0; 1968*4885ba24SAnkur Dwivedi int i, size; 1969*4885ba24SAnkur Dwivedi 1970*4885ba24SAnkur Dwivedi opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; 1971*4885ba24SAnkur Dwivedi opts.protect_frames = true; 1972*4885ba24SAnkur Dwivedi opts.sa_in_use = 1; 1973*4885ba24SAnkur Dwivedi opts.nb_td = 1; 1974*4885ba24SAnkur Dwivedi opts.sectag_insert_mode = 1; 1975*4885ba24SAnkur Dwivedi opts.mtu = RTE_ETHER_MTU; 1976*4885ba24SAnkur Dwivedi opts.rekey_en = 1; 1977*4885ba24SAnkur Dwivedi 1978*4885ba24SAnkur Dwivedi size = (sizeof(list_mcs_rekey_vectors) / sizeof((list_mcs_rekey_vectors)[0])); 1979*4885ba24SAnkur Dwivedi for (i = 0; i < size; i++) { 1980*4885ba24SAnkur Dwivedi cur_td = &list_mcs_rekey_vectors[i]; 1981*4885ba24SAnkur Dwivedi opts.rekey_td = &list_mcs_rekey_vectors[++i]; 1982*4885ba24SAnkur Dwivedi err = test_macsec(&cur_td, MCS_DECAP, &opts); 1983*4885ba24SAnkur Dwivedi if (err) { 1984*4885ba24SAnkur Dwivedi printf("Rx rekey test case %d failed\n", i); 1985*4885ba24SAnkur Dwivedi err = -1; 1986*4885ba24SAnkur Dwivedi } else { 1987*4885ba24SAnkur Dwivedi printf("Rx rekey test case %d passed\n", i); 1988*4885ba24SAnkur Dwivedi err = 0; 1989*4885ba24SAnkur Dwivedi } 1990*4885ba24SAnkur Dwivedi all_err += err; 1991*4885ba24SAnkur Dwivedi } 1992*4885ba24SAnkur Dwivedi 1993*4885ba24SAnkur Dwivedi printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); 1994*4885ba24SAnkur Dwivedi return all_err; 1995*4885ba24SAnkur Dwivedi } 1996*4885ba24SAnkur Dwivedi 1997*4885ba24SAnkur Dwivedi static int 1998993ea577SAkhil Goyal ut_setup_inline_macsec(void) 1999993ea577SAkhil Goyal { 2000993ea577SAkhil Goyal int ret; 2001993ea577SAkhil Goyal 2002993ea577SAkhil Goyal /* Start device */ 2003993ea577SAkhil Goyal ret = rte_eth_dev_start(port_id); 2004993ea577SAkhil Goyal if (ret < 0) { 2005993ea577SAkhil Goyal printf("rte_eth_dev_start: err=%d, port=%d\n", 2006993ea577SAkhil Goyal ret, port_id); 2007993ea577SAkhil Goyal return ret; 2008993ea577SAkhil Goyal } 2009993ea577SAkhil Goyal /* always enable promiscuous */ 2010993ea577SAkhil Goyal ret = rte_eth_promiscuous_enable(port_id); 2011993ea577SAkhil Goyal if (ret != 0) { 2012993ea577SAkhil Goyal printf("rte_eth_promiscuous_enable: err=%s, port=%d\n", 2013993ea577SAkhil Goyal rte_strerror(-ret), port_id); 2014993ea577SAkhil Goyal return ret; 2015993ea577SAkhil Goyal } 2016993ea577SAkhil Goyal 2017993ea577SAkhil Goyal check_all_ports_link_status(1, RTE_PORT_ALL); 2018993ea577SAkhil Goyal 2019993ea577SAkhil Goyal return 0; 2020993ea577SAkhil Goyal } 2021993ea577SAkhil Goyal 2022993ea577SAkhil Goyal static void 2023993ea577SAkhil Goyal ut_teardown_inline_macsec(void) 2024993ea577SAkhil Goyal { 2025993ea577SAkhil Goyal uint16_t portid; 2026993ea577SAkhil Goyal int ret; 2027993ea577SAkhil Goyal 2028993ea577SAkhil Goyal /* port tear down */ 2029993ea577SAkhil Goyal RTE_ETH_FOREACH_DEV(portid) { 2030993ea577SAkhil Goyal ret = rte_eth_dev_stop(portid); 2031993ea577SAkhil Goyal if (ret != 0) 2032993ea577SAkhil Goyal printf("rte_eth_dev_stop: err=%s, port=%u\n", 2033993ea577SAkhil Goyal rte_strerror(-ret), portid); 2034993ea577SAkhil Goyal 2035993ea577SAkhil Goyal } 2036993ea577SAkhil Goyal } 2037993ea577SAkhil Goyal 2038993ea577SAkhil Goyal static int 2039993ea577SAkhil Goyal inline_macsec_testsuite_setup(void) 2040993ea577SAkhil Goyal { 2041993ea577SAkhil Goyal uint16_t nb_rxd; 2042993ea577SAkhil Goyal uint16_t nb_txd; 2043993ea577SAkhil Goyal uint16_t nb_ports; 2044993ea577SAkhil Goyal int ret; 2045993ea577SAkhil Goyal uint16_t nb_rx_queue = 1, nb_tx_queue = 1; 2046993ea577SAkhil Goyal 2047993ea577SAkhil Goyal printf("Start inline MACsec test.\n"); 2048993ea577SAkhil Goyal 2049993ea577SAkhil Goyal nb_ports = rte_eth_dev_count_avail(); 2050993ea577SAkhil Goyal if (nb_ports < NB_ETHPORTS_USED) { 2051993ea577SAkhil Goyal printf("At least %u port(s) used for test\n", 2052993ea577SAkhil Goyal NB_ETHPORTS_USED); 2053993ea577SAkhil Goyal return TEST_SKIPPED; 2054993ea577SAkhil Goyal } 2055993ea577SAkhil Goyal 2056993ea577SAkhil Goyal ret = init_mempools(NB_MBUF); 2057993ea577SAkhil Goyal if (ret) 2058993ea577SAkhil Goyal return ret; 2059993ea577SAkhil Goyal 2060993ea577SAkhil Goyal if (tx_pkts_burst == NULL) { 2061993ea577SAkhil Goyal tx_pkts_burst = (struct rte_mbuf **)rte_calloc("tx_buff", 2062993ea577SAkhil Goyal MAX_TRAFFIC_BURST, 2063993ea577SAkhil Goyal sizeof(void *), 2064993ea577SAkhil Goyal RTE_CACHE_LINE_SIZE); 2065993ea577SAkhil Goyal if (!tx_pkts_burst) 2066993ea577SAkhil Goyal return TEST_FAILED; 2067993ea577SAkhil Goyal 2068993ea577SAkhil Goyal rx_pkts_burst = (struct rte_mbuf **)rte_calloc("rx_buff", 2069993ea577SAkhil Goyal MAX_TRAFFIC_BURST, 2070993ea577SAkhil Goyal sizeof(void *), 2071993ea577SAkhil Goyal RTE_CACHE_LINE_SIZE); 2072993ea577SAkhil Goyal if (!rx_pkts_burst) 2073993ea577SAkhil Goyal return TEST_FAILED; 2074993ea577SAkhil Goyal } 2075993ea577SAkhil Goyal 2076993ea577SAkhil Goyal printf("Generate %d packets\n", MAX_TRAFFIC_BURST); 2077993ea577SAkhil Goyal 2078993ea577SAkhil Goyal nb_rxd = RTE_TEST_RX_DESC_DEFAULT; 2079993ea577SAkhil Goyal nb_txd = RTE_TEST_TX_DESC_DEFAULT; 2080993ea577SAkhil Goyal 2081993ea577SAkhil Goyal /* configuring port 0 for the test is enough */ 2082993ea577SAkhil Goyal port_id = 0; 2083993ea577SAkhil Goyal /* port configure */ 2084993ea577SAkhil Goyal ret = rte_eth_dev_configure(port_id, nb_rx_queue, 2085993ea577SAkhil Goyal nb_tx_queue, &port_conf); 2086993ea577SAkhil Goyal if (ret < 0) { 2087993ea577SAkhil Goyal printf("Cannot configure device: err=%d, port=%d\n", 2088993ea577SAkhil Goyal ret, port_id); 2089993ea577SAkhil Goyal return ret; 2090993ea577SAkhil Goyal } 2091993ea577SAkhil Goyal ret = rte_eth_macaddr_get(port_id, &ports_eth_addr[port_id]); 2092993ea577SAkhil Goyal if (ret < 0) { 2093993ea577SAkhil Goyal printf("Cannot get mac address: err=%d, port=%d\n", 2094993ea577SAkhil Goyal ret, port_id); 2095993ea577SAkhil Goyal return ret; 2096993ea577SAkhil Goyal } 2097993ea577SAkhil Goyal printf("Port %u ", port_id); 2098993ea577SAkhil Goyal print_ethaddr("Address:", &ports_eth_addr[port_id]); 2099993ea577SAkhil Goyal printf("\n"); 2100993ea577SAkhil Goyal 2101993ea577SAkhil Goyal /* tx queue setup */ 2102993ea577SAkhil Goyal ret = rte_eth_tx_queue_setup(port_id, 0, nb_txd, 2103993ea577SAkhil Goyal SOCKET_ID_ANY, &tx_conf); 2104993ea577SAkhil Goyal if (ret < 0) { 2105993ea577SAkhil Goyal printf("rte_eth_tx_queue_setup: err=%d, port=%d\n", 2106993ea577SAkhil Goyal ret, port_id); 2107993ea577SAkhil Goyal return ret; 2108993ea577SAkhil Goyal } 2109993ea577SAkhil Goyal /* rx queue steup */ 2110993ea577SAkhil Goyal ret = rte_eth_rx_queue_setup(port_id, 0, nb_rxd, SOCKET_ID_ANY, 2111993ea577SAkhil Goyal &rx_conf, mbufpool); 2112993ea577SAkhil Goyal if (ret < 0) { 2113993ea577SAkhil Goyal printf("rte_eth_rx_queue_setup: err=%d, port=%d\n", 2114993ea577SAkhil Goyal ret, port_id); 2115993ea577SAkhil Goyal return ret; 2116993ea577SAkhil Goyal } 2117993ea577SAkhil Goyal 2118993ea577SAkhil Goyal return 0; 2119993ea577SAkhil Goyal } 2120993ea577SAkhil Goyal 2121993ea577SAkhil Goyal static void 2122993ea577SAkhil Goyal inline_macsec_testsuite_teardown(void) 2123993ea577SAkhil Goyal { 2124993ea577SAkhil Goyal uint16_t portid; 2125993ea577SAkhil Goyal int ret; 2126993ea577SAkhil Goyal 2127993ea577SAkhil Goyal /* port tear down */ 2128993ea577SAkhil Goyal RTE_ETH_FOREACH_DEV(portid) { 2129993ea577SAkhil Goyal ret = rte_eth_dev_reset(portid); 2130993ea577SAkhil Goyal if (ret != 0) 2131993ea577SAkhil Goyal printf("rte_eth_dev_reset: err=%s, port=%u\n", 2132993ea577SAkhil Goyal rte_strerror(-ret), port_id); 2133993ea577SAkhil Goyal } 2134993ea577SAkhil Goyal rte_free(tx_pkts_burst); 2135993ea577SAkhil Goyal rte_free(rx_pkts_burst); 2136993ea577SAkhil Goyal } 2137993ea577SAkhil Goyal 2138993ea577SAkhil Goyal 2139993ea577SAkhil Goyal static struct unit_test_suite inline_macsec_testsuite = { 2140993ea577SAkhil Goyal .suite_name = "Inline MACsec Ethernet Device Unit Test Suite", 2141993ea577SAkhil Goyal .unit_test_cases = { 2142993ea577SAkhil Goyal TEST_CASE_NAMED_ST( 2143e3d83ea4SAkhil Goyal "MACsec Encap + decap Multi flow", 2144e3d83ea4SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2145e3d83ea4SAkhil Goyal test_inline_macsec_multi_flow), 2146e3d83ea4SAkhil Goyal TEST_CASE_NAMED_ST( 2147993ea577SAkhil Goyal "MACsec encap(Cipher+Auth) known vector", 2148993ea577SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2149993ea577SAkhil Goyal test_inline_macsec_encap_all), 2150993ea577SAkhil Goyal TEST_CASE_NAMED_ST( 2151993ea577SAkhil Goyal "MACsec decap(De-cipher+verify) known vector", 2152993ea577SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2153993ea577SAkhil Goyal test_inline_macsec_decap_all), 21542da0c0a7SAkhil Goyal TEST_CASE_NAMED_ST( 21552da0c0a7SAkhil Goyal "MACsec auth only known vector", 21562da0c0a7SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 21572da0c0a7SAkhil Goyal test_inline_macsec_auth_only_all), 21582da0c0a7SAkhil Goyal TEST_CASE_NAMED_ST( 21592da0c0a7SAkhil Goyal "MACsec verify only known vector", 21602da0c0a7SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 21612da0c0a7SAkhil Goyal test_inline_macsec_verify_only_all), 21622da0c0a7SAkhil Goyal TEST_CASE_NAMED_ST( 21632da0c0a7SAkhil Goyal "MACsec encap + decap known vector", 21642da0c0a7SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 21652da0c0a7SAkhil Goyal test_inline_macsec_encap_decap_all), 21662da0c0a7SAkhil Goyal TEST_CASE_NAMED_ST( 21672da0c0a7SAkhil Goyal "MACsec auth + verify known vector", 21682da0c0a7SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 21692da0c0a7SAkhil Goyal test_inline_macsec_auth_verify_all), 2170e67246cbSAkhil Goyal TEST_CASE_NAMED_ST( 2171e67246cbSAkhil Goyal "MACsec Encap and decap with VLAN", 2172e67246cbSAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2173e67246cbSAkhil Goyal test_inline_macsec_with_vlan), 21747c3b1decSAkhil Goyal TEST_CASE_NAMED_ST( 21757c3b1decSAkhil Goyal "MACsec packet drop", 21767c3b1decSAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 21777c3b1decSAkhil Goyal test_inline_macsec_pkt_drop), 21787c3b1decSAkhil Goyal TEST_CASE_NAMED_ST( 21797c3b1decSAkhil Goyal "MACsec untagged Rx", 21807c3b1decSAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 21817c3b1decSAkhil Goyal test_inline_macsec_untagged_rx), 21827c3b1decSAkhil Goyal TEST_CASE_NAMED_ST( 21837c3b1decSAkhil Goyal "MACsec bad tag Rx", 21847c3b1decSAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 21857c3b1decSAkhil Goyal test_inline_macsec_bad_tag_rx), 21867c3b1decSAkhil Goyal TEST_CASE_NAMED_ST( 21877c3b1decSAkhil Goyal "MACsec SA not in use", 21887c3b1decSAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 21897c3b1decSAkhil Goyal test_inline_macsec_sa_not_in_use), 21907c3b1decSAkhil Goyal TEST_CASE_NAMED_ST( 2191164757d6SAkhil Goyal "MACsec decap stats", 2192164757d6SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2193164757d6SAkhil Goyal test_inline_macsec_decap_stats), 2194164757d6SAkhil Goyal TEST_CASE_NAMED_ST( 2195164757d6SAkhil Goyal "MACsec verify only stats", 2196164757d6SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2197164757d6SAkhil Goyal test_inline_macsec_verify_only_stats), 2198164757d6SAkhil Goyal TEST_CASE_NAMED_ST( 2199164757d6SAkhil Goyal "MACsec pkts invalid stats", 2200164757d6SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2201164757d6SAkhil Goyal test_inline_macsec_pkts_invalid_stats), 2202164757d6SAkhil Goyal TEST_CASE_NAMED_ST( 2203164757d6SAkhil Goyal "MACsec pkts unchecked stats", 2204164757d6SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2205164757d6SAkhil Goyal test_inline_macsec_pkts_unchecked_stats), 2206164757d6SAkhil Goyal TEST_CASE_NAMED_ST( 22077c3b1decSAkhil Goyal "MACsec out pkts untagged", 22087c3b1decSAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 22097c3b1decSAkhil Goyal test_inline_macsec_out_pkts_untagged), 22107c3b1decSAkhil Goyal TEST_CASE_NAMED_ST( 22117c3b1decSAkhil Goyal "MACsec out pkts too long", 22127c3b1decSAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 22137c3b1decSAkhil Goyal test_inline_macsec_out_pkts_toolong), 2214164757d6SAkhil Goyal TEST_CASE_NAMED_ST( 2215164757d6SAkhil Goyal "MACsec Encap stats", 2216164757d6SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2217164757d6SAkhil Goyal test_inline_macsec_encap_stats), 2218164757d6SAkhil Goyal TEST_CASE_NAMED_ST( 2219164757d6SAkhil Goyal "MACsec auth only stats", 2220164757d6SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2221164757d6SAkhil Goyal test_inline_macsec_auth_only_stats), 2222339b9354SAnkur Dwivedi TEST_CASE_NAMED_ST( 2223339b9354SAnkur Dwivedi "MACsec interrupts all", 2224339b9354SAnkur Dwivedi ut_setup_inline_macsec, ut_teardown_inline_macsec, 2225339b9354SAnkur Dwivedi test_inline_macsec_interrupts_all), 2226ad344741SAkhil Goyal TEST_CASE_NAMED_ST( 2227ad344741SAkhil Goyal "MACsec re-key Tx", 2228ad344741SAkhil Goyal ut_setup_inline_macsec, ut_teardown_inline_macsec, 2229ad344741SAkhil Goyal test_inline_macsec_rekey_tx), 2230*4885ba24SAnkur Dwivedi TEST_CASE_NAMED_ST( 2231*4885ba24SAnkur Dwivedi "MACsec re-key Rx", 2232*4885ba24SAnkur Dwivedi ut_setup_inline_macsec, ut_teardown_inline_macsec, 2233*4885ba24SAnkur Dwivedi test_inline_macsec_rekey_rx), 2234993ea577SAkhil Goyal 2235993ea577SAkhil Goyal TEST_CASES_END() /**< NULL terminate unit test array */ 2236993ea577SAkhil Goyal }, 2237993ea577SAkhil Goyal }; 2238993ea577SAkhil Goyal 2239993ea577SAkhil Goyal static int 2240993ea577SAkhil Goyal test_inline_macsec(void) 2241993ea577SAkhil Goyal { 2242993ea577SAkhil Goyal inline_macsec_testsuite.setup = inline_macsec_testsuite_setup; 2243993ea577SAkhil Goyal inline_macsec_testsuite.teardown = inline_macsec_testsuite_teardown; 2244993ea577SAkhil Goyal return unit_test_suite_runner(&inline_macsec_testsuite); 2245993ea577SAkhil Goyal } 2246993ea577SAkhil Goyal 2247993ea577SAkhil Goyal #endif /* !RTE_EXEC_ENV_WINDOWS */ 2248993ea577SAkhil Goyal 2249993ea577SAkhil Goyal REGISTER_TEST_COMMAND(inline_macsec_autotest, test_inline_macsec); 2250