"""
Basic test for IPSEC using AH transport and Tunnel mode
- TRANSPORT MODE:
+ TRANSPORT MODE::
- --- encrypt ---
- |pg2| <-------> |VPP|
- --- decrypt ---
+ --- encrypt ---
+ |pg2| <-------> |VPP|
+ --- decrypt ---
- TUNNEL MODE:
+ TUNNEL MODE::
- --- encrypt --- plain ---
- |pg0| <------- |VPP| <------ |pg1|
- --- --- ---
+ --- encrypt --- plain ---
+ |pg0| <------- |VPP| <------ |pg1|
+ --- --- ---
+
+ --- decrypt --- plain ---
+ |pg0| -------> |VPP| ------> |pg1|
+ --- --- ---
- --- decrypt --- plain ---
- |pg0| -------> |VPP| ------> |pg1|
- --- --- ---
"""
encryption_type = AH
net_objs = []
tra4_encrypt_node_name = "ah4-encrypt"
- tra4_decrypt_node_name = "ah4-decrypt"
+ tra4_decrypt_node_name = ["ah4-decrypt", "ah4-decrypt"]
tra6_encrypt_node_name = "ah6-encrypt"
- tra6_decrypt_node_name = "ah6-decrypt"
+ tra6_decrypt_node_name = ["ah6-decrypt", "ah6-decrypt"]
tun4_encrypt_node_name = "ah4-encrypt"
- tun4_decrypt_node_name = "ah4-decrypt"
+ tun4_decrypt_node_name = ["ah4-decrypt", "ah4-decrypt"]
tun6_encrypt_node_name = "ah6-encrypt"
- tun6_decrypt_node_name = "ah6-decrypt"
+ tun6_decrypt_node_name = ["ah6-decrypt", "ah6-decrypt"]
@classmethod
def setUpClass(cls):
tun_flags = params.tun_flags
e = VppEnum.vl_api_ipsec_spd_action_t
objs = []
+ params.outer_hop_limit = 253
+ params.outer_flow_label = 0x12345
params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
"""
Basic test for IPSEC using AH transport and Tunnel mode
- TRANSPORT MODE:
+ TRANSPORT MODE::
+
+ --- encrypt ---
+ |pg2| <-------> |VPP|
+ --- decrypt ---
- --- encrypt ---
- |pg2| <-------> |VPP|
- --- decrypt ---
+ TUNNEL MODE::
- TUNNEL MODE:
+ --- encrypt --- plain ---
+ |pg0| <------- |VPP| <------ |pg1|
+ --- --- ---
- --- encrypt --- plain ---
- |pg0| <------- |VPP| <------ |pg1|
- --- --- ---
+ --- decrypt --- plain ---
+ |pg0| -------> |VPP| ------> |pg1|
+ --- --- ---
- --- decrypt --- plain ---
- |pg0| -------> |VPP| ------> |pg1|
- --- --- ---
"""
@classmethod
def setUpClass(cls):
Raw(b'X' * payload_size)
for i in range(count)]
- def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54):
+ def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
# set the DSCP + ECN - flags are set to copy both
return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
IPv6(src=src, dst=dst, tc=5) /
Raw(b'X' * payload_size)
for i in range(count)]
- def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54):
+ def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
# set the DSCP + ECN - flags are set to copy both
return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
IPv6(src=src, dst=dst, tc=0) /