Merge "Test that an SA Can be Updated with a Mark"android-wear-8.0.0_r1

2 files changed, 52 insertions, 7 deletions

diff --git a/net/test/xfrm.py b/net/test/xfrm.py
index 456f3bdc..04a434d3 100755
--- a/net/test/xfrm.py
+++ b/net/test/xfrm.py
@@ -380,7 +380,7 @@ class Xfrm(netlink.NetlinkSocket):
     return self._SendNlRequest(msg_type, msg, flags)
 
   def AddSaInfo(self, src, dst, spi, mode, reqid, encryption, auth_trunc, aead,
-                encap, mark, output_mark):
+                encap, mark, output_mark, is_update=False):
     """Adds an IPsec security association.
 
     Args:
@@ -397,6 +397,8 @@ class Xfrm(netlink.NetlinkSocket):
       mark: A mark match specifier, such as returned by ExactMatchMark(), or
         None for an SA that matches all possible marks.
       output_mark: An integer, the output mark. 0 means unset.
+      is_update: If true, update an existing SA otherwise create a new SA. For
+        compatibility reasons, this value defaults to False.
     """
     proto = IPPROTO_ESP
     xfrm_id = XfrmId((PaddedAddress(dst), spi, proto))
@@ -450,26 +452,47 @@ class Xfrm(netlink.NetlinkSocket):
                          cur, stats, seq, reqid, family, mode, replay, flags))
     msg = sa.Pack() + nlattrs
     flags = netlink.NLM_F_REQUEST | netlink.NLM_F_ACK
-    self._SendNlRequest(XFRM_MSG_NEWSA, msg, flags)
+    nl_msg_type = XFRM_MSG_UPDSA if is_update else XFRM_MSG_NEWSA
+    self._SendNlRequest(nl_msg_type, msg, flags)
 
-  def DeleteSaInfo(self, daddr, spi, proto):
+  def DeleteSaInfo(self, dst, spi, proto, mark=None):
+    """Delete an SA from the SAD
+
+    Args:
+      dst: A string, the destination IP address. Forms part of the XFRM ID, and
+        must match the destination address of the packets sent by this SA.
+      spi: An integer, the SPI.
+      proto: The protocol DB of the SA, such as IPPROTO_ESP.
+      mark: A mark match specifier, such as returned by ExactMatchMark(), or
+        None for an SA without a Mark attribute.
+    """
     # TODO: deletes take a mark as well.
-    family = AF_INET6 if ":" in daddr else AF_INET
-    usersa_id = XfrmUsersaId((PaddedAddress(daddr), spi, family, proto))
-    flags = netlink.NLM_F_REQUEST | netlink.NLM_F_ACK
-    self._SendNlRequest(XFRM_MSG_DELSA, usersa_id.Pack(), flags)
+    family = AF_INET6 if ":" in dst else AF_INET
+    usersa_id = XfrmUsersaId((PaddedAddress(dst), spi, family, proto))
+    nlattrs = []
+    if mark is not None:
+      nlattrs.append((XFRMA_MARK, mark))
+    self.SendXfrmNlRequest(XFRM_MSG_DELSA, usersa_id, nlattrs)
 
   def AllocSpi(self, dst, proto, min_spi, max_spi):
     """Allocate (reserve) an SPI.
 
     This sends an XFRM_MSG_ALLOCSPI message and returns the resulting
     XfrmUsersaInfo struct.
+
+    Args:
+      dst: A string, the destination IP address. Forms part of the XFRM ID, and
+        must match the destination address of the packets sent by this SA.
+      proto: the protocol DB of the SA, such as IPPROTO_ESP.
+      min_spi: The minimum value of the acceptable SPI range (inclusive).
+      max_spi: The maximum value of the acceptable SPI range (inclusive).
     """
     spi = XfrmUserSpiInfo("\x00" * len(XfrmUserSpiInfo))
     spi.min = min_spi
     spi.max = max_spi
     spi.info.id.daddr = PaddedAddress(dst)
     spi.info.id.proto = proto
+    spi.info.family = AF_INET6 if ":" in dst else AF_INET
 
     msg = spi.Pack()
     flags = netlink.NLM_F_REQUEST
diff --git a/net/test/xfrm_test.py b/net/test/xfrm_test.py
index c4fc46e3..1ec9692f 100755
--- a/net/test/xfrm_test.py
+++ b/net/test/xfrm_test.py
@@ -760,6 +760,28 @@ class XfrmOutputMarkTest(xfrm_base.XfrmBaseTest):
             xfrm.XFRM_MODE_TRANSPORT, 0, invalid_crypt,
             xfrm_base._ALGO_HMAC_SHA1, None, None, None, 0)
 
+  def testUpdateSaAddMark(self):
+    """Test that when an SA has no mark, it can be updated to add a mark."""
+    for version in [4, 6]:
+      spi = 0xABCD
+      # Test that an SA created with ALLOCSPI can be updated with the mark.
+      new_sa = self.xfrm.AllocSpi(net_test.GetWildcardAddress(version),
+                                  IPPROTO_ESP, spi, spi)
+      mark = xfrm.ExactMatchMark(0xf00d)
+      self.xfrm.AddSaInfo(net_test.GetWildcardAddress(version),
+                          net_test.GetWildcardAddress(version),
+                          spi, xfrm.XFRM_MODE_TUNNEL, 0,
+                          xfrm_base._ALGO_CBC_AES_256,
+                          xfrm_base._ALGO_HMAC_SHA1,
+                          None, None, mark, 0, is_update=True)
+      dump = self.xfrm.DumpSaInfo()
+      self.assertEquals(1, len(dump)) # check that update updated
+      sainfo, attributes = dump[0]
+      self.assertEquals(mark, attributes["XFRMA_MARK"])
+      self.xfrm.DeleteSaInfo(net_test.GetWildcardAddress(version),
+                             spi, IPPROTO_ESP, mark)
+
+      # TODO: we might also need to update the mark for a VALID SA.
 
 if __name__ == "__main__":
   unittest.main()