aboutsummaryrefslogtreecommitdiffstats
path: root/resources
diff options
context:
space:
mode:
Diffstat (limited to 'resources')
-rw-r--r--resources/libraries/python/FlowUtil.py110
-rw-r--r--resources/libraries/python/IPsecUtil.py80
2 files changed, 127 insertions, 63 deletions
diff --git a/resources/libraries/python/FlowUtil.py b/resources/libraries/python/FlowUtil.py
index 3eb3b99519..23293b6dc6 100644
--- a/resources/libraries/python/FlowUtil.py
+++ b/resources/libraries/python/FlowUtil.py
@@ -1,4 +1,4 @@
-# copyright (c) 2021 Intel and/or its affiliates.
+# copyright (c) 2022 Intel and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
@@ -13,12 +13,41 @@
"""Flow Utilities Library."""
+from enum import IntEnum
from ipaddress import ip_address
from resources.libraries.python.topology import Topology
from resources.libraries.python.ssh import exec_cmd_no_error
from resources.libraries.python.PapiExecutor import PapiSocketExecutor
+class FlowType(IntEnum):
+ """Flow types."""
+ FLOW_TYPE_ETHERNET = 1
+ FLOW_TYPE_IP4 = 2
+ FLOW_TYPE_IP6 = 3
+ FLOW_TYPE_IP4_L2TPV3OIP = 4
+ FLOW_TYPE_IP4_IPSEC_ESP = 5
+ FLOW_TYPE_IP4_IPSEC_AH = 6
+ FLOW_TYPE_IP4_N_TUPLE = 7
+ FLOW_TYPE_IP6_N_TUPLE = 8
+ FLOW_TYPE_IP4_VXLAN = 11
+ FLOW_TYPE_IP6_VXLAN = 12
+ FLOW_TYPE_IP4_GTPU = 14
+
+class FlowProto(IntEnum):
+ """Flow protocols."""
+ IP_API_PROTO_TCP = 6
+ IP_API_PROTO_UDP = 17
+ IP_API_PROTO_ESP = 50
+ IP_API_PROTO_AH = 51
+ IP_API_PROTO_L2TP = 115
+
+class FlowAction(IntEnum):
+ """Flow actions."""
+ FLOW_ACTION_MARK = 2
+ FLOW_ACTION_REDIRECT_TO_QUEUE = 16
+ FLOW_ACTION_DROP = 64
+
class FlowUtil:
"""Utilities for flow configuration."""
@@ -48,15 +77,13 @@ class FlowUtil:
:returns: flow_index.
:rtype: int
"""
- from vpp_papi import VppEnum
-
flow = u"ip4_n_tuple"
- flow_type = VppEnum.vl_api_flow_type_t.FLOW_TYPE_IP4_N_TUPLE
+ flow_type = FlowType.FLOW_TYPE_IP4_N_TUPLE
if proto == u"TCP":
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_TCP
+ flow_proto = FlowProto.IP_API_PROTO_TCP
elif proto == u"UDP":
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_UDP
+ flow_proto = FlowProto.IP_API_PROTO_UDP
else:
raise ValueError(f"proto error: {proto}")
@@ -99,15 +126,13 @@ class FlowUtil:
:returns: flow_index.
:rtype: int
"""
- from vpp_papi import VppEnum
-
flow = u"ip6_n_tuple"
- flow_type = VppEnum.vl_api_flow_type_t.FLOW_TYPE_IP6_N_TUPLE
+ flow_type = FlowType.FLOW_TYPE_IP6_N_TUPLE
if proto == u"TCP":
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_TCP
+ flow_proto = FlowProto.IP_API_PROTO_TCP
elif proto == u"UDP":
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_UDP
+ flow_proto = FlowProto.IP_API_PROTO_UDP
else:
raise ValueError(f"proto error: {proto}")
@@ -147,15 +172,13 @@ class FlowUtil:
:returns: flow_index.
:rtype: int
"""
- from vpp_papi import VppEnum
-
flow = u"ip4"
- flow_type = VppEnum.vl_api_flow_type_t.FLOW_TYPE_IP4
+ flow_type = FlowType.FLOW_TYPE_IP4
if proto == u"TCP":
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_TCP
+ flow_proto = FlowProto.IP_API_PROTO_TCP
elif proto == u"UDP":
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_UDP
+ flow_proto = FlowProto.IP_API_PROTO_UDP
else:
raise ValueError(f"proto error: {proto}")
@@ -191,15 +214,13 @@ class FlowUtil:
:returns: flow_index.
:rtype: int
"""
- from vpp_papi import VppEnum
-
flow = u"ip6"
- flow_type = VppEnum.vl_api_flow_type_t.FLOW_TYPE_IP6
+ flow_type = FlowType.FLOW_TYPE_IP6
if proto == u"TCP":
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_TCP
+ flow_proto = FlowProto.IP_API_PROTO_TCP
elif proto == u"UDP":
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_UDP
+ flow_proto = FlowProto.IP_API_PROTO_UDP
else:
raise ValueError(f"proto error: {proto}")
@@ -237,11 +258,9 @@ class FlowUtil:
:returns: flow_index.
:rtype: int
"""
- from vpp_papi import VppEnum
-
flow = u"ip4_gtpu"
- flow_type = VppEnum.vl_api_flow_type_t.FLOW_TYPE_IP4_GTPU
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_UDP
+ flow_type = FlowType.FLOW_TYPE_IP4_GTPU
+ flow_proto = FlowProto.IP_API_PROTO_UDP
pattern = {
u'src_addr': {u'addr': src_ip, u'mask': u"255.255.255.255"},
@@ -273,16 +292,14 @@ class FlowUtil:
:returns: flow_index.
:rtype: int
"""
- from vpp_papi import VppEnum
-
if proto == u"ESP":
flow = u"ip4_ipsec_esp"
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_ESP
- flow_type = VppEnum.vl_api_flow_type_t.FLOW_TYPE_IP4_IPSEC_ESP
+ flow_proto = FlowProto.IP_API_PROTO_ESP
+ flow_type = FlowType.FLOW_TYPE_IP4_IPSEC_ESP
elif proto == u"AH":
flow = u"ip4_ipsec_ah"
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_AH
- flow_type = VppEnum.vl_api_flow_type_t.FLOW_TYPE_IP4_IPSEC_AH
+ flow_proto = FlowProto.IP_API_PROTO_AH
+ flow_type = FlowType.FLOW_TYPE_IP4_IPSEC_AH
else:
raise ValueError(f"proto error: {proto}")
@@ -312,11 +329,9 @@ class FlowUtil:
:returns: flow_index.
:rtype: int
"""
- from vpp_papi import VppEnum
-
flow = u"ip4_l2tpv3oip"
- flow_proto = 115 # IP_API_PROTO_L2TP
- flow_type = VppEnum.vl_api_flow_type_t.FLOW_TYPE_IP4_L2TPV3OIP
+ flow_proto = FlowProto.IP_API_PROTO_L2TP
+ flow_type = FlowType.FLOW_TYPE_IP4_L2TPV3OIP
pattern = {
u'protocol': {u'prot': flow_proto},
@@ -347,11 +362,9 @@ class FlowUtil:
:type value: int
:returns: flow_index.
"""
- from vpp_papi import VppEnum
-
flow = u"ip4_vxlan"
- flow_type = VppEnum.vl_api_flow_type_t.FLOW_TYPE_IP4_VXLAN
- flow_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_UDP
+ flow_type = FlowType.FLOW_TYPE_IP4_VXLAN
+ flow_proto = FlowProto.IP_API_PROTO_UDP
pattern = {
u'src_addr': {u'addr': src_ip, u'mask': u"255.255.255.255"},
@@ -387,29 +400,26 @@ class FlowUtil:
:rtype: int
:raises ValueError: If action type is not supported.
"""
- from vpp_papi import VppEnum
-
cmd = u"flow_add"
if action == u"redirect-to-queue":
flow_rule = {
u'type': flow_type,
- u'actions': VppEnum.vl_api_flow_action_t.\
- FLOW_ACTION_REDIRECT_TO_QUEUE,
+ u'actions': FlowAction.FLOW_ACTION_REDIRECT_TO_QUEUE,
u'redirect_queue': value,
u'flow': {flow : pattern}
}
elif action == u"mark":
flow_rule = {
u'type': flow_type,
- u'actions': VppEnum.vl_api_flow_action_t.FLOW_ACTION_MARK,
+ u'actions': FlowAction.FLOW_ACTION_MARK,
u'mark_flow_id': value,
u'flow': {flow : pattern}
}
elif action == u"drop":
flow_rule = {
u'type': flow_type,
- u'actions': VppEnum.vl_api_flow_action_t.FLOW_ACTION_DROP,
+ u'actions': FlowAction.FLOW_ACTION_DROP,
u'flow': {flow : pattern}
}
else:
@@ -437,8 +447,6 @@ class FlowUtil:
:type flow_index: int
:returns: Nothing.
"""
- from vpp_papi import VppEnum
-
cmd = u"flow_enable"
sw_if_index = Topology.get_interface_sw_index(node, interface)
args = dict(
@@ -463,8 +471,6 @@ class FlowUtil:
:type flow_index: int
:returns: Nothing.
"""
- from vpp_papi import VppEnum
-
cmd = u"flow_disable"
sw_if_index = Topology.get_interface_sw_index(node, interface)
args = dict(
@@ -487,8 +493,6 @@ class FlowUtil:
:type flow_index: int
:returns: Nothing.
"""
- from vpp_papi import VppEnum
-
cmd = u"flow_del"
args = dict(
flow_index=int(flow_index)
@@ -508,8 +512,6 @@ class FlowUtil:
:returns: flow entry.
:rtype: str
"""
- from vpp_papi import VppEnum
-
cmd = u"vppctl show flow entry"
err_msg = u"Failed to show flow on host {node[u'host']}"
@@ -545,8 +547,6 @@ class FlowUtil:
:raises RuntimeError: If the verification of flow action fails.
:raises ValueError: If action type is not supported.
"""
- from vpp_papi import VppEnum
-
err_msg = f"Failed to show trace on host {node[u'host']}"
cmd = u"vppctl show trace"
stdout, _ = exec_cmd_no_error(
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index e3b3c88941..6ed2db1eae 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -34,6 +34,7 @@ from resources.libraries.python.ssh import scp_node
from resources.libraries.python.topology import Topology, NodeType
from resources.libraries.python.VatExecutor import VatExecutor
from resources.libraries.python.VPPUtil import VPPUtil
+from resources.libraries.python.FlowUtil import FlowUtil
IPSEC_UDP_PORT_NONE = 0xffff
@@ -471,7 +472,8 @@ class IPsecUtil:
@staticmethod
def vpp_ipsec_add_sad_entries(
node, n_entries, sad_id, spi, crypto_alg, crypto_key,
- integ_alg=None, integ_key=u"", tunnel_src=None, tunnel_dst=None):
+ integ_alg=None, integ_key=u"", tunnel_src=None,tunnel_dst=None,
+ tunnel_addr_incr=True):
"""Create multiple Security Association Database entries on VPP node.
:param node: VPP node to add SAD entry on.
@@ -488,6 +490,8 @@ class IPsecUtil:
specified ESP transport mode is used.
:param tunnel_dst: Tunnel header destination IPv4 or IPv6 address. If
not specified ESP transport mode is used.
+ :param tunnel_addr_incr: Enable or disable tunnel IP address
+ incremental step.
:type node: dict
:type n_entries: int
:type sad_id: int
@@ -498,6 +502,7 @@ class IPsecUtil:
:type integ_key: str
:type tunnel_src: str
:type tunnel_dst: str
+ :type tunnel_addr_incr: bool
"""
if isinstance(crypto_key, str):
crypto_key = crypto_key.encode(encoding=u"utf-8")
@@ -510,8 +515,11 @@ class IPsecUtil:
src_addr = u""
dst_addr = u""
- addr_incr = 1 << (128 - 96) if src_addr.version == 6 \
- else 1 << (32 - 24)
+ if tunnel_addr_incr:
+ addr_incr = 1 << (128 - 96) if src_addr.version == 6 \
+ else 1 << (32 - 24)
+ else:
+ addr_incr = 0
if int(n_entries) > 10:
tmp_filename = f"/tmp/ipsec_sad_{sad_id}_add_del_entry.script"
@@ -2114,7 +2122,8 @@ class IPsecUtil:
@staticmethod
def vpp_ipsec_add_multiple_tunnels(
nodes, interface1, interface2, n_tunnels, crypto_alg, integ_alg,
- tunnel_ip1, tunnel_ip2, raddr_ip1, raddr_ip2, raddr_range):
+ tunnel_ip1, tunnel_ip2, raddr_ip1, raddr_ip2, raddr_range,
+ tunnel_addr_incr=True):
"""Create multiple IPsec tunnels between two VPP nodes.
:param nodes: VPP nodes to create tunnels.
@@ -2131,6 +2140,8 @@ class IPsecUtil:
first tunnel in direction node2->node1.
:param raddr_range: Mask specifying range of Policy selector Remote
IPv4 addresses. Valid values are from 1 to 32.
+ :param tunnel_addr_incr: Enable or disable tunnel IP address
+ incremental step.
:type nodes: dict
:type interface1: str or int
:type interface2: str or int
@@ -2142,6 +2153,7 @@ class IPsecUtil:
:type raddr_ip1: string
:type raddr_ip2: string
:type raddr_range: int
+ :type tunnel_addr_incr: bool
"""
spd_id = 1
p_hi = 100
@@ -2184,7 +2196,7 @@ class IPsecUtil:
IPsecUtil.vpp_ipsec_add_sad_entries(
nodes[u"DUT1"], n_tunnels, sa_id_1, spi_1, crypto_alg, crypto_key,
- integ_alg, integ_key, tunnel_ip1, tunnel_ip2
+ integ_alg, integ_key, tunnel_ip1, tunnel_ip2, tunnel_addr_incr
)
IPsecUtil.vpp_ipsec_add_spd_entries(
@@ -2196,7 +2208,7 @@ class IPsecUtil:
IPsecUtil.vpp_ipsec_add_sad_entries(
nodes[u"DUT1"], n_tunnels, sa_id_2, spi_2, crypto_alg, crypto_key,
- integ_alg, integ_key, tunnel_ip2, tunnel_ip1
+ integ_alg, integ_key, tunnel_ip2, tunnel_ip1, tunnel_addr_incr
)
IPsecUtil.vpp_ipsec_add_spd_entries(
nodes[u"DUT1"], n_tunnels, spd_id, priority=ObjIncrement(p_lo, 0),
@@ -2226,7 +2238,8 @@ class IPsecUtil:
IPsecUtil.vpp_ipsec_add_sad_entries(
nodes[u"DUT2"], n_tunnels, sa_id_1, spi_1, crypto_alg,
- crypto_key, integ_alg, integ_key, tunnel_ip1, tunnel_ip2
+ crypto_key, integ_alg, integ_key, tunnel_ip1, tunnel_ip2,
+ tunnel_addr_incr
)
IPsecUtil.vpp_ipsec_add_spd_entries(
nodes[u"DUT2"], n_tunnels, spd_id,
@@ -2238,7 +2251,8 @@ class IPsecUtil:
IPsecUtil.vpp_ipsec_add_sad_entries(
nodes[u"DUT2"], n_tunnels, sa_id_2, spi_2, crypto_alg,
- crypto_key, integ_alg, integ_key, tunnel_ip2, tunnel_ip1
+ crypto_key, integ_alg, integ_key, tunnel_ip2, tunnel_ip1,
+ tunnel_addr_incr
)
IPsecUtil.vpp_ipsec_add_spd_entries(
nodes[u"DUT2"], n_tunnels, spd_id,
@@ -2268,3 +2282,53 @@ class IPsecUtil:
u"ipsec_sa_v3_dump"
]
PapiSocketExecutor.dump_and_log(node, cmds)
+
+ @staticmethod
+ def vpp_ipsec_flow_enale_rss(node, proto, type, function="default"):
+ """Ipsec flow enable rss action.
+
+ :param node: DUT node.
+ :param proto: The flow protocol.
+ :param type: RSS type.
+ :param function: RSS function.
+
+ :type node: dict
+ :type proto: str
+ :type type: str
+ :type function: str
+ :returns: flow_index.
+ """
+ # TODO: to be fixed to use full PAPI when it is ready in VPP
+ cmd = f"test flow add src-ip any proto {proto} rss function " \
+ f"{function} rss types {type}"
+ stdout = PapiSocketExecutor.run_cli_cmd(node, cmd)
+ flow_index = stdout.split()[1]
+
+ return flow_index
+
+ @staticmethod
+ def vpp_create_ipsec_flows_on_dut(
+ node, n_flows, rx_queues, spi_start, interface):
+ """Create mutiple ipsec flows and enable flows onto interface.
+
+ :param node: DUT node.
+ :param n_flows: Number of flows to create.
+ :param rx_queues: NUmber of RX queues.
+ :param spi_start: The start spi.
+ :param interface: Name of the interface.
+
+ :type node: dict
+ :type n_flows: int
+ :type rx_queues: int
+ :type spi_start: int
+ :type interface: str
+ :returns: flow_index.
+ """
+
+ for i in range(0, n_flows):
+ rx_queue = i%rx_queues
+
+ spi = spi_start + i
+ flow_index = FlowUtil.vpp_create_ip4_ipsec_flow(
+ node, "ESP", spi, "redirect-to-queue", value=rx_queue)
+ FlowUtil.vpp_flow_enable(node, interface, flow_index)