Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
hs-test: filter relevant data from perf tests output
[vpp.git]
/
test
/
template_ipsec.py
diff --git
a/test/template_ipsec.py
b/test/template_ipsec.py
index
9d9ea3a
..
ba1c246
100644
(file)
--- a/
test/template_ipsec.py
+++ b/
test/template_ipsec.py
@@
-138,7
+138,7
@@
def config_tun_params(p, encryption_type, tun_if):
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tun_sa = SecurityAssociation(
encryption_type,
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tun_sa = SecurityAssociation(
encryption_type,
- spi=p.
vpp
_tun_spi,
+ spi=p.
scapy
_tun_spi,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
@@
-149,7
+149,7
@@
def config_tun_params(p, encryption_type, tun_if):
)
p.vpp_tun_sa = SecurityAssociation(
encryption_type,
)
p.vpp_tun_sa = SecurityAssociation(
encryption_type,
- spi=p.
scapy
_tun_spi,
+ spi=p.
vpp
_tun_spi,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
@@
-167,7
+167,7
@@
def config_tra_params(p, encryption_type):
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tra_sa = SecurityAssociation(
encryption_type,
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tra_sa = SecurityAssociation(
encryption_type,
- spi=p.
vpp
_tra_spi,
+ spi=p.
scapy
_tra_spi,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
@@
-177,7
+177,7
@@
def config_tra_params(p, encryption_type):
)
p.vpp_tra_sa = SecurityAssociation(
encryption_type,
)
p.vpp_tra_sa = SecurityAssociation(
encryption_type,
- spi=p.
scapy
_tra_spi,
+ spi=p.
vpp
_tra_spi,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo,
@@
-632,10
+632,17
@@
class IpsecTra4(object):
replay_count = self.get_replay_counts(p)
hash_failed_count = self.get_hash_failed_counts(p)
seq_cycle_count = self.statistics.get_err_counter(seq_cycle_node_name)
replay_count = self.get_replay_counts(p)
hash_failed_count = self.get_hash_failed_counts(p)
seq_cycle_count = self.statistics.get_err_counter(seq_cycle_node_name)
+ hash_err = "integ_error"
if ESP == self.encryption_type:
undersize_node_name = "/err/%s/runt" % self.tra4_decrypt_node_name[0]
undersize_count = self.statistics.get_err_counter(undersize_node_name)
if ESP == self.encryption_type:
undersize_node_name = "/err/%s/runt" % self.tra4_decrypt_node_name[0]
undersize_count = self.statistics.get_err_counter(undersize_node_name)
+ # For AES-GCM an error in the hash is reported as a decryption failure
+ if p.crypt_algo == "AES-GCM":
+ hash_err = "decryption_failed"
+ # In async mode, we don't report errors in the hash.
+ if p.async_mode:
+ hash_err = ""
#
# send packets with seq numbers 1->34
#
# send packets with seq numbers 1->34
@@
-661,6
+668,8
@@
class IpsecTra4(object):
self.send_and_assert_no_replies(self.tra_if, pkts, timeout=0.2)
replay_count += len(pkts)
self.assertEqual(self.get_replay_counts(p), replay_count)
self.send_and_assert_no_replies(self.tra_if, pkts, timeout=0.2)
replay_count += len(pkts)
self.assertEqual(self.get_replay_counts(p), replay_count)
+ err = p.tra_sa_in.get_err("replay")
+ self.assertEqual(err, replay_count)
#
# now send a batch of packets all with the same sequence number
#
# now send a batch of packets all with the same sequence number
@@
-677,6
+686,8
@@
class IpsecTra4(object):
recv_pkts = self.send_and_expect(self.tra_if, pkts * 8, self.tra_if, n_rx=1)
replay_count += 7
self.assertEqual(self.get_replay_counts(p), replay_count)
recv_pkts = self.send_and_expect(self.tra_if, pkts * 8, self.tra_if, n_rx=1)
replay_count += 7
self.assertEqual(self.get_replay_counts(p), replay_count)
+ err = p.tra_sa_in.get_err("replay")
+ self.assertEqual(err, replay_count)
#
# now move the window over to 257 (more than one byte) and into Case A
#
# now move the window over to 257 (more than one byte) and into Case A
@@
-694,6
+705,8
@@
class IpsecTra4(object):
self.send_and_assert_no_replies(self.tra_if, pkt * 3, timeout=0.2)
replay_count += 3
self.assertEqual(self.get_replay_counts(p), replay_count)
self.send_and_assert_no_replies(self.tra_if, pkt * 3, timeout=0.2)
replay_count += 3
self.assertEqual(self.get_replay_counts(p), replay_count)
+ err = p.tra_sa_in.get_err("replay")
+ self.assertEqual(err, replay_count)
# the window size is 64 packets
# in window are still accepted
# the window size is 64 packets
# in window are still accepted
@@
-708,7
+721,7
@@
class IpsecTra4(object):
# a packet that does not decrypt does not move the window forward
bogus_sa = SecurityAssociation(
self.encryption_type,
# a packet that does not decrypt does not move the window forward
bogus_sa = SecurityAssociation(
self.encryption_type,
- p.
vpp
_tra_spi,
+ p.
scapy
_tra_spi,
crypt_algo=p.crypt_algo,
crypt_key=mk_scapy_crypt_key(p)[::-1],
auth_algo=p.auth_algo,
crypt_algo=p.crypt_algo,
crypt_key=mk_scapy_crypt_key(p)[::-1],
auth_algo=p.auth_algo,
@@
-724,11
+737,14
@@
class IpsecTra4(object):
hash_failed_count += 17
self.assertEqual(self.get_hash_failed_counts(p), hash_failed_count)
hash_failed_count += 17
self.assertEqual(self.get_hash_failed_counts(p), hash_failed_count)
+ if hash_err != "":
+ err = p.tra_sa_in.get_err(hash_err)
+ self.assertEqual(err, hash_failed_count)
# a malformed 'runt' packet
# created by a mis-constructed SA
if ESP == self.encryption_type and p.crypt_algo != "NULL":
# a malformed 'runt' packet
# created by a mis-constructed SA
if ESP == self.encryption_type and p.crypt_algo != "NULL":
- bogus_sa = SecurityAssociation(self.encryption_type, p.
vpp
_tra_spi)
+ bogus_sa = SecurityAssociation(self.encryption_type, p.
scapy
_tra_spi)
pkt = Ether(
src=self.tra_if.remote_mac, dst=self.tra_if.local_mac
) / bogus_sa.encrypt(
pkt = Ether(
src=self.tra_if.remote_mac, dst=self.tra_if.local_mac
) / bogus_sa.encrypt(
@@
-739,6
+755,8
@@
class IpsecTra4(object):
undersize_count += 17
self.assert_error_counter_equal(undersize_node_name, undersize_count)
undersize_count += 17
self.assert_error_counter_equal(undersize_node_name, undersize_count)
+ err = p.tra_sa_in.get_err("runt")
+ self.assertEqual(err, undersize_count)
# which we can determine since this packet is still in the window
pkt = Ether(
# which we can determine since this packet is still in the window
pkt = Ether(
@@
-767,10
+785,15
@@
class IpsecTra4(object):
# wrap. but since it isn't then the verify will fail.
hash_failed_count += 17
self.assertEqual(self.get_hash_failed_counts(p), hash_failed_count)
# wrap. but since it isn't then the verify will fail.
hash_failed_count += 17
self.assertEqual(self.get_hash_failed_counts(p), hash_failed_count)
+ if hash_err != "":
+ err = p.tra_sa_in.get_err(hash_err)
+ self.assertEqual(err, hash_failed_count)
else:
replay_count += 17
self.assertEqual(self.get_replay_counts(p), replay_count)
else:
replay_count += 17
self.assertEqual(self.get_replay_counts(p), replay_count)
+ err = p.tra_sa_in.get_err("replay")
+ self.assertEqual(err, replay_count)
# valid packet moves the window over to 258
pkt = Ether(
# valid packet moves the window over to 258
pkt = Ether(
@@
-788,7
+811,7
@@
class IpsecTra4(object):
# causes the TX seq number to wrap; unless we're using extened sequence
# numbers.
#
# causes the TX seq number to wrap; unless we're using extened sequence
# numbers.
#
- self.vapi.cli("test ipsec sa %d seq 0xffffffff" % p.
scapy
_tra_sa_id)
+ self.vapi.cli("test ipsec sa %d seq 0xffffffff" % p.
vpp
_tra_sa_id)
self.logger.info(self.vapi.ppcli("show ipsec sa 0"))
self.logger.info(self.vapi.ppcli("show ipsec sa 1"))
self.logger.info(self.vapi.ppcli("show ipsec sa 0"))
self.logger.info(self.vapi.ppcli("show ipsec sa 1"))
@@
-861,6
+884,9
@@
class IpsecTra4(object):
hash_failed_count += 1
self.assertEqual(self.get_hash_failed_counts(p), hash_failed_count)
hash_failed_count += 1
self.assertEqual(self.get_hash_failed_counts(p), hash_failed_count)
+ if hash_err != "":
+ err = p.tra_sa_in.get_err(hash_err)
+ self.assertEqual(err, hash_failed_count)
#
# but if we move the window forward to case B, then we can wrap
#
# but if we move the window forward to case B, then we can wrap
@@
-894,6
+920,8
@@
class IpsecTra4(object):
self.send_and_assert_no_replies(self.tra_if, pkts, timeout=0.2)
seq_cycle_count += len(pkts)
self.assert_error_counter_equal(seq_cycle_node_name, seq_cycle_count)
self.send_and_assert_no_replies(self.tra_if, pkts, timeout=0.2)
seq_cycle_count += len(pkts)
self.assert_error_counter_equal(seq_cycle_node_name, seq_cycle_count)
+ err = p.tra_sa_out.get_err("seq_cycled")
+ self.assertEqual(err, seq_cycle_count)
# move the security-associations seq number on to the last we used
self.vapi.cli("test ipsec sa %d seq 0x15f" % p.scapy_tra_sa_id)
# move the security-associations seq number on to the last we used
self.vapi.cli("test ipsec sa %d seq 0x15f" % p.scapy_tra_sa_id)
@@
-924,7
+952,7
@@
class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_
out.get_lost(
), 0)
+ self.assertEqual(p.tra_sa_
in.get_err("lost"
), 0)
# skip a sequence number
pkts = [
# skip a sequence number
pkts = [
@@
-939,7
+967,7
@@
class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_
out.get_lost(
), 0)
+ self.assertEqual(p.tra_sa_
in.get_err("lost"
), 0)
# the lost packet are counted untill we get up past the first
# sizeof(replay_window) packets
# the lost packet are counted untill we get up past the first
# sizeof(replay_window) packets
@@
-955,7
+983,7
@@
class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_
out.get_lost(
), 1)
+ self.assertEqual(p.tra_sa_
in.get_err("lost"
), 1)
# lost of holes in the sequence
pkts = [
# lost of holes in the sequence
pkts = [
@@
-982,7
+1010,7
@@
class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_
out.get_lost(
), 51)
+ self.assertEqual(p.tra_sa_
in.get_err("lost"
), 51)
# a big hole in the seq number space
pkts = [
# a big hole in the seq number space
pkts = [
@@
-997,7
+1025,7
@@
class IpsecTra4(object):
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
]
self.send_and_expect(self.tra_if, pkts, self.tra_if)
- self.assertEqual(p.tra_sa_
out.get_lost(
), 151)
+ self.assertEqual(p.tra_sa_
in.get_err("lost"
), 151)
def verify_tra_basic4(self, count=1, payload_size=54):
"""ipsec v4 transport basic test"""
def verify_tra_basic4(self, count=1, payload_size=54):
"""ipsec v4 transport basic test"""
@@
-1036,8
+1064,8
@@
class IpsecTra4(object):
self.assertEqual(
pkts, count, "incorrect SA out counts: expected %d != %d" % (count, pkts)
)
self.assertEqual(
pkts, count, "incorrect SA out counts: expected %d != %d" % (count, pkts)
)
- self.assertEqual(p.tra_sa_out.get_
lost(
), 0)
- self.assertEqual(p.tra_sa_in.get_
lost(
), 0)
+ self.assertEqual(p.tra_sa_out.get_
err("lost"
), 0)
+ self.assertEqual(p.tra_sa_in.get_
err("lost"
), 0)
self.assert_packet_counter_equal(self.tra4_encrypt_node_name, count)
self.assert_packet_counter_equal(self.tra4_decrypt_node_name[0], count)
self.assert_packet_counter_equal(self.tra4_encrypt_node_name, count)
self.assert_packet_counter_equal(self.tra4_decrypt_node_name[0], count)
@@
-1291,7
+1319,7
@@
class IpsecTun4(object):
decrypt_pkts = []
for rx in rxs:
if p.nat_header:
decrypt_pkts = []
for rx in rxs:
if p.nat_header:
- self.assertEqual(rx[UDP].dport,
4500
)
+ self.assertEqual(rx[UDP].dport,
p.nat_header.dport
)
self.assert_packet_checksums_valid(rx)
self.assertEqual(len(rx) - len(Ether()), rx[IP].len)
try:
self.assert_packet_checksums_valid(rx)
self.assertEqual(len(rx) - len(Ether()), rx[IP].len)
try: