def setUp(self):
super(TemplateIpsec6TunIfEsp, self).setUp()
self.tun_if = self.pg0
p = self.ipv6_params
tun_if = VppIpsecTunInterface(self,
self.pg0,
p.vpp_tun_spi,
p.scapy_tun_spi,
p.crypt_algo_vpp_id,
p.crypt_key,
p.crypt_key,
p.auth_algo_vpp_id,
p.auth_key,
p.auth_key,
is_ip6=True)
tun_if.add_vpp_config()
tun_if.admin_up()
tun_if.config_ip6()
tun_if.config_ip4()
r = VppIpRoute(self, p.remote_tun_if_host, 128, [
VppRoutePath(
tun_if.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6)
])
r.add_vpp_config()
r = VppIpRoute(self, p.remote_tun_if_host4, 32,
[VppRoutePath(tun_if.remote_ip4, 0xffffffff)])
r.add_vpp_config()
def setUp(self):
self.ipsec_tun_if = VppIpsecTunInterface(
self, self.pg0, self.vpp_tun_spi, self.scapy_tun_spi,
self.crypt_algo_vpp_id, self.crypt_key, self.crypt_key,
self.auth_algo_vpp_id, self.auth_key, self.auth_key)
self.ipsec_tun_if.add_vpp_config()
self.ipsec_tun_if.admin_up()
self.ipsec_tun_if.config_ip4()
src4 = socket.inet_pton(socket.AF_INET, self.remote_tun_if_host)
self.vapi.ip_add_del_route(src4, 32, self.ipsec_tun_if.remote_ip4n)
def setUp(self):
super(TemplateIpsec4TunIfEspUdp, self).setUp()
self.tun_if = self.pg0
p = self.ipv4_params
p.flags = (
VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_UDP_ENCAP)
p.nat_header = UDP(sport=5454, dport=4500)
p.tun_if = VppIpsecTunInterface(self,
self.pg0,
p.vpp_tun_spi,
p.scapy_tun_spi,
p.crypt_algo_vpp_id,
p.crypt_key,
p.crypt_key,
p.auth_algo_vpp_id,
p.auth_key,
p.auth_key,
udp_encap=True)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
p.tun_if.config_ip4()
p.tun_if.config_ip6()
r = VppIpRoute(self, p.remote_tun_if_host, 32,
[VppRoutePath(p.tun_if.remote_ip4, 0xffffffff)])
r.add_vpp_config()
r = VppIpRoute(self, p.remote_tun_if_host6, 128, [
VppRoutePath(
p.tun_if.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6)
])
r.add_vpp_config()
def setUp(self):
super(TemplateIpsec4TunIfEsp, self).setUp()
self.tun_if = self.pg0
p = self.ipv4_params
p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
p.scapy_tun_spi, p.crypt_algo_vpp_id,
p.crypt_key, p.crypt_key,
p.auth_algo_vpp_id, p.auth_key,
p.auth_key)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
p.tun_if.config_ip4()
p.tun_if.config_ip6()
config_tun_params(p, self.encryption_type, p.tun_if)
r = VppIpRoute(self, p.remote_tun_if_host, 32,
[VppRoutePath(p.tun_if.remote_ip4, 0xffffffff)])
r.add_vpp_config()
r = VppIpRoute(self, p.remote_tun_if_host6, 128, [
VppRoutePath(
p.tun_if.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6)
])
r.add_vpp_config()
class TemplateIpsecTunIfEsp(TemplateIpsec):
""" IPsec tunnel interface tests """
encryption_type = ESP
@classmethod
def setUpClass(cls):
super(TemplateIpsecTunIfEsp, cls).setUpClass()
cls.tun_if = cls.pg0
def setUp(self):
self.ipsec_tun_if = VppIpsecTunInterface(
self, self.pg0, self.vpp_tun_spi, self.scapy_tun_spi,
self.crypt_algo_vpp_id, self.crypt_key, self.crypt_key,
self.auth_algo_vpp_id, self.auth_key, self.auth_key)
self.ipsec_tun_if.add_vpp_config()
self.ipsec_tun_if.admin_up()
self.ipsec_tun_if.config_ip4()
src4 = socket.inet_pton(socket.AF_INET, self.remote_tun_if_host)
self.vapi.ip_add_del_route(src4, 32, self.ipsec_tun_if.remote_ip4n)
def tearDown(self):
if not self.vpp_dead:
self.vapi.cli("show hardware")
super(TemplateIpsecTunIfEsp, self).tearDown()
def setUp(self):
super(TestIpsec6MultiTunIfEsp, self).setUp()
self.tun_if = self.pg0
self.multi_params = []
for ii in range(10):
p = copy.copy(self.ipv6_params)
p.remote_tun_if_host = "1111::%d" % (ii + 1)
p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
p.scapy_tun_spi = p.scapy_tun_spi + ii
p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
p.vpp_tun_spi = p.vpp_tun_spi + ii
p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
p.scapy_tra_spi = p.scapy_tra_spi + ii
p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
p.vpp_tra_spi = p.vpp_tra_spi + ii
config_tun_params(p, self.encryption_type, self.tun_if)
self.multi_params.append(p)
p.tun_if = VppIpsecTunInterface(self,
self.pg0,
p.vpp_tun_spi,
p.scapy_tun_spi,
p.crypt_algo_vpp_id,
p.crypt_key,
p.crypt_key,
p.auth_algo_vpp_id,
p.auth_key,
p.auth_key,
is_ip6=True)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
p.tun_if.config_ip6()
VppIpRoute(self,
p.remote_tun_if_host,
128, [
VppRoutePath(p.tun_if.remote_ip6,
0xffffffff,
proto=DpoProto.DPO_PROTO_IP6)
],
is_ip6=1).add_vpp_config()
def setUp(self):
super(TemplateIpsecTunIfEsp, self).setUp()
self.tun_if = self.pg0
p = self.ipv4_params
tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
p.scapy_tun_spi, p.crypt_algo_vpp_id,
p.crypt_key, p.crypt_key,
p.auth_algo_vpp_id, p.auth_key,
p.auth_key)
tun_if.add_vpp_config()
tun_if.admin_up()
tun_if.config_ip4()
VppIpRoute(
self, p.remote_tun_if_host, 32,
[VppRoutePath(tun_if.remote_ip4, 0xffffffff)]).add_vpp_config()
def config_network(self, p):
config_tun_params(p, self.encryption_type, self.tun_if)
p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
p.scapy_tun_spi, p.crypt_algo_vpp_id,
p.crypt_key, p.crypt_key,
p.auth_algo_vpp_id, p.auth_key,
p.auth_key)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
p.tun_if.config_ip4()
self.logger.info(self.vapi.cli("sh ipsec sa 0"))
self.logger.info(self.vapi.cli("sh ipsec sa 1"))
p.route = VppIpRoute(self, p.remote_tun_if_host, 32,
[VppRoutePath(p.tun_if.remote_ip4, 0xffffffff)])
p.route.add_vpp_config()
def setUp(self):
super(TemplateIpsec6TunIfEsp, self).setUp()
self.tun_if = self.pg0
p = self.ipv6_params
tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
p.scapy_tun_spi, p.crypt_algo_vpp_id,
p.crypt_key, p.crypt_key,
p.auth_algo_vpp_id, p.auth_key,
p.auth_key, is_ip6=True)
tun_if.add_vpp_config()
tun_if.admin_up()
tun_if.config_ip6()
tun_if.config_ip4()
VppIpRoute(self, p.remote_tun_if_host, 128,
[VppRoutePath(tun_if.remote_ip6,
0xffffffff,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1).add_vpp_config()
VppIpRoute(self, p.remote_tun_if_host4, 32,
[VppRoutePath(tun_if.remote_ip4,
0xffffffff)]).add_vpp_config()
def setUp(self):
super(TestIpsec4MultiTunIfEsp, self).setUp()
self.tun_if = self.pg0
self.multi_params = []
self.pg0.generate_remote_hosts(10)
self.pg0.configure_ipv4_neighbors()
for ii in range(10):
p = copy.copy(self.ipv4_params)
p.remote_tun_if_host = "1.1.1.%d" % (ii + 1)
p.scapy_tun_sa_id = p.scapy_tun_sa_id + ii
p.scapy_tun_spi = p.scapy_tun_spi + ii
p.vpp_tun_sa_id = p.vpp_tun_sa_id + ii
p.vpp_tun_spi = p.vpp_tun_spi + ii
p.scapy_tra_sa_id = p.scapy_tra_sa_id + ii
p.scapy_tra_spi = p.scapy_tra_spi + ii
p.vpp_tra_sa_id = p.vpp_tra_sa_id + ii
p.vpp_tra_spi = p.vpp_tra_spi + ii
p.tun_if = VppIpsecTunInterface(self,
self.pg0,
p.vpp_tun_spi,
p.scapy_tun_spi,
p.crypt_algo_vpp_id,
p.crypt_key,
p.crypt_key,
p.auth_algo_vpp_id,
p.auth_key,
p.auth_key,
dst=self.pg0.remote_hosts[ii].ip4)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
p.tun_if.config_ip4()
config_tun_params(p, self.encryption_type, p.tun_if)
self.multi_params.append(p)
VppIpRoute(self, p.remote_tun_if_host, 32,
[VppRoutePath(p.tun_if.remote_ip4, 0xffffffff)
]).add_vpp_config()
def setUp(self):
super(TemplateIpsec4TunIfEsp, self).setUp()
self.tun_if = self.pg0
p = self.ipv4_params
tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi,
p.scapy_tun_spi, p.crypt_algo_vpp_id,
p.crypt_key, p.crypt_key,
p.auth_algo_vpp_id, p.auth_key,
p.auth_key)
tun_if.add_vpp_config()
tun_if.admin_up()
tun_if.config_ip4()
VppIpRoute(self, p.remote_tun_if_host, 32,
[VppRoutePath(tun_if.remote_ip4,
0xffffffff)]).add_vpp_config()
def test_traffic(self):
""" Punt socket traffic """
port = self.ports[0]
pt_ex = VppEnum.vl_api_punt_type_t.PUNT_API_TYPE_EXCEPTION
punt_ex = {'type': pt_ex, 'punt': {'exception': {}}}
#
# we need an IPSec tunnels for this to work otherwise ESP gets dropped
# due to unknown IP proto
#
VppIpsecTunInterface(
self, self.pg0, 1000, 1000,
(VppEnum.vl_api_ipsec_crypto_alg_t.IPSEC_API_CRYPTO_ALG_AES_CBC_128
), b"0123456701234567", b"0123456701234567",
(VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_SHA1_96),
b"0123456701234567", b"0123456701234567").add_vpp_config()
VppIpsecTunInterface(
self,
self.pg1,
1000,
1000,
(VppEnum.vl_api_ipsec_crypto_alg_t.IPSEC_API_CRYPTO_ALG_AES_CBC_128
),
b"0123456701234567",
b"0123456701234567",
(VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_SHA1_96),
b"0123456701234567",
b"0123456701234567",
udp_encap=True).add_vpp_config()
#
# we're dealing with IPSec tunnels punting for no-such-tunnel
# adn SPI=0
#
cfgs = dict()
cfgs['ipsec4-no-such-tunnel'] = {
'spi': 99,
'udp': False,
'itf': self.pg0
}
cfgs['ipsec4-spi-o-udp-0'] = {'spi': 0, 'udp': True, 'itf': self.pg1}
#
# find the VPP ID for these punt exception reasin
#
rs = self.vapi.punt_reason_dump()
for key in cfgs:
for r in rs:
if r.reason.name == key:
cfgs[key]['id'] = r.reason.id
cfgs[key]['vpp'] = copy.deepcopy(
set_reason(punt_ex, cfgs[key]['id']))
break
#
# configure punt sockets
#
for cfg in cfgs.values():
cfg['sock'] = self.socket_client_create("%s/socket_%d" %
(self.tempdir, cfg['id']))
self.vapi.punt_socket_register(
cfg['vpp'], "%s/socket_%d" % (self.tempdir, cfg['id']))
#
# create packet streams for 'no-such-tunnel' exception
#
for cfg in cfgs.values():
pkt = (Ether(src=cfg['itf'].remote_mac, dst=cfg['itf'].local_mac) /
IP(src=cfg['itf'].remote_ip4, dst=cfg['itf'].local_ip4))
if (cfg['udp']):
pkt = pkt / UDP(sport=666, dport=4500)
pkt = (pkt / ESP(spi=cfg['spi'], seq=3) / Raw(b'\xa5' * 100))
cfg['pkts'] = [pkt]
#
# send packets for each SPI we expect to be punted
#
for cfg in cfgs.values():
self.send_and_assert_no_replies(cfg['itf'], cfg['pkts'])
#
# verify the punted packets arrived on the associated socket
#
for cfg in cfgs.values():
rx = cfg['sock'].close()
self.verify_esp_pkts(rx, len(cfg['pkts']), cfg['spi'], cfg['udp'])
#
# socket deregister
#
for cfg in cfgs.values():
self.vapi.punt_socket_deregister(cfg['vpp'])