"""verify methods for Transport v4"""
def get_replay_counts(self, p):
- replay_node_name = "/err/%s/SA replayed packet" % self.tra4_decrypt_node_name[0]
+ replay_node_name = "/err/%s/replay" % self.tra4_decrypt_node_name[0]
count = self.statistics.get_err_counter(replay_node_name)
if p.async_mode:
replay_post_node_name = (
- "/err/%s/SA replayed packet" % self.tra4_decrypt_node_name[p.async_mode]
+ "/err/%s/replay" % self.tra4_decrypt_node_name[p.async_mode]
)
count += self.statistics.get_err_counter(replay_post_node_name)
def get_hash_failed_counts(self, p):
if ESP == self.encryption_type and p.crypt_algo == "AES-GCM":
hash_failed_node_name = (
- "/err/%s/ESP decryption failed"
- % self.tra4_decrypt_node_name[p.async_mode]
+ "/err/%s/decryption_failed" % self.tra4_decrypt_node_name[p.async_mode]
)
else:
hash_failed_node_name = (
- "/err/%s/Integrity check failed"
- % self.tra4_decrypt_node_name[p.async_mode]
+ "/err/%s/integ_error" % self.tra4_decrypt_node_name[p.async_mode]
)
count = self.statistics.get_err_counter(hash_failed_node_name)
esn_on = p.vpp_tra_sa.esn_en
ar_on = p.flags & saf.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY
- seq_cycle_node_name = (
- "/err/%s/sequence number cycled (packet dropped)"
- % self.tra4_encrypt_node_name
- )
+ seq_cycle_node_name = "/err/%s/seq_cycled" % self.tra4_encrypt_node_name
replay_count = self.get_replay_counts(p)
hash_failed_count = self.get_hash_failed_counts(p)
seq_cycle_count = self.statistics.get_err_counter(seq_cycle_node_name)
p = self.params[socket.AF_INET]
esn_en = p.vpp_tra_sa.esn_en
- seq_cycle_node_name = (
- "/err/%s/sequence number cycled (packet dropped)"
- % self.tra4_encrypt_node_name
- )
+ seq_cycle_node_name = "/err/%s/seq_cycled" % self.tra4_encrypt_node_name
replay_count = self.get_replay_counts(p)
hash_failed_count = self.get_hash_failed_counts(p)
seq_cycle_count = self.statistics.get_err_counter(seq_cycle_node_name)
if ESP == self.encryption_type:
- undersize_node_name = (
- "/err/%s/undersized packet" % self.tra4_decrypt_node_name[0]
- )
+ undersize_node_name = "/err/%s/runt" % self.tra4_decrypt_node_name[0]
undersize_count = self.statistics.get_err_counter(undersize_node_name)
#
)
self.send_and_assert_no_replies(self.tun_if, pkt * 31)
self.assert_error_counter_equal(
- "/err/%s/NAT Keepalive" % self.tun4_input_node, 31
+ "/err/%s/nat_keepalive" % self.tun4_input_node, 31
)
pkt = (
/ Raw(b"\xfe")
)
self.send_and_assert_no_replies(self.tun_if, pkt * 31)
- self.assert_error_counter_equal("/err/%s/Too Short" % self.tun4_input_node, 31)
+ self.assert_error_counter_equal("/err/%s/too_short" % self.tun4_input_node, 31)
pkt = (
Ether(src=self.tun_if.remote_mac, dst=self.tun_if.local_mac)
/ Padding(0 * 21)
)
self.send_and_assert_no_replies(self.tun_if, pkt * 31)
- self.assert_error_counter_equal("/err/%s/Too Short" % self.tun4_input_node, 62)
+ self.assert_error_counter_equal("/err/%s/too_short" % self.tun4_input_node, 62)
class IpsecTun4Tests(IpsecTun4):
self.logger.info(self.vapi.ppcli("show ipsec all"))
self.verify_counters6(p, p, count)
+ def verify_keepalive(self, p):
+ # the sizeof Raw is calculated to pad to the minimum ehternet
+ # frame size of 64 btyes
+ pkt = (
+ Ether(src=self.tun_if.remote_mac, dst=self.tun_if.local_mac)
+ / IPv6(src=p.remote_tun_if_host, dst=self.tun_if.local_ip6)
+ / UDP(sport=333, dport=4500)
+ / Raw(b"\xff")
+ / Padding(0 * 1)
+ )
+ self.send_and_assert_no_replies(self.tun_if, pkt * 31)
+ self.assert_error_counter_equal(
+ "/err/%s/nat_keepalive" % self.tun6_input_node, 31
+ )
+
+ pkt = (
+ Ether(src=self.tun_if.remote_mac, dst=self.tun_if.local_mac)
+ / IPv6(src=p.remote_tun_if_host, dst=self.tun_if.local_ip6)
+ / UDP(sport=333, dport=4500)
+ / Raw(b"\xfe")
+ )
+ self.send_and_assert_no_replies(self.tun_if, pkt * 31)
+ self.assert_error_counter_equal("/err/%s/too_short" % self.tun6_input_node, 31)
+
+ pkt = (
+ Ether(src=self.tun_if.remote_mac, dst=self.tun_if.local_mac)
+ / IPv6(src=p.remote_tun_if_host, dst=self.tun_if.local_ip6)
+ / UDP(sport=333, dport=4500)
+ / Raw(b"\xfe")
+ / Padding(0 * 21)
+ )
+ self.send_and_assert_no_replies(self.tun_if, pkt * 31)
+ self.assert_error_counter_equal("/err/%s/too_short" % self.tun6_input_node, 62)
+
class IpsecTun6Tests(IpsecTun6):
"""UT test methods for Tunnel v6"""