Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 565409b2119160929a9b3c5dc93cd44f063c4996 / . / test / test_ipsec_esp.py
blob: 23cf66031879531176f9ddf053f3373d138f26e5 [file] [log] [blame]
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]1import socket
Klement Sekera28fb03f2018-04-17 11:36:55 +0200[diff] [blame]2import unittest
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]3from scapy.layers.ipsec import ESP
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]4
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]5from framework import VppTestRunner
6from template_ipsec import IpsecTraTests, IpsecTunTests
7from template_ipsec import TemplateIpsec, IpsecTcpTests
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]8
9
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]10class TemplateIpsecEsp(TemplateIpsec):
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]11 """
12 Basic test for ipsec esp sanity - tunnel and transport modes.
13
14 Below 4 cases are covered as part of this test
15 1) ipsec esp v4 transport basic test - IPv4 Transport mode
16 scenario using HMAC-SHA1-96 intergrity algo
17 2) ipsec esp v4 transport burst test
18 Above test for 257 pkts
19 3) ipsec esp 4o4 tunnel basic test - IPv4 Tunnel mode
20 scenario using HMAC-SHA1-96 intergrity algo
21 4) ipsec esp 4o4 tunnel burst test
22 Above test for 257 pkts
23
24 TRANSPORT MODE:
25
26 --- encrypt ---
27 |pg2| <-------> |VPP|
28 --- decrypt ---
29
30 TUNNEL MODE:
31
32 --- encrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +0200[diff] [blame]33 |pg0| <------- |VPP| <------ |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]34 --- --- ---
35
36 --- decrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +0200[diff] [blame]37 |pg0| -------> |VPP| ------> |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]38 --- --- ---
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]39 """
40
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]41 encryption_type = ESP
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]42
43 @classmethod
44 def setUpClass(cls):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]45 super(TemplateIpsecEsp, cls).setUpClass()
46 cls.tun_if = cls.pg0
47 cls.tra_if = cls.pg2
48 cls.logger.info(cls.vapi.ppcli("show int addr"))
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]49 cls.vapi.ipsec_spd_add_del(cls.tra_spd_id)
50 cls.vapi.ipsec_interface_add_del_spd(cls.tra_spd_id,
51 cls.tra_if.sw_if_index)
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]52 for _, p in cls.params.items():
53 cls.config_esp_tra(p)
54 cls.logger.info(cls.vapi.ppcli("show ipsec"))
55 cls.vapi.ipsec_spd_add_del(cls.tun_spd_id)
56 cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id,
57 cls.tun_if.sw_if_index)
58 for _, p in cls.params.items():
59 cls.config_esp_tun(p)
60 cls.logger.info(cls.vapi.ppcli("show ipsec"))
61 for _, p in cls.params.items():
62 src = socket.inet_pton(p.addr_type, p.remote_tun_if_host)
63 cls.vapi.ip_add_del_route(
64 src, p.addr_len, cls.tun_if.remote_addr_n[p.addr_type],
65 is_ipv6=p.is_ipv6)
66
67 @classmethod
68 def config_esp_tun(cls, params):
69 addr_type = params.addr_type
70 is_ipv6 = params.is_ipv6
71 scapy_tun_sa_id = params.scapy_tun_sa_id
72 scapy_tun_spi = params.scapy_tun_spi
73 vpp_tun_sa_id = params.vpp_tun_sa_id
74 vpp_tun_spi = params.vpp_tun_spi
75 auth_algo_vpp_id = params.auth_algo_vpp_id
76 auth_key = params.auth_key
77 crypt_algo_vpp_id = params.crypt_algo_vpp_id
78 crypt_key = params.crypt_key
79 remote_tun_if_host = params.remote_tun_if_host
80 addr_any = params.addr_any
81 addr_bcast = params.addr_bcast
82 cls.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
83 auth_algo_vpp_id, auth_key,
84 crypt_algo_vpp_id, crypt_key,
85 cls.vpp_esp_protocol,
86 cls.tun_if.local_addr_n[addr_type],
87 cls.tun_if.remote_addr_n[addr_type],
88 is_tunnel=1, is_tunnel_ipv6=is_ipv6)
89 cls.vapi.ipsec_sad_add_del_entry(vpp_tun_sa_id, vpp_tun_spi,
90 auth_algo_vpp_id, auth_key,
91 crypt_algo_vpp_id, crypt_key,
92 cls.vpp_esp_protocol,
93 cls.tun_if.remote_addr_n[addr_type],
94 cls.tun_if.local_addr_n[addr_type],
95 is_tunnel=1, is_tunnel_ipv6=is_ipv6)
96 l_startaddr = r_startaddr = socket.inet_pton(addr_type, addr_any)
97 l_stopaddr = r_stopaddr = socket.inet_pton(addr_type, addr_bcast)
98 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]99 l_startaddr, l_stopaddr, r_startaddr,
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]100 r_stopaddr, is_ipv6=is_ipv6,
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]101 protocol=socket.IPPROTO_ESP)
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]102 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]103 l_startaddr, l_stopaddr, r_startaddr,
104 r_stopaddr, is_outbound=0,
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]105 protocol=socket.IPPROTO_ESP,
106 is_ipv6=is_ipv6)
107 l_startaddr = l_stopaddr = socket.inet_pton(addr_type,
108 remote_tun_if_host)
109 r_startaddr = r_stopaddr = cls.pg1.remote_addr_n[addr_type]
110 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, vpp_tun_sa_id,
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]111 l_startaddr, l_stopaddr, r_startaddr,
112 r_stopaddr, priority=10, policy=3,
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]113 is_ipv6=is_ipv6, is_outbound=0)
114 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
115 r_startaddr, r_stopaddr, l_startaddr,
116 l_stopaddr, priority=10, policy=3,
117 is_ipv6=is_ipv6)
118 l_startaddr = l_stopaddr = socket.inet_pton(addr_type,
119 remote_tun_if_host)
120 r_startaddr = r_stopaddr = cls.pg0.local_addr_n[addr_type]
121 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, vpp_tun_sa_id,
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]122 l_startaddr, l_stopaddr, r_startaddr,
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]123 r_stopaddr, priority=20, policy=3,
124 is_outbound=0, is_ipv6=is_ipv6)
125 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
126 r_startaddr, r_stopaddr, l_startaddr,
127 l_stopaddr, priority=20, policy=3,
128 is_ipv6=is_ipv6)
129
130 @classmethod
131 def config_esp_tra(cls, params):
132 addr_type = params.addr_type
133 is_ipv6 = params.is_ipv6
134 scapy_tra_sa_id = params.scapy_tra_sa_id
135 scapy_tra_spi = params.scapy_tra_spi
136 vpp_tra_sa_id = params.vpp_tra_sa_id
137 vpp_tra_spi = params.vpp_tra_spi
138 auth_algo_vpp_id = params.auth_algo_vpp_id
139 auth_key = params.auth_key
140 crypt_algo_vpp_id = params.crypt_algo_vpp_id
141 crypt_key = params.crypt_key
142 addr_any = params.addr_any
143 addr_bcast = params.addr_bcast
144 cls.vapi.ipsec_sad_add_del_entry(scapy_tra_sa_id, scapy_tra_spi,
145 auth_algo_vpp_id, auth_key,
146 crypt_algo_vpp_id, crypt_key,
147 cls.vpp_esp_protocol, is_tunnel=0)
148 cls.vapi.ipsec_sad_add_del_entry(vpp_tra_sa_id, vpp_tra_spi,
149 auth_algo_vpp_id, auth_key,
150 crypt_algo_vpp_id, crypt_key,
151 cls.vpp_esp_protocol, is_tunnel=0)
152 l_startaddr = r_startaddr = socket.inet_pton(addr_type, addr_any)
153 l_stopaddr = r_stopaddr = socket.inet_pton(addr_type, addr_bcast)
154 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id,
155 l_startaddr, l_stopaddr, r_startaddr,
156 r_stopaddr, is_ipv6=is_ipv6,
157 protocol=socket.IPPROTO_ESP)
158 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id,
159 l_startaddr, l_stopaddr, r_startaddr,
160 r_stopaddr, is_outbound=0,
161 is_ipv6=is_ipv6,
162 protocol=socket.IPPROTO_ESP)
163 l_startaddr = l_stopaddr = cls.tra_if.local_addr_n[addr_type]
164 r_startaddr = r_stopaddr = cls.tra_if.remote_addr_n[addr_type]
165 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id,
166 l_startaddr, l_stopaddr, r_startaddr,
167 r_stopaddr, priority=10, policy=3,
168 is_outbound=0, is_ipv6=is_ipv6)
169 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, scapy_tra_sa_id,
170 l_startaddr, l_stopaddr, r_startaddr,
171 r_stopaddr, priority=10, policy=3,
172 is_ipv6=is_ipv6)
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]173
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]174
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]175class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
176 """ Ipsec ESP - TUN & TRA tests """
177 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]178
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]179
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]180class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):
181 """ Ipsec ESP - TCP tests """
182 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]183
184
185if __name__ == '__main__':
186 unittest.main(testRunner=VppTestRunner)