From a09c1ff5b6ae535932b4fc9477ffc4e39748ca62 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Mon, 4 Feb 2019 01:10:30 -0800 Subject: IPSEC: SPD counters in the stats sgement - return the stats_index of each SPD in the create API call - no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly - only one pool of SPD entries (rhter than one per-SPD) to support this - no packets/bytes in the dump API. Polling the stats segment is much more efficient (if the SA lifetime is based on packet/bytes) - emit the policy index in the packet trace and CLI commands. Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569 Signed-off-by: Neale Ranns --- test/template_ipsec.py | 5 +++++ test/test_ipsec_ah.py | 22 +++++++++++++--------- test/test_ipsec_esp.py | 22 +++++++++++++--------- test/vpp_ipsec.py | 7 ++++++- 4 files changed, 37 insertions(+), 19 deletions(-) (limited to 'test') diff --git a/test/template_ipsec.py b/test/template_ipsec.py index 7888a6788ab..77461d4397f 100644 --- a/test/template_ipsec.py +++ b/test/template_ipsec.py @@ -380,6 +380,11 @@ class IpsecTun4Tests(object): self.logger.info(self.vapi.ppcli("show error")) self.logger.info(self.vapi.ppcli("show ipsec")) + if (hasattr(p, "spd_policy_in_any")): + pkts = p.spd_policy_in_any.get_stats()['packets'] + self.assertEqual(pkts, count, + "incorrect SPD any policy: expected %d != %d" % + (count, pkts)) self.assert_packet_counter_equal(self.tun4_encrypt_node_name, count) self.assert_packet_counter_equal(self.tun4_decrypt_node_name, count) diff --git a/test/test_ipsec_ah.py b/test/test_ipsec_ah.py index caec8d431c5..f8add0d3c9c 100644 --- a/test/test_ipsec_ah.py +++ b/test/test_ipsec_ah.py @@ -99,15 +99,19 @@ class TemplateIpsecAh(TemplateIpsec): self.tun_if.remote_addr[addr_type], self.tun_if.local_addr[addr_type]).add_vpp_config() - VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, - addr_any, addr_bcast, - addr_any, addr_bcast, - socket.IPPROTO_AH).add_vpp_config() - VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, - addr_any, addr_bcast, - addr_any, addr_bcast, - socket.IPPROTO_AH, - is_outbound=0).add_vpp_config() + params.spd_policy_in_any = VppIpsecSpdEntry(self, self.tun_spd, + vpp_tun_sa_id, + addr_any, addr_bcast, + addr_any, addr_bcast, + socket.IPPROTO_AH) + params.spd_policy_in_any.add_vpp_config() + params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd, + vpp_tun_sa_id, + addr_any, addr_bcast, + addr_any, addr_bcast, + socket.IPPROTO_AH, + is_outbound=0) + params.spd_policy_out_any.add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index ae62aecc2ed..ba67b60a08e 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -110,15 +110,19 @@ class TemplateIpsecEsp(TemplateIpsec): self.tun_if.remote_addr[addr_type], self.tun_if.local_addr[addr_type]).add_vpp_config() - VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, - addr_any, addr_bcast, - addr_any, addr_bcast, - socket.IPPROTO_ESP).add_vpp_config() - VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, - addr_any, addr_bcast, - addr_any, addr_bcast, - socket.IPPROTO_ESP, - is_outbound=0).add_vpp_config() + params.spd_policy_in_any = VppIpsecSpdEntry(self, self.tun_spd, + scapy_tun_sa_id, + addr_any, addr_bcast, + addr_any, addr_bcast, + socket.IPPROTO_ESP) + params.spd_policy_in_any.add_vpp_config() + params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd, + scapy_tun_sa_id, + addr_any, addr_bcast, + addr_any, addr_bcast, + socket.IPPROTO_ESP, + is_outbound=0) + params.spd_policy_out_any.add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, remote_tun_if_host, diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py index 1218c4bb8bb..69aebc599d6 100644 --- a/test/vpp_ipsec.py +++ b/test/vpp_ipsec.py @@ -111,7 +111,7 @@ class VppIpsecSpdEntry(VppObject): self.remote_port_stop = remote_port_stop def add_vpp_config(self): - self.test.vapi.ipsec_spd_entry_add_del( + rv = self.test.vapi.ipsec_spd_entry_add_del( self.spd.id, self.sa_id, self.local_start, @@ -127,6 +127,7 @@ class VppIpsecSpdEntry(VppObject): local_port_stop=self.local_port_stop, remote_port_start=self.remote_port_start, remote_port_stop=self.remote_port_stop) + self.stat_index = rv.stat_index self.test.registry.register(self, self.test.logger) def remove_vpp_config(self): @@ -171,6 +172,10 @@ class VppIpsecSpdEntry(VppObject): return True return False + def get_stats(self): + c = self.test.statistics.get_counter("/net/ipsec/policy") + return c[0][self.stat_index] + class VppIpsecSA(VppObject): """ -- cgit 1.2.3-korg