From b4d3053445499a115f0f4debde6a8c7b29a8c071 Mon Sep 17 00:00:00 2001 From: Klement Sekera Date: Thu, 8 Nov 2018 13:00:02 +0100 Subject: ipsec: infra for selecting backends Change-Id: Ifa6d8391b1b2413a88b7720fc434e0bc849a149a Signed-off-by: Klement Sekera Signed-off-by: Andrew Yourtchenko --- test/template_ipsec.py | 6 ++++ test/test_ipsec_ah.py | 19 +++++------ test/test_ipsec_api.py | 78 +++++++++++++++++++++++++++++++++++++++++++ test/test_ipsec_esp.py | 9 ++++- test/test_ipsec_tun_if_esp.py | 3 +- test/vpp_papi_provider.py | 7 ++++ 6 files changed, 109 insertions(+), 13 deletions(-) create mode 100644 test/test_ipsec_api.py (limited to 'test') diff --git a/test/template_ipsec.py b/test/template_ipsec.py index bf13d71f631..bb45696d21c 100644 --- a/test/template_ipsec.py +++ b/test/template_ipsec.py @@ -95,6 +95,11 @@ class TemplateIpsec(VppTestCase): vpp_esp_protocol = 1 vpp_ah_protocol = 0 + @classmethod + def ipsec_select_backend(cls): + """ empty method to be overloaded when necessary """ + pass + @classmethod def setUpClass(cls): super(TemplateIpsec, cls).setUpClass() @@ -106,6 +111,7 @@ class TemplateIpsec(VppTestCase): i.resolve_arp() i.config_ip6() i.resolve_ndp() + cls.ipsec_select_backend() def tearDown(self): super(TemplateIpsec, self).tearDown() diff --git a/test/test_ipsec_ah.py b/test/test_ipsec_ah.py index 59f6864821f..e832bfa2a27 100644 --- a/test/test_ipsec_ah.py +++ b/test/test_ipsec_ah.py @@ -12,16 +12,6 @@ class TemplateIpsecAh(TemplateIpsec): """ Basic test for IPSEC using AH transport and Tunnel mode - Below 4 cases are covered as part of this test - 1) ipsec ah v4 transport basic test - IPv4 Transport mode - scenario using HMAC-SHA1-96 intergrity algo - 2) ipsec ah v4 transport burst test - Above test for 257 pkts - 3) ipsec ah 4o4 tunnel basic test - IPv4 Tunnel mode - scenario using HMAC-SHA1-96 intergrity algo - 4) ipsec ah 4o4 tunnel burst test - Above test for 257 pkts - TRANSPORT MODE: --- encrypt --- @@ -180,7 +170,14 @@ class TemplateIpsecAh(TemplateIpsec): class TestIpsecAh1(TemplateIpsecAh, IpsecTraTests, IpsecTunTests): """ Ipsec AH - TUN & TRA tests """ - pass + tra4_encrypt_node_name = "ah4-encrypt" + tra4_decrypt_node_name = "ah4-decrypt" + tra6_encrypt_node_name = "ah6-encrypt" + tra6_decrypt_node_name = "ah6-decrypt" + tun4_encrypt_node_name = "ah4-encrypt" + tun4_decrypt_node_name = "ah4-decrypt" + tun6_encrypt_node_name = "ah6-encrypt" + tun6_decrypt_node_name = "ah6-decrypt" class TestIpsecAh2(TemplateIpsecAh, IpsecTcpTests): diff --git a/test/test_ipsec_api.py b/test/test_ipsec_api.py new file mode 100644 index 00000000000..fed996e6a59 --- /dev/null +++ b/test/test_ipsec_api.py @@ -0,0 +1,78 @@ +import unittest + +from framework import VppTestCase, VppTestRunner +from template_ipsec import TemplateIpsec + + +class IpsecApiTestCase(VppTestCase): + """ IPSec API tests """ + + @classmethod + def setUpClass(cls): + super(IpsecApiTestCase, cls).setUpClass() + cls.create_pg_interfaces([0]) + cls.pg0.config_ip4() + cls.pg0.admin_up() + + def test_backend_dump(self): + """ backend dump """ + d = self.vapi.ipsec_backend_dump() + self.assert_equal(len(d), 2, "number of ipsec backends in dump") + self.assert_equal(d[0].protocol, TemplateIpsec.vpp_ah_protocol, + "ipsec protocol in dump entry") + self.assert_equal(d[0].index, 0, "index in dump entry") + self.assert_equal(d[0].active, 1, "active flag in dump entry") + self.assert_equal(d[1].protocol, TemplateIpsec.vpp_esp_protocol, + "ipsec protocol in dump entry") + self.assert_equal(d[1].index, 0, "index in dump entry") + self.assert_equal(d[1].active, 1, "active flag in dump entry") + + def test_select_valid_backend(self): + """ select valid backend """ + self.vapi.ipsec_select_backend(TemplateIpsec.vpp_ah_protocol, 0) + self.vapi.ipsec_select_backend(TemplateIpsec.vpp_esp_protocol, 0) + + def test_select_invalid_backend(self): + """ select invalid backend """ + with self.vapi.assert_negative_api_retval(): + self.vapi.ipsec_select_backend(TemplateIpsec.vpp_ah_protocol, 200) + with self.vapi.assert_negative_api_retval(): + self.vapi.ipsec_select_backend(TemplateIpsec.vpp_esp_protocol, 200) + + def test_select_backend_in_use(self): + """ attempt to change backend while sad configured """ + params = TemplateIpsec.ipv4_params + addr_type = params.addr_type + is_ipv6 = params.is_ipv6 + scapy_tun_sa_id = params.scapy_tun_sa_id + scapy_tun_spi = params.scapy_tun_spi + auth_algo_vpp_id = params.auth_algo_vpp_id + auth_key = params.auth_key + crypt_algo_vpp_id = params.crypt_algo_vpp_id + crypt_key = params.crypt_key + + self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi, + auth_algo_vpp_id, auth_key, + crypt_algo_vpp_id, crypt_key, + TemplateIpsec.vpp_ah_protocol, + self.pg0.local_addr_n[addr_type], + self.pg0.remote_addr_n[addr_type], + is_tunnel=1, is_tunnel_ipv6=is_ipv6) + with self.vapi.assert_negative_api_retval(): + self.vapi.ipsec_select_backend( + protocol=TemplateIpsec.vpp_ah_protocol, index=0) + + self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi, + auth_algo_vpp_id, auth_key, + crypt_algo_vpp_id, crypt_key, + TemplateIpsec.vpp_ah_protocol, + self.pg0.local_addr_n[addr_type], + self.pg0.remote_addr_n[addr_type], + is_tunnel=1, is_tunnel_ipv6=is_ipv6, + is_add=0) + self.vapi.ipsec_select_backend( + protocol=TemplateIpsec.vpp_ah_protocol, index=0) + + +if __name__ == '__main__': + unittest.main(testRunner=VppTestRunner) diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 23cf6603187..ed9d0d9d4ce 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -174,7 +174,14 @@ class TemplateIpsecEsp(TemplateIpsec): class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests): """ Ipsec ESP - TUN & TRA tests """ - pass + tra4_encrypt_node_name = "esp4-encrypt" + tra4_decrypt_node_name = "esp4-decrypt" + tra6_encrypt_node_name = "esp6-encrypt" + tra6_decrypt_node_name = "esp6-decrypt" + tun4_encrypt_node_name = "esp4-encrypt" + tun4_decrypt_node_name = "esp4-decrypt" + tun6_encrypt_node_name = "esp6-encrypt" + tun6_decrypt_node_name = "esp6-decrypt" class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests): diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py index 292458d7c40..e10e2a3cfcb 100644 --- a/test/test_ipsec_tun_if_esp.py +++ b/test/test_ipsec_tun_if_esp.py @@ -37,7 +37,8 @@ class TemplateIpsecTunIfEsp(TemplateIpsec): class TestIpsecTunIfEsp1(TemplateIpsecTunIfEsp, IpsecTun4Tests): """ Ipsec ESP - TUN tests """ - pass + tun4_encrypt_node_name = "esp4-encrypt" + tun4_decrypt_node_name = "esp4-decrypt" class TestIpsecTunIfEsp2(TemplateIpsecTunIfEsp, IpsecTcpTests): diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py index 82990bcf280..1fcc4ceeef2 100644 --- a/test/vpp_papi_provider.py +++ b/test/vpp_papi_provider.py @@ -3452,6 +3452,13 @@ class VppPapiProvider(object): 'show_instance': show_instance }) + def ipsec_select_backend(self, protocol, index): + return self.api(self.papi.ipsec_select_backend, + {'protocol': protocol, 'index': index}) + + def ipsec_backend_dump(self): + return self.api(self.papi.ipsec_backend_dump, {}) + def app_namespace_add(self, namespace_id, ip4_fib_id=0, -- cgit 1.2.3-korg