X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blobdiff_plain;f=test%2Ftest_ipsec_esp.py;h=ed9d0d9d4ce782e1f45925a46be47e08c531bc8e;hp=58d159a721330f2eaa9ea27cbc7909aba43b011d;hb=b4d3053;hpb=31da2e30317bc1fcb4586e1dc0d560600d9b29d3 diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 58d159a7213..ed9d0d9d4ce 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -36,8 +36,6 @@ class TemplateIpsecEsp(TemplateIpsec): --- decrypt --- plain --- |pg0| -------> |VPP| ------> |pg1| --- --- --- - - Note : IPv6 is not covered """ encryption_type = ESP @@ -48,108 +46,142 @@ class TemplateIpsecEsp(TemplateIpsec): cls.tun_if = cls.pg0 cls.tra_if = cls.pg2 cls.logger.info(cls.vapi.ppcli("show int addr")) - cls.config_esp_tra() - cls.logger.info(cls.vapi.ppcli("show ipsec")) - cls.config_esp_tun() + cls.vapi.ipsec_spd_add_del(cls.tra_spd_id) + cls.vapi.ipsec_interface_add_del_spd(cls.tra_spd_id, + cls.tra_if.sw_if_index) + for _, p in cls.params.items(): + cls.config_esp_tra(p) cls.logger.info(cls.vapi.ppcli("show ipsec")) - src4 = socket.inet_pton(socket.AF_INET, cls.remote_tun_if_host) - cls.vapi.ip_add_del_route(src4, 32, cls.tun_if.remote_ip4n) - - @classmethod - def config_esp_tun(cls): - cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tun_sa_id, - cls.scapy_tun_spi, - cls.auth_algo_vpp_id, cls.auth_key, - cls.crypt_algo_vpp_id, - cls.crypt_key, cls.vpp_esp_protocol, - cls.tun_if.local_ip4n, - cls.tun_if.remote_ip4n) - cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tun_sa_id, - cls.vpp_tun_spi, - cls.auth_algo_vpp_id, cls.auth_key, - cls.crypt_algo_vpp_id, - cls.crypt_key, cls.vpp_esp_protocol, - cls.tun_if.remote_ip4n, - cls.tun_if.local_ip4n) cls.vapi.ipsec_spd_add_del(cls.tun_spd_id) cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id, cls.tun_if.sw_if_index) - l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET, - "0.0.0.0") - l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET, - "255.255.255.255") - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id, + for _, p in cls.params.items(): + cls.config_esp_tun(p) + cls.logger.info(cls.vapi.ppcli("show ipsec")) + for _, p in cls.params.items(): + src = socket.inet_pton(p.addr_type, p.remote_tun_if_host) + cls.vapi.ip_add_del_route( + src, p.addr_len, cls.tun_if.remote_addr_n[p.addr_type], + is_ipv6=p.is_ipv6) + + @classmethod + def config_esp_tun(cls, params): + addr_type = params.addr_type + is_ipv6 = params.is_ipv6 + scapy_tun_sa_id = params.scapy_tun_sa_id + scapy_tun_spi = params.scapy_tun_spi + vpp_tun_sa_id = params.vpp_tun_sa_id + vpp_tun_spi = params.vpp_tun_spi + auth_algo_vpp_id = params.auth_algo_vpp_id + auth_key = params.auth_key + crypt_algo_vpp_id = params.crypt_algo_vpp_id + crypt_key = params.crypt_key + remote_tun_if_host = params.remote_tun_if_host + addr_any = params.addr_any + addr_bcast = params.addr_bcast + cls.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi, + auth_algo_vpp_id, auth_key, + crypt_algo_vpp_id, crypt_key, + cls.vpp_esp_protocol, + cls.tun_if.local_addr_n[addr_type], + cls.tun_if.remote_addr_n[addr_type], + is_tunnel=1, is_tunnel_ipv6=is_ipv6) + cls.vapi.ipsec_sad_add_del_entry(vpp_tun_sa_id, vpp_tun_spi, + auth_algo_vpp_id, auth_key, + crypt_algo_vpp_id, crypt_key, + cls.vpp_esp_protocol, + cls.tun_if.remote_addr_n[addr_type], + cls.tun_if.local_addr_n[addr_type], + is_tunnel=1, is_tunnel_ipv6=is_ipv6) + l_startaddr = r_startaddr = socket.inet_pton(addr_type, addr_any) + l_stopaddr = r_stopaddr = socket.inet_pton(addr_type, addr_bcast) + cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id, l_startaddr, l_stopaddr, r_startaddr, - r_stopaddr, + r_stopaddr, is_ipv6=is_ipv6, protocol=socket.IPPROTO_ESP) - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id, + cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id, l_startaddr, l_stopaddr, r_startaddr, r_stopaddr, is_outbound=0, - protocol=socket.IPPROTO_ESP) - l_startaddr = l_stopaddr = socket.inet_pton(socket.AF_INET, - cls.remote_tun_if_host) - r_startaddr = r_stopaddr = cls.pg1.remote_ip4n - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id, + protocol=socket.IPPROTO_ESP, + is_ipv6=is_ipv6) + l_startaddr = l_stopaddr = socket.inet_pton(addr_type, + remote_tun_if_host) + r_startaddr = r_stopaddr = cls.pg1.remote_addr_n[addr_type] + cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, vpp_tun_sa_id, l_startaddr, l_stopaddr, r_startaddr, r_stopaddr, priority=10, policy=3, - is_outbound=0) - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id, + is_ipv6=is_ipv6, is_outbound=0) + cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id, r_startaddr, r_stopaddr, l_startaddr, - l_stopaddr, priority=10, policy=3) - l_startaddr = l_stopaddr = socket.inet_pton(socket.AF_INET, - cls.remote_tun_if_host) - r_startaddr = r_stopaddr = cls.pg0.local_ip4n - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id, + l_stopaddr, priority=10, policy=3, + is_ipv6=is_ipv6) + l_startaddr = l_stopaddr = socket.inet_pton(addr_type, + remote_tun_if_host) + r_startaddr = r_stopaddr = cls.pg0.local_addr_n[addr_type] + cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, vpp_tun_sa_id, l_startaddr, l_stopaddr, r_startaddr, r_stopaddr, priority=20, policy=3, - is_outbound=0) - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id, + is_outbound=0, is_ipv6=is_ipv6) + cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id, r_startaddr, r_stopaddr, l_startaddr, - l_stopaddr, priority=20, policy=3) + l_stopaddr, priority=20, policy=3, + is_ipv6=is_ipv6) @classmethod - def config_esp_tra(cls): - cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tra_sa_id, - cls.scapy_tra_spi, - cls.auth_algo_vpp_id, cls.auth_key, - cls.crypt_algo_vpp_id, - cls.crypt_key, cls.vpp_esp_protocol, - is_tunnel=0) - cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tra_sa_id, - cls.vpp_tra_spi, - cls.auth_algo_vpp_id, cls.auth_key, - cls.crypt_algo_vpp_id, - cls.crypt_key, cls.vpp_esp_protocol, - is_tunnel=0) - cls.vapi.ipsec_spd_add_del(cls.tra_spd_id) - cls.vapi.ipsec_interface_add_del_spd(cls.tra_spd_id, - cls.tra_if.sw_if_index) - l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET, - "0.0.0.0") - l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET, - "255.255.255.255") - cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id, + def config_esp_tra(cls, params): + addr_type = params.addr_type + is_ipv6 = params.is_ipv6 + scapy_tra_sa_id = params.scapy_tra_sa_id + scapy_tra_spi = params.scapy_tra_spi + vpp_tra_sa_id = params.vpp_tra_sa_id + vpp_tra_spi = params.vpp_tra_spi + auth_algo_vpp_id = params.auth_algo_vpp_id + auth_key = params.auth_key + crypt_algo_vpp_id = params.crypt_algo_vpp_id + crypt_key = params.crypt_key + addr_any = params.addr_any + addr_bcast = params.addr_bcast + cls.vapi.ipsec_sad_add_del_entry(scapy_tra_sa_id, scapy_tra_spi, + auth_algo_vpp_id, auth_key, + crypt_algo_vpp_id, crypt_key, + cls.vpp_esp_protocol, is_tunnel=0) + cls.vapi.ipsec_sad_add_del_entry(vpp_tra_sa_id, vpp_tra_spi, + auth_algo_vpp_id, auth_key, + crypt_algo_vpp_id, crypt_key, + cls.vpp_esp_protocol, is_tunnel=0) + l_startaddr = r_startaddr = socket.inet_pton(addr_type, addr_any) + l_stopaddr = r_stopaddr = socket.inet_pton(addr_type, addr_bcast) + cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id, l_startaddr, l_stopaddr, r_startaddr, - r_stopaddr, + r_stopaddr, is_ipv6=is_ipv6, protocol=socket.IPPROTO_ESP) - cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id, + cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id, l_startaddr, l_stopaddr, r_startaddr, r_stopaddr, is_outbound=0, + is_ipv6=is_ipv6, protocol=socket.IPPROTO_ESP) - l_startaddr = l_stopaddr = cls.tra_if.local_ip4n - r_startaddr = r_stopaddr = cls.tra_if.remote_ip4n - cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id, + l_startaddr = l_stopaddr = cls.tra_if.local_addr_n[addr_type] + r_startaddr = r_stopaddr = cls.tra_if.remote_addr_n[addr_type] + cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, vpp_tra_sa_id, l_startaddr, l_stopaddr, r_startaddr, r_stopaddr, priority=10, policy=3, - is_outbound=0) - cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.scapy_tra_sa_id, + is_outbound=0, is_ipv6=is_ipv6) + cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, scapy_tra_sa_id, l_startaddr, l_stopaddr, r_startaddr, - r_stopaddr, priority=10, policy=3) + r_stopaddr, priority=10, policy=3, + is_ipv6=is_ipv6) class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests): """ Ipsec ESP - TUN & TRA tests """ - pass + tra4_encrypt_node_name = "esp4-encrypt" + tra4_decrypt_node_name = "esp4-decrypt" + tra6_encrypt_node_name = "esp6-encrypt" + tra6_decrypt_node_name = "esp6-decrypt" + tun4_encrypt_node_name = "esp4-encrypt" + tun4_decrypt_node_name = "esp4-decrypt" + tun6_encrypt_node_name = "esp6-encrypt" + tun6_decrypt_node_name = "esp6-decrypt" class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):