From 9047c7fbf1c811f07c69f778914d25d2652651f3 Mon Sep 17 00:00:00 2001
From: Filip Tehlar <ftehlar@cisco.com>
Date: Tue, 25 Apr 2017 15:24:05 +0200
Subject: Add IPSec tests

Change-Id: Ia684c2d4d251bd241831ea596e621b3f1ee80dd1
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
---
 .../configs/vpp_lite_config/ipsec/4o4/vpp1.config       | 17 +++++++++++++++++
 .../configs/vpp_lite_config/ipsec/4o4/vpp2.config       | 17 +++++++++++++++++
 .../configs/vpp_lite_config/ipsec/6o6/vpp1.config       | 17 +++++++++++++++++
 .../configs/vpp_lite_config/ipsec/6o6/vpp2.config       | 17 +++++++++++++++++
 tests/data_plane/vpp_lite_topo/scripts/cmd_mappings.py  |  5 +++++
 .../vpp_lite_topo/test_driver/basic_single_icmp.sh      | 17 +++++++++++++++++
 tests/data_plane/vpp_lite_topo/tests/test_ipsec_4o4.sh  |  7 +++++++
 tests/data_plane/vpp_lite_topo/tests/test_ipsec_6o6.sh  |  7 +++++++
 8 files changed, 104 insertions(+)
 create mode 100644 tests/data_plane/configs/vpp_lite_config/ipsec/4o4/vpp1.config
 create mode 100644 tests/data_plane/configs/vpp_lite_config/ipsec/4o4/vpp2.config
 create mode 100644 tests/data_plane/configs/vpp_lite_config/ipsec/6o6/vpp1.config
 create mode 100644 tests/data_plane/configs/vpp_lite_config/ipsec/6o6/vpp2.config
 create mode 100755 tests/data_plane/vpp_lite_topo/tests/test_ipsec_4o4.sh
 create mode 100755 tests/data_plane/vpp_lite_topo/tests/test_ipsec_6o6.sh

diff --git a/tests/data_plane/configs/vpp_lite_config/ipsec/4o4/vpp1.config b/tests/data_plane/configs/vpp_lite_config/ipsec/4o4/vpp1.config
new file mode 100644
index 0000000..9b0d759
--- /dev/null
+++ b/tests/data_plane/configs/vpp_lite_config/ipsec/4o4/vpp1.config
@@ -0,0 +1,17 @@
+create_host_iface vpp1 6.0.1.1/24
+create_host_iface intervpp1 6.0.3.1/24
+
+lisp_state enable
+lisp_locator_set_with_locator ls1 host-intervpp1 1 1
+lisp_local_eid eid 6.0.1.0/24 locator-set ls1
+lisp_remote_mapping eid 6.0.2.0/24 rloc 6.0.3.2
+lisp_adjacency leid 6.0.1.0/24 reid 6.0.2.0/24
+
+ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 69485741315772365051494e59507650 integ_alg sha1-96 integ_key 6958633071487352456345317767776244554174
+ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 69485741315772365051494e59507650 integ_alg sha1-96 integ_key 6958633071487352456345317767776244554174
+ipsec_spd_add_del spd_id 1
+ipsec_interface_add_del_spd host-intervpp1 spd_id 1
+ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50 
+ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
+ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 6.0.3.1 laddr_stop 6.0.3.1 raddr_start 6.0.3.2 raddr_stop 6.0.3.2
+ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 6.0.3.1 laddr_stop 6.0.3.1 raddr_start 6.0.3.2 raddr_stop 6.0.3.2
diff --git a/tests/data_plane/configs/vpp_lite_config/ipsec/4o4/vpp2.config b/tests/data_plane/configs/vpp_lite_config/ipsec/4o4/vpp2.config
new file mode 100644
index 0000000..576d87a
--- /dev/null
+++ b/tests/data_plane/configs/vpp_lite_config/ipsec/4o4/vpp2.config
@@ -0,0 +1,17 @@
+create_host_iface vpp2 6.0.2.1/24
+create_host_iface intervpp2 6.0.3.2/24
+
+lisp_state enable
+lisp_locator_set_with_locator ls1 host-intervpp2 1 1
+lisp_local_eid eid 6.0.2.0/24 locator-set ls1
+lisp_remote_mapping eid 6.0.1.0/24 rloc 6.0.3.1
+lisp_adjacency leid 6.0.2.0/24 reid 6.0.1.0/24
+
+ipsec_sad_add_del_entry esp sad_id 10 spi 1000 crypto_alg aes-cbc-128 crypto_key 69485741315772365051494e59507650 integ_alg sha1-96 integ_key 6958633071487352456345317767776244554174
+ipsec_sad_add_del_entry esp sad_id 20 spi 1001 crypto_alg aes-cbc-128 crypto_key 69485741315772365051494e59507650 integ_alg sha1-96 integ_key 6958633071487352456345317767776244554174
+ipsec_spd_add_del spd_id 1
+ipsec_interface_add_del_spd host-intervpp2 spd_id 1
+ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50 
+ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
+ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 6.0.3.2 laddr_stop 6.0.3.2 raddr_start 6.0.3.1 raddr_stop 6.0.3.1
+ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 6.0.3.2 laddr_stop 6.0.3.2 raddr_start 6.0.3.1 raddr_stop 6.0.3.1
diff --git a/tests/data_plane/configs/vpp_lite_config/ipsec/6o6/vpp1.config b/tests/data_plane/configs/vpp_lite_config/ipsec/6o6/vpp1.config
new file mode 100644
index 0000000..f63e357
--- /dev/null
+++ b/tests/data_plane/configs/vpp_lite_config/ipsec/6o6/vpp1.config
@@ -0,0 +1,17 @@
+create_host_iface vpp1 6:0:1::1/64
+create_host_iface intervpp1 6:0:3::1/64
+
+lisp_state enable
+lisp_locator_set_with_locator ls1 host-intervpp1 1 1
+lisp_local_eid eid 6:0:1::0/64 locator-set ls1
+lisp_remote_mapping eid 6:0:2::0/64 rloc 6:0:3::2
+lisp_adjacency leid 6:0:1::0/64 reid 6:0:2::0/64
+
+ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 69485741315772365051494e59507650 integ_alg sha1-96 integ_key 6958633071487352456345317767776244554174
+ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 69485741315772365051494e59507650 integ_alg sha1-96 integ_key 6958633071487352456345317767776244554174
+ipsec_spd_add_del spd_id 1
+ipsec_interface_add_del_spd host-intervpp1 spd_id 1
+ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50 
+ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
+ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 6:0:3::1 laddr_stop 6:0:3::1 raddr_start 6:0:3::2 raddr_stop 6:0:3::2
+ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 6:0:3::1 laddr_stop 6:0:3::1 raddr_start 6:0:3::2 raddr_stop 6:0:3::2
diff --git a/tests/data_plane/configs/vpp_lite_config/ipsec/6o6/vpp2.config b/tests/data_plane/configs/vpp_lite_config/ipsec/6o6/vpp2.config
new file mode 100644
index 0000000..0b688a3
--- /dev/null
+++ b/tests/data_plane/configs/vpp_lite_config/ipsec/6o6/vpp2.config
@@ -0,0 +1,17 @@
+create_host_iface vpp2 6:0:2::1/64
+create_host_iface intervpp2 6:0:3::2/64
+
+lisp_state enable
+lisp_locator_set_with_locator ls1 host-intervpp2 1 1
+lisp_local_eid eid 6:0:2::0/64 locator-set ls1
+lisp_remote_mapping eid 6:0:1::0/64 rloc 6:0:3::1
+lisp_adjacency leid 6:0:2::0/64 reid 6:0:1::0/64
+
+ipsec_sad_add_del_entry esp sad_id 10 spi 1000 crypto_alg aes-cbc-128 crypto_key 69485741315772365051494e59507650 integ_alg sha1-96 integ_key 6958633071487352456345317767776244554174
+ipsec_sad_add_del_entry esp sad_id 20 spi 1001 crypto_alg aes-cbc-128 crypto_key 69485741315772365051494e59507650 integ_alg sha1-96 integ_key 6958633071487352456345317767776244554174
+ipsec_spd_add_del spd_id 1
+ipsec_interface_add_del_spd host-intervpp2 spd_id 1
+ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50 
+ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
+ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 6:0:3::2 laddr_stop 6:0:3::2 raddr_start 6:0:3::1 raddr_stop 6:0:3::1
+ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 6:0:3::2 laddr_stop 6:0:3::2 raddr_start 6:0:3::1 raddr_stop 6:0:3::1
diff --git a/tests/data_plane/vpp_lite_topo/scripts/cmd_mappings.py b/tests/data_plane/vpp_lite_topo/scripts/cmd_mappings.py
index 5520976..7281cc1 100644
--- a/tests/data_plane/vpp_lite_topo/scripts/cmd_mappings.py
+++ b/tests/data_plane/vpp_lite_topo/scripts/cmd_mappings.py
@@ -63,6 +63,11 @@ SimpleMapping('lisp_rloc_probe_state', 'one rloc-probe', 'one_rloc_probe_enable_
 SimpleMapping('lisp_map_register_state', 'one map-register', 'one_map_register_enable_disable')
 SimpleMapping('lisp_stats', 'one statistics', 'one_stats_enable_disable')
 
+SimpleMapping('ipsec_sad_add_del_entry', 'TODO', 'ipsec_sad_add_del_entry')
+SimpleMapping('ipsec_spd_add_del', 'todo', 'ipsec_spd_add_del')
+SimpleMapping('ipsec_interface_add_del_spd' , 'todo', 'ipsec_interface_add_del_spd')
+SimpleMapping('ipsec_spd_add_del_entry', 'todo', 'ipsec_spd_add_del_entry')
+
 CustomMapping('lisp_eid_map_bd',
               'one eid-table map vni {0} bd {1}',
               'one_eid_table_add_del_map vni {0} bd_index {1}')
diff --git a/tests/data_plane/vpp_lite_topo/test_driver/basic_single_icmp.sh b/tests/data_plane/vpp_lite_topo/test_driver/basic_single_icmp.sh
index 39f4f4c..02a9d06 100644
--- a/tests/data_plane/vpp_lite_topo/test_driver/basic_single_icmp.sh
+++ b/tests/data_plane/vpp_lite_topo/test_driver/basic_single_icmp.sh
@@ -31,3 +31,20 @@ function test_single_icmp
   print_status $rc "No ICMP response!"
   exit $test_result
 }
+
+function test_single_icmp_no_counters
+{
+  2_node_topo_setup no_odl
+  maybe_pause
+  test_result=1
+
+  # send only one ping request
+  ip netns exec vppns1 "${1}" -c 1 "${2}"
+  rc=$?
+
+  # test done
+  maybe_pause
+  2_node_topo_clean no_odl
+  print_status $rc "No ICMP response!"
+  exit $test_result
+}
diff --git a/tests/data_plane/vpp_lite_topo/tests/test_ipsec_4o4.sh b/tests/data_plane/vpp_lite_topo/tests/test_ipsec_4o4.sh
new file mode 100755
index 0000000..9f1ff28
--- /dev/null
+++ b/tests/data_plane/vpp_lite_topo/tests/test_ipsec_4o4.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+VPP_LITE_CONF=`pwd`/../configs/vpp_lite_config/ipsec/4o4
+
+source test_driver/basic_single_icmp.sh
+
+test_single_icmp_no_counters ping "6.0.2.2"
diff --git a/tests/data_plane/vpp_lite_topo/tests/test_ipsec_6o6.sh b/tests/data_plane/vpp_lite_topo/tests/test_ipsec_6o6.sh
new file mode 100755
index 0000000..8b99376
--- /dev/null
+++ b/tests/data_plane/vpp_lite_topo/tests/test_ipsec_6o6.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+VPP_LITE_CONF=`pwd`/../configs/vpp_lite_config/ipsec/6o6
+
+source test_driver/basic_single_icmp.sh
+
+test_single_icmp_no_counters ping6 "6:0:2::2"
-- 
cgit 1.2.3-korg