IPSEC-AH: anti-replay testing

Change-Id: Ia5d45db73e4bdb32214ed4f365d5eec8e28115f3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-28 01:38:34 -08:00
parent b0598497af
commit de847277c9
6 changed files with 120 additions and 36 deletions
--- a/test/test_ipsec_ah.py
+++ b/test/test_ipsec_ah.py
@ -45,6 +45,7 @@ class TemplateIpsecAh(TemplateIpsec):
                                             cls.tra_if.sw_if_index)
        for _, p in cls.params.items():
            cls.config_ah_tra(p)
+            cls.configure_sa_tra(p)
        cls.logger.info(cls.vapi.ppcli("show ipsec"))
        for _, p in cls.params.items():
            cls.config_ah_tun(p)
@ -134,12 +135,14 @@ class TemplateIpsecAh(TemplateIpsec):
                                         auth_algo_vpp_id, auth_key,
                                         crypt_algo_vpp_id, crypt_key,
                                         cls.vpp_ah_protocol, is_tunnel=0,
-                                         is_tunnel_ipv6=0)
+                                         is_tunnel_ipv6=0,
+                                         use_anti_replay=1)
        cls.vapi.ipsec_sad_add_del_entry(vpp_tra_sa_id, vpp_tra_spi,
                                         auth_algo_vpp_id, auth_key,
                                         crypt_algo_vpp_id, crypt_key,
                                         cls.vpp_ah_protocol, is_tunnel=0,
-                                         is_tunnel_ipv6=0)
+                                         is_tunnel_ipv6=0,
+                                         use_anti_replay=1)
        l_startaddr = r_startaddr = socket.inet_pton(addr_type, addr_any)
        l_stopaddr = r_stopaddr = socket.inet_pton(addr_type, addr_bcast)
        cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id,