aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Mikus <pmikus@cisco.com>2019-06-14 15:41:42 +0000
committerPeter Mikus <pmikus@cisco.com>2019-06-14 15:58:37 +0000
commit7d9ab80c74d11e935ee6a7906a562d6b02bf4b51 (patch)
tree68c4135ad2766fd78830b34f96320a2febb8c8f0
parentacac11dbf7c5011945b9d5fded1a02aa63b5f964 (diff)
FIX: IPsec TNL mode
Change-Id: Ide82ae5fa03d3fec8f4db9db7634be0a1e339cd1 Signed-off-by: Peter Mikus <pmikus@cisco.com>
-rw-r--r--resources/libraries/python/IPsecUtil.py38
1 files changed, 6 insertions, 32 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index c4fdefb180..3346da2526 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -118,15 +118,6 @@ class IPsecUtil(object):
return CryptoAlg.AES_CBC_128
@staticmethod
- def crypto_alg_aes_cbc_192():
- """Return encryption algorithm aes-cbc-192.
-
- :returns: CryptoAlg enum AES_CBC_192 objec.
- :rtype: CryptoAlg
- """
- return CryptoAlg.AES_CBC_192
-
- @staticmethod
def crypto_alg_aes_cbc_256():
"""Return encryption algorithm aes-cbc-256.
@@ -176,15 +167,6 @@ class IPsecUtil(object):
return crypto_alg.scapy_name
@staticmethod
- def integ_alg_sha1_96():
- """Return integrity algorithm SHA1-96.
-
- :returns: IntegAlg enum SHA1_96 object.
- :rtype: IntegAlg
- """
- return IntegAlg.SHA1_96
-
- @staticmethod
def integ_alg_sha_256_128():
"""Return integrity algorithm SHA-256-128.
@@ -194,15 +176,6 @@ class IPsecUtil(object):
return IntegAlg.SHA_256_128
@staticmethod
- def integ_alg_sha_384_192():
- """Return integrity algorithm SHA-384-192.
-
- :returns: IntegAlg enum SHA_384_192 object.
- :rtype: IntegAlg
- """
- return IntegAlg.SHA_384_192
-
- @staticmethod
def integ_alg_sha_512_256():
"""Return integrity algorithm SHA-512-256.
@@ -630,7 +603,8 @@ class IPsecUtil(object):
tunnel = (
'exec ipsec policy add spd {spd_id} priority {priority} '
'{direction} action protect sa {sa_id} '
- 'remote-ip-range {raddr_s} - {raddr_e}\n'.
+ 'remote-ip-range {raddr_s} - {raddr_e} '
+ 'local-ip-range 0.0.0.0 - 255.255.255.255\n'.
format(
spd_id=spd_id,
priority=priority,
@@ -837,10 +811,10 @@ class IPsecUtil(object):
nodes['DUT1'], spd_id, interface1)
IPsecUtil.vpp_ipsec_policy_add(
nodes['DUT1'], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
- proto=50)
+ proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
IPsecUtil.vpp_ipsec_policy_add(
nodes['DUT1'], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
- proto=50)
+ proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
IPsecUtil.vpp_ipsec_add_spd(
nodes['DUT2'], spd_id)
@@ -848,10 +822,10 @@ class IPsecUtil(object):
nodes['DUT2'], spd_id, interface2)
IPsecUtil.vpp_ipsec_policy_add(
nodes['DUT2'], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
- proto=50)
+ proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
IPsecUtil.vpp_ipsec_policy_add(
nodes['DUT2'], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
- proto=50)
+ proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
IPsecUtil.vpp_ipsec_add_sad_entries(
nodes['DUT1'], n_tunnels, sa_id_1, spi_1, crypto_alg, crypto_key,