1*1cfd1559SFan Zhang#!/usr/bin/env python3 2*1cfd1559SFan Zhang# SPDX-License-Identifier: BSD-3-Clause 3*1cfd1559SFan Zhang# Copyright(c) 2019 Intel Corporation 4*1cfd1559SFan Zhang 5*1cfd1559SFan Zhangfrom scapy.all import * 6*1cfd1559SFan Zhangimport unittest 7*1cfd1559SFan Zhangimport pkttest 8*1cfd1559SFan Zhang 9*1cfd1559SFan Zhang#{ipv4{ipv4}} test 10*1cfd1559SFan ZhangSRC_ADDR_IPV4_1 = "192.168.1.1" 11*1cfd1559SFan ZhangDST_ADDR_IPV4_1 = "192.168.2.1" 12*1cfd1559SFan Zhang 13*1cfd1559SFan Zhang#{ipv6{ipv6}} test 14*1cfd1559SFan ZhangSRC_ADDR_IPV6_1 = "1111:0000:0000:0000:0000:0000:0000:0001" 15*1cfd1559SFan ZhangDST_ADDR_IPV6_1 = "2222:0000:0000:0000:0000:0000:0000:0001" 16*1cfd1559SFan Zhang 17*1cfd1559SFan Zhang#{ipv4{ipv6}} test 18*1cfd1559SFan ZhangSRC_ADDR_IPV4_2 = "192.168.11.1" 19*1cfd1559SFan ZhangDST_ADDR_IPV4_2 = "192.168.12.1" 20*1cfd1559SFan ZhangSRC_ADDR_IPV6_2 = "1111:0000:0000:0000:0000:0000:0001:0001" 21*1cfd1559SFan ZhangDST_ADDR_IPV6_2 = "2222:0000:0000:0000:0000:0000:0001:0001" 22*1cfd1559SFan Zhang 23*1cfd1559SFan Zhang#{ipv6{ipv4}} test 24*1cfd1559SFan ZhangSRC_ADDR_IPV4_3 = "192.168.21.1" 25*1cfd1559SFan ZhangDST_ADDR_IPV4_3 = "192.168.22.1" 26*1cfd1559SFan ZhangSRC_ADDR_IPV6_3 = "1111:0000:0000:0000:0000:0001:0001:0001" 27*1cfd1559SFan ZhangDST_ADDR_IPV6_3 = "2222:0000:0000:0000:0000:0001:0001:0001" 28*1cfd1559SFan Zhang 29*1cfd1559SFan Zhangdef config(): 30*1cfd1559SFan Zhang return """ 31*1cfd1559SFan Zhang#outter-ipv4 inner-ipv4 tunnel mode test 32*1cfd1559SFan Zhangsp ipv4 out esp protect 5 pri 1 \\ 33*1cfd1559SFan Zhangsrc {0}/32 \\ 34*1cfd1559SFan Zhangdst {1}/32 \\ 35*1cfd1559SFan Zhangsport 0:65535 dport 0:65535 36*1cfd1559SFan Zhang 37*1cfd1559SFan Zhangsp ipv4 in esp protect 6 pri 1 \\ 38*1cfd1559SFan Zhangsrc {1}/32 \\ 39*1cfd1559SFan Zhangdst {0}/32 \\ 40*1cfd1559SFan Zhangsport 0:65535 dport 0:65535 41*1cfd1559SFan Zhang 42*1cfd1559SFan Zhangsa out 5 cipher_algo null auth_algo null mode ipv4-tunnel \\ 43*1cfd1559SFan Zhangsrc {0} dst {1} 44*1cfd1559SFan Zhangsa in 6 cipher_algo null auth_algo null mode ipv4-tunnel \\ 45*1cfd1559SFan Zhangsrc {1} dst {0} 46*1cfd1559SFan Zhang 47*1cfd1559SFan Zhangrt ipv4 dst {0}/32 port 1 48*1cfd1559SFan Zhangrt ipv4 dst {1}/32 port 0 49*1cfd1559SFan Zhang 50*1cfd1559SFan Zhang#outter-ipv6 inner-ipv6 tunnel mode test 51*1cfd1559SFan Zhangsp ipv6 out esp protect 7 pri 1 \\ 52*1cfd1559SFan Zhangsrc {2}/128 \\ 53*1cfd1559SFan Zhangdst {3}/128 \\ 54*1cfd1559SFan Zhangsport 0:65535 dport 0:65535 55*1cfd1559SFan Zhang 56*1cfd1559SFan Zhangsp ipv6 in esp protect 8 pri 1 \\ 57*1cfd1559SFan Zhangsrc {3}/128 \\ 58*1cfd1559SFan Zhangdst {2}/128 \\ 59*1cfd1559SFan Zhangsport 0:65535 dport 0:65535 60*1cfd1559SFan Zhang 61*1cfd1559SFan Zhangsa out 7 cipher_algo null auth_algo null mode ipv6-tunnel \\ 62*1cfd1559SFan Zhangsrc {2} dst {3} 63*1cfd1559SFan Zhangsa in 8 cipher_algo null auth_algo null mode ipv6-tunnel \\ 64*1cfd1559SFan Zhangsrc {3} dst {2} 65*1cfd1559SFan Zhang 66*1cfd1559SFan Zhangrt ipv6 dst {2}/128 port 1 67*1cfd1559SFan Zhangrt ipv6 dst {3}/128 port 0 68*1cfd1559SFan Zhang 69*1cfd1559SFan Zhang#outter-ipv4 inner-ipv6 tunnel mode test 70*1cfd1559SFan Zhangsp ipv6 out esp protect 9 pri 1 \\ 71*1cfd1559SFan Zhangsrc {4}/128 \\ 72*1cfd1559SFan Zhangdst {5}/128 \\ 73*1cfd1559SFan Zhangsport 0:65535 dport 0:65535 74*1cfd1559SFan Zhang 75*1cfd1559SFan Zhangsp ipv6 in esp protect 10 pri 1 \\ 76*1cfd1559SFan Zhangsrc {5}/128 \\ 77*1cfd1559SFan Zhangdst {4}/128 \\ 78*1cfd1559SFan Zhangsport 0:65535 dport 0:65535 79*1cfd1559SFan Zhang 80*1cfd1559SFan Zhangsa out 9 cipher_algo null auth_algo null mode ipv4-tunnel \\ 81*1cfd1559SFan Zhangsrc {6} dst {7} 82*1cfd1559SFan Zhangsa in 10 cipher_algo null auth_algo null mode ipv4-tunnel \\ 83*1cfd1559SFan Zhangsrc {7} dst {6} 84*1cfd1559SFan Zhang 85*1cfd1559SFan Zhangrt ipv6 dst {4}/128 port 1 86*1cfd1559SFan Zhangrt ipv4 dst {7}/32 port 0 87*1cfd1559SFan Zhang 88*1cfd1559SFan Zhang#outter-ipv6 inner-ipv4 tunnel mode test 89*1cfd1559SFan Zhangsp ipv4 out esp protect 11 pri 1 \\ 90*1cfd1559SFan Zhangsrc {8}/32 \\ 91*1cfd1559SFan Zhangdst {9}/32 \\ 92*1cfd1559SFan Zhangsport 0:65535 dport 0:65535 93*1cfd1559SFan Zhang 94*1cfd1559SFan Zhangsp ipv4 in esp protect 12 pri 1 \\ 95*1cfd1559SFan Zhangsrc {9}/32 \\ 96*1cfd1559SFan Zhangdst {8}/32 \\ 97*1cfd1559SFan Zhangsport 0:65535 dport 0:65535 98*1cfd1559SFan Zhang 99*1cfd1559SFan Zhangsa out 11 cipher_algo null auth_algo null mode ipv6-tunnel \\ 100*1cfd1559SFan Zhangsrc {10} dst {11} 101*1cfd1559SFan Zhangsa in 12 cipher_algo null auth_algo null mode ipv6-tunnel \\ 102*1cfd1559SFan Zhangsrc {11} dst {10} 103*1cfd1559SFan Zhang 104*1cfd1559SFan Zhangrt ipv4 dst {8}/32 port 1 105*1cfd1559SFan Zhangrt ipv6 dst {11}/128 port 0 106*1cfd1559SFan Zhang""".format(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 107*1cfd1559SFan Zhang SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 108*1cfd1559SFan Zhang SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, SRC_ADDR_IPV4_2, DST_ADDR_IPV4_2, 109*1cfd1559SFan Zhang SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, SRC_ADDR_IPV6_3, DST_ADDR_IPV6_3) 110*1cfd1559SFan Zhang 111*1cfd1559SFan ZhangECN_ECT0 = 0x02 112*1cfd1559SFan ZhangECN_ECT1 = 0x01 113*1cfd1559SFan ZhangECN_CE = 0x03 114*1cfd1559SFan ZhangDSCP_1 = 0x04 115*1cfd1559SFan ZhangDSCP_3F = 0xFC 116*1cfd1559SFan Zhang 117*1cfd1559SFan Zhangclass TestTunnelHeaderReconstruct(unittest.TestCase): 118*1cfd1559SFan Zhang def setUp(self): 119*1cfd1559SFan Zhang self.px = pkttest.PacketXfer() 120*1cfd1559SFan Zhang th = IP(src=DST_ADDR_IPV4_1, dst=SRC_ADDR_IPV4_1) 121*1cfd1559SFan Zhang self.sa_ipv4v4 = SecurityAssociation(ESP, spi=6, tunnel_header = th) 122*1cfd1559SFan Zhang 123*1cfd1559SFan Zhang th = IPv6(src=DST_ADDR_IPV6_1, dst=SRC_ADDR_IPV6_1) 124*1cfd1559SFan Zhang self.sa_ipv6v6 = SecurityAssociation(ESP, spi=8, tunnel_header = th) 125*1cfd1559SFan Zhang 126*1cfd1559SFan Zhang th = IP(src=DST_ADDR_IPV4_2, dst=SRC_ADDR_IPV4_2) 127*1cfd1559SFan Zhang self.sa_ipv4v6 = SecurityAssociation(ESP, spi=10, tunnel_header = th) 128*1cfd1559SFan Zhang 129*1cfd1559SFan Zhang th = IPv6(src=DST_ADDR_IPV6_3, dst=SRC_ADDR_IPV6_3) 130*1cfd1559SFan Zhang self.sa_ipv6v4 = SecurityAssociation(ESP, spi=12, tunnel_header = th) 131*1cfd1559SFan Zhang 132*1cfd1559SFan Zhang def gen_pkt_plain_ipv4(self, src, dst, tos): 133*1cfd1559SFan Zhang pkt = IP(src=src, dst=dst, tos=tos) 134*1cfd1559SFan Zhang pkt /= UDP(sport=123,dport=456)/Raw(load="abc") 135*1cfd1559SFan Zhang return pkt 136*1cfd1559SFan Zhang 137*1cfd1559SFan Zhang def gen_pkt_plain_ipv6(self, src, dst, tc): 138*1cfd1559SFan Zhang pkt = IPv6(src=src, dst=dst, tc=tc) 139*1cfd1559SFan Zhang pkt /= UDP(sport=123,dport=456)/Raw(load="abc") 140*1cfd1559SFan Zhang return pkt 141*1cfd1559SFan Zhang 142*1cfd1559SFan Zhang def gen_pkt_tun_ipv4v4(self, tos_outter, tos_inner): 143*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(DST_ADDR_IPV4_1, SRC_ADDR_IPV4_1, 144*1cfd1559SFan Zhang tos_inner) 145*1cfd1559SFan Zhang pkt = self.sa_ipv4v4.encrypt(pkt) 146*1cfd1559SFan Zhang self.assertEqual(pkt[IP].proto, socket.IPPROTO_ESP) 147*1cfd1559SFan Zhang self.assertEqual(pkt[ESP].spi, 6) 148*1cfd1559SFan Zhang pkt[IP].tos = tos_outter 149*1cfd1559SFan Zhang return pkt 150*1cfd1559SFan Zhang 151*1cfd1559SFan Zhang def gen_pkt_tun_ipv6v6(self, tc_outter, tc_inner): 152*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(DST_ADDR_IPV6_1, SRC_ADDR_IPV6_1, 153*1cfd1559SFan Zhang tc_inner) 154*1cfd1559SFan Zhang pkt = self.sa_ipv6v6.encrypt(pkt) 155*1cfd1559SFan Zhang self.assertEqual(pkt[IPv6].nh, socket.IPPROTO_ESP) 156*1cfd1559SFan Zhang self.assertEqual(pkt[ESP].spi, 8) 157*1cfd1559SFan Zhang pkt[IPv6].tc = tc_outter 158*1cfd1559SFan Zhang return pkt 159*1cfd1559SFan Zhang 160*1cfd1559SFan Zhang def gen_pkt_tun_ipv4v6(self, tos_outter, tc_inner): 161*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(DST_ADDR_IPV6_2, SRC_ADDR_IPV6_2, 162*1cfd1559SFan Zhang tc_inner) 163*1cfd1559SFan Zhang pkt = self.sa_ipv4v6.encrypt(pkt) 164*1cfd1559SFan Zhang self.assertEqual(pkt[IP].proto, socket.IPPROTO_ESP) 165*1cfd1559SFan Zhang self.assertEqual(pkt[ESP].spi, 10) 166*1cfd1559SFan Zhang pkt[IP].tos = tos_outter 167*1cfd1559SFan Zhang return pkt 168*1cfd1559SFan Zhang 169*1cfd1559SFan Zhang def gen_pkt_tun_ipv6v4(self, tc_outter, tos_inner): 170*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(DST_ADDR_IPV4_3, SRC_ADDR_IPV4_3, 171*1cfd1559SFan Zhang tos_inner) 172*1cfd1559SFan Zhang pkt = self.sa_ipv6v4.encrypt(pkt) 173*1cfd1559SFan Zhang self.assertEqual(pkt[IPv6].nh, socket.IPPROTO_ESP) 174*1cfd1559SFan Zhang self.assertEqual(pkt[ESP].spi, 12) 175*1cfd1559SFan Zhang pkt[IPv6].tc = tc_outter 176*1cfd1559SFan Zhang return pkt 177*1cfd1559SFan Zhang 178*1cfd1559SFan Zhang#RFC4301 5.1.2.1 & 5.1.2.2, outbound packets shall be copied ECN field 179*1cfd1559SFan Zhang def test_outb_ipv4v4_ecn(self): 180*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 181*1cfd1559SFan Zhang ECN_ECT1) 182*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 183*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 184*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 5) 185*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_ECT1) 186*1cfd1559SFan Zhang 187*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 188*1cfd1559SFan Zhang ECN_ECT0) 189*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 190*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 191*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 5) 192*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_ECT0) 193*1cfd1559SFan Zhang 194*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 195*1cfd1559SFan Zhang ECN_CE) 196*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 197*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 198*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 5) 199*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_CE) 200*1cfd1559SFan Zhang 201*1cfd1559SFan Zhang def test_outb_ipv6v6_ecn(self): 202*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 203*1cfd1559SFan Zhang ECN_ECT1) 204*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 205*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 206*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_ECT1) 207*1cfd1559SFan Zhang 208*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 209*1cfd1559SFan Zhang ECN_ECT0) 210*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 211*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 212*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 7) 213*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_ECT0) 214*1cfd1559SFan Zhang 215*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 216*1cfd1559SFan Zhang ECN_CE) 217*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 218*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 219*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 7) 220*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_CE) 221*1cfd1559SFan Zhang 222*1cfd1559SFan Zhang def test_outb_ipv4v6_ecn(self): 223*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 224*1cfd1559SFan Zhang ECN_ECT1) 225*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 226*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 227*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_ECT1) 228*1cfd1559SFan Zhang 229*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 230*1cfd1559SFan Zhang ECN_ECT0) 231*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 232*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 233*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_ECT0) 234*1cfd1559SFan Zhang 235*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 236*1cfd1559SFan Zhang ECN_CE) 237*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 238*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 239*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_CE) 240*1cfd1559SFan Zhang 241*1cfd1559SFan Zhang def test_outb_ipv6v4_ecn(self): 242*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 243*1cfd1559SFan Zhang ECN_ECT1) 244*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 245*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 246*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_ECT1) 247*1cfd1559SFan Zhang 248*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 249*1cfd1559SFan Zhang ECN_ECT0) 250*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 251*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 252*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_ECT0) 253*1cfd1559SFan Zhang 254*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 255*1cfd1559SFan Zhang ECN_CE) 256*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 257*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 258*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_CE) 259*1cfd1559SFan Zhang 260*1cfd1559SFan Zhang#RFC4301 5.1.2.1 & 5.1.2.2, if outbound packets ECN is CE (0x3), inbound packets 261*1cfd1559SFan Zhang#ECN is overwritten to CE, otherwise no change 262*1cfd1559SFan Zhang 263*1cfd1559SFan Zhang#Outter header not CE, Inner header should be no change 264*1cfd1559SFan Zhang def test_inb_ipv4v4_ecn_inner_no_change(self): 265*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v4(ECN_ECT1, ECN_ECT0) 266*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 267*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 268*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_ECT0) 269*1cfd1559SFan Zhang 270*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v4(ECN_ECT0, ECN_ECT1) 271*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 272*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 273*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_ECT1) 274*1cfd1559SFan Zhang 275*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v4(ECN_ECT1, ECN_CE) 276*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 277*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 278*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_CE) 279*1cfd1559SFan Zhang 280*1cfd1559SFan Zhang def test_inb_ipv6v6_ecn_inner_no_change(self): 281*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v6(ECN_ECT1, ECN_ECT0) 282*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 283*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 284*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_ECT0) 285*1cfd1559SFan Zhang 286*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v6(ECN_ECT0, ECN_ECT1) 287*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 288*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 289*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_ECT1) 290*1cfd1559SFan Zhang 291*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v6(ECN_ECT1, ECN_CE) 292*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 293*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 294*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_CE) 295*1cfd1559SFan Zhang 296*1cfd1559SFan Zhang def test_inb_ipv4v6_ecn_inner_no_change(self): 297*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v6(ECN_ECT1, ECN_ECT0) 298*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 299*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 300*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_ECT0) 301*1cfd1559SFan Zhang 302*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v6(ECN_ECT0, ECN_ECT1) 303*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 304*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 305*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_ECT1) 306*1cfd1559SFan Zhang 307*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v6(ECN_ECT1, ECN_CE) 308*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 309*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 310*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_CE) 311*1cfd1559SFan Zhang 312*1cfd1559SFan Zhang def test_inb_ipv6v4_ecn_inner_no_change(self): 313*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v4(ECN_ECT1, ECN_ECT0) 314*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 315*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 316*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_ECT0) 317*1cfd1559SFan Zhang 318*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v4(ECN_ECT0, ECN_ECT1) 319*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 320*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 321*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_ECT1) 322*1cfd1559SFan Zhang 323*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v4(ECN_ECT1, ECN_CE) 324*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 325*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 326*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_CE) 327*1cfd1559SFan Zhang 328*1cfd1559SFan Zhang#Outter header CE, Inner header should be changed to CE 329*1cfd1559SFan Zhang def test_inb_ipv4v4_ecn_inner_change(self): 330*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v4(ECN_CE, ECN_ECT0) 331*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 332*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 333*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_CE) 334*1cfd1559SFan Zhang 335*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v4(ECN_CE, ECN_ECT1) 336*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 337*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 338*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_CE) 339*1cfd1559SFan Zhang 340*1cfd1559SFan Zhang def test_inb_ipv6v6_ecn_inner_change(self): 341*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v6(ECN_CE, ECN_ECT0) 342*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 343*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 344*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_CE) 345*1cfd1559SFan Zhang 346*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v6(ECN_CE, ECN_ECT1) 347*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 348*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 349*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_CE) 350*1cfd1559SFan Zhang 351*1cfd1559SFan Zhang def test_inb_ipv4v6_ecn_inner_change(self): 352*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v6(ECN_CE, ECN_ECT0) 353*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 354*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 355*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_CE) 356*1cfd1559SFan Zhang 357*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v6(ECN_CE, ECN_ECT1) 358*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 359*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 360*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, ECN_CE) 361*1cfd1559SFan Zhang 362*1cfd1559SFan Zhang def test_inb_ipv6v4_ecn_inner_change(self): 363*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v4(ECN_CE, ECN_ECT0) 364*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 365*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 366*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_CE) 367*1cfd1559SFan Zhang 368*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v4(ECN_CE, ECN_ECT1) 369*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 370*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 371*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, ECN_CE) 372*1cfd1559SFan Zhang 373*1cfd1559SFan Zhang#RFC4301 5.1.2.1.5 Outer DS field should be copied from Inner DS field 374*1cfd1559SFan Zhang def test_outb_ipv4v4_dscp(self): 375*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 376*1cfd1559SFan Zhang DSCP_1) 377*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 378*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 379*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 5) 380*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, DSCP_1) 381*1cfd1559SFan Zhang 382*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_1, DST_ADDR_IPV4_1, 383*1cfd1559SFan Zhang DSCP_3F) 384*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 385*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 386*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 5) 387*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, DSCP_3F) 388*1cfd1559SFan Zhang 389*1cfd1559SFan Zhang def test_outb_ipv6v6_dscp(self): 390*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 391*1cfd1559SFan Zhang DSCP_1) 392*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 393*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 394*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 7) 395*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, DSCP_1) 396*1cfd1559SFan Zhang 397*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_1, DST_ADDR_IPV6_1, 398*1cfd1559SFan Zhang DSCP_3F) 399*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 400*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 401*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 7) 402*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, DSCP_3F) 403*1cfd1559SFan Zhang 404*1cfd1559SFan Zhang def test_outb_ipv4v6_dscp(self): 405*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 406*1cfd1559SFan Zhang DSCP_1) 407*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 408*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 409*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 9) 410*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, DSCP_1) 411*1cfd1559SFan Zhang 412*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv6(SRC_ADDR_IPV6_2, DST_ADDR_IPV6_2, 413*1cfd1559SFan Zhang DSCP_3F) 414*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 415*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_ESP) 416*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 9) 417*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, DSCP_3F) 418*1cfd1559SFan Zhang 419*1cfd1559SFan Zhang def test_outb_ipv6v4_dscp(self): 420*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 421*1cfd1559SFan Zhang DSCP_1) 422*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 423*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 424*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 11) 425*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, DSCP_1) 426*1cfd1559SFan Zhang 427*1cfd1559SFan Zhang pkt = self.gen_pkt_plain_ipv4(SRC_ADDR_IPV4_3, DST_ADDR_IPV4_3, 428*1cfd1559SFan Zhang DSCP_3F) 429*1cfd1559SFan Zhang resp = self.px.xfer_unprotected(pkt) 430*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_ESP) 431*1cfd1559SFan Zhang self.assertEqual(resp[ESP].spi, 11) 432*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, DSCP_3F) 433*1cfd1559SFan Zhang 434*1cfd1559SFan Zhang#RFC4301 5.1.2.1.5 Inner DS field should not be affected by Outer DS field 435*1cfd1559SFan Zhang def test_inb_ipv4v4_dscp(self): 436*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v4(DSCP_3F, DSCP_1) 437*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 438*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 439*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, DSCP_1) 440*1cfd1559SFan Zhang 441*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v4(DSCP_1, DSCP_3F) 442*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 443*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 444*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, DSCP_3F) 445*1cfd1559SFan Zhang 446*1cfd1559SFan Zhang def test_inb_ipv6v6_dscp(self): 447*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v6(DSCP_3F, DSCP_1) 448*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 449*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 450*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, DSCP_1) 451*1cfd1559SFan Zhang 452*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v6(DSCP_1, DSCP_3F) 453*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 454*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 455*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, DSCP_3F) 456*1cfd1559SFan Zhang 457*1cfd1559SFan Zhang def test_inb_ipv4v6_dscp(self): 458*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v6(DSCP_3F, DSCP_1) 459*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 460*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 461*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, DSCP_1) 462*1cfd1559SFan Zhang 463*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv4v6(DSCP_1, DSCP_3F) 464*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 465*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].nh, socket.IPPROTO_UDP) 466*1cfd1559SFan Zhang self.assertEqual(resp[IPv6].tc, DSCP_3F) 467*1cfd1559SFan Zhang 468*1cfd1559SFan Zhang def test_inb_ipv6v4_dscp(self): 469*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v4(DSCP_3F, DSCP_1) 470*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 471*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 472*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, DSCP_1) 473*1cfd1559SFan Zhang 474*1cfd1559SFan Zhang pkt = self.gen_pkt_tun_ipv6v4(DSCP_1, DSCP_3F) 475*1cfd1559SFan Zhang resp = self.px.xfer_protected(pkt) 476*1cfd1559SFan Zhang self.assertEqual(resp[IP].proto, socket.IPPROTO_UDP) 477*1cfd1559SFan Zhang self.assertEqual(resp[IP].tos, DSCP_3F) 478*1cfd1559SFan Zhang 479*1cfd1559SFan Zhangpkttest.pkttest() 480