def setUp(self): super(TemplateIpsec6TunIfEsp, self).setUp() self.tun_if = self.pg0 p = self.ipv6_params tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, p.auth_key, is_ip6=True) tun_if.add_vpp_config() tun_if.admin_up() tun_if.config_ip6() tun_if.config_ip4() r = VppIpRoute(self, p.remote_tun_if_host, 128, [ VppRoutePath( tun_if.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6) ]) r.add_vpp_config() r = VppIpRoute(self, p.remote_tun_if_host4, 32, [VppRoutePath(tun_if.remote_ip4, 0xffffffff)]) r.add_vpp_config()
def setUp(self): self.ipsec_tun_if = VppIpsecTunInterface( self, self.pg0, self.vpp_tun_spi, self.scapy_tun_spi, self.crypt_algo_vpp_id, self.crypt_key, self.crypt_key, self.auth_algo_vpp_id, self.auth_key, self.auth_key) self.ipsec_tun_if.add_vpp_config() self.ipsec_tun_if.admin_up() self.ipsec_tun_if.config_ip4() src4 = socket.inet_pton(socket.AF_INET, self.remote_tun_if_host) self.vapi.ip_add_del_route(src4, 32, self.ipsec_tun_if.remote_ip4n)
def setUp(self): super(TemplateIpsec4TunIfEspUdp, self).setUp() self.tun_if = self.pg0 p = self.ipv4_params p.flags = ( VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_UDP_ENCAP) p.nat_header = UDP(sport=5454, dport=4500) p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, p.auth_key, udp_encap=True) p.tun_if.add_vpp_config() p.tun_if.admin_up() p.tun_if.config_ip4() p.tun_if.config_ip6() r = VppIpRoute(self, p.remote_tun_if_host, 32, [VppRoutePath(p.tun_if.remote_ip4, 0xffffffff)]) r.add_vpp_config() r = VppIpRoute(self, p.remote_tun_if_host6, 128, [ VppRoutePath( p.tun_if.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6) ]) r.add_vpp_config()
def setUp(self): super(TemplateIpsec4TunIfEsp, self).setUp() self.tun_if = self.pg0 p = self.ipv4_params p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, p.auth_key) p.tun_if.add_vpp_config() p.tun_if.admin_up() p.tun_if.config_ip4() p.tun_if.config_ip6() config_tun_params(p, self.encryption_type, p.tun_if) r = VppIpRoute(self, p.remote_tun_if_host, 32, [VppRoutePath(p.tun_if.remote_ip4, 0xffffffff)]) r.add_vpp_config() r = VppIpRoute(self, p.remote_tun_if_host6, 128, [ VppRoutePath( p.tun_if.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6) ]) r.add_vpp_config()
class TemplateIpsecTunIfEsp(TemplateIpsec): """ IPsec tunnel interface tests """ encryption_type = ESP @classmethod def setUpClass(cls): super(TemplateIpsecTunIfEsp, cls).setUpClass() cls.tun_if = cls.pg0 def setUp(self): self.ipsec_tun_if = VppIpsecTunInterface( self, self.pg0, self.vpp_tun_spi, self.scapy_tun_spi, self.crypt_algo_vpp_id, self.crypt_key, self.crypt_key, self.auth_algo_vpp_id, self.auth_key, self.auth_key) self.ipsec_tun_if.add_vpp_config() self.ipsec_tun_if.admin_up() self.ipsec_tun_if.config_ip4() src4 = socket.inet_pton(socket.AF_INET, self.remote_tun_if_host) self.vapi.ip_add_del_route(src4, 32, self.ipsec_tun_if.remote_ip4n) def tearDown(self): if not self.vpp_dead: self.vapi.cli("show hardware") super(TemplateIpsecTunIfEsp, self).tearDown()
def setUp(self): super(TestIpsec6MultiTunIfEsp, self).setUp() self.tun_if = self.pg0 self.multi_params = [] for ii in range(10): p = copy.copy(self.ipv6_params) p.remote_tun_if_host = "1111::%d" % (ii + 1) p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii p.scapy_tun_spi = p.scapy_tun_spi + ii p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii p.vpp_tun_spi = p.vpp_tun_spi + ii p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii p.scapy_tra_spi = p.scapy_tra_spi + ii p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii p.vpp_tra_spi = p.vpp_tra_spi + ii config_tun_params(p, self.encryption_type, self.tun_if) self.multi_params.append(p) p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, p.auth_key, is_ip6=True) p.tun_if.add_vpp_config() p.tun_if.admin_up() p.tun_if.config_ip6() VppIpRoute(self, p.remote_tun_if_host, 128, [ VppRoutePath(p.tun_if.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6) ], is_ip6=1).add_vpp_config()
def setUp(self): super(TemplateIpsecTunIfEsp, self).setUp() self.tun_if = self.pg0 p = self.ipv4_params tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, p.auth_key) tun_if.add_vpp_config() tun_if.admin_up() tun_if.config_ip4() VppIpRoute( self, p.remote_tun_if_host, 32, [VppRoutePath(tun_if.remote_ip4, 0xffffffff)]).add_vpp_config()
def config_network(self, p): config_tun_params(p, self.encryption_type, self.tun_if) p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, p.auth_key) p.tun_if.add_vpp_config() p.tun_if.admin_up() p.tun_if.config_ip4() self.logger.info(self.vapi.cli("sh ipsec sa 0")) self.logger.info(self.vapi.cli("sh ipsec sa 1")) p.route = VppIpRoute(self, p.remote_tun_if_host, 32, [VppRoutePath(p.tun_if.remote_ip4, 0xffffffff)]) p.route.add_vpp_config()
def setUp(self): super(TemplateIpsec6TunIfEsp, self).setUp() self.tun_if = self.pg0 p = self.ipv6_params tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, p.auth_key, is_ip6=True) tun_if.add_vpp_config() tun_if.admin_up() tun_if.config_ip6() tun_if.config_ip4() VppIpRoute(self, p.remote_tun_if_host, 128, [VppRoutePath(tun_if.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6)], is_ip6=1).add_vpp_config() VppIpRoute(self, p.remote_tun_if_host4, 32, [VppRoutePath(tun_if.remote_ip4, 0xffffffff)]).add_vpp_config()
def setUp(self): super(TestIpsec4MultiTunIfEsp, self).setUp() self.tun_if = self.pg0 self.multi_params = [] self.pg0.generate_remote_hosts(10) self.pg0.configure_ipv4_neighbors() for ii in range(10): p = copy.copy(self.ipv4_params) p.remote_tun_if_host = "1.1.1.%d" % (ii + 1) p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii p.scapy_tun_spi = p.scapy_tun_spi + ii p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii p.vpp_tun_spi = p.vpp_tun_spi + ii p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii p.scapy_tra_spi = p.scapy_tra_spi + ii p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii p.vpp_tra_spi = p.vpp_tra_spi + ii p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, p.auth_key, dst=self.pg0.remote_hosts[ii].ip4) p.tun_if.add_vpp_config() p.tun_if.admin_up() p.tun_if.config_ip4() config_tun_params(p, self.encryption_type, p.tun_if) self.multi_params.append(p) VppIpRoute(self, p.remote_tun_if_host, 32, [VppRoutePath(p.tun_if.remote_ip4, 0xffffffff) ]).add_vpp_config()
def setUp(self): super(TemplateIpsec4TunIfEsp, self).setUp() self.tun_if = self.pg0 p = self.ipv4_params tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, p.auth_key) tun_if.add_vpp_config() tun_if.admin_up() tun_if.config_ip4() VppIpRoute(self, p.remote_tun_if_host, 32, [VppRoutePath(tun_if.remote_ip4, 0xffffffff)]).add_vpp_config()
def test_traffic(self): """ Punt socket traffic """ port = self.ports[0] pt_ex = VppEnum.vl_api_punt_type_t.PUNT_API_TYPE_EXCEPTION punt_ex = {'type': pt_ex, 'punt': {'exception': {}}} # # we need an IPSec tunnels for this to work otherwise ESP gets dropped # due to unknown IP proto # VppIpsecTunInterface( self, self.pg0, 1000, 1000, (VppEnum.vl_api_ipsec_crypto_alg_t.IPSEC_API_CRYPTO_ALG_AES_CBC_128 ), b"0123456701234567", b"0123456701234567", (VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_SHA1_96), b"0123456701234567", b"0123456701234567").add_vpp_config() VppIpsecTunInterface( self, self.pg1, 1000, 1000, (VppEnum.vl_api_ipsec_crypto_alg_t.IPSEC_API_CRYPTO_ALG_AES_CBC_128 ), b"0123456701234567", b"0123456701234567", (VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_SHA1_96), b"0123456701234567", b"0123456701234567", udp_encap=True).add_vpp_config() # # we're dealing with IPSec tunnels punting for no-such-tunnel # adn SPI=0 # cfgs = dict() cfgs['ipsec4-no-such-tunnel'] = { 'spi': 99, 'udp': False, 'itf': self.pg0 } cfgs['ipsec4-spi-o-udp-0'] = {'spi': 0, 'udp': True, 'itf': self.pg1} # # find the VPP ID for these punt exception reasin # rs = self.vapi.punt_reason_dump() for key in cfgs: for r in rs: if r.reason.name == key: cfgs[key]['id'] = r.reason.id cfgs[key]['vpp'] = copy.deepcopy( set_reason(punt_ex, cfgs[key]['id'])) break # # configure punt sockets # for cfg in cfgs.values(): cfg['sock'] = self.socket_client_create("%s/socket_%d" % (self.tempdir, cfg['id'])) self.vapi.punt_socket_register( cfg['vpp'], "%s/socket_%d" % (self.tempdir, cfg['id'])) # # create packet streams for 'no-such-tunnel' exception # for cfg in cfgs.values(): pkt = (Ether(src=cfg['itf'].remote_mac, dst=cfg['itf'].local_mac) / IP(src=cfg['itf'].remote_ip4, dst=cfg['itf'].local_ip4)) if (cfg['udp']): pkt = pkt / UDP(sport=666, dport=4500) pkt = (pkt / ESP(spi=cfg['spi'], seq=3) / Raw(b'\xa5' * 100)) cfg['pkts'] = [pkt] # # send packets for each SPI we expect to be punted # for cfg in cfgs.values(): self.send_and_assert_no_replies(cfg['itf'], cfg['pkts']) # # verify the punted packets arrived on the associated socket # for cfg in cfgs.values(): rx = cfg['sock'].close() self.verify_esp_pkts(rx, len(cfg['pkts']), cfg['spi'], cfg['udp']) # # socket deregister # for cfg in cfgs.values(): self.vapi.punt_socket_deregister(cfg['vpp'])