summaryrefslogtreecommitdiffstats
path: root/test/template_ipsec.py
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-08-01 04:45:15 -0700
committerDave Barach <openvpp@barachs.net>2019-08-01 18:04:42 +0000
commit3b9374fa57218c72306d372167724e88ef7d57be (patch)
tree5387c6d7f191671e180041ad081510da6601b2a4 /test/template_ipsec.py
parent55c68c9521d98005ce850ee54a40c7579d88928b (diff)
ipsec: Redo the anit-replay check post decrypt
Type: fix Change-Id: I1fa8c5326d6f22cfb8dd40e97d8a22d11a716922 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test/template_ipsec.py')
-rw-r--r--test/template_ipsec.py15
1 files changed, 15 insertions, 0 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index 773531fe038..c3fc8bd434f 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -318,6 +318,21 @@ class IpsecTra4(object):
self.assert_error_counter_equal(replay_node_name, replay_count)
#
+ # now send a batch of packets all with the same sequence number
+ # the first packet in the batch is legitimate, the rest bogus
+ #
+ pkts = (Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=35))
+ recv_pkts = self.send_and_expect(self.tra_if, pkts * 8,
+ self.tra_if, n_rx=1)
+ replay_count += 7
+ self.assert_error_counter_equal(replay_node_name, replay_count)
+
+ #
# now move the window over to 257 (more than one byte) and into Case A
#
pkt = (Ether(src=self.tra_if.remote_mac,