| Klement Sekera | b4d3053 | 2018-11-08 13:00:02 +0100 | [diff] [blame] | 1 | import unittest |
| 2 | |
| 3 | from framework import VppTestCase, VppTestRunner |
| 4 | from template_ipsec import TemplateIpsec |
| 5 | |
| 6 | |
| 7 | class IpsecApiTestCase(VppTestCase): |
| 8 | """ IPSec API tests """ |
| 9 | |
| 10 | @classmethod |
| 11 | def setUpClass(cls): |
| 12 | super(IpsecApiTestCase, cls).setUpClass() |
| 13 | cls.create_pg_interfaces([0]) |
| 14 | cls.pg0.config_ip4() |
| 15 | cls.pg0.admin_up() |
| 16 | |
| 17 | def test_backend_dump(self): |
| 18 | """ backend dump """ |
| 19 | d = self.vapi.ipsec_backend_dump() |
| 20 | self.assert_equal(len(d), 2, "number of ipsec backends in dump") |
| 21 | self.assert_equal(d[0].protocol, TemplateIpsec.vpp_ah_protocol, |
| 22 | "ipsec protocol in dump entry") |
| 23 | self.assert_equal(d[0].index, 0, "index in dump entry") |
| 24 | self.assert_equal(d[0].active, 1, "active flag in dump entry") |
| 25 | self.assert_equal(d[1].protocol, TemplateIpsec.vpp_esp_protocol, |
| 26 | "ipsec protocol in dump entry") |
| 27 | self.assert_equal(d[1].index, 0, "index in dump entry") |
| 28 | self.assert_equal(d[1].active, 1, "active flag in dump entry") |
| 29 | |
| 30 | def test_select_valid_backend(self): |
| 31 | """ select valid backend """ |
| 32 | self.vapi.ipsec_select_backend(TemplateIpsec.vpp_ah_protocol, 0) |
| 33 | self.vapi.ipsec_select_backend(TemplateIpsec.vpp_esp_protocol, 0) |
| 34 | |
| 35 | def test_select_invalid_backend(self): |
| 36 | """ select invalid backend """ |
| 37 | with self.vapi.assert_negative_api_retval(): |
| 38 | self.vapi.ipsec_select_backend(TemplateIpsec.vpp_ah_protocol, 200) |
| 39 | with self.vapi.assert_negative_api_retval(): |
| 40 | self.vapi.ipsec_select_backend(TemplateIpsec.vpp_esp_protocol, 200) |
| 41 | |
| 42 | def test_select_backend_in_use(self): |
| 43 | """ attempt to change backend while sad configured """ |
| 44 | params = TemplateIpsec.ipv4_params |
| 45 | addr_type = params.addr_type |
| 46 | is_ipv6 = params.is_ipv6 |
| 47 | scapy_tun_sa_id = params.scapy_tun_sa_id |
| 48 | scapy_tun_spi = params.scapy_tun_spi |
| 49 | auth_algo_vpp_id = params.auth_algo_vpp_id |
| 50 | auth_key = params.auth_key |
| 51 | crypt_algo_vpp_id = params.crypt_algo_vpp_id |
| 52 | crypt_key = params.crypt_key |
| 53 | |
| 54 | self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi, |
| 55 | auth_algo_vpp_id, auth_key, |
| 56 | crypt_algo_vpp_id, crypt_key, |
| 57 | TemplateIpsec.vpp_ah_protocol, |
| 58 | self.pg0.local_addr_n[addr_type], |
| 59 | self.pg0.remote_addr_n[addr_type], |
| 60 | is_tunnel=1, is_tunnel_ipv6=is_ipv6) |
| 61 | with self.vapi.assert_negative_api_retval(): |
| 62 | self.vapi.ipsec_select_backend( |
| 63 | protocol=TemplateIpsec.vpp_ah_protocol, index=0) |
| 64 | |
| 65 | self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi, |
| 66 | auth_algo_vpp_id, auth_key, |
| 67 | crypt_algo_vpp_id, crypt_key, |
| 68 | TemplateIpsec.vpp_ah_protocol, |
| 69 | self.pg0.local_addr_n[addr_type], |
| 70 | self.pg0.remote_addr_n[addr_type], |
| 71 | is_tunnel=1, is_tunnel_ipv6=is_ipv6, |
| 72 | is_add=0) |
| 73 | self.vapi.ipsec_select_backend( |
| 74 | protocol=TemplateIpsec.vpp_ah_protocol, index=0) |
| 75 | |
| 76 | |
| 77 | if __name__ == '__main__': |
| 78 | unittest.main(testRunner=VppTestRunner) |