wireguard: move adjacency processing from wireguard_peer to wireguard_interface

now we should add routes manually Type: improvement Change-Id: I877511a18854efdfad02939267d38a216b2ccec3 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
2021-05-20 12:33:52 +07:00
parent da33105973
commit de3caf37c6
8 changed files with 158 additions and 246 deletions
--- a/test/test_wireguard.py
+++ b/test/test_wireguard.py
@ -22,6 +22,7 @@ from noise.connection import NoiseConnection, Keypair

 from vpp_ipip_tun_interface import VppIpIpTunInterface
 from vpp_interface import VppInterface
+from vpp_ip_route import VppIpRoute, VppRoutePath
 from vpp_object import VppObject
 from framework import VppTestCase
 from re import compile
@ -133,14 +134,6 @@ class VppWgPeer(VppObject):

        self.noise = NoiseConnection.from_name(NOISE_HANDSHAKE_NAME)

-    def validate_routing(self):
-        for a in self.allowed_ips:
-            self._test.assertTrue(find_route(self._test, a))
-
-    def validate_no_routing(self):
-        for a in self.allowed_ips:
-            self._test.assertFalse(find_route(self._test, a))
-
    def add_vpp_config(self):
        rv = self._test.vapi.wireguard_peer_add(
            peer={
@ -154,12 +147,10 @@ class VppWgPeer(VppObject):
        self.index = rv.peer_index
        self.receiver_index = self.index + 1
        self._test.registry.register(self, self._test.logger)
-        self.validate_routing()
        return self

    def remove_vpp_config(self):
        self._test.vapi.wireguard_peer_remove(peer_index=self.index)
-        self.validate_no_routing()

    def object_id(self):
        return ("wireguard-peer-%s" % self.index)
@ -437,10 +428,13 @@ class TestWg(VppTestCase):
                           wg0,
                           self.pg1.remote_ip4,
                           port+1,
-                           ["10.11.2.0/24",
-                            "10.11.3.0/24"]).add_vpp_config()
+                           ["10.11.3.0/24"]).add_vpp_config()
        self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)

+        r1 = VppIpRoute(self, "10.11.3.0", 24,
+                        [VppRoutePath("10.11.3.1",
+                                      wg0.sw_if_index)]).add_vpp_config()
+
        # wait for the peer to send a handshake
        rx = self.pg1.get_capture(1, timeout=2)

@ -483,6 +477,10 @@ class TestWg(VppTestCase):
            self.assertEqual(rx[IP].dst, self.pg0.remote_ip4)
            self.assertEqual(rx[IP].ttl, 19)

+        r1.remove_vpp_config()
+        peer_1.remove_vpp_config()
+        wg0.remove_vpp_config()
+
    def test_wg_peer_init(self):
        """ Send handshake init """
        wg_output_node_name = '/err/wg-output-tun/'
@ -501,10 +499,13 @@ class TestWg(VppTestCase):
                           wg0,
                           self.pg1.remote_ip4,
                           port+1,
-                           ["10.11.2.0/24",
-                            "10.11.3.0/24"]).add_vpp_config()
+                           ["10.11.3.0/24"]).add_vpp_config()
        self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)

+        r1 = VppIpRoute(self, "10.11.3.0", 24,
+                        [VppRoutePath("10.11.3.1",
+                                      wg0.sw_if_index)]).add_vpp_config()
+
        # route a packet into the wg interface
        #  use the allowed-ip prefix
        #  this is dropped because the peer is not initiated
@ -597,6 +598,7 @@ class TestWg(VppTestCase):
            self.assertEqual(rx[IP].dst, self.pg0.remote_ip4)
            self.assertEqual(rx[IP].ttl, 19)

+        r1.remove_vpp_config()
        peer_1.remove_vpp_config()
        wg0.remove_vpp_config()

@ -629,17 +631,26 @@ class TestWg(VppTestCase):

        peers_1 = []
        peers_2 = []
+        routes_1 = []
+        routes_2 = []
        for i in range(NUM_PEERS):
            peers_1.append(VppWgPeer(self,
                                     wg0,
                                     self.pg1.remote_hosts[i].ip4,
                                     port+1+i,
                                     ["10.0.%d.4/32" % i]).add_vpp_config())
+            routes_1.append(VppIpRoute(self, "10.0.%d.4" % i, 32,
+                            [VppRoutePath(self.pg1.remote_hosts[i].ip4,
+                                          wg0.sw_if_index)]).add_vpp_config())
+
            peers_2.append(VppWgPeer(self,
                                     wg1,
                                     self.pg2.remote_hosts[i].ip4,
                                     port+100+i,
                                     ["10.100.%d.4/32" % i]).add_vpp_config())
+            routes_2.append(VppIpRoute(self, "10.100.%d.4" % i, 32,
+                            [VppRoutePath(self.pg2.remote_hosts[i].ip4,
+                                          wg1.sw_if_index)]).add_vpp_config())

        self.assertEqual(len(self.vapi.wireguard_peers_dump()), NUM_PEERS*2)

@ -649,6 +660,12 @@ class TestWg(VppTestCase):
        self.logger.info(self.vapi.cli("sh ip fib 172.16.3.17"))
        self.logger.info(self.vapi.cli("sh ip fib 10.11.3.0"))

+        # remove routes
+        for r in routes_1:
+            r.remove_vpp_config()
+        for r in routes_2:
+            r.remove_vpp_config()
+
        # remove peers
        for p in peers_1:
            self.assertTrue(p.query_vpp_config())
@ -687,6 +704,10 @@ class WireguardHandoffTests(TestWg):
                            "10.11.3.0/24"]).add_vpp_config()
        self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)

+        r1 = VppIpRoute(self, "10.11.3.0", 24,
+                        [VppRoutePath("10.11.3.1",
+                                      wg0.sw_if_index)]).add_vpp_config()
+
        # send a valid handsake init for which we expect a response
        p = peer_1.mk_handshake(self.pg1)

@ -744,5 +765,6 @@ class WireguardHandoffTests(TestWg):

        peer_1.validate_encapped(rxs, pe)

+        r1.remove_vpp_config()
        peer_1.remove_vpp_config()
        wg0.remove_vpp_config()