3 from framework import VppTestCase, VppTestRunner
4 from template_ipsec import TemplateIpsec, IPsecIPv4Params
5 from vpp_papi import VppEnum
7 from vpp_ipsec import VppIpsecSA
10 class IpsecApiTestCase(VppTestCase):
17 super(IpsecApiTestCase, cls).setUpClass()
20 def tearDownClass(cls):
21 super(IpsecApiTestCase, cls).tearDownClass()
24 super(IpsecApiTestCase, self).setUp()
25 self.create_pg_interfaces([0])
29 self.vpp_esp_protocol = VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_ESP
30 self.vpp_ah_protocol = VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_AH
31 self.ipv4_params = IPsecIPv4Params()
34 self.pg0.unconfig_ip4()
36 super(IpsecApiTestCase, self).tearDown()
38 def test_backend_dump(self):
40 d = self.vapi.ipsec_backend_dump()
41 self.assert_equal(len(d), 2, "number of ipsec backends in dump")
43 d[0].protocol, self.vpp_ah_protocol, "ipsec protocol in dump entry"
45 self.assert_equal(d[0].index, 0, "index in dump entry")
46 self.assert_equal(d[0].active, 1, "active flag in dump entry")
48 d[1].protocol, self.vpp_esp_protocol, "ipsec protocol in dump entry"
50 self.assert_equal(d[1].index, 0, "index in dump entry")
51 self.assert_equal(d[1].active, 1, "active flag in dump entry")
53 def test_select_valid_backend(self):
54 """select valid backend"""
55 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 0)
56 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 0)
58 def test_select_invalid_backend(self):
59 """select invalid backend"""
60 with self.vapi.assert_negative_api_retval():
61 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 200)
62 with self.vapi.assert_negative_api_retval():
63 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 200)
65 def test_select_backend_in_use(self):
66 """attempt to change backend while sad configured"""
67 params = self.ipv4_params
68 addr_type = params.addr_type
69 is_ipv6 = params.is_ipv6
70 scapy_tun_sa_id = params.scapy_tun_sa_id
71 scapy_tun_spi = params.scapy_tun_spi
72 auth_algo_vpp_id = params.auth_algo_vpp_id
73 auth_key = params.auth_key
74 crypt_algo_vpp_id = params.crypt_algo_vpp_id
75 crypt_key = params.crypt_key
77 self.vapi.ipsec_sad_entry_add_del(
80 "sad_id": scapy_tun_sa_id,
82 "integrity_algorithm": auth_algo_vpp_id,
85 "length": len(auth_key),
87 "crypto_algorithm": crypt_algo_vpp_id,
90 "length": len(crypt_key),
92 "protocol": self.vpp_ah_protocol,
93 "tunnel_src": self.pg0.local_addr[addr_type],
94 "tunnel_dst": self.pg0.remote_addr[addr_type],
97 with self.vapi.assert_negative_api_retval():
98 self.vapi.ipsec_select_backend(protocol=self.vpp_ah_protocol, index=0)
100 self.vapi.ipsec_sad_entry_add_del(
103 "sad_id": scapy_tun_sa_id,
104 "spi": scapy_tun_spi,
105 "integrity_algorithm": auth_algo_vpp_id,
108 "length": len(auth_key),
110 "crypto_algorithm": crypt_algo_vpp_id,
113 "length": len(crypt_key),
115 "protocol": self.vpp_ah_protocol,
116 "tunnel_src": self.pg0.local_addr[addr_type],
117 "tunnel_dst": self.pg0.remote_addr[addr_type],
120 self.vapi.ipsec_select_backend(protocol=self.vpp_ah_protocol, index=0)
122 def __check_sa_binding(self, sa_id, thread_index):
124 sa_dumps = self.vapi.ipsec_sa_v4_dump()
125 for dump in sa_dumps:
126 if dump.entry.sad_id == sa_id:
127 self.assertEqual(dump.thread_index, thread_index)
132 self.fail("SA not found in VPP")
134 def test_sa_worker_bind(self):
135 """Bind an SA to a worker"""
138 self.ipv4_params.scapy_tun_sa_id,
139 self.ipv4_params.scapy_tun_spi,
140 self.ipv4_params.auth_algo_vpp_id,
141 self.ipv4_params.auth_key,
142 self.ipv4_params.crypt_algo_vpp_id,
143 self.ipv4_params.crypt_key,
144 VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_ESP,
148 self.__check_sa_binding(sa.id, 0xFFFF)
150 self.vapi.ipsec_sad_bind(sa_id=sa.id, worker=1)
152 self.__check_sa_binding(sa.id, 2)
154 sa.remove_vpp_config()
157 if __name__ == "__main__":
158 unittest.main(testRunner=VppTestRunner)