aboutsummaryrefslogtreecommitdiffstats
path: root/test/template_ipsec.py
diff options
context:
space:
mode:
authorArthur de Kerhor <arthurdekerhor@gmail.com>2022-11-16 18:45:24 +0100
committerNeale Ranns <neale@graphiant.com>2023-02-06 03:49:14 +0000
commit0df06b6e95b6a3261c8e9c261c7a4a661d6ea25a (patch)
tree16c4f723367566c965bffda369bb1f56dcf566ce /test/template_ipsec.py
parentab412cdc07e19a872037e4034caa522398c4be07 (diff)
ipsec: fix SA names consistency in tests
In some IPsec tests, the SA called scapy_sa designs the SA that encrypts Scapy packets and decrypts them in VPP, and the one called vpp_sa the SA that encrypts VPP packets and decrypts them with Scapy. However, this pattern is not consistent across all tests. Some tests use the opposite logic. Others even mix both correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa. Because of that, sometimes, the SA called vpp_sa_in is used as an outbound SA and vpp_sa_out as an inbound one. This patch forces all the tests to follow the same following logic: - scapy_sa is the SA used to encrypt Scapy packets and decrypt them in VPP. It matches the VPP inbound SA. - vpp_sa is the SA used to encrypt VPP packets and decrypt them in Scapy. It matches the VPP outbound SA. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
Diffstat (limited to 'test/template_ipsec.py')
-rw-r--r--test/template_ipsec.py24
1 files changed, 12 insertions, 12 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index d00216c7308..72784dd4ea7 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -138,7 +138,7 @@ def config_tun_params(p, encryption_type, tun_if):
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tun_sa = SecurityAssociation(
encryption_type,
- spi=p.vpp_tun_spi,
+ spi=p.scapy_tun_spi,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
@@ -149,7 +149,7 @@ def config_tun_params(p, encryption_type, tun_if):
)
p.vpp_tun_sa = SecurityAssociation(
encryption_type,
- spi=p.scapy_tun_spi,
+ spi=p.vpp_tun_spi,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
@@ -167,7 +167,7 @@ def config_tra_params(p, encryption_type):
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tra_sa = SecurityAssociation(
encryption_type,
- spi=p.vpp_tra_spi,
+ spi=p.scapy_tra_spi,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
@@ -177,7 +177,7 @@ def config_tra_params(p, encryption_type):
)
p.vpp_tra_sa = SecurityAssociation(
encryption_type,
- spi=p.scapy_tra_spi,
+ spi=p.vpp_tra_spi,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
@@ -708,7 +708,7 @@ class IpsecTra4(object):
# a packet that does not decrypt does not move the window forward
bogus_sa = SecurityAssociation(
self.encryption_type,
- p.vpp_tra_spi,
+ p.scapy_tra_spi,
crypt_algo=p.crypt_algo,
crypt_key=mk_scapy_crypt_key(p)[::-1],
auth_algo=p.auth_algo,
@@ -728,7 +728,7 @@ class IpsecTra4(object):
# a malformed 'runt' packet
# created by a mis-constructed SA
if ESP == self.encryption_type and p.crypt_algo != "NULL":
- bogus_sa = SecurityAssociation(self.encryption_type, p.vpp_tra_spi)
+ bogus_sa = SecurityAssociation(self.encryption_type, p.scapy_tra_spi)
pkt = Ether(
src=self.tra_if.remote_mac, dst=self.tra_if.local_mac
) / bogus_sa.encrypt(
@@ -788,7 +788,7 @@ class IpsecTra4(object):
# causes the TX seq number to wrap; unless we're using extened sequence
# numbers.
#
- self.vapi.cli("test ipsec sa %d seq 0xffffffff" % p.scapy_tra_sa_id)
+ self.vapi.cli("test ipsec sa %d seq 0xffffffff" % p.vpp_tra_sa_id)
self.logger.info(self.vapi.ppcli("show ipsec sa 0"))
self.logger.info(self.vapi.ppcli("show ipsec sa 1"))
@@ -924,7 +924,7 @@ class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_out.get_lost(), 0)
+ self.assertEqual(p.tra_sa_in.get_lost(), 0)
# skip a sequence number
pkts = [
@@ -939,7 +939,7 @@ class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_out.get_lost(), 0)
+ self.assertEqual(p.tra_sa_in.get_lost(), 0)
# the lost packet are counted untill we get up past the first
# sizeof(replay_window) packets
@@ -955,7 +955,7 @@ class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_out.get_lost(), 1)
+ self.assertEqual(p.tra_sa_in.get_lost(), 1)
# lost of holes in the sequence
pkts = [
@@ -982,7 +982,7 @@ class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_out.get_lost(), 51)
+ self.assertEqual(p.tra_sa_in.get_lost(), 51)
# a big hole in the seq number space
pkts = [
@@ -997,7 +997,7 @@ class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_out.get_lost(), 151)
+ self.assertEqual(p.tra_sa_in.get_lost(), 151)
def verify_tra_basic4(self, count=1, payload_size=54):
"""ipsec v4 transport basic test"""