tests: cli wrapper should return string

[vpp.git] / test / test_ipsec_tun_if_esp.py
diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py

index cc220d5..28854ce 100644 (file)
--- a/test/test_ipsec_tun_if_esp.py
+++ b/test/test_ipsec_tun_if_esp.py
@@ -6,7 +6,7 @@ from scapy.layers.ipsec import ESP
  from scapy.layers.l2 import Ether, Raw, GRE
  from scapy.layers.inet import IP, UDP
  from scapy.layers.inet6 import IPv6
  from scapy.layers.l2 import Ether, Raw, GRE
  from scapy.layers.inet import IP, UDP
  from scapy.layers.inet6 import IPv6
-from framework import VppTestRunner, is_skip_aarch64_set, is_platform_aarch64
+from framework import VppTestRunner
  from template_ipsec import TemplateIpsec, IpsecTun4Tests, IpsecTun6Tests, \
      IpsecTun4, IpsecTun6,  IpsecTcpTests,  config_tun_params
  from vpp_ipsec_tun_interface import VppIpsecTunInterface
  from template_ipsec import TemplateIpsec, IpsecTun4Tests, IpsecTun6Tests, \
      IpsecTun4, IpsecTun6,  IpsecTcpTests,  config_tun_params
  from vpp_ipsec_tun_interface import VppIpsecTunInterface
@@ -63,6 +63,55 @@ class TemplateIpsec4TunIfEsp(TemplateIpsec):
          super(TemplateIpsec4TunIfEsp, self).tearDown()
  
  
          super(TemplateIpsec4TunIfEsp, self).tearDown()
  
  
+class TemplateIpsec4TunIfEspUdp(TemplateIpsec):
+    """ IPsec UDP tunnel interface tests """
+
+    tun4_encrypt_node_name = "esp4-encrypt-tun"
+    tun4_decrypt_node_name = "esp4-decrypt"
+    encryption_type = ESP
+
+    @classmethod
+    def setUpClass(cls):
+        super(TemplateIpsec4TunIfEspUdp, cls).setUpClass()
+
+    @classmethod
+    def tearDownClass(cls):
+        super(TemplateIpsec4TunIfEspUdp, cls).tearDownClass()
+
+    def setUp(self):
+        super(TemplateIpsec4TunIfEspUdp, self).setUp()
+
+        self.tun_if = self.pg0
+
+        p = self.ipv4_params
+        p.flags = (VppEnum.vl_api_ipsec_sad_flags_t.
+                   IPSEC_API_SAD_FLAG_UDP_ENCAP)
+        p.nat_header = UDP(sport=5454, dport=4500)
+
+        p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
+                                        p.scapy_tun_spi, p.crypt_algo_vpp_id,
+                                        p.crypt_key, p.crypt_key,
+                                        p.auth_algo_vpp_id, p.auth_key,
+                                        p.auth_key, udp_encap=True)
+        p.tun_if.add_vpp_config()
+        p.tun_if.admin_up()
+        p.tun_if.config_ip4()
+        p.tun_if.config_ip6()
+
+        r = VppIpRoute(self, p.remote_tun_if_host, 32,
+                       [VppRoutePath(p.tun_if.remote_ip4,
+                                     0xffffffff)])
+        r.add_vpp_config()
+        r = VppIpRoute(self, p.remote_tun_if_host6, 128,
+                       [VppRoutePath(p.tun_if.remote_ip6,
+                                     0xffffffff,
+                                     proto=DpoProto.DPO_PROTO_IP6)])
+        r.add_vpp_config()
+
+    def tearDown(self):
+        super(TemplateIpsec4TunIfEspUdp, self).tearDown()
+
+
  class TestIpsec4TunIfEsp1(TemplateIpsec4TunIfEsp, IpsecTun4Tests):
      """ Ipsec ESP - TUN tests """
      tun4_encrypt_node_name = "esp4-encrypt-tun"
  class TestIpsec4TunIfEsp1(TemplateIpsec4TunIfEsp, IpsecTun4Tests):
      """ Ipsec ESP - TUN tests """
      tun4_encrypt_node_name = "esp4-encrypt-tun"
@@ -94,6 +143,16 @@ class TestIpsec4TunIfEsp1(TemplateIpsec4TunIfEsp, IpsecTun4Tests):
                                         [9000, 0, 0, 0])
  
  
                                         [9000, 0, 0, 0])
  
  
+class TestIpsec4TunIfEspUdp(TemplateIpsec4TunIfEspUdp, IpsecTun4Tests):
+    """ Ipsec ESP UDP tests """
+
+    tun4_input_node = "ipsec4-if-input"
+
+    def test_keepalive(self):
+        """ IPSEC NAT Keepalive """
+        self.verify_keepalive(self.ipv4_params)
+
+
  class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests):
      """ Ipsec ESP - TCP tests """
      pass
  class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests):
      """ Ipsec ESP - TCP tests """
      pass
@@ -352,6 +411,14 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4):
                    'scapy-crypto': "AES-CBC",
                    'scapy-integ': "HMAC-SHA1-96",
                    'salt': 0,
                    'scapy-crypto': "AES-CBC",
                    'scapy-integ': "HMAC-SHA1-96",
                    'salt': 0,
+                  'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"},
+                 {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+                                 IPSEC_API_CRYPTO_ALG_NONE),
+                  'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+                                IPSEC_API_INTEG_ALG_SHA1_96),
+                  'scapy-crypto': "NULL",
+                  'scapy-integ': "HMAC-SHA1-96",
+                  'salt': 0,
                    'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
  
          for engine in engines:
                    'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
  
          for engine in engines:
@@ -450,8 +517,6 @@ class TestIpsec6MultiTunIfEsp(TemplateIpsec, IpsecTun6):
              self.assertEqual(c['packets'], 127)
  
  
              self.assertEqual(c['packets'], 127)
  
  
-@unittest.skipIf(is_skip_aarch64_set and is_platform_aarch64,
-                 "test doesn't work on aarch64")
  class TestIpsecGreTebIfEsp(TemplateIpsec,
                             IpsecTun4Tests):
      """ Ipsec GRE TEB ESP - TUN tests """
  class TestIpsecGreTebIfEsp(TemplateIpsec,
                             IpsecTun4Tests):
      """ Ipsec GRE TEB ESP - TUN tests """
@@ -663,19 +728,26 @@ class TestIpsecGreIfEsp(TemplateIpsec,
  class TemplateIpsec4TunProtect(object):
      """ IPsec IPv4 Tunnel protect """
  
  class TemplateIpsec4TunProtect(object):
      """ IPsec IPv4 Tunnel protect """
  
+    encryption_type = ESP
+    tun4_encrypt_node_name = "esp4-encrypt-tun"
+    tun4_decrypt_node_name = "esp4-decrypt-tun"
+    tun4_input_node = "ipsec4-tun-input"
+
      def config_sa_tra(self, p):
          config_tun_params(p, self.encryption_type, self.tun_if)
  
          p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi,
                                    p.auth_algo_vpp_id, p.auth_key,
                                    p.crypt_algo_vpp_id, p.crypt_key,
      def config_sa_tra(self, p):
          config_tun_params(p, self.encryption_type, self.tun_if)
  
          p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi,
                                    p.auth_algo_vpp_id, p.auth_key,
                                    p.crypt_algo_vpp_id, p.crypt_key,
-                                  self.vpp_esp_protocol)
+                                  self.vpp_esp_protocol,
+                                  flags=p.flags)
          p.tun_sa_out.add_vpp_config()
  
          p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
                                   p.auth_algo_vpp_id, p.auth_key,
                                   p.crypt_algo_vpp_id, p.crypt_key,
          p.tun_sa_out.add_vpp_config()
  
          p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
                                   p.auth_algo_vpp_id, p.auth_key,
                                   p.crypt_algo_vpp_id, p.crypt_key,
-                                 self.vpp_esp_protocol)
+                                 self.vpp_esp_protocol,
+                                 flags=p.flags)
          p.tun_sa_in.add_vpp_config()
  
      def config_sa_tun(self, p):
          p.tun_sa_in.add_vpp_config()
  
      def config_sa_tun(self, p):
@@ -686,7 +758,8 @@ class TemplateIpsec4TunProtect(object):
                                    p.crypt_algo_vpp_id, p.crypt_key,
                                    self.vpp_esp_protocol,
                                    self.tun_if.remote_addr[p.addr_type],
                                    p.crypt_algo_vpp_id, p.crypt_key,
                                    self.vpp_esp_protocol,
                                    self.tun_if.remote_addr[p.addr_type],
-                                  self.tun_if.local_addr[p.addr_type])
+                                  self.tun_if.local_addr[p.addr_type],
+                                  flags=p.flags)
          p.tun_sa_out.add_vpp_config()
  
          p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
          p.tun_sa_out.add_vpp_config()
  
          p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
@@ -694,7 +767,8 @@ class TemplateIpsec4TunProtect(object):
                                   p.crypt_algo_vpp_id, p.crypt_key,
                                   self.vpp_esp_protocol,
                                   self.tun_if.remote_addr[p.addr_type],
                                   p.crypt_algo_vpp_id, p.crypt_key,
                                   self.vpp_esp_protocol,
                                   self.tun_if.remote_addr[p.addr_type],
-                                 self.tun_if.local_addr[p.addr_type])
+                                 self.tun_if.local_addr[p.addr_type],
+                                 flags=p.flags)
          p.tun_sa_in.add_vpp_config()
  
      def config_protect(self, p):
          p.tun_sa_in.add_vpp_config()
  
      def config_protect(self, p):
@@ -711,11 +785,17 @@ class TemplateIpsec4TunProtect(object):
          p.tun_if.add_vpp_config()
          p.tun_if.admin_up()
          p.tun_if.config_ip4()
          p.tun_if.add_vpp_config()
          p.tun_if.admin_up()
          p.tun_if.config_ip4()
+        p.tun_if.config_ip6()
  
          p.route = VppIpRoute(self, p.remote_tun_if_host, 32,
                               [VppRoutePath(p.tun_if.remote_ip4,
                                             0xffffffff)])
          p.route.add_vpp_config()
  
          p.route = VppIpRoute(self, p.remote_tun_if_host, 32,
                               [VppRoutePath(p.tun_if.remote_ip4,
                                             0xffffffff)])
          p.route.add_vpp_config()
+        r = VppIpRoute(self, p.remote_tun_if_host6, 128,
+                       [VppRoutePath(p.tun_if.remote_ip6,
+                                     0xffffffff,
+                                     proto=DpoProto.DPO_PROTO_IP6)])
+        r.add_vpp_config()
  
      def unconfig_network(self, p):
          p.route.remove_vpp_config()
  
      def unconfig_network(self, p):
          p.route.remove_vpp_config()
@@ -734,10 +814,6 @@ class TestIpsec4TunProtect(TemplateIpsec,
                             IpsecTun4):
      """ IPsec IPv4 Tunnel protect - transport mode"""
  
                             IpsecTun4):
      """ IPsec IPv4 Tunnel protect - transport mode"""
  
-    encryption_type = ESP
-    tun4_encrypt_node_name = "esp4-encrypt-tun"
-    tun4_decrypt_node_name = "esp4-decrypt-tun"
-
      def setUp(self):
          super(TestIpsec4TunProtect, self).setUp()
  
      def setUp(self):
          super(TestIpsec4TunProtect, self).setUp()
  
@@ -761,6 +837,13 @@ class TestIpsec4TunProtect(TemplateIpsec,
          c = p.tun_if.get_tx_stats()
          self.assertEqual(c['packets'], 127)
  
          c = p.tun_if.get_tx_stats()
          self.assertEqual(c['packets'], 127)
  
+        self.vapi.cli("clear ipsec sa")
+        self.verify_tun_64(p, count=127)
+        c = p.tun_if.get_rx_stats()
+        self.assertEqual(c['packets'], 254)
+        c = p.tun_if.get_tx_stats()
+        self.assertEqual(c['packets'], 254)
+
          # rekey - create new SAs and update the tunnel protection
          np = copy.copy(p)
          np.crypt_key = 'X' + p.crypt_key[1:]
          # rekey - create new SAs and update the tunnel protection
          np = copy.copy(p)
          np.crypt_key = 'X' + p.crypt_key[1:]
@@ -777,9 +860,9 @@ class TestIpsec4TunProtect(TemplateIpsec,
  
          self.verify_tun_44(np, count=127)
          c = p.tun_if.get_rx_stats()
  
          self.verify_tun_44(np, count=127)
          c = p.tun_if.get_rx_stats()
-        self.assertEqual(c['packets'], 254)
+        self.assertEqual(c['packets'], 381)
          c = p.tun_if.get_tx_stats()
          c = p.tun_if.get_tx_stats()
-        self.assertEqual(c['packets'], 254)
+        self.assertEqual(c['packets'], 381)
  
          # teardown
          self.unconfig_protect(np)
  
          # teardown
          self.unconfig_protect(np)
@@ -787,6 +870,47 @@ class TestIpsec4TunProtect(TemplateIpsec,
          self.unconfig_network(p)
  
  
          self.unconfig_network(p)
  
  
+class TestIpsec4TunProtectUdp(TemplateIpsec,
+                              TemplateIpsec4TunProtect,
+                              IpsecTun4):
+    """ IPsec IPv4 Tunnel protect - transport mode"""
+
+    def setUp(self):
+        super(TestIpsec4TunProtectUdp, self).setUp()
+
+        self.tun_if = self.pg0
+
+        p = self.ipv4_params
+        p.flags = (VppEnum.vl_api_ipsec_sad_flags_t.
+                   IPSEC_API_SAD_FLAG_UDP_ENCAP)
+        p.nat_header = UDP(sport=5454, dport=4500)
+        self.config_network(p)
+        self.config_sa_tra(p)
+        self.config_protect(p)
+
+    def tearDown(self):
+        p = self.ipv4_params
+        self.unconfig_protect(p)
+        self.unconfig_sa(p)
+        self.unconfig_network(p)
+        super(TestIpsec4TunProtectUdp, self).tearDown()
+
+    def test_tun_44(self):
+        """IPSEC UDP tunnel protect"""
+
+        p = self.ipv4_params
+
+        self.verify_tun_44(p, count=127)
+        c = p.tun_if.get_rx_stats()
+        self.assertEqual(c['packets'], 127)
+        c = p.tun_if.get_tx_stats()
+        self.assertEqual(c['packets'], 127)
+
+    def test_keepalive(self):
+        """ IPSEC NAT Keepalive """
+        self.verify_keepalive(self.ipv4_params)
+
+
  class TestIpsec4TunProtectTun(TemplateIpsec,
                                TemplateIpsec4TunProtect,
                                IpsecTun4):
  class TestIpsec4TunProtectTun(TemplateIpsec,
                                TemplateIpsec4TunProtect,
                                IpsecTun4):
@@ -941,13 +1065,17 @@ class TemplateIpsec6TunProtect(object):
          p.tun_if.add_vpp_config()
          p.tun_if.admin_up()
          p.tun_if.config_ip6()
          p.tun_if.add_vpp_config()
          p.tun_if.admin_up()
          p.tun_if.config_ip6()
+        p.tun_if.config_ip4()
  
          p.route = VppIpRoute(self, p.remote_tun_if_host, 128,
                               [VppRoutePath(p.tun_if.remote_ip6,
                                             0xffffffff,
  
          p.route = VppIpRoute(self, p.remote_tun_if_host, 128,
                               [VppRoutePath(p.tun_if.remote_ip6,
                                             0xffffffff,
-                                           proto=DpoProto.DPO_PROTO_IP6)],
-                             is_ip6=1)
+                                           proto=DpoProto.DPO_PROTO_IP6)])
          p.route.add_vpp_config()
          p.route.add_vpp_config()
+        r = VppIpRoute(self, p.remote_tun_if_host4, 32,
+                       [VppRoutePath(p.tun_if.remote_ip4,
+                                     0xffffffff)])
+        r.add_vpp_config()
  
      def unconfig_network(self, p):
          p.route.remove_vpp_config()
  
      def unconfig_network(self, p):
          p.route.remove_vpp_config()
@@ -1057,6 +1185,26 @@ class TestIpsec6TunProtect(TemplateIpsec,
          self.unconfig_sa(np3)
          self.unconfig_network(p)
  
          self.unconfig_sa(np3)
          self.unconfig_network(p)
  
+    def test_tun_46(self):
+        """IPSEC tunnel protect"""
+
+        p = self.ipv6_params
+
+        self.config_network(p)
+        self.config_sa_tra(p)
+        self.config_protect(p)
+
+        self.verify_tun_46(p, count=127)
+        c = p.tun_if.get_rx_stats()
+        self.assertEqual(c['packets'], 127)
+        c = p.tun_if.get_tx_stats()
+        self.assertEqual(c['packets'], 127)
+
+        # teardown
+        self.unconfig_protect(p)
+        self.unconfig_sa(p)
+        self.unconfig_network(p)
+
  
  class TestIpsec6TunProtectTun(TemplateIpsec,
                                TemplateIpsec6TunProtect,
  
  class TestIpsec6TunProtectTun(TemplateIpsec,
                                TemplateIpsec6TunProtect,