From 0e2f188f7c9872d7c946c14d785c6dc7c7c68847 Mon Sep 17 00:00:00 2001 From: Maxime Peim Date: Thu, 22 Dec 2022 11:26:57 +0000 Subject: ipsec: huge anti-replay window support Type: improvement Since RFC4303 does not specify the anti-replay window size, VPP should support multiple window size. It is done through a clib_bitmap. Signed-off-by: Maxime Peim Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc --- test/vpp_ipsec.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'test/vpp_ipsec.py') diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py index 7a5a95a457a..e354cfc8ac6 100644 --- a/test/vpp_ipsec.py +++ b/test/vpp_ipsec.py @@ -218,6 +218,7 @@ class VppIpsecSA(VppObject): udp_src=None, udp_dst=None, hop_limit=None, + anti_replay_window_size=0, ): e = VppEnum.vl_api_ipsec_sad_flags_t self.test = test @@ -229,6 +230,7 @@ class VppIpsecSA(VppObject): self.crypto_key = crypto_key self.proto = proto self.salt = salt + self.anti_replay_window_size = anti_replay_window_size self.table_id = 0 self.tun_src = tun_src @@ -284,13 +286,14 @@ class VppIpsecSA(VppObject): "tunnel": self.tunnel_encode(), "flags": self.flags, "salt": self.salt, + "anti_replay_window_size": self.anti_replay_window_size, } # don't explicitly send the defaults, let papi fill them in if self.udp_src: entry["udp_src_port"] = self.udp_src if self.udp_dst: entry["udp_dst_port"] = self.udp_dst - r = self.test.vapi.ipsec_sad_entry_add(entry=entry) + r = self.test.vapi.ipsec_sad_entry_add_v2(entry=entry) self.stat_index = r.stat_index self.test.registry.register(self, self.test.logger) return self @@ -324,7 +327,7 @@ class VppIpsecSA(VppObject): def query_vpp_config(self): e = VppEnum.vl_api_ipsec_sad_flags_t - bs = self.test.vapi.ipsec_sa_v3_dump() + bs = self.test.vapi.ipsec_sa_v5_dump() for b in bs: if b.entry.sad_id == self.id: # if udp encap is configured then the ports should match -- cgit 1.2.3-korg