aboutsummaryrefslogtreecommitdiffstats
path: root/resources/libraries/python/IPsecUtil.py
diff options
context:
space:
mode:
Diffstat (limited to 'resources/libraries/python/IPsecUtil.py')
-rw-r--r--resources/libraries/python/IPsecUtil.py37
1 files changed, 20 insertions, 17 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 07caad03dc..214764d233 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -36,7 +36,8 @@ from resources.libraries.python.VPPUtil import VPPUtil
from resources.libraries.python.FlowUtil import FlowUtil
-IPSEC_UDP_PORT_NONE = 0xffff
+IPSEC_UDP_PORT_DEFAULT = 4500
+IPSEC_REPLAY_WINDOW_DEFAULT = 64
def gen_key(length):
@@ -450,7 +451,7 @@ class IPsecUtil:
src_addr = u""
dst_addr = u""
- cmd = u"ipsec_sad_entry_add"
+ cmd = u"ipsec_sad_entry_add_v2"
err_msg = f"Failed to add Security Association Database entry " \
f"on host {node[u'host']}"
sad_entry = dict(
@@ -471,8 +472,9 @@ class IPsecUtil:
dscp=int(IpDscp.IP_API_DSCP_CS0),
),
protocol=int(IPsecProto.IPSEC_API_PROTO_ESP),
- udp_src_port=4500, # default value in api
- udp_dst_port=4500 # default value in api
+ udp_src_port=IPSEC_UDP_PORT_DEFAULT,
+ udp_dst_port=IPSEC_UDP_PORT_DEFAULT,
+ anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT,
)
args = dict(entry=sad_entry)
with PapiSocketExecutor(node) as papi_exec:
@@ -547,7 +549,7 @@ class IPsecUtil:
IPsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6
)
- cmd = u"ipsec_sad_entry_add"
+ cmd = u"ipsec_sad_entry_add_v2"
err_msg = f"Failed to add Security Association Database entry " \
f"on host {node[u'host']}"
@@ -569,8 +571,9 @@ class IPsecUtil:
dscp=int(IpDscp.IP_API_DSCP_CS0),
),
protocol=int(IPsecProto.IPSEC_API_PROTO_ESP),
- udp_src_port=4500, # default value in api
- udp_dst_port=4500, # default value in api
+ udp_src_port=IPSEC_UDP_PORT_DEFAULT,
+ udp_dst_port=IPSEC_UDP_PORT_DEFAULT,
+ anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT,
)
args = dict(entry=sad_entry)
with PapiSocketExecutor(node, is_async=True) as papi_exec:
@@ -1227,7 +1230,7 @@ class IPsecUtil:
# Configure IPSec SAD entries
ckeys = [bytes()] * existing_tunnels
ikeys = [bytes()] * existing_tunnels
- cmd = u"ipsec_sad_entry_add"
+ cmd = u"ipsec_sad_entry_add_v2"
c_key = dict(
length=0,
data=None
@@ -1255,8 +1258,9 @@ class IPsecUtil:
dscp=int(IpDscp.IP_API_DSCP_CS0),
),
salt=0,
- udp_src_port=IPSEC_UDP_PORT_NONE,
- udp_dst_port=IPSEC_UDP_PORT_NONE,
+ udp_src_port=IPSEC_UDP_PORT_DEFAULT,
+ udp_dst_port=IPSEC_UDP_PORT_DEFAULT,
+ anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT,
)
args = dict(entry=sad_entry)
for i in range(existing_tunnels, n_tunnels):
@@ -1466,7 +1470,7 @@ class IPsecUtil:
]
)
# Configure IPSec SAD entries
- cmd = u"ipsec_sad_entry_add"
+ cmd = u"ipsec_sad_entry_add_v2"
c_key = dict(
length=0,
data=None
@@ -1494,8 +1498,9 @@ class IPsecUtil:
dscp=int(IpDscp.IP_API_DSCP_CS0),
),
salt=0,
- udp_src_port=IPSEC_UDP_PORT_NONE,
- udp_dst_port=IPSEC_UDP_PORT_NONE,
+ udp_src_port=IPSEC_UDP_PORT_DEFAULT,
+ udp_dst_port=IPSEC_UDP_PORT_DEFAULT,
+ anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT,
)
args = dict(entry=sad_entry)
for i in range(existing_tunnels, n_tunnels):
@@ -2033,10 +2038,8 @@ class IPsecUtil:
:param node: DUT node.
:type node: dict
"""
- cmds = [
- u"ipsec_sa_v4_dump"
- ]
- PapiSocketExecutor.dump_and_log(node, cmds)
+ cmd = "ipsec_sa_v5_dump"
+ PapiSocketExecutor.dump_and_log(node, [cmd])
@staticmethod
def vpp_ipsec_flow_enale_rss(node, proto, type, function="default"):