ipsec: huge anti-replay window support
Type: improvement
Since RFC4303 does not specify the anti-replay window size, VPP should
support multiple window size. It is done through a clib_bitmap.
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py
index 7a5a95a..e354cfc 100644
--- a/test/vpp_ipsec.py
+++ b/test/vpp_ipsec.py
@@ -218,6 +218,7 @@
udp_src=None,
udp_dst=None,
hop_limit=None,
+ anti_replay_window_size=0,
):
e = VppEnum.vl_api_ipsec_sad_flags_t
self.test = test
@@ -229,6 +230,7 @@
self.crypto_key = crypto_key
self.proto = proto
self.salt = salt
+ self.anti_replay_window_size = anti_replay_window_size
self.table_id = 0
self.tun_src = tun_src
@@ -284,13 +286,14 @@
"tunnel": self.tunnel_encode(),
"flags": self.flags,
"salt": self.salt,
+ "anti_replay_window_size": self.anti_replay_window_size,
}
# don't explicitly send the defaults, let papi fill them in
if self.udp_src:
entry["udp_src_port"] = self.udp_src
if self.udp_dst:
entry["udp_dst_port"] = self.udp_dst
- r = self.test.vapi.ipsec_sad_entry_add(entry=entry)
+ r = self.test.vapi.ipsec_sad_entry_add_v2(entry=entry)
self.stat_index = r.stat_index
self.test.registry.register(self, self.test.logger)
return self
@@ -324,7 +327,7 @@
def query_vpp_config(self):
e = VppEnum.vl_api_ipsec_sad_flags_t
- bs = self.test.vapi.ipsec_sa_v3_dump()
+ bs = self.test.vapi.ipsec_sa_v5_dump()
for b in bs:
if b.entry.sad_id == self.id:
# if udp encap is configured then the ports should match