2020-09-08 06:08:05 +00:00
|
|
|
from ipaddress import IPv4Address, AddressValueError
|
2020-04-26 18:05:05 +00:00
|
|
|
from vpp_object import VppObject
|
|
|
|
from vpp_papi import VppEnum
|
|
|
|
|
|
|
|
|
|
|
|
class AuthMethod:
|
2022-04-26 19:02:15 +02:00
|
|
|
v = {"rsa-sig": 1, "shared-key": 2}
|
2020-04-26 18:05:05 +00:00
|
|
|
|
|
|
|
@staticmethod
|
2022-04-26 19:02:15 +02:00
|
|
|
def value(key):
|
|
|
|
return AuthMethod.v[key]
|
2020-04-26 18:05:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
class IDType:
|
2022-04-26 19:02:15 +02:00
|
|
|
v = {"ip4-addr": 1, "fqdn": 2, "ip6-addr": 5}
|
2020-04-26 18:05:05 +00:00
|
|
|
|
|
|
|
@staticmethod
|
2022-04-26 19:02:15 +02:00
|
|
|
def value(key):
|
|
|
|
return IDType.v[key]
|
2020-04-26 18:05:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
class Profile(VppObject):
|
2022-04-26 19:02:15 +02:00
|
|
|
"""IKEv2 profile"""
|
|
|
|
|
2020-04-26 18:05:05 +00:00
|
|
|
def __init__(self, test, profile_name):
|
|
|
|
self.test = test
|
|
|
|
self.vapi = test.vapi
|
|
|
|
self.profile_name = profile_name
|
2020-07-06 15:40:08 +00:00
|
|
|
self.udp_encap = False
|
2020-10-30 04:47:44 +00:00
|
|
|
self.natt = True
|
|
|
|
|
|
|
|
def disable_natt(self):
|
|
|
|
self.natt = False
|
2020-04-26 18:05:05 +00:00
|
|
|
|
|
|
|
def add_auth(self, method, data, is_hex=False):
|
|
|
|
if isinstance(method, int):
|
|
|
|
m = method
|
|
|
|
elif isinstance(method, str):
|
|
|
|
m = AuthMethod.value(method)
|
|
|
|
else:
|
2022-04-26 19:02:15 +02:00
|
|
|
raise Exception("unsupported type {}".format(method))
|
|
|
|
self.auth = {"auth_method": m, "data": data, "is_hex": is_hex}
|
2020-04-26 18:05:05 +00:00
|
|
|
|
|
|
|
def add_local_id(self, id_type, data):
|
|
|
|
if isinstance(id_type, str):
|
|
|
|
t = IDType.value(id_type)
|
2022-04-26 19:02:15 +02:00
|
|
|
self.local_id = {"id_type": t, "data": data, "is_local": True}
|
2020-04-26 18:05:05 +00:00
|
|
|
|
|
|
|
def add_remote_id(self, id_type, data):
|
|
|
|
if isinstance(id_type, str):
|
|
|
|
t = IDType.value(id_type)
|
2022-04-26 19:02:15 +02:00
|
|
|
self.remote_id = {"id_type": t, "data": data, "is_local": False}
|
2020-04-26 18:05:05 +00:00
|
|
|
|
2022-04-26 19:02:15 +02:00
|
|
|
def add_local_ts(
|
|
|
|
self, start_addr, end_addr, start_port=0, end_port=0xFFFF, proto=0, is_ip4=True
|
|
|
|
):
|
2020-09-08 06:08:05 +00:00
|
|
|
self.ts_is_ip4 = is_ip4
|
2022-04-26 19:02:15 +02:00
|
|
|
self.local_ts = {
|
|
|
|
"is_local": True,
|
|
|
|
"protocol_id": proto,
|
|
|
|
"start_port": start_port,
|
|
|
|
"end_port": end_port,
|
|
|
|
"start_addr": start_addr,
|
|
|
|
"end_addr": end_addr,
|
|
|
|
}
|
|
|
|
|
|
|
|
def add_remote_ts(
|
|
|
|
self, start_addr, end_addr, start_port=0, end_port=0xFFFF, proto=0
|
|
|
|
):
|
2020-09-08 06:08:05 +00:00
|
|
|
try:
|
|
|
|
IPv4Address(start_addr)
|
|
|
|
is_ip4 = True
|
|
|
|
except AddressValueError:
|
|
|
|
is_ip4 = False
|
|
|
|
self.ts_is_ip4 = is_ip4
|
2022-04-26 19:02:15 +02:00
|
|
|
self.remote_ts = {
|
|
|
|
"is_local": False,
|
|
|
|
"protocol_id": proto,
|
|
|
|
"start_port": start_port,
|
|
|
|
"end_port": end_port,
|
|
|
|
"start_addr": start_addr,
|
|
|
|
"end_addr": end_addr,
|
|
|
|
}
|
2020-04-26 18:05:05 +00:00
|
|
|
|
2021-02-22 16:15:51 +00:00
|
|
|
def add_responder_hostname(self, hn):
|
|
|
|
self.responder_hostname = hn
|
|
|
|
|
2020-07-06 15:40:08 +00:00
|
|
|
def add_responder(self, responder):
|
|
|
|
self.responder = responder
|
|
|
|
|
|
|
|
def add_ike_transforms(self, tr):
|
|
|
|
self.ike_transforms = tr
|
|
|
|
|
|
|
|
def add_esp_transforms(self, tr):
|
|
|
|
self.esp_transforms = tr
|
|
|
|
|
|
|
|
def set_udp_encap(self, udp_encap):
|
|
|
|
self.udp_encap = udp_encap
|
|
|
|
|
|
|
|
def set_lifetime_data(self, data):
|
|
|
|
self.lifetime_data = data
|
|
|
|
|
|
|
|
def set_ipsec_over_udp_port(self, port):
|
2022-04-26 19:02:15 +02:00
|
|
|
self.ipsec_udp_port = {"is_set": 1, "port": port}
|
2020-07-06 15:40:08 +00:00
|
|
|
|
|
|
|
def set_tunnel_interface(self, sw_if_index):
|
|
|
|
self.tun_itf = sw_if_index
|
|
|
|
|
2020-04-26 18:05:05 +00:00
|
|
|
def object_id(self):
|
2022-04-26 19:02:15 +02:00
|
|
|
return "ikev2-profile-%s" % self.profile_name
|
2020-04-26 18:05:05 +00:00
|
|
|
|
|
|
|
def remove_vpp_config(self):
|
|
|
|
self.vapi.ikev2_profile_add_del(name=self.profile_name, is_add=False)
|
|
|
|
|
|
|
|
def add_vpp_config(self):
|
|
|
|
self.vapi.ikev2_profile_add_del(name=self.profile_name, is_add=True)
|
2022-04-26 19:02:15 +02:00
|
|
|
if hasattr(self, "auth"):
|
|
|
|
self.vapi.ikev2_profile_set_auth(
|
|
|
|
name=self.profile_name, data_len=len(self.auth["data"]), **self.auth
|
|
|
|
)
|
|
|
|
if hasattr(self, "local_id"):
|
|
|
|
self.vapi.ikev2_profile_set_id(
|
|
|
|
name=self.profile_name,
|
|
|
|
data_len=len(self.local_id["data"]),
|
|
|
|
**self.local_id,
|
|
|
|
)
|
|
|
|
if hasattr(self, "remote_id"):
|
|
|
|
self.vapi.ikev2_profile_set_id(
|
|
|
|
name=self.profile_name,
|
|
|
|
data_len=len(self.remote_id["data"]),
|
|
|
|
**self.remote_id,
|
|
|
|
)
|
|
|
|
if hasattr(self, "local_ts"):
|
|
|
|
self.vapi.ikev2_profile_set_ts(name=self.profile_name, ts=self.local_ts)
|
|
|
|
|
|
|
|
if hasattr(self, "remote_ts"):
|
|
|
|
self.vapi.ikev2_profile_set_ts(name=self.profile_name, ts=self.remote_ts)
|
|
|
|
|
|
|
|
if hasattr(self, "responder"):
|
|
|
|
self.vapi.ikev2_set_responder(
|
|
|
|
name=self.profile_name, responder=self.responder
|
|
|
|
)
|
|
|
|
|
|
|
|
if hasattr(self, "responder_hostname"):
|
2021-02-22 16:15:51 +00:00
|
|
|
print(self.responder_hostname)
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.ikev2_set_responder_hostname(
|
|
|
|
name=self.profile_name, **self.responder_hostname
|
|
|
|
)
|
2021-02-22 16:15:51 +00:00
|
|
|
|
2022-04-26 19:02:15 +02:00
|
|
|
if hasattr(self, "ike_transforms"):
|
|
|
|
self.vapi.ikev2_set_ike_transforms(
|
|
|
|
name=self.profile_name, tr=self.ike_transforms
|
|
|
|
)
|
2020-07-06 15:40:08 +00:00
|
|
|
|
2022-04-26 19:02:15 +02:00
|
|
|
if hasattr(self, "esp_transforms"):
|
|
|
|
self.vapi.ikev2_set_esp_transforms(
|
|
|
|
name=self.profile_name, tr=self.esp_transforms
|
|
|
|
)
|
2020-07-06 15:40:08 +00:00
|
|
|
|
|
|
|
if self.udp_encap:
|
|
|
|
self.vapi.ikev2_profile_set_udp_encap(name=self.profile_name)
|
|
|
|
|
2022-04-26 19:02:15 +02:00
|
|
|
if hasattr(self, "lifetime_data"):
|
|
|
|
self.vapi.ikev2_set_sa_lifetime(
|
|
|
|
name=self.profile_name, **self.lifetime_data
|
|
|
|
)
|
|
|
|
|
|
|
|
if hasattr(self, "ipsec_udp_port"):
|
|
|
|
self.vapi.ikev2_profile_set_ipsec_udp_port(
|
|
|
|
name=self.profile_name, **self.ipsec_udp_port
|
|
|
|
)
|
|
|
|
if hasattr(self, "tun_itf"):
|
|
|
|
self.vapi.ikev2_set_tunnel_interface(
|
|
|
|
name=self.profile_name, sw_if_index=self.tun_itf
|
|
|
|
)
|
2020-04-26 18:05:05 +00:00
|
|
|
|
2020-10-30 04:47:44 +00:00
|
|
|
if not self.natt:
|
|
|
|
self.vapi.ikev2_profile_disable_natt(name=self.profile_name)
|
|
|
|
|
2020-04-26 18:05:05 +00:00
|
|
|
def query_vpp_config(self):
|
2020-07-06 15:40:08 +00:00
|
|
|
res = self.vapi.ikev2_profile_dump()
|
|
|
|
for r in res:
|
|
|
|
if r.profile.name == self.profile_name:
|
|
|
|
return r.profile
|
|
|
|
return None
|