diff options
| -rw-r--r-- | src/vnet/ipsec/ipsec_api.c | 8 | ||||
| -rw-r--r-- | test/test_ipsec_api.py | 63 |
2 files changed, 54 insertions, 17 deletions
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 2dd9b9f2b2c..262a8cb8c88 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -1357,8 +1357,12 @@ send_ipsec_sa_v5_details (ipsec_sa_t *sa, void *arg) mp->last_seq_inbound = clib_host_to_net_u64 (ipsec_sa_get_inb_seq (sa)); if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa) && irt) - mp->replay_window = - clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (irt)); + { + mp->replay_window = + clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (irt)); + mp->entry.anti_replay_window_size = + clib_host_to_net_u32 (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE (irt)); + } if (ort) thread_index = ort->thread_index; diff --git a/test/test_ipsec_api.py b/test/test_ipsec_api.py index 7208d2887b5..158cb6b9df5 100644 --- a/test/test_ipsec_api.py +++ b/test/test_ipsec_api.py @@ -4,6 +4,7 @@ from framework import VppTestCase from asfframework import VppTestRunner from template_ipsec import IPsecIPv4Params from vpp_papi import VppEnum +from ipaddress import IPv4Address from vpp_ipsec import VppIpsecSA @@ -120,20 +121,15 @@ class IpsecApiTestCase(VppTestCase): ) self.vapi.ipsec_select_backend(protocol=self.vpp_ah_protocol, index=0) - def __check_sa_binding(self, sa_id, thread_index): - found_sa = False + def __sa_dump(self, sa): sa_dumps = self.vapi.ipsec_sa_v5_dump() for dump in sa_dumps: - if dump.entry.sad_id == sa_id: - self.assertEqual(dump.thread_index, thread_index) - found_sa = True - break + if dump.entry.sad_id == sa.id: + return dump + self.fail("SA not found in VPP") - if not found_sa: - self.fail("SA not found in VPP") - - def test_sa_worker_bind(self): - """Bind an SA to a worker""" + def test_sa_basic(self): + """basic SA API tests""" sa = VppIpsecSA( self, self.ipv4_params.scapy_tun_sa_id, @@ -143,14 +139,51 @@ class IpsecApiTestCase(VppTestCase): self.ipv4_params.crypt_algo_vpp_id, self.ipv4_params.crypt_key, VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_ESP, + flags=VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY + | VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_IS_INBOUND, ) sa.add_vpp_config() - self.__check_sa_binding(sa.id, 0xFFFF) - + # check general SA dump + dump = self.__sa_dump(sa) + self.assertEqual(dump.entry.sad_id, sa.id) + self.assertEqual(dump.entry.spi, sa.spi) + self.assertEqual(dump.entry.protocol, sa.proto) + self.assertEqual(dump.entry.crypto_algorithm, sa.crypto_alg) + self.assertEqual( + dump.entry.crypto_key.data[: dump.entry.crypto_key.length], sa.crypto_key + ) + self.assertEqual(dump.entry.integrity_algorithm, sa.integ_alg) + self.assertEqual( + dump.entry.integrity_key.data[: dump.entry.integrity_key.length], + sa.integ_key, + ) + self.assertEqual(dump.entry.flags, sa.flags) + self.assertEqual(dump.entry.tunnel.instance, 0) + self.assertEqual(dump.entry.tunnel.src, IPv4Address("0.0.0.0")) + self.assertEqual(dump.entry.tunnel.dst, IPv4Address("0.0.0.0")) + self.assertEqual(dump.entry.tunnel.sw_if_index, 0) + self.assertEqual(dump.entry.tunnel.table_id, sa.table_id) + self.assertEqual(dump.entry.tunnel.encap_decap_flags, sa.tun_flags) + self.assertEqual(dump.entry.tunnel.mode, 0) + self.assertEqual(dump.entry.tunnel.flags, 0) + self.assertEqual(dump.entry.tunnel.dscp, 0) + self.assertEqual(dump.entry.tunnel.hop_limit, 0) + self.assertEqual(dump.entry.salt, 0) + self.assertEqual(dump.entry.udp_src_port, 0) + self.assertEqual(dump.entry.udp_dst_port, 0) + self.assertEqual(dump.entry.anti_replay_window_size, 64) + self.assertEqual(dump.sw_if_index, 0xFFFFFFFF) + self.assertEqual(dump.seq_outbound, 0) + self.assertEqual(dump.last_seq_inbound, 0) + self.assertEqual(dump.replay_window, 0xFFFFFFFFFFFFFFFF) + self.assertEqual(dump.thread_index, 0xFFFF) + self.assertEqual(dump.stat_index, 0) + + # check SA binding API self.vapi.ipsec_sad_bind(sa_id=sa.id, worker=1) - - self.__check_sa_binding(sa.id, 2) + dump = self.__sa_dump(sa) + self.assertEqual(dump.thread_index, 2) sa.remove_vpp_config() |