+ VppIpRoute(self,
+ self.p_sync.remote_tun_if_host,
+ self.p_sync.addr_len,
+ [VppRoutePath(
+ self.tun_if.remote_addr[self.p_sync.addr_type],
+ 0xffffffff)]).add_vpp_config()
+ config_tun_params(self.p_sync, self.encryption_type, self.tun_if)
+
+ self.p_async = IPsecIPv4Params()
+
+ self.p_async.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_GCM_256)
+ self.p_async.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_NONE)
+ self.p_async.crypt_algo = 'AES-GCM' # scapy name
+ self.p_async.crypt_key = b'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h'
+ self.p_async.auth_algo = 'NULL'
+
+ self.p_async.scapy_tun_sa_id += 0xe0000
+ self.p_async.scapy_tun_spi += 0xe0000
+ self.p_async.vpp_tun_sa_id += 0xe0000
+ self.p_async.vpp_tun_spi += 0xe0000
+ self.p_async.remote_tun_if_host = "2.2.2.3"
+
+ iflags = VppEnum.vl_api_ipsec_sad_flags_t
+ self.p_async.flags = (iflags.IPSEC_API_SAD_FLAG_USE_ESN |
+ iflags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY |
+ iflags.IPSEC_API_SAD_FLAG_ASYNC)
+
+ self.p_async.sa = VppIpsecSA(
+ self,
+ self.p_async.vpp_tun_sa_id,
+ self.p_async.vpp_tun_spi,
+ self.p_async.auth_algo_vpp_id,
+ self.p_async.auth_key,
+ self.p_async.crypt_algo_vpp_id,
+ self.p_async.crypt_key,
+ self.vpp_esp_protocol,
+ self.tun_if.local_addr[self.p_async.addr_type],
+ self.tun_if.remote_addr[self.p_async.addr_type],
+ flags=self.p_async.flags).add_vpp_config()
+ self.p_async.spd = VppIpsecSpdEntry(
+ self,
+ self.tun_spd,
+ self.p_async.vpp_tun_sa_id,
+ self.pg1.remote_addr[self.p_async.addr_type],
+ self.pg1.remote_addr[self.p_async.addr_type],
+ self.p_async.remote_tun_if_host,
+ self.p_async.remote_tun_if_host,
+ 0,
+ priority=2,
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
+ is_outbound=1).add_vpp_config()
+ VppIpRoute(self,
+ self.p_async.remote_tun_if_host,
+ self.p_async.addr_len,
+ [VppRoutePath(
+ self.tun_if.remote_addr[self.p_async.addr_type],
+ 0xffffffff)]).add_vpp_config()
+ config_tun_params(self.p_async, self.encryption_type, self.tun_if)