aboutsummaryrefslogtreecommitdiffstats
path: root/test/test_wireguard.py
diff options
context:
space:
mode:
authorArtem Glazychev <artem.glazychev@xored.com>2021-05-25 12:06:42 +0700
committerEd Warnicke <hagbard@gmail.com>2021-10-04 16:21:34 +0000
commit9e24f7eb911fc5ab7558109286fe8e1d2774ea93 (patch)
treef7aa375e88ee3d2325fb430bc4012b1ff012d734 /test/test_wireguard.py
parent039f289e516b073f6db67f7b35aa3aa64fdc9c82 (diff)
wireguard: use the same udp-port for multi-tunnel
now we can reuse udp-port for many wireguard interfaces Type: improvement Change-Id: I14b5a9dbe917d83300ccb4d6907743d88355e5c5 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Diffstat (limited to 'test/test_wireguard.py')
-rwxr-xr-xtest/test_wireguard.py104
1 files changed, 104 insertions, 0 deletions
diff --git a/test/test_wireguard.py b/test/test_wireguard.py
index 206425e14fd..96c1bc0f5fd 100755
--- a/test/test_wireguard.py
+++ b/test/test_wireguard.py
@@ -677,6 +677,106 @@ class TestWg(VppTestCase):
wg0.remove_vpp_config()
wg1.remove_vpp_config()
+ def test_wg_multi_interface(self):
+ """ Multi-tunnel on the same port """
+ port = 12500
+
+ # Create many wireguard interfaces
+ NUM_IFS = 4
+ self.pg1.generate_remote_hosts(NUM_IFS)
+ self.pg1.configure_ipv4_neighbors()
+ self.pg0.generate_remote_hosts(NUM_IFS)
+ self.pg0.configure_ipv4_neighbors()
+
+ # Create interfaces with a peer on each
+ peers = []
+ routes = []
+ wg_ifs = []
+ for i in range(NUM_IFS):
+ # Use the same port for each interface
+ wg0 = VppWgInterface(self,
+ self.pg1.local_ip4,
+ port).add_vpp_config()
+ wg0.admin_up()
+ wg0.config_ip4()
+ wg_ifs.append(wg0)
+ peers.append(VppWgPeer(self,
+ wg0,
+ self.pg1.remote_hosts[i].ip4,
+ port+1+i,
+ ["10.0.%d.0/24" % i]).add_vpp_config())
+
+ routes.append(VppIpRoute(self, "10.0.%d.0" % i, 24,
+ [VppRoutePath("10.0.%d.4" % i,
+ wg0.sw_if_index)]).add_vpp_config())
+
+ self.assertEqual(len(self.vapi.wireguard_peers_dump()), NUM_IFS)
+
+ for i in range(NUM_IFS):
+ # send a valid handsake init for which we expect a response
+ p = peers[i].mk_handshake(self.pg1)
+ rx = self.send_and_expect(self.pg1, [p], self.pg1)
+ peers[i].consume_response(rx[0])
+
+ # send a data packet from the peer through the tunnel
+ # this completes the handshake
+ p = (IP(src="10.0.%d.4" % i,
+ dst=self.pg0.remote_hosts[i].ip4, ttl=20) /
+ UDP(sport=222, dport=223) /
+ Raw())
+ d = peers[i].encrypt_transport(p)
+ p = (peers[i].mk_tunnel_header(self.pg1) /
+ (Wireguard(message_type=4, reserved_zero=0) /
+ WireguardTransport(receiver_index=peers[i].sender,
+ counter=0,
+ encrypted_encapsulated_packet=d)))
+ rxs = self.send_and_expect(self.pg1, [p], self.pg0)
+ for rx in rxs:
+ self.assertEqual(rx[IP].dst, self.pg0.remote_hosts[i].ip4)
+ self.assertEqual(rx[IP].ttl, 19)
+
+ # send a packets that are routed into the tunnel
+ for i in range(NUM_IFS):
+ p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
+ IP(src=self.pg0.remote_hosts[i].ip4, dst="10.0.%d.4" % i) /
+ UDP(sport=555, dport=556) /
+ Raw(b'\x00' * 80))
+
+ rxs = self.send_and_expect(self.pg0, p * 64, self.pg1)
+
+ for rx in rxs:
+ rx = IP(peers[i].decrypt_transport(rx))
+
+ # check the oringial packet is present
+ self.assertEqual(rx[IP].dst, p[IP].dst)
+ self.assertEqual(rx[IP].ttl, p[IP].ttl-1)
+
+ # send packets into the tunnel
+ for i in range(NUM_IFS):
+ p = [(peers[i].mk_tunnel_header(self.pg1) /
+ Wireguard(message_type=4, reserved_zero=0) /
+ WireguardTransport(
+ receiver_index=peers[i].sender,
+ counter=ii+1,
+ encrypted_encapsulated_packet=peers[i].encrypt_transport(
+ (IP(src="10.0.%d.4" % i,
+ dst=self.pg0.remote_hosts[i].ip4, ttl=20) /
+ UDP(sport=222, dport=223) /
+ Raw())))) for ii in range(64)]
+
+ rxs = self.send_and_expect(self.pg1, p, self.pg0)
+
+ for rx in rxs:
+ self.assertEqual(rx[IP].dst, self.pg0.remote_hosts[i].ip4)
+ self.assertEqual(rx[IP].ttl, 19)
+
+ for r in routes:
+ r.remove_vpp_config()
+ for p in peers:
+ p.remove_vpp_config()
+ for i in wg_ifs:
+ i.remove_vpp_config()
+
class WireguardHandoffTests(TestWg):
""" Wireguard Tests in multi worker setup """
@@ -768,3 +868,7 @@ class WireguardHandoffTests(TestWg):
r1.remove_vpp_config()
peer_1.remove_vpp_config()
wg0.remove_vpp_config()
+
+ @unittest.skip("test disabled")
+ def test_wg_multi_interface(self):
+ """ Multi-tunnel on the same port """