ipsec: Redo the anit-replay check post decrypt

Type: fix Change-Id: I1fa8c5326d6f22cfb8dd40e97d8a22d11a716922 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-08-01 04:45:15 -07:00
parent 55c68c9521
commit 3b9374fa57
3 changed files with 51 additions and 0 deletions
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@ -317,6 +317,21 @@ class IpsecTra4(object):
        replay_count += len(pkts)
        self.assert_error_counter_equal(replay_node_name, replay_count)

+        #
+        # now send a batch of packets all with the same sequence number
+        # the first packet in the batch is legitimate, the rest bogus
+        #
+        pkts = (Ether(src=self.tra_if.remote_mac,
+                      dst=self.tra_if.local_mac) /
+                p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+                                          dst=self.tra_if.local_ip4) /
+                                       ICMP(),
+                                       seq_num=35))
+        recv_pkts = self.send_and_expect(self.tra_if, pkts * 8,
+                                         self.tra_if, n_rx=1)
+        replay_count += 7
+        self.assert_error_counter_equal(replay_node_name, replay_count)
+
        #
        # now move the window over to 257 (more than one byte) and into Case A
        #