[dpdk-dev] [PATCH v4 1/5] test/crypto: add lookaside IPsec tests

[Anoob Joseph]

Hi Akhil,

Thanks for the review. Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: Akhil Goyal <gakhil at marvell.com>
> Sent: Tuesday, September 21, 2021 9:38 PM
> To: Anoob Joseph <anoobj at marvell.com>; Declan Doherty
> <declan.doherty at intel.com>; Fan Zhang <roy.fan.zhang at intel.com>;
> Konstantin Ananyev <konstantin.ananyev at intel.com>; Ciara Power
> <ciara.power at intel.com>
> Cc: Anoob Joseph <anoobj at marvell.com>; Jerin Jacob Kollanukkaran
> <jerinj at marvell.com>; Archana Muniganti <marchana at marvell.com>;
> Tejasree Kondoj <ktejasree at marvell.com>; Hemant Agrawal
> <hemant.agrawal at nxp.com>; Radu Nicolau <radu.nicolau at intel.com>;
> Gagandeep Singh <g.singh at nxp.com>; dev at dpdk.org
> Subject: RE: [PATCH v4 1/5] test/crypto: add lookaside IPsec tests
> 
> Hi Anoob,
> Few minor comments, Please see inline.
> Apart from that,
> Acked-by: Akhil Goyal <gakhil at marvell.com>
> >
> Update title as
> Test/crypto: add lookaside IPsec cases.

[Anoob] Will update so in v5
 
> 
> > +static int
> > +security_proto_supported(enum rte_security_session_action_type
> action,
> > +	enum rte_security_session_protocol proto);
> > +
> > +static int
> > +dev_configure_and_start(uint64_t ff_disable);
> > +
> 
> Do we really need to forward declare?

[Anoob] I've kept 'ipsec_proto_testsuite_setup' close to other rte_security test suite setups. The function, dev_configure_and_start() is defined later but I need to use it to enable SECURITY before doing capability check. Only other option is to move around code.
 
> 
> >  static struct rte_mbuf *
> >  setup_test_string(struct rte_mempool *mpool,
> >  		const char *string, size_t len, uint8_t blocksize) @@ -753,6
> > +763,43 @@ crypto_gen_testsuite_setup(void)
> >
> >  #ifdef RTE_LIB_SECURITY
> >  static int
> > +ipsec_proto_testsuite_setup(void)
> > +{
> > +	struct crypto_testsuite_params *ts_params = &testsuite_params;
> > +	struct crypto_unittest_params *ut_params = &unittest_params;
> > +	struct rte_cryptodev_info dev_info;
> > +	int ret = 0;
> > +
> > +	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
> > +
> > +	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) {
> > +		RTE_LOG(INFO, USER1, "Feature flag requirements for IPsec
> > Proto "
> > +				"testsuite not met\n");
> > +		return TEST_SKIPPED;
> > +	}
> > +
> > +	/* Reconfigure to enable security */
> 
> Update comment like
> /*Reconfigure to enable security and disable crypto */ BTW, shouldn't this be
> dev_configure_and_start(0) Why is sym and asym disabled here?

[Anoob] Will update the comments in v5. Sym & asym are not required for security tests. But then, I can keep ff_disable as 0. It won't affect anything.
 
> 
> > +
> 	dev_configure_and_start(RTE_CRYPTODEV_FF_SYMMETRIC_CRYPT
> O
> > |
> > +
> 	RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO);
> 
> Return value not taken care here.

[Anoob] Will fix in v5.
 
> 
> 
> > +
> > +	/* Set action type */
> > +	ut_params->type =
> > RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
> > +
> > +	if (security_proto_supported(
> > +
> > 	RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> > +			RTE_SECURITY_PROTOCOL_IPSEC) < 0) {
> > +		RTE_LOG(INFO, USER1, "Capability requirements for IPsec
> > Proto "
> > +				"test not met\n");
> > +		ret = TEST_SKIPPED;
> > +	}
> > +
> > +	/* Stop the device */
> > +	rte_cryptodev_stop(ts_params->valid_devs[0]);
> 
> Add a comment that the device will be started again in ut_setup_security()

[Anoob] Will update so in v5.
 
> 
> > +
> > +		ret = test_ipsec_post_process(ut_params->ibuf, &td[i],
> > +					      res_d_tmp, silent);
> > +		if (ret != TEST_SUCCESS)
> > +			goto crypto_op_free;
> > +
> > +		rte_crypto_op_free(ut_params->op);
> > +		ut_params->op = NULL;
> > +
> > +		rte_pktmbuf_free(ut_params->ibuf);
> > +		ut_params->ibuf = NULL;
> > +	}
> > +
> > +crypto_op_free:
> > +	rte_crypto_op_free(ut_params->op);
> > +	ut_params->op = NULL;
> > +
> > +	rte_pktmbuf_free(ut_params->ibuf);
> > +	ut_params->ibuf = NULL;
> > +
> 
> Above four lines are getting executed again in the success cases.

[Anoob] rte_crypto_op_free() has a NULL check. So executing this for success cases is alright. I believe UT already does it this way for certain cases. If you check PDCP test cases, it has a free in the test case and there would be one free in ut_teardown() also.