2017-12-11 07:11:51 -08:00
|
|
|
import socket
|
2018-04-17 11:36:55 +02:00
|
|
|
import unittest
|
2017-12-11 07:11:51 -08:00
|
|
|
|
2018-05-16 10:52:45 +02:00
|
|
|
from scapy.layers.ipsec import AH
|
2017-12-11 07:11:51 -08:00
|
|
|
|
2018-05-16 10:52:45 +02:00
|
|
|
from framework import VppTestRunner
|
|
|
|
from template_ipsec import TemplateIpsec, IpsecTraTests, IpsecTunTests
|
|
|
|
from template_ipsec import IpsecTcpTests
|
2017-12-11 07:11:51 -08:00
|
|
|
|
|
|
|
|
2018-05-16 10:52:45 +02:00
|
|
|
class TemplateIpsecAh(TemplateIpsec):
|
2017-12-11 07:11:51 -08:00
|
|
|
"""
|
|
|
|
Basic test for IPSEC using AH transport and Tunnel mode
|
|
|
|
|
|
|
|
Below 4 cases are covered as part of this test
|
|
|
|
1) ipsec ah v4 transport basic test - IPv4 Transport mode
|
|
|
|
scenario using HMAC-SHA1-96 intergrity algo
|
|
|
|
2) ipsec ah v4 transport burst test
|
|
|
|
Above test for 257 pkts
|
|
|
|
3) ipsec ah 4o4 tunnel basic test - IPv4 Tunnel mode
|
|
|
|
scenario using HMAC-SHA1-96 intergrity algo
|
|
|
|
4) ipsec ah 4o4 tunnel burst test
|
|
|
|
Above test for 257 pkts
|
|
|
|
|
|
|
|
TRANSPORT MODE:
|
|
|
|
|
|
|
|
--- encrypt ---
|
|
|
|
|pg2| <-------> |VPP|
|
|
|
|
--- decrypt ---
|
|
|
|
|
|
|
|
TUNNEL MODE:
|
|
|
|
|
|
|
|
--- encrypt --- plain ---
|
2018-05-11 11:06:09 +02:00
|
|
|
|pg0| <------- |VPP| <------ |pg1|
|
2017-12-11 07:11:51 -08:00
|
|
|
--- --- ---
|
|
|
|
|
|
|
|
--- decrypt --- plain ---
|
2018-05-11 11:06:09 +02:00
|
|
|
|pg0| -------> |VPP| ------> |pg1|
|
2017-12-11 07:11:51 -08:00
|
|
|
--- --- ---
|
|
|
|
|
|
|
|
Note : IPv6 is not covered
|
|
|
|
"""
|
|
|
|
|
2018-05-16 10:52:45 +02:00
|
|
|
encryption_type = AH
|
2017-12-11 07:11:51 -08:00
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def setUpClass(cls):
|
2018-05-16 10:52:45 +02:00
|
|
|
super(TemplateIpsecAh, cls).setUpClass()
|
|
|
|
cls.tun_if = cls.pg0
|
|
|
|
cls.tra_if = cls.pg2
|
|
|
|
cls.logger.info(cls.vapi.ppcli("show int addr"))
|
|
|
|
cls.config_ah_tra()
|
|
|
|
cls.logger.info(cls.vapi.ppcli("show ipsec"))
|
|
|
|
cls.config_ah_tun()
|
|
|
|
cls.logger.info(cls.vapi.ppcli("show ipsec"))
|
|
|
|
src4 = socket.inet_pton(socket.AF_INET, cls.remote_tun_if_host)
|
|
|
|
cls.vapi.ip_add_del_route(src4, 32, cls.tun_if.remote_ip4n)
|
2017-12-11 07:11:51 -08:00
|
|
|
|
|
|
|
@classmethod
|
2018-05-11 11:06:09 +02:00
|
|
|
def config_ah_tun(cls):
|
2018-05-16 10:52:45 +02:00
|
|
|
cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tun_sa_id,
|
|
|
|
cls.scapy_tun_spi,
|
|
|
|
cls.auth_algo_vpp_id, cls.auth_key,
|
|
|
|
cls.crypt_algo_vpp_id,
|
|
|
|
cls.crypt_key, cls.vpp_ah_protocol,
|
|
|
|
cls.tun_if.local_ip4n,
|
|
|
|
cls.tun_if.remote_ip4n)
|
|
|
|
cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tun_sa_id,
|
|
|
|
cls.vpp_tun_spi,
|
|
|
|
cls.auth_algo_vpp_id, cls.auth_key,
|
|
|
|
cls.crypt_algo_vpp_id,
|
|
|
|
cls.crypt_key, cls.vpp_ah_protocol,
|
|
|
|
cls.tun_if.remote_ip4n,
|
|
|
|
cls.tun_if.local_ip4n)
|
|
|
|
cls.vapi.ipsec_spd_add_del(cls.tun_spd_id)
|
|
|
|
cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id,
|
|
|
|
cls.tun_if.sw_if_index)
|
2018-05-11 11:06:09 +02:00
|
|
|
l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET, "0.0.0.0")
|
|
|
|
l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET,
|
|
|
|
"255.255.255.255")
|
2018-05-16 10:52:45 +02:00
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
|
|
|
|
l_startaddr, l_stopaddr, r_startaddr,
|
|
|
|
r_stopaddr,
|
|
|
|
protocol=socket.IPPROTO_AH)
|
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
|
|
|
|
l_startaddr, l_stopaddr, r_startaddr,
|
|
|
|
r_stopaddr, is_outbound=0,
|
2018-05-11 11:06:09 +02:00
|
|
|
protocol=socket.IPPROTO_AH)
|
|
|
|
l_startaddr = l_stopaddr = socket.inet_pton(socket.AF_INET,
|
2018-05-16 10:52:45 +02:00
|
|
|
cls.remote_tun_if_host)
|
|
|
|
r_startaddr = r_stopaddr = cls.pg1.remote_ip4n
|
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
|
|
|
|
l_startaddr, l_stopaddr, r_startaddr,
|
|
|
|
r_stopaddr, priority=10, policy=3,
|
|
|
|
is_outbound=0)
|
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
|
|
|
|
r_startaddr, r_stopaddr, l_startaddr,
|
|
|
|
l_stopaddr, priority=10, policy=3)
|
|
|
|
r_startaddr = r_stopaddr = cls.pg0.local_ip4n
|
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.vpp_tun_sa_id,
|
|
|
|
l_startaddr, l_stopaddr, r_startaddr,
|
|
|
|
r_stopaddr, priority=20, policy=3,
|
|
|
|
is_outbound=0)
|
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, cls.scapy_tun_sa_id,
|
|
|
|
r_startaddr, r_stopaddr, l_startaddr,
|
|
|
|
l_stopaddr, priority=20, policy=3)
|
2017-12-11 07:11:51 -08:00
|
|
|
|
|
|
|
@classmethod
|
2018-05-11 11:06:09 +02:00
|
|
|
def config_ah_tra(cls):
|
2018-05-16 10:52:45 +02:00
|
|
|
cls.vapi.ipsec_sad_add_del_entry(cls.scapy_tra_sa_id,
|
|
|
|
cls.scapy_tra_spi,
|
|
|
|
cls.auth_algo_vpp_id, cls.auth_key,
|
|
|
|
cls.crypt_algo_vpp_id,
|
|
|
|
cls.crypt_key, cls.vpp_ah_protocol,
|
|
|
|
is_tunnel=0)
|
|
|
|
cls.vapi.ipsec_sad_add_del_entry(cls.vpp_tra_sa_id,
|
|
|
|
cls.vpp_tra_spi,
|
|
|
|
cls.auth_algo_vpp_id, cls.auth_key,
|
|
|
|
cls.crypt_algo_vpp_id,
|
|
|
|
cls.crypt_key, cls.vpp_ah_protocol,
|
|
|
|
is_tunnel=0)
|
|
|
|
cls.vapi.ipsec_spd_add_del(cls.tra_spd_id)
|
|
|
|
cls.vapi.ipsec_interface_add_del_spd(cls.tra_spd_id,
|
|
|
|
cls.tra_if.sw_if_index)
|
2018-05-11 11:06:09 +02:00
|
|
|
l_startaddr = r_startaddr = socket.inet_pton(socket.AF_INET, "0.0.0.0")
|
|
|
|
l_stopaddr = r_stopaddr = socket.inet_pton(socket.AF_INET,
|
|
|
|
"255.255.255.255")
|
2018-05-16 10:52:45 +02:00
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
|
|
|
|
l_startaddr, l_stopaddr, r_startaddr,
|
|
|
|
r_stopaddr,
|
2018-05-11 11:06:09 +02:00
|
|
|
protocol=socket.IPPROTO_AH)
|
2018-05-16 10:52:45 +02:00
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.scapy_tra_sa_id,
|
|
|
|
l_startaddr, l_stopaddr, r_startaddr,
|
|
|
|
r_stopaddr, is_outbound=0,
|
|
|
|
protocol=socket.IPPROTO_AH)
|
|
|
|
l_startaddr = l_stopaddr = cls.tra_if.local_ip4n
|
|
|
|
r_startaddr = r_stopaddr = cls.tra_if.remote_ip4n
|
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.vpp_tra_sa_id,
|
|
|
|
l_startaddr, l_stopaddr, r_startaddr,
|
|
|
|
r_stopaddr, priority=10, policy=3,
|
2018-05-11 11:06:09 +02:00
|
|
|
is_outbound=0)
|
2018-05-16 10:52:45 +02:00
|
|
|
cls.vapi.ipsec_spd_add_del_entry(cls.tra_spd_id, cls.scapy_tra_sa_id,
|
|
|
|
l_startaddr, l_stopaddr, r_startaddr,
|
|
|
|
r_stopaddr, priority=10,
|
|
|
|
policy=3)
|
2017-12-11 07:11:51 -08:00
|
|
|
|
|
|
|
def tearDown(self):
|
2018-05-16 10:52:45 +02:00
|
|
|
super(TemplateIpsecAh, self).tearDown()
|
2017-12-11 07:11:51 -08:00
|
|
|
if not self.vpp_dead:
|
|
|
|
self.vapi.cli("show hardware")
|
|
|
|
|
2018-05-16 10:52:45 +02:00
|
|
|
|
|
|
|
class TestIpsecAh1(TemplateIpsecAh, IpsecTraTests, IpsecTunTests):
|
|
|
|
""" Ipsec AH - TUN & TRA tests """
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class TestIpsecAh2(TemplateIpsecAh, IpsecTcpTests):
|
|
|
|
""" Ipsec AH - TCP tests """
|
|
|
|
pass
|
2017-12-11 07:11:51 -08:00
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
unittest.main(testRunner=VppTestRunner)
|