Add tests to validate packets hard expiry handling.

Signed-off-by: Anoob Joseph <ano...@marvell.com>

---
 app/test/test_cryptodev.c                | 19 ++++++++++++++++++-
 app/test/test_cryptodev_security_ipsec.c | 22 +++++++++++++++++++---
 app/test/test_cryptodev_security_ipsec.h |  1 +
 3 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 1befbeb..34b55a9 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9116,7 +9116,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
        int ret;
 
        if (flags->iv_gen ||
-           flags->sa_expiry_pkts_soft)
+           flags->sa_expiry_pkts_soft ||
+           flags->sa_expiry_pkts_hard)
                nb_pkts = IPSEC_TEST_PACKETS_MAX;
 
        for (i = 0; i < RTE_DIM(aead_list); i++) {
@@ -9193,6 +9194,18 @@ test_ipsec_proto_sa_exp_pkts_soft(const void *data 
__rte_unused)
 }
 
 static int
+test_ipsec_proto_sa_exp_pkts_hard(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.sa_expiry_pkts_hard = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
 test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
 {
        struct ipsec_test_flags flags;
@@ -14153,6 +14166,10 @@ static struct unit_test_suite ipsec_proto_testsuite  = 
{
                        ut_setup_security, ut_teardown,
                        test_ipsec_proto_sa_exp_pkts_soft),
                TEST_CASE_NAMED_ST(
+                       "SA expiry packets hard",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_sa_exp_pkts_hard),
+               TEST_CASE_NAMED_ST(
                        "Negative test: ICV corruption",
                        ut_setup_security, ut_teardown,
                        test_ipsec_proto_err_icv_corrupt),
diff --git a/app/test/test_cryptodev_security_ipsec.c 
b/app/test/test_cryptodev_security_ipsec.c
index 56a44b5..046536c 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -200,6 +200,10 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],
                        td_inb[i].input_text.data[icv_pos] += 1;
                }
 
+               if (flags->sa_expiry_pkts_hard)
+                       td_inb[i].ipsec_xform.life.packets_hard_limit =
+                                       IPSEC_TEST_PACKETS_MAX - 1;
+
                if (flags->udp_encap)
                        td_inb[i].ipsec_xform.options.udp_encap = 1;
 
@@ -285,9 +289,10 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct 
ipsec_test_data *td,
        uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
        uint32_t skip, len = rte_pktmbuf_pkt_len(m);
 
-       /* For negative tests, no need to do verification */
-       if (flags->icv_corrupt &&
-           td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+       /* For tests with status as error for test success, skip verification */
+       if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
+           (flags->icv_corrupt ||
+            flags->sa_expiry_pkts_hard))
                return TEST_SUCCESS;
 
        if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
@@ -404,6 +409,17 @@ test_ipsec_status_check(struct rte_crypto_op *op,
 {
        int ret = TEST_SUCCESS;
 
+       if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
+           flags->sa_expiry_pkts_hard &&
+           pkt_num == IPSEC_TEST_PACKETS_MAX) {
+               if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) {
+                       printf("SA hard expiry (pkts) test failed\n");
+                       return TEST_FAILED;
+               } else {
+                       return TEST_SUCCESS;
+               }
+       }
+
        if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) {
                if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) {
                        printf("ICV corruption test case failed\n");
diff --git a/app/test/test_cryptodev_security_ipsec.h 
b/app/test/test_cryptodev_security_ipsec.h
index eed3476..18f3c64 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -50,6 +50,7 @@ struct ipsec_test_data {
 struct ipsec_test_flags {
        bool display_alg;
        bool sa_expiry_pkts_soft;
+       bool sa_expiry_pkts_hard;
        bool icv_corrupt;
        bool iv_gen;
        bool udp_encap;
-- 
2.7.4

Reply via email to