ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

IPSEC Tests: to per-test setup and tearDown

Browse Source 
don't do the setup and teardown in class methods so that with
each test the config is added and deleted. that way we test that
delete actually removes state.
more helpful error codes from VPP for existing IPSEC state.

Change-Id: I5de1578f73b935b420d4cdd85aa98d5fdcc682f6
Signed-off-by: Neale Ranns <nranns@cisco.com>
This commit is contained in:
Neale Ranns
2019-01-23 08:16:17 -08:00
committed by Damjan Marion
parent e18b45caeb
commit 8e4a89bf42
7 changed files with 596 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
test/test_ipsec_nat.py
View File

@ -31,20 +31,19 @@ class IPSecNATTestCase(TemplateIpsec):
icmp_id_in = 6305
icmp_id_out = 6305
@classmethod
def setUpClass(cls):
super(IPSecNATTestCase, cls).setUpClass()
cls.tun_if = cls.pg0
cls.vapi.ipsec_spd_add_del(cls.tun_spd_id)
cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id,
cls.tun_if.sw_if_index)
p = cls.ipv4_params
cls.config_esp_tun(p)
cls.logger.info(cls.vapi.ppcli("show ipsec"))
def setUp(self):
super(IPSecNATTestCase, self).setUp()
self.tun_if = self.pg0
self.vapi.ipsec_spd_add_del(self.tun_spd_id)
self.vapi.ipsec_interface_add_del_spd(self.tun_spd_id,
self.tun_if.sw_if_index)
p = self.ipv4_params
self.config_esp_tun(p)
self.logger.info(self.vapi.ppcli("show ipsec"))
src = socket.inet_pton(p.addr_type, p.remote_tun_if_host)
cls.vapi.ip_add_del_route(src, p.addr_len,
cls.tun_if.remote_addr_n[p.addr_type],
is_ipv6=p.is_ipv6)
self.vapi.ip_add_del_route(src, p.addr_len,
self.tun_if.remote_addr_n[p.addr_type],
is_ipv6=p.is_ipv6)
def create_stream_plain(self, src_mac, dst_mac, src_ip, dst_ip):
return [
@ -131,8 +130,7 @@ class IPSecNATTestCase(TemplateIpsec):
ppp("Unexpected or invalid encrypted packet:", packet))
raise
@classmethod
def config_esp_tun(cls, params):
def config_esp_tun(self, params):
addr_type = params.addr_type
scapy_tun_sa_id = params.scapy_tun_sa_id
scapy_tun_spi = params.scapy_tun_spi
@ -144,50 +142,50 @@ class IPSecNATTestCase(TemplateIpsec):
crypt_key = params.crypt_key
addr_any = params.addr_any
addr_bcast = params.addr_bcast
cls.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
cls.vpp_esp_protocol,
cls.pg1.remote_addr_n[addr_type],
cls.tun_if.remote_addr_n[addr_type],
udp_encap=1)
cls.vapi.ipsec_sad_add_del_entry(vpp_tun_sa_id, vpp_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
cls.vpp_esp_protocol,
cls.tun_if.remote_addr_n[addr_type],
cls.pg1.remote_addr_n[addr_type],
udp_encap=1)
self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
self.pg1.remote_addr_n[addr_type],
self.tun_if.remote_addr_n[addr_type],
udp_encap=1)
self.vapi.ipsec_sad_add_del_entry(vpp_tun_sa_id, vpp_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
self.tun_if.remote_addr_n[addr_type],
self.pg1.remote_addr_n[addr_type],
udp_encap=1)
l_startaddr = r_startaddr = socket.inet_pton(addr_type, addr_any)
l_stopaddr = r_stopaddr = socket.inet_pton(addr_type, addr_bcast)
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr,
protocol=socket.IPPROTO_ESP)
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr, is_outbound=0,
protocol=socket.IPPROTO_ESP)
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr, remote_port_start=4500,
remote_port_stop=4500,
protocol=socket.IPPROTO_UDP)
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr, remote_port_start=4500,
remote_port_stop=4500,
protocol=socket.IPPROTO_UDP,
is_outbound=0)
l_startaddr = l_stopaddr = cls.tun_if.remote_addr_n[addr_type]
r_startaddr = r_stopaddr = cls.pg1.remote_addr_n[addr_type]
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, vpp_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr, priority=10, policy=3,
is_outbound=0)
cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id,
r_startaddr, r_stopaddr, l_startaddr,
l_stopaddr, priority=10, policy=3)
self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr,
protocol=socket.IPPROTO_ESP)
self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr, is_outbound=0,
protocol=socket.IPPROTO_ESP)
self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr, remote_port_start=4500,
remote_port_stop=4500,
protocol=socket.IPPROTO_UDP)
self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr, remote_port_start=4500,
remote_port_stop=4500,
protocol=socket.IPPROTO_UDP,
is_outbound=0)
l_startaddr = l_stopaddr = self.tun_if.remote_addr_n[addr_type]
r_startaddr = r_stopaddr = self.pg1.remote_addr_n[addr_type]
self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, vpp_tun_sa_id,
l_startaddr, l_stopaddr, r_startaddr,
r_stopaddr, priority=10, policy=3,
is_outbound=0)
self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id,
r_startaddr, r_stopaddr, l_startaddr,
l_stopaddr, priority=10, policy=3)
def test_ipsec_nat_tun(self):
""" IPSec/NAT tunnel test case """