summaryrefslogtreecommitdiffstats
path: root/test/template_ipsec.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/template_ipsec.py')
-rw-r--r--test/template_ipsec.py58
1 files changed, 11 insertions, 47 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index 2eeb63c16d1..56f4b456468 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -556,7 +556,7 @@ class IpsecTra4(object):
p.scapy_tra_sa.seq_num = 351
p.vpp_tra_sa.seq_num = 351
- def verify_tra_basic4(self, count=1):
+ def verify_tra_basic4(self, count=1, payload_size=54):
""" ipsec v4 transport basic test """
self.vapi.cli("clear errors")
self.vapi.cli("clear ipsec sa")
@@ -565,7 +565,8 @@ class IpsecTra4(object):
send_pkts = self.gen_encrypt_pkts(p.scapy_tra_sa, self.tra_if,
src=self.tra_if.remote_ip4,
dst=self.tra_if.local_ip4,
- count=count)
+ count=count,
+ payload_size=payload_size)
recv_pkts = self.send_and_expect(self.tra_if, send_pkts,
self.tra_if)
for rx in recv_pkts:
@@ -611,14 +612,16 @@ class IpsecTra4Tests(IpsecTra4):
class IpsecTra6(object):
""" verify methods for Transport v6 """
- def verify_tra_basic6(self, count=1):
+ def verify_tra_basic6(self, count=1, payload_size=54):
self.vapi.cli("clear errors")
+ self.vapi.cli("clear ipsec sa")
try:
p = self.params[socket.AF_INET6]
send_pkts = self.gen_encrypt_pkts6(p.scapy_tra_sa, self.tra_if,
src=self.tra_if.remote_ip6,
dst=self.tra_if.local_ip6,
- count=count)
+ count=count,
+ payload_size=payload_size)
recv_pkts = self.send_and_expect(self.tra_if, send_pkts,
self.tra_if)
for rx in recv_pkts:
@@ -834,7 +837,8 @@ class IpsecTun4(object):
send_pkts = self.gen_encrypt_pkts(p.scapy_tun_sa, self.tun_if,
src=p.remote_tun_if_host,
dst=self.pg1.remote_ip4,
- count=count)
+ count=count,
+ payload_size=payload_size)
recv_pkts = self.send_and_expect(self.tun_if, send_pkts, self.pg1)
self.verify_decrypted(p, recv_pkts)
@@ -857,41 +861,6 @@ class IpsecTun4(object):
self.logger.info(self.vapi.ppcli("show ipsec sa 4"))
self.verify_counters4(p, count, n_rx)
- """ verify methods for Transport v4 """
- def verify_tun_44_bad_packet_sizes(self, p):
- # with a buffer size of 2048, 1989 bytes of payload
- # means there isn't space to insert the ESP header
- N_PKTS = 63
- for p_siz in [1989, 8500]:
- send_pkts = self.gen_encrypt_pkts(p.scapy_tun_sa, self.tun_if,
- src=p.remote_tun_if_host,
- dst=self.pg1.remote_ip4,
- count=N_PKTS,
- payload_size=p_siz)
- self.send_and_assert_no_replies(self.tun_if, send_pkts)
- send_pkts = self.gen_pkts(self.pg1, src=self.pg1.remote_ip4,
- dst=p.remote_tun_if_host, count=N_PKTS,
- payload_size=p_siz)
- self.send_and_assert_no_replies(self.pg1, send_pkts,
- self.tun_if)
-
- # both large packets on decrpyt count against chained buffers
- # the 9000 bytes one does on encrypt
- self.assertEqual(2 * N_PKTS,
- self.statistics.get_err_counter(
- '/err/%s/chained buffers (packet dropped)' %
- self.tun4_decrypt_node_name))
- self.assertEqual(N_PKTS,
- self.statistics.get_err_counter(
- '/err/%s/chained buffers (packet dropped)' %
- self.tun4_encrypt_node_name))
-
- # on encrypt the 1989 size is no trailer space
- self.assertEqual(N_PKTS,
- self.statistics.get_err_counter(
- '/err/%s/no trailer space (packet dropped)' %
- self.tun4_encrypt_node_name))
-
def verify_tun_reass_44(self, p):
self.vapi.cli("clear errors")
self.vapi.ip_reassembly_enable_disable(
@@ -996,12 +965,6 @@ class IpsecTun4Tests(IpsecTun4):
self.verify_tun_44(self.params[socket.AF_INET], count=127)
-class IpsecTunEsp4Tests(IpsecTun4):
- def test_tun_bad_packet_sizes(self):
- """ ipsec v4 tunnel bad packet size """
- self.verify_tun_44_bad_packet_sizes(self.params[socket.AF_INET])
-
-
class IpsecTun6(object):
""" verify methods for Tunnel v6 """
def verify_counters6(self, p_in, p_out, count, worker=None):
@@ -1064,7 +1027,8 @@ class IpsecTun6(object):
send_pkts = self.gen_encrypt_pkts6(p_in.scapy_tun_sa, self.tun_if,
src=p_in.remote_tun_if_host,
dst=self.pg1.remote_ip6,
- count=count)
+ count=count,
+ payload_size=payload_size)
recv_pkts = self.send_and_expect(self.tun_if, send_pkts, self.pg1)
self.verify_decrypted6(p_in, recv_pkts)