X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ipsec_tun_if_esp.py;h=38d0dc3dde5df695cf948aa946bf3e8731f239d2;hb=5035bf04130a35b76f6b49f450e27d02bafb9dab;hp=61a66d40a4e7afeaf0ab2b1ed32ce07e9bfac637;hpb=76a1d0580a4b05d7908e0b05bf6ceb974703f96d;p=vpp.git diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py index 61a66d40a4e..38d0dc3dde5 100644 --- a/test/test_ipsec_tun_if_esp.py +++ b/test/test_ipsec_tun_if_esp.py @@ -70,7 +70,7 @@ def config_tun_params(p, encryption_type, tun_if, src=None, dst=None): p.scapy_tun_sa = SecurityAssociation( encryption_type, - spi=p.vpp_tun_spi, + spi=p.scapy_tun_spi, crypt_algo=p.crypt_algo, crypt_key=crypt_key, auth_algo=p.auth_algo, @@ -81,7 +81,7 @@ def config_tun_params(p, encryption_type, tun_if, src=None, dst=None): ) p.vpp_tun_sa = SecurityAssociation( encryption_type, - spi=p.scapy_tun_spi, + spi=p.vpp_tun_spi, crypt_algo=p.crypt_algo, crypt_key=crypt_key, auth_algo=p.auth_algo, @@ -114,7 +114,7 @@ def config_tra_params(p, encryption_type, tun_if): p.scapy_tun_sa = SecurityAssociation( encryption_type, - spi=p.vpp_tun_spi, + spi=p.scapy_tun_spi, crypt_algo=p.crypt_algo, crypt_key=crypt_key, auth_algo=p.auth_algo, @@ -124,7 +124,7 @@ def config_tra_params(p, encryption_type, tun_if): ) p.vpp_tun_sa = SecurityAssociation( encryption_type, - spi=p.scapy_tun_spi, + spi=p.vpp_tun_spi, crypt_algo=p.crypt_algo, crypt_key=crypt_key, auth_algo=p.auth_algo, @@ -147,8 +147,8 @@ class TemplateIpsec4TunProtect(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -160,8 +160,8 @@ class TemplateIpsec4TunProtect(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -176,8 +176,8 @@ class TemplateIpsec4TunProtect(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -191,8 +191,8 @@ class TemplateIpsec4TunProtect(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -300,7 +300,7 @@ class TemplateIpsec4TunIfEspUdp(TemplateIpsec4TunProtect, TemplateIpsec): # which strips them self.assertTrue(rx.haslayer(UDP)) self.assert_equal(rx[UDP].sport, p.nat_header.sport) - self.assert_equal(rx[UDP].dport, 4500) + self.assert_equal(rx[UDP].dport, p.nat_header.dport) pkt = sa.decrypt(rx[IP]) if not pkt.haslayer(IP): @@ -322,8 +322,8 @@ class TemplateIpsec4TunIfEspUdp(TemplateIpsec4TunProtect, TemplateIpsec): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -337,14 +337,15 @@ class TemplateIpsec4TunIfEspUdp(TemplateIpsec4TunProtect, TemplateIpsec): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, p.crypt_key, self.vpp_esp_protocol, - flags=p.flags, + flags=p.flags + | VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_IS_INBOUND, udp_src=p.nat_header.sport, udp_dst=p.nat_header.dport, ) @@ -429,6 +430,24 @@ class TestIpsec4TunIfEspUdpGCM(TemplateIpsec4TunIfEspUdp, IpsecTun4Tests): p.salt = 0 +class TestIpsec4TunIfEspUdpUpdate(TemplateIpsec4TunIfEspUdp, IpsecTun4Tests): + """Ipsec ESP UDP update tests""" + + tun4_input_node = "ipsec4-tun-input" + + def setUp(self): + super(TestIpsec4TunIfEspUdpUpdate, self).setUp() + p = self.ipv4_params + p.nat_header = UDP(sport=6565, dport=7676) + config_tun_params(p, self.encryption_type, p.tun_if) + p.tun_sa_in.update_vpp_config( + udp_src=p.nat_header.dport, udp_dst=p.nat_header.sport + ) + p.tun_sa_out.update_vpp_config( + udp_src=p.nat_header.sport, udp_dst=p.nat_header.dport + ) + + class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests): """Ipsec ESP - TCP tests""" @@ -443,8 +462,8 @@ class TemplateIpsec6TunProtect(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -455,8 +474,8 @@ class TemplateIpsec6TunProtect(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -470,8 +489,8 @@ class TemplateIpsec6TunProtect(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -484,8 +503,8 @@ class TemplateIpsec6TunProtect(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -583,7 +602,7 @@ class TemplateIpsec6TunIfEspUdp(TemplateIpsec6TunProtect, TemplateIpsec): # which strips them self.assertTrue(rx.haslayer(UDP)) self.assert_equal(rx[UDP].sport, p.nat_header.sport) - self.assert_equal(rx[UDP].dport, 4500) + self.assert_equal(rx[UDP].dport, p.nat_header.dport) pkt = sa.decrypt(rx[IP]) if not pkt.haslayer(IP): @@ -607,8 +626,8 @@ class TemplateIpsec6TunIfEspUdp(TemplateIpsec6TunProtect, TemplateIpsec): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -622,14 +641,15 @@ class TemplateIpsec6TunIfEspUdp(TemplateIpsec6TunProtect, TemplateIpsec): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, p.crypt_key, self.vpp_esp_protocol, - flags=p.flags, + flags=p.flags + | VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_IS_INBOUND, udp_src=p.nat_header.sport, udp_dst=p.nat_header.dport, ) @@ -986,8 +1006,8 @@ class TestIpsec4TunIfEspAll(TemplateIpsec4TunProtect, TemplateIpsec, IpsecTun4): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -998,8 +1018,8 @@ class TestIpsec4TunIfEspAll(TemplateIpsec4TunProtect, TemplateIpsec, IpsecTun4): ) p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1292,8 +1312,8 @@ class TestIpsecGreTebIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1306,8 +1326,8 @@ class TestIpsecGreTebIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1427,8 +1447,8 @@ class TestIpsecGreTebVlanIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1441,8 +1461,8 @@ class TestIpsecGreTebVlanIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1551,8 +1571,8 @@ class TestIpsecGreTebIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1563,8 +1583,8 @@ class TestIpsecGreTebIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1675,8 +1695,8 @@ class TestIpsecGreTebUdpIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1690,8 +1710,8 @@ class TestIpsecGreTebUdpIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1799,8 +1819,8 @@ class TestIpsecGreIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1813,8 +1833,8 @@ class TestIpsecGreIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1918,8 +1938,8 @@ class TestIpsecGreIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1930,8 +1950,8 @@ class TestIpsecGreIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2036,8 +2056,8 @@ class TestIpsecGre6IfEspTra(TemplateIpsec, IpsecTun6Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2048,8 +2068,8 @@ class TestIpsecGre6IfEspTra(TemplateIpsec, IpsecTun6Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2175,8 +2195,8 @@ class TestIpsecMGreIfEspTra4(TemplateIpsec, IpsecTun4): p.vpp_tra_spi = p.vpp_tra_spi + ii p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2187,8 +2207,8 @@ class TestIpsecMGreIfEspTra4(TemplateIpsec, IpsecTun4): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2332,8 +2352,8 @@ class TestIpsecMGreIfEspTra6(TemplateIpsec, IpsecTun6): p.vpp_tra_spi = p.vpp_tra_spi + ii p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2344,8 +2364,8 @@ class TestIpsecMGreIfEspTra6(TemplateIpsec, IpsecTun6): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2933,8 +2953,8 @@ class TemplateIpsecItf4(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2948,8 +2968,8 @@ class TemplateIpsecItf4(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2957,7 +2977,8 @@ class TemplateIpsecItf4(object): self.vpp_esp_protocol, dst, src, - flags=p.flags, + flags=p.flags + | VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_IS_INBOUND, ) p.tun_sa_in.add_vpp_config() @@ -3063,6 +3084,20 @@ class TestIpsecItf4(TemplateIpsec, TemplateIpsecItf4, IpsecTun4): self.tun4_encrypt_node_name = "esp4-encrypt-tun" + # update the SA tunnel + config_tun_params( + p, self.encryption_type, None, self.pg2.local_ip4, self.pg2.remote_ip4 + ) + p.tun_sa_in.update_vpp_config( + is_tun=True, tun_src=self.pg2.remote_ip4, tun_dst=self.pg2.local_ip4 + ) + p.tun_sa_out.update_vpp_config( + is_tun=True, tun_src=self.pg2.local_ip4, tun_dst=self.pg2.remote_ip4 + ) + self.verify_tun_44(p, count=n_pkts) + self.assertEqual(p.tun_if.get_rx_stats(), 5 * n_pkts) + self.assertEqual(p.tun_if.get_tx_stats(), 4 * n_pkts) + self.vapi.cli("clear interfaces") # rekey - create new SAs and update the tunnel protection @@ -3263,8 +3298,8 @@ class TemplateIpsecItf6(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -3280,8 +3315,8 @@ class TemplateIpsecItf6(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -3575,8 +3610,8 @@ class TestIpsecMIfEsp4(TemplateIpsec, IpsecTun4): p.hop_limit = ii + 10 p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -3591,8 +3626,8 @@ class TestIpsecMIfEsp4(TemplateIpsec, IpsecTun4): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id,