Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 6aa58b732bcff8060f287472c3d3c08137fabca9 / . / test / test_ipsec_tun_if_esp.py
blob: 47b138fe48656db7df90ecb6904cc46da6f94604 [file] [log] [blame]
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]1import unittest
2import socket
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]3import copy
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]4
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]5from scapy.layers.ipsec import ESP
Neale Rannsf05e7322019-03-29 20:23:58 +0000[diff] [blame]6from scapy.layers.l2 import Ether, Raw, GRE
7from scapy.layers.inet import IP, UDP
8from framework import VppTestRunner, is_skip_aarch64_set, is_platform_aarch64
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]9from template_ipsec import TemplateIpsec, IpsecTun4Tests, IpsecTun6Tests, \
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]10 IpsecTun4, IpsecTun6, IpsecTcpTests, config_tun_params
Neale Rannsf05e7322019-03-29 20:23:58 +0000[diff] [blame]11from vpp_ipsec_tun_interface import VppIpsecTunInterface, \
12 VppIpsecGRETunInterface
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]13from vpp_ip_route import VppIpRoute, VppRoutePath, DpoProto
Neale Rannsf05e7322019-03-29 20:23:58 +0000[diff] [blame]14from vpp_ipsec import VppIpsecSA
15from vpp_l2 import VppBridgeDomain, VppBridgeDomainPort
16from util import ppp
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]17from vpp_papi import VppEnum
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]18
19
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]20class TemplateIpsec4TunIfEsp(TemplateIpsec):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]21 """ IPsec tunnel interface tests """
22
23 encryption_type = ESP
24
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]25 @classmethod
26 def setUpClass(cls):
27 super(TemplateIpsec4TunIfEsp, cls).setUpClass()
28
29 @classmethod
30 def tearDownClass(cls):
31 super(TemplateIpsec4TunIfEsp, cls).tearDownClass()
32
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]33 def setUp(self):
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]34 super(TemplateIpsec4TunIfEsp, self).setUp()
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]35
36 self.tun_if = self.pg0
37
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]38 p = self.ipv4_params
Neale Rannsd7603d92019-03-28 08:56:10 +0000[diff] [blame]39
40 p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
41 p.scapy_tun_spi, p.crypt_algo_vpp_id,
42 p.crypt_key, p.crypt_key,
43 p.auth_algo_vpp_id, p.auth_key,
44 p.auth_key)
45 p.tun_if.add_vpp_config()
46 p.tun_if.admin_up()
47 p.tun_if.config_ip4()
48 p.tun_if.config_ip6()
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]49
Neale Ranns25edf142019-03-22 08:12:48 +0000[diff] [blame]50 VppIpRoute(self, p.remote_tun_if_host, 32,
Neale Rannsd7603d92019-03-28 08:56:10 +0000[diff] [blame]51 [VppRoutePath(p.tun_if.remote_ip4,
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]52 0xffffffff)]).add_vpp_config()
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]53 VppIpRoute(self, p.remote_tun_if_host6, 128,
Neale Rannsd7603d92019-03-28 08:56:10 +0000[diff] [blame]54 [VppRoutePath(p.tun_if.remote_ip6,
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]55 0xffffffff,
56 proto=DpoProto.DPO_PROTO_IP6)],
57 is_ip6=1).add_vpp_config()
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]58
59 def tearDown(self):
60 if not self.vpp_dead:
61 self.vapi.cli("show hardware")
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]62 super(TemplateIpsec4TunIfEsp, self).tearDown()
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]63
64
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]65class TestIpsec4TunIfEsp1(TemplateIpsec4TunIfEsp, IpsecTun4Tests):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]66 """ Ipsec ESP - TUN tests """
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]67 tun4_encrypt_node_name = "esp4-encrypt-tun"
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]68 tun4_decrypt_node_name = "esp4-decrypt"
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]69
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]70 def test_tun_basic64(self):
71 """ ipsec 6o4 tunnel basic test """
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]72 self.tun4_encrypt_node_name = "esp6-encrypt-tun"
73
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]74 self.verify_tun_64(self.params[socket.AF_INET], count=1)
75
76 def test_tun_burst64(self):
77 """ ipsec 6o4 tunnel basic test """
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]78 self.tun4_encrypt_node_name = "esp6-encrypt-tun"
79
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]80 self.verify_tun_64(self.params[socket.AF_INET], count=257)
81
Neale Rannsd7603d92019-03-28 08:56:10 +0000[diff] [blame]82 def test_tun_basic_frag44(self):
83 """ ipsec 4o4 tunnel frag basic test """
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]84 self.tun4_encrypt_node_name = "esp4-encrypt-tun"
85
Neale Rannsd7603d92019-03-28 08:56:10 +0000[diff] [blame]86 p = self.ipv4_params
87
88 self.vapi.sw_interface_set_mtu(p.tun_if.sw_if_index,
89 [1500, 0, 0, 0])
90 self.verify_tun_44(self.params[socket.AF_INET],
91 count=1, payload_size=1800, n_rx=2)
92 self.vapi.sw_interface_set_mtu(p.tun_if.sw_if_index,
93 [9000, 0, 0, 0])
94
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]95
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]96class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]97 """ Ipsec ESP - TCP tests """
98 pass
99
100
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]101class TemplateIpsec6TunIfEsp(TemplateIpsec):
102 """ IPsec tunnel interface tests """
103
104 encryption_type = ESP
105
106 def setUp(self):
107 super(TemplateIpsec6TunIfEsp, self).setUp()
108
109 self.tun_if = self.pg0
110
111 p = self.ipv6_params
112 tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
113 p.scapy_tun_spi, p.crypt_algo_vpp_id,
114 p.crypt_key, p.crypt_key,
115 p.auth_algo_vpp_id, p.auth_key,
116 p.auth_key, is_ip6=True)
117 tun_if.add_vpp_config()
118 tun_if.admin_up()
119 tun_if.config_ip6()
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]120 tun_if.config_ip4()
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]121
Neale Ranns25edf142019-03-22 08:12:48 +0000[diff] [blame]122 VppIpRoute(self, p.remote_tun_if_host, 128,
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]123 [VppRoutePath(tun_if.remote_ip6,
124 0xffffffff,
125 proto=DpoProto.DPO_PROTO_IP6)],
126 is_ip6=1).add_vpp_config()
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]127 VppIpRoute(self, p.remote_tun_if_host4, 32,
128 [VppRoutePath(tun_if.remote_ip4,
129 0xffffffff)]).add_vpp_config()
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]130
131 def tearDown(self):
132 if not self.vpp_dead:
133 self.vapi.cli("show hardware")
134 super(TemplateIpsec6TunIfEsp, self).tearDown()
135
136
137class TestIpsec6TunIfEsp1(TemplateIpsec6TunIfEsp, IpsecTun6Tests):
138 """ Ipsec ESP - TUN tests """
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]139 tun6_encrypt_node_name = "esp6-encrypt-tun"
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]140 tun6_decrypt_node_name = "esp6-decrypt"
141
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]142 def test_tun_basic46(self):
143 """ ipsec 4o6 tunnel basic test """
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]144 self.tun6_encrypt_node_name = "esp4-encrypt-tun"
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]145 self.verify_tun_46(self.params[socket.AF_INET6], count=1)
146
147 def test_tun_burst46(self):
148 """ ipsec 4o6 tunnel burst test """
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]149 self.tun6_encrypt_node_name = "esp4-encrypt-tun"
Neale Ranns987aea82019-03-27 13:40:35 +0000[diff] [blame]150 self.verify_tun_46(self.params[socket.AF_INET6], count=257)
151
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]152
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]153class TestIpsec4MultiTunIfEsp(TemplateIpsec, IpsecTun4):
154 """ IPsec IPv4 Multi Tunnel interface """
155
156 encryption_type = ESP
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]157 tun4_encrypt_node_name = "esp4-encrypt-tun"
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]158 tun4_decrypt_node_name = "esp4-decrypt"
159
160 def setUp(self):
161 super(TestIpsec4MultiTunIfEsp, self).setUp()
162
163 self.tun_if = self.pg0
164
165 self.multi_params = []
166
167 for ii in range(10):
168 p = copy.copy(self.ipv4_params)
169
170 p.remote_tun_if_host = "1.1.1.%d" % (ii + 1)
171 p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
172 p.scapy_tun_spi = p.scapy_tun_spi + ii
173 p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
174 p.vpp_tun_spi = p.vpp_tun_spi + ii
175
176 p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
177 p.scapy_tra_spi = p.scapy_tra_spi + ii
178 p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
179 p.vpp_tra_spi = p.vpp_tra_spi + ii
180
181 config_tun_params(p, self.encryption_type, self.tun_if)
182 self.multi_params.append(p)
183
184 p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
185 p.scapy_tun_spi,
186 p.crypt_algo_vpp_id,
187 p.crypt_key, p.crypt_key,
188 p.auth_algo_vpp_id, p.auth_key,
189 p.auth_key)
190 p.tun_if.add_vpp_config()
191 p.tun_if.admin_up()
192 p.tun_if.config_ip4()
193
194 VppIpRoute(self, p.remote_tun_if_host, 32,
195 [VppRoutePath(p.tun_if.remote_ip4,
196 0xffffffff)]).add_vpp_config()
197
198 def tearDown(self):
199 if not self.vpp_dead:
200 self.vapi.cli("show hardware")
201 super(TestIpsec4MultiTunIfEsp, self).tearDown()
202
203 def test_tun_44(self):
204 """Multiple IPSEC tunnel interfaces """
205 for p in self.multi_params:
206 self.verify_tun_44(p, count=127)
207 c = p.tun_if.get_rx_stats()
208 self.assertEqual(c['packets'], 127)
209 c = p.tun_if.get_tx_stats()
210 self.assertEqual(c['packets'], 127)
211
212
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]213class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4):
214 """ IPsec IPv4 Tunnel interface all Algos """
215
216 encryption_type = ESP
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]217 tun4_encrypt_node_name = "esp4-encrypt-tun"
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]218 tun4_decrypt_node_name = "esp4-decrypt"
219
220 def config_network(self, p):
221 config_tun_params(p, self.encryption_type, self.tun_if)
222
223 p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
224 p.scapy_tun_spi,
225 p.crypt_algo_vpp_id,
226 p.crypt_key, p.crypt_key,
227 p.auth_algo_vpp_id, p.auth_key,
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]228 p.auth_key,
229 salt=p.salt)
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]230 p.tun_if.add_vpp_config()
231 p.tun_if.admin_up()
232 p.tun_if.config_ip4()
233 self.logger.info(self.vapi.cli("sh ipsec sa 0"))
234 self.logger.info(self.vapi.cli("sh ipsec sa 1"))
235
236 p.route = VppIpRoute(self, p.remote_tun_if_host, 32,
237 [VppRoutePath(p.tun_if.remote_ip4,
238 0xffffffff)])
239 p.route.add_vpp_config()
240
241 def unconfig_network(self, p):
242 p.tun_if.unconfig_ip4()
243 p.tun_if.remove_vpp_config()
244 p.route.remove_vpp_config()
245
246 def setUp(self):
247 super(TestIpsec4TunIfEspAll, self).setUp()
248
249 self.tun_if = self.pg0
250
251 def tearDown(self):
252 super(TestIpsec4TunIfEspAll, self).tearDown()
253
Neale Rannsd6c9e822019-04-17 16:29:00 -0700[diff] [blame]254 def rekey(self, p):
255 #
256 # change the key and the SPI
257 #
258 p.crypt_key = 'X' + p.crypt_key[1:]
259 p.scapy_tun_spi += 1
260 p.scapy_tun_sa_id += 1
261 p.vpp_tun_spi += 1
262 p.vpp_tun_sa_id += 1
263 p.tun_if.local_spi = p.vpp_tun_spi
264 p.tun_if.remote_spi = p.scapy_tun_spi
265
266 config_tun_params(p, self.encryption_type, self.tun_if)
267
268 p.tun_sa_in = VppIpsecSA(self,
269 p.scapy_tun_sa_id,
270 p.scapy_tun_spi,
271 p.auth_algo_vpp_id,
272 p.auth_key,
273 p.crypt_algo_vpp_id,
274 p.crypt_key,
275 self.vpp_esp_protocol,
276 self.tun_if.local_addr[p.addr_type],
277 self.tun_if.remote_addr[p.addr_type],
278 flags=p.flags,
279 salt=p.salt)
280 p.tun_sa_out = VppIpsecSA(self,
281 p.vpp_tun_sa_id,
282 p.vpp_tun_spi,
283 p.auth_algo_vpp_id,
284 p.auth_key,
285 p.crypt_algo_vpp_id,
286 p.crypt_key,
287 self.vpp_esp_protocol,
288 self.tun_if.remote_addr[p.addr_type],
289 self.tun_if.local_addr[p.addr_type],
290 flags=p.flags,
291 salt=p.salt)
292 p.tun_sa_in.add_vpp_config()
293 p.tun_sa_out.add_vpp_config()
294
295 self.vapi.ipsec_tunnel_if_set_sa(sw_if_index=p.tun_if.sw_if_index,
296 sa_id=p.tun_sa_in.id,
297 is_outbound=1)
298 self.vapi.ipsec_tunnel_if_set_sa(sw_if_index=p.tun_if.sw_if_index,
299 sa_id=p.tun_sa_out.id,
300 is_outbound=0)
301 self.logger.info(self.vapi.cli("sh ipsec sa"))
302
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]303 def test_tun_44(self):
304 """IPSEC tunnel all algos """
305
306 # foreach VPP crypto engine
307 engines = ["ia32", "ipsecmb", "openssl"]
308
309 # foreach crypto algorithm
310 algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
311 IPSEC_API_CRYPTO_ALG_AES_GCM_128),
312 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
313 IPSEC_API_INTEG_ALG_NONE),
314 'scapy-crypto': "AES-GCM",
315 'scapy-integ': "NULL",
316 'key': "JPjyOWBeVEQiMe7h",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]317 'salt': 3333},
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]318 {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
319 IPSEC_API_CRYPTO_ALG_AES_GCM_192),
320 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
321 IPSEC_API_INTEG_ALG_NONE),
322 'scapy-crypto': "AES-GCM",
323 'scapy-integ': "NULL",
324 'key': "JPjyOWBeVEQiMe7hJPjyOWBe",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]325 'salt': 0},
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]326 {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
327 IPSEC_API_CRYPTO_ALG_AES_GCM_256),
328 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
329 IPSEC_API_INTEG_ALG_NONE),
330 'scapy-crypto': "AES-GCM",
331 'scapy-integ': "NULL",
332 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]333 'salt': 9999},
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]334 {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
335 IPSEC_API_CRYPTO_ALG_AES_CBC_128),
336 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
337 IPSEC_API_INTEG_ALG_SHA1_96),
338 'scapy-crypto': "AES-CBC",
339 'scapy-integ': "HMAC-SHA1-96",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]340 'salt': 0,
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]341 'key': "JPjyOWBeVEQiMe7h"},
342 {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
343 IPSEC_API_CRYPTO_ALG_AES_CBC_192),
344 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
345 IPSEC_API_INTEG_ALG_SHA1_96),
346 'scapy-crypto': "AES-CBC",
347 'scapy-integ': "HMAC-SHA1-96",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]348 'salt': 0,
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]349 'key': "JPjyOWBeVEQiMe7hJPjyOWBe"},
350 {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
351 IPSEC_API_CRYPTO_ALG_AES_CBC_256),
352 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
353 IPSEC_API_INTEG_ALG_SHA1_96),
354 'scapy-crypto': "AES-CBC",
355 'scapy-integ': "HMAC-SHA1-96",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]356 'salt': 0,
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]357 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
358
359 for engine in engines:
360 self.vapi.cli("set crypto handler all %s" % engine)
361
362 #
363 # loop through each of the algorithms
364 #
365 for algo in algos:
366 # with self.subTest(algo=algo['scapy']):
367
368 p = copy.copy(self.ipv4_params)
369 p.auth_algo_vpp_id = algo['vpp-integ']
370 p.crypt_algo_vpp_id = algo['vpp-crypto']
371 p.crypt_algo = algo['scapy-crypto']
372 p.auth_algo = algo['scapy-integ']
373 p.crypt_key = algo['key']
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]374 p.salt = algo['salt']
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]375
376 self.config_network(p)
377
378 self.verify_tun_44(p, count=127)
379 c = p.tun_if.get_rx_stats()
380 self.assertEqual(c['packets'], 127)
381 c = p.tun_if.get_tx_stats()
382 self.assertEqual(c['packets'], 127)
383
Neale Rannsd6c9e822019-04-17 16:29:00 -0700[diff] [blame]384 #
385 # rekey the tunnel
386 #
387 self.rekey(p)
388 self.verify_tun_44(p, count=127)
389
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]390 self.unconfig_network(p)
Neale Rannsd6c9e822019-04-17 16:29:00 -0700[diff] [blame]391 p.tun_sa_out.remove_vpp_config()
392 p.tun_sa_in.remove_vpp_config()
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]393
394
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]395class TestIpsec6MultiTunIfEsp(TemplateIpsec, IpsecTun6):
Paul Vinciguerra8feeaff2019-03-27 11:25:48 -0700[diff] [blame]396 """ IPsec IPv6 Multi Tunnel interface """
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]397
398 encryption_type = ESP
Klement Sekera6aa58b72019-05-16 14:34:55 +0200[diff] [blame^]399 tun6_encrypt_node_name = "esp6-encrypt-tun"
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]400 tun6_decrypt_node_name = "esp6-decrypt"
401
402 def setUp(self):
403 super(TestIpsec6MultiTunIfEsp, self).setUp()
404
405 self.tun_if = self.pg0
406
407 self.multi_params = []
408
409 for ii in range(10):
410 p = copy.copy(self.ipv6_params)
411
412 p.remote_tun_if_host = "1111::%d" % (ii + 1)
413 p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
414 p.scapy_tun_spi = p.scapy_tun_spi + ii
415 p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
416 p.vpp_tun_spi = p.vpp_tun_spi + ii
417
418 p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
419 p.scapy_tra_spi = p.scapy_tra_spi + ii
420 p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
421 p.vpp_tra_spi = p.vpp_tra_spi + ii
422
423 config_tun_params(p, self.encryption_type, self.tun_if)
424 self.multi_params.append(p)
425
426 p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
427 p.scapy_tun_spi,
428 p.crypt_algo_vpp_id,
429 p.crypt_key, p.crypt_key,
430 p.auth_algo_vpp_id, p.auth_key,
431 p.auth_key, is_ip6=True)
432 p.tun_if.add_vpp_config()
433 p.tun_if.admin_up()
434 p.tun_if.config_ip6()
435
436 VppIpRoute(self, p.remote_tun_if_host, 128,
437 [VppRoutePath(p.tun_if.remote_ip6,
438 0xffffffff,
439 proto=DpoProto.DPO_PROTO_IP6)],
440 is_ip6=1).add_vpp_config()
441
442 def tearDown(self):
443 if not self.vpp_dead:
444 self.vapi.cli("show hardware")
445 super(TestIpsec6MultiTunIfEsp, self).tearDown()
446
447 def test_tun_66(self):
448 """Multiple IPSEC tunnel interfaces """
449 for p in self.multi_params:
450 self.verify_tun_66(p, count=127)
451 c = p.tun_if.get_rx_stats()
452 self.assertEqual(c['packets'], 127)
453 c = p.tun_if.get_tx_stats()
454 self.assertEqual(c['packets'], 127)
455
456
Neale Rannsf05e7322019-03-29 20:23:58 +0000[diff] [blame]457class TemplateIpsecGRETunIfEsp(TemplateIpsec):
458 """ IPsec GRE tunnel interface tests """
459
460 encryption_type = ESP
461 omac = "00:11:22:33:44:55"
462
463 def gen_encrypt_pkts(self, sa, sw_intf, src, dst, count=1,
464 payload_size=100):
465 return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
466 sa.encrypt(IP(src=self.pg0.remote_ip4,
467 dst=self.pg0.local_ip4) /
468 GRE() /
469 Ether(dst=self.omac) /
470 IP(src="1.1.1.1", dst="1.1.1.2") /
471 UDP(sport=1144, dport=2233) /
472 Raw('X' * payload_size))
473 for i in range(count)]
474
475 def gen_pkts(self, sw_intf, src, dst, count=1,
476 payload_size=100):
477 return [Ether(dst=self.omac) /
478 IP(src="1.1.1.1", dst="1.1.1.2") /
479 UDP(sport=1144, dport=2233) /
480 Raw('X' * payload_size)
481 for i in range(count)]
482
483 def verify_decrypted(self, p, rxs):
484 for rx in rxs:
485 self.assert_equal(rx[Ether].dst, self.omac)
486 self.assert_equal(rx[IP].dst, "1.1.1.2")
487
488 def verify_encrypted(self, p, sa, rxs):
489 for rx in rxs:
490 try:
491 pkt = sa.decrypt(rx[IP])
492 if not pkt.haslayer(IP):
493 pkt = IP(pkt[Raw].load)
494 self.assert_packet_checksums_valid(pkt)
495 self.assert_equal(pkt[IP].dst, self.pg0.remote_ip4)
496 self.assert_equal(pkt[IP].src, self.pg0.local_ip4)
497 self.assertTrue(pkt.haslayer(GRE))
498 e = pkt[Ether]
499 self.assertEqual(e[Ether].dst, self.omac)
500 self.assertEqual(e[IP].dst, "1.1.1.2")
501 except (IndexError, AssertionError):
502 self.logger.debug(ppp("Unexpected packet:", rx))
503 try:
504 self.logger.debug(ppp("Decrypted packet:", pkt))
505 except:
506 pass
507 raise
508
509 def setUp(self):
510 super(TemplateIpsecGRETunIfEsp, self).setUp()
511
512 self.tun_if = self.pg0
513
514 p = self.ipv4_params
515
516 bd1 = VppBridgeDomain(self, 1)
517 bd1.add_vpp_config()
518
519 p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi,
520 p.auth_algo_vpp_id, p.auth_key,
521 p.crypt_algo_vpp_id, p.crypt_key,
522 self.vpp_esp_protocol,
523 self.pg0.local_ip4,
524 self.pg0.remote_ip4)
525 p.tun_sa_out.add_vpp_config()
526
527 p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
528 p.auth_algo_vpp_id, p.auth_key,
529 p.crypt_algo_vpp_id, p.crypt_key,
530 self.vpp_esp_protocol,
531 self.pg0.remote_ip4,
532 self.pg0.local_ip4)
533 p.tun_sa_in.add_vpp_config()
534
535 self.tun = VppIpsecGRETunInterface(self, self.pg0,
536 p.tun_sa_out.id,
537 p.tun_sa_in.id)
538
539 self.tun.add_vpp_config()
540 self.tun.admin_up()
541 self.tun.config_ip4()
542
543 VppIpRoute(self, p.remote_tun_if_host, 32,
544 [VppRoutePath(self.tun.remote_ip4,
545 0xffffffff)]).add_vpp_config()
546 VppBridgeDomainPort(self, bd1, self.tun).add_vpp_config()
547 VppBridgeDomainPort(self, bd1, self.pg1).add_vpp_config()
548
549 def tearDown(self):
550 if not self.vpp_dead:
551 self.vapi.cli("show hardware")
552 self.tun.unconfig_ip4()
553 super(TemplateIpsecGRETunIfEsp, self).tearDown()
554
555
556@unittest.skipIf(is_skip_aarch64_set and is_platform_aarch64,
557 "test doesn't work on aarch64")
558class TestIpsecGRETunIfEsp1(TemplateIpsecGRETunIfEsp, IpsecTun4Tests):
559 """ Ipsec GRE ESP - TUN tests """
560 tun4_encrypt_node_name = "esp4-encrypt"
561 tun4_decrypt_node_name = "esp4-decrypt"
562
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]563if __name__ == '__main__':
564 unittest.main(testRunner=VppTestRunner)