test/test_ipsec_tun_if_esp.py

   1 import unittest
   2 import socket
   3 import copy
   4 from scapy.layers.ipsec import ESP
   5 from framework import VppTestRunner
   6 from template_ipsec import TemplateIpsec, IpsecTun4Tests, IpsecTun6Tests, \
   7     IpsecTun4, IpsecTun6,  IpsecTcpTests,  config_tun_params
   8 from vpp_ipsec_tun_interface import VppIpsecTunInterface
   9 from vpp_ip_route import VppIpRoute, VppRoutePath, DpoProto
  10
  11
  12 class TemplateIpsec4TunIfEsp(TemplateIpsec):
  13     """ IPsec tunnel interface tests """
  14
  15     encryption_type = ESP
  16
  17     def setUp(self):
  18         super(TemplateIpsec4TunIfEsp, self).setUp()
  19
  20         self.tun_if = self.pg0
  21
  22         p = self.ipv4_params
  23
  24         p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
  25                                         p.scapy_tun_spi, p.crypt_algo_vpp_id,
  26                                         p.crypt_key, p.crypt_key,
  27                                         p.auth_algo_vpp_id, p.auth_key,
  28                                         p.auth_key)
  29         p.tun_if.add_vpp_config()
  30         p.tun_if.admin_up()
  31         p.tun_if.config_ip4()
  32         p.tun_if.config_ip6()
  33
  34         VppIpRoute(self, p.remote_tun_if_host, 32,
  35                    [VppRoutePath(p.tun_if.remote_ip4,
  36                                  0xffffffff)]).add_vpp_config()
  37         VppIpRoute(self, p.remote_tun_if_host6, 128,
  38                    [VppRoutePath(p.tun_if.remote_ip6,
  39                                  0xffffffff,
  40                                  proto=DpoProto.DPO_PROTO_IP6)],
  41                    is_ip6=1).add_vpp_config()
  42
  43     def tearDown(self):
  44         if not self.vpp_dead:
  45             self.vapi.cli("show hardware")
  46         super(TemplateIpsec4TunIfEsp, self).tearDown()
  47
  48
  49 class TestIpsec4TunIfEsp1(TemplateIpsec4TunIfEsp, IpsecTun4Tests):
  50     """ Ipsec ESP - TUN tests """
  51     tun4_encrypt_node_name = "esp4-encrypt"
  52     tun4_decrypt_node_name = "esp4-decrypt"
  53
  54     def test_tun_basic64(self):
  55         """ ipsec 6o4 tunnel basic test """
  56         self.verify_tun_64(self.params[socket.AF_INET], count=1)
  57
  58     def test_tun_burst64(self):
  59         """ ipsec 6o4 tunnel basic test """
  60         self.verify_tun_64(self.params[socket.AF_INET], count=257)
  61
  62     def test_tun_basic_frag44(self):
  63         """ ipsec 4o4 tunnel frag basic test """
  64         p = self.ipv4_params
  65
  66         self.vapi.sw_interface_set_mtu(p.tun_if.sw_if_index,
  67                                        [1500, 0, 0, 0])
  68         self.verify_tun_44(self.params[socket.AF_INET],
  69                            count=1, payload_size=1800, n_rx=2)
  70         self.vapi.sw_interface_set_mtu(p.tun_if.sw_if_index,
  71                                        [9000, 0, 0, 0])
  72
  73
  74 class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests):
  75     """ Ipsec ESP - TCP tests """
  76     pass
  77
  78
  79 class TemplateIpsec6TunIfEsp(TemplateIpsec):
  80     """ IPsec tunnel interface tests """
  81
  82     encryption_type = ESP
  83
  84     def setUp(self):
  85         super(TemplateIpsec6TunIfEsp, self).setUp()
  86
  87         self.tun_if = self.pg0
  88
  89         p = self.ipv6_params
  90         tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
  91                                       p.scapy_tun_spi, p.crypt_algo_vpp_id,
  92                                       p.crypt_key, p.crypt_key,
  93                                       p.auth_algo_vpp_id, p.auth_key,
  94                                       p.auth_key, is_ip6=True)
  95         tun_if.add_vpp_config()
  96         tun_if.admin_up()
  97         tun_if.config_ip6()
  98         tun_if.config_ip4()
  99
 100         VppIpRoute(self, p.remote_tun_if_host, 128,
 101                    [VppRoutePath(tun_if.remote_ip6,
 102                                  0xffffffff,
 103                                  proto=DpoProto.DPO_PROTO_IP6)],
 104                    is_ip6=1).add_vpp_config()
 105         VppIpRoute(self, p.remote_tun_if_host4, 32,
 106                    [VppRoutePath(tun_if.remote_ip4,
 107                                  0xffffffff)]).add_vpp_config()
 108
 109     def tearDown(self):
 110         if not self.vpp_dead:
 111             self.vapi.cli("show hardware")
 112         super(TemplateIpsec6TunIfEsp, self).tearDown()
 113
 114
 115 class TestIpsec6TunIfEsp1(TemplateIpsec6TunIfEsp, IpsecTun6Tests):
 116     """ Ipsec ESP - TUN tests """
 117     tun6_encrypt_node_name = "esp6-encrypt"
 118     tun6_decrypt_node_name = "esp6-decrypt"
 119
 120     def test_tun_basic46(self):
 121         """ ipsec 4o6 tunnel basic test """
 122         self.verify_tun_46(self.params[socket.AF_INET6], count=1)
 123
 124     def test_tun_burst46(self):
 125         """ ipsec 4o6 tunnel burst test """
 126         self.verify_tun_46(self.params[socket.AF_INET6], count=257)
 127
 128
 129 class TestIpsec4MultiTunIfEsp(TemplateIpsec, IpsecTun4):
 130     """ IPsec IPv4 Multi Tunnel interface """
 131
 132     encryption_type = ESP
 133     tun4_encrypt_node_name = "esp4-encrypt"
 134     tun4_decrypt_node_name = "esp4-decrypt"
 135
 136     def setUp(self):
 137         super(TestIpsec4MultiTunIfEsp, self).setUp()
 138
 139         self.tun_if = self.pg0
 140
 141         self.multi_params = []
 142
 143         for ii in range(10):
 144             p = copy.copy(self.ipv4_params)
 145
 146             p.remote_tun_if_host = "1.1.1.%d" % (ii + 1)
 147             p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
 148             p.scapy_tun_spi = p.scapy_tun_spi + ii
 149             p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
 150             p.vpp_tun_spi = p.vpp_tun_spi + ii
 151
 152             p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
 153             p.scapy_tra_spi = p.scapy_tra_spi + ii
 154             p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
 155             p.vpp_tra_spi = p.vpp_tra_spi + ii
 156
 157             config_tun_params(p, self.encryption_type, self.tun_if)
 158             self.multi_params.append(p)
 159
 160             p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
 161                                             p.scapy_tun_spi,
 162                                             p.crypt_algo_vpp_id,
 163                                             p.crypt_key, p.crypt_key,
 164                                             p.auth_algo_vpp_id, p.auth_key,
 165                                             p.auth_key)
 166             p.tun_if.add_vpp_config()
 167             p.tun_if.admin_up()
 168             p.tun_if.config_ip4()
 169
 170             VppIpRoute(self, p.remote_tun_if_host, 32,
 171                        [VppRoutePath(p.tun_if.remote_ip4,
 172                                      0xffffffff)]).add_vpp_config()
 173
 174     def tearDown(self):
 175         if not self.vpp_dead:
 176             self.vapi.cli("show hardware")
 177         super(TestIpsec4MultiTunIfEsp, self).tearDown()
 178
 179     def test_tun_44(self):
 180         """Multiple IPSEC tunnel interfaces """
 181         for p in self.multi_params:
 182             self.verify_tun_44(p, count=127)
 183             c = p.tun_if.get_rx_stats()
 184             self.assertEqual(c['packets'], 127)
 185             c = p.tun_if.get_tx_stats()
 186             self.assertEqual(c['packets'], 127)
 187
 188
 189 class TestIpsec6MultiTunIfEsp(TemplateIpsec, IpsecTun6):
 190     """ IPsec IPv6 Multi Tunnel interface """
 191
 192     encryption_type = ESP
 193     tun6_encrypt_node_name = "esp6-encrypt"
 194     tun6_decrypt_node_name = "esp6-decrypt"
 195
 196     def setUp(self):
 197         super(TestIpsec6MultiTunIfEsp, self).setUp()
 198
 199         self.tun_if = self.pg0
 200
 201         self.multi_params = []
 202
 203         for ii in range(10):
 204             p = copy.copy(self.ipv6_params)
 205
 206             p.remote_tun_if_host = "1111::%d" % (ii + 1)
 207             p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
 208             p.scapy_tun_spi = p.scapy_tun_spi + ii
 209             p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
 210             p.vpp_tun_spi = p.vpp_tun_spi + ii
 211
 212             p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
 213             p.scapy_tra_spi = p.scapy_tra_spi + ii
 214             p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
 215             p.vpp_tra_spi = p.vpp_tra_spi + ii
 216
 217             config_tun_params(p, self.encryption_type, self.tun_if)
 218             self.multi_params.append(p)
 219
 220             p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
 221                                             p.scapy_tun_spi,
 222                                             p.crypt_algo_vpp_id,
 223                                             p.crypt_key, p.crypt_key,
 224                                             p.auth_algo_vpp_id, p.auth_key,
 225                                             p.auth_key, is_ip6=True)
 226             p.tun_if.add_vpp_config()
 227             p.tun_if.admin_up()
 228             p.tun_if.config_ip6()
 229
 230             VppIpRoute(self, p.remote_tun_if_host, 128,
 231                        [VppRoutePath(p.tun_if.remote_ip6,
 232                                      0xffffffff,
 233                                      proto=DpoProto.DPO_PROTO_IP6)],
 234                        is_ip6=1).add_vpp_config()
 235
 236     def tearDown(self):
 237         if not self.vpp_dead:
 238             self.vapi.cli("show hardware")
 239         super(TestIpsec6MultiTunIfEsp, self).tearDown()
 240
 241     def test_tun_66(self):
 242         """Multiple IPSEC tunnel interfaces """
 243         for p in self.multi_params:
 244             self.verify_tun_66(p, count=127)
 245             c = p.tun_if.get_rx_stats()
 246             self.assertEqual(c['packets'], 127)
 247             c = p.tun_if.get_tx_stats()
 248             self.assertEqual(c['packets'], 127)
 249
 250
 251 if __name__ == '__main__':
 252     unittest.main(testRunner=VppTestRunner)