summaryrefslogtreecommitdiffstats
path: root/test/test_ipsec_default.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/test_ipsec_default.py')
-rw-r--r--test/test_ipsec_default.py89
1 files changed, 64 insertions, 25 deletions
diff --git a/test/test_ipsec_default.py b/test/test_ipsec_default.py
index 6ee6f7822a2..f9de210e6dc 100644
--- a/test/test_ipsec_default.py
+++ b/test/test_ipsec_default.py
@@ -33,7 +33,7 @@ packets are dropped as expected.
class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
- """ IPSec: inbound packets drop by default with no matching rule """
+ """IPSec: inbound packets drop by default with no matching rule"""
def test_ipsec_inbound_default_drop(self):
# configure two interfaces and bind the same SPD to both
@@ -43,13 +43,26 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
# catch-all inbound BYPASS policy, all interfaces
inbound_policy = self.spd_add_rem_policy(
- 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10,
- policy_type="bypass", all_ips=True)
+ 1,
+ None,
+ None,
+ socket.IPPROTO_UDP,
+ is_out=0,
+ priority=10,
+ policy_type="bypass",
+ all_ips=True,
+ )
# outbound BYPASS policy allowing traffic from pg0->pg1
outbound_policy = self.spd_add_rem_policy(
- 1, self.pg0, self.pg1, socket.IPPROTO_UDP,
- is_out=1, priority=10, policy_type="bypass")
+ 1,
+ self.pg0,
+ self.pg1,
+ socket.IPPROTO_UDP,
+ is_out=1,
+ priority=10,
+ policy_type="bypass",
+ )
# create a packet stream pg0->pg1 + add to pg0
packets0 = self.create_stream(self.pg0, self.pg1, pkt_count)
@@ -64,8 +77,7 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
try:
self.logger.debug(ppp("SPD - Got packet:", packet))
except Exception:
- self.logger.error(
- ppp("Unexpected or invalid packet:", packet))
+ self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.logger.debug("SPD: Num packets: %s", len(cap1.res))
# verify captures on pg1
@@ -76,8 +88,16 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
# remove inbound catch-all BYPASS rule, traffic should now be dropped
self.spd_add_rem_policy( # inbound, all interfaces
- 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10,
- policy_type="bypass", all_ips=True, remove=True)
+ 1,
+ None,
+ None,
+ socket.IPPROTO_UDP,
+ is_out=0,
+ priority=10,
+ policy_type="bypass",
+ all_ips=True,
+ remove=True,
+ )
# create another packet stream pg0->pg1 + add to pg0
packets1 = self.create_stream(self.pg0, self.pg1, pkt_count)
@@ -85,8 +105,9 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
self.pg_interfaces[1].enable_capture()
self.pg_start()
# confirm traffic has now been dropped
- self.pg1.assert_nothing_captured(remark="inbound pkts with no matching"
- "rules NOT dropped by default")
+ self.pg1.assert_nothing_captured(
+ remark="inbound pkts with no matching" "rules NOT dropped by default"
+ )
# both policies should not have matched any further packets
# since we've dropped at input stage
self.verify_policy_match(pkt_count, outbound_policy)
@@ -94,7 +115,7 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd):
class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
- """ IPSec: outbound packets drop by default with no matching rule """
+ """IPSec: outbound packets drop by default with no matching rule"""
def test_ipsec_inbound_default_drop(self):
# configure two interfaces and bind the same SPD to both
@@ -104,13 +125,26 @@ class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
# catch-all inbound BYPASS policy, all interfaces
inbound_policy = self.spd_add_rem_policy(
- 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10,
- policy_type="bypass", all_ips=True)
+ 1,
+ None,
+ None,
+ socket.IPPROTO_UDP,
+ is_out=0,
+ priority=10,
+ policy_type="bypass",
+ all_ips=True,
+ )
# outbound BYPASS policy allowing traffic from pg0->pg1
outbound_policy = self.spd_add_rem_policy(
- 1, self.pg0, self.pg1, socket.IPPROTO_UDP,
- is_out=1, priority=10, policy_type="bypass")
+ 1,
+ self.pg0,
+ self.pg1,
+ socket.IPPROTO_UDP,
+ is_out=1,
+ priority=10,
+ policy_type="bypass",
+ )
# create a packet stream pg0->pg1 + add to pg0
packets0 = self.create_stream(self.pg0, self.pg1, pkt_count)
@@ -125,8 +159,7 @@ class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
try:
self.logger.debug(ppp("SPD - Got packet:", packet))
except Exception:
- self.logger.error(
- ppp("Unexpected or invalid packet:", packet))
+ self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.logger.debug("SPD: Num packets: %s", len(cap1.res))
# verify captures on pg1
@@ -137,9 +170,15 @@ class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
# remove outbound rule
self.spd_add_rem_policy(
- 1, self.pg0, self.pg1, socket.IPPROTO_UDP,
- is_out=1, priority=10, policy_type="bypass",
- remove=True)
+ 1,
+ self.pg0,
+ self.pg1,
+ socket.IPPROTO_UDP,
+ is_out=1,
+ priority=10,
+ policy_type="bypass",
+ remove=True,
+ )
# create another packet stream pg0->pg1 + add to pg0
packets1 = self.create_stream(self.pg0, self.pg1, pkt_count)
@@ -148,13 +187,13 @@ class IPSecOutboundDefaultDrop(IPSecIPv4Fwd):
self.pg_start()
# confirm traffic was dropped and not forwarded
self.pg1.assert_nothing_captured(
- remark="outbound pkts with no matching rules NOT dropped "
- "by default")
+ remark="outbound pkts with no matching rules NOT dropped " "by default"
+ )
# inbound rule should have matched twice the # of pkts now
- self.verify_policy_match(pkt_count*2, inbound_policy)
+ self.verify_policy_match(pkt_count * 2, inbound_policy)
# as dropped at outbound, outbound policy is the same
self.verify_policy_match(pkt_count, outbound_policy)
-if __name__ == '__main__':
+if __name__ == "__main__":
unittest.main(testRunner=VppTestRunner)