test/test_ipsec_tun_if_esp.py

   1 import unittest
   2 import socket
   3 import copy
   4 from scapy.layers.ipsec import ESP
   5 from framework import VppTestRunner
   6 from template_ipsec import TemplateIpsec, IpsecTun4Tests, IpsecTun6Tests, \
   7     IpsecTun4, IpsecTun6,  IpsecTcpTests,  config_tun_params
   8 from vpp_ipsec_tun_interface import VppIpsecTunInterface
   9 from vpp_ip_route import VppIpRoute, VppRoutePath, DpoProto
  10
  11
  12 class TemplateIpsec4TunIfEsp(TemplateIpsec):
  13     """ IPsec tunnel interface tests """
  14
  15     encryption_type = ESP
  16
  17     def setUp(self):
  18         super(TemplateIpsec4TunIfEsp, self).setUp()
  19
  20         self.tun_if = self.pg0
  21
  22         p = self.ipv4_params
  23         tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
  24                                       p.scapy_tun_spi, p.crypt_algo_vpp_id,
  25                                       p.crypt_key, p.crypt_key,
  26                                       p.auth_algo_vpp_id, p.auth_key,
  27                                       p.auth_key)
  28         tun_if.add_vpp_config()
  29         tun_if.admin_up()
  30         tun_if.config_ip4()
  31         tun_if.config_ip6()
  32
  33         VppIpRoute(self, p.remote_tun_if_host, 32,
  34                    [VppRoutePath(tun_if.remote_ip4,
  35                                  0xffffffff)]).add_vpp_config()
  36         VppIpRoute(self, p.remote_tun_if_host6, 128,
  37                    [VppRoutePath(tun_if.remote_ip6,
  38                                  0xffffffff,
  39                                  proto=DpoProto.DPO_PROTO_IP6)],
  40                    is_ip6=1).add_vpp_config()
  41
  42     def tearDown(self):
  43         if not self.vpp_dead:
  44             self.vapi.cli("show hardware")
  45         super(TemplateIpsec4TunIfEsp, self).tearDown()
  46
  47
  48 class TestIpsec4TunIfEsp1(TemplateIpsec4TunIfEsp, IpsecTun4Tests):
  49     """ Ipsec ESP - TUN tests """
  50     tun4_encrypt_node_name = "esp4-encrypt"
  51     tun4_decrypt_node_name = "esp4-decrypt"
  52
  53     def test_tun_basic64(self):
  54         """ ipsec 6o4 tunnel basic test """
  55         self.verify_tun_64(self.params[socket.AF_INET], count=1)
  56
  57     def test_tun_burst64(self):
  58         """ ipsec 6o4 tunnel basic test """
  59         self.verify_tun_64(self.params[socket.AF_INET], count=257)
  60
  61
  62 class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests):
  63     """ Ipsec ESP - TCP tests """
  64     pass
  65
  66
  67 class TemplateIpsec6TunIfEsp(TemplateIpsec):
  68     """ IPsec tunnel interface tests """
  69
  70     encryption_type = ESP
  71
  72     def setUp(self):
  73         super(TemplateIpsec6TunIfEsp, self).setUp()
  74
  75         self.tun_if = self.pg0
  76
  77         p = self.ipv6_params
  78         tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
  79                                       p.scapy_tun_spi, p.crypt_algo_vpp_id,
  80                                       p.crypt_key, p.crypt_key,
  81                                       p.auth_algo_vpp_id, p.auth_key,
  82                                       p.auth_key, is_ip6=True)
  83         tun_if.add_vpp_config()
  84         tun_if.admin_up()
  85         tun_if.config_ip6()
  86         tun_if.config_ip4()
  87
  88         VppIpRoute(self, p.remote_tun_if_host, 128,
  89                    [VppRoutePath(tun_if.remote_ip6,
  90                                  0xffffffff,
  91                                  proto=DpoProto.DPO_PROTO_IP6)],
  92                    is_ip6=1).add_vpp_config()
  93         VppIpRoute(self, p.remote_tun_if_host4, 32,
  94                    [VppRoutePath(tun_if.remote_ip4,
  95                                  0xffffffff)]).add_vpp_config()
  96
  97     def tearDown(self):
  98         if not self.vpp_dead:
  99             self.vapi.cli("show hardware")
 100         super(TemplateIpsec6TunIfEsp, self).tearDown()
 101
 102
 103 class TestIpsec6TunIfEsp1(TemplateIpsec6TunIfEsp, IpsecTun6Tests):
 104     """ Ipsec ESP - TUN tests """
 105     tun6_encrypt_node_name = "esp6-encrypt"
 106     tun6_decrypt_node_name = "esp6-decrypt"
 107
 108     def test_tun_basic46(self):
 109         """ ipsec 4o6 tunnel basic test """
 110         self.verify_tun_46(self.params[socket.AF_INET6], count=1)
 111
 112     def test_tun_burst46(self):
 113         """ ipsec 4o6 tunnel burst test """
 114         self.verify_tun_46(self.params[socket.AF_INET6], count=257)
 115
 116
 117 class TestIpsec4MultiTunIfEsp(TemplateIpsec, IpsecTun4):
 118     """ IPsec IPv4 Multi Tunnel interface """
 119
 120     encryption_type = ESP
 121     tun4_encrypt_node_name = "esp4-encrypt"
 122     tun4_decrypt_node_name = "esp4-decrypt"
 123
 124     def setUp(self):
 125         super(TestIpsec4MultiTunIfEsp, self).setUp()
 126
 127         self.tun_if = self.pg0
 128
 129         self.multi_params = []
 130
 131         for ii in range(10):
 132             p = copy.copy(self.ipv4_params)
 133
 134             p.remote_tun_if_host = "1.1.1.%d" % (ii + 1)
 135             p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
 136             p.scapy_tun_spi = p.scapy_tun_spi + ii
 137             p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
 138             p.vpp_tun_spi = p.vpp_tun_spi + ii
 139
 140             p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
 141             p.scapy_tra_spi = p.scapy_tra_spi + ii
 142             p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
 143             p.vpp_tra_spi = p.vpp_tra_spi + ii
 144
 145             config_tun_params(p, self.encryption_type, self.tun_if)
 146             self.multi_params.append(p)
 147
 148             p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
 149                                             p.scapy_tun_spi,
 150                                             p.crypt_algo_vpp_id,
 151                                             p.crypt_key, p.crypt_key,
 152                                             p.auth_algo_vpp_id, p.auth_key,
 153                                             p.auth_key)
 154             p.tun_if.add_vpp_config()
 155             p.tun_if.admin_up()
 156             p.tun_if.config_ip4()
 157
 158             VppIpRoute(self, p.remote_tun_if_host, 32,
 159                        [VppRoutePath(p.tun_if.remote_ip4,
 160                                      0xffffffff)]).add_vpp_config()
 161
 162     def tearDown(self):
 163         if not self.vpp_dead:
 164             self.vapi.cli("show hardware")
 165         super(TestIpsec4MultiTunIfEsp, self).tearDown()
 166
 167     def test_tun_44(self):
 168         """Multiple IPSEC tunnel interfaces """
 169         for p in self.multi_params:
 170             self.verify_tun_44(p, count=127)
 171             c = p.tun_if.get_rx_stats()
 172             self.assertEqual(c['packets'], 127)
 173             c = p.tun_if.get_tx_stats()
 174             self.assertEqual(c['packets'], 127)
 175
 176
 177 class TestIpsec6MultiTunIfEsp(TemplateIpsec, IpsecTun6):
 178     """ IPsec IPv6 Multi Tunnel interface """
 179
 180     encryption_type = ESP
 181     tun6_encrypt_node_name = "esp6-encrypt"
 182     tun6_decrypt_node_name = "esp6-decrypt"
 183
 184     def setUp(self):
 185         super(TestIpsec6MultiTunIfEsp, self).setUp()
 186
 187         self.tun_if = self.pg0
 188
 189         self.multi_params = []
 190
 191         for ii in range(10):
 192             p = copy.copy(self.ipv6_params)
 193
 194             p.remote_tun_if_host = "1111::%d" % (ii + 1)
 195             p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
 196             p.scapy_tun_spi = p.scapy_tun_spi + ii
 197             p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
 198             p.vpp_tun_spi = p.vpp_tun_spi + ii
 199
 200             p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
 201             p.scapy_tra_spi = p.scapy_tra_spi + ii
 202             p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
 203             p.vpp_tra_spi = p.vpp_tra_spi + ii
 204
 205             config_tun_params(p, self.encryption_type, self.tun_if)
 206             self.multi_params.append(p)
 207
 208             p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
 209                                             p.scapy_tun_spi,
 210                                             p.crypt_algo_vpp_id,
 211                                             p.crypt_key, p.crypt_key,
 212                                             p.auth_algo_vpp_id, p.auth_key,
 213                                             p.auth_key, is_ip6=True)
 214             p.tun_if.add_vpp_config()
 215             p.tun_if.admin_up()
 216             p.tun_if.config_ip6()
 217
 218             VppIpRoute(self, p.remote_tun_if_host, 128,
 219                        [VppRoutePath(p.tun_if.remote_ip6,
 220                                      0xffffffff,
 221                                      proto=DpoProto.DPO_PROTO_IP6)],
 222                        is_ip6=1).add_vpp_config()
 223
 224     def tearDown(self):
 225         if not self.vpp_dead:
 226             self.vapi.cli("show hardware")
 227         super(TestIpsec6MultiTunIfEsp, self).tearDown()
 228
 229     def test_tun_66(self):
 230         """Multiple IPSEC tunnel interfaces """
 231         for p in self.multi_params:
 232             self.verify_tun_66(p, count=127)
 233             c = p.tun_if.get_rx_stats()
 234             self.assertEqual(c['packets'], 127)
 235             c = p.tun_if.get_tx_stats()
 236             self.assertEqual(c['packets'], 127)
 237
 238
 239 if __name__ == '__main__':
 240     unittest.main(testRunner=VppTestRunner)