X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ipsec_nat.py;h=d97fb791cf5f6cb8114167a1e13b6b7d584acc1e;hb=d0aed2eb3;hp=89418b108e219c94ed0823a50edd3a1efe8e8b81;hpb=bf613955cacbce7e0b0ae3b25755f65abefc2ec0;p=vpp.git diff --git a/test/test_ipsec_nat.py b/test/test_ipsec_nat.py index 89418b108e2..d97fb791cf5 100644 --- a/test/test_ipsec_nat.py +++ b/test/test_ipsec_nat.py @@ -2,15 +2,18 @@ import socket +import scapy.compat from scapy.layers.l2 import Ether from scapy.layers.inet import ICMP, IP, TCP, UDP from scapy.layers.ipsec import SecurityAssociation, ESP + from util import ppp, ppc from template_ipsec import TemplateIpsec from vpp_ipsec import VppIpsecSA, VppIpsecSpd, VppIpsecSpdEntry,\ VppIpsecSpdItfBinding from vpp_ip_route import VppIpRoute, VppRoutePath from vpp_ip import DpoProto +from vpp_papi import VppEnum class IPSecNATTestCase(TemplateIpsec): @@ -35,6 +38,14 @@ class IPSecNATTestCase(TemplateIpsec): icmp_id_in = 6305 icmp_id_out = 6305 + @classmethod + def setUpClass(cls): + super(IPSecNATTestCase, cls).setUpClass() + + @classmethod + def tearDownClass(cls): + super(IPSecNATTestCase, cls).tearDownClass() + def setUp(self): super(IPSecNATTestCase, self).setUp() self.tun_if = self.pg0 @@ -125,9 +136,9 @@ class IPSecNATTestCase(TemplateIpsec): def verify_capture_encrypted(self, capture, sa): for packet in capture: try: - copy = packet.__class__(str(packet)) + copy = packet.__class__(scapy.compat.raw(packet)) del copy[UDP].len - copy = packet.__class__(str(copy)) + copy = packet.__class__(scapy.compat.raw(copy)) self.assert_equal(packet[UDP].len, copy[UDP].len, "UDP header length") self.assert_packet_checksums_valid(packet) @@ -155,6 +166,9 @@ class IPSecNATTestCase(TemplateIpsec): crypt_key = params.crypt_key addr_any = params.addr_any addr_bcast = params.addr_bcast + flags = (VppEnum.vl_api_ipsec_sad_flags_t. + IPSEC_API_SAD_FLAG_UDP_ENCAP) + e = VppEnum.vl_api_ipsec_spd_action_t VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, auth_algo_vpp_id, auth_key, @@ -162,14 +176,14 @@ class IPSecNATTestCase(TemplateIpsec): self.vpp_esp_protocol, self.pg1.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], - udp_encap=1).add_vpp_config() + flags=flags).add_vpp_config() VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.remote_addr[addr_type], self.pg1.remote_addr[addr_type], - udp_encap=1).add_vpp_config() + flags=flags).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, addr_any, addr_bcast, @@ -198,14 +212,16 @@ class IPSecNATTestCase(TemplateIpsec): self.tun_if.remote_addr[addr_type], self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], - 0, priority=10, policy=3, + 0, priority=10, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], - 0, priority=10, policy=3).add_vpp_config() + 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, + priority=10).add_vpp_config() def test_ipsec_nat_tun(self): """ IPSec/NAT tunnel test case """