aboutsummaryrefslogtreecommitdiffstats
path: root/resources/libraries/python/WireGuardUtil.py
diff options
context:
space:
mode:
Diffstat (limited to 'resources/libraries/python/WireGuardUtil.py')
-rw-r--r--resources/libraries/python/WireGuardUtil.py94
1 files changed, 57 insertions, 37 deletions
diff --git a/resources/libraries/python/WireGuardUtil.py b/resources/libraries/python/WireGuardUtil.py
index d8d2396164..6e6237e7e7 100644
--- a/resources/libraries/python/WireGuardUtil.py
+++ b/resources/libraries/python/WireGuardUtil.py
@@ -68,7 +68,7 @@ class WireGuardUtil:
:param node: VPP node to add config on.
:param listen_port: WireGuard interface listen port.
- :param wg_src: WireGuard srouce IPv4.
+ :param wg_src: WireGuard source IPv4.
:param private_key: WireGuard interface private key
:type node: dict
:type listen_port: int
@@ -118,12 +118,9 @@ class WireGuardUtil:
:type keepalive_time: int
"""
endpoint_ip = ip_address(endpoint_ip)
- wg_name = InterfaceUtil.vpp_get_interface_name(
- node, sw_if_index=interface
- )
cmd = u"wireguard_peer_add"
- err_msg = f"Failed to add wireguard interface" \
- f"{wg_name} peer on host {node[u'host']}"
+ err_msg = f"Failed to add peer of wireguard interface" \
+ f"{interface} on host {node[u'host']}"
args = dict(
peer=dict(
public_key=peer_pubkey,
@@ -139,6 +136,23 @@ class WireGuardUtil:
papi_exec.add(cmd, **args).get_reply(err_msg)
@staticmethod
+ def vpp_wireguard_set_async_mode(node, async_enable=1):
+ """Set wireguard async mode on or off.
+
+ :param node: VPP node to set wireguard async mode.
+ :param async_enable: Async mode on or off.
+ :type node: dict
+ :type async_enable: int
+ """
+ cmd = u"wg_set_async_mode"
+ err_msg = f"Failed to set wireguard async mode on host {node[u'host']}"
+ args = dict(
+ async_enable=async_enable
+ )
+ with PapiSocketExecutor(node) as papi_exec:
+ papi_exec.add(cmd, **args).get_reply(err_msg)
+
+ @staticmethod
def _wireguard_create_tunnel_interface_on_dut(
node, if1_key, if2_mac_addr, src_ip, peer_endpoint_ip,
peer_allowed_ips, peer_n_allowed_ips, dut_wg_ip, port,
@@ -162,11 +176,11 @@ class WireGuardUtil:
:type nodes: dict
:type if1_key: str
:type if2_mac_addr: str
- :type src_ip: src
- :type peer_endpoint_ip: src
+ :type src_ip: str
+ :type peer_endpoint_ip: str
:type peer_allowed_ips: list
:type peer_n_allowed_ips: int
- :type dut_wg_ip: src
+ :type dut_wg_ip: str
:type port: int
:type keepalive_time: int
:type dut_private_key: bytes
@@ -213,10 +227,10 @@ class WireGuardUtil:
)
@staticmethod
- def vpp_wireguard_create_tunnel_interface_on_duts(
+ def vpp_wireguard_create_tunnel_interfaces_on_duts(
nodes, if1_key, if2_key, if1_ip_addr, if2_ip_addr,
if1_mac_addr, if2_mac_addr, wg_if1_ip_addr, wg_if2_ip_addr,
- n_allowed_ips, port, keepalive_time, raddr_ip1, raddr_ip2):
+ n_tunnels, port, keepalive_time, raddr_ip1, raddr_ip2):
"""Create WireGuard tunnel interfaces between two VPP nodes.
:param nodes: VPP nodes to create tunnel interfaces.
@@ -229,8 +243,7 @@ class WireGuardUtil:
:param if2_mac_addr: VPP node2 interface mac address.
:param wg_if1_ip_addr: VPP node 1 WireGuard interface IPv4 address.
:param wg_if2_ip_addr: VPP node 2 WireGuard interface IPv4 address.
- :param allowed_ips: WireGuard interface allowed ip list.
- :param n_allowed_ips: Number of allowed ips.
+ :param n_tunnels: Number of wireguard tunnels.
:param port: WireGuard interface listen port or
Peer interface destination port.
:param keepalive_time: WireGuard persistent keepalive time.
@@ -247,32 +260,39 @@ class WireGuardUtil:
:type if2_mac_addr: str
:type wg_if1_ip_addr: str
:type wg_if2_ip_addr: str
- :type allowed_ips: str
- :type n_allowed_ips: int
+ :type n_tunnels: int
:type port: int
:type keepalive_time: int
:type raddr_ip1: str
:type raddr_ip2: str
"""
- dut1_privatekey, dut1_pubkey = \
- WireGuardUtil.generate_wireguard_privatekey_and_pubkey()
- dut2_privatekey, dut2_pubkey = \
- WireGuardUtil.generate_wireguard_privatekey_and_pubkey()
- raddr_ip1 = ip_address(raddr_ip1)
- raddr_ip2 = ip_address(raddr_ip2)
- dut1_allowed_ips = \
- [IPUtil.create_prefix_object(raddr_ip2, 24),]
- dut2_allowed_ips = \
- [IPUtil.create_prefix_object(raddr_ip1, 24),]
- #Configure WireGuard interface on DUT1
- WireGuardUtil._wireguard_create_tunnel_interface_on_dut(
- nodes[u'DUT1'], if1_key, if2_mac_addr, if1_ip_addr, if2_ip_addr,
- dut1_allowed_ips, n_allowed_ips, wg_if1_ip_addr, port,
- keepalive_time, dut1_privatekey, dut2_pubkey
- )
- #Configure WireGuard interface on DUT2
- WireGuardUtil._wireguard_create_tunnel_interface_on_dut(
- nodes[u'DUT2'], if2_key, if1_mac_addr, if2_ip_addr, if1_ip_addr,
- dut2_allowed_ips, n_allowed_ips, wg_if2_ip_addr, port,
- keepalive_time, dut2_privatekey, dut1_pubkey
- )
+ for i in range(n_tunnels):
+ if1_ipaddr = str(ip_address(if1_ip_addr) + i*256)
+ if2_ipaddr = str(ip_address(if2_ip_addr) + i*256)
+ wg_if1_ipaddr = str(ip_address(wg_if1_ip_addr) + i*256)
+ wg_if2_ipaddr = str(ip_address(wg_if2_ip_addr) + i*256)
+
+ allowed_ipaddr1 = ip_address(raddr_ip1) + i*256
+ allowed_ipaddr2 = ip_address(raddr_ip2) + i*256
+ dut1_allowed_ips = \
+ [IPUtil.create_prefix_object(allowed_ipaddr2, 24),]
+ dut2_allowed_ips = \
+ [IPUtil.create_prefix_object(allowed_ipaddr1, 24),]
+
+ dut1_privatekey, dut1_pubkey = \
+ WireGuardUtil.generate_wireguard_privatekey_and_pubkey()
+ dut2_privatekey, dut2_pubkey = \
+ WireGuardUtil.generate_wireguard_privatekey_and_pubkey()
+
+ #Configure WireGuard interface on DUT1
+ WireGuardUtil._wireguard_create_tunnel_interface_on_dut(
+ nodes[u'DUT1'], if1_key, if2_mac_addr, if1_ipaddr, if2_ipaddr,
+ dut1_allowed_ips, 1, wg_if1_ipaddr, port,
+ keepalive_time, dut1_privatekey, dut2_pubkey
+ )
+ #Configure WireGuard interface on DUT2
+ WireGuardUtil._wireguard_create_tunnel_interface_on_dut(
+ nodes[u'DUT2'], if2_key, if1_mac_addr, if2_ipaddr, if1_ipaddr,
+ dut2_allowed_ips, 1, wg_if2_ipaddr, port,
+ keepalive_time, dut2_privatekey, dut1_pubkey
+ )