u32 minor;
};
+/** \brief IKEv2: Set sleep interval for ikev2_manager_process node
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param timeout - sleep timeout duration in seconds
+*/
+autoreply define ikev2_plugin_set_sleep_interval
+{
+ u32 client_index;
+ u32 context;
+
+ f64 timeout;
+};
+
+/** \brief IKEv2: Get the current sleep interval for the ikev2_manager_process
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply with request
+*/
+define ikev2_get_sleep_interval {
+ u32 client_index;
+ u32 context;
+};
+
+/** \brief IKEv2: Reply with the current sleep interval
+ @param context - sender context, to match reply with request
+ @param sleep_interval - current sleep interval in seconds
+*/
+define ikev2_get_sleep_interval_reply {
+ u32 context;
+ i32 retval;
+ f64 sleep_interval;
+};
+
/** \brief Dump all profiles
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
#define IKEV2_LIVENESS_RETRIES 3
#define IKEV2_LIVENESS_PERIOD_CHECK 30
+#define IKEV2_SLEEP_INTERVAL 2.0
ikev2_main_t ikev2_main;
km->vnet_main = vnet_get_main ();
km->vlib_main = vm;
+ km->sleep_interval = IKEV2_SLEEP_INTERVAL;
+
km->liveness_period = IKEV2_LIVENESS_PERIOD_CHECK;
km->liveness_max_retries = IKEV2_LIVENESS_RETRIES;
return 0;
}
+clib_error_t *
+ikev2_set_sleep_interval (f64 interval)
+{
+ ikev2_main_t *km = &ikev2_main;
+
+ if (interval == 0.0)
+ return clib_error_return (0, "invalid arg");
+
+ km->sleep_interval = interval;
+ return 0;
+}
+
+f64
+ikev2_get_sleep_interval ()
+{
+ ikev2_main_t *km = &ikev2_main;
+ return km->sleep_interval;
+}
+
clib_error_t *
ikev2_profile_natt_disable (u8 * name)
{
while (1)
{
- vlib_process_wait_for_event_or_clock (vm, 2);
+ vlib_process_wait_for_event_or_clock (vm, km->sleep_interval);
vlib_process_get_events (vm, NULL);
/* process ike child sas */
clib_error_t *ikev2_set_liveness_params (u32 period, u32 max_retries);
+clib_error_t *ikev2_set_sleep_interval (f64 interval);
+
+f64 ikev2_get_sleep_interval ();
+
#endif /* __included_ikev2_h__ */
REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_LIVENESS_REPLY);
}
+static void
+vl_api_ikev2_plugin_set_sleep_interval_t_handler (
+ vl_api_ikev2_plugin_set_sleep_interval_t *mp)
+{
+ vl_api_ikev2_plugin_set_sleep_interval_reply_t *rmp;
+ int rv = 0;
+ clib_error_t *error;
+ error = ikev2_set_sleep_interval (clib_net_to_host_f64 (mp->timeout));
+
+ if (error)
+ {
+ ikev2_log_error ("%U", format_clib_error, error);
+ clib_error_free (error);
+ rv = VNET_API_ERROR_UNSPECIFIED;
+ }
+ REPLY_MACRO (VL_API_IKEV2_PLUGIN_SET_SLEEP_INTERVAL_REPLY);
+}
+
+static void
+vl_api_ikev2_get_sleep_interval_t_handler (
+ vl_api_ikev2_get_sleep_interval_t *mp)
+{
+ vl_api_ikev2_get_sleep_interval_reply_t *rmp;
+ int rv = 0;
+
+ f64 sleep_interval = ikev2_get_sleep_interval ();
+
+ REPLY_MACRO2 (VL_API_IKEV2_GET_SLEEP_INTERVAL_REPLY, ({
+ rmp->sleep_interval = clib_host_to_net_f64 (sleep_interval);
+ }));
+}
+
static void
vl_api_ikev2_profile_add_del_t_handler (vl_api_ikev2_profile_add_del_t * mp)
{
.function = set_ikev2_liveness_period_fn,
};
+static clib_error_t *
+set_ikev2_sleep_interval_fn (vlib_main_t *vm, unformat_input_t *input,
+ vlib_cli_command_t *cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ clib_error_t *r = 0;
+ f64 interval = 0.0;
+
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "%lf", &interval))
+ {
+ r = ikev2_set_sleep_interval (interval);
+ goto done;
+ }
+ else
+ break;
+ }
+
+ r = clib_error_return (0, "parse error: '%U'", format_unformat_error,
+ line_input);
+
+done:
+ unformat_free (line_input);
+ return r;
+}
+
+VLIB_CLI_COMMAND (set_ikev2_sleep_interval, static) = {
+ .path = "ikev2 set sleep interval",
+ .short_help = "ikev2 set sleep interval <timeout>",
+ .function = set_ikev2_sleep_interval_fn,
+};
+
+static clib_error_t *
+show_ikev2_sleep_interval_command_fn (vlib_main_t *vm, unformat_input_t *input,
+ vlib_cli_command_t *cmd)
+{
+ f64 sleep_interval = ikev2_get_sleep_interval ();
+
+ vlib_cli_output (vm, "IKEv2 Manager sleep interval: %.2f seconds",
+ sleep_interval);
+
+ return 0;
+}
+
+VLIB_CLI_COMMAND (show_ikev2_sleep_interval_command, static) = {
+ .path = "show ikev2 sleep interval",
+ .short_help = "show ikev2 sleep interval",
+ .function = show_ikev2_sleep_interval_command_fn,
+};
+
static clib_error_t *
set_ikev2_local_key_command_fn (vlib_main_t * vm,
unformat_input_t * input,
/* logging level */
ikev2_log_level_t log_level;
+ /* sleep interval for ikev2_manager_process node, in seconds */
+ f64 sleep_interval;
+
/* how often a liveness check will be performed */
u32 liveness_period;
vam->result_ready = 1;
}
+static int
+api_ikev2_plugin_set_sleep_interval (vat_main_t *vam)
+{
+ unformat_input_t *i = vam->input;
+ vl_api_ikev2_plugin_set_sleep_interval_t *mp;
+ f64 timeout = 0.0; /* Default value for timeout */
+ int ret;
+
+ /* Parse input arguments */
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (!unformat (i, "timeout %lf", &timeout))
+ {
+ errmsg ("parse error '%U'", format_unformat_error, i);
+ return -99;
+ }
+ }
+
+ M (IKEV2_PLUGIN_SET_SLEEP_INTERVAL, mp);
+
+ mp->timeout = clib_host_to_net_f64 (timeout);
+
+ S (mp);
+ W (ret);
+
+ return ret;
+}
+
+static int
+api_ikev2_get_sleep_interval (vat_main_t *vam)
+{
+ ikev2_test_main_t *sm = &ikev2_test_main;
+ vl_api_ikev2_get_sleep_interval_t *mp;
+ u32 msg_size = sizeof (*mp);
+ int ret;
+
+ vam->result_ready = 0;
+
+ /* Allocate and initialize the message */
+ mp = vl_msg_api_alloc_as_if_client (msg_size);
+ clib_memset (mp, 0, msg_size);
+ mp->_vl_msg_id = ntohs (VL_API_IKEV2_GET_SLEEP_INTERVAL + sm->msg_id_base);
+ mp->client_index = vam->my_client_index;
+
+ /* Send the message */
+ S (mp);
+
+ /* Wait for a reply */
+ W (ret);
+ return ret;
+}
+
+static void
+vl_api_ikev2_get_sleep_interval_reply_t_handler (
+ vl_api_ikev2_get_sleep_interval_reply_t *mp)
+{
+ vat_main_t *vam = ikev2_test_main.vat_main;
+
+ /* Output the sleep interval */
+ clib_warning ("IKEv2 Manager Sleep Interval: %.2f seconds",
+ clib_net_to_host_f64 (mp->sleep_interval));
+
+ /* Mark the result as ready */
+ vam->result_ready = 1;
+}
+
static int
api_ikev2_profile_set_ipsec_udp_port (vat_main_t * vam)
{
from scapy.utils import long_converter
from framework import VppTestCase
from asfframework import (
- tag_fixme_vpp_workers,
- tag_fixme_ubuntu2404,
VppTestRunner,
)
from vpp_ikev2 import Profile, IDType, AuthMethod
self.assertEqual(r[0].sa.stats.n_rekey_req, 1)
-@tag_fixme_ubuntu2404
class TestResponderRekeyRepeat(TestResponderRekey):
"""test ikev2 responder - rekey repeat"""
def test_responder(self):
super(TestResponderRekeyRepeat, self).test_responder()
+
+ # The sleep interval for this test is set to 0.1 seconds instead of the default 2 seconds.
+ # This change is necessary because the test verifies the expiration of old IPsec SAs
+ # (self.fail("old IPsec SA not expired")) within a strict timeframe. A longer sleep
+ # interval, such as 2 seconds, would significantly delay the loop iterations, reducing
+ # the granularity of checks for SA expiration and increasing the risk of false failures.
+ #
+ # By setting the sleep interval to 0.1 seconds:
+ # - The test can perform frequent checks for the status of IPsec SAs, ensuring timely
+ # detection of their expiration.
+ # - It reduces the likelihood of the test prematurely failing due to missing an SA
+ # expiration event caused by coarse-grained timing checks.
+ #
+ # This adjustment enhances test stability and ensures accurate validation of the
+ # expiration behavior under the conditions specified by the test.
+ self.vapi.ikev2_plugin_set_sleep_interval(timeout=0.1)
# rekey request is not accepted until old IPsec SA is expired
capture = self.send_rekey_from_initiator()
ih = self.get_ike_header(capture[0])
vpp_worker_count = 2
-@tag_fixme_ubuntu2404
class TestResponderRekeyRepeatKEX(TestResponderRekeyRepeat):
"""test ikev2 responder - rekey repeat with key exchange"""
Code Review / vpp.git / commitdiff