diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-01-23 08:16:17 -0800 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2019-01-24 19:51:37 +0000 |
| commit | 8e4a89bf42196308601de7544abe554df7b0df45 (patch) | |
| tree | 622d478674fa634efae76a926f7f87bbaeb6bd35 /test/test_ipsec_nat.py | |
| parent | e18b45caeb22b5dfe38b86be6beea55efaecf40d (diff) | |
IPSEC Tests: to per-test setup and tearDown
don't do the setup and teardown in class methods so that with
each test the config is added and deleted. that way we test that
delete actually removes state.
more helpful error codes from VPP for existing IPSEC state.
Change-Id: I5de1578f73b935b420d4cdd85aa98d5fdcc682f6
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test/test_ipsec_nat.py')
| -rw-r--r-- | test/test_ipsec_nat.py | 112 |
1 files changed, 55 insertions, 57 deletions
diff --git a/test/test_ipsec_nat.py b/test/test_ipsec_nat.py index e9efa032a13..05befe481b4 100644 --- a/test/test_ipsec_nat.py +++ b/test/test_ipsec_nat.py @@ -31,20 +31,19 @@ class IPSecNATTestCase(TemplateIpsec): icmp_id_in = 6305 icmp_id_out = 6305 - @classmethod - def setUpClass(cls): - super(IPSecNATTestCase, cls).setUpClass() - cls.tun_if = cls.pg0 - cls.vapi.ipsec_spd_add_del(cls.tun_spd_id) - cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id, - cls.tun_if.sw_if_index) - p = cls.ipv4_params - cls.config_esp_tun(p) - cls.logger.info(cls.vapi.ppcli("show ipsec")) + def setUp(self): + super(IPSecNATTestCase, self).setUp() + self.tun_if = self.pg0 + self.vapi.ipsec_spd_add_del(self.tun_spd_id) + self.vapi.ipsec_interface_add_del_spd(self.tun_spd_id, + self.tun_if.sw_if_index) + p = self.ipv4_params + self.config_esp_tun(p) + self.logger.info(self.vapi.ppcli("show ipsec")) src = socket.inet_pton(p.addr_type, p.remote_tun_if_host) - cls.vapi.ip_add_del_route(src, p.addr_len, - cls.tun_if.remote_addr_n[p.addr_type], - is_ipv6=p.is_ipv6) + self.vapi.ip_add_del_route(src, p.addr_len, + self.tun_if.remote_addr_n[p.addr_type], + is_ipv6=p.is_ipv6) def create_stream_plain(self, src_mac, dst_mac, src_ip, dst_ip): return [ @@ -131,8 +130,7 @@ class IPSecNATTestCase(TemplateIpsec): ppp("Unexpected or invalid encrypted packet:", packet)) raise - @classmethod - def config_esp_tun(cls, params): + def config_esp_tun(self, params): addr_type = params.addr_type scapy_tun_sa_id = params.scapy_tun_sa_id scapy_tun_spi = params.scapy_tun_spi @@ -144,50 +142,50 @@ class IPSecNATTestCase(TemplateIpsec): crypt_key = params.crypt_key addr_any = params.addr_any addr_bcast = params.addr_bcast - cls.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi, - auth_algo_vpp_id, auth_key, - crypt_algo_vpp_id, crypt_key, - cls.vpp_esp_protocol, - cls.pg1.remote_addr_n[addr_type], - cls.tun_if.remote_addr_n[addr_type], - udp_encap=1) - cls.vapi.ipsec_sad_add_del_entry(vpp_tun_sa_id, vpp_tun_spi, - auth_algo_vpp_id, auth_key, - crypt_algo_vpp_id, crypt_key, - cls.vpp_esp_protocol, - cls.tun_if.remote_addr_n[addr_type], - cls.pg1.remote_addr_n[addr_type], - udp_encap=1) + self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi, + auth_algo_vpp_id, auth_key, + crypt_algo_vpp_id, crypt_key, + self.vpp_esp_protocol, + self.pg1.remote_addr_n[addr_type], + self.tun_if.remote_addr_n[addr_type], + udp_encap=1) + self.vapi.ipsec_sad_add_del_entry(vpp_tun_sa_id, vpp_tun_spi, + auth_algo_vpp_id, auth_key, + crypt_algo_vpp_id, crypt_key, + self.vpp_esp_protocol, + self.tun_if.remote_addr_n[addr_type], + self.pg1.remote_addr_n[addr_type], + udp_encap=1) l_startaddr = r_startaddr = socket.inet_pton(addr_type, addr_any) l_stopaddr = r_stopaddr = socket.inet_pton(addr_type, addr_bcast) - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id, - l_startaddr, l_stopaddr, r_startaddr, - r_stopaddr, - protocol=socket.IPPROTO_ESP) - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id, - l_startaddr, l_stopaddr, r_startaddr, - r_stopaddr, is_outbound=0, - protocol=socket.IPPROTO_ESP) - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id, - l_startaddr, l_stopaddr, r_startaddr, - r_stopaddr, remote_port_start=4500, - remote_port_stop=4500, - protocol=socket.IPPROTO_UDP) - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id, - l_startaddr, l_stopaddr, r_startaddr, - r_stopaddr, remote_port_start=4500, - remote_port_stop=4500, - protocol=socket.IPPROTO_UDP, - is_outbound=0) - l_startaddr = l_stopaddr = cls.tun_if.remote_addr_n[addr_type] - r_startaddr = r_stopaddr = cls.pg1.remote_addr_n[addr_type] - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, vpp_tun_sa_id, - l_startaddr, l_stopaddr, r_startaddr, - r_stopaddr, priority=10, policy=3, - is_outbound=0) - cls.vapi.ipsec_spd_add_del_entry(cls.tun_spd_id, scapy_tun_sa_id, - r_startaddr, r_stopaddr, l_startaddr, - l_stopaddr, priority=10, policy=3) + self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id, + l_startaddr, l_stopaddr, r_startaddr, + r_stopaddr, + protocol=socket.IPPROTO_ESP) + self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id, + l_startaddr, l_stopaddr, r_startaddr, + r_stopaddr, is_outbound=0, + protocol=socket.IPPROTO_ESP) + self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id, + l_startaddr, l_stopaddr, r_startaddr, + r_stopaddr, remote_port_start=4500, + remote_port_stop=4500, + protocol=socket.IPPROTO_UDP) + self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id, + l_startaddr, l_stopaddr, r_startaddr, + r_stopaddr, remote_port_start=4500, + remote_port_stop=4500, + protocol=socket.IPPROTO_UDP, + is_outbound=0) + l_startaddr = l_stopaddr = self.tun_if.remote_addr_n[addr_type] + r_startaddr = r_stopaddr = self.pg1.remote_addr_n[addr_type] + self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, vpp_tun_sa_id, + l_startaddr, l_stopaddr, r_startaddr, + r_stopaddr, priority=10, policy=3, + is_outbound=0) + self.vapi.ipsec_spd_add_del_entry(self.tun_spd_id, scapy_tun_sa_id, + r_startaddr, r_stopaddr, l_startaddr, + l_stopaddr, priority=10, policy=3) def test_ipsec_nat_tun(self): """ IPSec/NAT tunnel test case """ |