Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 8e843bbf40aa2bd21f6d7fef02c4230ea66c3bdd / . / test / test_ipsec_tun_if_esp.py
blob: ac96cfb9cc4aa2226e6741d167b74cadf4841ed4 [file] [log] [blame]
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]1import unittest
2import socket
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]3import copy
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]4from scapy.layers.ipsec import ESP
5from framework import VppTestRunner
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]6from template_ipsec import TemplateIpsec, IpsecTun4Tests, IpsecTun6Tests, \
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]7 IpsecTun4, IpsecTun6, IpsecTcpTests, config_tun_params
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]8from vpp_ipsec_tun_interface import VppIpsecTunInterface
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]9from vpp_ip_route import VppIpRoute, VppRoutePath, DpoProto
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]10
11
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]12class TemplateIpsec4TunIfEsp(TemplateIpsec):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]13 """ IPsec tunnel interface tests """
14
15 encryption_type = ESP
16
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]17 def setUp(self):
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]18 super(TemplateIpsec4TunIfEsp, self).setUp()
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]19
20 self.tun_if = self.pg0
21
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]22 p = self.ipv4_params
23 tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
24 p.scapy_tun_spi, p.crypt_algo_vpp_id,
25 p.crypt_key, p.crypt_key,
26 p.auth_algo_vpp_id, p.auth_key,
27 p.auth_key)
28 tun_if.add_vpp_config()
29 tun_if.admin_up()
30 tun_if.config_ip4()
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]31
32 VppIpRoute(self, p.remote_tun_if_host, 32,
33 [VppRoutePath(tun_if.remote_ip4,
34 0xffffffff)]).add_vpp_config()
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]35
36 def tearDown(self):
37 if not self.vpp_dead:
38 self.vapi.cli("show hardware")
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]39 super(TemplateIpsec4TunIfEsp, self).tearDown()
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]40
41
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]42class TestIpsec4TunIfEsp1(TemplateIpsec4TunIfEsp, IpsecTun4Tests):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]43 """ Ipsec ESP - TUN tests """
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]44 tun4_encrypt_node_name = "esp4-encrypt"
45 tun4_decrypt_node_name = "esp4-decrypt"
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]46
47
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]48class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]49 """ Ipsec ESP - TCP tests """
50 pass
51
52
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]53class TemplateIpsec6TunIfEsp(TemplateIpsec):
54 """ IPsec tunnel interface tests """
55
56 encryption_type = ESP
57
58 def setUp(self):
59 super(TemplateIpsec6TunIfEsp, self).setUp()
60
61 self.tun_if = self.pg0
62
63 p = self.ipv6_params
64 tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
65 p.scapy_tun_spi, p.crypt_algo_vpp_id,
66 p.crypt_key, p.crypt_key,
67 p.auth_algo_vpp_id, p.auth_key,
68 p.auth_key, is_ip6=True)
69 tun_if.add_vpp_config()
70 tun_if.admin_up()
71 tun_if.config_ip6()
72
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]73 VppIpRoute(self, p.remote_tun_if_host, 128,
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400[diff] [blame]74 [VppRoutePath(tun_if.remote_ip6,
75 0xffffffff,
76 proto=DpoProto.DPO_PROTO_IP6)],
77 is_ip6=1).add_vpp_config()
78
79 def tearDown(self):
80 if not self.vpp_dead:
81 self.vapi.cli("show hardware")
82 super(TemplateIpsec6TunIfEsp, self).tearDown()
83
84
85class TestIpsec6TunIfEsp1(TemplateIpsec6TunIfEsp, IpsecTun6Tests):
86 """ Ipsec ESP - TUN tests """
87 tun6_encrypt_node_name = "esp6-encrypt"
88 tun6_decrypt_node_name = "esp6-decrypt"
89
90
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]91class TestIpsec4MultiTunIfEsp(TemplateIpsec, IpsecTun4):
92 """ IPsec IPv4 Multi Tunnel interface """
93
94 encryption_type = ESP
95 tun4_encrypt_node_name = "esp4-encrypt"
96 tun4_decrypt_node_name = "esp4-decrypt"
97
98 def setUp(self):
99 super(TestIpsec4MultiTunIfEsp, self).setUp()
100
101 self.tun_if = self.pg0
102
103 self.multi_params = []
104
105 for ii in range(10):
106 p = copy.copy(self.ipv4_params)
107
108 p.remote_tun_if_host = "1.1.1.%d" % (ii + 1)
109 p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
110 p.scapy_tun_spi = p.scapy_tun_spi + ii
111 p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
112 p.vpp_tun_spi = p.vpp_tun_spi + ii
113
114 p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
115 p.scapy_tra_spi = p.scapy_tra_spi + ii
116 p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
117 p.vpp_tra_spi = p.vpp_tra_spi + ii
118
119 config_tun_params(p, self.encryption_type, self.tun_if)
120 self.multi_params.append(p)
121
122 p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
123 p.scapy_tun_spi,
124 p.crypt_algo_vpp_id,
125 p.crypt_key, p.crypt_key,
126 p.auth_algo_vpp_id, p.auth_key,
127 p.auth_key)
128 p.tun_if.add_vpp_config()
129 p.tun_if.admin_up()
130 p.tun_if.config_ip4()
131
132 VppIpRoute(self, p.remote_tun_if_host, 32,
133 [VppRoutePath(p.tun_if.remote_ip4,
134 0xffffffff)]).add_vpp_config()
135
136 def tearDown(self):
137 if not self.vpp_dead:
138 self.vapi.cli("show hardware")
139 super(TestIpsec4MultiTunIfEsp, self).tearDown()
140
141 def test_tun_44(self):
142 """Multiple IPSEC tunnel interfaces """
143 for p in self.multi_params:
144 self.verify_tun_44(p, count=127)
145 c = p.tun_if.get_rx_stats()
146 self.assertEqual(c['packets'], 127)
147 c = p.tun_if.get_tx_stats()
148 self.assertEqual(c['packets'], 127)
149
150
151class TestIpsec6MultiTunIfEsp(TemplateIpsec, IpsecTun6):
152 """ IPsec IPv6 Muitli Tunnel interface """
153
154 encryption_type = ESP
155 tun6_encrypt_node_name = "esp6-encrypt"
156 tun6_decrypt_node_name = "esp6-decrypt"
157
158 def setUp(self):
159 super(TestIpsec6MultiTunIfEsp, self).setUp()
160
161 self.tun_if = self.pg0
162
163 self.multi_params = []
164
165 for ii in range(10):
166 p = copy.copy(self.ipv6_params)
167
168 p.remote_tun_if_host = "1111::%d" % (ii + 1)
169 p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
170 p.scapy_tun_spi = p.scapy_tun_spi + ii
171 p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
172 p.vpp_tun_spi = p.vpp_tun_spi + ii
173
174 p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
175 p.scapy_tra_spi = p.scapy_tra_spi + ii
176 p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
177 p.vpp_tra_spi = p.vpp_tra_spi + ii
178
179 config_tun_params(p, self.encryption_type, self.tun_if)
180 self.multi_params.append(p)
181
182 p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
183 p.scapy_tun_spi,
184 p.crypt_algo_vpp_id,
185 p.crypt_key, p.crypt_key,
186 p.auth_algo_vpp_id, p.auth_key,
187 p.auth_key, is_ip6=True)
188 p.tun_if.add_vpp_config()
189 p.tun_if.admin_up()
190 p.tun_if.config_ip6()
191
192 VppIpRoute(self, p.remote_tun_if_host, 128,
193 [VppRoutePath(p.tun_if.remote_ip6,
194 0xffffffff,
195 proto=DpoProto.DPO_PROTO_IP6)],
196 is_ip6=1).add_vpp_config()
197
198 def tearDown(self):
199 if not self.vpp_dead:
200 self.vapi.cli("show hardware")
201 super(TestIpsec6MultiTunIfEsp, self).tearDown()
202
203 def test_tun_66(self):
204 """Multiple IPSEC tunnel interfaces """
205 for p in self.multi_params:
206 self.verify_tun_66(p, count=127)
207 c = p.tun_if.get_rx_stats()
208 self.assertEqual(c['packets'], 127)
209 c = p.tun_if.get_tx_stats()
210 self.assertEqual(c['packets'], 127)
211
212
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]213if __name__ == '__main__':
214 unittest.main(testRunner=VppTestRunner)