summaryrefslogtreecommitdiffstats
path: root/test/template_ipsec.py
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-03-21 16:36:28 +0000
committerDamjan Marion <dmarion@me.com>2019-03-22 13:05:39 +0000
commit00a442068d353fd60cbd743f2dfb42ee7407d267 (patch)
treef7c1c34d920039499f7ce52b41ba297f0965c994 /test/template_ipsec.py
parentc39a93a83c66f3162ff2aeca809cf825c444fe80 (diff)
IPSEC: test for packet drop on sequence number wrap
Change-Id: Id546c56a4904d13d4278055f3c5a5e4548e2efd0 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test/template_ipsec.py')
-rw-r--r--test/template_ipsec.py16
1 files changed, 16 insertions, 0 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index 1b9a3796c15..78d75844d5d 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -307,7 +307,23 @@ class IpsecTra4Tests(object):
seq_num=234))
self.send_and_expect(self.tra_if, [pkt], self.tra_if)
+ # move VPP's SA to just before the seq-number wrap
+ self.vapi.cli("test ipsec sa %d seq 0xffffffff" % p.scapy_tra_sa_id)
+
+ # then fire in a packet that VPP should drop becuase it causes the
+ # seq number to wrap
+ pkt = (Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=236))
+ self.send_and_assert_no_replies(self.tra_if, [pkt])
+ self.assert_packet_counter_equal(
+ '/err/%s/sequence number cycled' % self.tra4_encrypt_node_name, 1)
+
# move the security-associations seq number on to the last we used
+ self.vapi.cli("test ipsec sa %d seq 0x15f" % p.scapy_tra_sa_id)
p.scapy_tra_sa.seq_num = 351
p.vpp_tra_sa.seq_num = 351