4 from scapy.layers.ipsec import ESP
5 from framework import VppTestRunner
6 from template_ipsec import TemplateIpsec, IpsecTun4Tests, IpsecTun6Tests, \
7 IpsecTun4, IpsecTun6, IpsecTcpTests, config_tun_params
8 from vpp_ipsec_tun_interface import VppIpsecTunInterface
9 from vpp_ip_route import VppIpRoute, VppRoutePath, DpoProto
12 class TemplateIpsec4TunIfEsp(TemplateIpsec):
13 """ IPsec tunnel interface tests """
18 super(TemplateIpsec4TunIfEsp, self).setUp()
20 self.tun_if = self.pg0
23 tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
24 p.scapy_tun_spi, p.crypt_algo_vpp_id,
25 p.crypt_key, p.crypt_key,
26 p.auth_algo_vpp_id, p.auth_key,
28 tun_if.add_vpp_config()
32 VppIpRoute(self, p.remote_tun_if_host, 32,
33 [VppRoutePath(tun_if.remote_ip4,
34 0xffffffff)]).add_vpp_config()
38 self.vapi.cli("show hardware")
39 super(TemplateIpsec4TunIfEsp, self).tearDown()
42 class TestIpsec4TunIfEsp1(TemplateIpsec4TunIfEsp, IpsecTun4Tests):
43 """ Ipsec ESP - TUN tests """
44 tun4_encrypt_node_name = "esp4-encrypt"
45 tun4_decrypt_node_name = "esp4-decrypt"
48 class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests):
49 """ Ipsec ESP - TCP tests """
53 class TemplateIpsec6TunIfEsp(TemplateIpsec):
54 """ IPsec tunnel interface tests """
59 super(TemplateIpsec6TunIfEsp, self).setUp()
61 self.tun_if = self.pg0
64 tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
65 p.scapy_tun_spi, p.crypt_algo_vpp_id,
66 p.crypt_key, p.crypt_key,
67 p.auth_algo_vpp_id, p.auth_key,
68 p.auth_key, is_ip6=True)
69 tun_if.add_vpp_config()
73 VppIpRoute(self, p.remote_tun_if_host, 128,
74 [VppRoutePath(tun_if.remote_ip6,
76 proto=DpoProto.DPO_PROTO_IP6)],
77 is_ip6=1).add_vpp_config()
81 self.vapi.cli("show hardware")
82 super(TemplateIpsec6TunIfEsp, self).tearDown()
85 class TestIpsec6TunIfEsp1(TemplateIpsec6TunIfEsp, IpsecTun6Tests):
86 """ Ipsec ESP - TUN tests """
87 tun6_encrypt_node_name = "esp6-encrypt"
88 tun6_decrypt_node_name = "esp6-decrypt"
91 class TestIpsec4MultiTunIfEsp(TemplateIpsec, IpsecTun4):
92 """ IPsec IPv4 Multi Tunnel interface """
95 tun4_encrypt_node_name = "esp4-encrypt"
96 tun4_decrypt_node_name = "esp4-decrypt"
99 super(TestIpsec4MultiTunIfEsp, self).setUp()
101 self.tun_if = self.pg0
103 self.multi_params = []
106 p = copy.copy(self.ipv4_params)
108 p.remote_tun_if_host = "1.1.1.%d" % (ii + 1)
109 p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
110 p.scapy_tun_spi = p.scapy_tun_spi + ii
111 p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
112 p.vpp_tun_spi = p.vpp_tun_spi + ii
114 p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
115 p.scapy_tra_spi = p.scapy_tra_spi + ii
116 p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
117 p.vpp_tra_spi = p.vpp_tra_spi + ii
119 config_tun_params(p, self.encryption_type, self.tun_if)
120 self.multi_params.append(p)
122 p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
125 p.crypt_key, p.crypt_key,
126 p.auth_algo_vpp_id, p.auth_key,
128 p.tun_if.add_vpp_config()
130 p.tun_if.config_ip4()
132 VppIpRoute(self, p.remote_tun_if_host, 32,
133 [VppRoutePath(p.tun_if.remote_ip4,
134 0xffffffff)]).add_vpp_config()
137 if not self.vpp_dead:
138 self.vapi.cli("show hardware")
139 super(TestIpsec4MultiTunIfEsp, self).tearDown()
141 def test_tun_44(self):
142 """Multiple IPSEC tunnel interfaces """
143 for p in self.multi_params:
144 self.verify_tun_44(p, count=127)
145 c = p.tun_if.get_rx_stats()
146 self.assertEqual(c['packets'], 127)
147 c = p.tun_if.get_tx_stats()
148 self.assertEqual(c['packets'], 127)
151 class TestIpsec6MultiTunIfEsp(TemplateIpsec, IpsecTun6):
152 """ IPsec IPv6 Muitli Tunnel interface """
154 encryption_type = ESP
155 tun6_encrypt_node_name = "esp6-encrypt"
156 tun6_decrypt_node_name = "esp6-decrypt"
159 super(TestIpsec6MultiTunIfEsp, self).setUp()
161 self.tun_if = self.pg0
163 self.multi_params = []
166 p = copy.copy(self.ipv6_params)
168 p.remote_tun_if_host = "1111::%d" % (ii + 1)
169 p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
170 p.scapy_tun_spi = p.scapy_tun_spi + ii
171 p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
172 p.vpp_tun_spi = p.vpp_tun_spi + ii
174 p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
175 p.scapy_tra_spi = p.scapy_tra_spi + ii
176 p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
177 p.vpp_tra_spi = p.vpp_tra_spi + ii
179 config_tun_params(p, self.encryption_type, self.tun_if)
180 self.multi_params.append(p)
182 p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
185 p.crypt_key, p.crypt_key,
186 p.auth_algo_vpp_id, p.auth_key,
187 p.auth_key, is_ip6=True)
188 p.tun_if.add_vpp_config()
190 p.tun_if.config_ip6()
192 VppIpRoute(self, p.remote_tun_if_host, 128,
193 [VppRoutePath(p.tun_if.remote_ip6,
195 proto=DpoProto.DPO_PROTO_IP6)],
196 is_ip6=1).add_vpp_config()
199 if not self.vpp_dead:
200 self.vapi.cli("show hardware")
201 super(TestIpsec6MultiTunIfEsp, self).tearDown()
203 def test_tun_66(self):
204 """Multiple IPSEC tunnel interfaces """
205 for p in self.multi_params:
206 self.verify_tun_66(p, count=127)
207 c = p.tun_if.get_rx_stats()
208 self.assertEqual(c['packets'], 127)
209 c = p.tun_if.get_tx_stats()
210 self.assertEqual(c['packets'], 127)
213 if __name__ == '__main__':
214 unittest.main(testRunner=VppTestRunner)