Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 608f95cddc4e1e78b4d3ac3b2c3f1ae86f1fa632 / . / test / test_ipsec_ah.py
blob: 729f8716d03928555eabdd9eafc23b418a15dd61 [file] [log] [blame]
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]1import socket
Klement Sekera28fb03f2018-04-17 11:36:55 +0200[diff] [blame]2import unittest
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]3
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]4from scapy.layers.ipsec import AH
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]5
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]6from framework import VppTestRunner
7from template_ipsec import TemplateIpsec, IpsecTraTests, IpsecTunTests
8from template_ipsec import IpsecTcpTests
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]9
10
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]11class TemplateIpsecAh(TemplateIpsec):
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]12 """
13 Basic test for IPSEC using AH transport and Tunnel mode
14
15 Below 4 cases are covered as part of this test
16 1) ipsec ah v4 transport basic test - IPv4 Transport mode
17 scenario using HMAC-SHA1-96 intergrity algo
18 2) ipsec ah v4 transport burst test
19 Above test for 257 pkts
20 3) ipsec ah 4o4 tunnel basic test - IPv4 Tunnel mode
21 scenario using HMAC-SHA1-96 intergrity algo
22 4) ipsec ah 4o4 tunnel burst test
23 Above test for 257 pkts
24
25 TRANSPORT MODE:
26
27 --- encrypt ---
28 |pg2| <-------> |VPP|
29 --- decrypt ---
30
31 TUNNEL MODE:
32
33 --- encrypt --- plain ---
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]34 |pg0| <------- |VPP| <------ |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]35 --- --- ---
36
37 --- decrypt --- plain ---
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]38 |pg0| -------> |VPP| ------> |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]39 --- --- ---
40
41 Note : IPv6 is not covered
42 """
43
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]44 encryption_type = AH
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]45
46 @classmethod
47 def setUpClass(cls):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]48 super(TemplateIpsecAh, cls).setUpClass()
49 cls.tun_if = cls.pg0
50 cls.tra_if = cls.pg2
51 cls.logger.info(cls.vapi.ppcli("show int addr"))
52 cls.config_ah_tra()
53 cls.logger.info(cls.vapi.ppcli("show ipsec"))
54 cls.config_ah_tun()
55 cls.logger.info(cls.vapi.ppcli("show ipsec"))
56 src4 = socket.inet_pton(socket.AF_INET, cls.remote_tun_if_host)
57 cls.vapi.ip_add_del_route(src4, 32, cls.tun_if.remote_ip4n)
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]58
59 @classmethod
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]60 def config_ah_tun(cls):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]61 cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tun_sa_id,
62 cls.scapy_tun_spi,
63 cls.auth_algo_vpp_id, cls.auth_key,
64 cls.crypt_algo_vpp_id,
65 cls.crypt_key, cls.vpp_ah_protocol,
66 cls.tun_if.local_ip4n,
67 cls.tun_if.remote_ip4n)
68 cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tun_sa_id,
69 cls.vpp_tun_spi,
70 cls.auth_algo_vpp_id, cls.auth_key,
71 cls.crypt_algo_vpp_id,
72 cls.crypt_key, cls.vpp_ah_protocol,
73 cls.tun_if.remote_ip4n,
74 cls.tun_if.local_ip4n)
75 cls.vapi.ipsec_spd_add_del(cls.tun_spd_id)
76 cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id,
77 cls.tun_if.sw_if_index)
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]78 l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET, "0.0.0.0")
79 l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET,
80 "255.255.255.255")
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]81 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
82 l_startaddr, l_stopaddr, r_startaddr,
83 r_stopaddr,
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]84 protocol=socket.IPPROTO_AH)
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]85 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
86 l_startaddr, l_stopaddr, r_startaddr,
87 r_stopaddr, is_outbound=0,
88 protocol=socket.IPPROTO_AH)
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]89 l_startaddr = l_stopaddr = socket.inet_pton(socket.AF_INET,
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]90 cls.remote_tun_if_host)
91 r_startaddr = r_stopaddr = cls.pg1.remote_ip4n
92 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
93 l_startaddr, l_stopaddr, r_startaddr,
94 r_stopaddr, priority=10, policy=3,
95 is_outbound=0)
96 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
97 r_startaddr, r_stopaddr, l_startaddr,
98 l_stopaddr, priority=10, policy=3)
99 r_startaddr = r_stopaddr = cls.pg0.local_ip4n
100 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
101 l_startaddr, l_stopaddr, r_startaddr,
102 r_stopaddr, priority=20, policy=3,
103 is_outbound=0)
104 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
105 r_startaddr, r_stopaddr, l_startaddr,
106 l_stopaddr, priority=20, policy=3)
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]107
108 @classmethod
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]109 def config_ah_tra(cls):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]110 cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tra_sa_id,
111 cls.scapy_tra_spi,
112 cls.auth_algo_vpp_id, cls.auth_key,
113 cls.crypt_algo_vpp_id,
114 cls.crypt_key, cls.vpp_ah_protocol,
115 is_tunnel=0)
116 cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tra_sa_id,
117 cls.vpp_tra_spi,
118 cls.auth_algo_vpp_id, cls.auth_key,
119 cls.crypt_algo_vpp_id,
120 cls.crypt_key, cls.vpp_ah_protocol,
121 is_tunnel=0)
122 cls.vapi.ipsec_spd_add_del(cls.tra_spd_id)
123 cls.vapi.ipsec_interface_add_del_spd(cls.tra_spd_id,
124 cls.tra_if.sw_if_index)
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]125 l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET, "0.0.0.0")
126 l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET,
127 "255.255.255.255")
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]128 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
129 l_startaddr, l_stopaddr, r_startaddr,
130 r_stopaddr,
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]131 protocol=socket.IPPROTO_AH)
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]132 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.scapy_tra_sa_id,
133 l_startaddr, l_stopaddr, r_startaddr,
134 r_stopaddr, is_outbound=0,
135 protocol=socket.IPPROTO_AH)
136 l_startaddr = l_stopaddr = cls.tra_if.local_ip4n
137 r_startaddr = r_stopaddr = cls.tra_if.remote_ip4n
138 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
139 l_startaddr, l_stopaddr, r_startaddr,
140 r_stopaddr, priority=10, policy=3,
Klement Sekera84c62042018-05-11 11:06:09 +0200[diff] [blame]141 is_outbound=0)
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]142 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.scapy_tra_sa_id,
143 l_startaddr, l_stopaddr, r_startaddr,
144 r_stopaddr, priority=10,
145 policy=3)
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]146
147 def tearDown(self):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]148 super(TemplateIpsecAh, self).tearDown()
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]149 if not self.vpp_dead:
150 self.vapi.cli("show hardware")
151
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]152
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]153class TestIpsecAh1(TemplateIpsecAh, IpsecTraTests, IpsecTunTests):
154 """ Ipsec AH - TUN & TRA tests """
155 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]156
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]157
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]158class TestIpsecAh2(TemplateIpsecAh, IpsecTcpTests):
159 """ Ipsec AH - TCP tests """
160 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]161
162
163if __name__ == '__main__':
164 unittest.main(testRunner=VppTestRunner)