from framework import VppTestCase, VppTestRunner
from util import ppp
+from vpp_papi import VppEnum
class IPsecIPv4Params(object):
+
addr_type = socket.AF_INET
addr_any = "0.0.0.0"
addr_bcast = "255.255.255.255"
addr_len = 32
is_ipv6 = 0
- remote_tun_if_host = '1.1.1.1'
- scapy_tun_sa_id = 10
- scapy_tun_spi = 1001
- vpp_tun_sa_id = 20
- vpp_tun_spi = 1000
+ def __init__(self):
+ self.remote_tun_if_host = '1.1.1.1'
+
+ self.scapy_tun_sa_id = 10
+ self.scapy_tun_spi = 1001
+ self.vpp_tun_sa_id = 20
+ self.vpp_tun_spi = 1000
- scapy_tra_sa_id = 30
- scapy_tra_spi = 2001
- vpp_tra_sa_id = 40
- vpp_tra_spi = 2000
+ self.scapy_tra_sa_id = 30
+ self.scapy_tra_spi = 2001
+ self.vpp_tra_sa_id = 40
+ self.vpp_tra_spi = 2000
- auth_algo_vpp_id = 2 # internal VPP enum value for SHA1_96
- auth_algo = 'HMAC-SHA1-96' # scapy name
- auth_key = 'C91KUR9GYMm5GfkEvNjX'
+ self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96)
+ self.auth_algo = 'HMAC-SHA1-96' # scapy name
+ self.auth_key = 'C91KUR9GYMm5GfkEvNjX'
- crypt_algo_vpp_id = 1 # internal VPP enum value for AES_CBC_128
- crypt_algo = 'AES-CBC' # scapy name
- crypt_key = 'JPjyOWBeVEQiMe7h'
+ self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_128)
+ self.crypt_algo = 'AES-CBC' # scapy name
+ self.crypt_key = 'JPjyOWBeVEQiMe7h'
class IPsecIPv6Params(object):
+
addr_type = socket.AF_INET6
addr_any = "0::0"
addr_bcast = "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
addr_len = 128
is_ipv6 = 1
- remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
- scapy_tun_sa_id = 50
- scapy_tun_spi = 3001
- vpp_tun_sa_id = 60
- vpp_tun_spi = 3000
+ def __init__(self):
+ self.remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
- scapy_tra_sa_id = 70
- scapy_tra_spi = 4001
- vpp_tra_sa_id = 80
- vpp_tra_spi = 4000
+ self.scapy_tun_sa_id = 50
+ self.scapy_tun_spi = 3001
+ self.vpp_tun_sa_id = 60
+ self.vpp_tun_spi = 3000
- auth_algo_vpp_id = 4 # internal VPP enum value for SHA_256_128
- auth_algo = 'SHA2-256-128' # scapy name
- auth_key = 'C91KUR9GYMm5GfkEvNjX'
+ self.scapy_tra_sa_id = 70
+ self.scapy_tra_spi = 4001
+ self.vpp_tra_sa_id = 80
+ self.vpp_tra_spi = 4000
- crypt_algo_vpp_id = 3 # internal VPP enum value for AES_CBC_256
- crypt_algo = 'AES-CBC' # scapy name
- crypt_key = 'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h'
+ self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA_256_128)
+ self.auth_algo = 'SHA2-256-128' # scapy name
+ self.auth_key = 'C91KUR9GYMm5GfkEvNjX'
+
+ self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_256)
+ self.crypt_algo = 'AES-CBC' # scapy name
+ self.crypt_key = 'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h'
class TemplateIpsec(VppTestCase):
|tun_if| -------> |VPP| ------> |pg1|
------ --- ---
"""
- ipv4_params = IPsecIPv4Params()
- ipv6_params = IPsecIPv6Params()
- params = {ipv4_params.addr_type: ipv4_params,
- ipv6_params.addr_type: ipv6_params}
- payload = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ def ipsec_select_backend(self):
+ """ empty method to be overloaded when necessary """
+ pass
+
+ def setUp(self):
+ super(TemplateIpsec, self).setUp()
- tun_spd_id = 1
- tra_spd_id = 2
+ self.ipv4_params = IPsecIPv4Params()
+ self.ipv6_params = IPsecIPv6Params()
+ self.params = {self.ipv4_params.addr_type: self.ipv4_params,
+ self.ipv6_params.addr_type: self.ipv6_params}
- vpp_esp_protocol = 1
- vpp_ah_protocol = 0
+ self.payload = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
+ "XXXXXXXXXXXXXXXXXXXXX"
- @classmethod
- def ipsec_select_backend(cls):
- """ empty method to be overloaded when necessary """
- pass
+ self.tun_spd_id = 1
+ self.tra_spd_id = 2
- @classmethod
- def setUpClass(cls):
- super(TemplateIpsec, cls).setUpClass()
- cls.create_pg_interfaces(range(3))
- cls.interfaces = list(cls.pg_interfaces)
- for i in cls.interfaces:
+ self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t.
+ IPSEC_API_PROTO_ESP)
+ self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t.
+ IPSEC_API_PROTO_AH)
+
+ self.create_pg_interfaces(range(3))
+ self.interfaces = list(self.pg_interfaces)
+ for i in self.interfaces:
i.admin_up()
i.config_ip4()
i.resolve_arp()
i.config_ip6()
i.resolve_ndp()
- cls.ipsec_select_backend()
+ self.ipsec_select_backend()
def tearDown(self):
super(TemplateIpsec, self).tearDown()
+
+ for i in self.interfaces:
+ i.admin_down()
+ i.unconfig_ip4()
+ i.unconfig_ip6()
+
if not self.vpp_dead:
self.vapi.cli("show hardware")
src=self.tun_if.local_addr[params.addr_type]))
return vpp_tun_sa, scapy_tun_sa
- @classmethod
- def configure_sa_tra(cls, params):
- params.scapy_tra_sa = SecurityAssociation(cls.encryption_type,
+ def configure_sa_tra(self, params):
+ params.scapy_tra_sa = SecurityAssociation(self.encryption_type,
spi=params.vpp_tra_spi,
crypt_algo=params.crypt_algo,
crypt_key=params.crypt_key,
auth_algo=params.auth_algo,
auth_key=params.auth_key)
- params.vpp_tra_sa = SecurityAssociation(cls.encryption_type,
+ params.vpp_tra_sa = SecurityAssociation(self.encryption_type,
spi=params.scapy_tra_spi,
crypt_algo=params.crypt_algo,
crypt_key=params.crypt_key,
self.logger.info(self.vapi.ppcli("show error"))
self.logger.info(self.vapi.ppcli("show ipsec"))
+ if (hasattr(p, "spd_policy_in_any")):
+ pkts = p.spd_policy_in_any.get_stats()['packets']
+ self.assertEqual(pkts, count,
+ "incorrect SPD any policy: expected %d != %d" %
+ (count, pkts))
self.assert_packet_counter_equal(self.tun4_encrypt_node_name, count)
self.assert_packet_counter_equal(self.tun4_decrypt_node_name, count)