Revert "ipsec: Use the new tunnel API types to add flow label and TTL copy"

This reverts commit c7eaa711f3. Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged. Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-02-08 22:13:59 +00:00
parent a8f4ebd08e
commit 751bb131ef
21 changed files with 297 additions and 459 deletions
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@ -123,8 +123,7 @@ class ConfigIpsecESP(TemplateIpsec):
                                      tun_flags=tun_flags,
                                      dscp=params.dscp,
                                      flags=flags,
-                                      salt=salt,
-                                      hop_limit=params.outer_hop_limit)
+                                      salt=salt)
        params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
                                       auth_algo_vpp_id, auth_key,
                                       crypt_algo_vpp_id, crypt_key,
@ -134,8 +133,7 @@ class ConfigIpsecESP(TemplateIpsec):
                                       tun_flags=tun_flags,
                                       dscp=params.dscp,
                                       flags=flags,
-                                       salt=salt,
-                                       hop_limit=params.outer_hop_limit)
+                                       salt=salt)
        objs.append(params.tun_sa_in)
        objs.append(params.tun_sa_out)

@ -403,7 +401,7 @@ class TestIpsecEspTun(TemplateIpsecEsp, IpsecTun46Tests):
                Raw(b'X' * payload_size)
                for i in range(count)]

-    def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
+    def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54):
        # set the DSCP + ECN - flags are set to copy both
        return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                IPv6(src=src, dst=dst, tc=5) /
@ -435,13 +433,15 @@ class TestIpsecEspTun2(TemplateIpsecEsp, IpsecTun46Tests):
        super(TestIpsecEspTun2, self).setUp()

    def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54):
+        # set the DSCP + ECN - flags are set to copy only DSCP
        return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                IP(src=src, dst=dst) /
                UDP(sport=4444, dport=4444) /
                Raw(b'X' * payload_size)
                for i in range(count)]

-    def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
+    def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54):
+        # set the DSCP + ECN - flags are set to copy both
        return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                IPv6(src=src, dst=dst) /
                UDP(sport=4444, dport=4444) /
@ -449,13 +449,13 @@ class TestIpsecEspTun2(TemplateIpsecEsp, IpsecTun46Tests):
                for i in range(count)]

    def verify_encrypted(self, p, sa, rxs):
-        # just check that only the DSCP is set
+        # just check that only the DSCP is copied
        for rx in rxs:
            self.assertEqual(rx[IP].tos,
                             VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF << 2)

    def verify_encrypted6(self, p, sa, rxs):
-        # just check that the DSCP is set
+        # just check that the DSCP & ECN are copied
        for rx in rxs:
            self.assertEqual(rx[IPv6].tc,
                             VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_AF11 << 2)
@ -684,7 +684,6 @@ class RunTestIpsecEspAll(ConfigIpsecESP,
            p.crypt_key = algo['key']
            p.salt = algo['salt']
            p.flags = p.flags | flag
-            p.outer_flow_label = 243224

        self.reporter.send_keep_alive(self)