test/crypto: add packet soft expiry cases

Add tests to validate packets soft expiry handling.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f57a1a4..1befbeb 100644 (file)
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9045,7 +9045,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
                /* Process crypto operation */
                process_crypto_request(dev_id, ut_params->op);
 
-               ret = test_ipsec_status_check(ut_params->op, flags, dir);
+               ret = test_ipsec_status_check(ut_params->op, flags, dir, i + 1);
                if (ret != TEST_SUCCESS)
                        goto crypto_op_free;
 
@@ -9115,7 +9115,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
        unsigned int i, nb_pkts = 1, pass_cnt = 0;
        int ret;
 
-       if (flags->iv_gen)
+       if (flags->iv_gen ||
+           flags->sa_expiry_pkts_soft)
                nb_pkts = IPSEC_TEST_PACKETS_MAX;
 
        for (i = 0; i < RTE_DIM(aead_list); i++) {
@@ -9179,6 +9180,18 @@ test_ipsec_proto_iv_gen(const void *data __rte_unused)
        return test_ipsec_proto_all(&flags);
 }
 
+static int
+test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.sa_expiry_pkts_soft = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
 static int
 test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
 {
@@ -14135,6 +14148,10 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
                        "UDP encapsulation",
                        ut_setup_security, ut_teardown,
                        test_ipsec_proto_udp_encap),
+               TEST_CASE_NAMED_ST(
+                       "SA expiry packets soft",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_sa_exp_pkts_soft),
                TEST_CASE_NAMED_ST(
                        "Negative test: ICV corruption",
                        ut_setup_security, ut_teardown,

diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index f371b15..56a44b5 100644 (file)
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -173,6 +173,10 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 
                if (flags->iv_gen)
                        td->ipsec_xform.options.iv_gen_disable = 0;
+
+               if (flags->sa_expiry_pkts_soft)
+                       td->ipsec_xform.life.packets_soft_limit =
+                                       IPSEC_TEST_PACKETS_MAX - 1;
        }
 
        RTE_SET_USED(param2);
@@ -395,7 +399,8 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 int
 test_ipsec_status_check(struct rte_crypto_op *op,
                        const struct ipsec_test_flags *flags,
-                       enum rte_security_ipsec_sa_direction dir)
+                       enum rte_security_ipsec_sa_direction dir,
+                       int pkt_num)
 {
        int ret = TEST_SUCCESS;
 
@@ -406,7 +411,16 @@ test_ipsec_status_check(struct rte_crypto_op *op,
                }
        } else {
                if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
-                       printf("Security op processing failed\n");
+                       printf("Security op processing failed [pkt_num: %d]\n",
+                              pkt_num);
+                       ret = TEST_FAILED;
+               }
+       }
+
+       if (flags->sa_expiry_pkts_soft && pkt_num == IPSEC_TEST_PACKETS_MAX) {
+               if (!(op->aux_flags &
+                     RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY)) {
+                       printf("SA soft expiry (pkts) test failed\n");
                        ret = TEST_FAILED;
                }
        }

diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index e1645f4..eed3476 100644 (file)
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -49,6 +49,7 @@ struct ipsec_test_data {
 
 struct ipsec_test_flags {
        bool display_alg;
+       bool sa_expiry_pkts_soft;
        bool icv_corrupt;
        bool iv_gen;
        bool udp_encap;
@@ -114,6 +115,7 @@ int test_ipsec_post_process(struct rte_mbuf *m,
 
 int test_ipsec_status_check(struct rte_crypto_op *op,
                            const struct ipsec_test_flags *flags,
-                           enum rte_security_ipsec_sa_direction dir);
+                           enum rte_security_ipsec_sa_direction dir,
+                           int pkt_num);
 
 #endif

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 0e92818..ae62df8 100644 (file)
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -102,6 +102,7 @@ New Features
   * Added tests to verify error reporting with ICV corruption.
   * Added tests to verify IV generation.
   * Added tests to verify UDP encapsulation.
+  * Added tests to validate packets soft expiry.
 
 
 Removed Items