diff options
Diffstat (limited to 'test/test_ipsec_default.py')
| -rw-r--r-- | test/test_ipsec_default.py | 89 |
1 files changed, 64 insertions, 25 deletions
diff --git a/test/test_ipsec_default.py b/test/test_ipsec_default.py index 6ee6f7822a2..f9de210e6dc 100644 --- a/test/test_ipsec_default.py +++ b/test/test_ipsec_default.py @@ -33,7 +33,7 @@ packets are dropped as expected. class IPSecInboundDefaultDrop(IPSecIPv4Fwd): - """ IPSec: inbound packets drop by default with no matching rule """ + """IPSec: inbound packets drop by default with no matching rule""" def test_ipsec_inbound_default_drop(self): # configure two interfaces and bind the same SPD to both @@ -43,13 +43,26 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd): # catch-all inbound BYPASS policy, all interfaces inbound_policy = self.spd_add_rem_policy( - 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10, - policy_type="bypass", all_ips=True) + 1, + None, + None, + socket.IPPROTO_UDP, + is_out=0, + priority=10, + policy_type="bypass", + all_ips=True, + ) # outbound BYPASS policy allowing traffic from pg0->pg1 outbound_policy = self.spd_add_rem_policy( - 1, self.pg0, self.pg1, socket.IPPROTO_UDP, - is_out=1, priority=10, policy_type="bypass") + 1, + self.pg0, + self.pg1, + socket.IPPROTO_UDP, + is_out=1, + priority=10, + policy_type="bypass", + ) # create a packet stream pg0->pg1 + add to pg0 packets0 = self.create_stream(self.pg0, self.pg1, pkt_count) @@ -64,8 +77,7 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd): try: self.logger.debug(ppp("SPD - Got packet:", packet)) except Exception: - self.logger.error( - ppp("Unexpected or invalid packet:", packet)) + self.logger.error(ppp("Unexpected or invalid packet:", packet)) raise self.logger.debug("SPD: Num packets: %s", len(cap1.res)) # verify captures on pg1 @@ -76,8 +88,16 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd): # remove inbound catch-all BYPASS rule, traffic should now be dropped self.spd_add_rem_policy( # inbound, all interfaces - 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10, - policy_type="bypass", all_ips=True, remove=True) + 1, + None, + None, + socket.IPPROTO_UDP, + is_out=0, + priority=10, + policy_type="bypass", + all_ips=True, + remove=True, + ) # create another packet stream pg0->pg1 + add to pg0 packets1 = self.create_stream(self.pg0, self.pg1, pkt_count) @@ -85,8 +105,9 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd): self.pg_interfaces[1].enable_capture() self.pg_start() # confirm traffic has now been dropped - self.pg1.assert_nothing_captured(remark="inbound pkts with no matching" - "rules NOT dropped by default") + self.pg1.assert_nothing_captured( + remark="inbound pkts with no matching" "rules NOT dropped by default" + ) # both policies should not have matched any further packets # since we've dropped at input stage self.verify_policy_match(pkt_count, outbound_policy) @@ -94,7 +115,7 @@ class IPSecInboundDefaultDrop(IPSecIPv4Fwd): class IPSecOutboundDefaultDrop(IPSecIPv4Fwd): - """ IPSec: outbound packets drop by default with no matching rule """ + """IPSec: outbound packets drop by default with no matching rule""" def test_ipsec_inbound_default_drop(self): # configure two interfaces and bind the same SPD to both @@ -104,13 +125,26 @@ class IPSecOutboundDefaultDrop(IPSecIPv4Fwd): # catch-all inbound BYPASS policy, all interfaces inbound_policy = self.spd_add_rem_policy( - 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10, - policy_type="bypass", all_ips=True) + 1, + None, + None, + socket.IPPROTO_UDP, + is_out=0, + priority=10, + policy_type="bypass", + all_ips=True, + ) # outbound BYPASS policy allowing traffic from pg0->pg1 outbound_policy = self.spd_add_rem_policy( - 1, self.pg0, self.pg1, socket.IPPROTO_UDP, - is_out=1, priority=10, policy_type="bypass") + 1, + self.pg0, + self.pg1, + socket.IPPROTO_UDP, + is_out=1, + priority=10, + policy_type="bypass", + ) # create a packet stream pg0->pg1 + add to pg0 packets0 = self.create_stream(self.pg0, self.pg1, pkt_count) @@ -125,8 +159,7 @@ class IPSecOutboundDefaultDrop(IPSecIPv4Fwd): try: self.logger.debug(ppp("SPD - Got packet:", packet)) except Exception: - self.logger.error( - ppp("Unexpected or invalid packet:", packet)) + self.logger.error(ppp("Unexpected or invalid packet:", packet)) raise self.logger.debug("SPD: Num packets: %s", len(cap1.res)) # verify captures on pg1 @@ -137,9 +170,15 @@ class IPSecOutboundDefaultDrop(IPSecIPv4Fwd): # remove outbound rule self.spd_add_rem_policy( - 1, self.pg0, self.pg1, socket.IPPROTO_UDP, - is_out=1, priority=10, policy_type="bypass", - remove=True) + 1, + self.pg0, + self.pg1, + socket.IPPROTO_UDP, + is_out=1, + priority=10, + policy_type="bypass", + remove=True, + ) # create another packet stream pg0->pg1 + add to pg0 packets1 = self.create_stream(self.pg0, self.pg1, pkt_count) @@ -148,13 +187,13 @@ class IPSecOutboundDefaultDrop(IPSecIPv4Fwd): self.pg_start() # confirm traffic was dropped and not forwarded self.pg1.assert_nothing_captured( - remark="outbound pkts with no matching rules NOT dropped " - "by default") + remark="outbound pkts with no matching rules NOT dropped " "by default" + ) # inbound rule should have matched twice the # of pkts now - self.verify_policy_match(pkt_count*2, inbound_policy) + self.verify_policy_match(pkt_count * 2, inbound_policy) # as dropped at outbound, outbound policy is the same self.verify_policy_match(pkt_count, outbound_policy) -if __name__ == '__main__': +if __name__ == "__main__": unittest.main(testRunner=VppTestRunner) |