-class TemplateIpsec4TunProtect(object):
- """ IPsec IPv4 Tunnel protect """
-
- encryption_type = ESP
- tun4_encrypt_node_name = "esp4-encrypt-tun"
- tun4_decrypt_node_name = "esp4-decrypt-tun"
- tun4_input_node = "ipsec4-tun-input"
-
- def config_sa_tra(self, p):
- config_tun_params(p, self.encryption_type, p.tun_if)
-
- p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol,
- flags=p.flags)
- p.tun_sa_out.add_vpp_config()
-
- p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol,
- flags=p.flags)
- p.tun_sa_in.add_vpp_config()
-
- def config_sa_tun(self, p):
- config_tun_params(p, self.encryption_type, p.tun_if)
-
- p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol,
- self.tun_if.local_addr[p.addr_type],
- self.tun_if.remote_addr[p.addr_type],
- flags=p.flags)
- p.tun_sa_out.add_vpp_config()
-
- p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
- p.auth_algo_vpp_id, p.auth_key,
- p.crypt_algo_vpp_id, p.crypt_key,
- self.vpp_esp_protocol,
- self.tun_if.remote_addr[p.addr_type],
- self.tun_if.local_addr[p.addr_type],
- flags=p.flags)
- p.tun_sa_in.add_vpp_config()
-
- def config_protect(self, p):
- p.tun_protect = VppIpsecTunProtect(self,
- p.tun_if,
- p.tun_sa_out,
- [p.tun_sa_in])
- p.tun_protect.add_vpp_config()
-
- def config_network(self, p):
- p.tun_if = VppIpIpTunInterface(self, self.pg0,
- self.pg0.local_ip4,
- self.pg0.remote_ip4)
- p.tun_if.add_vpp_config()
- p.tun_if.admin_up()
- p.tun_if.config_ip4()
- p.tun_if.config_ip6()
-
- p.route = VppIpRoute(self, p.remote_tun_if_host, 32,
- [VppRoutePath(p.tun_if.remote_ip4,
- 0xffffffff)])
- p.route.add_vpp_config()
- r = VppIpRoute(self, p.remote_tun_if_host6, 128,
- [VppRoutePath(p.tun_if.remote_ip6,
- 0xffffffff,
- proto=DpoProto.DPO_PROTO_IP6)])
- r.add_vpp_config()
-
- def unconfig_network(self, p):
- p.route.remove_vpp_config()
- p.tun_if.remove_vpp_config()
-
- def unconfig_protect(self, p):
- p.tun_protect.remove_vpp_config()
-
- def unconfig_sa(self, p):
- p.tun_sa_out.remove_vpp_config()
- p.tun_sa_in.remove_vpp_config()
-
-
-class TestIpsec4TunProtect(TemplateIpsec,
- TemplateIpsec4TunProtect,
- IpsecTun4):
- """ IPsec IPv4 Tunnel protect - transport mode"""