diff options
Diffstat (limited to 'test/test_ipsec_tun_if_esp.py')
-rw-r--r-- | test/test_ipsec_tun_if_esp.py | 53 |
1 files changed, 51 insertions, 2 deletions
diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py index 55e85b1a4b2..3cd2521e04d 100644 --- a/test/test_ipsec_tun_if_esp.py +++ b/test/test_ipsec_tun_if_esp.py @@ -133,16 +133,42 @@ class TemplateIpsec4TunIfEspUdp(TemplateIpsec): def tearDownClass(cls): super(TemplateIpsec4TunIfEspUdp, cls).tearDownClass() + def verify_encrypted(self, p, sa, rxs): + for rx in rxs: + try: + # ensure the UDP ports are correct before we decrypt + # which strips them + self.assertTrue(rx.haslayer(UDP)) + self.assert_equal(rx[UDP].sport, 4500) + self.assert_equal(rx[UDP].dport, 4500) + + pkt = sa.decrypt(rx[IP]) + if not pkt.haslayer(IP): + pkt = IP(pkt[Raw].load) + + self.assert_packet_checksums_valid(pkt) + self.assert_equal(pkt[IP].dst, "1.1.1.1") + self.assert_equal(pkt[IP].src, self.pg1.remote_ip4) + except (IndexError, AssertionError): + self.logger.debug(ppp("Unexpected packet:", rx)) + try: + self.logger.debug(ppp("Decrypted packet:", pkt)) + except: + pass + raise + def setUp(self): super(TemplateIpsec4TunIfEspUdp, self).setUp() - self.tun_if = self.pg0 - p = self.ipv4_params p.flags = (VppEnum.vl_api_ipsec_sad_flags_t. IPSEC_API_SAD_FLAG_UDP_ENCAP) p.nat_header = UDP(sport=5454, dport=4500) + def config_network(self): + + self.tun_if = self.pg0 + p = self.ipv4_params p.tun_if = VppIpsecTunInterface(self, self.pg0, p.vpp_tun_spi, p.scapy_tun_spi, p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, @@ -204,11 +230,34 @@ class TestIpsec4TunIfEspUdp(TemplateIpsec4TunIfEspUdp, IpsecTun4Tests): tun4_input_node = "ipsec4-tun-input" + def setUp(self): + super(TemplateIpsec4TunIfEspUdp, self).setUp() + self.config_network() + def test_keepalive(self): """ IPSEC NAT Keepalive """ self.verify_keepalive(self.ipv4_params) +class TestIpsec4TunIfEspUdpGCM(TemplateIpsec4TunIfEspUdp, IpsecTun4Tests): + """ Ipsec ESP UDP GCM tests """ + + tun4_input_node = "ipsec4-tun-input" + + def setUp(self): + super(TemplateIpsec4TunIfEspUdp, self).setUp() + p = self.ipv4_params + p.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE) + p.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_256) + p.crypt_algo = "AES-GCM" + p.auth_algo = "NULL" + p.crypt_key = b"JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h" + p.salt = 0 + self.config_network() + + class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests): """ Ipsec ESP - TCP tests """ pass |