2.18. template_ipsec module

class template_ipsec.IPsecIPv4Params

Bases: object

addr_any = '0.0.0.0'
addr_bcast = '255.255.255.255'
addr_len = 32
addr_type = 2
is_ipv6 = 0
class template_ipsec.IPsecIPv6Params

Bases: object

addr_any = '0::0'
addr_bcast = 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff'
addr_len = 128
addr_type = 10
is_ipv6 = 1
class template_ipsec.IpsecTcp

Bases: object

verify_tcp_checksum()
class template_ipsec.IpsecTcpTests

Bases: template_ipsec.IpsecTcp

test_tcp_checksum()

verify checksum correctness for vpp generated packets

class template_ipsec.IpsecTra4

Bases: object

verify methods for Transport v4

get_hash_failed_counts(p)
get_replay_counts(p)
verify_tra_anti_replay()
verify_tra_basic4(count=1, payload_size=54)

ipsec v4 transport basic test

class template_ipsec.IpsecTra46Tests

Bases: template_ipsec.IpsecTra4Tests, template_ipsec.IpsecTra6Tests

UT test methods for Transport v6 and v4

class template_ipsec.IpsecTra4Tests

Bases: template_ipsec.IpsecTra4

UT test methods for Transport v4

test_tra_anti_replay()

ipsec v4 transport anti-replay test

test_tra_basic(count=1)

ipsec v4 transport basic test

test_tra_burst()

ipsec v4 transport burst test

class template_ipsec.IpsecTra6

Bases: object

verify methods for Transport v6

gen_encrypt_pkts_ext_hdrs6(sa, sw_intf, src, dst, count=1, payload_size=54)
gen_pkts_ext_hdrs6(sw_intf, src, dst, count=1, payload_size=54)
verify_tra_66_ext_hdrs(p)
verify_tra_basic6(count=1, payload_size=54)
verify_tra_encrypted6(p, sa, rxs)
class template_ipsec.IpsecTra6ExtTests

Bases: template_ipsec.IpsecTra6

test_tra_ext_hdrs_66()

ipsec 6o6 tra extension headers test

class template_ipsec.IpsecTra6Tests

Bases: template_ipsec.IpsecTra6

UT test methods for Transport v6

test_tra_basic6()

ipsec v6 transport basic test

test_tra_burst6()

ipsec v6 transport burst test

class template_ipsec.IpsecTun4

Bases: object

verify methods for Tunnel v4

verify_counters4(p, count, n_frags=None, worker=None)
verify_decrypted(p, rxs)
verify_encrypted(p, sa, rxs)
verify_esp_padding(sa, esp_payload, decrypt_pkt)
verify_keepalive(p)
verify_tun_44(p, count=1, payload_size=64, n_rx=None)
verify_tun_64(p, count=1)
verify_tun_dropped_44(p, count=1, payload_size=64, n_rx=None)
verify_tun_reass_44(p)
class template_ipsec.IpsecTun46Tests

Bases: template_ipsec.IpsecTun4Tests, template_ipsec.IpsecTun6Tests

UT test methods for Tunnel v6 & v4

class template_ipsec.IpsecTun4HandoffTests

Bases: template_ipsec.IpsecTun4

UT test methods for Tunnel v4 with multiple workers

test_tun_handooff_44()

ipsec 4o4 tunnel worker hand-off test

vpp_worker_count = 2
class template_ipsec.IpsecTun4Tests

Bases: template_ipsec.IpsecTun4

UT test methods for Tunnel v4

test_tun_basic44()

ipsec 4o4 tunnel basic test

test_tun_burst44()

ipsec 4o4 tunnel burst test

test_tun_reass_basic44()

ipsec 4o4 tunnel basic reassembly test

class template_ipsec.IpsecTun6

Bases: object

verify methods for Tunnel v6

verify_counters6(p_in, p_out, count, worker=None)
verify_decrypted6(p, rxs)
verify_drop_tun_66(p_in, count=1, payload_size=64)
verify_encrypted6(p, sa, rxs)
verify_tun_46(p, count=1)

ipsec 4o6 tunnel basic test

verify_tun_66(p_in, p_out=None, count=1, payload_size=64)
verify_tun_reass_66(p)
class template_ipsec.IpsecTun6HandoffTests

Bases: template_ipsec.IpsecTun6

UT test methods for Tunnel v6 with multiple workers

test_tun_handoff_66()

ipsec 6o6 tunnel worker hand-off test

vpp_worker_count = 2
class template_ipsec.IpsecTun6Tests

Bases: template_ipsec.IpsecTun6

UT test methods for Tunnel v6

test_tun_basic66()

ipsec 6o6 tunnel basic test

test_tun_burst66()

ipsec 6o6 tunnel burst test

test_tun_reass_basic66()

ipsec 6o6 tunnel basic reassembly test

class template_ipsec.TemplateIpsec(methodName='runTest')

Bases: framework.VppTestCase

TRANSPORT MODE:

—— encrypt —

|tra_if| <——-> |VPP|

—— decrypt —

TUNNEL MODE:

—— encrypt — plain —

|tun_if| <——- |VPP| <—— |pg1|

—— — —

—— decrypt — plain —

|tun_if| ——-> |VPP| ——> |pg1|

—— — —

config_interfaces()
gen_encrypt_pkts(p, sa, sw_intf, src, dst, count=1, payload_size=54)
gen_encrypt_pkts6(p, sa, sw_intf, src, dst, count=1, payload_size=54)
gen_pkts(sw_intf, src, dst, count=1, payload_size=54)
gen_pkts6(p, sw_intf, src, dst, count=1, payload_size=54)
ipsec_select_backend()

empty method to be overloaded when necessary

setUp()

Clear trace before running each test

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

setup_params()
show_commands_at_teardown()

Allow subclass specific teardown logging additions.

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

tra_spd_id = 2
tun_spd_id = 1
unconfig_interfaces()
template_ipsec.config_tra_params(p, encryption_type)
template_ipsec.config_tun_params(p, encryption_type, tun_if)
template_ipsec.mk_scapy_crypt_key(p)