+ def __init__(self):
+ self.remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
+ self.remote_tun_if_host4 = '1.1.1.1'
+
+ self.scapy_tun_sa_id = 50
+ self.scapy_tun_spi = 3001
+ self.vpp_tun_sa_id = 60
+ self.vpp_tun_spi = 3000
+
+ self.scapy_tra_sa_id = 70
+ self.scapy_tra_spi = 4001
+ self.vpp_tra_sa_id = 80
+ self.vpp_tra_spi = 4000
+
+ self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96)
+ self.auth_algo = 'HMAC-SHA1-96' # scapy name
+ self.auth_key = 'C91KUR9GYMm5GfkEvNjX'
+
+ self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_128)
+ self.crypt_algo = 'AES-CBC' # scapy name
+ self.crypt_key = 'JPjyOWBeVEQiMe7h'
+ self.flags = 0
+ self.nat_header = None
+
+
+def config_tun_params(p, encryption_type, tun_if):
+ ip_class_by_addr_type = {socket.AF_INET: IP, socket.AF_INET6: IPv6}
+ use_esn = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
+ IPSEC_API_SAD_FLAG_USE_ESN))
+ p.scapy_tun_sa = SecurityAssociation(
+ encryption_type, spi=p.vpp_tun_spi,
+ crypt_algo=p.crypt_algo, crypt_key=p.crypt_key,
+ auth_algo=p.auth_algo, auth_key=p.auth_key,
+ tunnel_header=ip_class_by_addr_type[p.addr_type](
+ src=tun_if.remote_addr[p.addr_type],
+ dst=tun_if.local_addr[p.addr_type]),
+ nat_t_header=p.nat_header,
+ use_esn=use_esn)
+ p.vpp_tun_sa = SecurityAssociation(
+ encryption_type, spi=p.scapy_tun_spi,
+ crypt_algo=p.crypt_algo, crypt_key=p.crypt_key,
+ auth_algo=p.auth_algo, auth_key=p.auth_key,
+ tunnel_header=ip_class_by_addr_type[p.addr_type](
+ dst=tun_if.remote_addr[p.addr_type],
+ src=tun_if.local_addr[p.addr_type]),
+ nat_t_header=p.nat_header,
+ use_esn=use_esn)
+
+
+def config_tra_params(p, encryption_type):
+ use_esn = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
+ IPSEC_API_SAD_FLAG_USE_ESN))
+ p.scapy_tra_sa = SecurityAssociation(
+ encryption_type,
+ spi=p.vpp_tra_spi,
+ crypt_algo=p.crypt_algo,
+ crypt_key=p.crypt_key,
+ auth_algo=p.auth_algo,
+ auth_key=p.auth_key,
+ nat_t_header=p.nat_header,
+ use_esn=use_esn)
+ p.vpp_tra_sa = SecurityAssociation(
+ encryption_type,
+ spi=p.scapy_tra_spi,
+ crypt_algo=p.crypt_algo,
+ crypt_key=p.crypt_key,
+ auth_algo=p.auth_algo,
+ auth_key=p.auth_key,
+ nat_t_header=p.nat_header,
+ use_esn=use_esn)