Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/55242/?format=api
{ "id": 55242, "url": "http://patches.dpdk.org/api/patches/55242/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20190624134000.2456-5-marcinx.smoczynski@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20190624134000.2456-5-marcinx.smoczynski@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20190624134000.2456-5-marcinx.smoczynski@intel.com", "date": "2019-06-24T13:40:00", "name": "[v2,4/4] examples/ipsec-secgw: add scapy based unittests", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "9dac5956bca4b9ff26d5f189e71ba870afd3ef11", "submitter": { "id": 1293, "url": "http://patches.dpdk.org/api/people/1293/?format=api", "name": "Marcin Smoczynski", "email": "marcinx.smoczynski@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20190624134000.2456-5-marcinx.smoczynski@intel.com/mbox/", "series": [ { "id": 5130, "url": "http://patches.dpdk.org/api/series/5130/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=5130", "date": "2019-06-24T13:39:56", "name": "IPv6 with options support for IPsec transport", "version": 2, "mbox": "http://patches.dpdk.org/series/5130/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/55242/comments/", "check": "fail", "checks": "http://patches.dpdk.org/api/patches/55242/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 4EBE21BF19;\n\tMon, 24 Jun 2019 15:43:09 +0200 (CEST)", "from mga12.intel.com (mga12.intel.com [192.55.52.136])\n\tby dpdk.org (Postfix) with ESMTP id 928301BF17\n\tfor <dev@dpdk.org>; Mon, 24 Jun 2019 15:43:06 +0200 (CEST)", "from fmsmga001.fm.intel.com ([10.253.24.23])\n\tby fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t24 Jun 2019 06:43:06 -0700", "from msmoczyx-mobl.ger.corp.intel.com ([10.103.104.100])\n\tby fmsmga001.fm.intel.com with ESMTP; 24 Jun 2019 06:43:03 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.63,412,1557212400\"; d=\"scan'208\";a=\"182637028\"", "From": "Marcin Smoczynski <marcinx.smoczynski@intel.com>", "To": "marko.kovacevic@intel.com, orika@mellanox.com, bruce.richardson@intel.com,\n\tpablo.de.lara.guarch@intel.com, radu.nicolau@intel.com,\n\takhil.goyal@nxp.com, tomasz.kantecki@intel.com,\n\tkonstantin.ananyev@intel.com, bernard.iremonger@intel.com,\n\tolivier.matz@6wind.com", "Cc": "dev@dpdk.org,\n\tMarcin Smoczynski <marcinx.smoczynski@intel.com>", "Date": "Mon, 24 Jun 2019 15:40:00 +0200", "Message-Id": "<20190624134000.2456-5-marcinx.smoczynski@intel.com>", "X-Mailer": "git-send-email 2.21.0.windows.1", "In-Reply-To": "<20190624134000.2456-1-marcinx.smoczynski@intel.com>", "References": "<20190508104717.13448-1-marcinx.smoczynski@intel.com>\n\t<20190624134000.2456-1-marcinx.smoczynski@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[dpdk-dev] [PATCH v2 4/4] examples/ipsec-secgw: add scapy based\n\tunittests", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add new unittest-like mechanism which uses scapy to craft custom\npackets and a set of assertions to check how ipsec-secgw example\napplication is processing them. Python3 with scapy module is\nrequired by pkttest.sh to run test scripts.\n\nA new mechanism is used to test IPv6 transport mode traffic with\nheader extensions (trs_ipv6opts.py).\n\nFix incomplete test log problem by disabling buffering of ipsec-secgw\nstandard output with stdbuf application.\n\nSigned-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>\n---\n examples/ipsec-secgw/test/common_defs.sh | 58 +-----\n .../ipsec-secgw/test/common_defs_secgw.sh | 65 +++++++\n examples/ipsec-secgw/test/pkttest.py | 127 ++++++++++++\n examples/ipsec-secgw/test/pkttest.sh | 65 +++++++\n examples/ipsec-secgw/test/run_test.sh | 108 ++++++++---\n examples/ipsec-secgw/test/trs_ipv6opts.py | 181 ++++++++++++++++++\n 6 files changed, 519 insertions(+), 85 deletions(-)\n create mode 100644 examples/ipsec-secgw/test/common_defs_secgw.sh\n create mode 100755 examples/ipsec-secgw/test/pkttest.py\n create mode 100755 examples/ipsec-secgw/test/pkttest.sh\n mode change 100644 => 100755 examples/ipsec-secgw/test/run_test.sh\n create mode 100755 examples/ipsec-secgw/test/trs_ipv6opts.py", "diff": "diff --git a/examples/ipsec-secgw/test/common_defs.sh b/examples/ipsec-secgw/test/common_defs.sh\nindex 8dc574b50..63ad5415d 100644\n--- a/examples/ipsec-secgw/test/common_defs.sh\n+++ b/examples/ipsec-secgw/test/common_defs.sh\n@@ -1,22 +1,10 @@\n #! /bin/bash\n \n-#check that env vars are properly defined\n-\n-#check SGW_PATH\n-if [[ -z \"${SGW_PATH}\" || ! -x ${SGW_PATH} ]]; then\n-\techo \"SGW_PATH is invalid\"\n-\texit 127\n-fi\n-\n #check ETH_DEV\n if [[ -z \"${ETH_DEV}\" ]]; then\n \techo \"ETH_DEV is invalid\"\n \texit 127\n fi\n-\n-#setup SGW_LCORE\n-SGW_LCORE=${SGW_LCORE:-0}\n-\n #check that REMOTE_HOST is reachable\n ssh ${REMOTE_HOST} echo\n st=$?\n@@ -47,14 +35,6 @@ LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092\n DPDK_PATH=${RTE_SDK:-${PWD}}\n DPDK_BUILD=${RTE_TARGET:-x86_64-native-linux-gcc}\n \n-SGW_OUT_FILE=./ipsec-secgw.out1\n-\n-SGW_CMD_EAL_PRM=\"--lcores=${SGW_LCORE} -n 4 ${ETH_DEV}\"\n-SGW_CMD_CFG=\"(0,0,${SGW_LCORE}),(1,0,${SGW_LCORE})\"\n-SGW_CMD_PRM=\"-p 0x3 -u 1 -P --config=\\\"${SGW_CMD_CFG}\\\"\"\n-\n-SGW_CFG_FILE=$(mktemp)\n-\n # configure local host/ifaces\n config_local_iface()\n {\n@@ -126,37 +106,7 @@ config6_iface()\n \tconfig6_remote_iface\n }\n \n-#start ipsec-secgw\n-secgw_start()\n-{\n-\tSGW_EXEC_FILE=$(mktemp)\n-\tcat <<EOF > ${SGW_EXEC_FILE}\n-${SGW_PATH} ${SGW_CMD_EAL_PRM} ${CRYPTO_DEV} \\\n---vdev=\"net_tap0,mac=fixed\" \\\n--- ${SGW_CMD_PRM} ${SGW_CMD_XPRM} -f ${SGW_CFG_FILE} > \\\n-${SGW_OUT_FILE} 2>&1 &\n-p=\\$!\n-echo \\$p\n-EOF\n-\n-\tcat ${SGW_EXEC_FILE}\n-\tSGW_PID=`/bin/bash -x ${SGW_EXEC_FILE}`\n-\n-\t# wait till ipsec-secgw start properly\n-\ti=0\n-\tst=1\n-\twhile [[ $i -ne 10 && st -ne 0 ]]; do\n-\t\tsleep 1\n-\t\tifconfig ${LOCAL_IFACE}\n-\t\tst=$?\n-\t\tlet i++\n-\tdone\n-}\n-\n-#stop ipsec-secgw and cleanup\n-secgw_stop()\n-{\n-\tkill ${SGW_PID}\n-\trm -f ${SGW_EXEC_FILE}\n-\trm -f ${SGW_CFG_FILE}\n-}\n+# secgw application parameters setup\n+SGW_PORT_CFG=\"--vdev=\\\"net_tap0,mac=fixed\\\" ${ETH_DEV}\"\n+SGW_WAIT_DEV=\"${LOCAL_IFACE}\"\n+. ${DIR}/common_defs_secgw.sh\ndiff --git a/examples/ipsec-secgw/test/common_defs_secgw.sh b/examples/ipsec-secgw/test/common_defs_secgw.sh\nnew file mode 100644\nindex 000000000..a50c03cb3\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/common_defs_secgw.sh\n@@ -0,0 +1,65 @@\n+#!/bin/bash\n+\n+# check required parameters\n+SGW_REQ_VARS=\"SGW_PATH SGW_PORT_CFG SGW_WAIT_DEV\"\n+for reqvar in ${SGW_REQ_VARS}\n+do\n+\tif [[ -z \"${!reqvar}\" ]]; then\n+\t\techo \"Required parameter ${reqvar} is empty\"\n+\t\texit 127\n+\tfi\n+done\n+\n+# check if SGW_PATH point to an executable\n+if [[ ! -x ${SGW_PATH} ]]; then\n+\techo \"${SGW_PATH} is not executable\"\n+\texit 127\n+fi\n+\n+# setup SGW_LCORE\n+SGW_LCORE=${SGW_LCORE:-0}\n+\n+# setup config and output filenames\n+SGW_OUT_FILE=./ipsec-secgw.out1\n+SGW_CFG_FILE=$(mktemp)\n+\n+# setup secgw parameters\n+SGW_CMD_EAL_PRM=\"--lcores=${SGW_LCORE} -n 4\"\n+SGW_CMD_CFG=\"(0,0,${SGW_LCORE}),(1,0,${SGW_LCORE})\"\n+SGW_CMD_PRM=\"-p 0x3 -u 1 -P --config=\\\"${SGW_CMD_CFG}\\\"\"\n+\n+# start ipsec-secgw\n+secgw_start()\n+{\n+\tSGW_EXEC_FILE=$(mktemp)\n+\tcat <<EOF > ${SGW_EXEC_FILE}\n+stdbuf -o0 ${SGW_PATH} ${SGW_CMD_EAL_PRM} ${CRYPTO_DEV} \\\n+${SGW_PORT_CFG} ${SGW_EAL_XPRM} \\\n+-- ${SGW_CMD_PRM} ${SGW_CMD_XPRM} -f ${SGW_CFG_FILE} > \\\n+${SGW_OUT_FILE} 2>&1 &\n+p=\\$!\n+echo \\$p\n+EOF\n+\n+\tcat ${SGW_EXEC_FILE}\n+\tcat ${SGW_CFG_FILE}\n+\tSGW_PID=`/bin/bash -x ${SGW_EXEC_FILE}`\n+\n+\t# wait till ipsec-secgw start properly\n+\ti=0\n+\tst=1\n+\twhile [[ $i -ne 10 && $st -ne 0 ]]; do\n+\t\tsleep 1\n+\t\tifconfig ${SGW_WAIT_DEV}\n+\t\tst=$?\n+\t\tlet i++\n+\tdone\n+}\n+\n+# stop ipsec-secgw and cleanup\n+secgw_stop()\n+{\n+\tkill ${SGW_PID}\n+\trm -f ${SGW_EXEC_FILE}\n+\trm -f ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/pkttest.py b/examples/ipsec-secgw/test/pkttest.py\nnew file mode 100755\nindex 000000000..bcad2156b\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/pkttest.py\n@@ -0,0 +1,127 @@\n+#!/usr/bin/env python3\n+\n+import fcntl\n+import pkg_resources\n+import socket\n+import struct\n+import sys\n+import unittest\n+\n+\n+if sys.version_info < (3, 0):\n+ print(\"Python3 is required to run this script\")\n+ sys.exit(1)\n+\n+\n+try:\n+ from scapy.all import Ether\n+except ImportError:\n+ print(\"Scapy module is required\")\n+ sys.exit(1)\n+\n+\n+PKTTEST_REQ = [\n+ \"scapy==2.4.3rc1\",\n+]\n+\n+\n+def assert_requirements(req):\n+ \"\"\"\n+ assert requirement is met\n+ req can hold a string or a list of strings\n+ \"\"\"\n+ try:\n+ pkg_resources.require(req)\n+ except (pkg_resources.DistributionNotFound, pkg_resources.VersionConflict) as e:\n+ print(\"Requirement assertion: \" + str(e))\n+ sys.exit(1)\n+\n+\n+TAP_UNPROTECTED = \"dtap1\"\n+TAP_PROTECTED = \"dtap0\"\n+\n+\n+class Interface(object):\n+ ETH_P_ALL = 3\n+ MAX_PACKET_SIZE = 1280\n+ IOCTL_GET_INFO = 0x8927\n+ SOCKET_TIMEOUT = 0.5\n+ def __init__(self, ifname):\n+ self.name = ifname\n+\n+ # create and bind socket to specified interface\n+ self.s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(Interface.ETH_P_ALL))\n+ self.s.settimeout(Interface.SOCKET_TIMEOUT)\n+ self.s.bind((self.name, 0, socket.PACKET_OTHERHOST))\n+\n+ # get interface MAC address\n+ info = fcntl.ioctl(self.s.fileno(), Interface.IOCTL_GET_INFO, struct.pack('256s', bytes(ifname[:15], encoding='ascii')))\n+ self.mac = ':'.join(['%02x' % i for i in info[18:24]])\n+\n+ def __del__(self):\n+ self.s.close()\n+\n+ def send_l3packet(self, pkt, mac):\n+ e = Ether(src=self.mac, dst=mac)\n+ self.send_packet(e/pkt)\n+\n+ def send_packet(self, pkt):\n+ self.send_bytes(bytes(pkt))\n+\n+ def send_bytes(self, bytedata):\n+ self.s.send(bytedata)\n+\n+ def recv_packet(self):\n+ return Ether(self.recv_bytes())\n+\n+ def recv_bytes(self):\n+ return self.s.recv(Interface.MAX_PACKET_SIZE)\n+\n+ def get_mac(self):\n+ return self.mac\n+\n+\n+class PacketXfer(object):\n+ def __init__(self, protected_iface=TAP_PROTECTED, unprotected_iface=TAP_UNPROTECTED):\n+ self.protected_port = Interface(protected_iface)\n+ self.unprotected_port = Interface(unprotected_iface)\n+\n+ def send_to_protected_port(self, pkt, remote_mac=None):\n+ if remote_mac is None:\n+ remote_mac = self.unprotected_port.get_mac()\n+ self.protected_port.send_l3packet(pkt, remote_mac)\n+\n+ def send_to_unprotected_port(self, pkt, remote_mac=None):\n+ if remote_mac is None:\n+ remote_mac = self.protected_port.get_mac()\n+ self.unprotected_port.send_l3packet(pkt, remote_mac)\n+\n+ def xfer_unprotected(self, pkt):\n+ self.send_to_unprotected_port(pkt)\n+ return self.protected_port.recv_packet()\n+\n+ def xfer_protected(self, pkt):\n+ self.send_to_protected_port(pkt)\n+ return self.unprotected_port.recv_packet()\n+\n+\n+def pkttest():\n+ if len(sys.argv) == 1:\n+ sys.exit(unittest.main(verbosity=2))\n+ elif len(sys.argv) == 2:\n+ if sys.argv[1] == \"config\":\n+ module = __import__('__main__')\n+ try:\n+ print(module.config())\n+ except AttributeError:\n+ sys.stderr.write(\"Cannot find \\\"config()\\\" in a test\")\n+ sys.exit(1)\n+ else:\n+ sys.exit(1)\n+\n+\n+if __name__ == \"__main__\":\n+ if len(sys.argv) == 2 and sys.argv[1] == \"check_reqs\":\n+ assert_requirements(PKTTEST_REQ)\n+ else:\n+ print(\"Usage: \" + sys.argv[0] + \" check_reqs\")\ndiff --git a/examples/ipsec-secgw/test/pkttest.sh b/examples/ipsec-secgw/test/pkttest.sh\nnew file mode 100755\nindex 000000000..04cd96b2e\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/pkttest.sh\n@@ -0,0 +1,65 @@\n+#!/bin/bash\n+\n+DIR=$(dirname $0)\n+\n+if [ $(id -u) -ne 0 ]; then\n+\techo \"Run as root\"\n+\texit 1\n+fi\n+\n+# check python requirements\n+python3 ${DIR}/pkttest.py check_reqs\n+if [ $? -ne 0 ]; then\n+\techo \"Requirements for Python not met, exiting\"\n+\texit 1\n+fi\n+\n+# secgw application parameters setup\n+CRYPTO_DEV=\"--vdev=crypto_null0\"\n+SGW_PORT_CFG=\"--vdev=net_tap0,mac=fixed --vdev=net_tap1,mac=fixed\"\n+SGW_EAL_XPRM=\"--no-pci\"\n+SGW_CMD_XPRM=-l\n+SGW_WAIT_DEV=\"dtap0\"\n+. ${DIR}/common_defs_secgw.sh\n+\n+echo \"Running tests: $*\"\n+for testcase in $*\n+do\n+\t# check test file presence\n+\ttestfile=\"${DIR}/${testcase}.py\"\n+\tif [ ! -f ${testfile} ]; then\n+\t\techo \"Invalid test ${testcase}\"\n+\t\tcontinue\n+\tfi\n+\n+\t# prepare test config\n+\tpython3 ${testfile} config > ${SGW_CFG_FILE}\n+\tif [ $? -ne 0 ]; then\n+\t\trm -f ${SGW_CFG_FILE}\n+\t\techo \"Cannot get secgw configuration for test ${testcase}\"\n+\t\texit 1\n+\tfi\n+\n+\t# start the application\n+\tsecgw_start\n+\n+\t# setup interfaces\n+\tifconfig dtap0 up\n+\tifconfig dtap1 up\n+\n+\t# run the test\n+\techo \"Running test case: ${testcase}\"\n+\tpython3 ${testfile}\n+\tst=$?\n+\n+\t# stop the application\n+\tsecgw_stop\n+\n+\t# report test result and exit on failure\n+\tif [ $st -eq 0 ]; then\n+\t\techo \"Test case ${testcase} succeeded\"\n+\telse\n+\t\techo \"Test case ${testcase} failed!\"\n+\t\texit $st\n+\tfi\n+done\ndiff --git a/examples/ipsec-secgw/test/run_test.sh b/examples/ipsec-secgw/test/run_test.sh\nold mode 100644\nnew mode 100755\nindex 3a1a7d4b4..4969effdb\n--- a/examples/ipsec-secgw/test/run_test.sh\n+++ b/examples/ipsec-secgw/test/run_test.sh\n@@ -17,6 +17,17 @@\n # naming convention:\n # 'old' means that ipsec-secgw will run in legacy (non-librte_ipsec mode)\n # 'tun/trs' refer to tunnel/transport mode respectively\n+\n+usage()\n+{\n+\techo \"Usage:\"\n+\techo -e \"\\t$0 -[46p]\"\n+\techo -e \"\\t\\t-4 Perform Linux IPv4 network tests\"\n+\techo -e \"\\t\\t-6 Perform Linux IPv6 network tests\"\n+\techo -e \"\\t\\t-p Perform packet validation tests\"\n+\techo -e \"\\t\\t-h Display this help\"\n+}\n+\n LINUX_TEST=\"tun_aescbc_sha1 \\\n tun_aescbc_sha1_esn \\\n tun_aescbc_sha1_esn_atom \\\n@@ -50,47 +61,82 @@ trs_3descbc_sha1_old \\\n trs_3descbc_sha1_esn \\\n trs_3descbc_sha1_esn_atom\"\n \n-DIR=`dirname $0`\n+PKT_TESTS=\"trs_ipv6opts\"\n+\n+DIR=$(dirname $0)\n \n # get input options\n-st=0\n run4=0\n run6=0\n-while [[ ${st} -eq 0 ]]; do\n-\tgetopts \":46\" opt\n-\tst=$?\n-\tif [[ \"${opt}\" == \"4\" ]]; then\n-\t\trun4=1\n-\telif [[ \"${opt}\" == \"6\" ]]; then\n-\t\trun6=1\n-\tfi\n+runpkt=0\n+while getopts \":46ph\" opt\n+do\n+\tcase $opt in\n+\t\t4)\n+\t\t\trun4=1\n+\t\t\t;;\n+\t\t6)\n+\t\t\trun6=1\n+\t\t\t;;\n+\t\tp)\n+\t\t\trunpkt=1\n+\t\t\t;;\n+\t\th)\n+\t\t\tusage\n+\t\t\texit 0\n+\t\t\t;;\n+\t\t?)\n+\t\t\techo \"Invalid option\"\n+\t\t\tusage\n+\t\t\texit 127\n+\t\t\t;;\n+\tesac\n done\n \n-if [[ ${run4} -eq 0 && ${run6} -eq 0 ]]; then\n+# no test suite has been selected\n+if [[ ${run4} -eq 0 && ${run6} -eq 0 && ${runpkt} -eq 0 ]]; then\n+\tusage\n \texit 127\n fi\n \n-for i in ${LINUX_TEST}; do\n-\n-\techo \"starting test ${i}\"\n+# perform packet processing validation tests\n+st=0\n+if [ $runpkt -eq 1 ]; then\n+\techo \"Performing packet validation tests\"\n+\t/bin/bash ${DIR}/pkttest.sh ${PKT_TESTS}\n+\tst=$?\n \n-\tst4=0\n-\tif [[ ${run4} -ne 0 ]]; then\n-\t\t/bin/bash ${DIR}/linux_test4.sh ${i}\n-\t\tst4=$?\n-\t\techo \"test4 ${i} finished with status ${st4}\"\n+\techo \"pkttests finished with status ${st}\"\n+\tif [[ ${st} -ne 0 ]]; then\n+\t\techo \"ERROR pkttests FAILED\"\n+\t\texit ${st}\n \tfi\n+fi\n \n-\tst6=0\n-\tif [[ ${run6} -ne 0 ]]; then\n-\t\t/bin/bash ${DIR}/linux_test6.sh ${i}\n-\t\tst6=$?\n-\t\techo \"test6 ${i} finished with status ${st6}\"\n-\tfi\n+# perform network tests\n+if [[ ${run4} -eq 1 || ${run6} -eq 1 ]]; then\n+\tfor i in ${LINUX_TEST}; do\n \n-\tlet \"st = st4 + st6\"\n-\tif [[ $st -ne 0 ]]; then\n-\t\techo \"ERROR test ${i} FAILED\"\n-\t\texit $st\n-\tfi\n-done\n+\t\techo \"starting test ${i}\"\n+\n+\t\tst4=0\n+\t\tif [[ ${run4} -ne 0 ]]; then\n+\t\t\t/bin/bash ${DIR}/linux_test4.sh ${i}\n+\t\t\tst4=$?\n+\t\t\techo \"test4 ${i} finished with status ${st4}\"\n+\t\tfi\n+\n+\t\tst6=0\n+\t\tif [[ ${run6} -ne 0 ]]; then\n+\t\t\t/bin/bash ${DIR}/linux_test6.sh ${i}\n+\t\t\tst6=$?\n+\t\t\techo \"test6 ${i} finished with status ${st6}\"\n+\t\tfi\n+\n+\t\tlet \"st = st4 + st6\"\n+\t\tif [[ $st -ne 0 ]]; then\n+\t\t\techo \"ERROR test ${i} FAILED\"\n+\t\t\texit $st\n+\t\tfi\n+\tdone\n+fi\ndiff --git a/examples/ipsec-secgw/test/trs_ipv6opts.py b/examples/ipsec-secgw/test/trs_ipv6opts.py\nnew file mode 100755\nindex 000000000..167c89617\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_ipv6opts.py\n@@ -0,0 +1,181 @@\n+#!/usr/bin/env python3\n+\n+from scapy.all import *\n+import unittest\n+import pkttest\n+\n+\n+SRC_ADDR = \"1111:0000:0000:0000:0000:0000:0000:0001\"\n+DST_ADDR = \"2222:0000:0000:0000:0000:0000:0000:0001\"\n+SRC_NET = \"1111:0000:0000:0000:0000:0000:0000:0000/64\"\n+DST_NET = \"2222:0000:0000:0000:0000:0000:0000:0000/64\"\n+\n+\n+def config():\n+ return \"\"\"\n+sp ipv6 out esp protect 5 pri 1 \\\\\n+src {0} \\\\\n+dst {1} \\\\\n+sport 0:65535 dport 0:65535\n+\n+sp ipv6 in esp protect 6 pri 1 \\\\\n+src {1} \\\\\n+dst {0} \\\\\n+sport 0:65535 dport 0:65535\n+\n+sa out 5 cipher_algo null auth_algo null mode transport\n+sa in 6 cipher_algo null auth_algo null mode transport\n+\n+rt ipv6 dst {0} port 1\n+rt ipv6 dst {1} port 0\n+\"\"\".format(SRC_NET, DST_NET)\n+\n+\n+class TestTransportWithIPv6Ext(unittest.TestCase):\n+ # There is a bug in the IPsec Scapy implementation\n+ # which causes invalid packet reconstruction after\n+ # successful decryption. This method is a workaround.\n+ @staticmethod\n+ def decrypt(pkt, sa):\n+ esp = pkt[ESP]\n+\n+ # decrypt dummy packet with no extensions\n+ d = sa.decrypt(IPv6()/esp)\n+\n+ # fix 'next header' in the preceding header of the original\n+ # packet and remove ESP\n+ pkt[ESP].underlayer.nh = d[IPv6].nh\n+ pkt[ESP].underlayer.remove_payload()\n+\n+ # combine L3 header with decrypted payload\n+ npkt = pkt/d[IPv6].payload\n+\n+ # fix length\n+ npkt[IPv6].plen = d[IPv6].plen + len(pkt[IPv6].payload)\n+\n+ return npkt\n+\n+ def setUp(self):\n+ self.px = pkttest.PacketXfer()\n+ self.outb_sa = SecurityAssociation(ESP, spi=5)\n+ self.inb_sa = SecurityAssociation(ESP, spi=6)\n+\n+ def test_outb_ipv6_noopt(self):\n+ pkt = IPv6(src=SRC_ADDR, dst=DST_ADDR)\n+ pkt /= UDP(sport=123,dport=456)/Raw(load=\"abc\")\n+\n+ # send and check response\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP)\n+ self.assertEqual(resp[ESP].spi, 5)\n+\n+ # decrypt response, check packet after decryption\n+ d = TestTransportWithIPv6Ext.decrypt(resp[IPv6], self.outb_sa)\n+ self.assertEqual(d[IPv6].nh, socket.IPPROTO_UDP)\n+ self.assertEqual(d[UDP].sport, 123)\n+ self.assertEqual(d[UDP].dport, 456)\n+ self.assertEqual(bytes(d[UDP].payload), b'abc')\n+\n+ def test_outb_ipv6_opt(self):\n+ hoptions = []\n+ hoptions.append(RouterAlert(value=2))\n+ hoptions.append(Jumbo(jumboplen=5000))\n+ hoptions.append(Pad1())\n+\n+ doptions = []\n+ doptions.append(HAO(hoa=\"1234::4321\"))\n+\n+ pkt = IPv6(src=SRC_ADDR, dst=DST_ADDR)\n+ pkt /= IPv6ExtHdrHopByHop(options=hoptions)\n+ pkt /= IPv6ExtHdrRouting(addresses=[\"3333::3\",\"4444::4\"])\n+ pkt /= IPv6ExtHdrDestOpt(options=doptions)\n+ pkt /= UDP(sport=123,dport=456)/Raw(load=\"abc\")\n+\n+ # send and check response\n+ resp = self.px.xfer_unprotected(pkt)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_HOPOPTS)\n+\n+ # check extensions\n+ self.assertEqual(resp[IPv6ExtHdrHopByHop].nh, socket.IPPROTO_ROUTING)\n+ self.assertEqual(resp[IPv6ExtHdrRouting].nh, socket.IPPROTO_DSTOPTS)\n+ self.assertEqual(resp[IPv6ExtHdrDestOpt].nh, socket.IPPROTO_ESP)\n+\n+ # check ESP\n+ self.assertEqual(resp[ESP].spi, 5)\n+\n+ # decrypt response, check packet after decryption\n+ d = TestTransportWithIPv6Ext.decrypt(resp[IPv6], self.outb_sa)\n+ self.assertEqual(d[IPv6].nh, socket.IPPROTO_HOPOPTS)\n+ self.assertEqual(d[IPv6ExtHdrHopByHop].nh, socket.IPPROTO_ROUTING)\n+ self.assertEqual(d[IPv6ExtHdrRouting].nh, socket.IPPROTO_DSTOPTS)\n+ self.assertEqual(d[IPv6ExtHdrDestOpt].nh, socket.IPPROTO_UDP)\n+\n+ # check UDP\n+ self.assertEqual(d[UDP].sport, 123)\n+ self.assertEqual(d[UDP].dport, 456)\n+ self.assertEqual(bytes(d[UDP].payload), b'abc')\n+\n+ def test_inb_ipv6_noopt(self):\n+ # encrypt and send raw UDP packet\n+ pkt = IPv6(src=DST_ADDR, dst=SRC_ADDR)\n+ pkt /= UDP(sport=123,dport=456)/Raw(load=\"abc\")\n+ e = self.inb_sa.encrypt(pkt)\n+\n+ # send and check response\n+ resp = self.px.xfer_protected(e)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP)\n+\n+ # check UDP packet\n+ self.assertEqual(resp[UDP].sport, 123)\n+ self.assertEqual(resp[UDP].dport, 456)\n+ self.assertEqual(bytes(resp[UDP].payload), b'abc')\n+\n+ def test_inb_ipv6_opt(self):\n+ hoptions = []\n+ hoptions.append(RouterAlert(value=2))\n+ hoptions.append(Jumbo(jumboplen=5000))\n+ hoptions.append(Pad1())\n+\n+ doptions = []\n+ doptions.append(HAO(hoa=\"1234::4321\"))\n+\n+ # prepare packet with options\n+ pkt = IPv6(src=DST_ADDR, dst=SRC_ADDR)\n+ pkt /= IPv6ExtHdrHopByHop(options=hoptions)\n+ pkt /= IPv6ExtHdrRouting(addresses=[\"3333::3\",\"4444::4\"])\n+ pkt /= IPv6ExtHdrDestOpt(options=doptions)\n+ pkt /= UDP(sport=123,dport=456)/Raw(load=\"abc\")\n+ e = self.inb_sa.encrypt(pkt)\n+\n+ # self encrypted packet and check response\n+ resp = self.px.xfer_protected(e)\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_HOPOPTS)\n+ self.assertEqual(resp[IPv6ExtHdrHopByHop].nh, socket.IPPROTO_ROUTING)\n+ self.assertEqual(resp[IPv6ExtHdrRouting].nh, socket.IPPROTO_DSTOPTS)\n+ self.assertEqual(resp[IPv6ExtHdrDestOpt].nh, socket.IPPROTO_UDP)\n+\n+ # check UDP\n+ self.assertEqual(resp[UDP].sport, 123)\n+ self.assertEqual(resp[UDP].dport, 456)\n+ self.assertEqual(bytes(resp[UDP].payload), b'abc')\n+\n+ def test_inb_ipv6_frag(self):\n+ # prepare ESP payload\n+ pkt = IPv6()/UDP(sport=123,dport=456)/Raw(load=\"abc\")\n+ e = self.inb_sa.encrypt(pkt)\n+\n+ # craft and send inbound packet\n+ e = IPv6(src=DST_ADDR, dst=SRC_ADDR)/IPv6ExtHdrFragment()/e[IPv6].payload\n+ resp = self.px.xfer_protected(e)\n+\n+ # check response\n+ self.assertEqual(resp[IPv6].nh, socket.IPPROTO_FRAGMENT)\n+ self.assertEqual(resp[IPv6ExtHdrFragment].nh, socket.IPPROTO_UDP)\n+\n+ # check UDP\n+ self.assertEqual(resp[UDP].sport, 123)\n+ self.assertEqual(resp[UDP].dport, 456)\n+ self.assertEqual(bytes(resp[UDP].payload), b'abc')\n+\n+\n+pkttest.pkttest()\n", "prefixes": [ "v2", "4/4" ] }