- sa_id_1 = 10000
- sa_id_2 = 20000
- spi_1 = 30000
- spi_2 = 40000
- proto = 50
-
- IPsecUtil.vpp_ipsec_add_spd(node1, spd_id)
- IPsecUtil.vpp_ipsec_spd_add_if(node1, spd_id, interface1)
- IPsecUtil.vpp_ipsec_policy_add(node1, spd_id, p_hi, PolicyAction.BYPASS,
- inbound=False, proto=proto)
- IPsecUtil.vpp_ipsec_policy_add(node1, spd_id, p_hi, PolicyAction.BYPASS,
- inbound=True, proto=proto)
-
- IPsecUtil.vpp_ipsec_add_spd(node2, spd_id)
- IPsecUtil.vpp_ipsec_spd_add_if(node2, spd_id, interface2)
- IPsecUtil.vpp_ipsec_policy_add(node2, spd_id, p_hi, PolicyAction.BYPASS,
- inbound=False, proto=proto)
- IPsecUtil.vpp_ipsec_policy_add(node2, spd_id, p_hi, PolicyAction.BYPASS,
- inbound=True, proto=proto)
-
- IPsecUtil.vpp_ipsec_add_sad_entries(node1, n_tunnels, sa_id_1, spi_1,
- crypto_alg, crypto_key, integ_alg,
- integ_key, tunnel_ip1, tunnel_ip2)
-
- IPsecUtil.vpp_ipsec_spd_add_entries(node1, n_tunnels, spd_id, p_lo,
- False, sa_id_1, raddr_ip2,
- raddr_range)
-
- IPsecUtil.vpp_ipsec_add_sad_entries(node2, n_tunnels, sa_id_1, spi_1,
- crypto_alg, crypto_key, integ_alg,
- integ_key, tunnel_ip1, tunnel_ip2)
-
- IPsecUtil.vpp_ipsec_spd_add_entries(node2, n_tunnels, spd_id, p_lo,
- True, sa_id_1, raddr_ip2,
- raddr_range)
-
- IPsecUtil.vpp_ipsec_add_sad_entries(node2, n_tunnels, sa_id_2, spi_2,
- crypto_alg, crypto_key, integ_alg,
- integ_key, tunnel_ip2, tunnel_ip1)
-
- IPsecUtil.vpp_ipsec_spd_add_entries(node2, n_tunnels, spd_id, p_lo,
- False, sa_id_2, raddr_ip1,
- raddr_range)
-
- IPsecUtil.vpp_ipsec_add_sad_entries(node1, n_tunnels, sa_id_2, spi_2,
- crypto_alg, crypto_key, integ_alg,
- integ_key, tunnel_ip2, tunnel_ip1)
-
- IPsecUtil.vpp_ipsec_spd_add_entries(node1, n_tunnels, spd_id, p_lo,
- True, sa_id_2, raddr_ip1,
- raddr_range)
+ sa_id_1 = 100000
+ sa_id_2 = 200000
+ spi_1 = 300000
+ spi_2 = 400000
+
+ crypto_key = gen_key(IPsecUtil.get_crypto_alg_key_len(crypto_alg))
+ integ_key = gen_key(IPsecUtil.get_integ_alg_key_len(integ_alg))
+
+ IPsecUtil.vpp_ipsec_set_ip_route(
+ nodes['DUT1'], n_tunnels, tunnel_ip1, raddr_ip2, tunnel_ip2,
+ interface1, raddr_range)
+ IPsecUtil.vpp_ipsec_set_ip_route(
+ nodes['DUT2'], n_tunnels, tunnel_ip2, raddr_ip1, tunnel_ip1,
+ interface2, raddr_range)
+
+ IPsecUtil.vpp_ipsec_add_spd(
+ nodes['DUT1'], spd_id)
+ IPsecUtil.vpp_ipsec_spd_add_if(
+ nodes['DUT1'], spd_id, interface1)
+ IPsecUtil.vpp_ipsec_policy_add(
+ nodes['DUT1'], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
+ proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
+ IPsecUtil.vpp_ipsec_policy_add(
+ nodes['DUT1'], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
+ proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
+
+ IPsecUtil.vpp_ipsec_add_spd(
+ nodes['DUT2'], spd_id)
+ IPsecUtil.vpp_ipsec_spd_add_if(
+ nodes['DUT2'], spd_id, interface2)
+ IPsecUtil.vpp_ipsec_policy_add(
+ nodes['DUT2'], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
+ proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
+ IPsecUtil.vpp_ipsec_policy_add(
+ nodes['DUT2'], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
+ proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
+
+ IPsecUtil.vpp_ipsec_add_sad_entries(
+ nodes['DUT1'], n_tunnels, sa_id_1, spi_1, crypto_alg, crypto_key,
+ integ_alg, integ_key, tunnel_ip1, tunnel_ip2)
+
+ IPsecUtil.vpp_ipsec_spd_add_entries(
+ nodes['DUT1'], n_tunnels, spd_id, p_lo, False, sa_id_1, raddr_ip2)
+
+ IPsecUtil.vpp_ipsec_add_sad_entries(
+ nodes['DUT2'], n_tunnels, sa_id_1, spi_1, crypto_alg, crypto_key,
+ integ_alg, integ_key, tunnel_ip1, tunnel_ip2)
+
+ IPsecUtil.vpp_ipsec_spd_add_entries(
+ nodes['DUT2'], n_tunnels, spd_id, p_lo, True, sa_id_1, raddr_ip2)
+
+ IPsecUtil.vpp_ipsec_add_sad_entries(
+ nodes['DUT2'], n_tunnels, sa_id_2, spi_2, crypto_alg, crypto_key,
+ integ_alg, integ_key, tunnel_ip2, tunnel_ip1)
+
+ IPsecUtil.vpp_ipsec_spd_add_entries(
+ nodes['DUT2'], n_tunnels, spd_id, p_lo, False, sa_id_2, raddr_ip1)
+
+ IPsecUtil.vpp_ipsec_add_sad_entries(
+ nodes['DUT1'], n_tunnels, sa_id_2, spi_2, crypto_alg, crypto_key,
+ integ_alg, integ_key, tunnel_ip2, tunnel_ip1)
+
+ IPsecUtil.vpp_ipsec_spd_add_entries(
+ nodes['DUT1'], n_tunnels, spd_id, p_lo, True, sa_id_2, raddr_ip1)