summaryrefslogtreecommitdiffstats
path: root/test/test_ikev2.py
AgeCommit message (Collapse)AuthorFilesLines
2024-02-14ikev2: dump state and profile name in CLI and APIDenys Haryachyy1-0/+89
Type: improvement Change-Id: Ide4b45da99e3a67376281f6438997f3148be08e5 Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
2024-02-09ikev2: accept rekey request for IKE SAAtzm Watanabe1-24/+152
RFC 7296 describes the way to rekey IKE SAs: to rekey an IKE SA, establish a new equivalent IKE SA with the peer to whom the old IKE SA is shared using a CREATE_CHILD_SA within the existing IKE SA. An IKE SA so created inherits all of the original IKE SA's Child SAs, and the new IKE SA is used for all control messages needed to maintain those Child SAs. Type: improvement Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: Icdf43b67c38bf183913a28a08a85236ba16343af
2023-11-03tests: refactor asf framework codeDave Wallace1-3/+9
- Make framework.py classes a subset of asfframework.py classes - Remove all packet related code from asfframework.py - Add test class and test case set up debug output to log - Repatriate packet tests from asf to test directory - Remove non-packet related code from framework.py and inherit them from asfframework.py classes - Clean up unused import variables - Re-enable BFD tests on Ubuntu 22.04 and fix intermittent test failures in echo_looped_back testcases (where # control packets verified but not guaranteed to be received during test) - Re-enable Wireguard tests on Ubuntu 22.04 and fix intermittent test failures in handshake ratelimiting testcases and event testcase - Run Wiregard testcase suites solo - Improve debug output in log.txt - Increase VCL/LDP post sleep timeout to allow iperf server to finish cleanly. - Fix pcap history files to be sorted by suite and testcase and ensure order/timestamp is correct based on creation in the testcase. - Decode pcap files for each suite and testcase for all errors or if configured via comandline option / env var - Improve vpp corefile detection to allow complete corefile generation - Disable vm vpp interfaces testcases on debian11 - Clean up failed unittest dir when retrying failed testcases and unify testname directory and failed linknames into framwork functions Type: test Change-Id: I0764f79ea5bb639d278bf635ed2408d4d5220e1e Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-10-03build: add ability to disable some plugins from packaging and testsAndrew Yourtchenko1-0/+2
When custom-packaging the VPP artifacts, it can be useful to exclude some of the core plugins from packaging/testing, for some reasons. A removal of a plugin(s) from the worktree needs to be tracked as a separate change, and thus is tricky from the maintenance point of view. This change adds the ability to "pretend they do not exist" - plugins which are added to the comma-separated environment variable "VPP_EXCLUDED_PLUGINS" will not be added to the build process and not packaged. The tests do not have the 1:1 relationship as plugins, so they might need to be modified separately. This change includes some of these modifications as an example. Type: feature Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Id31562d00a01ced1acbb4996a633517cbd6f09d8
2022-09-27tests: disable failing tests on ubuntu-22.04 debian-11Dave Wallace1-1/+8
Type: test Change-Id: I7b2314a731c83b3dcd69c999edb8ebed53839724 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-08-18ikev2: accept key exchange on CREATE_CHILD_SAAtzm Watanabe1-9/+53
In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload to enable stronger guarantees of forward secrecy. When the KEi payload is included in the CREATE_CHILD_SA request, responder should reply with the KEr payload and complete the key exchange, in accordance with the RFC. Type: improvement Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I13cf6cf24359c11c3366757e585195bb7e999638
2022-08-10ikev2: do not accept rekey until old SA is deletedAtzm Watanabe1-9/+39
Type: fix Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I11b6107492004a45104857dc2dae01b9a5a01e3b
2022-08-08ikev2: fix rekeying with multiple notify payloadsAtzm Watanabe1-1/+8
Type: fix Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I065bd5c26055d863d786023970e7deeed261b31c
2022-05-10tests: replace pycodestyle with blackKlement Sekera1-750/+948
Drop pycodestyle for code style checking in favor of black. Black is much faster, stable PEP8 compliant code style checker offering also automatic formatting. It aims to be very stable and produce smallest diffs. It's used by many small and big projects. Running checkstyle with black takes a few seconds with a terse output. Thus, test-checkstyle-diff is no longer necessary. Expand scope of checkstyle to all python files in the repo, replacing test-checkstyle with checkstyle-python. Also, fixstyle-python is now available for automatic style formatting. Note: python virtualenv has been consolidated in test/Makefile, test/requirements*.txt which will eventually be moved to a central location. This is required to simply the automated generation of docker executor images in the CI. Type: improvement Change-Id: I022a326603485f58585e879ac0f697fceefbc9c8 Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-02-17tests: make tests less make dependentKlement Sekera1-1/+2
Implement command line argument parsing instead of passing arguments via environment variables. Add script for running tests without having to invoke make. Deprecate running tests via make. Type: improvement Change-Id: I2e3054a61a2ae25d460e9be00be7d7705fbf943e Signed-off-by: Klement Sekera <ksekera@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2021-10-07ikev2: do not require optional IDr on IKE AUTHBenoît Ganne1-12/+31
IDr is optional in IKE AUTH from the initiator. In that case, the responder is free to use any matching profile and fills the corresponding IDr in the response. The initiator is then free to accept or reject it. Type: improvement Change-Id: I07a1c64a40ed22bd41767c259406238bbbab5cf4 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-09-27ikev2: support variable-length noncesBenoît Ganne1-1/+3
IKEv2 nonces can be 16 to 256 bytes. Type: fix Change-Id: Ib332028594355c9e5b462bddb7e4dffbcdc9a927 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-26ikev2: check for valid cipher + integrityBenoît Ganne1-1/+1
Type: improvement Change-Id: Ic09b2c777a7c82e8d7074164280f817f9141529b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-05-13tests: move test source to vpp/testDave Wallace1-0/+2059
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e