aboutsummaryrefslogtreecommitdiffstats
path: root/resources/libraries/python/IPsecUtil.py
diff options
context:
space:
mode:
Diffstat (limited to 'resources/libraries/python/IPsecUtil.py')
-rw-r--r--resources/libraries/python/IPsecUtil.py117
1 files changed, 0 insertions, 117 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 8ecfbc3d98..19995e547d 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -1891,123 +1891,6 @@ class IPsecUtil:
scp_node(nodes[dut], script_filename, script_filename)
@staticmethod
- def vpp_ipsec_create_tunnel_interfaces_in_containers(
- nodes: dict,
- if1_ip_addr: str,
- if2_ip_addr: str,
- n_tunnels: int,
- crypto_alg: CryptoAlg,
- integ_alg: Optional[IntegAlg],
- raddr_ip1: str,
- raddr_ip2: str,
- raddr_range: int,
- n_instances: int,
- ) -> None:
- """Create multiple IPsec tunnel interfaces between two VPP nodes.
-
- :param nodes: VPP nodes to create tunnel interfaces.
- :param if1_ip_addr: VPP node 1 interface IP4 address.
- :param if2_ip_addr: VPP node 2 interface IP4 address.
- :param n_tunnels: Number of tunnell interfaces to create.
- :param crypto_alg: The encryption algorithm name.
- :param integ_alg: The integrity algorithm name.
- :param raddr_ip1: Policy selector remote IPv4 start address for the
- first tunnel in direction node1->node2.
- :param raddr_ip2: Policy selector remote IPv4 start address for the
- first tunnel in direction node2->node1.
- :param raddr_range: Mask specifying range of Policy selector Remote
- IPv4 addresses. Valid values are from 1 to 32.
- :param n_instances: Number of containers.
- :type nodes: dict
- :type if1_ip_addr: str
- :type if2_ip_addr: str
- :type n_tunnels: int
- :type crypto_alg: CryptoAlg
- :type integ_alg: Optional[IntegAlg]
- :type raddr_ip1: str
- :type raddr_ip2: str
- :type raddr_range: int
- :type n_instances: int
- """
- spi_1 = 100000
- spi_2 = 200000
- addr_incr = 1 << (32 - raddr_range)
-
- dut1_scripts = IPsecUtil._create_ipsec_script_files("DUT1", n_instances)
- dut2_scripts = IPsecUtil._create_ipsec_script_files("DUT2", n_instances)
-
- for cnf in range(0, n_instances):
- dut1_scripts[cnf].write(
- "create loopback interface\nset interface state loop0 up\n\n"
- )
- dut2_scripts[cnf].write(
- f"ip route add {if1_ip_addr}/8 via"
- f" {ip_address(if2_ip_addr) + cnf + 100} memif1/{cnf + 1}\n\n"
- )
-
- for tnl in range(0, n_tunnels):
- cnf = tnl % n_instances
- ckey = getattr(
- gen_key(IPsecUtil.get_crypto_alg_key_len(crypto_alg)), "hex"
- )
- integ = ""
- ikey = getattr(
- gen_key(IPsecUtil.get_integ_alg_key_len(integ_alg)), "hex"
- )
- if integ_alg:
- integ = (
- f"integ-alg {integ_alg.alg_name}"
- f" local-integ-key {ikey}"
- f" remote-integ-key {ikey}"
- )
- # Configure tunnel end point(s) on left side
- dut1_scripts[cnf].write(
- "set interface ip address loop0"
- f" {ip_address(if1_ip_addr) + tnl * addr_incr}/32\n"
- "create ipsec tunnel"
- f" local-ip {ip_address(if1_ip_addr) + tnl * addr_incr}"
- f" local-spi {spi_1 + tnl}"
- f" remote-ip {ip_address(if2_ip_addr) + cnf}"
- f" remote-spi {spi_2 + tnl}"
- f" crypto-alg {crypto_alg.alg_name}"
- f" local-crypto-key {ckey}"
- f" remote-crypto-key {ckey}"
- f" instance {tnl // n_instances}"
- f" salt 0x0 {integ}\n"
- f"set interface unnumbered ipip{tnl // n_instances} use loop0\n"
- f"set interface state ipip{tnl // n_instances} up\n"
- f"ip route add {ip_address(raddr_ip2)+tnl}/32"
- f" via ipip{tnl // n_instances}\n\n"
- )
- # Configure tunnel end point(s) on right side
- dut2_scripts[cnf].write(
- f"set ip neighbor memif1/{cnf + 1}"
- f" {ip_address(if1_ip_addr) + tnl * addr_incr}"
- f" 02:02:00:00:{17:02X}:{cnf:02X} static\n"
- f"create ipsec tunnel local-ip {ip_address(if2_ip_addr) + cnf}"
- f" local-spi {spi_2 + tnl}"
- f" remote-ip {ip_address(if1_ip_addr) + tnl * addr_incr}"
- f" remote-spi {spi_1 + tnl}"
- f" crypto-alg {crypto_alg.alg_name}"
- f" local-crypto-key {ckey}"
- f" remote-crypto-key {ckey}"
- f" instance {tnl // n_instances}"
- f" salt 0x0 {integ}\n"
- f"set interface unnumbered ipip{tnl // n_instances}"
- f" use memif1/{cnf + 1}\n"
- f"set interface state ipip{tnl // n_instances} up\n"
- f"ip route add {ip_address(raddr_ip1) + tnl}/32"
- f" via ipip{tnl // n_instances}\n\n"
- )
-
- IPsecUtil._close_and_copy_ipsec_script_files(
- "DUT1", nodes, n_instances, dut1_scripts
- )
- IPsecUtil._close_and_copy_ipsec_script_files(
- "DUT2", nodes, n_instances, dut2_scripts
- )
-
- @staticmethod
def vpp_ipsec_add_multiple_tunnels(
nodes: dict,
interface1: Union[str, int],