Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/55415/?format=api
{ "id": 55415, "url": "http://patches.dpdk.org/api/patches/55415/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20190626150509.17442-3-roy.fan.zhang@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20190626150509.17442-3-roy.fan.zhang@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20190626150509.17442-3-roy.fan.zhang@intel.com", "date": "2019-06-26T15:05:09", "name": "[v3,2/2] examples/ipsec-secgw: support header reconstruction", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "e702362d924e2200baf673f48dd8f11542b39475", "submitter": { "id": 304, "url": "http://patches.dpdk.org/api/people/304/?format=api", "name": "Fan Zhang", "email": "roy.fan.zhang@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20190626150509.17442-3-roy.fan.zhang@intel.com/mbox/", "series": [ { "id": 5180, "url": "http://patches.dpdk.org/api/series/5180/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=5180", "date": "2019-06-26T15:05:07", "name": "ipsec: ECN and DSCP header reconstruction", "version": 3, "mbox": "http://patches.dpdk.org/series/5180/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/55415/comments/", "check": "fail", "checks": "http://patches.dpdk.org/api/patches/55415/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 71E312BF2;\n\tWed, 26 Jun 2019 17:11:10 +0200 (CEST)", "from mga14.intel.com (mga14.intel.com [192.55.52.115])\n\tby dpdk.org (Postfix) with ESMTP id A22592AA0\n\tfor <dev@dpdk.org>; Wed, 26 Jun 2019 17:11:05 +0200 (CEST)", "from fmsmga005.fm.intel.com ([10.253.24.32])\n\tby fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t26 Jun 2019 08:11:05 -0700", "from silpixa00398673.ir.intel.com (HELO\n\tsilpixa00398673.ger.corp.intel.com) ([10.237.223.136])\n\tby fmsmga005.fm.intel.com with ESMTP; 26 Jun 2019 08:11:04 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.63,420,1557212400\"; d=\"scan'208\";a=\"360336719\"", "From": "Fan Zhang <roy.fan.zhang@intel.com>", "To": "dev@dpdk.org", "Cc": "akhil.goyal@nxp.com, konstantin.ananyev@intel.com,\n\tFan Zhang <roy.fan.zhang@intel.com>", "Date": "Wed, 26 Jun 2019 16:05:09 +0100", "Message-Id": "<20190626150509.17442-3-roy.fan.zhang@intel.com>", "X-Mailer": "git-send-email 2.14.5", "In-Reply-To": "<20190626150509.17442-1-roy.fan.zhang@intel.com>", "References": "<20190625134321.71595-1-roy.fan.zhang@intel.com>\n\t<20190626150509.17442-1-roy.fan.zhang@intel.com>", "Subject": "[dpdk-dev] [PATCH v3 2/2] examples/ipsec-secgw: support header\n\treconstruction", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "This patch updates the ipsec-secgw application to support\nheader reconstruction. In addition a series of tests have\nbeen added to prove the implementation's correctness.\n\nSigned-off-by: Fan Zhang <roy.fan.zhang@intel.com>\n---\n doc/guides/rel_notes/release_19_08.rst | 6 +\n examples/ipsec-secgw/sa.c | 2 +\n examples/ipsec-secgw/test/run_test.sh | 3 +-\n .../test/tun_null_header_reconstruct.py | 477 +++++++++++++++++++++\n 4 files changed, 487 insertions(+), 1 deletion(-)\n create mode 100755 examples/ipsec-secgw/test/tun_null_header_reconstruct.py", "diff": "diff --git a/doc/guides/rel_notes/release_19_08.rst b/doc/guides/rel_notes/release_19_08.rst\nindex 7c0435a43..d949dbcfb 100644\n--- a/doc/guides/rel_notes/release_19_08.rst\n+++ b/doc/guides/rel_notes/release_19_08.rst\n@@ -99,6 +99,12 @@ New Features\n Updated ``librte_telemetry`` to fetch the global metrics from the\n ``librte_metrics`` library.\n \n+* **Updated IPSec library Header Reconstruction.**\n+\n+ Updated the IPSec library with ECN and DSCP field header reconstruction\n+ feature followed by RFC4301. The IPSec-secgw sample application is also\n+ updated to support this feature by default.\n+\n \n Removed Items\n -------------\ndiff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c\nindex 7262ccee8..447f9dbb4 100644\n--- a/examples/ipsec-secgw/sa.c\n+++ b/examples/ipsec-secgw/sa.c\n@@ -991,6 +991,8 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,\n \tprm->ipsec_xform.mode = (ss->flags == TRANSPORT) ?\n \t\tRTE_SECURITY_IPSEC_SA_MODE_TRANSPORT :\n \t\tRTE_SECURITY_IPSEC_SA_MODE_TUNNEL;\n+\tprm->ipsec_xform.options.ecn = 1;\n+\tprm->ipsec_xform.options.copy_dscp = 1;\n \n \tif (ss->flags == IP4_TUNNEL) {\n \t\tprm->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;\ndiff --git a/examples/ipsec-secgw/test/run_test.sh b/examples/ipsec-secgw/test/run_test.sh\nindex 4969effdb..3f73545c9 100755\n--- a/examples/ipsec-secgw/test/run_test.sh\n+++ b/examples/ipsec-secgw/test/run_test.sh\n@@ -61,7 +61,8 @@ trs_3descbc_sha1_old \\\n trs_3descbc_sha1_esn \\\n trs_3descbc_sha1_esn_atom\"\n \n-PKT_TESTS=\"trs_ipv6opts\"\n+PKT_TESTS=\"trs_ipv6opts \\\n+tun_null_header_reconstruct\"\n \n DIR=$(dirname $0)\n \ndiff --git a/examples/ipsec-secgw/test/tun_null_header_reconstruct.py b/examples/ipsec-secgw/test/tun_null_header_reconstruct.py\nnew file mode 100755\nindex 000000000..f2653b351\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_null_header_reconstruct.py\n@@ -0,0 +1,477 @@\n+#!/usr/bin/env python3\n+\n+from scapy.all import *\n+import unittest\n+import pkttest\n+\n+#{ipv4{ipv4}} test\n+SRC_ADDR_IPV4_1 = \"192.168.1.1\"\n+DST_ADDR_IPV4_1 = \"192.168.2.1\"\n+\n+#{ipv6{ipv6}} test\n+SRC_ADDR_IPV6_1 = \"1111:0000:0000:0000:0000:0000:0000:0001\"\n+DST_ADDR_IPV6_1 = \"2222:0000:0000:0000:0000:0000:0000:0001\"\n+\n+#{ipv4{ipv6}} test\n+SRC_ADDR_IPV4_2 = \"192.168.11.1\"\n+DST_ADDR_IPV4_2 = \"192.168.12.1\"\n+SRC_ADDR_IPV6_2 = \"1111:0000:0000:0000:0000:0000:0001:0001\"\n+DST_ADDR_IPV6_2 = \"2222:0000:0000:0000:0000:0000:0001:0001\"\n+\n+#{ipv6{ipv4}} test\n+SRC_ADDR_IPV4_3 = \"192.168.21.1\"\n+DST_ADDR_IPV4_3 = \"192.168.22.1\"\n+SRC_ADDR_IPV6_3 = \"1111:0000:0000:0000:0000:0001:0001:0001\"\n+DST_ADDR_IPV6_3 = \"2222:0000:0000:0000:0000:0001:0001:0001\"\n+\n+def config():\n+ return \"\"\"\n+#outter-ipv4 inner-ipv4 tunnel mode test\n+sp ipv4 out esp protect 5 pri 1 \\\\\n+src {0}/32 \\\\\n+dst {1}/32 \\\\\n+sport 0:65535 dport 0:65535\n+\n+sp ipv4 in esp protect 6 pri 1 \\\\\n+src {1}/32 \\\\\n+dst {0}/32 \\\\\n+sport 0:65535 dport 0:65535\n+\n+sa out 5 cipher_algo null auth_algo null mode ipv4-tunnel \\\\\n+src {0} dst {1}\n+sa in 6 cipher_algo null auth_algo null mode ipv4-tunnel \\\\\n+src {1} dst {0}\n+\n+rt ipv4 dst {0}/32 port 1\n+rt ipv4 dst {1}/32 port 0\n+\n+#outter-ipv6 inner-ipv6 tunnel mode test\n+sp ipv6 out esp protect 7 pri 1 \\\\\n+src {2}/128 \\\\\n+dst {3}/128 \\\\\n+sport 0:65535 dport 0:65535\n+\n+sp ipv6 in esp protect 8 pri 1 \\\\\n+src {3}/128 \\\\\n+dst {2}/128 \\\\\n+sport 0:65535 dport 0:65535\n+\n+sa out 7 cipher_algo null auth_algo null mode ipv6-tunnel \\\\\n+src {2} dst {3}\n+sa in 8 cipher_algo null auth_algo null mode ipv6-tunnel \\\\\n+src {3} dst {2}\n+\n+rt ipv6 dst {2}/128 port 1\n+rt ipv6 dst {3}/128 port 0\n+\n+#outter-ipv4 inner-ipv6 tunnel mode test\n+sp ipv6 out esp protect 9 pri 1 \\\\\n+src {4}/128 \\\\\n+dst {5}/128 \\\\\n+sport 0:65535 dport 0:65535\n+\n+sp ipv6 in esp protect 10 pri 1 \\\\\n+src {5}/128 \\\\\n+dst {4}/128 \\\\\n+sport 0:65535 dport 0:65535\n+\n+sa out 9 cipher_algo null auth_algo null mode ipv4-tunnel \\\\\n+src {6} dst {7}\n+sa in 10 cipher_algo null auth_algo null mode ipv4-tunnel \\\\\n+src {7} dst {6}\n+\n+rt ipv6 dst {4}/128 port 1\n+rt ipv4 dst {7}/32 port 0\n+\n+#outter-ipv6 inner-ipv4 tunnel mode test\n+sp ipv4 out esp protect 11 pri 1 \\\\\n+src {8}/32 \\\\\n+dst {9}/32 \\\\\n+sport 0:65535 dport 0:65535\n+\n+sp ipv4 in esp protect 12 pri 1 \\\\\n+src {9}/32 \\\\\n+dst {8}/32 \\\\\n+sport 0:65535 dport 0:65535\n+\n+sa out 11 cipher_algo null auth_algo null mode ipv6-tunnel \\\\\n+src {10} dst {11}\n+sa in 12 cipher_algo null auth_algo null mode ipv6-tunnel \\\\\n+src {11} dst {10}\n+\n+rt ipv4 dst {8}/32 port 1\n+rt ipv6 dst {11}/128 port 0\n+\"\"\".format(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1,\n+ SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1,\n+ SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, SRC_ADDR_IPV4_2, DST_ADDR_IPV4_2,\n+ SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, SRC_ADDR_IPV6_3, DST_ADDR_IPV6_3)\n+\n+ECN_ECT0 = 0x02\n+ECN_ECT1 = 0x01\n+ECN_CE = 0x03\n+DSCP_1 = 0x04\n+DSCP_3F = 0xFC\n+\n+class TestTunnelHeaderReconstruct(unittest.TestCase):\n+ def setUp(self):\n+ self.px = pkttest.PacketXfer()\n+ th = IP(src=DST_ADDR_IPV4_1, dst=SRC_ADDR_IPV4_1)\n+ self.sa_ipv4v4 = SecurityAssociation(ESP, spi=6, tunnel_header = th)\n+\n+ th = IPv6(src=DST_ADDR_IPV6_1, dst=SRC_ADDR_IPV6_1)\n+ self.sa_ipv6v6 = SecurityAssociation(ESP, spi=8, tunnel_header = th)\n+\n+ th = IP(src=DST_ADDR_IPV4_2, dst=SRC_ADDR_IPV4_2)\n+ self.sa_ipv4v6 = SecurityAssociation(ESP, spi=10, tunnel_header = th)\n+\n+ th = IPv6(src=DST_ADDR_IPV6_3, dst=SRC_ADDR_IPV6_3)\n+ self.sa_ipv6v4 = SecurityAssociation(ESP, spi=12, tunnel_header = th)\n+\n+ def gen_pkt_plain_ipv4(self, src, dst, tos):\n+ pkt = IP(src=src, dst=dst, tos=tos)\n+ pkt /= UDP(sport=123,dport=456)/Raw(load=\"abc\")\n+ return pkt\n+\n+ def gen_pkt_plain_ipv6(self, src, dst, tc):\n+ pkt = IPv6(src=src, dst=dst, tc=tc)\n+ pkt /= UDP(sport=123,dport=456)/Raw(load=\"abc\")\n+ return pkt\n+\n+ def gen_pkt_tun_ipv4v4(self, tos_outter, tos_inner):\n+ pkt = self.gen_pkt_plain_ipv4(DST_ADDR_IPV4_1, SRC_ADDR_IPV4_1,\n+ tos_inner)\n+ pkt = self.sa_ipv4v4.encrypt(pkt)\n+ self.assertEqual(pkt[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(pkt[ESP].spi, 6)\n+ pkt[IP].tos = tos_outter\n+ return pkt\n+\n+ def gen_pkt_tun_ipv6v6(self, tc_outter, tc_inner):\n+ pkt = self.gen_pkt_plain_ipv6(DST_ADDR_IPV6_1, SRC_ADDR_IPV6_1,\n+ tc_inner)\n+ pkt = self.sa_ipv6v6.encrypt(pkt)\n+ self.assertEqual(pkt[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(pkt[ESP].spi, 8)\n+ pkt[IPv6].tc = tc_outter\n+ return pkt\n+\n+ def gen_pkt_tun_ipv4v6(self, tos_outter, tc_inner):\n+ pkt = self.gen_pkt_plain_ipv6(DST_ADDR_IPV6_2, SRC_ADDR_IPV6_2,\n+ tc_inner)\n+ pkt = self.sa_ipv4v6.encrypt(pkt)\n+ self.assertEqual(pkt[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(pkt[ESP].spi, 10)\n+ pkt[IP].tos = tos_outter\n+ return pkt\n+\n+ def gen_pkt_tun_ipv6v4(self, tc_outter, tos_inner):\n+ pkt = self.gen_pkt_plain_ipv4(DST_ADDR_IPV4_3, SRC_ADDR_IPV4_3,\n+ tos_inner)\n+ pkt = self.sa_ipv6v4.encrypt(pkt)\n+ self.assertEqual(pkt[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(pkt[ESP].spi, 12)\n+ pkt[IPv6].tc = tc_outter\n+ return pkt\n+\n+#RFC4301 5.1.2.1 & 5.1.2.2, outbound packets shall be copied ECN field\n+ def test_outb_ipv4v4_ecn(self):\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1,\n+ ECN_ECT1)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 5)\n+ self.assertEqual(resp[IP].tos, ECN_ECT1)\n+\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1,\n+ ECN_ECT0)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 5)\n+ self.assertEqual(resp[IP].tos, ECN_ECT0)\n+\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1,\n+ ECN_CE)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 5)\n+ self.assertEqual(resp[IP].tos, ECN_CE)\n+\n+ def test_outb_ipv6v6_ecn(self):\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1,\n+ ECN_ECT1)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[IPv6].tc, ECN_ECT1)\n+\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1,\n+ ECN_ECT0)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 7)\n+ self.assertEqual(resp[IPv6].tc, ECN_ECT0)\n+\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1,\n+ ECN_CE)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 7)\n+ self.assertEqual(resp[IPv6].tc, ECN_CE)\n+\n+ def test_outb_ipv4v6_ecn(self):\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2,\n+ ECN_ECT1)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[IP].tos, ECN_ECT1)\n+\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2,\n+ ECN_ECT0)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[IP].tos, ECN_ECT0)\n+\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2,\n+ ECN_CE)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[IP].tos, ECN_CE)\n+\n+ def test_outb_ipv6v4_ecn(self):\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3,\n+ ECN_ECT1)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[IPv6].tc, ECN_ECT1)\n+\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3,\n+ ECN_ECT0)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[IPv6].tc, ECN_ECT0)\n+\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3,\n+ ECN_CE)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[IPv6].tc, ECN_CE)\n+\n+#RFC4301 5.1.2.1 & 5.1.2.2, if outbound packets ECN is CE (0x3), inbound packets\n+#ECN is overwritten to CE, otherwise no change\n+\n+#Outter header not CE, Inner header should be no change\n+ def test_inb_ipv4v4_ecn_inner_no_change(self):\n+ pkt = self.gen_pkt_tun_ipv4v4(ECN_ECT1, ECN_ECT0)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_ECT0)\n+\n+ pkt = self.gen_pkt_tun_ipv4v4(ECN_ECT0, ECN_ECT1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_ECT1)\n+\n+ pkt = self.gen_pkt_tun_ipv4v4(ECN_ECT1, ECN_CE)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_CE)\n+\n+ def test_inb_ipv6v6_ecn_inner_no_change(self):\n+ pkt = self.gen_pkt_tun_ipv6v6(ECN_ECT1, ECN_ECT0)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_ECT0)\n+\n+ pkt = self.gen_pkt_tun_ipv6v6(ECN_ECT0, ECN_ECT1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_ECT1)\n+\n+ pkt = self.gen_pkt_tun_ipv6v6(ECN_ECT1, ECN_CE)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_CE)\n+\n+ def test_inb_ipv4v6_ecn_inner_no_change(self):\n+ pkt = self.gen_pkt_tun_ipv4v6(ECN_ECT1, ECN_ECT0)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_ECT0)\n+\n+ pkt = self.gen_pkt_tun_ipv4v6(ECN_ECT0, ECN_ECT1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_ECT1)\n+\n+ pkt = self.gen_pkt_tun_ipv4v6(ECN_ECT1, ECN_CE)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_CE)\n+\n+ def test_inb_ipv6v4_ecn_inner_no_change(self):\n+ pkt = self.gen_pkt_tun_ipv6v4(ECN_ECT1, ECN_ECT0)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_ECT0)\n+\n+ pkt = self.gen_pkt_tun_ipv6v4(ECN_ECT0, ECN_ECT1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_ECT1)\n+\n+ pkt = self.gen_pkt_tun_ipv6v4(ECN_ECT1, ECN_CE)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_CE)\n+\n+#Outter header CE, Inner header should be changed to CE\n+ def test_inb_ipv4v4_ecn_inner_change(self):\n+ pkt = self.gen_pkt_tun_ipv4v4(ECN_CE, ECN_ECT0)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_CE)\n+\n+ pkt = self.gen_pkt_tun_ipv4v4(ECN_CE, ECN_ECT1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_CE)\n+\n+ def test_inb_ipv6v6_ecn_inner_change(self):\n+ pkt = self.gen_pkt_tun_ipv6v6(ECN_CE, ECN_ECT0)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_CE)\n+\n+ pkt = self.gen_pkt_tun_ipv6v6(ECN_CE, ECN_ECT1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_CE)\n+\n+ def test_inb_ipv4v6_ecn_inner_change(self):\n+ pkt = self.gen_pkt_tun_ipv4v6(ECN_CE, ECN_ECT0)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_CE)\n+\n+ pkt = self.gen_pkt_tun_ipv4v6(ECN_CE, ECN_ECT1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, ECN_CE)\n+\n+ def test_inb_ipv6v4_ecn_inner_change(self):\n+ pkt = self.gen_pkt_tun_ipv6v4(ECN_CE, ECN_ECT0)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_CE)\n+\n+ pkt = self.gen_pkt_tun_ipv6v4(ECN_CE, ECN_ECT1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, ECN_CE)\n+\n+#RFC4301 5.1.2.1.5 Outer DS field should be copied from Inner DS field\n+ def test_outb_ipv4v4_dscp(self):\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1,\n+ DSCP_1)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 5)\n+ self.assertEqual(resp[IP].tos, DSCP_1)\n+\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1,\n+ DSCP_3F)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 5)\n+ self.assertEqual(resp[IP].tos, DSCP_3F)\n+\n+ def test_outb_ipv6v6_dscp(self):\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1,\n+ DSCP_1)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 7)\n+ self.assertEqual(resp[IPv6].tc, DSCP_1)\n+\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1,\n+ DSCP_3F)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 7)\n+ self.assertEqual(resp[IPv6].tc, DSCP_3F)\n+\n+ def test_outb_ipv4v6_dscp(self):\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2,\n+ DSCP_1)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 9)\n+ self.assertEqual(resp[IP].tos, DSCP_1)\n+\n+ pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2,\n+ DSCP_3F)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 9)\n+ self.assertEqual(resp[IP].tos, DSCP_3F)\n+\n+ def test_outb_ipv6v4_dscp(self):\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3,\n+ DSCP_1)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 11)\n+ self.assertEqual(resp[IPv6].tc, DSCP_1)\n+\n+ pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3,\n+ DSCP_3F)\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 11)\n+ self.assertEqual(resp[IPv6].tc, DSCP_3F)\n+\n+#RFC4301 5.1.2.1.5 Inner DS field should not be affected by Outer DS field\n+ def test_inb_ipv4v4_dscp(self):\n+ pkt = self.gen_pkt_tun_ipv4v4(DSCP_3F, DSCP_1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, DSCP_1)\n+\n+ pkt = self.gen_pkt_tun_ipv4v4(DSCP_1, DSCP_3F)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, DSCP_3F)\n+\n+ def test_inb_ipv6v6_dscp(self):\n+ pkt = self.gen_pkt_tun_ipv6v6(DSCP_3F, DSCP_1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, DSCP_1)\n+\n+ pkt = self.gen_pkt_tun_ipv6v6(DSCP_1, DSCP_3F)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, DSCP_3F)\n+\n+ def test_inb_ipv4v6_dscp(self):\n+ pkt = self.gen_pkt_tun_ipv4v6(DSCP_3F, DSCP_1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, DSCP_1)\n+\n+ pkt = self.gen_pkt_tun_ipv4v6(DSCP_1, DSCP_3F)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IPv6].tc, DSCP_3F)\n+\n+ def test_inb_ipv6v4_dscp(self):\n+ pkt = self.gen_pkt_tun_ipv6v4(DSCP_3F, DSCP_1)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, DSCP_1)\n+\n+ pkt = self.gen_pkt_tun_ipv6v4(DSCP_1, DSCP_3F)\n+ resp = self.px.xfer_protected(pkt)\n+ self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP)\n+ self.assertEqual(resp[IP].tos, DSCP_3F)\n+\n+pkttest.pkttest()\n", "prefixes": [ "v3", "2/2" ] }