aboutsummaryrefslogtreecommitdiffstats
path: root/resources/libraries/python/IPsecUtil.py
diff options
context:
space:
mode:
Diffstat (limited to 'resources/libraries/python/IPsecUtil.py')
-rw-r--r--resources/libraries/python/IPsecUtil.py151
1 files changed, 72 insertions, 79 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 93bae8e345..dd7bd068fa 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -370,8 +370,8 @@ class IPsecUtil:
for worker in workers:
cmd = "crypto_sw_scheduler_set_worker"
err_msg = (
- f"Failed to disable/enable crypto for worker thread "
- f"on host {node['host']}"
+ "Failed to disable/enable crypto for worker thread"
+ f" on host {node['host']}"
)
args = dict(worker_index=worker - 1, crypto_enable=crypto_enable)
with PapiSocketExecutor(node) as papi_exec:
@@ -395,7 +395,7 @@ class IPsecUtil:
thread_data = VPPUtil.vpp_show_threads(node)
worker_cnt = len(thread_data) - 1
if not worker_cnt:
- return None
+ return
worker_ids = list()
workers = BuiltIn().get_variable_value(
f"${{{node_name}_cpu_dp}}"
@@ -465,8 +465,8 @@ class IPsecUtil:
cmd = "ipsec_sad_entry_add_v2"
err_msg = (
- f"Failed to add Security Association Database entry "
- f"on host {node['host']}"
+ "Failed to add Security Association Database entry"
+ f" on host {node['host']}"
)
sad_entry = dict(
sad_id=int(sad_id),
@@ -569,8 +569,8 @@ class IPsecUtil:
cmd = "ipsec_sad_entry_add_v2"
err_msg = (
- f"Failed to add Security Association Database entry "
- f"on host {node['host']}"
+ "Failed to add Security Association Database entry"
+ f" on host {node['host']}"
)
sad_entry = dict(
@@ -676,11 +676,11 @@ class IPsecUtil:
),
)
err_msg = (
- f"Failed to configure IP addresses, IP routes and "
- f"IP neighbor on interface {interface} on host {node['host']}"
+ "Failed to configure IP addresses, IP routes and"
+ f" IP neighbor on interface {interface} on host {node['host']}"
if dst_mac
- else f"Failed to configure IP addresses and IP routes "
- f"on interface {interface} on host {node['host']}"
+ else "Failed to configure IP addresses and IP routes"
+ f" on interface {interface} on host {node['host']}"
)
with PapiSocketExecutor(node, is_async=True) as papi_exec:
@@ -727,8 +727,7 @@ class IPsecUtil:
"""
cmd = "ipsec_spd_add_del"
err_msg = (
- f"Failed to add Security Policy Database "
- f"on host {node['host']}"
+ f"Failed to add Security Policy Database on host {node['host']}"
)
args = dict(is_add=True, spd_id=int(spd_id))
with PapiSocketExecutor(node) as papi_exec:
@@ -747,8 +746,8 @@ class IPsecUtil:
"""
cmd = "ipsec_interface_add_del_spd"
err_msg = (
- f"Failed to add interface {interface} to Security Policy "
- f"Database {spd_id} on host {node['host']}"
+ f"Failed to add interface {interface} to Security Policy"
+ f" Database {spd_id} on host {node['host']}"
)
args = dict(
is_add=True,
@@ -1051,8 +1050,8 @@ class IPsecUtil:
:type is_ipv6: bool
"""
err_msg = (
- f"Failed to add entry to Security Policy Database "
- f"{spd_id} on host {node['host']}"
+ "Failed to add entry to Security Policy Database"
+ f" {spd_id} on host {node['host']}"
)
with PapiSocketExecutor(node, is_async=True) as papi_exec:
IPsecUtil._vpp_ipsec_add_spd_entry_internal(
@@ -1133,8 +1132,8 @@ class IPsecUtil:
raddr_range = NetworkIncrement(ip_network(raddr_range), 0)
err_msg = (
- f"Failed to add entry to Security Policy Database "
- f"{spd_id} on host {node['host']}"
+ "Failed to add entry to Security Policy Database"
+ f" {spd_id} on host {node['host']}"
)
with PapiSocketExecutor(node, is_async=True) as papi_exec:
for _ in range(n_entries):
@@ -1180,8 +1179,8 @@ class IPsecUtil:
user_instance=0,
)
err_msg = (
- f"Failed to create loopback interface "
- f"on host {nodes['DUT1']['host']}"
+ "Failed to create loopback interface"
+ f" on host {nodes['DUT1']['host']}"
)
papi_exec.add(cmd, **args)
loop_sw_if_idx = papi_exec.get_sw_if_index(err_msg)
@@ -1191,8 +1190,8 @@ class IPsecUtil:
flags=InterfaceStatusFlags.IF_STATUS_API_FLAG_ADMIN_UP.value,
)
err_msg = (
- f"Failed to set loopback interface state up "
- f"on host {nodes['DUT1']['host']}"
+ "Failed to set loopback interface state up"
+ f" on host {nodes['DUT1']['host']}"
)
papi_exec.add(cmd, **args).get_reply(err_msg)
# Set IP address on VPP node 1 interface
@@ -1209,8 +1208,8 @@ class IPsecUtil:
),
)
err_msg = (
- f"Failed to set IP address on interface {if1_key} "
- f"on host {nodes['DUT1']['host']}"
+ f"Failed to set IP address on interface {if1_key}"
+ f" on host {nodes['DUT1']['host']}"
)
papi_exec.add(cmd, **args).get_reply(err_msg)
cmd2 = "ip_neighbor_add_del"
@@ -1333,7 +1332,7 @@ class IPsecUtil:
cmd, history=bool(not 1 < i < n_tunnels - 2), **args
)
err_msg = (
- f"Failed to add IPIP tunnel interfaces on host"
+ "Failed to add IPIP tunnel interfaces on host"
f" {nodes['DUT1']['host']}"
)
ipip_tunnels.extend(
@@ -1408,7 +1407,7 @@ class IPsecUtil:
cmd, history=bool(not 1 < i < n_tunnels - 2), **args
)
err_msg = (
- f"Failed to add IPsec SAD entries on host"
+ "Failed to add IPsec SAD entries on host"
f" {nodes['DUT1']['host']}"
)
papi_exec.get_replies(err_msg)
@@ -1431,8 +1430,8 @@ class IPsecUtil:
cmd, history=bool(not 1 < i < n_tunnels - 2), **args
)
err_msg = (
- f"Failed to add protection for tunnels with IPSEC "
- f"on host {nodes['DUT1']['host']}"
+ "Failed to add protection for tunnels with IPSEC"
+ f" on host {nodes['DUT1']['host']}"
)
papi_exec.get_replies(err_msg)
@@ -1474,9 +1473,7 @@ class IPsecUtil:
papi_exec.add(
cmd, history=bool(not 1 < i < n_tunnels - 2), **args
)
- err_msg = (
- f"Failed to add IP routes on host " f"{nodes['DUT1']['host']}"
- )
+ err_msg = f"Failed to add IP routes on host {nodes['DUT1']['host']}"
papi_exec.get_replies(err_msg)
return ckeys, ikeys
@@ -1544,8 +1541,8 @@ class IPsecUtil:
),
)
err_msg = (
- f"Failed to set IP address on interface {if2_key} "
- f"on host {nodes['DUT2']['host']}"
+ f"Failed to set IP address on interface {if2_key}"
+ f" on host {nodes['DUT2']['host']}"
)
papi_exec.add(cmd, **args).get_replies(err_msg)
# Configure IPIP tunnel interfaces
@@ -1574,7 +1571,7 @@ class IPsecUtil:
cmd, history=bool(not 1 < i < n_tunnels - 2), **args
)
err_msg = (
- f"Failed to add IPIP tunnel interfaces on host"
+ "Failed to add IPIP tunnel interfaces on host"
f" {nodes['DUT2']['host']}"
)
ipip_tunnels.extend(
@@ -1670,8 +1667,8 @@ class IPsecUtil:
cmd, history=bool(not 1 < i < n_tunnels - 2), **args
)
err_msg = (
- f"Failed to add protection for tunnels with IPSEC "
- f"on host {nodes['DUT2']['host']}"
+ "Failed to add protection for tunnels with IPSEC"
+ f" on host {nodes['DUT2']['host']}"
)
papi_exec.get_replies(err_msg)
@@ -1725,9 +1722,7 @@ class IPsecUtil:
papi_exec.add(
cmd, history=bool(not 1 < i < n_tunnels - 2), **args
)
- err_msg = (
- f"Failed to add IP routes " f"on host {nodes['DUT2']['host']}"
- )
+ err_msg = f"Failed to add IP routes on host {nodes['DUT2']['host']}"
papi_exec.get_replies(err_msg)
@staticmethod
@@ -1924,8 +1919,8 @@ class IPsecUtil:
"create loopback interface\nset interface state loop0 up\n\n"
)
dut2_scripts[cnf].write(
- f"ip route add {if1_ip_addr}/8 via "
- f"{ip_address(if2_ip_addr) + cnf + 100} memif1/{cnf + 1}\n\n"
+ f"ip route add {if1_ip_addr}/8 via"
+ f" {ip_address(if2_ip_addr) + cnf + 100} memif1/{cnf + 1}\n\n"
)
for tnl in range(0, n_tunnels):
@@ -1939,50 +1934,48 @@ class IPsecUtil:
)
if integ_alg:
integ = (
- f"integ-alg {integ_alg.alg_name} "
- f"local-integ-key {ikey} "
- f"remote-integ-key {ikey} "
+ f"integ-alg {integ_alg.alg_name}"
+ f" local-integ-key {ikey}"
+ f" remote-integ-key {ikey}"
)
# Configure tunnel end point(s) on left side
dut1_scripts[cnf].write(
- "set interface ip address loop0 "
- f"{ip_address(if1_ip_addr) + tnl * addr_incr}/32\n"
- f"create ipsec tunnel "
- f"local-ip {ip_address(if1_ip_addr) + tnl * addr_incr} "
- f"local-spi {spi_1 + tnl} "
- f"remote-ip {ip_address(if2_ip_addr) + cnf} "
- f"remote-spi {spi_2 + tnl} "
- f"crypto-alg {crypto_alg.alg_name} "
- f"local-crypto-key {ckey} "
- f"remote-crypto-key {ckey} "
- f"instance {tnl // n_instances} "
- f"salt 0x0 "
- f"{integ} \n"
+ "set interface ip address loop0"
+ f" {ip_address(if1_ip_addr) + tnl * addr_incr}/32\n"
+ "create ipsec tunnel"
+ f" local-ip {ip_address(if1_ip_addr) + tnl * addr_incr}"
+ f" local-spi {spi_1 + tnl}"
+ f" remote-ip {ip_address(if2_ip_addr) + cnf}"
+ f" remote-spi {spi_2 + tnl}"
+ f" crypto-alg {crypto_alg.alg_name}"
+ f" local-crypto-key {ckey}"
+ f" remote-crypto-key {ckey}"
+ f" instance {tnl // n_instances}"
+ f" salt 0x0 {integ}\n"
f"set interface unnumbered ipip{tnl // n_instances} use loop0\n"
f"set interface state ipip{tnl // n_instances} up\n"
- f"ip route add {ip_address(raddr_ip2)+tnl}/32 "
- f"via ipip{tnl // n_instances}\n\n"
+ f"ip route add {ip_address(raddr_ip2)+tnl}/32"
+ f" via ipip{tnl // n_instances}\n\n"
)
# Configure tunnel end point(s) on right side
dut2_scripts[cnf].write(
- f"set ip neighbor memif1/{cnf + 1} "
- f"{ip_address(if1_ip_addr) + tnl * addr_incr} "
- f"02:02:00:00:{17:02X}:{cnf:02X} static\n"
- f"create ipsec tunnel local-ip {ip_address(if2_ip_addr) + cnf} "
- f"local-spi {spi_2 + tnl} "
- f"remote-ip {ip_address(if1_ip_addr) + tnl * addr_incr} "
- f"remote-spi {spi_1 + tnl} "
- f"crypto-alg {crypto_alg.alg_name} "
- f"local-crypto-key {ckey} "
- f"remote-crypto-key {ckey} "
- f"instance {tnl // n_instances} "
- f"salt 0x0 "
- f"{integ}\n"
- f"set interface unnumbered ipip{tnl // n_instances} "
- f"use memif1/{cnf + 1}\n"
+ f"set ip neighbor memif1/{cnf + 1}"
+ f" {ip_address(if1_ip_addr) + tnl * addr_incr}"
+ f" 02:02:00:00:{17:02X}:{cnf:02X} static\n"
+ f"create ipsec tunnel local-ip {ip_address(if2_ip_addr) + cnf}"
+ f" local-spi {spi_2 + tnl}"
+ f" remote-ip {ip_address(if1_ip_addr) + tnl * addr_incr}"
+ f" remote-spi {spi_1 + tnl}"
+ f" crypto-alg {crypto_alg.alg_name}"
+ f" local-crypto-key {ckey}"
+ f" remote-crypto-key {ckey}"
+ f" instance {tnl // n_instances}"
+ f" salt 0x0 {integ}\n"
+ f"set interface unnumbered ipip{tnl // n_instances}"
+ f" use memif1/{cnf + 1}\n"
f"set interface state ipip{tnl // n_instances} up\n"
- f"ip route add {ip_address(raddr_ip1) + tnl}/32 "
- f"via ipip{tnl // n_instances}\n\n"
+ f"ip route add {ip_address(raddr_ip1) + tnl}/32"
+ f" via ipip{tnl // n_instances}\n\n"
)
IPsecUtil._close_and_copy_ipsec_script_files(
@@ -2285,8 +2278,8 @@ class IPsecUtil:
"""
# TODO: to be fixed to use full PAPI when it is ready in VPP
cmd = (
- f"test flow add src-ip any proto {proto} rss function "
- f"{function} rss types {rss_type}"
+ f"test flow add src-ip any proto {proto} rss function"
+ f" {function} rss types {rss_type}"
)
stdout = PapiSocketExecutor.run_cli_cmd(node, cmd)
flow_index = stdout.split()[1]