ip_class_by_addr_type = {socket.AF_INET: IP, socket.AF_INET6: IPv6}
esn_en = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
IPSEC_API_SAD_FLAG_USE_ESN))
+ p.tun_dst = tun_if.remote_addr[p.addr_type]
+ p.tun_src = tun_if.local_addr[p.addr_type]
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tun_sa = SecurityAssociation(
encryption_type, spi=p.vpp_tun_spi,
crypt_key=crypt_key,
auth_algo=p.auth_algo, auth_key=p.auth_key,
tunnel_header=ip_class_by_addr_type[p.addr_type](
- src=tun_if.remote_addr[p.addr_type],
- dst=tun_if.local_addr[p.addr_type]),
+ src=p.tun_dst,
+ dst=p.tun_src),
nat_t_header=p.nat_header,
esn_en=esn_en)
p.vpp_tun_sa = SecurityAssociation(
crypt_key=crypt_key,
auth_algo=p.auth_algo, auth_key=p.auth_key,
tunnel_header=ip_class_by_addr_type[p.addr_type](
- dst=tun_if.remote_addr[p.addr_type],
- src=tun_if.local_addr[p.addr_type]),
+ dst=p.tun_dst,
+ src=p.tun_src),
nat_t_header=p.nat_header,
esn_en=esn_en)
self.tun_if, n_rx)
self.verify_encrypted(p, p.vpp_tun_sa, recv_pkts)
+ for rx in recv_pkts:
+ self.assertEqual(rx[IP].src, p.tun_src)
+ self.assertEqual(rx[IP].dst, p.tun_dst)
+
finally:
self.logger.info(self.vapi.ppcli("show error"))
self.logger.info(self.vapi.ppcli("show ipsec all"))
recv_pkts = self.send_and_expect(self.pg1, send_pkts, self.tun_if)
self.verify_encrypted6(p_out, p_out.vpp_tun_sa, recv_pkts)
+ for rx in recv_pkts:
+ self.assertEqual(rx[IPv6].src, p_out.tun_src)
+ self.assertEqual(rx[IPv6].dst, p_out.tun_dst)
+
finally:
self.logger.info(self.vapi.ppcli("show error"))
self.logger.info(self.vapi.ppcli("show ipsec all"))
from framework import VppTestRunner
from template_ipsec import TemplateIpsec, IpsecTun4Tests, IpsecTun6Tests, \
IpsecTun4, IpsecTun6, IpsecTcpTests, mk_scapy_crypt_key, \
- IpsecTun6HandoffTests, IpsecTun4HandoffTests
+ IpsecTun6HandoffTests, IpsecTun4HandoffTests, config_tun_params
from vpp_ipsec_tun_interface import VppIpsecTunInterface
from vpp_gre_interface import VppGreInterface
from vpp_ipip_tun_interface import VppIpIpTunInterface
esn_en = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
IPSEC_API_SAD_FLAG_USE_ESN))
crypt_key = mk_scapy_crypt_key(p)
+ p.tun_dst = tun_if.remote_ip
+ p.tun_src = tun_if.local_ip
p.scapy_tun_sa = SecurityAssociation(
encryption_type, spi=p.vpp_tun_spi,
crypt_algo=p.crypt_algo,
crypt_key=crypt_key,
auth_algo=p.auth_algo, auth_key=p.auth_key,
tunnel_header=ip_class_by_addr_type[p.addr_type](
- src=tun_if.remote_ip,
- dst=tun_if.local_ip),
+ src=p.tun_dst,
+ dst=p.tun_src),
nat_t_header=p.nat_header,
esn_en=esn_en)
p.vpp_tun_sa = SecurityAssociation(
crypt_key=crypt_key,
auth_algo=p.auth_algo, auth_key=p.auth_key,
tunnel_header=ip_class_by_addr_type[p.addr_type](
- dst=tun_if.remote_ip,
- src=tun_if.local_ip),
+ dst=p.tun_dst,
+ src=p.tun_src),
nat_t_header=p.nat_header,
esn_en=esn_en)
esn_en = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
IPSEC_API_SAD_FLAG_USE_ESN))
crypt_key = mk_scapy_crypt_key(p)
+ p.tun_dst = tun_if.remote_ip
+ p.tun_src = tun_if.local_ip
p.scapy_tun_sa = SecurityAssociation(
encryption_type, spi=p.vpp_tun_spi,
crypt_algo=p.crypt_algo,
p.auth_algo_vpp_id, p.auth_key,
p.crypt_algo_vpp_id, p.crypt_key,
self.vpp_esp_protocol,
- self.tun_if.remote_addr[p.addr_type],
self.tun_if.local_addr[p.addr_type],
+ self.tun_if.remote_addr[p.addr_type],
flags=p.flags)
p.tun_sa_out.add_vpp_config()
p.auth_algo_vpp_id, p.auth_key,
p.crypt_algo_vpp_id, p.crypt_key,
self.vpp_esp_protocol,
- self.tun_if.remote_addr[p.addr_type],
- self.tun_if.local_addr[p.addr_type])
+ self.tun_if.local_addr[p.addr_type],
+ self.tun_if.remote_addr[p.addr_type])
p.tun_sa_out.add_vpp_config()
p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,