summaryrefslogtreecommitdiffstats
path: root/test/test_ipsec_esp.py
diff options
context:
space:
mode:
authorMaxime Peim <mpeim@cisco.com>2022-12-22 11:26:57 +0000
committerBeno�t Ganne <bganne@cisco.com>2023-10-30 15:23:13 +0000
commit0e2f188f7c9872d7c946c14d785c6dc7c7c68847 (patch)
tree1adc39db5e2e0e243811c8ce001d0bd056c0402e /test/test_ipsec_esp.py
parent21922cec7339f48989f230248de36a98816c4b1b (diff)
ipsec: huge anti-replay window support
Type: improvement Since RFC4303 does not specify the anti-replay window size, VPP should support multiple window size. It is done through a clib_bitmap. Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
Diffstat (limited to 'test/test_ipsec_esp.py')
-rw-r--r--test/test_ipsec_esp.py22
1 files changed, 18 insertions, 4 deletions
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 927863c80a1..fdd7eb8af15 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -62,10 +62,11 @@ class ConfigIpsecESP(TemplateIpsec):
def tearDown(self):
super(ConfigIpsecESP, self).tearDown()
- def config_anti_replay(self, params):
+ def config_anti_replay(self, params, anti_replay_window_size=64):
saf = VppEnum.vl_api_ipsec_sad_flags_t
for p in params:
p.flags |= saf.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY
+ p.anti_replay_window_size = anti_replay_window_size
def config_network(self, params):
self.net_objs = []
@@ -134,6 +135,7 @@ class ConfigIpsecESP(TemplateIpsec):
flags = params.flags
tun_flags = params.tun_flags
salt = params.salt
+ anti_replay_window_size = params.anti_replay_window_size
objs = []
params.tun_sa_in = VppIpsecSA(
@@ -152,6 +154,7 @@ class ConfigIpsecESP(TemplateIpsec):
flags=flags,
salt=salt,
hop_limit=params.outer_hop_limit,
+ anti_replay_window_size=anti_replay_window_size,
)
params.tun_sa_out = VppIpsecSA(
self,
@@ -169,6 +172,7 @@ class ConfigIpsecESP(TemplateIpsec):
flags=flags,
salt=salt,
hop_limit=params.outer_hop_limit,
+ anti_replay_window_size=anti_replay_window_size,
)
objs.append(params.tun_sa_in)
objs.append(params.tun_sa_out)
@@ -274,6 +278,7 @@ class ConfigIpsecESP(TemplateIpsec):
e = VppEnum.vl_api_ipsec_spd_action_t
flags = params.flags
salt = params.salt
+ anti_replay_window_size = params.anti_replay_window_size
objs = []
params.tra_sa_in = VppIpsecSA(
@@ -287,6 +292,7 @@ class ConfigIpsecESP(TemplateIpsec):
self.vpp_esp_protocol,
flags=flags,
salt=salt,
+ anti_replay_window_size=anti_replay_window_size,
)
params.tra_sa_out = VppIpsecSA(
self,
@@ -299,6 +305,7 @@ class ConfigIpsecESP(TemplateIpsec):
self.vpp_esp_protocol,
flags=flags,
salt=salt,
+ anti_replay_window_size=anti_replay_window_size,
)
objs.append(params.tra_sa_in)
objs.append(params.tra_sa_out)
@@ -1184,9 +1191,16 @@ class RunTestIpsecEspAll(ConfigIpsecESP, IpsecTra4, IpsecTra6, IpsecTun4, IpsecT
#
saf = VppEnum.vl_api_ipsec_sad_flags_t
if flag & saf.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY:
- self.unconfig_network()
- self.config_network(self.params.values())
- self.verify_tra_anti_replay()
+ for anti_replay_window_size in (
+ 64,
+ 131072,
+ ):
+ self.unconfig_network()
+ self.config_anti_replay(self.params.values(), anti_replay_window_size)
+ self.config_network(self.params.values())
+ self.verify_tra_anti_replay()
+ self.verify_tra_anti_replay_algorithm()
+ self.config_anti_replay(self.params.values())
self.unconfig_network()
self.config_network(self.params.values())