summaryrefslogtreecommitdiffstats
path: root/test/test_ipsec_tun_if_esp.py
AgeCommit message (Expand)AuthorFilesLines
2021-03-25stats: python vpp_stats rewrite to access stat segment directlyOle Troan1-96/+48
2021-03-15tests: use socket transport instead of shared memoryOle Troan1-2/+2
2021-02-25tests: Add tests for IPSec async mode using the crypto SW schedulerNeale Ranns1-28/+28
2021-02-25ipsec: enable input features on tunnelsBrian Russell1-0/+236
2021-02-11tests: tag the tests that do not work with multi-worker configurationAndrew Yourtchenko1-0/+10
2021-02-10ipsec: Use the new tunnel API types to add flow label and TTL copyNeale Ranns1-6/+28
2021-02-09Revert "ipsec: Use the new tunnel API types to add flow label and TTL copy"Matthew Smith1-28/+6
2021-02-08ipsec: Use the new tunnel API types to add flow label and TTL copyNeale Ranns1-6/+28
2021-01-18ipsec: Support MPLS over IPSec[46] interfaceNeale Ranns1-1/+156
2021-01-07ipsec: Deprecated the old IPsec Tunnel interfaceNeale Ranns1-350/+257
2020-11-25ipsec: A P2MP ipsec interface is NBMANeale Ranns1-0/+2
2020-11-02ipsec: Tunnel SA DSCP behaviourNeale Ranns1-12/+18
2020-10-21ipsec: support for multipoint on ipsec interfacesNeale Ranns1-1/+124
2020-10-16ipsec: fix instance, and cli del for new ipsec interfaceEric Kinzie1-2/+20
2020-10-08ipsec: Allow SAs with NULL auth &crypto on IPSec interfaceNeale Ranns1-4/+25
2020-07-21ipsec: Dedicated IPSec interface typeNeale Ranns1-4/+302
2020-05-13feature: Config end nodes are user specificNeale Ranns1-0/+12
2020-05-05ipsec: User can choose the UDP source portNeale Ranns1-3/+133
2020-05-04fib: midchain adjacency optimisationsNeale Ranns1-2/+3
2020-03-31ipsec: fix udp-encap in transport modeAlexander Chernavin1-2/+51
2020-02-21ipsec: IPSec protection for multi-point tunnel interfacesNeale Ranns1-16/+281
2020-02-05ipsec: set l2_len for GRE-TEB tunnel decapJohn Lo1-1/+122
2020-01-04ipsec: AH copy destination and source address from templateNeale Ranns1-8/+12
2020-01-04ipsec: Targeted unit testingNeale Ranns1-5/+315
2019-12-23ipsec: Test and fix IPSec worker hand-offNeale Ranns1-2/+18
2019-12-18ipsec: Fix decap of IPSEC/GRE in transport modeNeale Ranns1-1/+125
2019-12-14tests: changes for scapy 2.4.3 migrationsnaramre1-5/+6
2019-12-02tests: GRE over IPSec unit testsNeale Ranns1-0/+97
2019-11-08ipsec: remove dedicated IPSec tunnelsNeale Ranns1-56/+90
2019-11-08tests: python3 use byte strings in raw()Ole Troan1-8/+8
2019-10-18ipsec: make tests support python3Ole Troan1-13/+13
2019-09-27ipsec: support 4o6 and 6o4 for tunnel protectNeale Ranns1-2/+40
2019-08-27ipsec: Fix NULL encryption algorithmNeale Ranns1-0/+8
2019-07-16ipsec: handle UDP keepalivesNeale Ranns1-8/+113
2019-07-10tests: Re-enable ipsec tests on ARMjuraj.linkes1-3/+1
2019-06-18ipsec: fix ipv6 tunnel protect testsFlorin Coras1-2/+1
2019-06-18ipsec: ipsec-tun protectNeale Ranns1-30/+629
2019-06-18fib: fib api updatesNeale Ranns1-21/+23
2019-05-29make test: fix packet counter assertKlement Sekera1-5/+13
2019-04-18IPSEC: tunnel rekey fix and test (VPP-1652)Neale Ranns1-0/+57
2019-04-17IPSEC: Pass the algorithm salt (used in GCM) over the APINeale Ranns1-9/+9
2019-04-16IPSEC: support GCM in ESPNeale Ranns1-0/+127
2019-04-10Tests Cleanup: Fix missing calls to setUpClass/tearDownClass.Paul Vinciguerra1-0/+8
2019-04-02IPSEC-GRE; testsNeale Ranns1-2/+114
2019-03-29IPSEC: tunnel fragmentationNeale Ranns1-11/+23
2019-03-28IPSEC: 4o6 and 6o4 for tunnel interfacesNeale Ranns1-0/+26
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns1-2/+2
2019-03-28Typos. A bunch of typos I've been collecting.Paul Vinciguerra1-1/+1
2019-03-21IPSEC: Mutli-tunnel testsNeale Ranns1-2/+125
2019-03-21ipsec: add ipv6 support for ipsec tunnel interfaceKingwel Xie1-7/+46
. :param VppInterface rx_if: Interface to verify captured packet stream. :param list capture: Captured packet stream. :param Scapy ip_l: Required IP layer - IP or IPv6. (Default is IP.) """ self.logger.info("Verifying capture on interface %s" % rx_if.name) count = 0 host_counters = {} for host_mac in rx_if._hosts_by_mac: host_counters[host_mac] = 0 for packet in capture: try: ip_received = packet[ip_l] payload_info = self.payload_to_info(packet[Raw]) packet_index = payload_info.index ip_sent = self._packet_infos[packet_index].data[ip_l] self.logger.debug("Got packet on port %s: src=%u (id=%u)" % (rx_if.name, payload_info.src, packet_index)) # Check standard fields self.assertIn(packet.dst, rx_if._hosts_by_mac, "Destination MAC address %s shouldn't be routed " "via interface %s" % (packet.dst, rx_if.name)) self.assertEqual(packet.src, rx_if.local_mac) self.assertEqual(ip_received.src, ip_sent.src) self.assertEqual(ip_received.dst, ip_sent.dst) host_counters[packet.dst] += 1 self._packet_infos.pop(packet_index) except: self.logger.error(ppp("Unexpected or invalid packet:", packet)) raise # We expect packet routed via all host of pg interface for host_mac in host_counters: nr = host_counters[host_mac] self.assertNotEqual( nr, 0, "No packet routed via host %s" % host_mac) self.logger.info("%u packets routed via host %s of %s interface" % (nr, host_mac, rx_if.name)) count += nr self.logger.info("Total amount of %u packets routed via %s interface" % (count, rx_if.name)) return count def create_ip_routes(self, dst_ip_net, dst_prefix_len, is_ipv6=0): """ Create IP routes for defined destination IP network. :param str dst_ip_net: Destination IP network. :param int dst_prefix_len: IP address prefix length. :param int is_ipv6: 0 if an ip4 route, else ip6 """ paths = [] for pg_if in self.pg_interfaces[1:]: for nh_host in pg_if.remote_hosts: nh_host_ip = nh_host.ip4 if is_ipv6 == 0 else nh_host.ip6 paths.append(VppRoutePath(nh_host_ip, pg_if.sw_if_index)) rip = VppIpRoute(self, dst_ip_net, dst_prefix_len, paths) rip.add_vpp_config() self.logger.info("Route via %s on %s created" % (nh_host_ip, pg_if.name)) self.logger.debug(self.vapi.ppcli("show ip fib")) self.logger.debug(self.vapi.ppcli("show ip6 fib")) def test_ip_ecmp(self): """ IP equal-cost multi-path routing test """ src_ip_net = '16.0.0.1' dst_ip_net = '32.0.0.1' ip_prefix_len = 24 self.create_ip_routes(dst_ip_net, ip_prefix_len) pkts = self.create_stream(self.pg0, src_ip_net, dst_ip_net, ip_prefix_len, self.pg_if_packet_sizes) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() # We expect packets on pg1, pg2 and pg3, but not on pg0 rx_count = 0 for pg_if in self.pg_interfaces[1:]: capture = pg_if._get_capture(timeout=1) self.assertNotEqual( len(capture), 0, msg="No packets captured on %s" % pg_if.name) rx_count += self.verify_capture(pg_if, capture) self.pg0.assert_nothing_captured(remark="IP packets forwarded on pg0") # Check that all packets were forwarded via pg1, pg2 and pg3 self.assertEqual(rx_count, len(pkts)) def test_ip6_ecmp(self): """ IPv6 equal-cost multi-path routing test """ src_ip_net = '3ffe:51::1' dst_ip_net = '3ffe:71::1' ip_prefix_len = 64 self.create_ip_routes(dst_ip_net, ip_prefix_len, is_ipv6=1) pkts = self.create_stream( self.pg0, src_ip_net, dst_ip_net, ip_prefix_len, self.pg_if_packet_sizes, ip_l=IPv6) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() # We expect packets on pg1, pg2 and pg3, but not on pg0 rx_count = 0 for pg_if in self.pg_interfaces[1:]: capture = pg_if._get_capture(timeout=1) self.assertNotEqual( len(capture), 0, msg="No packets captured on %s" % pg_if.name) rx_count += self.verify_capture(pg_if, capture, ip_l=IPv6) self.pg0.assert_nothing_captured(remark="IP packets forwarded on pg0") # Check that all packets were forwarded via pg1, pg2 and pg3 self.assertEqual(rx_count, len(pkts)) if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)