X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;ds=sidebyside;f=test%2Ftest_ipsec_tun_if_esp.py;h=06b63cae7598e74211cb9088991c2f61fcf85398;hb=d3e0d104ad6ebc687609c10a6c936954d2a7abdd;hp=d10ad216bd6ccb831ddb3d97a9b6c19adecbbbe2;hpb=93688d7341ada44755dc0432de3e3dbaaa8aa111;p=vpp.git diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py index d10ad216bd6..06b63cae759 100644 --- a/test/test_ipsec_tun_if_esp.py +++ b/test/test_ipsec_tun_if_esp.py @@ -70,7 +70,7 @@ def config_tun_params(p, encryption_type, tun_if, src=None, dst=None): p.scapy_tun_sa = SecurityAssociation( encryption_type, - spi=p.vpp_tun_spi, + spi=p.scapy_tun_spi, crypt_algo=p.crypt_algo, crypt_key=crypt_key, auth_algo=p.auth_algo, @@ -81,7 +81,7 @@ def config_tun_params(p, encryption_type, tun_if, src=None, dst=None): ) p.vpp_tun_sa = SecurityAssociation( encryption_type, - spi=p.scapy_tun_spi, + spi=p.vpp_tun_spi, crypt_algo=p.crypt_algo, crypt_key=crypt_key, auth_algo=p.auth_algo, @@ -114,7 +114,7 @@ def config_tra_params(p, encryption_type, tun_if): p.scapy_tun_sa = SecurityAssociation( encryption_type, - spi=p.vpp_tun_spi, + spi=p.scapy_tun_spi, crypt_algo=p.crypt_algo, crypt_key=crypt_key, auth_algo=p.auth_algo, @@ -124,7 +124,7 @@ def config_tra_params(p, encryption_type, tun_if): ) p.vpp_tun_sa = SecurityAssociation( encryption_type, - spi=p.scapy_tun_spi, + spi=p.vpp_tun_spi, crypt_algo=p.crypt_algo, crypt_key=crypt_key, auth_algo=p.auth_algo, @@ -147,8 +147,8 @@ class TemplateIpsec4TunProtect(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -160,8 +160,8 @@ class TemplateIpsec4TunProtect(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -176,8 +176,8 @@ class TemplateIpsec4TunProtect(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -191,8 +191,8 @@ class TemplateIpsec4TunProtect(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -300,7 +300,7 @@ class TemplateIpsec4TunIfEspUdp(TemplateIpsec4TunProtect, TemplateIpsec): # which strips them self.assertTrue(rx.haslayer(UDP)) self.assert_equal(rx[UDP].sport, p.nat_header.sport) - self.assert_equal(rx[UDP].dport, 4500) + self.assert_equal(rx[UDP].dport, p.nat_header.dport) pkt = sa.decrypt(rx[IP]) if not pkt.haslayer(IP): @@ -322,8 +322,8 @@ class TemplateIpsec4TunIfEspUdp(TemplateIpsec4TunProtect, TemplateIpsec): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -337,14 +337,15 @@ class TemplateIpsec4TunIfEspUdp(TemplateIpsec4TunProtect, TemplateIpsec): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, p.crypt_key, self.vpp_esp_protocol, - flags=p.flags, + flags=p.flags + | VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_IS_INBOUND, udp_src=p.nat_header.sport, udp_dst=p.nat_header.dport, ) @@ -429,6 +430,24 @@ class TestIpsec4TunIfEspUdpGCM(TemplateIpsec4TunIfEspUdp, IpsecTun4Tests): p.salt = 0 +class TestIpsec4TunIfEspUdpUpdate(TemplateIpsec4TunIfEspUdp, IpsecTun4Tests): + """Ipsec ESP UDP update tests""" + + tun4_input_node = "ipsec4-tun-input" + + def setUp(self): + super(TestIpsec4TunIfEspUdpUpdate, self).setUp() + p = self.ipv4_params + p.nat_header = UDP(sport=6565, dport=7676) + config_tun_params(p, self.encryption_type, p.tun_if) + p.tun_sa_in.update_vpp_config( + udp_src=p.nat_header.dport, udp_dst=p.nat_header.sport + ) + p.tun_sa_out.update_vpp_config( + udp_src=p.nat_header.sport, udp_dst=p.nat_header.dport + ) + + class TestIpsec4TunIfEsp2(TemplateIpsec4TunIfEsp, IpsecTcpTests): """Ipsec ESP - TCP tests""" @@ -443,8 +462,8 @@ class TemplateIpsec6TunProtect(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -455,8 +474,8 @@ class TemplateIpsec6TunProtect(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -470,8 +489,8 @@ class TemplateIpsec6TunProtect(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -484,8 +503,8 @@ class TemplateIpsec6TunProtect(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -561,6 +580,133 @@ class TemplateIpsec6TunIfEsp(TemplateIpsec6TunProtect, TemplateIpsec): super(TemplateIpsec6TunIfEsp, self).tearDown() +class TemplateIpsec6TunIfEspUdp(TemplateIpsec6TunProtect, TemplateIpsec): + """IPsec6 UDP tunnel interface tests""" + + tun4_encrypt_node_name = "esp6-encrypt-tun" + tun4_decrypt_node_name = ["esp6-decrypt-tun", "esp6-decrypt-tun-post"] + encryption_type = ESP + + @classmethod + def setUpClass(cls): + super(TemplateIpsec6TunIfEspUdp, cls).setUpClass() + + @classmethod + def tearDownClass(cls): + super(TemplateIpsec6TunIfEspUdp, cls).tearDownClass() + + def verify_encrypted(self, p, sa, rxs): + for rx in rxs: + try: + # ensure the UDP ports are correct before we decrypt + # which strips them + self.assertTrue(rx.haslayer(UDP)) + self.assert_equal(rx[UDP].sport, p.nat_header.sport) + self.assert_equal(rx[UDP].dport, p.nat_header.dport) + + pkt = sa.decrypt(rx[IP]) + if not pkt.haslayer(IP): + pkt = IP(pkt[Raw].load) + + self.assert_packet_checksums_valid(pkt) + self.assert_equal( + pkt[IP].dst, "1111:1111:1111:1111:1111:1111:1111:1111" + ) + self.assert_equal(pkt[IP].src, self.pg1.remote_ip6) + except (IndexError, AssertionError): + self.logger.debug(ppp("Unexpected packet:", rx)) + try: + self.logger.debug(ppp("Decrypted packet:", pkt)) + except: + pass + raise + + def config_sa_tra(self, p): + config_tun_params(p, self.encryption_type, p.tun_if) + + p.tun_sa_out = VppIpsecSA( + self, + p.vpp_tun_sa_id, + p.vpp_tun_spi, + p.auth_algo_vpp_id, + p.auth_key, + p.crypt_algo_vpp_id, + p.crypt_key, + self.vpp_esp_protocol, + flags=p.flags, + udp_src=p.nat_header.sport, + udp_dst=p.nat_header.dport, + ) + p.tun_sa_out.add_vpp_config() + + p.tun_sa_in = VppIpsecSA( + self, + p.scapy_tun_sa_id, + p.scapy_tun_spi, + p.auth_algo_vpp_id, + p.auth_key, + p.crypt_algo_vpp_id, + p.crypt_key, + self.vpp_esp_protocol, + flags=p.flags + | VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_IS_INBOUND, + udp_src=p.nat_header.sport, + udp_dst=p.nat_header.dport, + ) + p.tun_sa_in.add_vpp_config() + + def setUp(self): + super(TemplateIpsec6TunIfEspUdp, self).setUp() + + p = self.ipv6_params + p.flags = VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_UDP_ENCAP + p.nat_header = UDP(sport=5454, dport=4500) + + self.tun_if = self.pg0 + + self.config_network(p) + self.config_sa_tra(p) + self.config_protect(p) + + def tearDown(self): + super(TemplateIpsec6TunIfEspUdp, self).tearDown() + + +class TestIpsec6TunIfEspUdp(TemplateIpsec6TunIfEspUdp, IpsecTun6Tests): + """Ipsec ESP 6 UDP tests""" + + tun6_input_node = "ipsec6-tun-input" + tun6_encrypt_node_name = "esp6-encrypt-tun" + tun6_decrypt_node_name = ["esp6-decrypt-tun", "esp6-decrypt-tun-post"] + + def setUp(self): + super(TestIpsec6TunIfEspUdp, self).setUp() + + def test_keepalive(self): + """IPSEC6 NAT Keepalive""" + self.verify_keepalive(self.ipv6_params) + + +class TestIpsec6TunIfEspUdpGCM(TemplateIpsec6TunIfEspUdp, IpsecTun6Tests): + """Ipsec ESP 6 UDP GCM tests""" + + tun6_input_node = "ipsec6-tun-input" + tun6_encrypt_node_name = "esp6-encrypt-tun" + tun6_decrypt_node_name = ["esp6-decrypt-tun", "esp6-decrypt-tun-post"] + + def setUp(self): + super(TestIpsec6TunIfEspUdpGCM, self).setUp() + p = self.ipv6_params + p.auth_algo_vpp_id = VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_NONE + p.crypt_algo_vpp_id = ( + VppEnum.vl_api_ipsec_crypto_alg_t.IPSEC_API_CRYPTO_ALG_AES_GCM_256 + ) + p.crypt_algo = "AES-GCM" + p.auth_algo = "NULL" + p.crypt_key = b"JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h" + p.salt = 0 + + class TestIpsec6TunIfEsp1(TemplateIpsec6TunIfEsp, IpsecTun6Tests): """Ipsec ESP - TUN tests""" @@ -860,8 +1006,8 @@ class TestIpsec4TunIfEspAll(TemplateIpsec4TunProtect, TemplateIpsec, IpsecTun4): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -872,8 +1018,8 @@ class TestIpsec4TunIfEspAll(TemplateIpsec4TunProtect, TemplateIpsec, IpsecTun4): ) p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1166,8 +1312,8 @@ class TestIpsecGreTebIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1180,8 +1326,8 @@ class TestIpsecGreTebIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1301,8 +1447,8 @@ class TestIpsecGreTebVlanIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1315,8 +1461,8 @@ class TestIpsecGreTebVlanIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1425,8 +1571,8 @@ class TestIpsecGreTebIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1437,8 +1583,8 @@ class TestIpsecGreTebIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1549,8 +1695,8 @@ class TestIpsecGreTebUdpIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1564,8 +1710,8 @@ class TestIpsecGreTebUdpIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1673,8 +1819,8 @@ class TestIpsecGreIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1687,8 +1833,8 @@ class TestIpsecGreIfEsp(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1792,8 +1938,8 @@ class TestIpsecGreIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1804,8 +1950,8 @@ class TestIpsecGreIfEspTra(TemplateIpsec, IpsecTun4Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1844,6 +1990,8 @@ class TestIpsecGreIfEspTra(TemplateIpsec, IpsecTun4Tests): self.send_and_assert_no_replies(self.tun_if, tx) node_name = "/err/%s/unsup_payload" % self.tun4_decrypt_node_name[0] self.assertEqual(1, self.statistics.get_err_counter(node_name)) + err = p.tun_sa_in.get_err("unsup_payload") + self.assertEqual(err, 1) class TestIpsecGre6IfEspTra(TemplateIpsec, IpsecTun6Tests): @@ -1910,8 +2058,8 @@ class TestIpsecGre6IfEspTra(TemplateIpsec, IpsecTun6Tests): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -1922,8 +2070,8 @@ class TestIpsecGre6IfEspTra(TemplateIpsec, IpsecTun6Tests): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2049,8 +2197,8 @@ class TestIpsecMGreIfEspTra4(TemplateIpsec, IpsecTun4): p.vpp_tra_spi = p.vpp_tra_spi + ii p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2061,8 +2209,8 @@ class TestIpsecMGreIfEspTra4(TemplateIpsec, IpsecTun4): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2206,8 +2354,8 @@ class TestIpsecMGreIfEspTra6(TemplateIpsec, IpsecTun6): p.vpp_tra_spi = p.vpp_tra_spi + ii p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2218,8 +2366,8 @@ class TestIpsecMGreIfEspTra6(TemplateIpsec, IpsecTun6): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2807,8 +2955,8 @@ class TemplateIpsecItf4(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2822,8 +2970,8 @@ class TemplateIpsecItf4(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -2831,7 +2979,8 @@ class TemplateIpsecItf4(object): self.vpp_esp_protocol, dst, src, - flags=p.flags, + flags=p.flags + | VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_IS_INBOUND, ) p.tun_sa_in.add_vpp_config() @@ -2937,6 +3086,20 @@ class TestIpsecItf4(TemplateIpsec, TemplateIpsecItf4, IpsecTun4): self.tun4_encrypt_node_name = "esp4-encrypt-tun" + # update the SA tunnel + config_tun_params( + p, self.encryption_type, None, self.pg2.local_ip4, self.pg2.remote_ip4 + ) + p.tun_sa_in.update_vpp_config( + is_tun=True, tun_src=self.pg2.remote_ip4, tun_dst=self.pg2.local_ip4 + ) + p.tun_sa_out.update_vpp_config( + is_tun=True, tun_src=self.pg2.local_ip4, tun_dst=self.pg2.remote_ip4 + ) + self.verify_tun_44(p, count=n_pkts) + self.assertEqual(p.tun_if.get_rx_stats(), 5 * n_pkts) + self.assertEqual(p.tun_if.get_tx_stats(), 4 * n_pkts) + self.vapi.cli("clear interfaces") # rekey - create new SAs and update the tunnel protection @@ -3137,8 +3300,8 @@ class TemplateIpsecItf6(object): p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -3154,8 +3317,8 @@ class TemplateIpsecItf6(object): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -3449,8 +3612,8 @@ class TestIpsecMIfEsp4(TemplateIpsec, IpsecTun4): p.hop_limit = ii + 10 p.tun_sa_out = VppIpsecSA( self, - p.scapy_tun_sa_id, - p.scapy_tun_spi, + p.vpp_tun_sa_id, + p.vpp_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id, @@ -3465,8 +3628,8 @@ class TestIpsecMIfEsp4(TemplateIpsec, IpsecTun4): p.tun_sa_in = VppIpsecSA( self, - p.vpp_tun_sa_id, - p.vpp_tun_spi, + p.scapy_tun_sa_id, + p.scapy_tun_spi, p.auth_algo_vpp_id, p.auth_key, p.crypt_algo_vpp_id,