+ def _test_wg_send_cookie_tmpl(self, is_resp, is_ip6):
+ port = 12323
+
+ # create wg interface
+ if is_ip6:
+ wg0 = VppWgInterface(self, self.pg1.local_ip6, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip6()
+ else:
+ wg0 = VppWgInterface(self, self.pg1.local_ip4, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip4()
+
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ # create a peer
+ if is_ip6:
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_ip6, port + 1, ["1::3:0/112"]
+ ).add_vpp_config()
+ else:
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_ip4, port + 1, ["10.11.3.0/24"]
+ ).add_vpp_config()
+ self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)
+
+ if is_resp:
+ # skip the first automatic handshake
+ self.pg1.get_capture(1, timeout=HANDSHAKE_JITTER)
+
+ # prepare and send a handshake initiation
+ # expect the peer to send a handshake response
+ init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
+ rxs = self.send_and_expect(self.pg1, [init], self.pg1)
+ else:
+ # wait for the peer to send a handshake initiation
+ rxs = self.pg1.get_capture(1, timeout=2)
+
+ # prepare and send a wrong cookie reply
+ # expect no replies and the cookie error incremented
+ cookie = peer_1.mk_cookie(rxs[0], self.pg1, is_resp=is_resp, is_ip6=is_ip6)
+ cookie.nonce = b"1234567890"
+ self.send_and_assert_no_replies(self.pg1, [cookie], timeout=0.1)
+ if is_ip6:
+ self.assertEqual(
+ self.base_cookie_dec6_err + 1,
+ self.statistics.get_err_counter(self.cookie_dec6_err),
+ )
+ else:
+ self.assertEqual(
+ self.base_cookie_dec4_err + 1,
+ self.statistics.get_err_counter(self.cookie_dec4_err),
+ )
+
+ # prepare and send a correct cookie reply
+ cookie = peer_1.mk_cookie(rxs[0], self.pg1, is_resp=is_resp, is_ip6=is_ip6)
+ self.pg_send(self.pg1, [cookie])
+
+ # wait for the peer to send a handshake initiation with mac2 set
+ rxs = self.pg1.get_capture(1, timeout=6)
+
+ # verify the initiation and its mac2
+ peer_1.consume_init(rxs[0], self.pg1, is_ip6=is_ip6, is_mac2=True)
+
+ # remove configs
+ peer_1.remove_vpp_config()
+ wg0.remove_vpp_config()
+
+ def test_wg_send_cookie_on_init_v4(self):
+ """Send cookie on handshake initiation (v4)"""
+ self._test_wg_send_cookie_tmpl(is_resp=False, is_ip6=False)
+
+ def test_wg_send_cookie_on_init_v6(self):
+ """Send cookie on handshake initiation (v6)"""
+ self._test_wg_send_cookie_tmpl(is_resp=False, is_ip6=True)
+
+ def test_wg_send_cookie_on_resp_v4(self):
+ """Send cookie on handshake response (v4)"""
+ self._test_wg_send_cookie_tmpl(is_resp=True, is_ip6=False)
+
+ def test_wg_send_cookie_on_resp_v6(self):
+ """Send cookie on handshake response (v6)"""
+ self._test_wg_send_cookie_tmpl(is_resp=True, is_ip6=True)
+
+ def _test_wg_receive_cookie_tmpl(self, is_resp, is_ip6):
+ port = 12323
+
+ # create wg interface
+ if is_ip6:
+ wg0 = VppWgInterface(self, self.pg1.local_ip6, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip6()
+ else:
+ wg0 = VppWgInterface(self, self.pg1.local_ip4, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip4()
+
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ # create a peer
+ if is_ip6:
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_ip6, port + 1, ["1::3:0/112"]
+ ).add_vpp_config()
+ else:
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_ip4, port + 1, ["10.11.3.0/24"]
+ ).add_vpp_config()
+ self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)
+
+ if is_resp:
+ # wait for the peer to send a handshake initiation
+ rxs = self.pg1.get_capture(1, timeout=2)
+ # prepare and send a bunch of handshake responses
+ # expect to switch to under load state
+ resp = peer_1.consume_init(rxs[0], self.pg1, is_ip6=is_ip6)
+ txs = [resp] * HANDSHAKE_NUM_PER_PEER_UNTIL_UNDER_LOAD
+ rxs = self.send_and_expect_some(self.pg1, txs, self.pg1)
+ # reset noise to be able to turn into initiator later
+ peer_1.noise_reset()
+ else:
+ # skip the first automatic handshake
+ self.pg1.get_capture(1, timeout=HANDSHAKE_JITTER)
+
+ # prepare and send a bunch of handshake initiations
+ # expect to switch to under load state
+ init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
+ txs = [init] * HANDSHAKE_NUM_PER_PEER_UNTIL_UNDER_LOAD
+ rxs = self.send_and_expect_some(self.pg1, txs, self.pg1)
+
+ # expect the peer to send a cookie reply
+ peer_1.consume_cookie(rxs[-1], is_ip6=is_ip6)
+
+ # prepare and send a handshake initiation with wrong mac2
+ # expect a cookie reply
+ init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
+ init.mac2 = b"1234567890"
+ rxs = self.send_and_expect(self.pg1, [init], self.pg1)
+ peer_1.consume_cookie(rxs[0], is_ip6=is_ip6)
+
+ # prepare and send a handshake initiation with correct mac2
+ # expect a handshake response
+ init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
+ rxs = self.send_and_expect(self.pg1, [init], self.pg1)
+
+ # verify the response
+ peer_1.consume_response(rxs[0], is_ip6=is_ip6)
+
+ # clear up under load state
+ self.sleep(UNDER_LOAD_INTERVAL)
+
+ # remove configs
+ peer_1.remove_vpp_config()
+ wg0.remove_vpp_config()
+
+ def test_wg_receive_cookie_on_init_v4(self):
+ """Receive cookie on handshake initiation (v4)"""
+ self._test_wg_receive_cookie_tmpl(is_resp=False, is_ip6=False)
+
+ def test_wg_receive_cookie_on_init_v6(self):
+ """Receive cookie on handshake initiation (v6)"""
+ self._test_wg_receive_cookie_tmpl(is_resp=False, is_ip6=True)
+
+ def test_wg_receive_cookie_on_resp_v4(self):
+ """Receive cookie on handshake response (v4)"""
+ self._test_wg_receive_cookie_tmpl(is_resp=True, is_ip6=False)
+
+ def test_wg_receive_cookie_on_resp_v6(self):
+ """Receive cookie on handshake response (v6)"""
+ self._test_wg_receive_cookie_tmpl(is_resp=True, is_ip6=True)
+
+ def test_wg_under_load_interval(self):
+ """Under load interval"""
+ port = 12323
+
+ # create wg interface
+ wg0 = VppWgInterface(self, self.pg1.local_ip4, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip4()
+
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ # create a peer
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_ip4, port + 1, ["10.11.3.0/24"]
+ ).add_vpp_config()
+ self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)
+
+ # skip the first automatic handshake
+ self.pg1.get_capture(1, timeout=HANDSHAKE_JITTER)
+
+ # prepare and send a bunch of handshake initiations
+ # expect to switch to under load state
+ init = peer_1.mk_handshake(self.pg1)
+ txs = [init] * HANDSHAKE_NUM_PER_PEER_UNTIL_UNDER_LOAD
+ rxs = self.send_and_expect_some(self.pg1, txs, self.pg1)
+
+ # expect the peer to send a cookie reply
+ peer_1.consume_cookie(rxs[-1])
+
+ # sleep till the next counting interval
+ # expect under load state is still active
+ self.sleep(HANDSHAKE_COUNTING_INTERVAL)
+
+ # prepare and send a handshake initiation with wrong mac2
+ # expect a cookie reply
+ init = peer_1.mk_handshake(self.pg1)
+ init.mac2 = b"1234567890"
+ rxs = self.send_and_expect(self.pg1, [init], self.pg1)
+ peer_1.consume_cookie(rxs[0])
+
+ # sleep till the end of being under load
+ # expect under load state is over
+ self.sleep(UNDER_LOAD_INTERVAL - HANDSHAKE_COUNTING_INTERVAL)
+
+ # prepare and send a handshake initiation with wrong mac2
+ # expect a handshake response
+ init = peer_1.mk_handshake(self.pg1)
+ init.mac2 = b"1234567890"
+ rxs = self.send_and_expect(self.pg1, [init], self.pg1)
+
+ # verify the response
+ peer_1.consume_response(rxs[0])
+
+ # remove configs
+ peer_1.remove_vpp_config()
+ wg0.remove_vpp_config()
+
+ def _test_wg_handshake_ratelimiting_tmpl(self, is_ip6):
+ port = 12323
+
+ # create wg interface
+ if is_ip6:
+ wg0 = VppWgInterface(self, self.pg1.local_ip6, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip6()
+ else:
+ wg0 = VppWgInterface(self, self.pg1.local_ip4, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip4()
+
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ # create a peer
+ if is_ip6:
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_ip6, port + 1, ["1::3:0/112"]
+ ).add_vpp_config()
+ else:
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_ip4, port + 1, ["10.11.3.0/24"]
+ ).add_vpp_config()
+ self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)
+
+ # skip the first automatic handshake
+ self.pg1.get_capture(1, timeout=HANDSHAKE_JITTER)
+
+ # prepare and send a bunch of handshake initiations
+ # expect to switch to under load state
+ init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
+ txs = [init] * HANDSHAKE_NUM_PER_PEER_UNTIL_UNDER_LOAD
+ rxs = self.send_and_expect_some(self.pg1, txs, self.pg1)
+
+ # expect the peer to send a cookie reply
+ peer_1.consume_cookie(rxs[-1], is_ip6=is_ip6)
+
+ # prepare and send a bunch of handshake initiations with correct mac2
+ # expect a handshake response and then ratelimiting
+ NUM_TO_REJECT = 10
+ init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
+ txs = [init] * (HANDSHAKE_NUM_BEFORE_RATELIMITING + NUM_TO_REJECT)
+ rxs = self.send_and_expect_some(self.pg1, txs, self.pg1)
+
+ if is_ip6:
+ self.assertEqual(
+ self.base_ratelimited6_err + NUM_TO_REJECT,
+ self.statistics.get_err_counter(self.ratelimited6_err),
+ )
+ else:
+ self.assertEqual(
+ self.base_ratelimited4_err + NUM_TO_REJECT,
+ self.statistics.get_err_counter(self.ratelimited4_err),
+ )
+
+ # verify the response
+ peer_1.consume_response(rxs[0], is_ip6=is_ip6)
+
+ # clear up under load state
+ self.sleep(UNDER_LOAD_INTERVAL)
+
+ # remove configs
+ peer_1.remove_vpp_config()
+ wg0.remove_vpp_config()
+
+ def test_wg_handshake_ratelimiting_v4(self):
+ """Handshake ratelimiting (v4)"""
+ self._test_wg_handshake_ratelimiting_tmpl(is_ip6=False)
+
+ def test_wg_handshake_ratelimiting_v6(self):
+ """Handshake ratelimiting (v6)"""
+ self._test_wg_handshake_ratelimiting_tmpl(is_ip6=True)
+
+ def test_wg_handshake_ratelimiting_multi_peer(self):
+ """Handshake ratelimiting (multiple peer)"""
+ port = 12323
+
+ # create wg interface
+ wg0 = VppWgInterface(self, self.pg1.local_ip4, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip4()
+
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ # create two peers
+ NUM_PEERS = 2
+ self.pg1.generate_remote_hosts(NUM_PEERS)
+ self.pg1.configure_ipv4_neighbors()
+
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_hosts[0].ip4, port + 1, ["10.11.3.0/24"]
+ ).add_vpp_config()
+ peer_2 = VppWgPeer(
+ self, wg0, self.pg1.remote_hosts[1].ip4, port + 1, ["10.11.4.0/24"]
+ ).add_vpp_config()
+ self.assertEqual(len(self.vapi.wireguard_peers_dump()), 2)
+
+ # skip the first automatic handshake
+ self.pg1.get_capture(NUM_PEERS, timeout=HANDSHAKE_JITTER)
+
+ # (peer_1) prepare and send a bunch of handshake initiations
+ # expect not to switch to under load state
+ init_1 = peer_1.mk_handshake(self.pg1)
+ txs = [init_1] * HANDSHAKE_NUM_PER_PEER_UNTIL_UNDER_LOAD
+ rxs = self.send_and_expect_some(self.pg1, txs, self.pg1)
+
+ # (peer_1) expect the peer to send a handshake response
+ peer_1.consume_response(rxs[0])
+ peer_1.noise_reset()
+
+ # (peer_1) send another bunch of handshake initiations
+ # expect to switch to under load state
+ rxs = self.send_and_expect_some(self.pg1, txs, self.pg1)
+
+ # (peer_1) expect the peer to send a cookie reply
+ peer_1.consume_cookie(rxs[-1])
+
+ # (peer_2) prepare and send a handshake initiation
+ # expect a cookie reply
+ init_2 = peer_2.mk_handshake(self.pg1)
+ rxs = self.send_and_expect(self.pg1, [init_2], self.pg1)
+ peer_2.consume_cookie(rxs[0])
+
+ # (peer_1) (peer_2) prepare and send a bunch of handshake initiations with correct mac2
+ # expect a handshake response and then ratelimiting
+ PEER_1_NUM_TO_REJECT = 2
+ PEER_2_NUM_TO_REJECT = 5
+ init_1 = peer_1.mk_handshake(self.pg1)
+ txs = [init_1] * (HANDSHAKE_NUM_BEFORE_RATELIMITING + PEER_1_NUM_TO_REJECT)
+ init_2 = peer_2.mk_handshake(self.pg1)
+ txs += [init_2] * (HANDSHAKE_NUM_BEFORE_RATELIMITING + PEER_2_NUM_TO_REJECT)
+ rxs = self.send_and_expect_some(self.pg1, txs, self.pg1)
+
+ self.assertTrue(
+ self.base_ratelimited4_err + PEER_1_NUM_TO_REJECT
+ < self.statistics.get_err_counter(self.ratelimited4_err)
+ <= self.base_ratelimited4_err + PEER_1_NUM_TO_REJECT + PEER_2_NUM_TO_REJECT
+ )
+
+ # (peer_1) (peer_2) verify the response
+ peer_1.consume_response(rxs[0])
+ peer_2.consume_response(rxs[1])
+
+ # clear up under load state
+ self.sleep(UNDER_LOAD_INTERVAL)
+
+ # remove configs
+ peer_1.remove_vpp_config()
+ peer_2.remove_vpp_config()
+ wg0.remove_vpp_config()
+
+ def _test_wg_peer_roaming_on_handshake_tmpl(self, is_endpoint_set, is_resp, is_ip6):
+ port = 12323
+
+ # create wg interface
+ if is_ip6:
+ wg0 = VppWgInterface(self, self.pg1.local_ip6, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip6()
+ else:
+ wg0 = VppWgInterface(self, self.pg1.local_ip4, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip4()
+
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ # create more remote hosts
+ NUM_REMOTE_HOSTS = 2
+ self.pg1.generate_remote_hosts(NUM_REMOTE_HOSTS)
+ if is_ip6:
+ self.pg1.configure_ipv6_neighbors()
+ else:
+ self.pg1.configure_ipv4_neighbors()
+
+ # create a peer
+ if is_ip6:
+ peer_1 = VppWgPeer(
+ test=self,
+ itf=wg0,
+ endpoint=self.pg1.remote_hosts[0].ip6 if is_endpoint_set else "::",
+ port=port + 1 if is_endpoint_set else 0,
+ allowed_ips=["1::3:0/112"],
+ ).add_vpp_config()
+ else:
+ peer_1 = VppWgPeer(
+ test=self,
+ itf=wg0,
+ endpoint=self.pg1.remote_hosts[0].ip4 if is_endpoint_set else "0.0.0.0",
+ port=port + 1 if is_endpoint_set else 0,
+ allowed_ips=["10.11.3.0/24"],
+ ).add_vpp_config()
+ self.assertTrue(peer_1.query_vpp_config())
+
+ if is_resp:
+ # wait for the peer to send a handshake initiation
+ rxs = self.pg1.get_capture(1, timeout=2)
+ # prepare a handshake response
+ resp = peer_1.consume_init(rxs[0], self.pg1, is_ip6=is_ip6)
+ # change endpoint
+ if is_ip6:
+ peer_1.change_endpoint(self.pg1.remote_hosts[1].ip6, port + 100)
+ resp[IPv6].src, resp[UDP].sport = peer_1.endpoint, peer_1.port
+ else:
+ peer_1.change_endpoint(self.pg1.remote_hosts[1].ip4, port + 100)
+ resp[IP].src, resp[UDP].sport = peer_1.endpoint, peer_1.port
+ # send the handshake response
+ # expect a keepalive message sent to the new endpoint
+ rxs = self.send_and_expect(self.pg1, [resp], self.pg1)
+ # verify the keepalive message
+ b = peer_1.decrypt_transport(rxs[0], is_ip6=is_ip6)
+ self.assertEqual(0, len(b))
+ else:
+ # change endpoint
+ if is_ip6:
+ peer_1.change_endpoint(self.pg1.remote_hosts[1].ip6, port + 100)
+ else:
+ peer_1.change_endpoint(self.pg1.remote_hosts[1].ip4, port + 100)
+ # prepare and send a handshake initiation
+ # expect a handshake response sent to the new endpoint
+ init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
+ rxs = self.send_and_expect(self.pg1, [init], self.pg1)
+ # verify the response
+ peer_1.consume_response(rxs[0], is_ip6=is_ip6)
+ self.assertTrue(peer_1.query_vpp_config())
+
+ # remove configs
+ peer_1.remove_vpp_config()
+ wg0.remove_vpp_config()
+
+ def test_wg_peer_roaming_on_init_v4(self):
+ """Peer roaming on handshake initiation (v4)"""
+ self._test_wg_peer_roaming_on_handshake_tmpl(
+ is_endpoint_set=False, is_resp=False, is_ip6=False
+ )
+
+ def test_wg_peer_roaming_on_init_v6(self):
+ """Peer roaming on handshake initiation (v6)"""
+ self._test_wg_peer_roaming_on_handshake_tmpl(
+ is_endpoint_set=False, is_resp=False, is_ip6=True
+ )
+
+ def test_wg_peer_roaming_on_resp_v4(self):
+ """Peer roaming on handshake response (v4)"""
+ self._test_wg_peer_roaming_on_handshake_tmpl(
+ is_endpoint_set=True, is_resp=True, is_ip6=False
+ )
+
+ def test_wg_peer_roaming_on_resp_v6(self):
+ """Peer roaming on handshake response (v6)"""
+ self._test_wg_peer_roaming_on_handshake_tmpl(
+ is_endpoint_set=True, is_resp=True, is_ip6=True
+ )
+
+ def _test_wg_peer_roaming_on_data_tmpl(self, is_async, is_ip6):
+ self.vapi.wg_set_async_mode(is_async)
+ port = 12323
+
+ # create wg interface
+ if is_ip6:
+ wg0 = VppWgInterface(self, self.pg1.local_ip6, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip6()
+ else:
+ wg0 = VppWgInterface(self, self.pg1.local_ip4, port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip4()
+
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ # create more remote hosts
+ NUM_REMOTE_HOSTS = 2
+ self.pg1.generate_remote_hosts(NUM_REMOTE_HOSTS)
+ if is_ip6:
+ self.pg1.configure_ipv6_neighbors()
+ else:
+ self.pg1.configure_ipv4_neighbors()
+
+ # create a peer
+ if is_ip6:
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_hosts[0].ip6, port + 1, ["1::3:0/112"]
+ ).add_vpp_config()
+ else:
+ peer_1 = VppWgPeer(
+ self, wg0, self.pg1.remote_hosts[0].ip4, port + 1, ["10.11.3.0/24"]
+ ).add_vpp_config()
+ self.assertTrue(peer_1.query_vpp_config())
+
+ # create a route to rewrite traffic into the wg interface
+ if is_ip6:
+ r1 = VppIpRoute(
+ self, "1::3:0", 112, [VppRoutePath("1::3:1", wg0.sw_if_index)]
+ ).add_vpp_config()
+ else:
+ r1 = VppIpRoute(
+ self, "10.11.3.0", 24, [VppRoutePath("10.11.3.1", wg0.sw_if_index)]
+ ).add_vpp_config()
+
+ # wait for the peer to send a handshake initiation
+ rxs = self.pg1.get_capture(1, timeout=2)
+
+ # prepare and send a handshake response
+ # expect a keepalive message
+ resp = peer_1.consume_init(rxs[0], self.pg1, is_ip6=is_ip6)
+ rxs = self.send_and_expect(self.pg1, [resp], self.pg1)
+
+ # verify the keepalive message
+ b = peer_1.decrypt_transport(rxs[0], is_ip6=is_ip6)
+ self.assertEqual(0, len(b))
+
+ # change endpoint
+ if is_ip6:
+ peer_1.change_endpoint(self.pg1.remote_hosts[1].ip6, port + 100)
+ else:
+ peer_1.change_endpoint(self.pg1.remote_hosts[1].ip4, port + 100)
+
+ # prepare and send a data packet
+ # expect endpoint change
+ if is_ip6:
+ ip_header = IPv6(src="1::3:1", dst=self.pg0.remote_ip6, hlim=20)
+ else:
+ ip_header = IP(src="10.11.3.1", dst=self.pg0.remote_ip4, ttl=20)
+ data = (
+ peer_1.mk_tunnel_header(self.pg1, is_ip6=is_ip6)
+ / Wireguard(message_type=4, reserved_zero=0)
+ / WireguardTransport(
+ receiver_index=peer_1.sender,
+ counter=0,
+ encrypted_encapsulated_packet=peer_1.encrypt_transport(
+ ip_header / UDP(sport=222, dport=223) / Raw()
+ ),
+ )
+ )
+ rxs = self.send_and_expect(self.pg1, [data], self.pg0)
+ if is_ip6:
+ self.assertEqual(rxs[0][IPv6].dst, self.pg0.remote_ip6)
+ self.assertEqual(rxs[0][IPv6].hlim, 19)
+ else:
+ self.assertEqual(rxs[0][IP].dst, self.pg0.remote_ip4)
+ self.assertEqual(rxs[0][IP].ttl, 19)
+ self.assertTrue(peer_1.query_vpp_config())
+
+ # prepare and send a packet that will be rewritten into the wg interface
+ # expect a data packet sent to the new endpoint
+ if is_ip6:
+ ip_header = IPv6(src=self.pg0.remote_ip6, dst="1::3:2")
+ else:
+ ip_header = IP(src=self.pg0.remote_ip4, dst="10.11.3.2")
+ p = (
+ Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
+ / ip_header
+ / UDP(sport=555, dport=556)
+ / Raw()
+ )
+ rxs = self.send_and_expect(self.pg0, [p], self.pg1)
+
+ # verify the data packet
+ peer_1.validate_encapped(rxs, p, is_tunnel_ip6=is_ip6, is_transport_ip6=is_ip6)
+
+ # remove configs
+ r1.remove_vpp_config()
+ peer_1.remove_vpp_config()
+ wg0.remove_vpp_config()
+
+ def test_wg_peer_roaming_on_data_v4_sync(self):
+ """Peer roaming on data packet (v4, sync)"""
+ self._test_wg_peer_roaming_on_data_tmpl(is_async=False, is_ip6=False)
+
+ def test_wg_peer_roaming_on_data_v6_sync(self):
+ """Peer roaming on data packet (v6, sync)"""
+ self._test_wg_peer_roaming_on_data_tmpl(is_async=False, is_ip6=True)
+
+ def test_wg_peer_roaming_on_data_v4_async(self):
+ """Peer roaming on data packet (v4, async)"""
+ self._test_wg_peer_roaming_on_data_tmpl(is_async=True, is_ip6=False)
+
+ def test_wg_peer_roaming_on_data_v6_async(self):
+ """Peer roaming on data packet (v6, async)"""
+ self._test_wg_peer_roaming_on_data_tmpl(is_async=True, is_ip6=True)
+
Code Review / vpp.git / blobdiff