Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
hs-test: add more asserts
[vpp.git]
/
test
/
test_ipsec_default.py
diff --git
a/test/test_ipsec_default.py
b/test/test_ipsec_default.py
index
71bbd75
..
2fefb77
100644
(file)
--- a/
test/test_ipsec_default.py
+++ b/
test/test_ipsec_default.py
@@
-2,8
+2,8
@@
import socket
import unittest
from util import ppp
import unittest
from util import ppp
-from framework import VppTestRunner
-from template_ipsec import I
PSecIPv4Fwd
+from
asf
framework import VppTestRunner
+from template_ipsec import I
psecDefaultTemplate
"""
When an IPSec SPD is configured on an interface, any inbound packets
"""
When an IPSec SPD is configured on an interface, any inbound packets
@@
-32,8
+32,9
@@
packets are dropped as expected.
"""
"""
-class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
- """ IPSec: inbound packets drop by default with no matching rule """
+class IPSecInboundDefaultDrop(IpsecDefaultTemplate):
+ """IPSec: inbound packets drop by default with no matching rule"""
+
def test_ipsec_inbound_default_drop(self):
# configure two interfaces and bind the same SPD to both
self.create_interfaces(2)
def test_ipsec_inbound_default_drop(self):
# configure two interfaces and bind the same SPD to both
self.create_interfaces(2)
@@
-42,13
+43,26
@@
class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
# catch-all inbound BYPASS policy, all interfaces
inbound_policy = self.spd_add_rem_policy(
# catch-all inbound BYPASS policy, all interfaces
inbound_policy = self.spd_add_rem_policy(
- 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10,
- policy_type="bypass", all_ips=True)
+ 1,
+ None,
+ None,
+ socket.IPPROTO_UDP,
+ is_out=0,
+ priority=10,
+ policy_type="bypass",
+ all_ips=True,
+ )
# outbound BYPASS policy allowing traffic from pg0->pg1
outbound_policy = self.spd_add_rem_policy(
# outbound BYPASS policy allowing traffic from pg0->pg1
outbound_policy = self.spd_add_rem_policy(
- 1, self.pg0, self.pg1, socket.IPPROTO_UDP,
- is_out=1, priority=10, policy_type="bypass")
+ 1,
+ self.pg0,
+ self.pg1,
+ socket.IPPROTO_UDP,
+ is_out=1,
+ priority=10,
+ policy_type="bypass",
+ )
# create a packet stream pg0->pg1 + add to pg0
packets0 = self.create_stream(self.pg0, self.pg1, pkt_count)
# create a packet stream pg0->pg1 + add to pg0
packets0 = self.create_stream(self.pg0, self.pg1, pkt_count)
@@
-63,8
+77,7
@@
class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
try:
self.logger.debug(ppp("SPD - Got packet:", packet))
except Exception:
try:
self.logger.debug(ppp("SPD - Got packet:", packet))
except Exception:
- self.logger.error(
- ppp("Unexpected or invalid packet:", packet))
+ self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.logger.debug("SPD: Num packets: %s", len(cap1.res))
# verify captures on pg1
raise
self.logger.debug("SPD: Num packets: %s", len(cap1.res))
# verify captures on pg1
@@
-75,8
+88,16
@@
class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
# remove inbound catch-all BYPASS rule, traffic should now be dropped
self.spd_add_rem_policy( # inbound, all interfaces
# remove inbound catch-all BYPASS rule, traffic should now be dropped
self.spd_add_rem_policy( # inbound, all interfaces
- 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10,
- policy_type="bypass", all_ips=True, remove=True)
+ 1,
+ None,
+ None,
+ socket.IPPROTO_UDP,
+ is_out=0,
+ priority=10,
+ policy_type="bypass",
+ all_ips=True,
+ remove=True,
+ )
# create another packet stream pg0->pg1 + add to pg0
packets1 = self.create_stream(self.pg0, self.pg1, pkt_count)
# create another packet stream pg0->pg1 + add to pg0
packets1 = self.create_stream(self.pg0, self.pg1, pkt_count)
@@
-84,16
+105,18
@@
class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
self.pg_interfaces[1].enable_capture()
self.pg_start()
# confirm traffic has now been dropped
self.pg_interfaces[1].enable_capture()
self.pg_start()
# confirm traffic has now been dropped
- self.pg1.assert_nothing_captured("inbound pkts with no matching \
- rules NOT dropped by default")
+ self.pg1.assert_nothing_captured(
+ remark="inbound pkts with no matching" "rules NOT dropped by default"
+ )
# both policies should not have matched any further packets
# since we've dropped at input stage
self.verify_policy_match(pkt_count, outbound_policy)
self.verify_policy_match(pkt_count, inbound_policy)
# both policies should not have matched any further packets
# since we've dropped at input stage
self.verify_policy_match(pkt_count, outbound_policy)
self.verify_policy_match(pkt_count, inbound_policy)
-class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
- """ IPSec: outbound packets drop by default with no matching rule """
+class IPSecOutboundDefaultDrop(IpsecDefaultTemplate):
+ """IPSec: outbound packets drop by default with no matching rule"""
+
def test_ipsec_inbound_default_drop(self):
# configure two interfaces and bind the same SPD to both
self.create_interfaces(2)
def test_ipsec_inbound_default_drop(self):
# configure two interfaces and bind the same SPD to both
self.create_interfaces(2)
@@
-102,13
+125,26
@@
class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
# catch-all inbound BYPASS policy, all interfaces
inbound_policy = self.spd_add_rem_policy(
# catch-all inbound BYPASS policy, all interfaces
inbound_policy = self.spd_add_rem_policy(
- 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10,
- policy_type="bypass", all_ips=True)
+ 1,
+ None,
+ None,
+ socket.IPPROTO_UDP,
+ is_out=0,
+ priority=10,
+ policy_type="bypass",
+ all_ips=True,
+ )
# outbound BYPASS policy allowing traffic from pg0->pg1
outbound_policy = self.spd_add_rem_policy(
# outbound BYPASS policy allowing traffic from pg0->pg1
outbound_policy = self.spd_add_rem_policy(
- 1, self.pg0, self.pg1, socket.IPPROTO_UDP,
- is_out=1, priority=10, policy_type="bypass")
+ 1,
+ self.pg0,
+ self.pg1,
+ socket.IPPROTO_UDP,
+ is_out=1,
+ priority=10,
+ policy_type="bypass",
+ )
# create a packet stream pg0->pg1 + add to pg0
packets0 = self.create_stream(self.pg0, self.pg1, pkt_count)
# create a packet stream pg0->pg1 + add to pg0
packets0 = self.create_stream(self.pg0, self.pg1, pkt_count)
@@
-123,8
+159,7
@@
class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
try:
self.logger.debug(ppp("SPD - Got packet:", packet))
except Exception:
try:
self.logger.debug(ppp("SPD - Got packet:", packet))
except Exception:
- self.logger.error(
- ppp("Unexpected or invalid packet:", packet))
+ self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.logger.debug("SPD: Num packets: %s", len(cap1.res))
# verify captures on pg1
raise
self.logger.debug("SPD: Num packets: %s", len(cap1.res))
# verify captures on pg1
@@
-135,9
+170,15
@@
class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
# remove outbound rule
self.spd_add_rem_policy(
# remove outbound rule
self.spd_add_rem_policy(
- 1, self.pg0, self.pg1, socket.IPPROTO_UDP,
- is_out=1, priority=10, policy_type="bypass",
- remove=True)
+ 1,
+ self.pg0,
+ self.pg1,
+ socket.IPPROTO_UDP,
+ is_out=1,
+ priority=10,
+ policy_type="bypass",
+ remove=True,
+ )
# create another packet stream pg0->pg1 + add to pg0
packets1 = self.create_stream(self.pg0, self.pg1, pkt_count)
# create another packet stream pg0->pg1 + add to pg0
packets1 = self.create_stream(self.pg0, self.pg1, pkt_count)
@@
-145,12
+186,14
@@
class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
self.pg_interfaces[1].enable_capture()
self.pg_start()
# confirm traffic was dropped and not forwarded
self.pg_interfaces[1].enable_capture()
self.pg_start()
# confirm traffic was dropped and not forwarded
- self.pg1.assert_nothing_captured("outbound pkts with no matching \
- rules NOT dropped by default")
+ self.pg1.assert_nothing_captured(
+ remark="outbound pkts with no matching rules NOT dropped " "by default"
+ )
# inbound rule should have matched twice the # of pkts now
# inbound rule should have matched twice the # of pkts now
- self.verify_policy_match(pkt_count
*
2, inbound_policy)
+ self.verify_policy_match(pkt_count
*
2, inbound_policy)
# as dropped at outbound, outbound policy is the same
self.verify_policy_match(pkt_count, outbound_policy)
# as dropped at outbound, outbound policy is the same
self.verify_policy_match(pkt_count, outbound_policy)
-if __name__ == '__main__':
+
+if __name__ == "__main__":
unittest.main(testRunner=VppTestRunner)
unittest.main(testRunner=VppTestRunner)