diff options
Diffstat (limited to 'resources/libraries/python')
-rw-r--r-- | resources/libraries/python/IPsecUtil.py | 37 | ||||
-rw-r--r-- | resources/libraries/python/InterfaceUtil.py | 12 | ||||
-rw-r--r-- | resources/libraries/python/Policer.py | 16 | ||||
-rw-r--r-- | resources/libraries/python/SRv6.py | 11 |
4 files changed, 41 insertions, 35 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py index 07caad03dc..214764d233 100644 --- a/resources/libraries/python/IPsecUtil.py +++ b/resources/libraries/python/IPsecUtil.py @@ -36,7 +36,8 @@ from resources.libraries.python.VPPUtil import VPPUtil from resources.libraries.python.FlowUtil import FlowUtil -IPSEC_UDP_PORT_NONE = 0xffff +IPSEC_UDP_PORT_DEFAULT = 4500 +IPSEC_REPLAY_WINDOW_DEFAULT = 64 def gen_key(length): @@ -450,7 +451,7 @@ class IPsecUtil: src_addr = u"" dst_addr = u"" - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" err_msg = f"Failed to add Security Association Database entry " \ f"on host {node[u'host']}" sad_entry = dict( @@ -471,8 +472,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), protocol=int(IPsecProto.IPSEC_API_PROTO_ESP), - udp_src_port=4500, # default value in api - udp_dst_port=4500 # default value in api + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) with PapiSocketExecutor(node) as papi_exec: @@ -547,7 +549,7 @@ class IPsecUtil: IPsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 ) - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" err_msg = f"Failed to add Security Association Database entry " \ f"on host {node[u'host']}" @@ -569,8 +571,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), protocol=int(IPsecProto.IPSEC_API_PROTO_ESP), - udp_src_port=4500, # default value in api - udp_dst_port=4500, # default value in api + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) with PapiSocketExecutor(node, is_async=True) as papi_exec: @@ -1227,7 +1230,7 @@ class IPsecUtil: # Configure IPSec SAD entries ckeys = [bytes()] * existing_tunnels ikeys = [bytes()] * existing_tunnels - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" c_key = dict( length=0, data=None @@ -1255,8 +1258,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), salt=0, - udp_src_port=IPSEC_UDP_PORT_NONE, - udp_dst_port=IPSEC_UDP_PORT_NONE, + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) for i in range(existing_tunnels, n_tunnels): @@ -1466,7 +1470,7 @@ class IPsecUtil: ] ) # Configure IPSec SAD entries - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" c_key = dict( length=0, data=None @@ -1494,8 +1498,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), salt=0, - udp_src_port=IPSEC_UDP_PORT_NONE, - udp_dst_port=IPSEC_UDP_PORT_NONE, + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) for i in range(existing_tunnels, n_tunnels): @@ -2033,10 +2038,8 @@ class IPsecUtil: :param node: DUT node. :type node: dict """ - cmds = [ - u"ipsec_sa_v4_dump" - ] - PapiSocketExecutor.dump_and_log(node, cmds) + cmd = "ipsec_sa_v5_dump" + PapiSocketExecutor.dump_and_log(node, [cmd]) @staticmethod def vpp_ipsec_flow_enale_rss(node, proto, type, function="default"): diff --git a/resources/libraries/python/InterfaceUtil.py b/resources/libraries/python/InterfaceUtil.py index 9f023d969d..ff013307bc 100644 --- a/resources/libraries/python/InterfaceUtil.py +++ b/resources/libraries/python/InterfaceUtil.py @@ -1066,7 +1066,7 @@ class InterfaceUtil: :raises RuntimeError: if it is unable to create GTPU interface on the node. """ - cmd = u"gtpu_add_del_tunnel" + cmd = u"gtpu_add_del_tunnel_v2" args = dict( is_add=True, src_address=IPAddress.create_ip_address_object( @@ -1077,8 +1077,10 @@ class InterfaceUtil: ), mcast_sw_if_index=Constants.BITWISE_NON_ZERO, encap_vrf_id=0, - decap_next_index=2, - teid=teid + decap_next_index=2, # ipv4 + teid=teid, + # pdu_extension: Unused, false by default. + # qfi: Irrelevant when pdu_extension is not used. ) err_msg = f"Failed to create GTPU tunnel interface " \ f"on host {node[u'host']}" @@ -1373,7 +1375,7 @@ class InterfaceUtil: node, u"set logging class rdma level debug" ) - cmd = u"rdma_create_v3" + cmd = u"rdma_create_v4" pci_addr = Topology.get_interface_pci_addr(node, if_key) args = dict( name=InterfaceUtil.pci_to_eth(node, pci_addr), @@ -1386,6 +1388,8 @@ class InterfaceUtil: no_multi_seg=False, max_pktlen=0, # TODO: Apply desired RSS flags. + # rss4 kept 0 (auto) as API default. + # rss6 kept 0 (auto) as API default. ) err_msg = f"Failed to create RDMA interface on host {node[u'host']}" with PapiSocketExecutor(node) as papi_exec: diff --git a/resources/libraries/python/Policer.py b/resources/libraries/python/Policer.py index 6d3bf86462..28ed0b0aa9 100644 --- a/resources/libraries/python/Policer.py +++ b/resources/libraries/python/Policer.py @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Cisco and/or its affiliates. +# Copyright (c) 2024 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -72,7 +72,7 @@ class Policer: def policer_set_configuration( node, policer_name, cir, eir, cbs, ebs, rate_type, round_type, policer_type, conform_action_type, exceed_action_type, - violate_action_type, color_aware, is_add=True, conform_dscp=None, + violate_action_type, color_aware, conform_dscp=None, exceed_dscp=None, violate_dscp=None): """Configure policer on VPP node. @@ -89,7 +89,6 @@ class Policer: :param exceed_action_type: Exceed action type. :param violate_action_type: Violate action type. :param color_aware: Color-blind (cb) or color-aware (ca). - :param is_add: Add policer if True, else delete. :param conform_dscp: DSCP for conform mark_and_transmit action. :param exceed_dscp: DSCP for exceed mark_and_transmit action. :param violate_dscp: DSCP for vilate mark_and_transmit action. @@ -106,7 +105,6 @@ class Policer: :type exceed_action_type: str :type violate_action_type: str :type color_aware: str - :type is_add: bool :type conform_dscp: str :type exceed_dscp: str :type violate_dscp: str @@ -130,10 +128,8 @@ class Policer: else 0 ) - cmd = u"policer_add_del" - args = dict( - is_add=is_add, - name=str(policer_name), + cmd = u"policer_add" + infos = dict( cir=int(cir), eir=int(eir), cb=int(cbs), @@ -148,6 +144,10 @@ class Policer: violate_action=violate_action, color_aware=bool(color_aware == u"'ca'") ) + args = dict( + name=str(policer_name), + infos=infos, + ) err_msg = f"Failed to configure policer {policer_name} " \ f"on host {node['host']}" diff --git a/resources/libraries/python/SRv6.py b/resources/libraries/python/SRv6.py index d16c3529c3..0170df5ef6 100644 --- a/resources/libraries/python/SRv6.py +++ b/resources/libraries/python/SRv6.py @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Cisco and/or its affiliates. +# Copyright (c) 2024 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -222,15 +222,14 @@ class SRv6: :type sid_list: list :type mode: str """ - # TODO: Convert to use sr_policy_add_v2. - # The conversion is not straightforward so it was not done when bumping. - cmd = u"sr_policy_add" + cmd = u"sr_policy_add_v2" args = dict( bsid_addr=IPv6Address(bsid).packed, weight=1, is_encap=bool(mode == u"encap"), - is_spray=False, - sids=SRv6.create_srv6_sid_list(sid_list) + type=0, # Neither SPRAY nor TEF are needed yet. + sids=SRv6.create_srv6_sid_list(sid_list), + # encap_src is optional, do not set yet. ) err_msg = f"Failed to add SR policy for BindingSID {bsid} " \ f"on host {node[u'host']}" |