diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-02-04 01:10:30 -0800 |
|---|---|---|
| committer |   Dave Barach <openvpp@barachs.net> | 2019-02-05 14:59:44 +0000 |
| commit | a09c1ff5b6ae535932b4fc9477ffc4e39748ca62 (patch) | |
| tree | e7162669c6224358f28e5614c782e2ba73a08e6c /test | |
| parent | 3117ad8aa50afba68b2fa2c7f2b6f91eeb5a555e (diff) | |
IPSEC: SPD counters in the stats sgement
- return the stats_index of each SPD in the create API call
- no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly
- only one pool of SPD entries (rhter than one per-SPD) to support this
- no packets/bytes in the dump API. Polling the stats segment is much more efficient
(if the SA lifetime is based on packet/bytes)
- emit the policy index in the packet trace and CLI commands.
Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/template_ipsec.py | 5 | ||||
| -rw-r--r-- | test/test_ipsec_ah.py | 22 | ||||
| -rw-r--r-- | test/test_ipsec_esp.py | 22 | ||||
| -rw-r--r-- | test/vpp_ipsec.py | 7 |
4 files changed, 37 insertions, 19 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py index 7888a6788ab..77461d4397f 100644 --- a/test/template_ipsec.py +++ b/test/template_ipsec.py @@ -380,6 +380,11 @@ class IpsecTun4Tests(object): self.logger.info(self.vapi.ppcli("show error")) self.logger.info(self.vapi.ppcli("show ipsec")) + if (hasattr(p, "spd_policy_in_any")): + pkts = p.spd_policy_in_any.get_stats()['packets'] + self.assertEqual(pkts, count, + "incorrect SPD any policy: expected %d != %d" % + (count, pkts)) self.assert_packet_counter_equal(self.tun4_encrypt_node_name, count) self.assert_packet_counter_equal(self.tun4_decrypt_node_name, count) diff --git a/test/test_ipsec_ah.py b/test/test_ipsec_ah.py index caec8d431c5..f8add0d3c9c 100644 --- a/test/test_ipsec_ah.py +++ b/test/test_ipsec_ah.py @@ -99,15 +99,19 @@ class TemplateIpsecAh(TemplateIpsec): self.tun_if.remote_addr[addr_type], self.tun_if.local_addr[addr_type]).add_vpp_config() - VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, - addr_any, addr_bcast, - addr_any, addr_bcast, - socket.IPPROTO_AH).add_vpp_config() - VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, - addr_any, addr_bcast, - addr_any, addr_bcast, - socket.IPPROTO_AH, - is_outbound=0).add_vpp_config() + params.spd_policy_in_any = VppIpsecSpdEntry(self, self.tun_spd, + vpp_tun_sa_id, + addr_any, addr_bcast, + addr_any, addr_bcast, + socket.IPPROTO_AH) + params.spd_policy_in_any.add_vpp_config() + params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd, + vpp_tun_sa_id, + addr_any, addr_bcast, + addr_any, addr_bcast, + socket.IPPROTO_AH, + is_outbound=0) + params.spd_policy_out_any.add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index ae62aecc2ed..ba67b60a08e 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -110,15 +110,19 @@ class TemplateIpsecEsp(TemplateIpsec): self.tun_if.remote_addr[addr_type], self.tun_if.local_addr[addr_type]).add_vpp_config() - VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, - addr_any, addr_bcast, - addr_any, addr_bcast, - socket.IPPROTO_ESP).add_vpp_config() - VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, - addr_any, addr_bcast, - addr_any, addr_bcast, - socket.IPPROTO_ESP, - is_outbound=0).add_vpp_config() + params.spd_policy_in_any = VppIpsecSpdEntry(self, self.tun_spd, + scapy_tun_sa_id, + addr_any, addr_bcast, + addr_any, addr_bcast, + socket.IPPROTO_ESP) + params.spd_policy_in_any.add_vpp_config() + params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd, + scapy_tun_sa_id, + addr_any, addr_bcast, + addr_any, addr_bcast, + socket.IPPROTO_ESP, + is_outbound=0) + params.spd_policy_out_any.add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, remote_tun_if_host, diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py index 1218c4bb8bb..69aebc599d6 100644 --- a/test/vpp_ipsec.py +++ b/test/vpp_ipsec.py @@ -111,7 +111,7 @@ class VppIpsecSpdEntry(VppObject): self.remote_port_stop = remote_port_stop def add_vpp_config(self): - self.test.vapi.ipsec_spd_entry_add_del( + rv = self.test.vapi.ipsec_spd_entry_add_del( self.spd.id, self.sa_id, self.local_start, @@ -127,6 +127,7 @@ class VppIpsecSpdEntry(VppObject): local_port_stop=self.local_port_stop, remote_port_start=self.remote_port_start, remote_port_stop=self.remote_port_stop) + self.stat_index = rv.stat_index self.test.registry.register(self, self.test.logger) def remove_vpp_config(self): @@ -171,6 +172,10 @@ class VppIpsecSpdEntry(VppObject): return True return False + def get_stats(self): + c = self.test.statistics.get_counter("/net/ipsec/policy") + return c[0][self.stat_index] + class VppIpsecSA(VppObject): """ |