.runs_before = VNET_FEATURES ("adj-midchain-tx"),
};
+VNET_FEATURE_INIT (esp6o4_encrypt_tun_feat_node, static) =
+{
+ .arc_name = "ip6-output",
+ .node_name = "esp4-encrypt-tun",
+ .runs_before = VNET_FEATURES ("adj-midchain-tx"),
+};
+
VNET_FEATURE_INIT (esp4_ethernet_encrypt_tun_feat_node, static) =
{
.arc_name = "ethernet-output",
.node_name = "esp6-encrypt-tun",
.runs_before = VNET_FEATURES ("adj-midchain-tx"),
};
+
+VNET_FEATURE_INIT (esp4o6_encrypt_tun_feat_node, static) =
+{
+ .arc_name = "ip4-output",
+ .node_name = "esp6-encrypt-tun",
+ .runs_before = VNET_FEATURES ("adj-midchain-tx"),
+};
+
/* *INDENT-ON* */
typedef struct
ipsec_tun_protect_feature_set (ipsec_tun_protect_t * itp, u8 enable)
{
u32 sai = itp->itp_out_sa;
- int is_ip4, is_l2, rv;
+ int rv;
- is_ip4 = ip46_address_is_ip4 (&itp->itp_tun.src);
- is_l2 = itp->itp_flags & IPSEC_PROTECT_L2;
+ const char *enc_node = (ip46_address_is_ip4 (&itp->itp_tun.src) ?
+ "esp4-encrypt-tun" : "esp6-encrypt-tun");
- if (is_ip4)
+ if (itp->itp_flags & IPSEC_PROTECT_L2)
{
- if (is_l2)
- rv = vnet_feature_enable_disable ("ethernet-output",
- "esp4-encrypt-tun",
- itp->itp_sw_if_index, enable,
- &sai, sizeof (sai));
- else
- rv = vnet_feature_enable_disable ("ip4-output",
- "esp4-encrypt-tun",
- itp->itp_sw_if_index, enable,
- &sai, sizeof (sai));
+ rv = vnet_feature_enable_disable ("ethernet-output",
+ enc_node,
+ itp->itp_sw_if_index, enable,
+ &sai, sizeof (sai));
}
else
{
- if (is_l2)
- rv = vnet_feature_enable_disable ("ethernet-output",
- "esp6-encrypt-tun",
- itp->itp_sw_if_index, enable,
- &sai, sizeof (sai));
- else
- rv = vnet_feature_enable_disable ("ip6-output",
- "esp6-encrypt-tun",
- itp->itp_sw_if_index, enable,
- &sai, sizeof (sai));
+ rv = vnet_feature_enable_disable ("ip4-output",
+ enc_node,
+ itp->itp_sw_if_index, enable,
+ &sai, sizeof (sai));
+ rv = vnet_feature_enable_disable ("ip6-output",
+ enc_node,
+ itp->itp_sw_if_index, enable,
+ &sai, sizeof (sai));
}
-
ASSERT (!rv);
return (rv);
}
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
p.tun_if.config_ip4()
+ p.tun_if.config_ip6()
p.route = VppIpRoute(self, p.remote_tun_if_host, 32,
[VppRoutePath(p.tun_if.remote_ip4,
0xffffffff)])
p.route.add_vpp_config()
+ r = VppIpRoute(self, p.remote_tun_if_host6, 128,
+ [VppRoutePath(p.tun_if.remote_ip6,
+ 0xffffffff,
+ proto=DpoProto.DPO_PROTO_IP6)])
+ r.add_vpp_config()
def unconfig_network(self, p):
p.route.remove_vpp_config()
c = p.tun_if.get_tx_stats()
self.assertEqual(c['packets'], 127)
+ self.vapi.cli("clear ipsec sa")
+ self.verify_tun_64(p, count=127)
+ c = p.tun_if.get_rx_stats()
+ self.assertEqual(c['packets'], 254)
+ c = p.tun_if.get_tx_stats()
+ self.assertEqual(c['packets'], 254)
+
# rekey - create new SAs and update the tunnel protection
np = copy.copy(p)
np.crypt_key = 'X' + p.crypt_key[1:]
self.verify_tun_44(np, count=127)
c = p.tun_if.get_rx_stats()
- self.assertEqual(c['packets'], 254)
+ self.assertEqual(c['packets'], 381)
c = p.tun_if.get_tx_stats()
- self.assertEqual(c['packets'], 254)
+ self.assertEqual(c['packets'], 381)
# teardown
self.unconfig_protect(np)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
p.tun_if.config_ip6()
+ p.tun_if.config_ip4()
p.route = VppIpRoute(self, p.remote_tun_if_host, 128,
[VppRoutePath(p.tun_if.remote_ip6,
0xffffffff,
proto=DpoProto.DPO_PROTO_IP6)])
p.route.add_vpp_config()
+ r = VppIpRoute(self, p.remote_tun_if_host4, 32,
+ [VppRoutePath(p.tun_if.remote_ip4,
+ 0xffffffff)])
+ r.add_vpp_config()
def unconfig_network(self, p):
p.route.remove_vpp_config()
self.unconfig_sa(np3)
self.unconfig_network(p)
+ def test_tun_46(self):
+ """IPSEC tunnel protect"""
+
+ p = self.ipv6_params
+
+ self.config_network(p)
+ self.config_sa_tra(p)
+ self.config_protect(p)
+
+ self.verify_tun_46(p, count=127)
+ c = p.tun_if.get_rx_stats()
+ self.assertEqual(c['packets'], 127)
+ c = p.tun_if.get_tx_stats()
+ self.assertEqual(c['packets'], 127)
+
+ # teardown
+ self.unconfig_protect(p)
+ self.unconfig_sa(p)
+ self.unconfig_network(p)
+
class TestIpsec6TunProtectTun(TemplateIpsec,
TemplateIpsec6TunProtect,
Code Review / vpp.git / commitdiff