commit abc5660c61698fa29252dc202358002a97f2608c
author Neale Ranns <nranns@cisco.com> Wed Apr 01 09:45:23 2020 +0000
committer Paul Vinciguerra <pvinci@vinciconsulting.com> Tue May 05 18:36:33 2020 +0000
tree 969edc7dc2145e40e3fb96c470df917f2053abfe
parent 6fdd7a5f77301a3398c4445bfef202b123ce90d8

ipsec: User can choose the UDP source port

Type: feature

thus allowing NAT traversal,

Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>

test/test_ipsec_api.py

diff --git a/test/test_ipsec_api.py b/test/test_ipsec_api.py
index 00885ae..b5b4ada 100644
--- a/test/test_ipsec_api.py
+++ b/test/test_ipsec_api.py
@@ -70,23 +70,48 @@
         crypt_algo_vpp_id = params.crypt_algo_vpp_id
         crypt_key = params.crypt_key
 
-        self.vapi.ipsec_sad_entry_add_del(scapy_tun_sa_id, scapy_tun_spi,
-                                          auth_algo_vpp_id, auth_key,
-                                          crypt_algo_vpp_id, crypt_key,
-                                          self.vpp_ah_protocol,
-                                          self.pg0.local_addr[addr_type],
-                                          self.pg0.remote_addr[addr_type])
+        self.vapi.ipsec_sad_entry_add_del(
+            is_add=1,
+            entry={
+                'sad_id': scapy_tun_sa_id,
+                'spi': scapy_tun_spi,
+                'integrity_algorithm': auth_algo_vpp_id,
+                'integrity_key': {
+                    'data': auth_key,
+                    'length': len(auth_key),
+                },
+                'crypto_algorithm': crypt_algo_vpp_id,
+                'crypto_key': {
+                    'data': crypt_key,
+                    'length': len(crypt_key),
+                },
+                'protocol': self.vpp_ah_protocol,
+                'tunnel_src': self.pg0.local_addr[addr_type],
+                'tunnel_dst': self.pg0.remote_addr[addr_type]
+            })
         with self.vapi.assert_negative_api_retval():
             self.vapi.ipsec_select_backend(
                 protocol=self.vpp_ah_protocol, index=0)
 
-        self.vapi.ipsec_sad_entry_add_del(scapy_tun_sa_id, scapy_tun_spi,
-                                          auth_algo_vpp_id, auth_key,
-                                          crypt_algo_vpp_id, crypt_key,
-                                          self.vpp_ah_protocol,
-                                          self.pg0.local_addr[addr_type],
-                                          self.pg0.remote_addr[addr_type],
-                                          is_add=0)
+        self.vapi.ipsec_sad_entry_add_del(
+            is_add=0,
+            entry={
+                'sad_id': scapy_tun_sa_id,
+                'spi': scapy_tun_spi,
+                'integrity_algorithm': auth_algo_vpp_id,
+                'integrity_key': {
+                    'data': auth_key,
+                    'length': len(auth_key),
+                },
+                'crypto_algorithm': crypt_algo_vpp_id,
+                'crypto_key': {
+                    'data': crypt_key,
+                    'length': len(crypt_key),
+                },
+                'protocol': self.vpp_ah_protocol,
+                'tunnel_src': self.pg0.local_addr[addr_type],
+                'tunnel_dst': self.pg0.remote_addr[addr_type]
+            })
         self.vapi.ipsec_select_backend(
             protocol=self.vpp_ah_protocol, index=0)