summaryrefslogtreecommitdiffstats
path: root/test/test_ipsec_esp.py
diff options
context:
space:
mode:
authorNeale Ranns <neale@graphiant.com>2021-02-04 11:09:33 +0000
committerMatthew Smith <mgsmith@netgate.com>2021-02-08 19:37:28 +0000
commitc7eaa711f3e25580687df0618e9ca80d3dc85e5f (patch)
tree0871a2a166c46c3dc2a50bdc635de1a2a6cbc2b3 /test/test_ipsec_esp.py
parent4c71d6c8f84d48754a8ead116f223088b85f587c (diff)
ipsec: Use the new tunnel API types to add flow label and TTL copy
support Type: feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6d4a9b187daa725d4b2cbb66e11616802d44d2d3
Diffstat (limited to 'test/test_ipsec_esp.py')
-rw-r--r--test/test_ipsec_esp.py17
1 files changed, 9 insertions, 8 deletions
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 178b1d248bf..11d44049aeb 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -123,7 +123,8 @@ class ConfigIpsecESP(TemplateIpsec):
tun_flags=tun_flags,
dscp=params.dscp,
flags=flags,
- salt=salt)
+ salt=salt,
+ hop_limit=params.outer_hop_limit)
params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
@@ -133,7 +134,8 @@ class ConfigIpsecESP(TemplateIpsec):
tun_flags=tun_flags,
dscp=params.dscp,
flags=flags,
- salt=salt)
+ salt=salt,
+ hop_limit=params.outer_hop_limit)
objs.append(params.tun_sa_in)
objs.append(params.tun_sa_out)
@@ -401,7 +403,7 @@ class TestIpsecEspTun(TemplateIpsecEsp, IpsecTun46Tests):
Raw(b'X' * payload_size)
for i in range(count)]
- def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54):
+ def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
# set the DSCP + ECN - flags are set to copy both
return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
IPv6(src=src, dst=dst, tc=5) /
@@ -433,15 +435,13 @@ class TestIpsecEspTun2(TemplateIpsecEsp, IpsecTun46Tests):
super(TestIpsecEspTun2, self).setUp()
def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54):
- # set the DSCP + ECN - flags are set to copy only DSCP
return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
IP(src=src, dst=dst) /
UDP(sport=4444, dport=4444) /
Raw(b'X' * payload_size)
for i in range(count)]
- def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54):
- # set the DSCP + ECN - flags are set to copy both
+ def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
IPv6(src=src, dst=dst) /
UDP(sport=4444, dport=4444) /
@@ -449,13 +449,13 @@ class TestIpsecEspTun2(TemplateIpsecEsp, IpsecTun46Tests):
for i in range(count)]
def verify_encrypted(self, p, sa, rxs):
- # just check that only the DSCP is copied
+ # just check that only the DSCP is set
for rx in rxs:
self.assertEqual(rx[IP].tos,
VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF << 2)
def verify_encrypted6(self, p, sa, rxs):
- # just check that the DSCP & ECN are copied
+ # just check that the DSCP is set
for rx in rxs:
self.assertEqual(rx[IPv6].tc,
VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_AF11 << 2)
@@ -684,6 +684,7 @@ class RunTestIpsecEspAll(ConfigIpsecESP,
p.crypt_key = algo['key']
p.salt = algo['salt']
p.flags = p.flags | flag
+ p.outer_flow_label = 243224
self.reporter.send_keep_alive(self)