test/test_ipsec_esp.py

   1 import socket
   2 import unittest
   3 from scapy.layers.ipsec import ESP
   4
   5 from framework import VppTestRunner
   6 from template_ipsec import IpsecTraTests, IpsecTunTests
   7 from template_ipsec import TemplateIpsec, IpsecTcpTests
   8 from vpp_ipsec import VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSA,\
   9         VppIpsecSpdItfBinding
  10 from vpp_ip_route import VppIpRoute, VppRoutePath
  11 from vpp_ip import DpoProto
  12
  13
  14 class TemplateIpsecEsp(TemplateIpsec):
  15     """
  16     Basic test for ipsec esp sanity - tunnel and transport modes.
  17
  18     Below 4 cases are covered as part of this test
  19     1) ipsec esp v4 transport basic test  - IPv4 Transport mode
  20         scenario using HMAC-SHA1-96 intergrity algo
  21     2) ipsec esp v4 transport burst test
  22         Above test for 257 pkts
  23     3) ipsec esp 4o4 tunnel basic test    - IPv4 Tunnel mode
  24         scenario using HMAC-SHA1-96 intergrity algo
  25     4) ipsec esp 4o4 tunnel burst test
  26         Above test for 257 pkts
  27
  28     TRANSPORT MODE:
  29
  30      ---   encrypt   ---
  31     |pg2| <-------> |VPP|
  32      ---   decrypt   ---
  33
  34     TUNNEL MODE:
  35
  36      ---   encrypt   ---   plain   ---
  37     |pg0| <-------  |VPP| <------ |pg1|
  38      ---             ---           ---
  39
  40      ---   decrypt   ---   plain   ---
  41     |pg0| ------->  |VPP| ------> |pg1|
  42      ---             ---           ---
  43     """
  44
  45     def setUp(self):
  46         super(TemplateIpsecEsp, self).setUp()
  47         self.encryption_type = ESP
  48         self.tun_if = self.pg0
  49         self.tra_if = self.pg2
  50         self.logger.info(self.vapi.ppcli("show int addr"))
  51
  52         self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
  53         self.tra_spd.add_vpp_config()
  54         VppIpsecSpdItfBinding(self, self.tra_spd,
  55                               self.tra_if).add_vpp_config()
  56
  57         for _, p in self.params.items():
  58             self.config_esp_tra(p)
  59             self.configure_sa_tra(p)
  60         self.logger.info(self.vapi.ppcli("show ipsec"))
  61
  62         self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
  63         self.tun_spd.add_vpp_config()
  64         VppIpsecSpdItfBinding(self, self.tun_spd,
  65                               self.tun_if).add_vpp_config()
  66
  67         for _, p in self.params.items():
  68             self.config_esp_tun(p)
  69         self.logger.info(self.vapi.ppcli("show ipsec"))
  70
  71         for _, p in self.params.items():
  72             d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4
  73             VppIpRoute(self,  p.remote_tun_if_host, p.addr_len,
  74                        [VppRoutePath(self.tun_if.remote_addr[p.addr_type],
  75                                      0xffffffff,
  76                                      proto=d)],
  77                        is_ip6=p.is_ipv6).add_vpp_config()
  78
  79     def tearDown(self):
  80         super(TemplateIpsecEsp, self).tearDown()
  81         if not self.vpp_dead:
  82             self.vapi.cli("show hardware")
  83
  84     def config_esp_tun(self, params):
  85         addr_type = params.addr_type
  86         scapy_tun_sa_id = params.scapy_tun_sa_id
  87         scapy_tun_spi = params.scapy_tun_spi
  88         vpp_tun_sa_id = params.vpp_tun_sa_id
  89         vpp_tun_spi = params.vpp_tun_spi
  90         auth_algo_vpp_id = params.auth_algo_vpp_id
  91         auth_key = params.auth_key
  92         crypt_algo_vpp_id = params.crypt_algo_vpp_id
  93         crypt_key = params.crypt_key
  94         remote_tun_if_host = params.remote_tun_if_host
  95         addr_any = params.addr_any
  96         addr_bcast = params.addr_bcast
  97
  98         VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
  99                    auth_algo_vpp_id, auth_key,
 100                    crypt_algo_vpp_id, crypt_key,
 101                    self.vpp_esp_protocol,
 102                    self.tun_if.local_addr[addr_type],
 103                    self.tun_if.remote_addr[addr_type]).add_vpp_config()
 104         VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
 105                    auth_algo_vpp_id, auth_key,
 106                    crypt_algo_vpp_id, crypt_key,
 107                    self.vpp_esp_protocol,
 108                    self.tun_if.remote_addr[addr_type],
 109                    self.tun_if.local_addr[addr_type]).add_vpp_config()
 110
 111         VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
 112                          addr_any, addr_bcast,
 113                          addr_any, addr_bcast,
 114                          socket.IPPROTO_ESP).add_vpp_config()
 115         VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
 116                          addr_any, addr_bcast,
 117                          addr_any, addr_bcast,
 118                          socket.IPPROTO_ESP,
 119                          is_outbound=0).add_vpp_config()
 120
 121         VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
 122                          remote_tun_if_host, remote_tun_if_host,
 123                          self.pg1.remote_addr[addr_type],
 124                          self.pg1.remote_addr[addr_type],
 125                          0,
 126                          priority=10, policy=3,
 127                          is_outbound=0).add_vpp_config()
 128         VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
 129                          self.pg1.remote_addr[addr_type],
 130                          self.pg1.remote_addr[addr_type],
 131                          remote_tun_if_host, remote_tun_if_host,
 132                          0,
 133                          priority=10, policy=3).add_vpp_config()
 134
 135         VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
 136                          remote_tun_if_host, remote_tun_if_host,
 137                          self.pg0.local_addr[addr_type],
 138                          self.pg0.local_addr[addr_type],
 139                          0,
 140                          priority=20, policy=3,
 141                          is_outbound=0).add_vpp_config()
 142         VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
 143                          self.pg0.local_addr[addr_type],
 144                          self.pg0.local_addr[addr_type],
 145                          remote_tun_if_host, remote_tun_if_host,
 146                          0,
 147                          priority=20, policy=3).add_vpp_config()
 148
 149     def config_esp_tra(self, params):
 150         addr_type = params.addr_type
 151         scapy_tra_sa_id = params.scapy_tra_sa_id
 152         scapy_tra_spi = params.scapy_tra_spi
 153         vpp_tra_sa_id = params.vpp_tra_sa_id
 154         vpp_tra_spi = params.vpp_tra_spi
 155         auth_algo_vpp_id = params.auth_algo_vpp_id
 156         auth_key = params.auth_key
 157         crypt_algo_vpp_id = params.crypt_algo_vpp_id
 158         crypt_key = params.crypt_key
 159         addr_any = params.addr_any
 160         addr_bcast = params.addr_bcast
 161
 162         VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
 163                    auth_algo_vpp_id, auth_key,
 164                    crypt_algo_vpp_id, crypt_key,
 165                    self.vpp_esp_protocol,
 166                    use_anti_replay=1).add_vpp_config()
 167         VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
 168                    auth_algo_vpp_id, auth_key,
 169                    crypt_algo_vpp_id, crypt_key,
 170                    self.vpp_esp_protocol,
 171                    use_anti_replay=1).add_vpp_config()
 172
 173         VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
 174                          addr_any, addr_bcast,
 175                          addr_any, addr_bcast,
 176                          socket.IPPROTO_ESP).add_vpp_config()
 177         VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
 178                          addr_any, addr_bcast,
 179                          addr_any, addr_bcast,
 180                          socket.IPPROTO_ESP,
 181                          is_outbound=0).add_vpp_config()
 182
 183         VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
 184                          self.tra_if.local_addr[addr_type],
 185                          self.tra_if.local_addr[addr_type],
 186                          self.tra_if.remote_addr[addr_type],
 187                          self.tra_if.remote_addr[addr_type],
 188                          0, priority=10, policy=3,
 189                          is_outbound=0).add_vpp_config()
 190         VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id,
 191                          self.tra_if.local_addr[addr_type],
 192                          self.tra_if.local_addr[addr_type],
 193                          self.tra_if.remote_addr[addr_type],
 194                          self.tra_if.remote_addr[addr_type],
 195                          0, priority=10, policy=3).add_vpp_config()
 196
 197
 198 class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
 199     """ Ipsec ESP - TUN & TRA tests """
 200     tra4_encrypt_node_name = "esp4-encrypt"
 201     tra4_decrypt_node_name = "esp4-decrypt"
 202     tra6_encrypt_node_name = "esp6-encrypt"
 203     tra6_decrypt_node_name = "esp6-decrypt"
 204     tun4_encrypt_node_name = "esp4-encrypt"
 205     tun4_decrypt_node_name = "esp4-decrypt"
 206     tun6_encrypt_node_name = "esp6-encrypt"
 207     tun6_decrypt_node_name = "esp6-decrypt"
 208
 209
 210 class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):
 211     """ Ipsec ESP - TCP tests """
 212     pass
 213
 214
 215 if __name__ == '__main__':
 216     unittest.main(testRunner=VppTestRunner)