Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 7cd368f7be4ff0eb06e0b4975e7c2695ad788b44 / . / test / test_ipsec_esp.py
blob: 58d159a721330f2eaa9ea27cbc7909aba43b011d [file] [log] [blame]
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]1import socket
Klement Sekera28fb03f2018-04-17 11:36:55 +0200[diff] [blame]2import unittest
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]3from scapy.layers.ipsec import ESP
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]4
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]5from framework import VppTestRunner
6from template_ipsec import IpsecTraTests, IpsecTunTests
7from template_ipsec import TemplateIpsec, IpsecTcpTests
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]8
9
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]10class TemplateIpsecEsp(TemplateIpsec):
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]11 """
12 Basic test for ipsec esp sanity - tunnel and transport modes.
13
14 Below 4 cases are covered as part of this test
15 1) ipsec esp v4 transport basic test - IPv4 Transport mode
16 scenario using HMAC-SHA1-96 intergrity algo
17 2) ipsec esp v4 transport burst test
18 Above test for 257 pkts
19 3) ipsec esp 4o4 tunnel basic test - IPv4 Tunnel mode
20 scenario using HMAC-SHA1-96 intergrity algo
21 4) ipsec esp 4o4 tunnel burst test
22 Above test for 257 pkts
23
24 TRANSPORT MODE:
25
26 --- encrypt ---
27 |pg2| <-------> |VPP|
28 --- decrypt ---
29
30 TUNNEL MODE:
31
32 --- encrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +0200[diff] [blame]33 |pg0| <------- |VPP| <------ |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]34 --- --- ---
35
36 --- decrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +0200[diff] [blame]37 |pg0| -------> |VPP| ------> |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]38 --- --- ---
39
40 Note : IPv6 is not covered
41 """
42
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]43 encryption_type = ESP
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]44
45 @classmethod
46 def setUpClass(cls):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]47 super(TemplateIpsecEsp, cls).setUpClass()
48 cls.tun_if = cls.pg0
49 cls.tra_if = cls.pg2
50 cls.logger.info(cls.vapi.ppcli("show int addr"))
51 cls.config_esp_tra()
52 cls.logger.info(cls.vapi.ppcli("show ipsec"))
53 cls.config_esp_tun()
54 cls.logger.info(cls.vapi.ppcli("show ipsec"))
55 src4 = socket.inet_pton(socket.AF_INET, cls.remote_tun_if_host)
56 cls.vapi.ip_add_del_route(src4, 32, cls.tun_if.remote_ip4n)
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]57
58 @classmethod
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]59 def config_esp_tun(cls):
60 cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tun_sa_id,
61 cls.scapy_tun_spi,
62 cls.auth_algo_vpp_id, cls.auth_key,
63 cls.crypt_algo_vpp_id,
64 cls.crypt_key, cls.vpp_esp_protocol,
65 cls.tun_if.local_ip4n,
66 cls.tun_if.remote_ip4n)
67 cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tun_sa_id,
68 cls.vpp_tun_spi,
69 cls.auth_algo_vpp_id, cls.auth_key,
70 cls.crypt_algo_vpp_id,
71 cls.crypt_key, cls.vpp_esp_protocol,
72 cls.tun_if.remote_ip4n,
73 cls.tun_if.local_ip4n)
74 cls.vapi.ipsec_spd_add_del(cls.tun_spd_id)
75 cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id,
76 cls.tun_if.sw_if_index)
77 l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET,
78 "0.0.0.0")
79 l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET,
80 "255.255.255.255")
81 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
82 l_startaddr, l_stopaddr, r_startaddr,
83 r_stopaddr,
84 protocol=socket.IPPROTO_ESP)
85 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
86 l_startaddr, l_stopaddr, r_startaddr,
87 r_stopaddr, is_outbound=0,
88 protocol=socket.IPPROTO_ESP)
89 l_startaddr = l_stopaddr = socket.inet_pton(socket.AF_INET,
90 cls.remote_tun_if_host)
91 r_startaddr = r_stopaddr = cls.pg1.remote_ip4n
92 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
93 l_startaddr, l_stopaddr, r_startaddr,
94 r_stopaddr, priority=10, policy=3,
95 is_outbound=0)
96 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
97 r_startaddr, r_stopaddr, l_startaddr,
98 l_stopaddr, priority=10, policy=3)
99 l_startaddr = l_stopaddr = socket.inet_pton(socket.AF_INET,
100 cls.remote_tun_if_host)
101 r_startaddr = r_stopaddr = cls.pg0.local_ip4n
102 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
103 l_startaddr, l_stopaddr, r_startaddr,
104 r_stopaddr, priority=20, policy=3,
105 is_outbound=0)
106 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
107 r_startaddr, r_stopaddr, l_startaddr,
108 l_stopaddr, priority=20, policy=3)
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]109
110 @classmethod
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]111 def config_esp_tra(cls):
112 cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tra_sa_id,
113 cls.scapy_tra_spi,
114 cls.auth_algo_vpp_id, cls.auth_key,
115 cls.crypt_algo_vpp_id,
116 cls.crypt_key, cls.vpp_esp_protocol,
117 is_tunnel=0)
118 cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tra_sa_id,
119 cls.vpp_tra_spi,
120 cls.auth_algo_vpp_id, cls.auth_key,
121 cls.crypt_algo_vpp_id,
122 cls.crypt_key, cls.vpp_esp_protocol,
123 is_tunnel=0)
124 cls.vapi.ipsec_spd_add_del(cls.tra_spd_id)
125 cls.vapi.ipsec_interface_add_del_spd(cls.tra_spd_id,
126 cls.tra_if.sw_if_index)
127 l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET,
128 "0.0.0.0")
129 l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET,
130 "255.255.255.255")
131 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
132 l_startaddr, l_stopaddr, r_startaddr,
133 r_stopaddr,
134 protocol=socket.IPPROTO_ESP)
135 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
136 l_startaddr, l_stopaddr, r_startaddr,
137 r_stopaddr, is_outbound=0,
138 protocol=socket.IPPROTO_ESP)
139 l_startaddr = l_stopaddr = cls.tra_if.local_ip4n
140 r_startaddr = r_stopaddr = cls.tra_if.remote_ip4n
141 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
142 l_startaddr, l_stopaddr, r_startaddr,
143 r_stopaddr, priority=10, policy=3,
144 is_outbound=0)
145 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.scapy_tra_sa_id,
146 l_startaddr, l_stopaddr, r_startaddr,
147 r_stopaddr, priority=10, policy=3)
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]148
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]149
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]150class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
151 """ Ipsec ESP - TUN & TRA tests """
152 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]153
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]154
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]155class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):
156 """ Ipsec ESP - TCP tests """
157 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]158
159
160if __name__ == '__main__':
161 unittest.main(testRunner=VppTestRunner)