diff options
author | Vratko Polak <vrpolak@cisco.com> | 2024-04-11 18:24:03 +0200 |
---|---|---|
committer | Vratko Polak <vrpolak@cisco.com> | 2024-04-15 12:58:43 +0200 |
commit | 6c2ca55d7ad00605976d96b14d83786a35f383c2 (patch) | |
tree | ecb2e1e8ce8ad1e393ed1184d9f3539d0d928d64 /resources/libraries/python/IPsecUtil.py | |
parent | 872481a0f65472e8d40f7503f9fc7e5766c428eb (diff) |
feat(api): Use newest API messages after rls2402
+ gtpu_add_del_tunnel_v2
+ Add comments on used values and unused fields.
+ ipsec_sad_entry_add_v2
+ Explicitly pass current default values.
+ ipsec_sa_v5_dump
+ policer_add
+ The old is_add argument removed, it was never false.
+ sr_policy_add_v2
+ Add comments about currently unused fields.
+ Support also older VP builds with wrong reply.
+ rdma_create_v4
+ Add comments about unused fields.
Change-Id: I3d5bc345c4cf099661626770c4d86bc230643cca
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Diffstat (limited to 'resources/libraries/python/IPsecUtil.py')
-rw-r--r-- | resources/libraries/python/IPsecUtil.py | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py index 07caad03dc..214764d233 100644 --- a/resources/libraries/python/IPsecUtil.py +++ b/resources/libraries/python/IPsecUtil.py @@ -36,7 +36,8 @@ from resources.libraries.python.VPPUtil import VPPUtil from resources.libraries.python.FlowUtil import FlowUtil -IPSEC_UDP_PORT_NONE = 0xffff +IPSEC_UDP_PORT_DEFAULT = 4500 +IPSEC_REPLAY_WINDOW_DEFAULT = 64 def gen_key(length): @@ -450,7 +451,7 @@ class IPsecUtil: src_addr = u"" dst_addr = u"" - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" err_msg = f"Failed to add Security Association Database entry " \ f"on host {node[u'host']}" sad_entry = dict( @@ -471,8 +472,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), protocol=int(IPsecProto.IPSEC_API_PROTO_ESP), - udp_src_port=4500, # default value in api - udp_dst_port=4500 # default value in api + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) with PapiSocketExecutor(node) as papi_exec: @@ -547,7 +549,7 @@ class IPsecUtil: IPsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 ) - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" err_msg = f"Failed to add Security Association Database entry " \ f"on host {node[u'host']}" @@ -569,8 +571,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), protocol=int(IPsecProto.IPSEC_API_PROTO_ESP), - udp_src_port=4500, # default value in api - udp_dst_port=4500, # default value in api + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) with PapiSocketExecutor(node, is_async=True) as papi_exec: @@ -1227,7 +1230,7 @@ class IPsecUtil: # Configure IPSec SAD entries ckeys = [bytes()] * existing_tunnels ikeys = [bytes()] * existing_tunnels - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" c_key = dict( length=0, data=None @@ -1255,8 +1258,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), salt=0, - udp_src_port=IPSEC_UDP_PORT_NONE, - udp_dst_port=IPSEC_UDP_PORT_NONE, + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) for i in range(existing_tunnels, n_tunnels): @@ -1466,7 +1470,7 @@ class IPsecUtil: ] ) # Configure IPSec SAD entries - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" c_key = dict( length=0, data=None @@ -1494,8 +1498,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), salt=0, - udp_src_port=IPSEC_UDP_PORT_NONE, - udp_dst_port=IPSEC_UDP_PORT_NONE, + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) for i in range(existing_tunnels, n_tunnels): @@ -2033,10 +2038,8 @@ class IPsecUtil: :param node: DUT node. :type node: dict """ - cmds = [ - u"ipsec_sa_v4_dump" - ] - PapiSocketExecutor.dump_and_log(node, cmds) + cmd = "ipsec_sa_v5_dump" + PapiSocketExecutor.dump_and_log(node, [cmd]) @staticmethod def vpp_ipsec_flow_enale_rss(node, proto, type, function="default"): |