ipsec: Introduce IPsec system tests for Libreswan.

This patch adds system tests for OVS IPsec using Libreswan. If Libreswan is not present on the system, the tests will be skipped. These tests set up an underlay switch with bridge 'br0' to carry encrypted traffic between two emulated "nodes". Each "node" is a separate network namespace ('left' and 'right') and runs an instance of the Libreswan "pluto" daemon, ovs-monitor-ipsec, ovs-vswitch and ovsdb-server. Each test sets up IPsec between the two emulated "nodes" using various configurations (currently tunnel type, IPv6/IPv6, authentication method, local_ip). After configuration, connectivity between the two nodes is tested and the underlay traffic is also inspected to ensure the traffic is encrypted. All IPsec system tests can be run by using the ipsec keyword: sudo make check-kernel TESTSUITEFLAGS='-k ipsec' Signed-off-by: Mark Gray <mark.d.gray@redhat.com> Acked-by: Aaron Conole <aconole@redhat.com> Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
openvswitch · Apr 1, 2021 · 8fc62df · 8fc62df
1 parent d6afbc0
commit 8fc62df
Show file tree

Hide file tree

Showing 3 changed files with 409 additions and 1 deletion.
diff --git a/tests/automake.mk b/tests/automake.mk
@@ -173,6 +173,7 @@ SYSTEM_TESTSUITE_AT = \
 	tests/system-common-macros.at \
 	tests/system-layer3-tunnels.at \
 	tests/system-traffic.at \
+	tests/system-ipsec.at \
 	tests/system-interface.at
 
 SYSTEM_OFFLOADS_TESTSUITE_AT = \
@@ -200,7 +201,7 @@ SYSTEM_DPDK_TESTSUITE = $(srcdir)/tests/system-dpdk-testsuite
 OVSDB_CLUSTER_TESTSUITE = $(srcdir)/tests/ovsdb-cluster-testsuite
 DISTCLEANFILES += tests/atconfig tests/atlocal
 
-AUTOTEST_PATH = utilities:vswitchd:ovsdb:vtep:tests:$(PTHREAD_WIN32_DIR_DLL):$(SSL_DIR)
+AUTOTEST_PATH = utilities:vswitchd:ovsdb:vtep:tests:ipsec:$(PTHREAD_WIN32_DIR_DLL):$(SSL_DIR)
 
 check-local:
 	set $(SHELL) '$(TESTSUITE)' -C tests AUTOTEST_PATH=$(AUTOTEST_PATH); \