Move TestIpsec function here

Fixes #109

Signed-off-by: Boris Glimcher <[email protected]>

go.mod

@@ -4,6 +4,7 @@ go 1.19
 
 require (
 	github.com/go-chi/chi v1.5.4
+	github.com/go-ping/ping v1.1.0
 	github.com/google/uuid v1.3.0
 	github.com/lithammer/fuzzysearch v1.1.5
 	github.com/opiproject/opi-api v0.0.0-20230202192219-751ab9b6c1e7
@@ -21,6 +22,7 @@ require (
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/sys v0.4.0 // indirect
 	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -4,11 +4,14 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-chi/chi v1.5.4 h1:QHdzF2szwjqVV4wmByUnTcsbIg7UGaQ0tPF2t5GcAIs=
 github.com/go-chi/chi v1.5.4/go.mod h1:uaf8YgoFazUOkPBG7fxPftUylNumIev9awIWOENIuEg=
+github.com/go-ping/ping v1.1.0 h1:3MCGhVX4fyEUuhsfwPrsEdQw6xspHkv5zHsiSoDFZYw=
+github.com/go-ping/ping v1.1.0/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3GfRGk=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
@@ -31,21 +34,24 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
 google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w=
 google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
-google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ=
-google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
 google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
 google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=

pkg/ipsec/ipsec.go

@@ -9,14 +9,16 @@ import (
 	"log"
 	"time"
 
+	"github.com/go-ping/ping"
 	pb "github.com/opiproject/opi-api/security/v1/gen/go"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 )
 
 var (
-	conn    *grpc.ClientConn
-	address = "localhost:50051"
+	conn     *grpc.ClientConn
+	address  = "localhost:50051"
+	pingaddr = "localhost"
 )
 
 // Stats returns statistics information from DPUs regaridng IPSEC
@@ -41,6 +43,179 @@ func Stats() error {
 	return nil
 }
 
+// TestIpsec runs few basic tests establishing ipsec tunnels, version and stats
+func TestIpsec(ctx context.Context, conn grpc.ClientConnInterface) {
+	// IPsec
+	c1 := pb.NewIPsecClient(conn)
+
+	// Load IPsec connection
+	localIpsec := pb.IPsecLoadConnReq{
+		Connection: &pb.Connection{
+			Name:    "opi-test",
+			Version: "2",
+			Vips:    &pb.Vips{Vip: []string{"0.0.0.0"}},
+			LocalAddrs: []*pb.Addrs{
+				{
+					Addr: "192.168.200.200",
+				},
+			},
+			RemoteAddrs: []*pb.Addrs{
+				{
+					Addr: "192.168.200.210",
+				},
+			},
+			LocalAuth:  &pb.LocalAuth{Auth: pb.AuthType_PSK, Id: "[email protected]"},
+			RemoteAuth: &pb.RemoteAuth{Auth: pb.AuthType_PSK, Id: "server.strongswan.org"},
+			Children: []*pb.Child{
+				{
+					Name: "opi-child",
+					EspProposals: &pb.Proposals{
+						CryptoAlg: []pb.CryptoAlgorithm{pb.CryptoAlgorithm_AES256GCM128},
+						IntegAlg:  []pb.IntegAlgorithm{pb.IntegAlgorithm_SHA512},
+						Dhgroups:  []pb.DiffieHellmanGroups{pb.DiffieHellmanGroups_CURVE25519},
+					},
+					RemoteTs: &pb.TrafficSelectors{
+						Ts: []*pb.TrafficSelectors_TrafficSelector{
+							{
+								Cidr: "10.1.0.0/16",
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	getVersion(ctx, c1)
+
+	statsResp, err := c1.IPsecStats(ctx, &pb.IPsecStatsReq{})
+	if err != nil {
+		log.Fatalf("could not get IPsec stats")
+	}
+	log.Printf("IPsec stats\n%s", statsResp.GetStatus())
+
+	rs1, err := c1.IPsecLoadConn(ctx, &localIpsec)
+	if err != nil {
+		log.Fatalf("could not load IPsec tunnel: %v", err)
+	}
+	log.Printf("Loaded: %v", rs1)
+
+	// Bring the connection up
+	initConn := pb.IPsecInitiateReq{
+		Ike:   "opi-test",
+		Child: "opi-child",
+	}
+
+	initRet, err := c1.IPsecInitiate(ctx, &initConn)
+	if err != nil {
+		log.Fatalf("could not initiate IPsec tunnel: %v", err)
+	}
+	log.Printf("Initiated: %v", initRet)
+
+	// List the ikeSas
+	ikeSas := pb.IPsecListSasReq{
+		Ike: "opi-test",
+	}
+
+	listSasRet, err := c1.IPsecListSas(ctx, &ikeSas)
+	if err != nil {
+		log.Fatalf("could not list ikeSas: %v", err)
+	}
+	log.Printf("Returned ikeSas: %v", listSasRet)
+
+	// List the connections
+	listConn := pb.IPsecListConnsReq{
+		Ike: "opi-test",
+	}
+
+	listConnsRet, err := c1.IPsecListConns(ctx, &listConn)
+	if err != nil {
+		log.Fatalf("could not list connections: %v", err)
+	}
+	log.Printf("Returned connections: %v", listConnsRet)
+
+	// List the certificates
+	listCerts := pb.IPsecListCertsReq{
+		Type: "any",
+	}
+
+	listCertsRet, err := c1.IPsecListCerts(ctx, &listCerts)
+	if err != nil {
+		log.Fatalf("could not list certificates: %v", err)
+	}
+	log.Printf("Returned connections: %v", listCertsRet)
+
+	// Ping across the tunnel.
+	doPing()
+
+	// Rekey the IKE_SA
+	rekeyConn := pb.IPsecRekeyReq{
+		Ike: "opi-test",
+	}
+
+	rekeyRet, err := c1.IPsecRekey(ctx, &rekeyConn)
+	if err != nil {
+		log.Fatalf("could not rekey IPsec tunnel: %v", err)
+	}
+	log.Printf("Rekeyed IKE_SA %s: %v", "opi-test", rekeyRet)
+
+	doCleanup(ctx, c1)
+}
+
+func doCleanup(ctx context.Context, client pb.IPsecClient) {
+	// Terminate the connection
+	termConn := pb.IPsecTerminateReq{
+		Ike: "opi-test",
+	}
+
+	termRet, err := client.IPsecTerminate(ctx, &termConn)
+	if err != nil {
+		log.Fatalf("could not terminate IPsec tunnel: %v", err)
+	}
+	log.Printf("Terminate: %v", termRet)
+
+	// Unload
+	unloadIpsec := pb.IPsecUnloadConnReq{
+		Name: "opi-test",
+	}
+
+	rs2, err := client.IPsecUnloadConn(ctx, &unloadIpsec)
+	if err != nil {
+		log.Fatalf("could not unload IPsec tunnel: %v", err)
+	}
+	log.Printf("Unloaded: %v", rs2)
+}
+
+func getVersion(ctx context.Context, client pb.IPsecClient) {
+	vresp, err := client.IPsecVersion(ctx, &pb.IPsecVersionReq{})
+	if err != nil {
+		log.Fatalf("could not get IPsec version")
+	}
+	log.Printf("Daemon  [%v]", vresp.GetDaemon())
+	log.Printf("Version [%v]", vresp.GetVersion())
+	log.Printf("Sysname [%v]", vresp.GetSysname())
+	log.Printf("Release [%v]", vresp.GetRelease())
+	log.Printf("Machine [%v]", vresp.GetMachine())
+}
+
+func doPing() {
+	// .NOTE: The container this test runs in is linked to the appropriate
+	//        strongSwan container.
+	pinger, err := ping.NewPinger(pingaddr)
+	if err != nil {
+		log.Fatalf("Cannot create Pinger")
+	}
+	pinger.Count = 5
+	// .NOTE: This blocks until it finishes
+	err = pinger.Run()
+	if err != nil {
+		log.Fatalf("Ping command to host 10.3.0.1 failed")
+	}
+	stats := pinger.Statistics() // get send/receive/duplicate/rtt stats
+
+	log.Printf("Ping stats: %v", stats)
+}
+
 func dialConnection() error {
 	var err error
 	conn, err = grpc.Dial(address, grpc.WithTransportCredentials(insecure.NewCredentials()))