From 141dea23f416568d7c57651cc26306628bd6e34f Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Wed, 10 Apr 2019 17:24:29 +0000
Subject: IPSEC: ESP with ESN tests and fixes

Change-Id: Ie42b26e6d5cdb7b23f370ea2933c65079e8d1089
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 49e7ef60cb38d9f539d70d7a1e85cea5d350a203)
---
 test/test_ipsec_esp.py | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'test/test_ipsec_esp.py')

diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 85dfc8a41a6..34c09c78a24 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -100,6 +100,7 @@ class ConfigIpsecESP(TemplateIpsec):
         addr_any = params.addr_any
         addr_bcast = params.addr_bcast
         e = VppEnum.vl_api_ipsec_spd_action_t
+        flags = params.flags
         objs = []
 
         params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
@@ -107,13 +108,15 @@ class ConfigIpsecESP(TemplateIpsec):
                                       crypt_algo_vpp_id, crypt_key,
                                       self.vpp_esp_protocol,
                                       self.tun_if.local_addr[addr_type],
-                                      self.tun_if.remote_addr[addr_type])
+                                      self.tun_if.remote_addr[addr_type],
+                                      flags=flags)
         params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
                                        auth_algo_vpp_id, auth_key,
                                        crypt_algo_vpp_id, crypt_key,
                                        self.vpp_esp_protocol,
                                        self.tun_if.remote_addr[addr_type],
-                                       self.tun_if.local_addr[addr_type])
+                                       self.tun_if.local_addr[addr_type],
+                                       flags=flags)
         objs.append(params.tun_sa_in)
         objs.append(params.tun_sa_out)
 
@@ -336,7 +339,7 @@ class TemplateIpsecEspUdp(ConfigIpsecESP):
             self.vapi.cli("show hardware")
 
 
-class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests, IpsecTun4Tests):
+class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests):
     """ Ipsec NAT-T ESP UDP tests """
     pass
 
@@ -353,7 +356,7 @@ class TestIpsecEspAll(ConfigIpsecESP,
         super(TestIpsecEspAll, self).tearDown()
 
     def test_crypto_algs(self):
-        """All engines AES-CBC-[128, 192, 256] w/o ESN"""
+        """All engines AES-CBC-[128, 192, 256] w/ & w/o ESN"""
 
         # foreach VPP crypto engine
         engines = ["ia32", "ipsecmb", "openssl"]
@@ -372,9 +375,9 @@ class TestIpsecEspAll(ConfigIpsecESP,
                   'scapy': "AES-CBC",
                   'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
 
-        # bug found in VPP needs fixing with flag
-        # (VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN)
-        flags = [0]
+        # with and without ESN
+        flags = [0,
+                 VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN]
 
         #
         # loop through the VPP engines
@@ -417,8 +420,8 @@ class TestIpsecEspAll(ConfigIpsecESP,
                     #
                     self.verify_tra_basic6(count=17)
                     self.verify_tra_basic4(count=17)
-                    self.verify_tun_66(self.params[socket.AF_INET6], 17)
-                    self.verify_tun_44(self.params[socket.AF_INET], 17)
+                    self.verify_tun_66(self.params[socket.AF_INET6], 1)
+                    self.verify_tun_44(self.params[socket.AF_INET], 1)
 
                     #
                     # remove the SPDs, SAs, etc
-- 
cgit 1.2.3-korg