ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

IPSEC: API modernisation

Browse Source 
- use enums to enumerate the algoritms and protocols that are supported
- use address_t types to simplify encode/deocde
- use typedefs of entry objects to get consistency between add/del API and dump

Change-Id: I7e7c58c06a150e2439633ba9dca58bc1049677ee
Signed-off-by: Neale Ranns <nranns@cisco.com>
This commit is contained in:
Neale Ranns
2019-01-09 21:22:20 -08:00
committed by Damjan Marion
parent 6d0106e44e
commit 17dcec0b94
11 changed files with 749 additions and 644 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/vat/api_format.c
+144 -225
View File
File diff suppressed because it is too large Load Diff
src/vnet/ipsec/ipsec.api
+200 -162
View File
File diff suppressed because it is too large Load Diff
src/vnet/ipsec/ipsec.h
+4 -2
View File
@@ -68,9 +68,11 @@ typedef enum
#define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
foreach_ipsec_policy_action
#undef _
IPSEC_POLICY_N_ACTION,
} ipsec_policy_action_t;
#define IPSEC_POLICY_N_ACTION (IPSEC_POLICY_ACTION_PROTECT + 1)
#define foreach_ipsec_crypto_alg \
_ (0, NONE, "none") \
_ (1, AES_CBC_128, "aes-cbc-128") \
@@ -220,7 +222,7 @@ typedef struct
port_range_t rport;
// Policy
u8 policy;
ipsec_policy_action_t policy;
u32 sa_id;
u32 sa_index;
src/vnet/ipsec/ipsec_api.c
+206 -107
View File
File diff suppressed because it is too large Load Diff
test/template_ipsec.py
+45 -32
View File
@@ -8,60 +8,71 @@ from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest
from framework import VppTestCase, VppTestRunner
from util import ppp
from vpp_papi import VppEnum
class IPsecIPv4Params(object):
addr_type = socket.AF_INET
addr_any = "0.0.0.0"
addr_bcast = "255.255.255.255"
addr_len = 32
is_ipv6 = 0
remote_tun_if_host = '1.1.1.1'
scapy_tun_sa_id = 10
scapy_tun_spi = 1001
vpp_tun_sa_id = 20
vpp_tun_spi = 1000
def __init__(self):
self.remote_tun_if_host = '1.1.1.1'
scapy_tra_sa_id = 30
scapy_tra_spi = 2001
vpp_tra_sa_id = 40
vpp_tra_spi = 2000
self.scapy_tun_sa_id = 10
self.scapy_tun_spi = 1001
self.vpp_tun_sa_id = 20
self.vpp_tun_spi = 1000
auth_algo_vpp_id = 2 # internal VPP enum value for SHA1_96
auth_algo = 'HMAC-SHA1-96' # scapy name
auth_key = 'C91KUR9GYMm5GfkEvNjX'
self.scapy_tra_sa_id = 30
self.scapy_tra_spi = 2001
self.vpp_tra_sa_id = 40
self.vpp_tra_spi = 2000
crypt_algo_vpp_id = 1 # internal VPP enum value for AES_CBC_128
crypt_algo = 'AES-CBC' # scapy name
crypt_key = 'JPjyOWBeVEQiMe7h'
self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA1_96)
self.auth_algo = 'HMAC-SHA1-96' # scapy name
self.auth_key = 'C91KUR9GYMm5GfkEvNjX'
self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_128)
self.crypt_algo = 'AES-CBC' # scapy name
self.crypt_key = 'JPjyOWBeVEQiMe7h'
class IPsecIPv6Params(object):
addr_type = socket.AF_INET6
addr_any = "0::0"
addr_bcast = "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
addr_len = 128
is_ipv6 = 1
remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
scapy_tun_sa_id = 50
scapy_tun_spi = 3001
vpp_tun_sa_id = 60
vpp_tun_spi = 3000
def __init__(self):
self.remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
scapy_tra_sa_id = 70
scapy_tra_spi = 4001
vpp_tra_sa_id = 80
vpp_tra_spi = 4000
self.scapy_tun_sa_id = 50
self.scapy_tun_spi = 3001
self.vpp_tun_sa_id = 60
self.vpp_tun_spi = 3000
auth_algo_vpp_id = 4 # internal VPP enum value for SHA_256_128
auth_algo = 'SHA2-256-128' # scapy name
auth_key = 'C91KUR9GYMm5GfkEvNjX'
self.scapy_tra_sa_id = 70
self.scapy_tra_spi = 4001
self.vpp_tra_sa_id = 80
self.vpp_tra_spi = 4000
crypt_algo_vpp_id = 3 # internal VPP enum value for AES_CBC_256
crypt_algo = 'AES-CBC' # scapy name
crypt_key = 'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h'
self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA_256_128)
self.auth_algo = 'SHA2-256-128' # scapy name
self.auth_key = 'C91KUR9GYMm5GfkEvNjX'
self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_256)
self.crypt_algo = 'AES-CBC' # scapy name
self.crypt_key = 'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h'
class TemplateIpsec(VppTestCase):
@@ -101,8 +112,10 @@ class TemplateIpsec(VppTestCase):
self.tun_spd_id = 1
self.tra_spd_id = 2
self.vpp_esp_protocol = 1
self.vpp_ah_protocol = 0
self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t.
IPSEC_API_PROTO_ESP)
self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t.
IPSEC_API_PROTO_AH)
self.create_pg_interfaces(range(3))
self.interfaces = list(self.pg_interfaces)
test/test_ipsec_ah.py
+20 -8
View File
@@ -10,6 +10,7 @@ from vpp_ipsec import VppIpsecSA, VppIpsecSpd, VppIpsecSpdEntry,\
VppIpsecSpdItfBinding
from vpp_ip_route import VppIpRoute, VppRoutePath
from vpp_ip import DpoProto
from vpp_papi import VppEnum
class TemplateIpsecAh(TemplateIpsec):
@@ -83,6 +84,8 @@ class TemplateIpsecAh(TemplateIpsec):
remote_tun_if_host = params.remote_tun_if_host
addr_any = params.addr_any
addr_bcast = params.addr_bcast
e = VppEnum.vl_api_ipsec_spd_action_t
VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
@@ -111,28 +114,32 @@ class TemplateIpsecAh(TemplateIpsec):
remote_tun_if_host,
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
0, priority=10, policy=3,
0, priority=10,
policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
remote_tun_if_host,
remote_tun_if_host,
0, priority=10, policy=3).add_vpp_config()
0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
priority=10).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
remote_tun_if_host,
remote_tun_if_host,
self.pg0.local_addr[addr_type],
self.pg0.local_addr[addr_type],
0, priority=20, policy=3,
0, priority=20,
policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg0.local_addr[addr_type],
self.pg0.local_addr[addr_type],
remote_tun_if_host,
remote_tun_if_host,
0, priority=20, policy=3).add_vpp_config()
0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
priority=20).add_vpp_config()
def config_ah_tra(self, params):
addr_type = params.addr_type
@@ -146,17 +153,20 @@ class TemplateIpsecAh(TemplateIpsec):
crypt_key = params.crypt_key
addr_any = params.addr_any
addr_bcast = params.addr_bcast
flags = (VppEnum.vl_api_ipsec_sad_flags_t.
IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
e = VppEnum.vl_api_ipsec_spd_action_t
VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_ah_protocol,
use_anti_replay=1).add_vpp_config()
flags=flags).add_vpp_config()
VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_ah_protocol,
use_anti_replay=1).add_vpp_config()
flags=flags).add_vpp_config()
VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
addr_any, addr_bcast,
@@ -173,14 +183,16 @@ class TemplateIpsecAh(TemplateIpsec):
self.tra_if.local_addr[addr_type],
self.tra_if.remote_addr[addr_type],
self.tra_if.remote_addr[addr_type],
0, priority=10, policy=3,
0, priority=10,
policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id,
self.tra_if.local_addr[addr_type],
self.tra_if.local_addr[addr_type],
self.tra_if.remote_addr[addr_type],
self.tra_if.remote_addr[addr_type],
0, priority=10, policy=3).add_vpp_config()
0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
priority=10).add_vpp_config()
class TestIpsecAh1(TemplateIpsecAh, IpsecTraTests, IpsecTunTests):
test/test_ipsec_api.py
+12 -11
View File
@@ -1,7 +1,8 @@
import unittest
from framework import VppTestCase, VppTestRunner
from template_ipsec import IPsecIPv4Params
from template_ipsec import TemplateIpsec, IPsecIPv4Params
from vpp_papi import VppEnum
class IpsecApiTestCase(VppTestCase):
@@ -13,8 +14,10 @@ class IpsecApiTestCase(VppTestCase):
self.pg0.config_ip4()
self.pg0.admin_up()
self.vpp_esp_protocol = 1
self.vpp_ah_protocol = 0
self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t.
IPSEC_API_PROTO_ESP)
self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t.
IPSEC_API_PROTO_AH)
self.ipv4_params = IPsecIPv4Params()
def tearDown(self):
@@ -59,24 +62,22 @@ class IpsecApiTestCase(VppTestCase):
crypt_algo_vpp_id = params.crypt_algo_vpp_id
crypt_key = params.crypt_key
self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
self.vapi.ipsec_sad_entry_add_del(scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_ah_protocol,
self.pg0.local_addr_n[addr_type],
self.pg0.remote_addr_n[addr_type],
is_tunnel=1, is_tunnel_ipv6=is_ipv6)
self.pg0.local_addr[addr_type],
self.pg0.remote_addr[addr_type])
with self.vapi.assert_negative_api_retval():
self.vapi.ipsec_select_backend(
protocol=self.vpp_ah_protocol, index=0)
self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
self.vapi.ipsec_sad_entry_add_del(scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_ah_protocol,
self.pg0.local_addr_n[addr_type],
self.pg0.remote_addr_n[addr_type],
is_tunnel=1, is_tunnel_ipv6=is_ipv6,
self.pg0.local_addr[addr_type],
self.pg0.remote_addr[addr_type],
is_add=0)
self.vapi.ipsec_select_backend(
protocol=self.vpp_ah_protocol, index=0)
test/test_ipsec_esp.py
+19 -8
View File
@@ -9,6 +9,7 @@ from vpp_ipsec import VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSA,\
VppIpsecSpdItfBinding
from vpp_ip_route import VppIpRoute, VppRoutePath
from vpp_ip import DpoProto
from vpp_papi import VppEnum
class TemplateIpsecEsp(TemplateIpsec):
@@ -94,6 +95,7 @@ class TemplateIpsecEsp(TemplateIpsec):
remote_tun_if_host = params.remote_tun_if_host
addr_any = params.addr_any
addr_bcast = params.addr_bcast
e = VppEnum.vl_api_ipsec_spd_action_t
VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
@@ -123,28 +125,32 @@ class TemplateIpsecEsp(TemplateIpsec):
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
0,
priority=10, policy=3,
priority=10,
policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
remote_tun_if_host, remote_tun_if_host,
0,
priority=10, policy=3).add_vpp_config()
policy=e.IPSEC_API_SPD_ACTION_PROTECT,
priority=10).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
remote_tun_if_host, remote_tun_if_host,
self.pg0.local_addr[addr_type],
self.pg0.local_addr[addr_type],
0,
priority=20, policy=3,
priority=20,
policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg0.local_addr[addr_type],
self.pg0.local_addr[addr_type],
remote_tun_if_host, remote_tun_if_host,
0,
priority=20, policy=3).add_vpp_config()
policy=e.IPSEC_API_SPD_ACTION_PROTECT,
priority=20).add_vpp_config()
def config_esp_tra(self, params):
addr_type = params.addr_type
@@ -158,17 +164,20 @@ class TemplateIpsecEsp(TemplateIpsec):
crypt_key = params.crypt_key
addr_any = params.addr_any
addr_bcast = params.addr_bcast
flags = (VppEnum.vl_api_ipsec_sad_flags_t.
IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
e = VppEnum.vl_api_ipsec_spd_action_t
VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
use_anti_replay=1).add_vpp_config()
flags=flags).add_vpp_config()
VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
use_anti_replay=1).add_vpp_config()
flags=flags).add_vpp_config()
VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
addr_any, addr_bcast,
@@ -185,14 +194,16 @@ class TemplateIpsecEsp(TemplateIpsec):
self.tra_if.local_addr[addr_type],
self.tra_if.remote_addr[addr_type],
self.tra_if.remote_addr[addr_type],
0, priority=10, policy=3,
0, priority=10,
policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id,
self.tra_if.local_addr[addr_type],
self.tra_if.local_addr[addr_type],
self.tra_if.remote_addr[addr_type],
self.tra_if.remote_addr[addr_type],
0, priority=10, policy=3).add_vpp_config()
0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
priority=10).add_vpp_config()
class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
test/test_ipsec_nat.py
+10 -4
View File
@@ -11,6 +11,7 @@ from vpp_ipsec import VppIpsecSA, VppIpsecSpd, VppIpsecSpdEntry,\
VppIpsecSpdItfBinding
from vpp_ip_route import VppIpRoute, VppRoutePath
from vpp_ip import DpoProto
from vpp_papi import VppEnum
class IPSecNATTestCase(TemplateIpsec):
@@ -155,6 +156,9 @@ class IPSecNATTestCase(TemplateIpsec):
crypt_key = params.crypt_key
addr_any = params.addr_any
addr_bcast = params.addr_bcast
flags = (VppEnum.vl_api_ipsec_sad_flags_t.
IPSEC_API_SAD_FLAG_UDP_ENCAP)
e = VppEnum.vl_api_ipsec_spd_action_t
VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
@@ -162,14 +166,14 @@ class IPSecNATTestCase(TemplateIpsec):
self.vpp_esp_protocol,
self.pg1.remote_addr[addr_type],
self.tun_if.remote_addr[addr_type],
udp_encap=1).add_vpp_config()
flags=flags).add_vpp_config()
VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
self.tun_if.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
udp_encap=1).add_vpp_config()
flags=flags).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
addr_any, addr_bcast,
@@ -198,14 +202,16 @@ class IPSecNATTestCase(TemplateIpsec):
self.tun_if.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
0, priority=10, policy=3,
0, priority=10,
policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
self.tun_if.remote_addr[addr_type],
self.tun_if.remote_addr[addr_type],
0, priority=10, policy=3).add_vpp_config()
0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
priority=10).add_vpp_config()
def test_ipsec_nat_tun(self):
""" IPSec/NAT tunnel test case """
test/vpp_ipsec.py
+40 -40
View File
@@ -1,5 +1,6 @@
from vpp_object import *
from ipaddress import ip_address
from vpp_papi import VppEnum
try:
text_type = unicode
@@ -82,7 +83,7 @@ class VppIpsecSpdEntry(VppObject):
remote_start, remote_stop,
proto,
priority=100,
policy=0,
policy=None,
is_outbound=1,
remote_port_start=0,
remote_port_stop=65535,
@@ -98,7 +99,11 @@ class VppIpsecSpdEntry(VppObject):
self.proto = proto
self.is_outbound = is_outbound
self.priority = priority
self.policy = policy
if not policy:
self.policy = (VppEnum.vl_api_ipsec_spd_action_t.
IPSEC_API_SPD_ACTION_BYPASS)
else:
self.policy = policy
self.is_ipv6 = (0 if self.local_start.version == 4 else 1)
self.local_port_start = local_port_start
self.local_port_stop = local_port_stop
@@ -106,13 +111,13 @@ class VppIpsecSpdEntry(VppObject):
self.remote_port_stop = remote_port_stop
def add_vpp_config(self):
self.test.vapi.ipsec_spd_add_del_entry(
self.test.vapi.ipsec_spd_entry_add_del(
self.spd.id,
self.sa_id,
self.local_start.packed,
self.local_stop.packed,
self.remote_start.packed,
self.remote_stop.packed,
self.local_start,
self.local_stop,
self.remote_start,
self.remote_stop,
protocol=self.proto,
is_ipv6=self.is_ipv6,
is_outbound=self.is_outbound,
@@ -125,13 +130,13 @@ class VppIpsecSpdEntry(VppObject):
self.test.registry.register(self, self.test.logger)
def remove_vpp_config(self):
self.test.vapi.ipsec_spd_add_del_entry(
self.test.vapi.ipsec_spd_entry_add_del(
self.spd.id,
self.sa_id,
self.local_start.packed,
self.local_stop.packed,
self.remote_start.packed,
self.remote_stop.packed,
self.local_start,
self.local_stop,
self.remote_start,
self.remote_stop,
protocol=self.proto,
is_ipv6=self.is_ipv6,
is_outbound=self.is_outbound,
@@ -157,12 +162,12 @@ class VppIpsecSpdEntry(VppObject):
def query_vpp_config(self):
ss = self.test.vapi.ipsec_spd_dump(self.spd.id)
for s in ss:
if s.sa_id == self.sa_id and \
s.is_outbound == self.is_outbound and \
s.priority == self.priority and \
s.policy == self.policy and \
s.is_ipv6 == self.is_ipv6 and \
s.remote_start_port == self.remote_port_start:
if s.entry.sa_id == self.sa_id and \
s.entry.is_outbound == self.is_outbound and \
s.entry.priority == self.priority and \
s.entry.policy == self.policy and \
s.entry.remote_address_start == self.remote_start and \
s.entry.remote_port_start == self.remote_port_start:
return True
return False
@@ -177,8 +182,8 @@ class VppIpsecSA(VppObject):
crypto_alg, crypto_key,
proto,
tun_src=None, tun_dst=None,
use_anti_replay=0,
udp_encap=0):
flags=None):
e = VppEnum.vl_api_ipsec_sad_flags_t
self.test = test
self.id = id
self.spi = spi
@@ -187,22 +192,23 @@ class VppIpsecSA(VppObject):
self.crypto_alg = crypto_alg
self.crypto_key = crypto_key
self.proto = proto
self.is_tunnel = 0
self.is_tunnel_v6 = 0
self.tun_src = tun_src
self.tun_dst = tun_dst
if not flags:
self.flags = e.IPSEC_API_SAD_FLAG_NONE
else:
self.flags = flags
if (tun_src):
self.tun_src = ip_address(text_type(tun_src))
self.is_tunnel = 1
self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL
if (self.tun_src.version == 6):
self.is_tunnel_v6 = 1
self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6
if (tun_dst):
self.tun_dst = ip_address(text_type(tun_dst))
self.use_anti_replay = use_anti_replay
self.udp_encap = udp_encap
def add_vpp_config(self):
self.test.vapi.ipsec_sad_add_del_entry(
self.test.vapi.ipsec_sad_entry_add_del(
self.id,
self.spi,
self.integ_alg,
@@ -210,16 +216,13 @@ class VppIpsecSA(VppObject):
self.crypto_alg,
self.crypto_key,
self.proto,
(self.tun_src.packed if self.tun_src else []),
(self.tun_dst.packed if self.tun_dst else []),
is_tunnel=self.is_tunnel,
is_tunnel_ipv6=self.is_tunnel_v6,
use_anti_replay=self.use_anti_replay,
udp_encap=self.udp_encap)
(self.tun_src if self.tun_src else []),
(self.tun_dst if self.tun_dst else []),
flags=self.flags)
self.test.registry.register(self, self.test.logger)
def remove_vpp_config(self):
self.test.vapi.ipsec_sad_add_del_entry(
self.test.vapi.ipsec_sad_entry_add_del(
self.id,
self.spi,
self.integ_alg,
@@ -227,12 +230,9 @@ class VppIpsecSA(VppObject):
self.crypto_alg,
self.crypto_key,
self.proto,
(self.tun_src.packed if self.tun_src else []),
(self.tun_dst.packed if self.tun_dst else []),
is_tunnel=self.is_tunnel,
is_tunnel_ipv6=self.is_tunnel_v6,
use_anti_replay=self.use_anti_replay,
udp_encap=self.udp_encap,
(self.tun_src if self.tun_src else []),
(self.tun_dst if self.tun_dst else []),
flags=self.flags,
is_add=0)
def __str__(self):
test/vpp_papi_provider.py
+49 -45
View File
@@ -3369,7 +3369,7 @@ class VppPapiProvider(object):
{'spd_index': spd_index if spd_index else 0,
'spd_index_valid': 1 if spd_index else 0})
def ipsec_sad_add_del_entry(self,
def ipsec_sad_entry_add_del(self,
sad_id,
spi,
integrity_algorithm,
@@ -3379,12 +3379,8 @@ class VppPapiProvider(object):
protocol,
tunnel_src_address='',
tunnel_dst_address='',
is_tunnel=1,
is_tunnel_ipv6=0,
is_add=1,
udp_encap=0,
use_anti_replay=0,
use_extended_sequence_number=0):
flags=0,
is_add=1):
""" IPSEC SA add/del
:param sad_id: security association ID
:param spi: security param index of the SA in decimal
@@ -3401,31 +3397,35 @@ class VppPapiProvider(object):
crypto and ipsec algorithms
"""
return self.api(
self.papi.ipsec_sad_add_del_entry,
{'sad_id': sad_id,
'spi': spi,
'tunnel_src_address': tunnel_src_address,
'tunnel_dst_address': tunnel_dst_address,
'protocol': protocol,
'integrity_algorithm': integrity_algorithm,
'integrity_key_length': len(integrity_key),
'integrity_key': integrity_key,
'crypto_algorithm': crypto_algorithm,
'crypto_key_length': len(crypto_key) if crypto_key is not None
else 0,
'crypto_key': crypto_key,
'is_add': is_add,
'is_tunnel': is_tunnel,
'is_tunnel_ipv6': is_tunnel_ipv6,
'udp_encap': udp_encap,
'use_extended_sequence_number': use_extended_sequence_number,
'use_anti_replay': use_anti_replay})
self.papi.ipsec_sad_entry_add_del,
{
'is_add': is_add,
'entry':
{
'sad_id': sad_id,
'spi': spi,
'tunnel_src': tunnel_src_address,
'tunnel_dst': tunnel_dst_address,
'protocol': protocol,
'integrity_algorithm': integrity_algorithm,
'integrity_key': {
'length': len(integrity_key),
'data': integrity_key,
},
'crypto_algorithm': crypto_algorithm,
'crypto_key': {
'length': len(crypto_key),
'data': crypto_key,
},
'flags': flags,
}
})
def ipsec_sa_dump(self, sa_id=None):
return self.api(self.papi.ipsec_sa_dump,
{'sa_id': sa_id if sa_id else 0xffffffff})
def ipsec_spd_add_del_entry(self,
def ipsec_spd_entry_add_del(self,
spd_id,
sa_id,
local_address_start,
@@ -3464,24 +3464,28 @@ class VppPapiProvider(object):
:param is_add: (Default value = 1)
"""
return self.api(
self.papi.ipsec_spd_add_del_entry,
{'spd_id': spd_id,
'sa_id': sa_id,
'local_address_start': local_address_start,
'local_address_stop': local_address_stop,
'remote_address_start': remote_address_start,
'remote_address_stop': remote_address_stop,
'local_port_start': local_port_start,
'local_port_stop': local_port_stop,
'remote_port_start': remote_port_start,
'remote_port_stop': remote_port_stop,
'is_add': is_add,
'protocol': protocol,
'policy': policy,
'priority': priority,
'is_outbound': is_outbound,
'is_ipv6': is_ipv6,
'is_ip_any': is_ip_any})
self.papi.ipsec_spd_entry_add_del,
{
'is_add': is_add,
'entry':
{
'spd_id': spd_id,
'sa_id': sa_id,
'local_address_start': local_address_start,
'local_address_stop': local_address_stop,
'remote_address_start': remote_address_start,
'remote_address_stop': remote_address_stop,
'local_port_start': local_port_start,
'local_port_stop': local_port_stop,
'remote_port_start': remote_port_start,
'remote_port_stop': remote_port_stop,
'protocol': protocol,
'policy': policy,
'priority': priority,
'is_outbound': is_outbound,
'is_ip_any': is_ip_any
}
})
def ipsec_spd_dump(self, spd_id, sa_id=0xffffffff):
return self.api(self.papi.ipsec_spd_dump,