3 from scapy.layers.ipsec import ESP
5 from framework import VppTestRunner
6 from template_ipsec import IpsecTraTests, IpsecTunTests
7 from template_ipsec import TemplateIpsec, IpsecTcpTests
10 class TemplateIpsecEsp(TemplateIpsec):
12 Basic test for ipsec esp sanity - tunnel and transport modes.
14 Below 4 cases are covered as part of this test
15 1) ipsec esp v4 transport basic test - IPv4 Transport mode
16 scenario using HMAC-SHA1-96 intergrity algo
17 2) ipsec esp v4 transport burst test
18 Above test for 257 pkts
19 3) ipsec esp 4o4 tunnel basic test - IPv4 Tunnel mode
20 scenario using HMAC-SHA1-96 intergrity algo
21 4) ipsec esp 4o4 tunnel burst test
22 Above test for 257 pkts
32 --- encrypt --- plain ---
33 |pg0| <------- |VPP| <------ |pg1|
36 --- decrypt --- plain ---
37 |pg0| -------> |VPP| ------> |pg1|
40 Note : IPv6 is not covered
47 super(TemplateIpsecEsp, cls).setUpClass()
50 cls.logger.info(cls.vapi.ppcli("show int addr"))
52 cls.logger.info(cls.vapi.ppcli("show ipsec"))
54 cls.logger.info(cls.vapi.ppcli("show ipsec"))
55 src4 = socket.inet_pton(socket.AF_INET, cls.remote_tun_if_host)
56 cls.vapi.ip_add_del_route(src4, 32, cls.tun_if.remote_ip4n)
59 def config_esp_tun(cls):
60 cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tun_sa_id,
62 cls.auth_algo_vpp_id, cls.auth_key,
63 cls.crypt_algo_vpp_id,
64 cls.crypt_key, cls.vpp_esp_protocol,
65 cls.tun_if.local_ip4n,
66 cls.tun_if.remote_ip4n)
67 cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tun_sa_id,
69 cls.auth_algo_vpp_id, cls.auth_key,
70 cls.crypt_algo_vpp_id,
71 cls.crypt_key, cls.vpp_esp_protocol,
72 cls.tun_if.remote_ip4n,
73 cls.tun_if.local_ip4n)
74 cls.vapi.ipsec_spd_add_del(cls.tun_spd_id)
75 cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id,
76 cls.tun_if.sw_if_index)
77 l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET,
79 l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET,
81 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
82 l_startaddr, l_stopaddr, r_startaddr,
84 protocol=socket.IPPROTO_ESP)
85 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
86 l_startaddr, l_stopaddr, r_startaddr,
87 r_stopaddr, is_outbound=0,
88 protocol=socket.IPPROTO_ESP)
89 l_startaddr = l_stopaddr = socket.inet_pton(socket.AF_INET,
90 cls.remote_tun_if_host)
91 r_startaddr = r_stopaddr = cls.pg1.remote_ip4n
92 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
93 l_startaddr, l_stopaddr, r_startaddr,
94 r_stopaddr, priority=10, policy=3,
96 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
97 r_startaddr, r_stopaddr, l_startaddr,
98 l_stopaddr, priority=10, policy=3)
99 l_startaddr = l_stopaddr = socket.inet_pton(socket.AF_INET,
100 cls.remote_tun_if_host)
101 r_startaddr = r_stopaddr = cls.pg0.local_ip4n
102 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
103 l_startaddr, l_stopaddr, r_startaddr,
104 r_stopaddr, priority=20, policy=3,
106 cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
107 r_startaddr, r_stopaddr, l_startaddr,
108 l_stopaddr, priority=20, policy=3)
111 def config_esp_tra(cls):
112 cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tra_sa_id,
114 cls.auth_algo_vpp_id, cls.auth_key,
115 cls.crypt_algo_vpp_id,
116 cls.crypt_key, cls.vpp_esp_protocol,
118 cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tra_sa_id,
120 cls.auth_algo_vpp_id, cls.auth_key,
121 cls.crypt_algo_vpp_id,
122 cls.crypt_key, cls.vpp_esp_protocol,
124 cls.vapi.ipsec_spd_add_del(cls.tra_spd_id)
125 cls.vapi.ipsec_interface_add_del_spd(cls.tra_spd_id,
126 cls.tra_if.sw_if_index)
127 l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET,
129 l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET,
131 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
132 l_startaddr, l_stopaddr, r_startaddr,
134 protocol=socket.IPPROTO_ESP)
135 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
136 l_startaddr, l_stopaddr, r_startaddr,
137 r_stopaddr, is_outbound=0,
138 protocol=socket.IPPROTO_ESP)
139 l_startaddr = l_stopaddr = cls.tra_if.local_ip4n
140 r_startaddr = r_stopaddr = cls.tra_if.remote_ip4n
141 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
142 l_startaddr, l_stopaddr, r_startaddr,
143 r_stopaddr, priority=10, policy=3,
145 cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.scapy_tra_sa_id,
146 l_startaddr, l_stopaddr, r_startaddr,
147 r_stopaddr, priority=10, policy=3)
150 class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
151 """ Ipsec ESP - TUN & TRA tests """
155 class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):
156 """ Ipsec ESP - TCP tests """
160 if __name__ == '__main__':
161 unittest.main(testRunner=VppTestRunner)