aboutsummaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-02-04 01:10:30 -0800
committerDave Barach <openvpp@barachs.net>2019-02-05 14:59:44 +0000
commita09c1ff5b6ae535932b4fc9477ffc4e39748ca62 (patch)
treee7162669c6224358f28e5614c782e2ba73a08e6c /test
parent3117ad8aa50afba68b2fa2c7f2b6f91eeb5a555e (diff)
IPSEC: SPD counters in the stats sgement
- return the stats_index of each SPD in the create API call - no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly - only one pool of SPD entries (rhter than one per-SPD) to support this - no packets/bytes in the dump API. Polling the stats segment is much more efficient (if the SA lifetime is based on packet/bytes) - emit the policy index in the packet trace and CLI commands. Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test')
-rw-r--r--test/template_ipsec.py5
-rw-r--r--test/test_ipsec_ah.py22
-rw-r--r--test/test_ipsec_esp.py22
-rw-r--r--test/vpp_ipsec.py7
4 files changed, 37 insertions, 19 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index 7888a6788ab..77461d4397f 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -380,6 +380,11 @@ class IpsecTun4Tests(object):
self.logger.info(self.vapi.ppcli("show error"))
self.logger.info(self.vapi.ppcli("show ipsec"))
+ if (hasattr(p, "spd_policy_in_any")):
+ pkts = p.spd_policy_in_any.get_stats()['packets']
+ self.assertEqual(pkts, count,
+ "incorrect SPD any policy: expected %d != %d" %
+ (count, pkts))
self.assert_packet_counter_equal(self.tun4_encrypt_node_name, count)
self.assert_packet_counter_equal(self.tun4_decrypt_node_name, count)
diff --git a/test/test_ipsec_ah.py b/test/test_ipsec_ah.py
index caec8d431c5..f8add0d3c9c 100644
--- a/test/test_ipsec_ah.py
+++ b/test/test_ipsec_ah.py
@@ -99,15 +99,19 @@ class TemplateIpsecAh(TemplateIpsec):
self.tun_if.remote_addr[addr_type],
self.tun_if.local_addr[addr_type]).add_vpp_config()
- VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
- addr_any, addr_bcast,
- addr_any, addr_bcast,
- socket.IPPROTO_AH).add_vpp_config()
- VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
- addr_any, addr_bcast,
- addr_any, addr_bcast,
- socket.IPPROTO_AH,
- is_outbound=0).add_vpp_config()
+ params.spd_policy_in_any = VppIpsecSpdEntry(self, self.tun_spd,
+ vpp_tun_sa_id,
+ addr_any, addr_bcast,
+ addr_any, addr_bcast,
+ socket.IPPROTO_AH)
+ params.spd_policy_in_any.add_vpp_config()
+ params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd,
+ vpp_tun_sa_id,
+ addr_any, addr_bcast,
+ addr_any, addr_bcast,
+ socket.IPPROTO_AH,
+ is_outbound=0)
+ params.spd_policy_out_any.add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
remote_tun_if_host,
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index ae62aecc2ed..ba67b60a08e 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -110,15 +110,19 @@ class TemplateIpsecEsp(TemplateIpsec):
self.tun_if.remote_addr[addr_type],
self.tun_if.local_addr[addr_type]).add_vpp_config()
- VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
- addr_any, addr_bcast,
- addr_any, addr_bcast,
- socket.IPPROTO_ESP).add_vpp_config()
- VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
- addr_any, addr_bcast,
- addr_any, addr_bcast,
- socket.IPPROTO_ESP,
- is_outbound=0).add_vpp_config()
+ params.spd_policy_in_any = VppIpsecSpdEntry(self, self.tun_spd,
+ scapy_tun_sa_id,
+ addr_any, addr_bcast,
+ addr_any, addr_bcast,
+ socket.IPPROTO_ESP)
+ params.spd_policy_in_any.add_vpp_config()
+ params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd,
+ scapy_tun_sa_id,
+ addr_any, addr_bcast,
+ addr_any, addr_bcast,
+ socket.IPPROTO_ESP,
+ is_outbound=0)
+ params.spd_policy_out_any.add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
remote_tun_if_host, remote_tun_if_host,
diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py
index 1218c4bb8bb..69aebc599d6 100644
--- a/test/vpp_ipsec.py
+++ b/test/vpp_ipsec.py
@@ -111,7 +111,7 @@ class VppIpsecSpdEntry(VppObject):
self.remote_port_stop = remote_port_stop
def add_vpp_config(self):
- self.test.vapi.ipsec_spd_entry_add_del(
+ rv = self.test.vapi.ipsec_spd_entry_add_del(
self.spd.id,
self.sa_id,
self.local_start,
@@ -127,6 +127,7 @@ class VppIpsecSpdEntry(VppObject):
local_port_stop=self.local_port_stop,
remote_port_start=self.remote_port_start,
remote_port_stop=self.remote_port_stop)
+ self.stat_index = rv.stat_index
self.test.registry.register(self, self.test.logger)
def remove_vpp_config(self):
@@ -171,6 +172,10 @@ class VppIpsecSpdEntry(VppObject):
return True
return False
+ def get_stats(self):
+ c = self.test.statistics.get_counter("/net/ipsec/policy")
+ return c[0][self.stat_index]
+
class VppIpsecSA(VppObject):
"""