- tunnel_src=str(src_addr),
- tunnel_dst=str(dst_addr),
- tunnel_flags=int(
- TunnelEncpaDecapFlags.TUNNEL_API_ENCAP_DECAP_FLAG_NONE
+ tunnel=dict(
+ src=str(src_addr),
+ dst=str(dst_addr),
+ table_id=0,
+ encap_decap_flags=int(
+ TunnelEncpaDecapFlags.TUNNEL_API_ENCAP_DECAP_FLAG_NONE
+ ),
+ dscp=int(IpDscp.IP_API_DSCP_CS0),
protocol=int(IPsecProto.IPSEC_API_PROTO_ESP),
udp_src_port=4500, # default value in api
udp_dst_port=4500 # default value in api
protocol=int(IPsecProto.IPSEC_API_PROTO_ESP),
udp_src_port=4500, # default value in api
udp_dst_port=4500 # default value in api
- tunnel_src=str(src_addr),
- tunnel_dst=str(dst_addr),
- tunnel_flags=int(
- TunnelEncpaDecapFlags.TUNNEL_API_ENCAP_DECAP_FLAG_NONE
+ tunnel=dict(
+ src=str(src_addr),
+ dst=str(dst_addr),
+ table_id=0,
+ encap_decap_flags=int(
+ TunnelEncpaDecapFlags.TUNNEL_API_ENCAP_DECAP_FLAG_NONE
+ ),
+ dscp=int(IpDscp.IP_API_DSCP_CS0),
protocol=int(IPsecProto.IPSEC_API_PROTO_ESP),
udp_src_port=4500, # default value in api
udp_dst_port=4500 # default value in api
protocol=int(IPsecProto.IPSEC_API_PROTO_ESP),
udp_src_port=4500, # default value in api
udp_dst_port=4500 # default value in api
for i in range(n_entries):
args[u"entry"][u"sad_id"] = int(sad_id) + i
args[u"entry"][u"spi"] = int(spi) + i
for i in range(n_entries):
args[u"entry"][u"sad_id"] = int(sad_id) + i
args[u"entry"][u"spi"] = int(spi) + i
history = bool(not 1 < i < n_entries - 2)
papi_exec.add(cmd, history=history, **args)
papi_exec.get_replies(err_msg)
history = bool(not 1 < i < n_entries - 2)
papi_exec.add(cmd, history=history, **args)
papi_exec.get_replies(err_msg)
# create a NetworkIncrement representation of the network,
# then skip the matching network
no_match_local_addr_range = NetworkIncrement(
# create a NetworkIncrement representation of the network,
# then skip the matching network
no_match_local_addr_range = NetworkIncrement(
# reset the networks so that we're using a unified config
# the address ranges are switched
no_match_remote_addr_range = NetworkIncrement(
# reset the networks so that we're using a unified config
# the address ranges are switched
no_match_remote_addr_range = NetworkIncrement(
tmp_filename = f"/tmp/ipsec_spd_{spd_id}_add_del_entry.script"
with open(tmp_filename, 'w') as tmp_file:
tmp_filename = f"/tmp/ipsec_spd_{spd_id}_add_del_entry.script"
with open(tmp_filename, 'w') as tmp_file:
direction = u'inbound' if inbound else u'outbound'
sa = f' sa {sa_id.inc_fmt()}' if sa_id is not None else ''
protocol = f' protocol {protocol}' if proto else ''
direction = u'inbound' if inbound else u'outbound'
sa = f' sa {sa_id.inc_fmt()}' if sa_id is not None else ''
protocol = f' protocol {protocol}' if proto else ''
IPsecUtil.vpp_ipsec_add_spd_entry(
node, spd_id, next(priority), action, inbound,
next(sa_id) if sa_id is not None else sa_id,
IPsecUtil.vpp_ipsec_add_spd_entry(
node, spd_id, next(priority), action, inbound,
next(sa_id) if sa_id is not None else sa_id,
# Configure IPSec SAD entries
ckeys = [bytes()] * existing_tunnels
ikeys = [bytes()] * existing_tunnels
# Configure IPSec SAD entries
ckeys = [bytes()] * existing_tunnels
ikeys = [bytes()] * existing_tunnels
crypto_algorithm=crypto_alg.alg_int_repr,
crypto_key=c_key,
integrity_algorithm=integ_alg.alg_int_repr if integ_alg else 0,
integrity_key=i_key,
crypto_algorithm=crypto_alg.alg_int_repr,
crypto_key=c_key,
integrity_algorithm=integ_alg.alg_int_repr if integ_alg else 0,
integrity_key=i_key,
nodes[u"DUT1"], n_tunnels, spd_id, priority=ObjIncrement(p_lo, 0),
action=PolicyAction.PROTECT, inbound=False,
sa_id=ObjIncrement(sa_id_1, 1),
nodes[u"DUT1"], n_tunnels, spd_id, priority=ObjIncrement(p_lo, 0),
action=PolicyAction.PROTECT, inbound=False,
sa_id=ObjIncrement(sa_id_1, 1),
nodes[u"DUT1"], n_tunnels, spd_id, priority=ObjIncrement(p_lo, 0),
action=PolicyAction.PROTECT, inbound=True,
sa_id=ObjIncrement(sa_id_2, 1),
nodes[u"DUT1"], n_tunnels, spd_id, priority=ObjIncrement(p_lo, 0),
action=PolicyAction.PROTECT, inbound=True,
sa_id=ObjIncrement(sa_id_2, 1),
crypto_key, integ_alg, integ_key, tunnel_ip1, tunnel_ip2
)
IPsecUtil.vpp_ipsec_add_spd_entries(
crypto_key, integ_alg, integ_key, tunnel_ip1, tunnel_ip2
)
IPsecUtil.vpp_ipsec_add_spd_entries(
- nodes[u"DUT2"], n_tunnels, spd_id, priority=ObjIncrement(p_lo, 0),
+ nodes[u"DUT2"], n_tunnels, spd_id,
+ priority=ObjIncrement(p_lo, 0),
action=PolicyAction.PROTECT, inbound=True,
sa_id=ObjIncrement(sa_id_1, 1),
action=PolicyAction.PROTECT, inbound=True,
sa_id=ObjIncrement(sa_id_1, 1),
crypto_key, integ_alg, integ_key, tunnel_ip2, tunnel_ip1
)
IPsecUtil.vpp_ipsec_add_spd_entries(
crypto_key, integ_alg, integ_key, tunnel_ip2, tunnel_ip1
)
IPsecUtil.vpp_ipsec_add_spd_entries(
- nodes[u"DUT2"], n_tunnels, spd_id, priority=ObjIncrement(p_lo, 0),
+ nodes[u"DUT2"], n_tunnels, spd_id,
+ priority=ObjIncrement(p_lo, 0),
action=PolicyAction.PROTECT, inbound=False,
sa_id=ObjIncrement(sa_id_2, 1),
action=PolicyAction.PROTECT, inbound=False,
sa_id=ObjIncrement(sa_id_2, 1),