nat: use correct data types for memory sizes

[vpp.git] / test / template_ipsec.py
diff --git a/test/template_ipsec.py b/test/template_ipsec.py

index 56f4b45..1caed0d 100644 (file)
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -5,7 +5,7 @@ import struct
  from scapy.layers.inet import IP, ICMP, TCP, UDP
  from scapy.layers.ipsec import SecurityAssociation, ESP
  from scapy.layers.l2 import Ether
  from scapy.layers.inet import IP, ICMP, TCP, UDP
  from scapy.layers.ipsec import SecurityAssociation, ESP
  from scapy.layers.l2 import Ether
-from scapy.packet import Raw
+from scapy.packet import raw, Raw
  from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest, IPv6ExtHdrHopByHop, \
      IPv6ExtHdrFragment, IPv6ExtHdrDestOpt
  
  from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest, IPv6ExtHdrHopByHop, \
      IPv6ExtHdrFragment, IPv6ExtHdrDestOpt
  
@@ -27,14 +27,14 @@ class IPsecIPv4Params(object):
          self.remote_tun_if_host = '1.1.1.1'
          self.remote_tun_if_host6 = '1111::1'
  
          self.remote_tun_if_host = '1.1.1.1'
          self.remote_tun_if_host6 = '1111::1'
  
-        self.scapy_tun_sa_id = 10
+        self.scapy_tun_sa_id = 100
          self.scapy_tun_spi = 1001
          self.scapy_tun_spi = 1001
-        self.vpp_tun_sa_id = 20
+        self.vpp_tun_sa_id = 200
          self.vpp_tun_spi = 1000
  
          self.vpp_tun_spi = 1000
  
-        self.scapy_tra_sa_id = 30
+        self.scapy_tra_sa_id = 300
          self.scapy_tra_spi = 2001
          self.scapy_tra_spi = 2001
-        self.vpp_tra_sa_id = 40
+        self.vpp_tra_sa_id = 400
          self.vpp_tra_spi = 2000
  
          self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
          self.vpp_tra_spi = 2000
  
          self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
@@ -63,14 +63,14 @@ class IPsecIPv6Params(object):
          self.remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
          self.remote_tun_if_host4 = '1.1.1.1'
  
          self.remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
          self.remote_tun_if_host4 = '1.1.1.1'
  
-        self.scapy_tun_sa_id = 50
+        self.scapy_tun_sa_id = 500
          self.scapy_tun_spi = 3001
          self.scapy_tun_spi = 3001
-        self.vpp_tun_sa_id = 60
+        self.vpp_tun_sa_id = 600
          self.vpp_tun_spi = 3000
  
          self.vpp_tun_spi = 3000
  
-        self.scapy_tra_sa_id = 70
+        self.scapy_tra_sa_id = 700
          self.scapy_tra_spi = 4001
          self.scapy_tra_spi = 4001
-        self.vpp_tra_sa_id = 80
+        self.vpp_tra_sa_id = 800
          self.vpp_tra_spi = 4000
  
          self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
          self.vpp_tra_spi = 4000
  
          self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
@@ -224,14 +224,14 @@ class TemplateIpsec(VppTestCase):
      def show_commands_at_teardown(self):
          self.logger.info(self.vapi.cli("show hardware"))
  
      def show_commands_at_teardown(self):
          self.logger.info(self.vapi.cli("show hardware"))
  
-    def gen_encrypt_pkts(self, sa, sw_intf, src, dst, count=1,
+    def gen_encrypt_pkts(self, p, sa, sw_intf, src, dst, count=1,
                           payload_size=54):
          return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                  sa.encrypt(IP(src=src, dst=dst) /
                             ICMP() / Raw(b'X' * payload_size))
                  for i in range(count)]
  
                           payload_size=54):
          return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                  sa.encrypt(IP(src=src, dst=dst) /
                             ICMP() / Raw(b'X' * payload_size))
                  for i in range(count)]
  
-    def gen_encrypt_pkts6(self, sa, sw_intf, src, dst, count=1,
+    def gen_encrypt_pkts6(self, p, sa, sw_intf, src, dst, count=1,
                            payload_size=54):
          return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                  sa.encrypt(IPv6(src=src, dst=dst) /
                            payload_size=54):
          return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                  sa.encrypt(IPv6(src=src, dst=dst) /
@@ -562,7 +562,7 @@ class IpsecTra4(object):
          self.vapi.cli("clear ipsec sa")
          try:
              p = self.params[socket.AF_INET]
          self.vapi.cli("clear ipsec sa")
          try:
              p = self.params[socket.AF_INET]
-            send_pkts = self.gen_encrypt_pkts(p.scapy_tra_sa, self.tra_if,
+            send_pkts = self.gen_encrypt_pkts(p, p.scapy_tra_sa, self.tra_if,
                                                src=self.tra_if.remote_ip4,
                                                dst=self.tra_if.local_ip4,
                                                count=count,
                                                src=self.tra_if.remote_ip4,
                                                dst=self.tra_if.local_ip4,
                                                count=count,
@@ -617,7 +617,7 @@ class IpsecTra6(object):
          self.vapi.cli("clear ipsec sa")
          try:
              p = self.params[socket.AF_INET6]
          self.vapi.cli("clear ipsec sa")
          try:
              p = self.params[socket.AF_INET6]
-            send_pkts = self.gen_encrypt_pkts6(p.scapy_tra_sa, self.tra_if,
+            send_pkts = self.gen_encrypt_pkts6(p, p.scapy_tra_sa, self.tra_if,
                                                 src=self.tra_if.remote_ip6,
                                                 dst=self.tra_if.local_ip6,
                                                 count=count,
                                                 src=self.tra_if.remote_ip6,
                                                 dst=self.tra_if.local_ip6,
                                                 count=count,
@@ -831,10 +831,11 @@ class IpsecTun4(object):
      def verify_tun_44(self, p, count=1, payload_size=64, n_rx=None):
          self.vapi.cli("clear errors")
          self.vapi.cli("clear ipsec counters")
      def verify_tun_44(self, p, count=1, payload_size=64, n_rx=None):
          self.vapi.cli("clear errors")
          self.vapi.cli("clear ipsec counters")
+        self.vapi.cli("clear ipsec sa")
          if not n_rx:
              n_rx = count
          try:
          if not n_rx:
              n_rx = count
          try:
-            send_pkts = self.gen_encrypt_pkts(p.scapy_tun_sa, self.tun_if,
+            send_pkts = self.gen_encrypt_pkts(p, p.scapy_tun_sa, self.tun_if,
                                                src=p.remote_tun_if_host,
                                                dst=self.pg1.remote_ip4,
                                                count=count,
                                                src=p.remote_tun_if_host,
                                                dst=self.pg1.remote_ip4,
                                                count=count,
@@ -861,13 +862,33 @@ class IpsecTun4(object):
          self.logger.info(self.vapi.ppcli("show ipsec sa 4"))
          self.verify_counters4(p, count, n_rx)
  
          self.logger.info(self.vapi.ppcli("show ipsec sa 4"))
          self.verify_counters4(p, count, n_rx)
  
+    def verify_tun_dropped_44(self, p, count=1, payload_size=64, n_rx=None):
+        self.vapi.cli("clear errors")
+        if not n_rx:
+            n_rx = count
+        try:
+            send_pkts = self.gen_encrypt_pkts(p, p.scapy_tun_sa, self.tun_if,
+                                              src=p.remote_tun_if_host,
+                                              dst=self.pg1.remote_ip4,
+                                              count=count)
+            self.send_and_assert_no_replies(self.tun_if, send_pkts)
+
+            send_pkts = self.gen_pkts(self.pg1, src=self.pg1.remote_ip4,
+                                      dst=p.remote_tun_if_host, count=count,
+                                      payload_size=payload_size)
+            self.send_and_assert_no_replies(self.pg1, send_pkts)
+
+        finally:
+            self.logger.info(self.vapi.ppcli("show error"))
+            self.logger.info(self.vapi.ppcli("show ipsec all"))
+
      def verify_tun_reass_44(self, p):
          self.vapi.cli("clear errors")
          self.vapi.ip_reassembly_enable_disable(
              sw_if_index=self.tun_if.sw_if_index, enable_ip4=True)
  
          try:
      def verify_tun_reass_44(self, p):
          self.vapi.cli("clear errors")
          self.vapi.ip_reassembly_enable_disable(
              sw_if_index=self.tun_if.sw_if_index, enable_ip4=True)
  
          try:
-            send_pkts = self.gen_encrypt_pkts(p.scapy_tun_sa, self.tun_if,
+            send_pkts = self.gen_encrypt_pkts(p, p.scapy_tun_sa, self.tun_if,
                                                src=p.remote_tun_if_host,
                                                dst=self.pg1.remote_ip4,
                                                payload_size=1900,
                                                src=p.remote_tun_if_host,
                                                dst=self.pg1.remote_ip4,
                                                payload_size=1900,
@@ -894,7 +915,7 @@ class IpsecTun4(object):
      def verify_tun_64(self, p, count=1):
          self.vapi.cli("clear errors")
          try:
      def verify_tun_64(self, p, count=1):
          self.vapi.cli("clear errors")
          try:
-            send_pkts = self.gen_encrypt_pkts6(p.scapy_tun_sa, self.tun_if,
+            send_pkts = self.gen_encrypt_pkts6(p, p.scapy_tun_sa, self.tun_if,
                                                 src=p.remote_tun_if_host6,
                                                 dst=self.pg1.remote_ip6,
                                                 count=count)
                                                 src=p.remote_tun_if_host6,
                                                 dst=self.pg1.remote_ip6,
                                                 count=count)
@@ -1011,7 +1032,8 @@ class IpsecTun6(object):
          self.vapi.cli("clear errors")
          self.vapi.cli("clear ipsec sa")
  
          self.vapi.cli("clear errors")
          self.vapi.cli("clear ipsec sa")
  
-        send_pkts = self.gen_encrypt_pkts6(p_in.scapy_tun_sa, self.tun_if,
+        send_pkts = self.gen_encrypt_pkts6(p_in, p_in.scapy_tun_sa,
+                                           self.tun_if,
                                             src=p_in.remote_tun_if_host,
                                             dst=self.pg1.remote_ip6,
                                             count=count)
                                             src=p_in.remote_tun_if_host,
                                             dst=self.pg1.remote_ip6,
                                             count=count)
@@ -1024,7 +1046,8 @@ class IpsecTun6(object):
          if not p_out:
              p_out = p_in
          try:
          if not p_out:
              p_out = p_in
          try:
-            send_pkts = self.gen_encrypt_pkts6(p_in.scapy_tun_sa, self.tun_if,
+            send_pkts = self.gen_encrypt_pkts6(p_in, p_in.scapy_tun_sa,
+                                               self.tun_if,
                                                 src=p_in.remote_tun_if_host,
                                                 dst=self.pg1.remote_ip6,
                                                 count=count,
                                                 src=p_in.remote_tun_if_host,
                                                 dst=self.pg1.remote_ip6,
                                                 count=count,
@@ -1054,7 +1077,7 @@ class IpsecTun6(object):
              sw_if_index=self.tun_if.sw_if_index, enable_ip6=True)
  
          try:
              sw_if_index=self.tun_if.sw_if_index, enable_ip6=True)
  
          try:
-            send_pkts = self.gen_encrypt_pkts6(p.scapy_tun_sa, self.tun_if,
+            send_pkts = self.gen_encrypt_pkts6(p, p.scapy_tun_sa, self.tun_if,
                                                 src=p.remote_tun_if_host,
                                                 dst=self.pg1.remote_ip6,
                                                 count=1,
                                                 src=p.remote_tun_if_host,
                                                 dst=self.pg1.remote_ip6,
                                                 count=1,
@@ -1082,7 +1105,7 @@ class IpsecTun6(object):
          """ ipsec 4o6 tunnel basic test """
          self.vapi.cli("clear errors")
          try:
          """ ipsec 4o6 tunnel basic test """
          self.vapi.cli("clear errors")
          try:
-            send_pkts = self.gen_encrypt_pkts(p.scapy_tun_sa, self.tun_if,
+            send_pkts = self.gen_encrypt_pkts(p, p.scapy_tun_sa, self.tun_if,
                                                src=p.remote_tun_if_host4,
                                                dst=self.pg1.remote_ip4,
                                                count=count)
                                                src=p.remote_tun_if_host4,
                                                dst=self.pg1.remote_ip4,
                                                count=count)
@@ -1145,7 +1168,7 @@ class IpsecTun6HandoffTests(IpsecTun6):
          # inject alternately on worker 0 and 1. all counts on the SA
          # should be against worker 0
          for worker in [0, 1, 0, 1]:
          # inject alternately on worker 0 and 1. all counts on the SA
          # should be against worker 0
          for worker in [0, 1, 0, 1]:
-            send_pkts = self.gen_encrypt_pkts6(p.scapy_tun_sa, self.tun_if,
+            send_pkts = self.gen_encrypt_pkts6(p, p.scapy_tun_sa, self.tun_if,
                                                 src=p.remote_tun_if_host,
                                                 dst=self.pg1.remote_ip6,
                                                 count=N_PKTS)
                                                 src=p.remote_tun_if_host,
                                                 dst=self.pg1.remote_ip6,
                                                 count=N_PKTS)
@@ -1176,7 +1199,7 @@ class IpsecTun4HandoffTests(IpsecTun4):
          # inject alternately on worker 0 and 1. all counts on the SA
          # should be against worker 0
          for worker in [0, 1, 0, 1]:
          # inject alternately on worker 0 and 1. all counts on the SA
          # should be against worker 0
          for worker in [0, 1, 0, 1]:
-            send_pkts = self.gen_encrypt_pkts(p.scapy_tun_sa, self.tun_if,
+            send_pkts = self.gen_encrypt_pkts(p, p.scapy_tun_sa, self.tun_if,
                                                src=p.remote_tun_if_host,
                                                dst=self.pg1.remote_ip4,
                                                count=N_PKTS)
                                                src=p.remote_tun_if_host,
                                                dst=self.pg1.remote_ip4,
                                                count=N_PKTS)