aboutsummaryrefslogtreecommitdiffstats
path: root/resources/libraries/robot
diff options
context:
space:
mode:
Diffstat (limited to 'resources/libraries/robot')
-rw-r--r--resources/libraries/robot/crypto/ipsec.robot28
-rw-r--r--resources/libraries/robot/shared/traffic.robot61
2 files changed, 80 insertions, 9 deletions
diff --git a/resources/libraries/robot/crypto/ipsec.robot b/resources/libraries/robot/crypto/ipsec.robot
index f48e4c4573..b55c8a83ce 100644
--- a/resources/libraries/robot/crypto/ipsec.robot
+++ b/resources/libraries/robot/crypto/ipsec.robot
@@ -170,11 +170,10 @@
| Initialize IPSec in 3-node circular topology
| | [Documentation]
| | ... | Set UP state on VPP interfaces in path on nodes in 3-node circular
-| | ... | topology. Get the interface MAC addresses and setup ARP on all VPP
-| | ... | interfaces. Setup IPv4 addresses with /24 prefix on DUT-TG and
-| | ... | DUT1-DUT2 links. Set routing for encrypted traffic on both DUT nodes
-| | ... | with prefix /8 and next hop of neighbour DUT or TG interface IPv4
-| | ... | address.
+| | ... | topology. Get the interface MAC addresses and setup ARP on VPP
+| | ... | interfaces towards TG. Setup IPv4 addresses with /24 prefix on DUT-TG
+| | ... | links. Set routing for decrypted traffic on both DUT nodes
+| | ... | with prefix /8 and next hop of neighbour TG interface IPv4 address.
| |
| | Set interfaces in path up
| | VPP Interface Set IP Address
@@ -203,7 +202,24 @@
| | VPP Interface Set IP Address
| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${dut1_if1_ip4} | 24
| | VPP Add IP Neighbor
-| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${tg_if1_ip4} | ${TG_pf1}[0]
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${tg_if1_ip4} | ${TG_pf1_mac}[0]
+| | Vpp Route Add
+| | ... | ${dut1} | ${laddr_ip4} | 8 | gateway=${tg_if1_ip4}
+| | ... | interface=${DUT1_${int}1}[0]
+
+| Initialize IPSec in 2-node circular topology
+| | [Documentation]
+| | ... | Set UP state on VPP interfaces in path on node in 2-node circular
+| | ... | topology. Get the interface MAC address and setup ARP on VPP
+| | ... | interface towards TG. Setup IPv4 address with /24 prefix on one
+| | ... | DUT-TG link. Set routing for decrypted traffic on DUT
+| | ... | with prefix /8 and next hop of neighbour TG interface IPv4 address.
+| |
+| | Set interfaces in path up
+| | VPP Interface Set IP Address
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${dut1_if1_ip4} | 24
+| | VPP Add IP Neighbor
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${tg_if1_ip4} | ${TG_pf1_mac}[0]
| | Vpp Route Add
| | ... | ${dut1} | ${laddr_ip4} | 8 | gateway=${tg_if1_ip4}
| | ... | interface=${DUT1_${int}1}[0]
diff --git a/resources/libraries/robot/shared/traffic.robot b/resources/libraries/robot/shared/traffic.robot
index 9358daf2d7..cc33969540 100644
--- a/resources/libraries/robot/shared/traffic.robot
+++ b/resources/libraries/robot/shared/traffic.robot
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Cisco and/or its affiliates.
+# Copyright (c) 2020 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
@@ -286,7 +286,7 @@
| |
| | ${tx_src_mac}= | Get Interface Mac | ${node} | ${tx_interface}
| | ${tx_if_name}= | Get Interface Name | ${node} | ${tx_interface}
-| | ${rx_dst_mac}= | Get Interface Mac | ${node} | ${tx_interface}
+| | ${rx_dst_mac}= | Get Interface Mac | ${node} | ${rx_interface}
| | ${rx_if_name}= | Get Interface Name | ${node} | ${rx_interface}
| | ${args}= | Catenate | --rx_if ${rx_if_name} | --tx_if ${tx_if_name}
| | ... | --tx_src_mac ${tx_src_mac} | --tx_dst_mac ${tx_dst_mac}
@@ -301,7 +301,7 @@
| | ... | ${args} --src_tun ${l_tunnel}
| | ${args}= | Set Variable If | "${r_tunnel}" == "${None}" | ${args}
| | ... | ${args} --dst_tun ${r_tunnel}
-| | Run Traffic Script On Node | ipsec.py | ${node} | ${args}
+| | Run Traffic Script On Node | ipsec_policy.py | ${node} | ${args}
| Send packet and verify LISP encap
| | [Documentation] | Send ICMP packet to DUT out one interface and receive\
@@ -348,6 +348,61 @@
| | Run Traffic Script On Node | lisp/lisp_check.py | ${tg_node}
| | ... | ${args}
+| Send IP Packet and verify ESP encapsulation in received packet
+| | [Documentation] | Send IP packet from TG to DUT. Receive IPsec packet\
+| | ... | from DUT on TG and verify ESP encapsulation. Send IPsec packet in\
+| | ... | opposite direction and verify received IP packet.
+| |
+| | ... | *Arguments:*
+| | ... | - node - TG node. Type: dictionary
+| | ... | - tx_interface - TG Interface 1. Type: string
+| | ... | - rx_interface - TG Interface 2. Type: string
+| | ... | - tx_dst_mac - Destination MAC for TX interface / DUT interface 1 MAC.
+| | ... | Type: string
+| | ... | - rx_src_mac - Source MAC for RX interface / DUT interface 2 MAC.
+| | ... | Type: string
+| | ... | - crypto_alg - Encrytion algorithm. Type: enum
+| | ... | - crypto_key - Encryption key. Type: string
+| | ... | - integ_alg - Integrity algorithm. Type: enum
+| | ... | - integ_key - Integrity key. Type: string
+| | ... | - l_spi - Local SPI. Type: integer
+| | ... | - r_spi - Remote SPI. Type: integer
+| | ... | - src_ip - Source IP address. Type: string
+| | ... | - dst_ip - Destination IP address. Type: string
+| | ... | - src_tun - Source tunnel IP address. Type: string
+| | ... | - dst_tun - Destination tunnel IP address. Type: string
+| |
+| | ... | *Example:*
+| | ... | \| ${encr_alg}= \| Crypto Alg AES CBC 128 \|
+| | ... | \| ${auth_alg}= \| Integ Alg SHA1 96 \|
+| | ... | \| Send IPsec Packet and verify ESP encapsulation in received packet\
+| | ... | \| ${nodes['TG']} \| eth1 \| eth2 \
+| | ... | \| 52:54:00:d4:d8:22 \| 52:54:00:d4:d8:3e \| ${encr_alg} \
+| | ... | \| sixteenbytes_key \| ${auth_alg} \| twentybytessecretkey \
+| | ... | \| ${1001} \| ${1000} \| 192.168.3.3 \| 192.168.4.4 \| 192.168.100.2 \
+| | ... | \| 192.168.100.3 \|
+| |
+| | [Arguments] | ${node} | ${tx_interface} | ${rx_interface} | ${tx_dst_mac}
+| | ... | ${rx_src_mac} | ${crypto_alg} | ${crypto_key} | ${integ_alg}
+| | ... | ${integ_key} | ${l_spi} | ${r_spi} | ${src_ip} | ${dst_ip}
+| | ... | ${src_tun} | ${dst_tun}
+| |
+| | ${tx_src_mac}= | Get Interface Mac | ${node} | ${tx_interface}
+| | ${tx_if_name}= | Get Interface Name | ${node} | ${tx_interface}
+| | ${rx_dst_mac}= | Get Interface Mac | ${node} | ${rx_interface}
+| | ${rx_if_name}= | Get Interface Name | ${node} | ${rx_interface}
+| | ${crypto_alg_str}= | Get Crypto Alg Scapy Name | ${crypto_alg}
+| | ${integ_alg_str}= | Get Integ Alg Scapy Name | ${integ_alg}
+| | ${args}= | Catenate | --rx_if ${rx_if_name} | --tx_if ${tx_if_name}
+| | ... | --tx_src_mac ${tx_src_mac} | --tx_dst_mac ${tx_dst_mac}
+| | ... | --rx_src_mac ${rx_src_mac} | --rx_dst_mac ${rx_dst_mac}
+| | ... | --src_ip ${src_ip} | --dst_ip ${dst_ip}
+| | ... | --crypto_alg ${crypto_alg_str} | --crypto_key ${crypto_key}
+| | ... | --integ_alg ${integ_alg_str} | --integ_key ${integ_key}
+| | ... | --l_spi ${l_spi} | --r_spi ${r_spi} | --src_tun ${src_tun}
+| | ... | --dst_tun ${dst_tun}
+| | Run Traffic Script On Node | ipsec_interface.py | ${node} | ${args}
+
| Send packet and verify LISP GPE encap
| | [Documentation] | Send ICMP packet to DUT out one interface and receive\
| | ... | a LISP-GPE encapsulated packet on the other interface.