def __init__(self,_name=''):
Xfrm.__init__(self,_name)
# finite-state-machine for recognizing node sequences
self.fsm = FSM(8,True)
# reduction rules are represented by a set of parrallel arrays
self.offS = []
self.offE = []
self.props = []
self.sc = []
self.act = []
def test_create_tunnel_policy_ipv6(self):
Xfrm.create_policy(ip_network('2009::0/64'),
ip_network('2009::0/64'),
0,
0,
socket.IPPROTO_TCP,
XFRM_POLICY_OUT,
socket.IPPROTO_AH,
XFRM_MODE_TRANSPORT,
ip_address('2001::1'),
ip_address('2001::2'),
index=1)
def test_create_tunnel_policy(self):
Xfrm.create_policy(ip_network('10.0.0.0/24'),
ip_network('10.0.1.0/24'),
0,
0,
socket.IPPROTO_TCP,
XFRM_POLICY_OUT,
socket.IPPROTO_AH,
XFRM_MODE_TUNNEL,
ip_address('192.168.1.1'),
ip_address('192.168.1.2'),
index=1)
def test_create_transport_policy(self):
Xfrm.create_policy(ip_network('192.168.1.1/32'),
ip_network('192.168.2.1/32'),
0,
0,
socket.IPPROTO_TCP,
XFRM_POLICY_OUT,
socket.IPPROTO_AH,
XFRM_MODE_TRANSPORT,
ip_address('192.168.1.1'),
ip_address('192.168.1.2'),
index=1)
def __init__(self,_name=''):
Xfrm.__init__(self,_name)
# debug toggles
self.trace = False
self.trace_best = False
# mappings, x and y sequences -> index
self.xdct = SeqDct(vcb.spell_sc,'xdct')
self.ydct = SeqDct(srseq_tostr,'ydct')
# The parse maps
self.srmap = []
self.srmap.append(SrMap("prelude",False,self.xdct,self.ydct))
self.srmap.append(SrMap("chain",False,self.xdct,self.ydct))
self.srmap.append(SrMap("subv",False,self.xdct,self.ydct))
self.srmap.append(SrMap("vobj",True,self.xdct,self.ydct))
self.srmap.append(SrMap("postlude",True,self.xdct,self.ydct))
def tearDown(self):
subprocess.call('ip xfrm policy', shell=True)
subprocess.call('ip xfrm state', shell=True)
Xfrm.flush_policies()
Xfrm.flush_sas()
def test_delete_ipsec_sa(self):
self.test_create_tunnel_ipsec_sa()
Xfrm.delete_sa(ip_address('192.168.1.2'), socket.IPPROTO_ESP, b'1234')
def test_create_tunnel_ipsec_sa(self):
Xfrm.create_sa(ip_network('192.168.1.1/32'),
ip_network('192.168.1.2/32'), 0, 0, b'1234',
socket.IPPROTO_TCP, socket.IPPROTO_ESP, Mode.TUNNEL,
ip_address('192.168.1.1'), ip_address('192.168.1.2'),
b'cbc(aes)', b'1' * 16, b'hmac(md5)', b'1' * 16)
def setUp(self):
Xfrm.flush_policies()
Xfrm.flush_sas()
def setUp(self):
self.xfrm = Xfrm()
self.xfrm.flush_policies()
self.xfrm.flush_sas()
class TestXfrm(unittest.TestCase):
def setUp(self):
self.xfrm = Xfrm()
self.xfrm.flush_policies()
self.xfrm.flush_sas()
def test_create_transport_policy(self):
ipsec_conf = IpsecConfiguration(
my_port=0,
peer_port=80,
ip_proto=TrafficSelector.IpProtocol.TCP,
ipsec_proto=Proposal.Protocol.AH,
mode=Mode.TRANSPORT,
index=0)
ike_conf = IkeConfiguration(protect=[ipsec_conf])
self.xfrm.create_policies(ip_address('192.168.1.1'),
ip_address('192.168.1.2'), ike_conf)
def test_create_tunnel_policy(self):
ipsec_conf = IpsecConfiguration(
my_subnet=ip_network('192.168.1.0/24'),
peer_subnet=ip_network('10.0.0.0/8'),
my_port=0,
peer_port=80,
ip_proto=TrafficSelector.IpProtocol.TCP,
ipsec_proto=Proposal.Protocol.AH,
mode=Mode.TUNNEL,
index=1)
ike_conf = IkeConfiguration(protect=[ipsec_conf])
self.xfrm.create_policies(ip_address('192.168.1.1'),
ip_address('192.168.1.2'), ike_conf)
def test_create_transport_ipsec_sa(self):
self.xfrm.create_sa(
ip_address('192.168.1.1'), ip_address('192.168.1.2'),
TrafficSelector(TrafficSelector.Type.TS_IPV4_ADDR_RANGE,
TrafficSelector.IpProtocol.TCP, 0, 0,
ip_address('192.168.1.1'),
ip_address('192.168.1.1')),
TrafficSelector(TrafficSelector.Type.TS_IPV4_ADDR_RANGE,
TrafficSelector.IpProtocol.TCP, 0, 0,
ip_address('192.168.1.2'),
ip_address('192.168.1.2')), Proposal.Protocol.ESP,
b'1234', Transform.EncrId.ENCR_AES_CBC, b'1' * 16,
Transform.IntegId.AUTH_HMAC_MD5_96, b'1' * 16, Mode.TRANSPORT)
def test_create_tunnel_ipsec_sa(self):
self.xfrm.create_sa(
ip_address('192.168.1.1'), ip_address('192.168.1.2'),
TrafficSelector(TrafficSelector.Type.TS_IPV4_ADDR_RANGE,
TrafficSelector.IpProtocol.TCP, 0, 0,
ip_address('192.168.1.1'),
ip_address('192.168.1.1')),
TrafficSelector(TrafficSelector.Type.TS_IPV4_ADDR_RANGE,
TrafficSelector.IpProtocol.TCP, 0, 0,
ip_address('192.168.1.2'),
ip_address('192.168.1.2')), Proposal.Protocol.ESP,
b'1234', Transform.EncrId.ENCR_AES_CBC, b'1' * 16,
Transform.IntegId.AUTH_HMAC_MD5_96, b'1' * 16, Mode.TUNNEL)
self.xfrm.delete_sa(ip_address('192.168.1.2'), Proposal.Protocol.ESP,
b'1234')
def test_get_policies(self):
self.test_create_transport_policy()
policies = self.xfrm._get_policies()
for header, payload, attributes in policies:
payload.to_dict()
def tearDown(self):
self.xfrm.flush_policies()
self.xfrm.flush_sas()