diff options
Diffstat (limited to 'test/test_ipsec_esp.py')
-rw-r--r-- | test/test_ipsec_esp.py | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 209298a30a4..50c6f5c8db5 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -466,6 +466,90 @@ class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests): pass +class TestIpsecEspAsync(TemplateIpsecEsp): + """ Ipsec ESP - Aysnc tests """ + + worker_config = "workers 2" + + def setUp(self): + super(TestIpsecEspAsync, self).setUp() + + self.vapi.ipsec_set_async_mode(async_enable=True) + self.p4 = IPsecIPv4Params() + + self.p4.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_256) + self.p4.crypt_algo = 'AES-CBC' # scapy name + self.p4.crypt_key = b'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h' + + self.p4.scapy_tun_sa_id += 0xf0000 + self.p4.scapy_tun_spi += 0xf0000 + self.p4.vpp_tun_sa_id += 0xf0000 + self.p4.vpp_tun_spi += 0xf0000 + self.p4.remote_tun_if_host = "2.2.2.2" + e = VppEnum.vl_api_ipsec_spd_action_t + + self.p4.sa = VppIpsecSA( + self, + self.p4.vpp_tun_sa_id, + self.p4.vpp_tun_spi, + self.p4.auth_algo_vpp_id, + self.p4.auth_key, + self.p4.crypt_algo_vpp_id, + self.p4.crypt_key, + self.vpp_esp_protocol, + self.tun_if.local_addr[self.p4.addr_type], + self.tun_if.remote_addr[self.p4.addr_type]).add_vpp_config() + self.p4.spd = VppIpsecSpdEntry( + self, + self.tun_spd, + self.p4.vpp_tun_sa_id, + self.pg1.remote_addr[self.p4.addr_type], + self.pg1.remote_addr[self.p4.addr_type], + self.p4.remote_tun_if_host, + self.p4.remote_tun_if_host, + 0, + priority=1, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, + is_outbound=1).add_vpp_config() + VppIpRoute(self, self.p4.remote_tun_if_host, self.p4.addr_len, + [VppRoutePath(self.tun_if.remote_addr[self.p4.addr_type], + 0xffffffff)]).add_vpp_config() + config_tun_params(self.p4, self.encryption_type, self.tun_if) + + def test_dual_stream(self): + """ Alternating SAs """ + p = self.params[self.p4.addr_type] + + pkts = [(Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / + IP(src=self.pg1.remote_ip4, + dst=self.p4.remote_tun_if_host) / + UDP(sport=4444, dport=4444) / + Raw(b'0x0' * 200)), + (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / + IP(src=self.pg1.remote_ip4, + dst=p.remote_tun_if_host) / + UDP(sport=4444, dport=4444) / + Raw(b'0x0' * 200))] + pkts *= 1023 + + rxs = self.send_and_expect(self.pg1, pkts, self.pg0) + + self.assertEqual(len(rxs), len(pkts)) + + for rx in rxs: + if rx[ESP].spi == p.scapy_tun_spi: + decrypted = p.vpp_tun_sa.decrypt(rx[IP]) + elif rx[ESP].spi == self.p4.vpp_tun_spi: + decrypted = self.p4.scapy_tun_sa.decrypt(rx[IP]) + else: + rx.show() + self.assertTrue(False) + + self.p4.spd.remove_vpp_config() + self.p4.sa.remove_vpp_config() + + class TestIpsecEspHandoff(TemplateIpsecEsp, IpsecTun6HandoffTests, IpsecTun4HandoffTests): |