aboutsummaryrefslogtreecommitdiffstats
path: root/resources/libraries/python/IPsecUtil.py
diff options
context:
space:
mode:
Diffstat (limited to 'resources/libraries/python/IPsecUtil.py')
-rw-r--r--resources/libraries/python/IPsecUtil.py63
1 files changed, 39 insertions, 24 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 9c5337b8d4..363558dcaf 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -1887,10 +1887,6 @@ class IPsecUtil:
sa_id_2 = 200000
spi_1 = 300000
spi_2 = 400000
- dut1_local_outbound_range = ip_network(f"{tunnel_ip1}/8", False).\
- with_prefixlen
- dut1_remote_outbound_range = ip_network(f"{tunnel_ip2}/8", False).\
- with_prefixlen
crypto_key = gen_key(
IPsecUtil.get_crypto_alg_key_len(crypto_alg)
@@ -1908,16 +1904,27 @@ class IPsecUtil:
IPsecUtil.vpp_ipsec_add_spd(nodes[u"DUT1"], spd_id)
IPsecUtil.vpp_ipsec_spd_add_if(nodes[u"DUT1"], spd_id, interface1)
- IPsecUtil.vpp_ipsec_add_spd_entry(
- nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
- proto=50, laddr_range=dut1_local_outbound_range,
- raddr_range=dut1_remote_outbound_range
- )
- IPsecUtil.vpp_ipsec_add_spd_entry(
- nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
- proto=50, laddr_range=dut1_remote_outbound_range,
- raddr_range=dut1_local_outbound_range
- )
+
+ addr_incr = 1 << (128 - 96) if ip_address(tunnel_ip1).version == 6 \
+ else 1 << (32 - 24)
+ for i in range(n_tunnels//(addr_incr**2)+1):
+ dut1_local_outbound_range = \
+ ip_network(f"{ip_address(tunnel_ip1) + i*(addr_incr**3)}/8",
+ False).with_prefixlen
+ dut1_remote_outbound_range = \
+ ip_network(f"{ip_address(tunnel_ip2) + i*(addr_incr**3)}/8",
+ False).with_prefixlen
+
+ IPsecUtil.vpp_ipsec_add_spd_entry(
+ nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
+ proto=50, laddr_range=dut1_local_outbound_range,
+ raddr_range=dut1_remote_outbound_range
+ )
+ IPsecUtil.vpp_ipsec_add_spd_entry(
+ nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
+ proto=50, laddr_range=dut1_remote_outbound_range,
+ raddr_range=dut1_local_outbound_range
+ )
IPsecUtil.vpp_ipsec_add_sad_entries(
nodes[u"DUT1"], n_tunnels, sa_id_1, spi_1, crypto_alg, crypto_key,
@@ -1950,16 +1957,24 @@ class IPsecUtil:
IPsecUtil.vpp_ipsec_add_spd(nodes[u"DUT2"], spd_id)
IPsecUtil.vpp_ipsec_spd_add_if(nodes[u"DUT2"], spd_id, interface2)
- IPsecUtil.vpp_ipsec_add_spd_entry(
- nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
- inbound=False, proto=50, laddr_range=dut1_remote_outbound_range,
- raddr_range=dut1_local_outbound_range
- )
- IPsecUtil.vpp_ipsec_add_spd_entry(
- nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
- inbound=True, proto=50, laddr_range=dut1_local_outbound_range,
- raddr_range=dut1_remote_outbound_range
- )
+ for i in range(n_tunnels//(addr_incr**2)+1):
+ dut2_local_outbound_range = \
+ ip_network(f"{ip_address(tunnel_ip1) + i*(addr_incr**3)}/8",
+ False).with_prefixlen
+ dut2_remote_outbound_range = \
+ ip_network(f"{ip_address(tunnel_ip2) + i*(addr_incr**3)}/8",
+ False).with_prefixlen
+
+ IPsecUtil.vpp_ipsec_add_spd_entry(
+ nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
+ inbound=False, proto=50, laddr_range=dut2_remote_outbound_range,
+ raddr_range=dut2_local_outbound_range
+ )
+ IPsecUtil.vpp_ipsec_add_spd_entry(
+ nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
+ inbound=True, proto=50, laddr_range=dut2_local_outbound_range,
+ raddr_range=dut2_remote_outbound_range
+ )
IPsecUtil.vpp_ipsec_add_sad_entries(
nodes[u"DUT2"], n_tunnels, sa_id_1, spi_1, crypto_alg,