1*4418919fSjohnjiang#!/usr/bin/env python3 2*4418919fSjohnjiang# SPDX-License-Identifier: BSD-3-Clause 3*4418919fSjohnjiang# Copyright(c) 2019 Intel Corporation 4*4418919fSjohnjiang 5*4418919fSjohnjiangfrom scapy.all import * 6*4418919fSjohnjiangimport unittest 7*4418919fSjohnjiangimport pkttest 8*4418919fSjohnjiang 9*4418919fSjohnjiang#{ipv4{ipv4}} test 10*4418919fSjohnjiangSRC_ADDR_IPV4_1 = "192.168.1.1" 11*4418919fSjohnjiangDST_ADDR_IPV4_1 = "192.168.2.1" 12*4418919fSjohnjiang 13*4418919fSjohnjiang#{ipv6{ipv6}} test 14*4418919fSjohnjiangSRC_ADDR_IPV6_1 = "1111:0000:0000:0000:0000:0000:0000:0001" 15*4418919fSjohnjiangDST_ADDR_IPV6_1 = "2222:0000:0000:0000:0000:0000:0000:0001" 16*4418919fSjohnjiang 17*4418919fSjohnjiang#{ipv4{ipv6}} test 18*4418919fSjohnjiangSRC_ADDR_IPV4_2 = "192.168.11.1" 19*4418919fSjohnjiangDST_ADDR_IPV4_2 = "192.168.12.1" 20*4418919fSjohnjiangSRC_ADDR_IPV6_2 = "1111:0000:0000:0000:0000:0000:0001:0001" 21*4418919fSjohnjiangDST_ADDR_IPV6_2 = "2222:0000:0000:0000:0000:0000:0001:0001" 22*4418919fSjohnjiang 23*4418919fSjohnjiang#{ipv6{ipv4}} test 24*4418919fSjohnjiangSRC_ADDR_IPV4_3 = "192.168.21.1" 25*4418919fSjohnjiangDST_ADDR_IPV4_3 = "192.168.22.1" 26*4418919fSjohnjiangSRC_ADDR_IPV6_3 = "1111:0000:0000:0000:0000:0001:0001:0001" 27*4418919fSjohnjiangDST_ADDR_IPV6_3 = "2222:0000:0000:0000:0000:0001:0001:0001" 28*4418919fSjohnjiang 29*4418919fSjohnjiangdef config(): 30*4418919fSjohnjiang return """ 31*4418919fSjohnjiang#outter-ipv4 inner-ipv4 tunnel mode test 32*4418919fSjohnjiangsp ipv4 out esp protect 5 pri 1 \\ 33*4418919fSjohnjiangsrc {0}/32 \\ 34*4418919fSjohnjiangdst {1}/32 \\ 35*4418919fSjohnjiangsport 0:65535 dport 0:65535 36*4418919fSjohnjiang 37*4418919fSjohnjiangsp ipv4 in esp protect 6 pri 1 \\ 38*4418919fSjohnjiangsrc {1}/32 \\ 39*4418919fSjohnjiangdst {0}/32 \\ 40*4418919fSjohnjiangsport 0:65535 dport 0:65535 41*4418919fSjohnjiang 42*4418919fSjohnjiangsa out 5 cipher_algo null auth_algo null mode ipv4-tunnel \\ 43*4418919fSjohnjiangsrc {0} dst {1} 44*4418919fSjohnjiangsa in 6 cipher_algo null auth_algo null mode ipv4-tunnel \\ 45*4418919fSjohnjiangsrc {1} dst {0} 46*4418919fSjohnjiang 47*4418919fSjohnjiangrt ipv4 dst {0}/32 port 1 48*4418919fSjohnjiangrt ipv4 dst {1}/32 port 0 49*4418919fSjohnjiang 50*4418919fSjohnjiang#outter-ipv6 inner-ipv6 tunnel mode test 51*4418919fSjohnjiangsp ipv6 out esp protect 7 pri 1 \\ 52*4418919fSjohnjiangsrc {2}/128 \\ 53*4418919fSjohnjiangdst {3}/128 \\ 54*4418919fSjohnjiangsport 0:65535 dport 0:65535 55*4418919fSjohnjiang 56*4418919fSjohnjiangsp ipv6 in esp protect 8 pri 1 \\ 57*4418919fSjohnjiangsrc {3}/128 \\ 58*4418919fSjohnjiangdst {2}/128 \\ 59*4418919fSjohnjiangsport 0:65535 dport 0:65535 60*4418919fSjohnjiang 61*4418919fSjohnjiangsa out 7 cipher_algo null auth_algo null mode ipv6-tunnel \\ 62*4418919fSjohnjiangsrc {2} dst {3} 63*4418919fSjohnjiangsa in 8 cipher_algo null auth_algo null mode ipv6-tunnel \\ 64*4418919fSjohnjiangsrc {3} dst {2} 65*4418919fSjohnjiang 66*4418919fSjohnjiangrt ipv6 dst {2}/128 port 1 67*4418919fSjohnjiangrt ipv6 dst {3}/128 port 0 68*4418919fSjohnjiang 69*4418919fSjohnjiang#outter-ipv4 inner-ipv6 tunnel mode test 70*4418919fSjohnjiangsp ipv6 out esp protect 9 pri 1 \\ 71*4418919fSjohnjiangsrc {4}/128 \\ 72*4418919fSjohnjiangdst {5}/128 \\ 73*4418919fSjohnjiangsport 0:65535 dport 0:65535 74*4418919fSjohnjiang 75*4418919fSjohnjiangsp ipv6 in esp protect 10 pri 1 \\ 76*4418919fSjohnjiangsrc {5}/128 \\ 77*4418919fSjohnjiangdst {4}/128 \\ 78*4418919fSjohnjiangsport 0:65535 dport 0:65535 79*4418919fSjohnjiang 80*4418919fSjohnjiangsa out 9 cipher_algo null auth_algo null mode ipv4-tunnel \\ 81*4418919fSjohnjiangsrc {6} dst {7} 82*4418919fSjohnjiangsa in 10 cipher_algo null auth_algo null mode ipv4-tunnel \\ 83*4418919fSjohnjiangsrc {7} dst {6} 84*4418919fSjohnjiang 85*4418919fSjohnjiangrt ipv6 dst {4}/128 port 1 86*4418919fSjohnjiangrt ipv4 dst {7}/32 port 0 87*4418919fSjohnjiang 88*4418919fSjohnjiang#outter-ipv6 inner-ipv4 tunnel mode test 89*4418919fSjohnjiangsp ipv4 out esp protect 11 pri 1 \\ 90*4418919fSjohnjiangsrc {8}/32 \\ 91*4418919fSjohnjiangdst {9}/32 \\ 92*4418919fSjohnjiangsport 0:65535 dport 0:65535 93*4418919fSjohnjiang 94*4418919fSjohnjiangsp ipv4 in esp protect 12 pri 1 \\ 95*4418919fSjohnjiangsrc {9}/32 \\ 96*4418919fSjohnjiangdst {8}/32 \\ 97*4418919fSjohnjiangsport 0:65535 dport 0:65535 98*4418919fSjohnjiang 99*4418919fSjohnjiangsa out 11 cipher_algo null auth_algo null mode ipv6-tunnel \\ 100*4418919fSjohnjiangsrc {10} dst {11} 101*4418919fSjohnjiangsa in 12 cipher_algo null auth_algo null mode ipv6-tunnel \\ 102*4418919fSjohnjiangsrc {11} dst {10} 103*4418919fSjohnjiang 104*4418919fSjohnjiangrt ipv4 dst {8}/32 port 1 105*4418919fSjohnjiangrt ipv6 dst {11}/128 port 0 106*4418919fSjohnjiang""".format(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 107*4418919fSjohnjiang SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 108*4418919fSjohnjiang SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, SRC_ADDR_IPV4_2, DST_ADDR_IPV4_2, 109*4418919fSjohnjiang SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, SRC_ADDR_IPV6_3, DST_ADDR_IPV6_3) 110*4418919fSjohnjiang 111*4418919fSjohnjiangECN_ECT0 = 0x02 112*4418919fSjohnjiangECN_ECT1 = 0x01 113*4418919fSjohnjiangECN_CE = 0x03 114*4418919fSjohnjiangDSCP_1 = 0x04 115*4418919fSjohnjiangDSCP_3F = 0xFC 116*4418919fSjohnjiang 117*4418919fSjohnjiangclass TestTunnelHeaderReconstruct(unittest.TestCase): 118*4418919fSjohnjiang def setUp(self): 119*4418919fSjohnjiang self.px = pkttest.PacketXfer() 120*4418919fSjohnjiang th = IP(src=DST_ADDR_IPV4_1, dst=SRC_ADDR_IPV4_1) 121*4418919fSjohnjiang self.sa_ipv4v4 = SecurityAssociation(ESP, spi=6, tunnel_header = th) 122*4418919fSjohnjiang 123*4418919fSjohnjiang th = IPv6(src=DST_ADDR_IPV6_1, dst=SRC_ADDR_IPV6_1) 124*4418919fSjohnjiang self.sa_ipv6v6 = SecurityAssociation(ESP, spi=8, tunnel_header = th) 125*4418919fSjohnjiang 126*4418919fSjohnjiang th = IP(src=DST_ADDR_IPV4_2, dst=SRC_ADDR_IPV4_2) 127*4418919fSjohnjiang self.sa_ipv4v6 = SecurityAssociation(ESP, spi=10, tunnel_header = th) 128*4418919fSjohnjiang 129*4418919fSjohnjiang th = IPv6(src=DST_ADDR_IPV6_3, dst=SRC_ADDR_IPV6_3) 130*4418919fSjohnjiang self.sa_ipv6v4 = SecurityAssociation(ESP, spi=12, tunnel_header = th) 131*4418919fSjohnjiang 132*4418919fSjohnjiang def gen_pkt_plain_ipv4(self, src, dst, tos): 133*4418919fSjohnjiang pkt = IP(src=src, dst=dst, tos=tos) 134*4418919fSjohnjiang pkt /= UDP(sport=123,dport=456)/Raw(load="abc") 135*4418919fSjohnjiang return pkt 136*4418919fSjohnjiang 137*4418919fSjohnjiang def gen_pkt_plain_ipv6(self, src, dst, tc): 138*4418919fSjohnjiang pkt = IPv6(src=src, dst=dst, tc=tc) 139*4418919fSjohnjiang pkt /= UDP(sport=123,dport=456)/Raw(load="abc") 140*4418919fSjohnjiang return pkt 141*4418919fSjohnjiang 142*4418919fSjohnjiang def gen_pkt_tun_ipv4v4(self, tos_outter, tos_inner): 143*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(DST_ADDR_IPV4_1, SRC_ADDR_IPV4_1, 144*4418919fSjohnjiang tos_inner) 145*4418919fSjohnjiang pkt = self.sa_ipv4v4.encrypt(pkt) 146*4418919fSjohnjiang self.assertEqual(pkt[IP].proto, socket.IPPROTO_ESP) 147*4418919fSjohnjiang self.assertEqual(pkt[ESP].spi, 6) 148*4418919fSjohnjiang pkt[IP].tos = tos_outter 149*4418919fSjohnjiang return pkt 150*4418919fSjohnjiang 151*4418919fSjohnjiang def gen_pkt_tun_ipv6v6(self, tc_outter, tc_inner): 152*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(DST_ADDR_IPV6_1, SRC_ADDR_IPV6_1, 153*4418919fSjohnjiang tc_inner) 154*4418919fSjohnjiang pkt = self.sa_ipv6v6.encrypt(pkt) 155*4418919fSjohnjiang self.assertEqual(pkt[IPv6].nh, socket.IPPROTO_ESP) 156*4418919fSjohnjiang self.assertEqual(pkt[ESP].spi, 8) 157*4418919fSjohnjiang pkt[IPv6].tc = tc_outter 158*4418919fSjohnjiang return pkt 159*4418919fSjohnjiang 160*4418919fSjohnjiang def gen_pkt_tun_ipv4v6(self, tos_outter, tc_inner): 161*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(DST_ADDR_IPV6_2, SRC_ADDR_IPV6_2, 162*4418919fSjohnjiang tc_inner) 163*4418919fSjohnjiang pkt = self.sa_ipv4v6.encrypt(pkt) 164*4418919fSjohnjiang self.assertEqual(pkt[IP].proto, socket.IPPROTO_ESP) 165*4418919fSjohnjiang self.assertEqual(pkt[ESP].spi, 10) 166*4418919fSjohnjiang pkt[IP].tos = tos_outter 167*4418919fSjohnjiang return pkt 168*4418919fSjohnjiang 169*4418919fSjohnjiang def gen_pkt_tun_ipv6v4(self, tc_outter, tos_inner): 170*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(DST_ADDR_IPV4_3, SRC_ADDR_IPV4_3, 171*4418919fSjohnjiang tos_inner) 172*4418919fSjohnjiang pkt = self.sa_ipv6v4.encrypt(pkt) 173*4418919fSjohnjiang self.assertEqual(pkt[IPv6].nh, socket.IPPROTO_ESP) 174*4418919fSjohnjiang self.assertEqual(pkt[ESP].spi, 12) 175*4418919fSjohnjiang pkt[IPv6].tc = tc_outter 176*4418919fSjohnjiang return pkt 177*4418919fSjohnjiang 178*4418919fSjohnjiang#RFC4301 5.1.2.1 & 5.1.2.2, outbound packets shall be copied ECN field 179*4418919fSjohnjiang def test_outb_ipv4v4_ecn(self): 180*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 181*4418919fSjohnjiang ECN_ECT1) 182*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 183*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 184*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 5) 185*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_ECT1) 186*4418919fSjohnjiang 187*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 188*4418919fSjohnjiang ECN_ECT0) 189*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 190*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 191*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 5) 192*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_ECT0) 193*4418919fSjohnjiang 194*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 195*4418919fSjohnjiang ECN_CE) 196*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 197*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 198*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 5) 199*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_CE) 200*4418919fSjohnjiang 201*4418919fSjohnjiang def test_outb_ipv6v6_ecn(self): 202*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 203*4418919fSjohnjiang ECN_ECT1) 204*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 205*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 206*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_ECT1) 207*4418919fSjohnjiang 208*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 209*4418919fSjohnjiang ECN_ECT0) 210*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 211*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 212*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 7) 213*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_ECT0) 214*4418919fSjohnjiang 215*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 216*4418919fSjohnjiang ECN_CE) 217*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 218*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 219*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 7) 220*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_CE) 221*4418919fSjohnjiang 222*4418919fSjohnjiang def test_outb_ipv4v6_ecn(self): 223*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 224*4418919fSjohnjiang ECN_ECT1) 225*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 226*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 227*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_ECT1) 228*4418919fSjohnjiang 229*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 230*4418919fSjohnjiang ECN_ECT0) 231*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 232*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 233*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_ECT0) 234*4418919fSjohnjiang 235*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 236*4418919fSjohnjiang ECN_CE) 237*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 238*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 239*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_CE) 240*4418919fSjohnjiang 241*4418919fSjohnjiang def test_outb_ipv6v4_ecn(self): 242*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 243*4418919fSjohnjiang ECN_ECT1) 244*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 245*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 246*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_ECT1) 247*4418919fSjohnjiang 248*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 249*4418919fSjohnjiang ECN_ECT0) 250*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 251*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 252*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_ECT0) 253*4418919fSjohnjiang 254*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 255*4418919fSjohnjiang ECN_CE) 256*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 257*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 258*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_CE) 259*4418919fSjohnjiang 260*4418919fSjohnjiang#RFC4301 5.1.2.1 & 5.1.2.2, if outbound packets ECN is CE (0x3), inbound packets 261*4418919fSjohnjiang#ECN is overwritten to CE, otherwise no change 262*4418919fSjohnjiang 263*4418919fSjohnjiang#Outter header not CE, Inner header should be no change 264*4418919fSjohnjiang def test_inb_ipv4v4_ecn_inner_no_change(self): 265*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v4(ECN_ECT1, ECN_ECT0) 266*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 267*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 268*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_ECT0) 269*4418919fSjohnjiang 270*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v4(ECN_ECT0, ECN_ECT1) 271*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 272*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 273*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_ECT1) 274*4418919fSjohnjiang 275*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v4(ECN_ECT1, ECN_CE) 276*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 277*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 278*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_CE) 279*4418919fSjohnjiang 280*4418919fSjohnjiang def test_inb_ipv6v6_ecn_inner_no_change(self): 281*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v6(ECN_ECT1, ECN_ECT0) 282*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 283*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 284*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_ECT0) 285*4418919fSjohnjiang 286*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v6(ECN_ECT0, ECN_ECT1) 287*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 288*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 289*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_ECT1) 290*4418919fSjohnjiang 291*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v6(ECN_ECT1, ECN_CE) 292*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 293*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 294*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_CE) 295*4418919fSjohnjiang 296*4418919fSjohnjiang def test_inb_ipv4v6_ecn_inner_no_change(self): 297*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v6(ECN_ECT1, ECN_ECT0) 298*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 299*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 300*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_ECT0) 301*4418919fSjohnjiang 302*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v6(ECN_ECT0, ECN_ECT1) 303*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 304*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 305*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_ECT1) 306*4418919fSjohnjiang 307*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v6(ECN_ECT1, ECN_CE) 308*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 309*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 310*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_CE) 311*4418919fSjohnjiang 312*4418919fSjohnjiang def test_inb_ipv6v4_ecn_inner_no_change(self): 313*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v4(ECN_ECT1, ECN_ECT0) 314*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 315*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 316*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_ECT0) 317*4418919fSjohnjiang 318*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v4(ECN_ECT0, ECN_ECT1) 319*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 320*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 321*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_ECT1) 322*4418919fSjohnjiang 323*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v4(ECN_ECT1, ECN_CE) 324*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 325*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 326*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_CE) 327*4418919fSjohnjiang 328*4418919fSjohnjiang#Outter header CE, Inner header should be changed to CE 329*4418919fSjohnjiang def test_inb_ipv4v4_ecn_inner_change(self): 330*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v4(ECN_CE, ECN_ECT0) 331*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 332*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 333*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_CE) 334*4418919fSjohnjiang 335*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v4(ECN_CE, ECN_ECT1) 336*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 337*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 338*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_CE) 339*4418919fSjohnjiang 340*4418919fSjohnjiang def test_inb_ipv6v6_ecn_inner_change(self): 341*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v6(ECN_CE, ECN_ECT0) 342*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 343*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 344*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_CE) 345*4418919fSjohnjiang 346*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v6(ECN_CE, ECN_ECT1) 347*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 348*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 349*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_CE) 350*4418919fSjohnjiang 351*4418919fSjohnjiang def test_inb_ipv4v6_ecn_inner_change(self): 352*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v6(ECN_CE, ECN_ECT0) 353*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 354*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 355*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_CE) 356*4418919fSjohnjiang 357*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v6(ECN_CE, ECN_ECT1) 358*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 359*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 360*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, ECN_CE) 361*4418919fSjohnjiang 362*4418919fSjohnjiang def test_inb_ipv6v4_ecn_inner_change(self): 363*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v4(ECN_CE, ECN_ECT0) 364*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 365*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 366*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_CE) 367*4418919fSjohnjiang 368*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v4(ECN_CE, ECN_ECT1) 369*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 370*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 371*4418919fSjohnjiang self.assertEqual(resp[IP].tos, ECN_CE) 372*4418919fSjohnjiang 373*4418919fSjohnjiang#RFC4301 5.1.2.1.5 Outer DS field should be copied from Inner DS field 374*4418919fSjohnjiang def test_outb_ipv4v4_dscp(self): 375*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 376*4418919fSjohnjiang DSCP_1) 377*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 378*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 379*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 5) 380*4418919fSjohnjiang self.assertEqual(resp[IP].tos, DSCP_1) 381*4418919fSjohnjiang 382*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 383*4418919fSjohnjiang DSCP_3F) 384*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 385*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 386*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 5) 387*4418919fSjohnjiang self.assertEqual(resp[IP].tos, DSCP_3F) 388*4418919fSjohnjiang 389*4418919fSjohnjiang def test_outb_ipv6v6_dscp(self): 390*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 391*4418919fSjohnjiang DSCP_1) 392*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 393*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 394*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 7) 395*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, DSCP_1) 396*4418919fSjohnjiang 397*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 398*4418919fSjohnjiang DSCP_3F) 399*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 400*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 401*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 7) 402*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, DSCP_3F) 403*4418919fSjohnjiang 404*4418919fSjohnjiang def test_outb_ipv4v6_dscp(self): 405*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 406*4418919fSjohnjiang DSCP_1) 407*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 408*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 409*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 9) 410*4418919fSjohnjiang self.assertEqual(resp[IP].tos, DSCP_1) 411*4418919fSjohnjiang 412*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 413*4418919fSjohnjiang DSCP_3F) 414*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 415*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 416*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 9) 417*4418919fSjohnjiang self.assertEqual(resp[IP].tos, DSCP_3F) 418*4418919fSjohnjiang 419*4418919fSjohnjiang def test_outb_ipv6v4_dscp(self): 420*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 421*4418919fSjohnjiang DSCP_1) 422*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 423*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 424*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 11) 425*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, DSCP_1) 426*4418919fSjohnjiang 427*4418919fSjohnjiang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 428*4418919fSjohnjiang DSCP_3F) 429*4418919fSjohnjiang resp = self.px.xfer_unprotected(pkt) 430*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 431*4418919fSjohnjiang self.assertEqual(resp[ESP].spi, 11) 432*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, DSCP_3F) 433*4418919fSjohnjiang 434*4418919fSjohnjiang#RFC4301 5.1.2.1.5 Inner DS field should not be affected by Outer DS field 435*4418919fSjohnjiang def test_inb_ipv4v4_dscp(self): 436*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v4(DSCP_3F, DSCP_1) 437*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 438*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 439*4418919fSjohnjiang self.assertEqual(resp[IP].tos, DSCP_1) 440*4418919fSjohnjiang 441*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v4(DSCP_1, DSCP_3F) 442*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 443*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 444*4418919fSjohnjiang self.assertEqual(resp[IP].tos, DSCP_3F) 445*4418919fSjohnjiang 446*4418919fSjohnjiang def test_inb_ipv6v6_dscp(self): 447*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v6(DSCP_3F, DSCP_1) 448*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 449*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 450*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, DSCP_1) 451*4418919fSjohnjiang 452*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v6(DSCP_1, DSCP_3F) 453*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 454*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 455*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, DSCP_3F) 456*4418919fSjohnjiang 457*4418919fSjohnjiang def test_inb_ipv4v6_dscp(self): 458*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v6(DSCP_3F, DSCP_1) 459*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 460*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 461*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, DSCP_1) 462*4418919fSjohnjiang 463*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv4v6(DSCP_1, DSCP_3F) 464*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 465*4418919fSjohnjiang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 466*4418919fSjohnjiang self.assertEqual(resp[IPv6].tc, DSCP_3F) 467*4418919fSjohnjiang 468*4418919fSjohnjiang def test_inb_ipv6v4_dscp(self): 469*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v4(DSCP_3F, DSCP_1) 470*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 471*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 472*4418919fSjohnjiang self.assertEqual(resp[IP].tos, DSCP_1) 473*4418919fSjohnjiang 474*4418919fSjohnjiang pkt = self.gen_pkt_tun_ipv6v4(DSCP_1, DSCP_3F) 475*4418919fSjohnjiang resp = self.px.xfer_protected(pkt) 476*4418919fSjohnjiang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 477*4418919fSjohnjiang self.assertEqual(resp[IP].tos, DSCP_3F) 478*4418919fSjohnjiang 479*4418919fSjohnjiangpkttest.pkttest() 480