diff options
author | Neale Ranns <neale@graphiant.com> | 2021-02-09 14:04:02 +0000 |
---|---|---|
committer | Matthew Smith <mgsmith@netgate.com> | 2021-02-10 13:39:37 +0000 |
commit | 9ec846c2684b69f47505d73ea9f873b793a11558 (patch) | |
tree | 78b1f3ced7dcee5d925f5c715b7e2ba99d5cdd95 /test/test_ipsec_esp.py | |
parent | 98d82ca04ba438cd2ba3c03de6e1e82e4786cd83 (diff) |
ipsec: Use the new tunnel API types to add flow label and TTL copy
support
Type: feature
attmpet 2. this includes changes in ah_encrypt that don't use
uninitialised memory when doing tunnel mode fixups.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d
Diffstat (limited to 'test/test_ipsec_esp.py')
-rw-r--r-- | test/test_ipsec_esp.py | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 178b1d248bf..11d44049aeb 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -123,7 +123,8 @@ class ConfigIpsecESP(TemplateIpsec): tun_flags=tun_flags, dscp=params.dscp, flags=flags, - salt=salt) + salt=salt, + hop_limit=params.outer_hop_limit) params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, @@ -133,7 +134,8 @@ class ConfigIpsecESP(TemplateIpsec): tun_flags=tun_flags, dscp=params.dscp, flags=flags, - salt=salt) + salt=salt, + hop_limit=params.outer_hop_limit) objs.append(params.tun_sa_in) objs.append(params.tun_sa_out) @@ -401,7 +403,7 @@ class TestIpsecEspTun(TemplateIpsecEsp, IpsecTun46Tests): Raw(b'X' * payload_size) for i in range(count)] - def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54): + def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54): # set the DSCP + ECN - flags are set to copy both return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IPv6(src=src, dst=dst, tc=5) / @@ -433,15 +435,13 @@ class TestIpsecEspTun2(TemplateIpsecEsp, IpsecTun46Tests): super(TestIpsecEspTun2, self).setUp() def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54): - # set the DSCP + ECN - flags are set to copy only DSCP return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IP(src=src, dst=dst) / UDP(sport=4444, dport=4444) / Raw(b'X' * payload_size) for i in range(count)] - def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54): - # set the DSCP + ECN - flags are set to copy both + def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54): return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IPv6(src=src, dst=dst) / UDP(sport=4444, dport=4444) / @@ -449,13 +449,13 @@ class TestIpsecEspTun2(TemplateIpsecEsp, IpsecTun46Tests): for i in range(count)] def verify_encrypted(self, p, sa, rxs): - # just check that only the DSCP is copied + # just check that only the DSCP is set for rx in rxs: self.assertEqual(rx[IP].tos, VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF << 2) def verify_encrypted6(self, p, sa, rxs): - # just check that the DSCP & ECN are copied + # just check that the DSCP is set for rx in rxs: self.assertEqual(rx[IPv6].tc, VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_AF11 << 2) @@ -684,6 +684,7 @@ class RunTestIpsecEspAll(ConfigIpsecESP, p.crypt_key = algo['key'] p.salt = algo['salt'] p.flags = p.flags | flag + p.outer_flow_label = 243224 self.reporter.send_keep_alive(self) |