Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 6d0106e44e7dff2c9ef0f7052c4023245e9023a8 / . / test / test_ipsec_esp.py
blob: 96e4833621a9767077cc4077c20b404ac1a5f752 [file] [log] [blame]
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]1import socket
Klement Sekera28fb03f2018-04-17 11:36:55 +0200[diff] [blame]2import unittest
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]3from scapy.layers.ipsec import ESP
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]4
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]5from framework import VppTestRunner
6from template_ipsec import IpsecTraTests, IpsecTunTests
7from template_ipsec import TemplateIpsec, IpsecTcpTests
Klement Sekerabf613952019-01-29 11:38:08 +0100[diff] [blame]8from vpp_ipsec import VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSA,\
9 VppIpsecSpdItfBinding
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]10from vpp_ip_route import VppIpRoute, VppRoutePath
11from vpp_ip import DpoProto
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]12
13
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]14class TemplateIpsecEsp(TemplateIpsec):
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]15 """
16 Basic test for ipsec esp sanity - tunnel and transport modes.
17
18 Below 4 cases are covered as part of this test
19 1) ipsec esp v4 transport basic test - IPv4 Transport mode
20 scenario using HMAC-SHA1-96 intergrity algo
21 2) ipsec esp v4 transport burst test
22 Above test for 257 pkts
23 3) ipsec esp 4o4 tunnel basic test - IPv4 Tunnel mode
24 scenario using HMAC-SHA1-96 intergrity algo
25 4) ipsec esp 4o4 tunnel burst test
26 Above test for 257 pkts
27
28 TRANSPORT MODE:
29
30 --- encrypt ---
31 |pg2| <-------> |VPP|
32 --- decrypt ---
33
34 TUNNEL MODE:
35
36 --- encrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +0200[diff] [blame]37 |pg0| <------- |VPP| <------ |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]38 --- --- ---
39
40 --- decrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +0200[diff] [blame]41 |pg0| -------> |VPP| ------> |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]42 --- --- ---
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]43 """
44
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]45 def setUp(self):
46 super(TemplateIpsecEsp, self).setUp()
47 self.encryption_type = ESP
48 self.tun_if = self.pg0
49 self.tra_if = self.pg2
50 self.logger.info(self.vapi.ppcli("show int addr"))
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]51
52 self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
53 self.tra_spd.add_vpp_config()
54 VppIpsecSpdItfBinding(self, self.tra_spd,
55 self.tra_if).add_vpp_config()
56
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]57 for _, p in self.params.items():
58 self.config_esp_tra(p)
59 self.configure_sa_tra(p)
60 self.logger.info(self.vapi.ppcli("show ipsec"))
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]61
62 self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
63 self.tun_spd.add_vpp_config()
64 VppIpsecSpdItfBinding(self, self.tun_spd,
65 self.tun_if).add_vpp_config()
66
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]67 for _, p in self.params.items():
68 self.config_esp_tun(p)
69 self.logger.info(self.vapi.ppcli("show ipsec"))
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]70
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]71 for _, p in self.params.items():
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]72 d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4
73 VppIpRoute(self, p.remote_tun_if_host, p.addr_len,
74 [VppRoutePath(self.tun_if.remote_addr[p.addr_type],
75 0xffffffff,
76 proto=d)],
77 is_ip6=p.is_ipv6).add_vpp_config()
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]78
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]79 def tearDown(self):
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]80 super(TemplateIpsecEsp, self).tearDown()
81 if not self.vpp_dead:
82 self.vapi.cli("show hardware")
83
84 def config_esp_tun(self, params):
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]85 addr_type = params.addr_type
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]86 scapy_tun_sa_id = params.scapy_tun_sa_id
87 scapy_tun_spi = params.scapy_tun_spi
88 vpp_tun_sa_id = params.vpp_tun_sa_id
89 vpp_tun_spi = params.vpp_tun_spi
90 auth_algo_vpp_id = params.auth_algo_vpp_id
91 auth_key = params.auth_key
92 crypt_algo_vpp_id = params.crypt_algo_vpp_id
93 crypt_key = params.crypt_key
94 remote_tun_if_host = params.remote_tun_if_host
95 addr_any = params.addr_any
96 addr_bcast = params.addr_bcast
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]97
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]98 VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
99 auth_algo_vpp_id, auth_key,
100 crypt_algo_vpp_id, crypt_key,
101 self.vpp_esp_protocol,
102 self.tun_if.local_addr[addr_type],
103 self.tun_if.remote_addr[addr_type]).add_vpp_config()
104 VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
105 auth_algo_vpp_id, auth_key,
106 crypt_algo_vpp_id, crypt_key,
107 self.vpp_esp_protocol,
108 self.tun_if.remote_addr[addr_type],
109 self.tun_if.local_addr[addr_type]).add_vpp_config()
110
111 VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
112 addr_any, addr_bcast,
113 addr_any, addr_bcast,
114 socket.IPPROTO_ESP).add_vpp_config()
115 VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
116 addr_any, addr_bcast,
117 addr_any, addr_bcast,
118 socket.IPPROTO_ESP,
119 is_outbound=0).add_vpp_config()
120
121 VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
122 remote_tun_if_host, remote_tun_if_host,
123 self.pg1.remote_addr[addr_type],
124 self.pg1.remote_addr[addr_type],
125 0,
126 priority=10, policy=3,
127 is_outbound=0).add_vpp_config()
128 VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
129 self.pg1.remote_addr[addr_type],
130 self.pg1.remote_addr[addr_type],
131 remote_tun_if_host, remote_tun_if_host,
132 0,
133 priority=10, policy=3).add_vpp_config()
134
135 VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
136 remote_tun_if_host, remote_tun_if_host,
137 self.pg0.local_addr[addr_type],
138 self.pg0.local_addr[addr_type],
139 0,
140 priority=20, policy=3,
141 is_outbound=0).add_vpp_config()
142 VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
143 self.pg0.local_addr[addr_type],
144 self.pg0.local_addr[addr_type],
145 remote_tun_if_host, remote_tun_if_host,
146 0,
147 priority=20, policy=3).add_vpp_config()
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]148
149 def config_esp_tra(self, params):
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]150 addr_type = params.addr_type
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]151 scapy_tra_sa_id = params.scapy_tra_sa_id
152 scapy_tra_spi = params.scapy_tra_spi
153 vpp_tra_sa_id = params.vpp_tra_sa_id
154 vpp_tra_spi = params.vpp_tra_spi
155 auth_algo_vpp_id = params.auth_algo_vpp_id
156 auth_key = params.auth_key
157 crypt_algo_vpp_id = params.crypt_algo_vpp_id
158 crypt_key = params.crypt_key
159 addr_any = params.addr_any
160 addr_bcast = params.addr_bcast
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]161
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]162 VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
163 auth_algo_vpp_id, auth_key,
164 crypt_algo_vpp_id, crypt_key,
165 self.vpp_esp_protocol,
166 use_anti_replay=1).add_vpp_config()
167 VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
168 auth_algo_vpp_id, auth_key,
169 crypt_algo_vpp_id, crypt_key,
170 self.vpp_esp_protocol,
171 use_anti_replay=1).add_vpp_config()
172
173 VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
174 addr_any, addr_bcast,
175 addr_any, addr_bcast,
176 socket.IPPROTO_ESP).add_vpp_config()
177 VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
178 addr_any, addr_bcast,
179 addr_any, addr_bcast,
180 socket.IPPROTO_ESP,
181 is_outbound=0).add_vpp_config()
182
183 VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
184 self.tra_if.local_addr[addr_type],
185 self.tra_if.local_addr[addr_type],
186 self.tra_if.remote_addr[addr_type],
187 self.tra_if.remote_addr[addr_type],
188 0, priority=10, policy=3,
189 is_outbound=0).add_vpp_config()
190 VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id,
191 self.tra_if.local_addr[addr_type],
192 self.tra_if.local_addr[addr_type],
193 self.tra_if.remote_addr[addr_type],
194 self.tra_if.remote_addr[addr_type],
195 0, priority=10, policy=3).add_vpp_config()
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]196
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]197
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]198class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
199 """ Ipsec ESP - TUN & TRA tests """
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]200 tra4_encrypt_node_name = "esp4-encrypt"
201 tra4_decrypt_node_name = "esp4-decrypt"
202 tra6_encrypt_node_name = "esp6-encrypt"
203 tra6_decrypt_node_name = "esp6-decrypt"
204 tun4_encrypt_node_name = "esp4-encrypt"
205 tun4_decrypt_node_name = "esp4-decrypt"
206 tun6_encrypt_node_name = "esp6-encrypt"
207 tun6_decrypt_node_name = "esp6-decrypt"
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]208
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]209
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]210class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):
211 """ Ipsec ESP - TCP tests """
212 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]213
214
215if __name__ == '__main__':
216 unittest.main(testRunner=VppTestRunner)