3 from scapy.layers.ipsec import ESP
5 from framework import VppTestRunner
6 from template_ipsec import IpsecTraTests, IpsecTunTests
7 from template_ipsec import TemplateIpsec, IpsecTcpTests
8 from vpp_ipsec import VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSA,\
10 from vpp_ip_route import VppIpRoute, VppRoutePath
11 from vpp_ip import DpoProto
14 class TemplateIpsecEsp(TemplateIpsec):
16 Basic test for ipsec esp sanity - tunnel and transport modes.
18 Below 4 cases are covered as part of this test
19 1) ipsec esp v4 transport basic test - IPv4 Transport mode
20 scenario using HMAC-SHA1-96 intergrity algo
21 2) ipsec esp v4 transport burst test
22 Above test for 257 pkts
23 3) ipsec esp 4o4 tunnel basic test - IPv4 Tunnel mode
24 scenario using HMAC-SHA1-96 intergrity algo
25 4) ipsec esp 4o4 tunnel burst test
26 Above test for 257 pkts
36 --- encrypt --- plain ---
37 |pg0| <------- |VPP| <------ |pg1|
40 --- decrypt --- plain ---
41 |pg0| -------> |VPP| ------> |pg1|
46 super(TemplateIpsecEsp, self).setUp()
47 self.encryption_type = ESP
48 self.tun_if = self.pg0
49 self.tra_if = self.pg2
50 self.logger.info(self.vapi.ppcli("show int addr"))
52 self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
53 self.tra_spd.add_vpp_config()
54 VppIpsecSpdItfBinding(self, self.tra_spd,
55 self.tra_if).add_vpp_config()
57 for _, p in self.params.items():
58 self.config_esp_tra(p)
59 self.configure_sa_tra(p)
60 self.logger.info(self.vapi.ppcli("show ipsec"))
62 self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
63 self.tun_spd.add_vpp_config()
64 VppIpsecSpdItfBinding(self, self.tun_spd,
65 self.tun_if).add_vpp_config()
67 for _, p in self.params.items():
68 self.config_esp_tun(p)
69 self.logger.info(self.vapi.ppcli("show ipsec"))
71 for _, p in self.params.items():
72 d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4
73 VppIpRoute(self, p.remote_tun_if_host, p.addr_len,
74 [VppRoutePath(self.tun_if.remote_addr[p.addr_type],
77 is_ip6=p.is_ipv6).add_vpp_config()
80 super(TemplateIpsecEsp, self).tearDown()
82 self.vapi.cli("show hardware")
84 def config_esp_tun(self, params):
85 addr_type = params.addr_type
86 scapy_tun_sa_id = params.scapy_tun_sa_id
87 scapy_tun_spi = params.scapy_tun_spi
88 vpp_tun_sa_id = params.vpp_tun_sa_id
89 vpp_tun_spi = params.vpp_tun_spi
90 auth_algo_vpp_id = params.auth_algo_vpp_id
91 auth_key = params.auth_key
92 crypt_algo_vpp_id = params.crypt_algo_vpp_id
93 crypt_key = params.crypt_key
94 remote_tun_if_host = params.remote_tun_if_host
95 addr_any = params.addr_any
96 addr_bcast = params.addr_bcast
98 VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
99 auth_algo_vpp_id, auth_key,
100 crypt_algo_vpp_id, crypt_key,
101 self.vpp_esp_protocol,
102 self.tun_if.local_addr[addr_type],
103 self.tun_if.remote_addr[addr_type]).add_vpp_config()
104 VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
105 auth_algo_vpp_id, auth_key,
106 crypt_algo_vpp_id, crypt_key,
107 self.vpp_esp_protocol,
108 self.tun_if.remote_addr[addr_type],
109 self.tun_if.local_addr[addr_type]).add_vpp_config()
111 VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
112 addr_any, addr_bcast,
113 addr_any, addr_bcast,
114 socket.IPPROTO_ESP).add_vpp_config()
115 VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
116 addr_any, addr_bcast,
117 addr_any, addr_bcast,
119 is_outbound=0).add_vpp_config()
121 VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
122 remote_tun_if_host, remote_tun_if_host,
123 self.pg1.remote_addr[addr_type],
124 self.pg1.remote_addr[addr_type],
126 priority=10, policy=3,
127 is_outbound=0).add_vpp_config()
128 VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
129 self.pg1.remote_addr[addr_type],
130 self.pg1.remote_addr[addr_type],
131 remote_tun_if_host, remote_tun_if_host,
133 priority=10, policy=3).add_vpp_config()
135 VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
136 remote_tun_if_host, remote_tun_if_host,
137 self.pg0.local_addr[addr_type],
138 self.pg0.local_addr[addr_type],
140 priority=20, policy=3,
141 is_outbound=0).add_vpp_config()
142 VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
143 self.pg0.local_addr[addr_type],
144 self.pg0.local_addr[addr_type],
145 remote_tun_if_host, remote_tun_if_host,
147 priority=20, policy=3).add_vpp_config()
149 def config_esp_tra(self, params):
150 addr_type = params.addr_type
151 scapy_tra_sa_id = params.scapy_tra_sa_id
152 scapy_tra_spi = params.scapy_tra_spi
153 vpp_tra_sa_id = params.vpp_tra_sa_id
154 vpp_tra_spi = params.vpp_tra_spi
155 auth_algo_vpp_id = params.auth_algo_vpp_id
156 auth_key = params.auth_key
157 crypt_algo_vpp_id = params.crypt_algo_vpp_id
158 crypt_key = params.crypt_key
159 addr_any = params.addr_any
160 addr_bcast = params.addr_bcast
162 VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
163 auth_algo_vpp_id, auth_key,
164 crypt_algo_vpp_id, crypt_key,
165 self.vpp_esp_protocol,
166 use_anti_replay=1).add_vpp_config()
167 VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
168 auth_algo_vpp_id, auth_key,
169 crypt_algo_vpp_id, crypt_key,
170 self.vpp_esp_protocol,
171 use_anti_replay=1).add_vpp_config()
173 VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
174 addr_any, addr_bcast,
175 addr_any, addr_bcast,
176 socket.IPPROTO_ESP).add_vpp_config()
177 VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
178 addr_any, addr_bcast,
179 addr_any, addr_bcast,
181 is_outbound=0).add_vpp_config()
183 VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
184 self.tra_if.local_addr[addr_type],
185 self.tra_if.local_addr[addr_type],
186 self.tra_if.remote_addr[addr_type],
187 self.tra_if.remote_addr[addr_type],
188 0, priority=10, policy=3,
189 is_outbound=0).add_vpp_config()
190 VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id,
191 self.tra_if.local_addr[addr_type],
192 self.tra_if.local_addr[addr_type],
193 self.tra_if.remote_addr[addr_type],
194 self.tra_if.remote_addr[addr_type],
195 0, priority=10, policy=3).add_vpp_config()
198 class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
199 """ Ipsec ESP - TUN & TRA tests """
200 tra4_encrypt_node_name = "esp4-encrypt"
201 tra4_decrypt_node_name = "esp4-decrypt"
202 tra6_encrypt_node_name = "esp6-encrypt"
203 tra6_decrypt_node_name = "esp6-decrypt"
204 tun4_encrypt_node_name = "esp4-encrypt"
205 tun4_decrypt_node_name = "esp4-decrypt"
206 tun6_encrypt_node_name = "esp6-encrypt"
207 tun6_decrypt_node_name = "esp6-decrypt"
210 class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):
211 """ Ipsec ESP - TCP tests """
215 if __name__ == '__main__':
216 unittest.main(testRunner=VppTestRunner)