diff options
-rw-r--r-- | resources/libraries/python/IPsecUtil.py | 151 |
1 files changed, 72 insertions, 79 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py index 93bae8e345..dd7bd068fa 100644 --- a/resources/libraries/python/IPsecUtil.py +++ b/resources/libraries/python/IPsecUtil.py @@ -370,8 +370,8 @@ class IPsecUtil: for worker in workers: cmd = "crypto_sw_scheduler_set_worker" err_msg = ( - f"Failed to disable/enable crypto for worker thread " - f"on host {node['host']}" + "Failed to disable/enable crypto for worker thread" + f" on host {node['host']}" ) args = dict(worker_index=worker - 1, crypto_enable=crypto_enable) with PapiSocketExecutor(node) as papi_exec: @@ -395,7 +395,7 @@ class IPsecUtil: thread_data = VPPUtil.vpp_show_threads(node) worker_cnt = len(thread_data) - 1 if not worker_cnt: - return None + return worker_ids = list() workers = BuiltIn().get_variable_value( f"${{{node_name}_cpu_dp}}" @@ -465,8 +465,8 @@ class IPsecUtil: cmd = "ipsec_sad_entry_add_v2" err_msg = ( - f"Failed to add Security Association Database entry " - f"on host {node['host']}" + "Failed to add Security Association Database entry" + f" on host {node['host']}" ) sad_entry = dict( sad_id=int(sad_id), @@ -569,8 +569,8 @@ class IPsecUtil: cmd = "ipsec_sad_entry_add_v2" err_msg = ( - f"Failed to add Security Association Database entry " - f"on host {node['host']}" + "Failed to add Security Association Database entry" + f" on host {node['host']}" ) sad_entry = dict( @@ -676,11 +676,11 @@ class IPsecUtil: ), ) err_msg = ( - f"Failed to configure IP addresses, IP routes and " - f"IP neighbor on interface {interface} on host {node['host']}" + "Failed to configure IP addresses, IP routes and" + f" IP neighbor on interface {interface} on host {node['host']}" if dst_mac - else f"Failed to configure IP addresses and IP routes " - f"on interface {interface} on host {node['host']}" + else "Failed to configure IP addresses and IP routes" + f" on interface {interface} on host {node['host']}" ) with PapiSocketExecutor(node, is_async=True) as papi_exec: @@ -727,8 +727,7 @@ class IPsecUtil: """ cmd = "ipsec_spd_add_del" err_msg = ( - f"Failed to add Security Policy Database " - f"on host {node['host']}" + f"Failed to add Security Policy Database on host {node['host']}" ) args = dict(is_add=True, spd_id=int(spd_id)) with PapiSocketExecutor(node) as papi_exec: @@ -747,8 +746,8 @@ class IPsecUtil: """ cmd = "ipsec_interface_add_del_spd" err_msg = ( - f"Failed to add interface {interface} to Security Policy " - f"Database {spd_id} on host {node['host']}" + f"Failed to add interface {interface} to Security Policy" + f" Database {spd_id} on host {node['host']}" ) args = dict( is_add=True, @@ -1051,8 +1050,8 @@ class IPsecUtil: :type is_ipv6: bool """ err_msg = ( - f"Failed to add entry to Security Policy Database " - f"{spd_id} on host {node['host']}" + "Failed to add entry to Security Policy Database" + f" {spd_id} on host {node['host']}" ) with PapiSocketExecutor(node, is_async=True) as papi_exec: IPsecUtil._vpp_ipsec_add_spd_entry_internal( @@ -1133,8 +1132,8 @@ class IPsecUtil: raddr_range = NetworkIncrement(ip_network(raddr_range), 0) err_msg = ( - f"Failed to add entry to Security Policy Database " - f"{spd_id} on host {node['host']}" + "Failed to add entry to Security Policy Database" + f" {spd_id} on host {node['host']}" ) with PapiSocketExecutor(node, is_async=True) as papi_exec: for _ in range(n_entries): @@ -1180,8 +1179,8 @@ class IPsecUtil: user_instance=0, ) err_msg = ( - f"Failed to create loopback interface " - f"on host {nodes['DUT1']['host']}" + "Failed to create loopback interface" + f" on host {nodes['DUT1']['host']}" ) papi_exec.add(cmd, **args) loop_sw_if_idx = papi_exec.get_sw_if_index(err_msg) @@ -1191,8 +1190,8 @@ class IPsecUtil: flags=InterfaceStatusFlags.IF_STATUS_API_FLAG_ADMIN_UP.value, ) err_msg = ( - f"Failed to set loopback interface state up " - f"on host {nodes['DUT1']['host']}" + "Failed to set loopback interface state up" + f" on host {nodes['DUT1']['host']}" ) papi_exec.add(cmd, **args).get_reply(err_msg) # Set IP address on VPP node 1 interface @@ -1209,8 +1208,8 @@ class IPsecUtil: ), ) err_msg = ( - f"Failed to set IP address on interface {if1_key} " - f"on host {nodes['DUT1']['host']}" + f"Failed to set IP address on interface {if1_key}" + f" on host {nodes['DUT1']['host']}" ) papi_exec.add(cmd, **args).get_reply(err_msg) cmd2 = "ip_neighbor_add_del" @@ -1333,7 +1332,7 @@ class IPsecUtil: cmd, history=bool(not 1 < i < n_tunnels - 2), **args ) err_msg = ( - f"Failed to add IPIP tunnel interfaces on host" + "Failed to add IPIP tunnel interfaces on host" f" {nodes['DUT1']['host']}" ) ipip_tunnels.extend( @@ -1408,7 +1407,7 @@ class IPsecUtil: cmd, history=bool(not 1 < i < n_tunnels - 2), **args ) err_msg = ( - f"Failed to add IPsec SAD entries on host" + "Failed to add IPsec SAD entries on host" f" {nodes['DUT1']['host']}" ) papi_exec.get_replies(err_msg) @@ -1431,8 +1430,8 @@ class IPsecUtil: cmd, history=bool(not 1 < i < n_tunnels - 2), **args ) err_msg = ( - f"Failed to add protection for tunnels with IPSEC " - f"on host {nodes['DUT1']['host']}" + "Failed to add protection for tunnels with IPSEC" + f" on host {nodes['DUT1']['host']}" ) papi_exec.get_replies(err_msg) @@ -1474,9 +1473,7 @@ class IPsecUtil: papi_exec.add( cmd, history=bool(not 1 < i < n_tunnels - 2), **args ) - err_msg = ( - f"Failed to add IP routes on host " f"{nodes['DUT1']['host']}" - ) + err_msg = f"Failed to add IP routes on host {nodes['DUT1']['host']}" papi_exec.get_replies(err_msg) return ckeys, ikeys @@ -1544,8 +1541,8 @@ class IPsecUtil: ), ) err_msg = ( - f"Failed to set IP address on interface {if2_key} " - f"on host {nodes['DUT2']['host']}" + f"Failed to set IP address on interface {if2_key}" + f" on host {nodes['DUT2']['host']}" ) papi_exec.add(cmd, **args).get_replies(err_msg) # Configure IPIP tunnel interfaces @@ -1574,7 +1571,7 @@ class IPsecUtil: cmd, history=bool(not 1 < i < n_tunnels - 2), **args ) err_msg = ( - f"Failed to add IPIP tunnel interfaces on host" + "Failed to add IPIP tunnel interfaces on host" f" {nodes['DUT2']['host']}" ) ipip_tunnels.extend( @@ -1670,8 +1667,8 @@ class IPsecUtil: cmd, history=bool(not 1 < i < n_tunnels - 2), **args ) err_msg = ( - f"Failed to add protection for tunnels with IPSEC " - f"on host {nodes['DUT2']['host']}" + "Failed to add protection for tunnels with IPSEC" + f" on host {nodes['DUT2']['host']}" ) papi_exec.get_replies(err_msg) @@ -1725,9 +1722,7 @@ class IPsecUtil: papi_exec.add( cmd, history=bool(not 1 < i < n_tunnels - 2), **args ) - err_msg = ( - f"Failed to add IP routes " f"on host {nodes['DUT2']['host']}" - ) + err_msg = f"Failed to add IP routes on host {nodes['DUT2']['host']}" papi_exec.get_replies(err_msg) @staticmethod @@ -1924,8 +1919,8 @@ class IPsecUtil: "create loopback interface\nset interface state loop0 up\n\n" ) dut2_scripts[cnf].write( - f"ip route add {if1_ip_addr}/8 via " - f"{ip_address(if2_ip_addr) + cnf + 100} memif1/{cnf + 1}\n\n" + f"ip route add {if1_ip_addr}/8 via" + f" {ip_address(if2_ip_addr) + cnf + 100} memif1/{cnf + 1}\n\n" ) for tnl in range(0, n_tunnels): @@ -1939,50 +1934,48 @@ class IPsecUtil: ) if integ_alg: integ = ( - f"integ-alg {integ_alg.alg_name} " - f"local-integ-key {ikey} " - f"remote-integ-key {ikey} " + f"integ-alg {integ_alg.alg_name}" + f" local-integ-key {ikey}" + f" remote-integ-key {ikey}" ) # Configure tunnel end point(s) on left side dut1_scripts[cnf].write( - "set interface ip address loop0 " - f"{ip_address(if1_ip_addr) + tnl * addr_incr}/32\n" - f"create ipsec tunnel " - f"local-ip {ip_address(if1_ip_addr) + tnl * addr_incr} " - f"local-spi {spi_1 + tnl} " - f"remote-ip {ip_address(if2_ip_addr) + cnf} " - f"remote-spi {spi_2 + tnl} " - f"crypto-alg {crypto_alg.alg_name} " - f"local-crypto-key {ckey} " - f"remote-crypto-key {ckey} " - f"instance {tnl // n_instances} " - f"salt 0x0 " - f"{integ} \n" + "set interface ip address loop0" + f" {ip_address(if1_ip_addr) + tnl * addr_incr}/32\n" + "create ipsec tunnel" + f" local-ip {ip_address(if1_ip_addr) + tnl * addr_incr}" + f" local-spi {spi_1 + tnl}" + f" remote-ip {ip_address(if2_ip_addr) + cnf}" + f" remote-spi {spi_2 + tnl}" + f" crypto-alg {crypto_alg.alg_name}" + f" local-crypto-key {ckey}" + f" remote-crypto-key {ckey}" + f" instance {tnl // n_instances}" + f" salt 0x0 {integ}\n" f"set interface unnumbered ipip{tnl // n_instances} use loop0\n" f"set interface state ipip{tnl // n_instances} up\n" - f"ip route add {ip_address(raddr_ip2)+tnl}/32 " - f"via ipip{tnl // n_instances}\n\n" + f"ip route add {ip_address(raddr_ip2)+tnl}/32" + f" via ipip{tnl // n_instances}\n\n" ) # Configure tunnel end point(s) on right side dut2_scripts[cnf].write( - f"set ip neighbor memif1/{cnf + 1} " - f"{ip_address(if1_ip_addr) + tnl * addr_incr} " - f"02:02:00:00:{17:02X}:{cnf:02X} static\n" - f"create ipsec tunnel local-ip {ip_address(if2_ip_addr) + cnf} " - f"local-spi {spi_2 + tnl} " - f"remote-ip {ip_address(if1_ip_addr) + tnl * addr_incr} " - f"remote-spi {spi_1 + tnl} " - f"crypto-alg {crypto_alg.alg_name} " - f"local-crypto-key {ckey} " - f"remote-crypto-key {ckey} " - f"instance {tnl // n_instances} " - f"salt 0x0 " - f"{integ}\n" - f"set interface unnumbered ipip{tnl // n_instances} " - f"use memif1/{cnf + 1}\n" + f"set ip neighbor memif1/{cnf + 1}" + f" {ip_address(if1_ip_addr) + tnl * addr_incr}" + f" 02:02:00:00:{17:02X}:{cnf:02X} static\n" + f"create ipsec tunnel local-ip {ip_address(if2_ip_addr) + cnf}" + f" local-spi {spi_2 + tnl}" + f" remote-ip {ip_address(if1_ip_addr) + tnl * addr_incr}" + f" remote-spi {spi_1 + tnl}" + f" crypto-alg {crypto_alg.alg_name}" + f" local-crypto-key {ckey}" + f" remote-crypto-key {ckey}" + f" instance {tnl // n_instances}" + f" salt 0x0 {integ}\n" + f"set interface unnumbered ipip{tnl // n_instances}" + f" use memif1/{cnf + 1}\n" f"set interface state ipip{tnl // n_instances} up\n" - f"ip route add {ip_address(raddr_ip1) + tnl}/32 " - f"via ipip{tnl // n_instances}\n\n" + f"ip route add {ip_address(raddr_ip1) + tnl}/32" + f" via ipip{tnl // n_instances}\n\n" ) IPsecUtil._close_and_copy_ipsec_script_files( @@ -2285,8 +2278,8 @@ class IPsecUtil: """ # TODO: to be fixed to use full PAPI when it is ready in VPP cmd = ( - f"test flow add src-ip any proto {proto} rss function " - f"{function} rss types {rss_type}" + f"test flow add src-ip any proto {proto} rss function" + f" {function} rss types {rss_type}" ) stdout = PapiSocketExecutor.run_cli_cmd(node, cmd) flow_index = stdout.split()[1] |