diff options
author | Neale Ranns <neale@graphiant.com> | 2021-02-09 14:04:02 +0000 |
---|---|---|
committer | Matthew Smith <mgsmith@netgate.com> | 2021-02-10 13:39:37 +0000 |
commit | 9ec846c2684b69f47505d73ea9f873b793a11558 (patch) | |
tree | 78b1f3ced7dcee5d925f5c715b7e2ba99d5cdd95 /test/test_ipsec_tun_if_esp.py | |
parent | 98d82ca04ba438cd2ba3c03de6e1e82e4786cd83 (diff) |
ipsec: Use the new tunnel API types to add flow label and TTL copy
support
Type: feature
attmpet 2. this includes changes in ah_encrypt that don't use
uninitialised memory when doing tunnel mode fixups.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d
Diffstat (limited to 'test/test_ipsec_tun_if_esp.py')
-rw-r--r-- | test/test_ipsec_tun_if_esp.py | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py index 5bcd9ddfae0..2ef1351ae7f 100644 --- a/test/test_ipsec_tun_if_esp.py +++ b/test/test_ipsec_tun_if_esp.py @@ -1494,7 +1494,7 @@ class TestIpsecGre6IfEspTra(TemplateIpsec, Raw(b'X' * payload_size)) for i in range(count)] - def gen_pkts6(self, sw_intf, src, dst, count=1, + def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=100): return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IPv6(src="1::1", dst="1::2") / @@ -1724,7 +1724,7 @@ class TestIpsecMGreIfEspTra6(TemplateIpsec, IpsecTun6): Raw(b'X' * payload_size)) for i in range(count)] - def gen_pkts6(self, sw_intf, src, dst, count=1, + def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=100): return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IPv6(src="1::1", dst=dst) / @@ -2263,7 +2263,7 @@ class TestIpsec6TunProtectTun(TemplateIpsec, Raw(b'X' * payload_size)) for i in range(count)] - def gen_pkts6(self, sw_intf, src, dst, count=1, + def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=100): return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / IPv6(src=src, dst=dst) / @@ -2659,12 +2659,19 @@ class TemplateIpsecItf6(object): def config_sa_tun(self, p, src, dst): config_tun_params(p, self.encryption_type, None, src, dst) + if not hasattr(p, 'tun_flags'): + p.tun_flags = None + if not hasattr(p, 'hop_limit'): + p.hop_limit = 255 + p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, p.crypt_key, self.vpp_esp_protocol, src, dst, - flags=p.flags) + flags=p.flags, + tun_flags=p.tun_flags, + hop_limit=p.hop_limit) p.tun_sa_out.add_vpp_config() p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi, @@ -2729,8 +2736,13 @@ class TestIpsecItf6(TemplateIpsec, def test_tun_44(self): """IPSEC interface IPv6""" + tf = VppEnum.vl_api_tunnel_encap_decap_flags_t n_pkts = 127 p = self.ipv6_params + p.inner_hop_limit = 24 + p.outer_hop_limit = 23 + p.outer_flow_label = 243224 + p.tun_flags = tf.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_HOP_LIMIT self.config_network(p) self.config_sa_tun(p, @@ -2776,6 +2788,12 @@ class TestIpsecItf6(TemplateIpsec, np.vpp_tun_sa_id += 1 np.tun_if.local_spi = p.vpp_tun_spi np.tun_if.remote_spi = p.scapy_tun_spi + np.inner_hop_limit = 24 + np.outer_hop_limit = 128 + np.inner_flow_label = 0xabcde + np.outer_flow_label = 0xabcde + np.hop_limit = 128 + np.tun_flags = tf.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_FLOW_LABEL self.config_sa_tun(np, self.pg0.local_ip6, @@ -2828,6 +2846,7 @@ class TestIpsecMIfEsp4(TemplateIpsec, IpsecTun4): try: self.assertEqual(rx[IP].tos, VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF << 2) + self.assertEqual(rx[IP].ttl, p.hop_limit) pkt = sa.decrypt(rx[IP]) if not pkt.haslayer(IP): pkt = IP(pkt[Raw].load) @@ -2876,6 +2895,7 @@ class TestIpsecMIfEsp4(TemplateIpsec, IpsecTun4): p.scapy_tra_spi = p.scapy_tra_spi + ii p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii p.vpp_tra_spi = p.vpp_tra_spi + ii + p.hop_limit = ii+10 p.tun_sa_out = VppIpsecSA( self, p.scapy_tun_sa_id, p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, @@ -2883,7 +2903,8 @@ class TestIpsecMIfEsp4(TemplateIpsec, IpsecTun4): self.vpp_esp_protocol, self.pg0.local_ip4, self.pg0.remote_hosts[ii].ip4, - dscp=VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF) + dscp=VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF, + hop_limit=p.hop_limit) p.tun_sa_out.add_vpp_config() p.tun_sa_in = VppIpsecSA( @@ -2893,7 +2914,8 @@ class TestIpsecMIfEsp4(TemplateIpsec, IpsecTun4): self.vpp_esp_protocol, self.pg0.remote_hosts[ii].ip4, self.pg0.local_ip4, - dscp=VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF) + dscp=VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF, + hop_limit=p.hop_limit) p.tun_sa_in.add_vpp_config() p.tun_protect = VppIpsecTunProtect( |