- p.vpp_tra_spi = p.vpp_tra_spi + ii
- p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol)
- p.tun_sa_out.add_vpp_config()
-
- p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol)
- p.tun_sa_in.add_vpp_config()
-
- # in this v6 variant add the teibs first then the protection
- p.tun_dst = self.pg0.remote_hosts[ii].ip6
- VppTeib(self, p.tun_if,
- p.tun_if.remote_hosts[ii].ip6,
- p.tun_dst).add_vpp_config()
-
- p.tun_protect = VppIpsecTunProtect(
- self,
- p.tun_if,
- p.tun_sa_out,
- [p.tun_sa_in],
- nh=p.tun_if.remote_hosts[ii].ip6)
- p.tun_protect.add_vpp_config()
- config_tra_params(p, self.encryption_type, p.tun_if)
- self.multi_params.append(p)
-
- VppIpRoute(self, p.remote_tun_if_host, 128,
- [VppRoutePath(p.tun_if.remote_hosts[ii].ip6,
- p.tun_if.sw_if_index)]).add_vpp_config()
- p.tun_dst = self.pg0.remote_hosts[ii].ip6
-
- self.logger.info(self.vapi.cli("sh log"))
- self.logger.info(self.vapi.cli("sh ipsec protect-hash"))
- self.logger.info(self.vapi.cli("sh adj 41"))
-
- def tearDown(self):
- p = self.ipv6_params
- p.tun_if.unconfig_ip6()
- super(TestIpsecMGreIfEspTra6, self).tearDown()
-
- def test_tun_66(self):
- """mGRE IPSec 66"""
- for p in self.multi_params:
- self.verify_tun_66(p, count=63)
-
-
-class TemplateIpsec4TunProtect(object):
- """ IPsec IPv4 Tunnel protect """
-
- encryption_type = ESP
- tun4_encrypt_node_name = "esp4-encrypt-tun"
- tun4_decrypt_node_name = "esp4-decrypt-tun"
- tun4_input_node = "ipsec4-tun-input"
-
- def config_sa_tra(self, p):
- config_tun_params(p, self.encryption_type, p.tun_if)
-
- p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol,
- flags=p.flags)
- p.tun_sa_out.add_vpp_config()
-
- p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol,
- flags=p.flags)
- p.tun_sa_in.add_vpp_config()
-
- def config_sa_tun(self, p):
- config_tun_params(p, self.encryption_type, p.tun_if)
-
- p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol,
- self.tun_if.local_addr[p.addr_type],
- self.tun_if.remote_addr[p.addr_type],
- flags=p.flags)
- p.tun_sa_out.add_vpp_config()
-
- p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol,
- self.tun_if.remote_addr[p.addr_type],
- self.tun_if.local_addr[p.addr_type],
- flags=p.flags)
- p.tun_sa_in.add_vpp_config()