IpsecEspAeadRecipe
- class lnst.Recipes.ENRT.IpsecEspAeadRecipe.IpsecEspAeadRecipe(**kwargs)
Bases:
CommonHWSubConfigMixin
,BaremetalEnrtRecipe
,PacketAssertTestAndEvaluate
This recipe implements Enrt testing for a simple IPsec scenario that looks as follows
+--------+ +------+ switch +-----+ | +--------+ | +--+-+ +-+--+ +-|eth0|-+ +-|eth0|-+ | +----+ | | +----+ | | host1 | | host2 | +--------+ +--------+
The recipe provides additional recipe parameter to configure IPsec tunel.
- param ipsec_mode:
mode of the ipsec tunnel
All sub configurations are included via Mixin classes.
The actual test machinery is implemented in the
BaseEnrtRecipe
class.- test_wide_configuration()
Test wide configuration for this recipe involves just adding an IPv4 and IPv6 address to the matched eth0 nics on both hosts and route between them.
host1.eth0 = 192.168.101.1/24 and fc00::1/64
host2.eth0 = 192.168.101.2/24 and fc00::2/64
- generate_test_wide_description(config: EnrtConfiguration)
Test wide description is extended with the configured IP addresses, specified IPsec algorithm, key length and integrity check value length.
- generate_sub_configurations(config)
Test wide configuration is extended with subconfiguration containing IPsec tunnel with predefined parameters for both IP versions.
- apply_sub_configuration(config)
Subconfiguration containing IPsec tunnel is applied through XfrmTools class.
- generate_ping_configurations(config)
The ping endpoints for this recipe are the configured endpoints of the IPsec tunnel on both hosts.
- generate_flow_combinations(config)
Flow combinations are generated based on the tunnel endpoints and test parameters.
- ping_test(ping_configs)
Ping test is utilizing PacketAssert class to search for the appropriate ESP IP packet. Result of ping test is handed to the super class’ method.
Returned as:
(ping_result, pa_config, pa_result)