ipsec: fix SA names consistency in tests

In some IPsec tests, the SA called scapy_sa designs the SA that encrypts Scapy packets and decrypts them in VPP, and the one called vpp_sa the SA that encrypts VPP packets and decrypts them with Scapy. However, this pattern is not consistent across all tests. Some tests use the opposite logic. Others even mix both correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa. Because of that, sometimes, the SA called vpp_sa_in is used as an outbound SA and vpp_sa_out as an inbound one. This patch forces all the tests to follow the same following logic: - scapy_sa is the SA used to encrypt Scapy packets and decrypt them in VPP. It matches the VPP inbound SA. - vpp_sa is the SA used to encrypt VPP packets and decrypt them in Scapy. It matches the VPP outbound SA. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
author: Arthur de Kerhor <arthurdekerhor@gmail.com> 2022-11-16 18:45:24 +0100
committer: Neale Ranns <neale@graphiant.com> 2023-02-06 03:49:14 +0000
commit: 0df06b6e95b6a3261c8e9c261c7a4a661d6ea25a (patch)
tree: 16c4f723367566c965bffda369bb1f56dcf566ce /test/template_ipsec.py
parent: ab412cdc07e19a872037e4034caa522398c4be07 (diff)
1 files changed, 12 insertions, 12 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index d00216c7308..72784dd4ea7 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -138,7 +138,7 @@ def config_tun_params(p, encryption_type, tun_if):
     crypt_key = mk_scapy_crypt_key(p)
     p.scapy_tun_sa = SecurityAssociation(
         encryption_type,
-        spi=p.vpp_tun_spi,
+        spi=p.scapy_tun_spi,
         crypt_algo=p.crypt_algo,
         crypt_key=crypt_key,
         auth_algo=p.auth_algo,
@@ -149,7 +149,7 @@ def config_tun_params(p, encryption_type, tun_if):
     )
     p.vpp_tun_sa = SecurityAssociation(
         encryption_type,
-        spi=p.scapy_tun_spi,
+        spi=p.vpp_tun_spi,
         crypt_algo=p.crypt_algo,
         crypt_key=crypt_key,
         auth_algo=p.auth_algo,
@@ -167,7 +167,7 @@ def config_tra_params(p, encryption_type):
     crypt_key = mk_scapy_crypt_key(p)
     p.scapy_tra_sa = SecurityAssociation(
         encryption_type,
-        spi=p.vpp_tra_spi,
+        spi=p.scapy_tra_spi,
         crypt_algo=p.crypt_algo,
         crypt_key=crypt_key,
         auth_algo=p.auth_algo,
@@ -177,7 +177,7 @@ def config_tra_params(p, encryption_type):
     )
     p.vpp_tra_sa = SecurityAssociation(
         encryption_type,
-        spi=p.scapy_tra_spi,
+        spi=p.vpp_tra_spi,
         crypt_algo=p.crypt_algo,
         crypt_key=crypt_key,
         auth_algo=p.auth_algo,
@@ -708,7 +708,7 @@ class IpsecTra4(object):
         # a packet that does not decrypt does not move the window forward
         bogus_sa = SecurityAssociation(
             self.encryption_type,
-            p.vpp_tra_spi,
+            p.scapy_tra_spi,
             crypt_algo=p.crypt_algo,
             crypt_key=mk_scapy_crypt_key(p)[::-1],
             auth_algo=p.auth_algo,
@@ -728,7 +728,7 @@ class IpsecTra4(object):
         # a malformed 'runt' packet
         #  created by a mis-constructed SA
         if ESP == self.encryption_type and p.crypt_algo != "NULL":
-            bogus_sa = SecurityAssociation(self.encryption_type, p.vpp_tra_spi)
+            bogus_sa = SecurityAssociation(self.encryption_type, p.scapy_tra_spi)
             pkt = Ether(
                 src=self.tra_if.remote_mac, dst=self.tra_if.local_mac
             ) / bogus_sa.encrypt(
@@ -788,7 +788,7 @@ class IpsecTra4(object):
         # causes the TX seq number to wrap; unless we're using extened sequence
         # numbers.
         #
-        self.vapi.cli("test ipsec sa %d seq 0xffffffff" % p.scapy_tra_sa_id)
+        self.vapi.cli("test ipsec sa %d seq 0xffffffff" % p.vpp_tra_sa_id)
         self.logger.info(self.vapi.ppcli("show ipsec sa 0"))
         self.logger.info(self.vapi.ppcli("show ipsec sa 1"))
 
@@ -924,7 +924,7 @@ class IpsecTra4(object):
         ]
         self.send_and_expect(self.tra_if, pkts, self.tra_if)
 
-        self.assertEqual(p.tra_sa_out.get_lost(), 0)
+        self.assertEqual(p.tra_sa_in.get_lost(), 0)
 
         # skip a sequence number
         pkts = [
@@ -939,7 +939,7 @@ class IpsecTra4(object):
         ]
         self.send_and_expect(self.tra_if, pkts, self.tra_if)
 
-        self.assertEqual(p.tra_sa_out.get_lost(), 0)
+        self.assertEqual(p.tra_sa_in.get_lost(), 0)
 
         # the lost packet are counted untill we get up past the first
         # sizeof(replay_window) packets
@@ -955,7 +955,7 @@ class IpsecTra4(object):
         ]
         self.send_and_expect(self.tra_if, pkts, self.tra_if)
 
-        self.assertEqual(p.tra_sa_out.get_lost(), 1)
+        self.assertEqual(p.tra_sa_in.get_lost(), 1)
 
         # lost of holes in the sequence
         pkts = [
@@ -982,7 +982,7 @@ class IpsecTra4(object):
         ]
         self.send_and_expect(self.tra_if, pkts, self.tra_if)
 
-        self.assertEqual(p.tra_sa_out.get_lost(), 51)
+        self.assertEqual(p.tra_sa_in.get_lost(), 51)
 
         # a big hole in the seq number space
         pkts = [
@@ -997,7 +997,7 @@ class IpsecTra4(object):
         ]
         self.send_and_expect(self.tra_if, pkts, self.tra_if)
 
-        self.assertEqual(p.tra_sa_out.get_lost(), 151)
+        self.assertEqual(p.tra_sa_in.get_lost(), 151)
 
     def verify_tra_basic4(self, count=1, payload_size=54):
         """ipsec v4 transport basic test"""
author	Arthur de Kerhor <arthurdekerhor@gmail.com>	2022-11-16 18:45:24 +0100
committer	Neale Ranns <neale@graphiant.com>	2023-02-06 03:49:14 +0000
commit	0df06b6e95b6a3261c8e9c261c7a4a661d6ea25a (patch)
tree	16c4f723367566c965bffda369bb1f56dcf566ce /test/template_ipsec.py
parent	ab412cdc07e19a872037e4034caa522398c4be07 (diff)