diff options
author | nharold <nharold@google.com> | 2018-01-22 18:34:29 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2018-01-22 18:34:29 +0000 |
commit | fe424e891713732e5a19c81138d0adcd26f61315 (patch) | |
tree | 8ff00bf2fa4a2e3f090331a61011c737b911b5c2 | |
parent | 3f5af949e6c3794458edf94967fc31ae1b00be50 (diff) | |
parent | 31c07d8a8e3d0e141a19195188903c0710f05fb1 (diff) | |
download | kernel_tests-fe424e891713732e5a19c81138d0adcd26f61315.tar.gz kernel_tests-fe424e891713732e5a19c81138d0adcd26f61315.tar.bz2 kernel_tests-fe424e891713732e5a19c81138d0adcd26f61315.zip |
Merge "Test that an SA Can be Updated with a Mark"android-wear-8.0.0_r1
-rwxr-xr-x | net/test/xfrm.py | 37 | ||||
-rwxr-xr-x | net/test/xfrm_test.py | 22 |
2 files changed, 52 insertions, 7 deletions
diff --git a/net/test/xfrm.py b/net/test/xfrm.py index 456f3bdc..04a434d3 100755 --- a/net/test/xfrm.py +++ b/net/test/xfrm.py @@ -380,7 +380,7 @@ class Xfrm(netlink.NetlinkSocket): return self._SendNlRequest(msg_type, msg, flags) def AddSaInfo(self, src, dst, spi, mode, reqid, encryption, auth_trunc, aead, - encap, mark, output_mark): + encap, mark, output_mark, is_update=False): """Adds an IPsec security association. Args: @@ -397,6 +397,8 @@ class Xfrm(netlink.NetlinkSocket): mark: A mark match specifier, such as returned by ExactMatchMark(), or None for an SA that matches all possible marks. output_mark: An integer, the output mark. 0 means unset. + is_update: If true, update an existing SA otherwise create a new SA. For + compatibility reasons, this value defaults to False. """ proto = IPPROTO_ESP xfrm_id = XfrmId((PaddedAddress(dst), spi, proto)) @@ -450,26 +452,47 @@ class Xfrm(netlink.NetlinkSocket): cur, stats, seq, reqid, family, mode, replay, flags)) msg = sa.Pack() + nlattrs flags = netlink.NLM_F_REQUEST | netlink.NLM_F_ACK - self._SendNlRequest(XFRM_MSG_NEWSA, msg, flags) + nl_msg_type = XFRM_MSG_UPDSA if is_update else XFRM_MSG_NEWSA + self._SendNlRequest(nl_msg_type, msg, flags) - def DeleteSaInfo(self, daddr, spi, proto): + def DeleteSaInfo(self, dst, spi, proto, mark=None): + """Delete an SA from the SAD + + Args: + dst: A string, the destination IP address. Forms part of the XFRM ID, and + must match the destination address of the packets sent by this SA. + spi: An integer, the SPI. + proto: The protocol DB of the SA, such as IPPROTO_ESP. + mark: A mark match specifier, such as returned by ExactMatchMark(), or + None for an SA without a Mark attribute. + """ # TODO: deletes take a mark as well. - family = AF_INET6 if ":" in daddr else AF_INET - usersa_id = XfrmUsersaId((PaddedAddress(daddr), spi, family, proto)) - flags = netlink.NLM_F_REQUEST | netlink.NLM_F_ACK - self._SendNlRequest(XFRM_MSG_DELSA, usersa_id.Pack(), flags) + family = AF_INET6 if ":" in dst else AF_INET + usersa_id = XfrmUsersaId((PaddedAddress(dst), spi, family, proto)) + nlattrs = [] + if mark is not None: + nlattrs.append((XFRMA_MARK, mark)) + self.SendXfrmNlRequest(XFRM_MSG_DELSA, usersa_id, nlattrs) def AllocSpi(self, dst, proto, min_spi, max_spi): """Allocate (reserve) an SPI. This sends an XFRM_MSG_ALLOCSPI message and returns the resulting XfrmUsersaInfo struct. + + Args: + dst: A string, the destination IP address. Forms part of the XFRM ID, and + must match the destination address of the packets sent by this SA. + proto: the protocol DB of the SA, such as IPPROTO_ESP. + min_spi: The minimum value of the acceptable SPI range (inclusive). + max_spi: The maximum value of the acceptable SPI range (inclusive). """ spi = XfrmUserSpiInfo("\x00" * len(XfrmUserSpiInfo)) spi.min = min_spi spi.max = max_spi spi.info.id.daddr = PaddedAddress(dst) spi.info.id.proto = proto + spi.info.family = AF_INET6 if ":" in dst else AF_INET msg = spi.Pack() flags = netlink.NLM_F_REQUEST diff --git a/net/test/xfrm_test.py b/net/test/xfrm_test.py index c4fc46e3..1ec9692f 100755 --- a/net/test/xfrm_test.py +++ b/net/test/xfrm_test.py @@ -760,6 +760,28 @@ class XfrmOutputMarkTest(xfrm_base.XfrmBaseTest): xfrm.XFRM_MODE_TRANSPORT, 0, invalid_crypt, xfrm_base._ALGO_HMAC_SHA1, None, None, None, 0) + def testUpdateSaAddMark(self): + """Test that when an SA has no mark, it can be updated to add a mark.""" + for version in [4, 6]: + spi = 0xABCD + # Test that an SA created with ALLOCSPI can be updated with the mark. + new_sa = self.xfrm.AllocSpi(net_test.GetWildcardAddress(version), + IPPROTO_ESP, spi, spi) + mark = xfrm.ExactMatchMark(0xf00d) + self.xfrm.AddSaInfo(net_test.GetWildcardAddress(version), + net_test.GetWildcardAddress(version), + spi, xfrm.XFRM_MODE_TUNNEL, 0, + xfrm_base._ALGO_CBC_AES_256, + xfrm_base._ALGO_HMAC_SHA1, + None, None, mark, 0, is_update=True) + dump = self.xfrm.DumpSaInfo() + self.assertEquals(1, len(dump)) # check that update updated + sainfo, attributes = dump[0] + self.assertEquals(mark, attributes["XFRMA_MARK"]) + self.xfrm.DeleteSaInfo(net_test.GetWildcardAddress(version), + spi, IPPROTO_ESP, mark) + + # TODO: we might also need to update the mark for a VALID SA. if __name__ == "__main__": unittest.main() |