summaryrefslogtreecommitdiffstats
path: root/test/template_ipsec.py
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-12-23 04:10:25 +0000
committerNeale Ranns <nranns@cisco.com>2019-12-23 21:39:23 +0000
commit4a56f4e48f39f9e0560833115f85270c0c04b57f (patch)
treeda9d30b72cf953008bd3e15140219ba1240b5ba4 /test/template_ipsec.py
parent1de7167e7a12a80cc5996959aeb1fbe4b2853ccb (diff)
ipsec: Test and fix IPSec worker hand-off
Type: fix Change-Id: I5cb9a3845ddbc5f4de4eb4e9c481f606fe5cec9a Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test/template_ipsec.py')
-rw-r--r--test/template_ipsec.py79
1 files changed, 70 insertions, 9 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index 034bc8ecf45..bcfc0d9253a 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -660,21 +660,21 @@ class IpsecTra46Tests(IpsecTra4Tests, IpsecTra6Tests):
class IpsecTun4(object):
""" verify methods for Tunnel v4 """
- def verify_counters4(self, p, count, n_frags=None):
+ def verify_counters4(self, p, count, n_frags=None, worker=None):
if not n_frags:
n_frags = count
if (hasattr(p, "spd_policy_in_any")):
- pkts = p.spd_policy_in_any.get_stats()['packets']
+ pkts = p.spd_policy_in_any.get_stats(worker)['packets']
self.assertEqual(pkts, count,
"incorrect SPD any policy: expected %d != %d" %
(count, pkts))
if (hasattr(p, "tun_sa_in")):
- pkts = p.tun_sa_in.get_stats()['packets']
+ pkts = p.tun_sa_in.get_stats(worker)['packets']
self.assertEqual(pkts, count,
"incorrect SA in counts: expected %d != %d" %
(count, pkts))
- pkts = p.tun_sa_out.get_stats()['packets']
+ pkts = p.tun_sa_out.get_stats(worker)['packets']
self.assertEqual(pkts, count,
"incorrect SA out counts: expected %d != %d" %
(count, pkts))
@@ -840,14 +840,14 @@ class IpsecTun4Tests(IpsecTun4):
class IpsecTun6(object):
""" verify methods for Tunnel v6 """
- def verify_counters6(self, p_in, p_out, count):
+ def verify_counters6(self, p_in, p_out, count, worker=None):
if (hasattr(p_in, "tun_sa_in")):
- pkts = p_in.tun_sa_in.get_stats()['packets']
+ pkts = p_in.tun_sa_in.get_stats(worker)['packets']
self.assertEqual(pkts, count,
"incorrect SA in counts: expected %d != %d" %
(count, pkts))
if (hasattr(p_out, "tun_sa_out")):
- pkts = p_out.tun_sa_out.get_stats()['packets']
+ pkts = p_out.tun_sa_out.get_stats(worker)['packets']
self.assertEqual(pkts, count,
"incorrect SA out counts: expected %d != %d" %
(count, pkts))
@@ -908,8 +908,7 @@ class IpsecTun6(object):
dst=p_out.remote_tun_if_host,
count=count,
payload_size=payload_size)
- recv_pkts = self.send_and_expect(self.pg1, send_pkts,
- self.tun_if)
+ recv_pkts = self.send_and_expect(self.pg1, send_pkts, self.tun_if)
self.verify_encrypted6(p_out, p_out.vpp_tun_sa, recv_pkts)
finally:
@@ -1002,6 +1001,68 @@ class IpsecTun6Tests(IpsecTun6):
self.verify_tun_66(self.params[socket.AF_INET6], count=257)
+class IpsecTun6HandoffTests(IpsecTun6):
+ """ UT test methods for Tunnel v6 with multiple workers """
+ worker_config = "workers 2"
+
+ def test_tun_handoff_66(self):
+ """ ipsec 6o6 tunnel worker hand-off test """
+ N_PKTS = 15
+ p = self.params[socket.AF_INET6]
+
+ # inject alternately on worker 0 and 1. all counts on the SA
+ # should be against worker 0
+ for worker in [0, 1, 0, 1]:
+ send_pkts = self.gen_encrypt_pkts6(p.scapy_tun_sa, self.tun_if,
+ src=p.remote_tun_if_host,
+ dst=self.pg1.remote_ip6,
+ count=N_PKTS)
+ recv_pkts = self.send_and_expect(self.tun_if, send_pkts,
+ self.pg1, worker=worker)
+ self.verify_decrypted6(p, recv_pkts)
+
+ send_pkts = self.gen_pkts6(self.pg1, src=self.pg1.remote_ip6,
+ dst=p.remote_tun_if_host,
+ count=N_PKTS)
+ recv_pkts = self.send_and_expect(self.pg1, send_pkts,
+ self.tun_if, worker=worker)
+ self.verify_encrypted6(p, p.vpp_tun_sa, recv_pkts)
+
+ # all counts against the first worker that was used
+ self.verify_counters6(p, p, 4*N_PKTS, worker=0)
+
+
+class IpsecTun4HandoffTests(IpsecTun4):
+ """ UT test methods for Tunnel v4 with multiple workers """
+ worker_config = "workers 2"
+
+ def test_tun_handooff_44(self):
+ """ ipsec 4o4 tunnel worker hand-off test """
+ N_PKTS = 15
+ p = self.params[socket.AF_INET]
+
+ # inject alternately on worker 0 and 1. all counts on the SA
+ # should be against worker 0
+ for worker in [0, 1, 0, 1]:
+ send_pkts = self.gen_encrypt_pkts(p.scapy_tun_sa, self.tun_if,
+ src=p.remote_tun_if_host,
+ dst=self.pg1.remote_ip4,
+ count=N_PKTS)
+ recv_pkts = self.send_and_expect(self.tun_if, send_pkts,
+ self.pg1, worker=worker)
+ self.verify_decrypted(p, recv_pkts)
+
+ send_pkts = self.gen_pkts(self.pg1, src=self.pg1.remote_ip4,
+ dst=p.remote_tun_if_host,
+ count=N_PKTS)
+ recv_pkts = self.send_and_expect(self.pg1, send_pkts,
+ self.tun_if, worker=worker)
+ self.verify_encrypted(p, p.vpp_tun_sa, recv_pkts)
+
+ # all counts against the first worker that was used
+ self.verify_counters4(p, 4*N_PKTS, worker=0)
+
+
class IpsecTun46Tests(IpsecTun4Tests, IpsecTun6Tests):
""" UT test methods for Tunnel v6 & v4 """
pass