- n_tunnels = int(n_tunnels)
- spi_1 = 100000
- spi_2 = 200000
- if1_ip = ip_address(unicode(if1_ip_addr))
- if2_ip = ip_address(unicode(if2_ip_addr))
- raddr_ip1 = ip_address(unicode(raddr_ip1))
- raddr_ip2 = ip_address(unicode(raddr_ip2))
- addr_incr = 1 << (128 - raddr_range) if if1_ip.version == 6 \
- else 1 << (32 - raddr_range)
-
- if n_tunnels > 10:
- tmp_fn1 = '/tmp/ipsec_create_tunnel_dut1.config'
- tmp_fn2 = '/tmp/ipsec_create_tunnel_dut2.config'
- vat = VatExecutor()
- with open(tmp_fn1, 'w') as tmp_f1, open(tmp_fn2, 'w') as tmp_f2:
- tmp_f1.write(
- 'exec create loopback interface\n'
- 'exec set interface state loop0 up\n'
- 'exec set interface ip address {uifc} {iaddr}/{mask}\n'
- .format(
- iaddr=if2_ip - 1,
- uifc=Topology.get_interface_name(
- nodes['DUT1'], if1_key),
- mask=96 if if2_ip.version == 6 else 24))
- tmp_f2.write(
- 'exec set interface ip address {uifc} {iaddr}/{mask}\n'
- .format(
- iaddr=if2_ip,
- uifc=Topology.get_interface_name(
- nodes['DUT2'], if2_key),
- mask=96 if if2_ip.version == 6 else 24))
- for i in xrange(n_tunnels):
- ckey = gen_key(IPsecUtil.get_crypto_alg_key_len(
- crypto_alg)).encode('hex')
- if integ_alg:
- ikey = gen_key(IPsecUtil.get_integ_alg_key_len(
- integ_alg)).encode('hex')
- integ = (
- 'integ_alg {integ_alg} '
- 'local_integ_key {local_integ_key} '
- 'remote_integ_key {remote_integ_key} '
- .format(
- integ_alg=integ_alg.alg_name,
- local_integ_key=ikey,
- remote_integ_key=ikey))
- else:
- integ = ''
- tmp_f1.write(
- 'exec set interface ip address loop0 {laddr}/32\n'
- 'ipsec_tunnel_if_add_del '
- 'local_spi {local_spi} '
- 'remote_spi {remote_spi} '
- 'crypto_alg {crypto_alg} '
- 'local_crypto_key {local_crypto_key} '
- 'remote_crypto_key {remote_crypto_key} '
- '{integ} '
- 'local_ip {laddr} '
- 'remote_ip {raddr}\n'
- .format(
- local_spi=spi_1 + i,
- remote_spi=spi_2 + i,
- crypto_alg=crypto_alg.alg_name,
- local_crypto_key=ckey,
- remote_crypto_key=ckey,
- integ=integ,
- laddr=if1_ip + i * addr_incr,
- raddr=if2_ip))
- tmp_f2.write(
- 'ipsec_tunnel_if_add_del '
- 'local_spi {local_spi} '
- 'remote_spi {remote_spi} '
- 'crypto_alg {crypto_alg} '
- 'local_crypto_key {local_crypto_key} '
- 'remote_crypto_key {remote_crypto_key} '
- '{integ} '
- 'local_ip {laddr} '
- 'remote_ip {raddr}\n'
- .format(
- local_spi=spi_2 + i,
- remote_spi=spi_1 + i,
- crypto_alg=crypto_alg.alg_name,
- local_crypto_key=ckey,
- remote_crypto_key=ckey,
- integ=integ,
- laddr=if2_ip,
- raddr=if1_ip + i * addr_incr))
- vat.execute_script(
- tmp_fn1, nodes['DUT1'], timeout=1800, json_out=False,
- copy_on_execute=True,
- history=False if n_tunnels > 100 else True)
- vat.execute_script(
- tmp_fn2, nodes['DUT2'], timeout=1800, json_out=False,
- copy_on_execute=True,
- history=False if n_tunnels > 100 else True)
- os.remove(tmp_fn1)
- os.remove(tmp_fn2)
-
- with open(tmp_fn1, 'w') as tmp_f1, open(tmp_fn2, 'w') as tmp_f2:
- tmp_f2.write(
- 'exec ip route add {raddr} via {uifc} {iaddr}\n'
- .format(
- raddr=ip_network(unicode(if1_ip_addr+'/8'), False),
- iaddr=if2_ip - 1,
- uifc=Topology.get_interface_name(
- nodes['DUT2'], if2_key)))
- for i in xrange(n_tunnels):
- tmp_f1.write(
- 'exec set interface unnumbered ipsec{i} use {uifc}\n'
- 'exec set interface state ipsec{i} up\n'
- 'exec ip route add {taddr}/{mask} via ipsec{i}\n'
- .format(
- taddr=raddr_ip2 + i,
- i=i,
- uifc=Topology.get_interface_name(nodes['DUT1'],
- if1_key),
- mask=128 if if2_ip.version == 6 else 32))
- tmp_f2.write(
- 'exec set interface unnumbered ipsec{i} use {uifc}\n'
- 'exec set interface state ipsec{i} up\n'
- 'exec ip route add {taddr}/{mask} via ipsec{i}\n'
- .format(
- taddr=raddr_ip1 + i,
- i=i,
- uifc=Topology.get_interface_name(nodes['DUT2'],
- if2_key),
- mask=128 if if2_ip.version == 6 else 32))
- vat.execute_script(
- tmp_fn1, nodes['DUT1'], timeout=1800, json_out=False,
- copy_on_execute=True,
- history=False if n_tunnels > 100 else True)
- vat.execute_script(
- tmp_fn2, nodes['DUT2'], timeout=1800, json_out=False,
- copy_on_execute=True,
- history=False if n_tunnels > 100 else True)
- os.remove(tmp_fn1)
- os.remove(tmp_fn2)
- return
-
- with PapiSocketExecutor(nodes['DUT1']) as papi_exec: