blob: d22f965a31b850dc1a2cda89a39d672537a88351 [file] [log] [blame]
“mystarrocks”23f0c452017-12-11 07:11:51 -08001import socket
Klement Sekera28fb03f2018-04-17 11:36:55 +02002import unittest
Klement Sekera31da2e32018-06-24 22:49:55 +02003from scapy.layers.ipsec import ESP
“mystarrocks”23f0c452017-12-11 07:11:51 -08004
Klement Sekera31da2e32018-06-24 22:49:55 +02005from framework import VppTestRunner
6from template_ipsec import IpsecTraTests, IpsecTunTests
7from template_ipsec import TemplateIpsec, IpsecTcpTests
“mystarrocks”23f0c452017-12-11 07:11:51 -08008
9
Klement Sekera31da2e32018-06-24 22:49:55 +020010class TemplateIpsecEsp(TemplateIpsec):
“mystarrocks”23f0c452017-12-11 07:11:51 -080011 """
12 Basic test for ipsec esp sanity - tunnel and transport modes.
13
14 Below 4 cases are covered as part of this test
15 1) ipsec esp v4 transport basic test - IPv4 Transport mode
16 scenario using HMAC-SHA1-96 intergrity algo
17 2) ipsec esp v4 transport burst test
18 Above test for 257 pkts
19 3) ipsec esp 4o4 tunnel basic test - IPv4 Tunnel mode
20 scenario using HMAC-SHA1-96 intergrity algo
21 4) ipsec esp 4o4 tunnel burst test
22 Above test for 257 pkts
23
24 TRANSPORT MODE:
25
26 --- encrypt ---
27 |pg2| <-------> |VPP|
28 --- decrypt ---
29
30 TUNNEL MODE:
31
32 --- encrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +020033 |pg0| <------- |VPP| <------ |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -080034 --- --- ---
35
36 --- decrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +020037 |pg0| -------> |VPP| ------> |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -080038 --- --- ---
“mystarrocks”23f0c452017-12-11 07:11:51 -080039 """
40
Klement Sekera31da2e32018-06-24 22:49:55 +020041 encryption_type = ESP
“mystarrocks”23f0c452017-12-11 07:11:51 -080042
43 @classmethod
44 def setUpClass(cls):
Klement Sekera31da2e32018-06-24 22:49:55 +020045 super(TemplateIpsecEsp, cls).setUpClass()
46 cls.tun_if = cls.pg0
47 cls.tra_if = cls.pg2
48 cls.logger.info(cls.vapi.ppcli("show int addr"))
Klement Sekera31da2e32018-06-24 22:49:55 +020049 cls.vapi.ipsec_spd_add_del(cls.tra_spd_id)
50 cls.vapi.ipsec_interface_add_del_spd(cls.tra_spd_id,
51 cls.tra_if.sw_if_index)
Klement Sekera611864f2018-09-26 11:19:00 +020052 for _, p in cls.params.items():
53 cls.config_esp_tra(p)
Neale Rannsde847272018-11-28 01:38:34 -080054 cls.configure_sa_tra(p)
Klement Sekera611864f2018-09-26 11:19:00 +020055 cls.logger.info(cls.vapi.ppcli("show ipsec"))
56 cls.vapi.ipsec_spd_add_del(cls.tun_spd_id)
57 cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id,
58 cls.tun_if.sw_if_index)
59 for _, p in cls.params.items():
60 cls.config_esp_tun(p)
61 cls.logger.info(cls.vapi.ppcli("show ipsec"))
62 for _, p in cls.params.items():
63 src = socket.inet_pton(p.addr_type, p.remote_tun_if_host)
64 cls.vapi.ip_add_del_route(
65 src, p.addr_len, cls.tun_if.remote_addr_n[p.addr_type],
66 is_ipv6=p.is_ipv6)
67
68 @classmethod
69 def config_esp_tun(cls, params):
70 addr_type = params.addr_type
71 is_ipv6 = params.is_ipv6
72 scapy_tun_sa_id = params.scapy_tun_sa_id
73 scapy_tun_spi = params.scapy_tun_spi
74 vpp_tun_sa_id = params.vpp_tun_sa_id
75 vpp_tun_spi = params.vpp_tun_spi
76 auth_algo_vpp_id = params.auth_algo_vpp_id
77 auth_key = params.auth_key
78 crypt_algo_vpp_id = params.crypt_algo_vpp_id
79 crypt_key = params.crypt_key
80 remote_tun_if_host = params.remote_tun_if_host
81 addr_any = params.addr_any
82 addr_bcast = params.addr_bcast
83 cls.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
84 auth_algo_vpp_id, auth_key,
85 crypt_algo_vpp_id, crypt_key,
86 cls.vpp_esp_protocol,
87 cls.tun_if.local_addr_n[addr_type],
88 cls.tun_if.remote_addr_n[addr_type],
89 is_tunnel=1, is_tunnel_ipv6=is_ipv6)
90 cls.vapi.ipsec_sad_add_del_entry(vpp_tun_sa_id, vpp_tun_spi,
91 auth_algo_vpp_id, auth_key,
92 crypt_algo_vpp_id, crypt_key,
93 cls.vpp_esp_protocol,
94 cls.tun_if.remote_addr_n[addr_type],
95 cls.tun_if.local_addr_n[addr_type],
96 is_tunnel=1, is_tunnel_ipv6=is_ipv6)
97 l_startaddr = r_startaddr = socket.inet_pton(addr_type, addr_any)
98 l_stopaddr = r_stopaddr = socket.inet_pton(addr_type, addr_bcast)
99 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
Klement Sekera31da2e32018-06-24 22:49:55 +0200100 l_startaddr, l_stopaddr, r_startaddr,
Klement Sekera611864f2018-09-26 11:19:00 +0200101 r_stopaddr, is_ipv6=is_ipv6,
Klement Sekera31da2e32018-06-24 22:49:55 +0200102 protocol=socket.IPPROTO_ESP)
Klement Sekera611864f2018-09-26 11:19:00 +0200103 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
Klement Sekera31da2e32018-06-24 22:49:55 +0200104 l_startaddr, l_stopaddr, r_startaddr,
105 r_stopaddr, is_outbound=0,
Klement Sekera611864f2018-09-26 11:19:00 +0200106 protocol=socket.IPPROTO_ESP,
107 is_ipv6=is_ipv6)
108 l_startaddr = l_stopaddr = socket.inet_pton(addr_type,
109 remote_tun_if_host)
110 r_startaddr = r_stopaddr = cls.pg1.remote_addr_n[addr_type]
111 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, vpp_tun_sa_id,
Klement Sekera31da2e32018-06-24 22:49:55 +0200112 l_startaddr, l_stopaddr, r_startaddr,
113 r_stopaddr, priority=10, policy=3,
Klement Sekera611864f2018-09-26 11:19:00 +0200114 is_ipv6=is_ipv6, is_outbound=0)
115 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
116 r_startaddr, r_stopaddr, l_startaddr,
117 l_stopaddr, priority=10, policy=3,
118 is_ipv6=is_ipv6)
119 l_startaddr = l_stopaddr = socket.inet_pton(addr_type,
120 remote_tun_if_host)
121 r_startaddr = r_stopaddr = cls.pg0.local_addr_n[addr_type]
122 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, vpp_tun_sa_id,
Klement Sekera31da2e32018-06-24 22:49:55 +0200123 l_startaddr, l_stopaddr, r_startaddr,
Klement Sekera611864f2018-09-26 11:19:00 +0200124 r_stopaddr, priority=20, policy=3,
125 is_outbound=0, is_ipv6=is_ipv6)
126 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
127 r_startaddr, r_stopaddr, l_startaddr,
128 l_stopaddr, priority=20, policy=3,
129 is_ipv6=is_ipv6)
130
131 @classmethod
132 def config_esp_tra(cls, params):
133 addr_type = params.addr_type
134 is_ipv6 = params.is_ipv6
135 scapy_tra_sa_id = params.scapy_tra_sa_id
136 scapy_tra_spi = params.scapy_tra_spi
137 vpp_tra_sa_id = params.vpp_tra_sa_id
138 vpp_tra_spi = params.vpp_tra_spi
139 auth_algo_vpp_id = params.auth_algo_vpp_id
140 auth_key = params.auth_key
141 crypt_algo_vpp_id = params.crypt_algo_vpp_id
142 crypt_key = params.crypt_key
143 addr_any = params.addr_any
144 addr_bcast = params.addr_bcast
145 cls.vapi.ipsec_sad_add_del_entry(scapy_tra_sa_id, scapy_tra_spi,
146 auth_algo_vpp_id, auth_key,
147 crypt_algo_vpp_id, crypt_key,
Neale Rannsde847272018-11-28 01:38:34 -0800148 cls.vpp_esp_protocol, is_tunnel=0,
149 use_anti_replay=1)
Klement Sekera611864f2018-09-26 11:19:00 +0200150 cls.vapi.ipsec_sad_add_del_entry(vpp_tra_sa_id, vpp_tra_spi,
151 auth_algo_vpp_id, auth_key,
152 crypt_algo_vpp_id, crypt_key,
Neale Rannsde847272018-11-28 01:38:34 -0800153 cls.vpp_esp_protocol, is_tunnel=0,
154 use_anti_replay=1)
Klement Sekera611864f2018-09-26 11:19:00 +0200155 l_startaddr = r_startaddr = socket.inet_pton(addr_type, addr_any)
156 l_stopaddr = r_stopaddr = socket.inet_pton(addr_type, addr_bcast)
157 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id,
158 l_startaddr, l_stopaddr, r_startaddr,
159 r_stopaddr, is_ipv6=is_ipv6,
160 protocol=socket.IPPROTO_ESP)
161 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id,
162 l_startaddr, l_stopaddr, r_startaddr,
163 r_stopaddr, is_outbound=0,
164 is_ipv6=is_ipv6,
165 protocol=socket.IPPROTO_ESP)
166 l_startaddr = l_stopaddr = cls.tra_if.local_addr_n[addr_type]
167 r_startaddr = r_stopaddr = cls.tra_if.remote_addr_n[addr_type]
168 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id,
169 l_startaddr, l_stopaddr, r_startaddr,
170 r_stopaddr, priority=10, policy=3,
171 is_outbound=0, is_ipv6=is_ipv6)
172 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, scapy_tra_sa_id,
173 l_startaddr, l_stopaddr, r_startaddr,
174 r_stopaddr, priority=10, policy=3,
175 is_ipv6=is_ipv6)
“mystarrocks”23f0c452017-12-11 07:11:51 -0800176
“mystarrocks”23f0c452017-12-11 07:11:51 -0800177
Klement Sekera31da2e32018-06-24 22:49:55 +0200178class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
179 """ Ipsec ESP - TUN & TRA tests """
Klement Sekerab4d30532018-11-08 13:00:02 +0100180 tra4_encrypt_node_name = "esp4-encrypt"
181 tra4_decrypt_node_name = "esp4-decrypt"
182 tra6_encrypt_node_name = "esp6-encrypt"
183 tra6_decrypt_node_name = "esp6-decrypt"
184 tun4_encrypt_node_name = "esp4-encrypt"
185 tun4_decrypt_node_name = "esp4-decrypt"
186 tun6_encrypt_node_name = "esp6-encrypt"
187 tun6_decrypt_node_name = "esp6-decrypt"
“mystarrocks”23f0c452017-12-11 07:11:51 -0800188
“mystarrocks”23f0c452017-12-11 07:11:51 -0800189
Klement Sekera31da2e32018-06-24 22:49:55 +0200190class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):
191 """ Ipsec ESP - TCP tests """
192 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800193
194
195if __name__ == '__main__':
196 unittest.main(testRunner=VppTestRunner)