3 from framework import VppTestCase
4 from asfframework import VppTestRunner
5 from template_ipsec import IPsecIPv4Params
6 from vpp_papi import VppEnum
8 from vpp_ipsec import VppIpsecSA
11 class IpsecApiTestCase(VppTestCase):
18 super(IpsecApiTestCase, cls).setUpClass()
21 def tearDownClass(cls):
22 super(IpsecApiTestCase, cls).tearDownClass()
25 super(IpsecApiTestCase, self).setUp()
26 self.create_pg_interfaces([0])
30 self.vpp_esp_protocol = VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_ESP
31 self.vpp_ah_protocol = VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_AH
32 self.ipv4_params = IPsecIPv4Params()
35 self.pg0.unconfig_ip4()
37 super(IpsecApiTestCase, self).tearDown()
39 def test_backend_dump(self):
41 d = self.vapi.ipsec_backend_dump()
42 self.assert_equal(len(d), 2, "number of ipsec backends in dump")
44 d[0].protocol, self.vpp_ah_protocol, "ipsec protocol in dump entry"
46 self.assert_equal(d[0].index, 0, "index in dump entry")
47 self.assert_equal(d[0].active, 1, "active flag in dump entry")
49 d[1].protocol, self.vpp_esp_protocol, "ipsec protocol in dump entry"
51 self.assert_equal(d[1].index, 0, "index in dump entry")
52 self.assert_equal(d[1].active, 1, "active flag in dump entry")
54 def test_select_valid_backend(self):
55 """select valid backend"""
56 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 0)
57 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 0)
59 def test_select_invalid_backend(self):
60 """select invalid backend"""
61 with self.vapi.assert_negative_api_retval():
62 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 200)
63 with self.vapi.assert_negative_api_retval():
64 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 200)
66 def test_select_backend_in_use(self):
67 """attempt to change backend while sad configured"""
68 params = self.ipv4_params
69 addr_type = params.addr_type
70 is_ipv6 = params.is_ipv6
71 scapy_tun_sa_id = params.scapy_tun_sa_id
72 scapy_tun_spi = params.scapy_tun_spi
73 auth_algo_vpp_id = params.auth_algo_vpp_id
74 auth_key = params.auth_key
75 crypt_algo_vpp_id = params.crypt_algo_vpp_id
76 crypt_key = params.crypt_key
78 self.vapi.ipsec_sad_entry_add_del(
81 "sad_id": scapy_tun_sa_id,
83 "integrity_algorithm": auth_algo_vpp_id,
86 "length": len(auth_key),
88 "crypto_algorithm": crypt_algo_vpp_id,
91 "length": len(crypt_key),
93 "protocol": self.vpp_ah_protocol,
94 "tunnel_src": self.pg0.local_addr[addr_type],
95 "tunnel_dst": self.pg0.remote_addr[addr_type],
98 with self.vapi.assert_negative_api_retval():
99 self.vapi.ipsec_select_backend(protocol=self.vpp_ah_protocol, index=0)
101 self.vapi.ipsec_sad_entry_add_del(
104 "sad_id": scapy_tun_sa_id,
105 "spi": scapy_tun_spi,
106 "integrity_algorithm": auth_algo_vpp_id,
109 "length": len(auth_key),
111 "crypto_algorithm": crypt_algo_vpp_id,
114 "length": len(crypt_key),
116 "protocol": self.vpp_ah_protocol,
117 "tunnel_src": self.pg0.local_addr[addr_type],
118 "tunnel_dst": self.pg0.remote_addr[addr_type],
121 self.vapi.ipsec_select_backend(protocol=self.vpp_ah_protocol, index=0)
123 def __check_sa_binding(self, sa_id, thread_index):
125 sa_dumps = self.vapi.ipsec_sa_v5_dump()
126 for dump in sa_dumps:
127 if dump.entry.sad_id == sa_id:
128 self.assertEqual(dump.thread_index, thread_index)
133 self.fail("SA not found in VPP")
135 def test_sa_worker_bind(self):
136 """Bind an SA to a worker"""
139 self.ipv4_params.scapy_tun_sa_id,
140 self.ipv4_params.scapy_tun_spi,
141 self.ipv4_params.auth_algo_vpp_id,
142 self.ipv4_params.auth_key,
143 self.ipv4_params.crypt_algo_vpp_id,
144 self.ipv4_params.crypt_key,
145 VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_ESP,
149 self.__check_sa_binding(sa.id, 0xFFFF)
151 self.vapi.ipsec_sad_bind(sa_id=sa.id, worker=1)
153 self.__check_sa_binding(sa.id, 2)
155 sa.remove_vpp_config()
158 if __name__ == "__main__":
159 unittest.main(testRunner=VppTestRunner)