tests: add ipv6 tunnel with ipv4/ipv6 traffic tests to simplenet

Signed-off-by: Christian Hopps <[email protected]>
LabNConsulting · Sep 4, 2024 · 85a692d · 85a692d
1 parent 50f62f0
commit 85a692d
Showing 1 changed file with 51 additions and 79 deletions.
diff --git a/tests/simplenet/test_simplenet.py b/tests/simplenet/test_simplenet.py
@@ -59,98 +59,67 @@ async def test_net_up(unet, astepf, pytestconfig):
     await _test_net_up(unet, ipv6=ipv6)
 
 
-async def no_test_user_step(unet, astepf):
-    r1 = unet.hosts["r1"]
-    r2 = unet.hosts["r2"]
-
-    MODE = "mode iptfs"
-
-    spi_1to2 = 0xAAAAAA
-    spi_2to1 = 0xBBBBBB
-
-    ipsec_intf = ("eth2",)
-    tun_ipv6 = False
-    spi_1to2, spi_2to1, sa_auth, sa_enc = get_sa_values(
-        use_gcm=True, use_nullnull=False, enc_null=False, tun_ipv6=tun_ipv6
-    )
+async def test_policy_tun4_up(unet, astepf, pytestconfig):
+    h1 = unet.hosts["h1"]
 
-    r1ipp = r1.get_intf_addr(ipsec_intf, ipv6=tun_ipv6)
-    if r2 is not None:
-        r1ipp = r2.get_intf_addr(ipsec_intf, ipv6=tun_ipv6)
-    else:
-        # The other side is the switch interface
-        net = None
-        for net in r1.net_intfs:
-            if r1.net_intfs[net] == ipsec_intf:
-                break
-        assert net is not None, f"can't find network for {ipsec_intf}"
-        if tun_ipv6:
-            r2ipp = unet.switches[net].ip6_interface
-        else:
-            r2ipp = unet.switches[net].ip_interface
-
-    r1ip = r1ipp.ip
-    r1ipp = r1ipp.network
-    r2ip = r2ipp.ip
-    r2ipp = r2ipp.network
-
-    #
-    # SAs
-    #
-
-    await astepf("configuring SA outbound")
-
-    repl = r1.conrepl
-    repl.cmd_raises(
-        f"ip xfrm state add src {r1ip} dst {r2ip} proto esp "
-        f"spi {spi_1to2} {MODE} {sa_auth} {sa_enc} "
-        f"reqid 0x200"
+    ipv6 = pytestconfig.getoption("--enable-ipv6", False)
+    opts = pytestconfig.getoption("--iptfs-opts", "")
+    await setup_policy_tun(
+        unet, mode="iptfs", iptfs_opts=opts, tun_ipv6=False, ipv6=ipv6
     )
 
-    await astepf("configuring SA inbound")
-
-    repl.cmd_raises(
-        f"ip xfrm state add src {r2ip} dst {r1ip} proto esp "
-        f"spi {spi_2to1} {MODE} {sa_auth} {sa_enc} "
-        f"reqid 0x300"
-    )
+    if ipv6:
+        await astepf("first IPv6 ping")
+        logging.debug(h1.cmd_raises("ping -c1 fc00:0:0:2::4"))
+        await astepf("second IPv6 ping")
+        logging.debug(h1.cmd_raises("ping -c1 fc00:0:0:2::4"))
+        await astepf("third IPv6 ping")
+        logging.debug(h1.cmd_raises("ping -c1 fc00:0:0:2::4"))
 
-    await astepf("configuring outbound policy")
+    # Need to count ESP packets somehow to verify these were encrypted
+    await astepf("first ping")
+    logging.debug(h1.cmd_raises("ping -c1 10.0.2.4"))
+    await astepf("second ping")
+    logging.debug(h1.cmd_raises("ping -c1 10.0.2.4"))
+    await astepf("third ping")
+    logging.debug(h1.cmd_raises("ping -c1 10.0.2.4"))
 
-    x1ipp, x2ipp = ("10.0.0.0/24", "10.0.2.0/24")
-    direction = "dir out"
-    repl.cmd_raises(
-        f"ip xfrm policy add src {x1ipp} dst {x2ipp} {direction} "
-        f"tmpl src {r1ip} dst {r2ip} proto esp {MODE} "
-        f"reqid 0x200",
-        # " spi {spi_1to2} "
-    )
 
-    await astepf("configuring forwarding policy")
+async def test_routed_tun4_up(unet, astepf, pytestconfig):
+    h1 = unet.hosts["h1"]
 
-    direction = "dir fwd"
-    repl.cmd_raises(
-        f"ip xfrm policy add src {x2ipp} dst {x1ipp} {direction} "
-        f"tmpl src {r2ip} dst {r1ip} proto esp {MODE} "
-        f"reqid 0x300",
-    )
+    ipv6 = pytestconfig.getoption("--enable-ipv6", False)
+    opts = pytestconfig.getoption("--iptfs-opts", "")
+    await setup_routed_tun(unet, iptfs_opts=opts, tun_ipv6=False, ipv6=ipv6)
 
-    await astepf("configuring inbound policy")
+    if ipv6:
+        await astepf("first IPv6 ping")
+        logging.debug(h1.cmd_raises("ping -c1 fc00:0:0:2::4"))
+        await astepf("second IPv6 ping")
+        logging.debug(h1.cmd_raises("ping -c1 fc00:0:0:2::4"))
+        await astepf("third IPv6 ping")
+        logging.debug(h1.cmd_raises("ping -c1 fc00:0:0:2::4"))
 
-    direction = "dir in"
-    repl.cmd_raises(
-        f"ip xfrm policy add src {x2ipp} dst {x1ipp} {direction} "
-        f"tmpl src {r2ip} dst {r1ip} proto esp {MODE} "
-        f"reqid 0x300",
-    )
+    # Need to count ESP packets somehow to verify these were encrypted
+    await astepf("first ping")
+    logging.debug(h1.cmd_raises("ping -c1 10.0.2.4"))
+    await astepf("second ping")
+    logging.debug(h1.cmd_raises("ping -c1 10.0.2.4"))
+    await astepf("third ping")
+    logging.debug(h1.cmd_raises("ping -c3 10.0.2.4"))
 
 
-async def test_policy_tun_up(unet, astepf, pytestconfig):
+async def test_policy_tun6_up(unet, astepf, pytestconfig):
     h1 = unet.hosts["h1"]
 
     ipv6 = pytestconfig.getoption("--enable-ipv6", False)
+    if not ipv6:
+        pytest.skip("IPv6 not enabled (--enable-ipv6 to enalbe)")
+
     opts = pytestconfig.getoption("--iptfs-opts", "")
-    await setup_policy_tun(unet, mode="iptfs", iptfs_opts=opts, ipv6=ipv6)
+    await setup_policy_tun(
+        unet, mode="iptfs", iptfs_opts=opts, tun_ipv6=True, ipv6=ipv6
+    )
 
     if ipv6:
         await astepf("first IPv6 ping")
@@ -169,12 +138,15 @@ async def test_policy_tun_up(unet, astepf, pytestconfig):
     logging.debug(h1.cmd_raises("ping -c1 10.0.2.4"))
 
 
-async def test_routed_tun_up(unet, astepf, pytestconfig):
+async def test_routed_tun6_up(unet, astepf, pytestconfig):
     h1 = unet.hosts["h1"]
 
     ipv6 = pytestconfig.getoption("--enable-ipv6", False)
+    if not ipv6:
+        pytest.skip("IPv6 not enabled (--enable-ipv6 to enalbe)")
+
     opts = pytestconfig.getoption("--iptfs-opts", "")
-    await setup_routed_tun(unet, iptfs_opts=opts, ipv6=ipv6)
+    await setup_routed_tun(unet, iptfs_opts=opts, tun_ipv6=True, ipv6=ipv6)
 
     if ipv6:
         await astepf("first IPv6 ping")