diff options
author | Michal Cmarada <mcmarada@cisco.com> | 2019-02-06 09:41:39 +0100 |
---|---|---|
committer | Michal Cmarada <mcmarada@cisco.com> | 2019-02-06 09:41:39 +0100 |
commit | 3751ef96ae1427cc8d5ecb9cbba705e837bb63ca (patch) | |
tree | 08c01465ea307e9eebcdf1e12990ebdb66961228 /ipsec/ipsec-impl | |
parent | acf5a8a052e2f7f7c2b03c023df3dd489688cb00 (diff) |
fix after changes in VPP API
- fixes for mac adress
- fixes for ipaddress
- fixes refactoring in ipsec
Change-Id: Idc3e3557b72a5f1ac5b32b9738d90ca23ed6ed9e
Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
Diffstat (limited to 'ipsec/ipsec-impl')
6 files changed, 257 insertions, 198 deletions
diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java index 45f54cdb8..a9a20cff0 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java @@ -17,7 +17,6 @@ package io.fd.hc2vpp.ipsec.read; import com.google.common.base.Optional; -import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; import io.fd.hc2vpp.common.translate.util.FutureJVppCustomizer; import io.fd.hc2vpp.common.translate.util.Ipv4Translator; import io.fd.hc2vpp.common.translate.util.Ipv6Translator; @@ -35,6 +34,7 @@ import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetails; import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetailsReplyDump; import io.fd.vpp.jvpp.core.dto.IpsecSpdsDump; import io.fd.vpp.jvpp.core.future.FutureJVppCore; +import io.fd.vpp.jvpp.core.types.AddressFamily; import java.util.LinkedList; import java.util.List; import java.util.stream.Collectors; @@ -134,23 +134,22 @@ public class IpsecStateSpdCustomizer extends FutureJVppCustomizer private SpdEntries translateDetailToEntry(final IpsecSpdDetails details) { SpdEntriesBuilder builder = new SpdEntriesBuilder(); - builder.setDirection(IpsecTrafficDirection.forValue(details.isOutbound)) - .setIsIpv6(ByteDataTranslator.INSTANCE.byteToBoolean(details.isIpv6)) - .setPriority(details.priority); - switch (details.policy) { - case 0: + builder.setDirection(IpsecTrafficDirection.forValue(details.entry.isOutbound)) + .setPriority(details.entry.priority); + switch (details.entry.policy) { + case IPSEC_API_SPD_ACTION_BYPASS: builder.setOperation(IpsecSpdOperation.Bypass); break; - case 1: + case IPSEC_API_SPD_ACTION_DISCARD: builder.setOperation(IpsecSpdOperation.Discard); break; - case 3: + case IPSEC_API_SPD_ACTION_PROTECT: builder.setOperation(IpsecSpdOperation.Protect); - builder.setProtectSaId(details.saId); + builder.setProtectSaId(details.entry.saId); break; } - if (builder.isIsIpv6()) { + if (details.entry.localAddressStart != null && details.entry.localAddressStart.af.equals(AddressFamily.ADDRESS_IP6)) { processIpv6AddressRanges(builder, details); } else { processIpv4AddressRanges(builder, details); @@ -160,40 +159,62 @@ public class IpsecStateSpdCustomizer extends FutureJVppCustomizer } private void processIpv4AddressRanges(final SpdEntriesBuilder builder, final IpsecSpdDetails details) { - if (details.localStartAddr != null && details.localStartAddr.length > 0) { + if (details.entry.localAddressStart != null && + details.entry.localAddressStart.un.getIp4().ip4Address.length > 0) { builder.setLaddrStart(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv4AddressNoZone(details.localStartAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv4AddressNoZone(details.entry.localAddressStart.un.getIp4().ip4Address)) + .stringValue())); } - if (details.localStopAddr != null && details.localStopAddr.length > 0) { + if (details.entry.localAddressStop != null && + details.entry.localAddressStop.un.getIp4().ip4Address.length > 0) { builder.setLaddrStop(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv4AddressNoZone(details.localStopAddr)).stringValue())); + new IpAddressNoZone(arrayToIpv4AddressNoZone(details.entry.localAddressStop.un.getIp4().ip4Address)) + .stringValue())); } - if (details.remoteStartAddr != null && details.remoteStartAddr.length > 0) { + if (details.entry.remoteAddressStart != null && + details.entry.remoteAddressStart.un.getIp4().ip4Address.length > 0) { builder.setRaddrStart(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv4AddressNoZone(details.remoteStartAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv4AddressNoZone(details.entry.remoteAddressStart.un.getIp4().ip4Address)) + .stringValue())); } - if (details.remoteStopAddr != null && details.remoteStopAddr.length > 0) { + if (details.entry.remoteAddressStop != null && + details.entry.remoteAddressStop.un.getIp4().ip4Address.length > 0) { builder.setRaddrStop(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv4AddressNoZone(details.remoteStopAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv4AddressNoZone(details.entry.remoteAddressStop.un.getIp4().ip4Address)) + .stringValue())); } } private void processIpv6AddressRanges(final SpdEntriesBuilder builder, final IpsecSpdDetails details) { - if (details.localStartAddr != null && details.localStartAddr.length > 0) { + if (details.entry.localAddressStart != null && + details.entry.localAddressStart.un.getIp6().ip6Address.length > 0) { builder.setLaddrStart(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv6AddressNoZone(details.localStartAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv6AddressNoZone(details.entry.localAddressStart.un.getIp6().ip6Address)) + .stringValue())); } - if (details.localStopAddr != null && details.localStopAddr.length > 0) { + if (details.entry.localAddressStop != null && + details.entry.localAddressStop.un.getIp6().ip6Address.length > 0) { builder.setLaddrStop(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv6AddressNoZone(details.localStopAddr)).stringValue())); + new IpAddressNoZone(arrayToIpv6AddressNoZone(details.entry.localAddressStop.un.getIp6().ip6Address)) + .stringValue())); } - if (details.remoteStartAddr != null && details.remoteStartAddr.length > 0) { + if (details.entry.remoteAddressStart != null && + details.entry.remoteAddressStart.un.getIp6().ip6Address.length > 0) { builder.setRaddrStart(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv6AddressNoZone(details.remoteStartAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv6AddressNoZone(details.entry.remoteAddressStart.un.getIp6().ip6Address)) + .stringValue())); } - if (details.remoteStopAddr != null && details.remoteStopAddr.length > 0) { + if (details.entry.remoteAddressStop != null && + details.entry.remoteAddressStop.un.getIp6().ip6Address.length > 0) { builder.setRaddrStop(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv6AddressNoZone(details.remoteStopAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv6AddressNoZone(details.entry.remoteAddressStop.un.getIp6().ip6Address)) + .stringValue())); } } diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java index c29137d26..1822b024f 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java @@ -25,12 +25,19 @@ import io.fd.hc2vpp.common.translate.util.MultiNamingContext; import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer; import io.fd.honeycomb.translate.write.WriteContext; import io.fd.honeycomb.translate.write.WriteFailedException; -import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntry; -import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntryReply; +import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDel; +import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDelReply; import io.fd.vpp.jvpp.core.future.FutureJVppCore; +import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg; +import io.fd.vpp.jvpp.core.types.IpsecIntegAlg; +import io.fd.vpp.jvpp.core.types.IpsecProto; +import io.fd.vpp.jvpp.core.types.IpsecSadEntry; +import io.fd.vpp.jvpp.core.types.IpsecSadFlags; +import io.fd.vpp.jvpp.core.types.Key; import java.util.concurrent.CompletionStage; import javax.annotation.Nonnull; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecSadEntriesAugmentation; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecMode; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ip.address.grouping.IpAddress; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ip.address.grouping.ip.address.Ipv4Address; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ip.address.grouping.ip.address.Ipv6Address; @@ -87,44 +94,54 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer private void addDelEntry(final InstanceIdentifier<SadEntries> id, final SadEntries dataAfter, final WriteContext writeContext, boolean adding) throws WriteFailedException { - final IpsecSadAddDelEntry entry = new IpsecSadAddDelEntry(); + final IpsecSadEntryAddDel request = new IpsecSadEntryAddDel(); + request.entry = new IpsecSadEntry(); IpsecSadEntriesAugmentation augment = dataAfter.augmentation(IpsecSadEntriesAugmentation.class); if (augment != null && augment.getSaId() != null) { - entry.sadId = augment.getSaId(); + request.entry.sadId = augment.getSaId(); } if (dataAfter.getSpi() != null) { - entry.spi = dataAfter.getSpi().intValue(); + request.entry.spi = dataAfter.getSpi().intValue(); } - if (dataAfter.getAntiReplayWindow() != null) { - entry.useAntiReplay = dataAfter.getAntiReplayWindow() > 0 - ? BYTE_TRUE - : BYTE_FALSE; + request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_NONE; + if (dataAfter.getAntiReplayWindow() != null && dataAfter.getAntiReplayWindow() > 0) { + request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY; } - if (dataAfter.getSaMode() != null) { - entry.isTunnel = Integer.valueOf(dataAfter.getSaMode().getIntValue()).byteValue(); + if (dataAfter.getSaMode() != null && dataAfter.getSaMode().equals(IpsecMode.Tunnel)) { + //TODO check if flags can be set at once + if (dataAfter.getSourceAddress() != null && + dataAfter.getSourceAddress().getIpAddress() instanceof Ipv4Address) { + request.entry.flags = IpsecSadFlags + .forValue((request.entry.flags.value + IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL.value)); + } else if (dataAfter.getSourceAddress() != null && + dataAfter.getSourceAddress().getIpAddress() instanceof Ipv6Address) { + request.entry.flags = IpsecSadFlags + .forValue((request.entry.flags.value + IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6.value)); + } } - entry.isAdd = adding + request.isAdd = adding ? ByteDataTranslator.BYTE_TRUE : ByteDataTranslator.BYTE_FALSE; if (dataAfter.getEsp() != null) { - entry.protocol = 1; - fillEspAuthentication(entry, dataAfter.getEsp()); - fillEspEncryption(entry, dataAfter.getEsp()); + request.entry.protocol = IpsecProto.IPSEC_API_PROTO_ESP; + fillEspAuthentication(request, dataAfter.getEsp()); + fillEspEncryption(request, dataAfter.getEsp()); } else if (dataAfter.getAh() != null) { - entry.protocol = 0; - fillAhAuthentication(entry, dataAfter.getAh()); + request.entry.protocol = IpsecProto.IPSEC_API_PROTO_AH; + fillAhAuthentication(request, dataAfter.getAh()); + fillAhEncryption(request, dataAfter.getAh()); } - fillAddresses(entry, dataAfter); + fillAddresses(request, dataAfter); - LOG.debug("IPSec config change id={} request={}", id, entry); - final CompletionStage<IpsecSadAddDelEntryReply> ipsecSadEntryAddDellReplyFuture = - getFutureJVpp().ipsecSadAddDelEntry(entry); + LOG.debug("IPSec config change id={} request={}", id, request); + final CompletionStage<IpsecSadEntryAddDelReply> ipsecSadEntryAddDellReplyFuture = + getFutureJVpp().ipsecSadEntryAddDel(request); getReplyForWrite(ipsecSadEntryAddDellReplyFuture.toCompletableFuture(), id); if (adding) { - sadEntryMapping.addChild(dataAfter.key().getDirection().getName(), entry.sadId, + sadEntryMapping.addChild(dataAfter.key().getDirection().getName(), request.entry.sadId, String.valueOf(dataAfter.key().getSpi()), writeContext.getMappingContext()); } else { sadEntryMapping @@ -133,7 +150,7 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer } } - private void fillAhAuthentication(IpsecSadAddDelEntry targetEntry, Ah data) { + private void fillAhAuthentication(IpsecSadEntryAddDel request, Ah data) { //0 = None, 1 = MD5-96, 2 = SHA1-96, 3 = SHA-256, 4 = SHA-384, 5=SHA-512 AuthenticationAlgorithm authAlg = data.getAuthenticationAlgorithm(); if (authAlg != null) { @@ -142,22 +159,33 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer integKey = ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.ah.grouping.ah.authentication.algorithm.HmacMd596) authAlg) .getHmacMd596().getKeyStr().stringValue(); - targetEntry.integrityAlgorithm = 1; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96; } else if (authAlg instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.ah.grouping.ah.authentication.algorithm.HmacSha196) { integKey = ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.ah.grouping.ah.authentication.algorithm.HmacSha196) authAlg) .getHmacSha196().getKeyStr().stringValue(); - targetEntry.integrityAlgorithm = 2; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96; } else { - targetEntry.integrityAlgorithm = 0; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_NONE; return; } - targetEntry.integrityKey = integKey.getBytes(); - targetEntry.integrityKeyLength = (byte) integKey.getBytes().length; + request.entry.integrityKey = new Key(); + request.entry.integrityKey.data = integKey.getBytes(); + request.entry.integrityKey.length = (byte) integKey.getBytes().length; + request.entry.cryptoKey = new Key(); + request.entry.cryptoKey.data = null; + request.entry.cryptoKey.length = 0 ; } } - private void fillEspAuthentication(IpsecSadAddDelEntry targetEntry, Esp data) { + private void fillAhEncryption(IpsecSadEntryAddDel request, Ah data) { + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE; + request.entry.cryptoKey = new Key(); + request.entry.cryptoKey.data = null; + request.entry.cryptoKey.length = 0; + } + + private void fillEspAuthentication(IpsecSadEntryAddDel request, Esp data) { //0 = None, 1 = MD5-96, 2 = SHA1-96, 3 = SHA-256, 4 = SHA-384, 5=SHA-512 org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.esp.grouping.esp.Authentication authAlg = data.getAuthentication(); @@ -165,57 +193,58 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer String integKey; if (authAlg.getAuthenticationAlgorithm() instanceof HmacMd596) { integKey = ((HmacMd596) authAlg.getAuthenticationAlgorithm()).getHmacMd596().getKeyStr().stringValue(); - targetEntry.integrityAlgorithm = 1; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96; } else if (authAlg.getAuthenticationAlgorithm() instanceof HmacSha196) { integKey = ((HmacSha196) authAlg.getAuthenticationAlgorithm()).getHmacSha196().getKeyStr().stringValue(); - targetEntry.integrityAlgorithm = 2; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96; } else { - targetEntry.integrityAlgorithm = 0; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_NONE; return; } - targetEntry.integrityKey = integKey.getBytes(); - targetEntry.integrityKeyLength = (byte) integKey.getBytes().length; + request.entry.integrityKey = new Key(); + request.entry.integrityKey.data = integKey.getBytes(); + request.entry.integrityKey.length = (byte) integKey.getBytes().length; } } - private void fillEspEncryption(IpsecSadAddDelEntry targetEntry, Esp data) { + private void fillEspEncryption(IpsecSadEntryAddDel request, Esp data) { //0 = Null, 1 = AES-CBC-128, 2 = AES-CBC-192, 3 = AES-CBC-256, 4 = 3DES-CBC if (data.getEncryption() != null && data.getEncryption().getEncryptionAlgorithm() != null) { String cryptoKey = ""; EncryptionAlgorithm encrAlg = data.getEncryption().getEncryptionAlgorithm(); if (encrAlg instanceof Aes128Cbc) { cryptoKey = ((Aes128Cbc) encrAlg).getAes128Cbc().getKeyStr().stringValue(); - targetEntry.cryptoAlgorithm = 1; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_128; } else if (encrAlg instanceof Aes192Cbc) { cryptoKey = ((Aes192Cbc) encrAlg).getAes192Cbc().getKeyStr().stringValue(); - targetEntry.cryptoAlgorithm = 2; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_192; } else if (encrAlg instanceof Aes256Cbc) { cryptoKey = ((Aes256Cbc) encrAlg).getAes256Cbc().getKeyStr().stringValue(); - targetEntry.cryptoAlgorithm = 3; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_256; } else if (encrAlg instanceof DesCbc) { cryptoKey = ((DesCbc) encrAlg).getDesCbc().getKeyStr().stringValue(); - targetEntry.cryptoAlgorithm = 4; + // TODO verify before the value was "4" now the result is "10" + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_DES_CBC; } else { - targetEntry.cryptoAlgorithm = 0; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE; return; } - targetEntry.cryptoKey = cryptoKey.getBytes(); - targetEntry.cryptoKeyLength = (byte) cryptoKey.getBytes().length; + request.entry.cryptoKey = new Key(); + request.entry.cryptoKey.data = cryptoKey.getBytes(); + request.entry.cryptoKey.length = (byte) cryptoKey.getBytes().length; } } - private void fillAddresses(IpsecSadAddDelEntry targetEntry, SadEntries data) { + private void fillAddresses(IpsecSadEntryAddDel request, SadEntries data) { if (data.getSourceAddress() != null && data.getSourceAddress().getIpAddress() != null) { IpAddress sourceAddr = data.getSourceAddress().getIpAddress(); if (sourceAddr instanceof Ipv4Address) { Ipv4Address ipv4 = (Ipv4Address) sourceAddr; - targetEntry.isTunnelIpv6 = 0; - targetEntry.tunnelSrcAddress = ipv4AddressNoZoneToArray(ipv4.getIpv4Address().getValue()); + request.entry.tunnelSrc = ipv4AddressToAddress(ipv4.getIpv4Address()); } else if (sourceAddr instanceof Ipv6Address) { Ipv6Address ipv6 = (Ipv6Address) sourceAddr; - targetEntry.isTunnelIpv6 = 1; - targetEntry.tunnelSrcAddress = ipv6AddressNoZoneToArray(ipv6.getIpv6Address()); + request.entry.tunnelSrc = ipv6AddressToAddress(ipv6.getIpv6Address()); } } @@ -224,12 +253,10 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer if (destAddr instanceof Ipv4Address) { Ipv4Address ipv4 = (Ipv4Address) destAddr; - targetEntry.isTunnelIpv6 = 0; - targetEntry.tunnelDstAddress = ipv4AddressNoZoneToArray(ipv4.getIpv4Address().getValue()); + request.entry.tunnelDst = ipv4AddressToAddress(ipv4.getIpv4Address()); } else if (destAddr instanceof Ipv6Address) { Ipv6Address ipv6 = (Ipv6Address) destAddr; - targetEntry.isTunnelIpv6 = 1; - targetEntry.tunnelDstAddress = ipv6AddressNoZoneToArray(ipv6.getIpv6Address()); + request.entry.tunnelDst = ipv6AddressToAddress(ipv6.getIpv6Address()); } } } diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java index 771cf676a..870eeb776 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java @@ -25,8 +25,10 @@ import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer; import io.fd.honeycomb.translate.write.WriteContext; import io.fd.honeycomb.translate.write.WriteFailedException; import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDel; -import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDelEntry; +import io.fd.vpp.jvpp.core.dto.IpsecSpdEntryAddDel; import io.fd.vpp.jvpp.core.future.FutureJVppCore; +import io.fd.vpp.jvpp.core.types.IpsecSpdAction; +import io.fd.vpp.jvpp.core.types.IpsecSpdEntry; import javax.annotation.Nonnull; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecSpdEntriesAugmentation; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.Spd; @@ -78,71 +80,65 @@ public class IpsecSpdCustomizer extends FutureJVppCustomizer private void addSpdEntry(final InstanceIdentifier<Spd> id, int spdId, final SpdEntries entry) throws WriteFailedException { - IpsecSpdAddDelEntry request = new IpsecSpdAddDelEntry(); - request.spdId = spdId; + IpsecSpdEntryAddDel request = new IpsecSpdEntryAddDel(); + request.entry = new IpsecSpdEntry(); + request.entry.spdId = spdId; request.isAdd = ByteDataTranslator.BYTE_TRUE; IpsecSpdEntriesAugmentation entryAug = entry.augmentation(IpsecSpdEntriesAugmentation.class); if (entryAug == null) { return; } - if (entryAug.isIsIpv6() != null) { - request.isIpv6 = (byte) (entryAug.isIsIpv6() - ? 1 - : 0); - } if (entryAug.getDirection() != null) { - request.isOutbound = (byte) entryAug.getDirection().getIntValue(); + request.entry.isOutbound = (byte) entryAug.getDirection().getIntValue(); } if (entryAug.getPriority() != null) { - request.priority = entryAug.getPriority(); + request.entry.priority = entryAug.getPriority(); } if (entryAug.getOperation() != null) { final String operation = entryAug.getOperation().getName(); if (operation.equalsIgnoreCase("bypass")) { - request.policy = (byte) 0; + request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_BYPASS; } else if (operation.equalsIgnoreCase("discard")) { - request.policy = (byte) 1; + request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_DISCARD; } else if (operation.equalsIgnoreCase("protect")) { - request.policy = (byte) 3; + request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_PROTECT; } } if (entryAug.getLaddrStart() != null) { if (entryAug.getLaddrStart().getIpv4Address() != null) { - request.localAddressStart = - ipv4AddressNoZoneToArray(entryAug.getLaddrStart().getIpv4Address().getValue()); + request.entry.localAddressStart = ipv4AddressToAddress(entryAug.getLaddrStart().getIpv4Address()); } else if (entryAug.getLaddrStart().getIpv6Address() != null) { - request.localAddressStart = ipv6AddressNoZoneToArray(entryAug.getLaddrStart().getIpv6Address()); + request.entry.localAddressStart = ipv6AddressToAddress(entryAug.getLaddrStart().getIpv6Address()); } } if (entryAug.getLaddrStop() != null) { if (entryAug.getLaddrStop().getIpv4Address() != null) { - request.localAddressStop = - ipv4AddressNoZoneToArray(entryAug.getLaddrStop().getIpv4Address().getValue()); + request.entry.localAddressStop = ipv4AddressToAddress(entryAug.getLaddrStop().getIpv4Address()); } else if (entryAug.getLaddrStop().getIpv6Address() != null) { - request.localAddressStop = ipv6AddressNoZoneToArray(entryAug.getLaddrStop().getIpv6Address()); + request.entry.localAddressStop = ipv6AddressToAddress(entryAug.getLaddrStop().getIpv6Address()); } } if (entryAug.getRaddrStop() != null) { if (entryAug.getRaddrStop().getIpv4Address() != null) { - request.remoteAddressStop = - ipv4AddressNoZoneToArray(entryAug.getRaddrStop().getIpv4Address().getValue()); + request.entry.remoteAddressStop = ipv4AddressToAddress(entryAug.getRaddrStop().getIpv4Address()); } else if (entryAug.getRaddrStop().getIpv6Address() != null) { - request.remoteAddressStop = ipv6AddressNoZoneToArray(entryAug.getRaddrStop().getIpv6Address()); + request.entry.remoteAddressStop = ipv6AddressToAddress(entryAug.getRaddrStop().getIpv6Address()); } } if (entryAug.getRaddrStart() != null) { if (entryAug.getRaddrStart().getIpv4Address() != null) { - request.remoteAddressStart = - ipv4AddressNoZoneToArray(entryAug.getRaddrStart().getIpv4Address().getValue()); + request.entry.remoteAddressStart = ipv4AddressToAddress(entryAug.getRaddrStart().getIpv4Address()); } else if (entryAug.getRaddrStart().getIpv6Address() != null) { - request.remoteAddressStart = ipv6AddressNoZoneToArray(entryAug.getRaddrStart().getIpv6Address()); + request.entry.remoteAddressStart = ipv6AddressToAddress(entryAug.getRaddrStart().getIpv6Address()); } } - getReplyForWrite(getFutureJVpp().ipsecSpdAddDelEntry(request).toCompletableFuture(), id); + + //TODO HC2VPP-403: missing local and remote port definitions + getReplyForWrite(getFutureJVpp().ipsecSpdEntryAddDel(request).toCompletableFuture(), id); } } diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizerTest.java index bf08fa8c3..8c2ad09f9 100644 --- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizerTest.java +++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizerTest.java @@ -30,6 +30,8 @@ import io.fd.vpp.jvpp.core.dto.IpsecSpdDetails; import io.fd.vpp.jvpp.core.dto.IpsecSpdDetailsReplyDump; import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetails; import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetailsReplyDump; +import io.fd.vpp.jvpp.core.types.IpsecSpdAction; +import io.fd.vpp.jvpp.core.types.IpsecSpdEntry; import java.util.LinkedList; import org.junit.Test; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecStateSpdAugmentation; @@ -38,6 +40,7 @@ import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.i import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.ipsec.state.SpdBuilder; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.ipsec.state.SpdKey; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.ipsec.state.spd.SpdEntries; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Address; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecState; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; @@ -47,11 +50,10 @@ public class IpsecStateSpdCustomizerTest extends ReaderCustomizerTest<Spd, SpdBu private static InstanceIdentifier<Spd> SPD_IID = InstanceIdentifier.create(IpsecState.class) .augmentation(IpsecStateSpdAugmentation.class).child(Spd.class, new SpdKey(10)); - private static final String LOCAL_ADDR_START = "192.168.11.1"; - private static final String LOCAL_ADDR_END = "192.168.11.255"; + private static final Ipv4Address LOCAL_ADDR_START = new Ipv4Address("192.168.11.1"); + private static final Ipv4Address LOCAL_ADDR_END = new Ipv4Address("192.168.11.255"); private static final short PORT_START = 0; private static final short PORT_END = Short.MAX_VALUE; - private static final int POLICY_PROTECT = 3; private static final int SPD_ID = 10; private static final int SA_ID = 10; private static final int PROTOCOL = 1; @@ -71,17 +73,17 @@ public class IpsecStateSpdCustomizerTest extends ReaderCustomizerTest<Spd, SpdBu final IpsecSpdDetailsReplyDump spdDetailsReply = new IpsecSpdDetailsReplyDump(); LinkedList<IpsecSpdDetails> spdDetails = new LinkedList<>(); IpsecSpdDetails spdDetail = new IpsecSpdDetails(); - spdDetail.isIpv6 = BYTE_FALSE; - spdDetail.isOutbound = BYTE_TRUE; - spdDetail.spdId = SPD_ID; - spdDetail.protocol = PROTOCOL; - spdDetail.localStartAddr = ipv4AddressNoZoneToArray(LOCAL_ADDR_START); - spdDetail.localStopAddr = ipv4AddressNoZoneToArray(LOCAL_ADDR_END); - spdDetail.localStartPort = PORT_START; - spdDetail.localStopPort = PORT_END; - spdDetail.policy = POLICY_PROTECT; - spdDetail.saId = SA_ID; - spdDetail.priority = PRIORITY; + spdDetail.entry = new IpsecSpdEntry(); + spdDetail.entry.isOutbound = BYTE_TRUE; + spdDetail.entry.spdId = SPD_ID; + spdDetail.entry.protocol = PROTOCOL; + spdDetail.entry.localAddressStart = ipv4AddressToAddress(LOCAL_ADDR_START); + spdDetail.entry.localAddressStop = ipv4AddressToAddress(LOCAL_ADDR_END); + spdDetail.entry.localPortStart = PORT_START; + spdDetail.entry.localPortStop = PORT_END; + spdDetail.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_PROTECT; + spdDetail.entry.saId = SA_ID; + spdDetail.entry.priority = PRIORITY; spdDetails.add(spdDetail); spdDetailsReply.ipsecSpdDetails = spdDetails; when(api.ipsecSpdDump(any())).thenReturn(future(spdDetailsReply)); diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java index e477467db..81588fea7 100644 --- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java +++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java @@ -16,6 +16,8 @@ package io.fd.hc2vpp.ipsec.write; +import static io.fd.vpp.jvpp.core.types.IpsecSadFlags.IPSEC_API_SAD_FLAG_NONE; +import static org.junit.Assert.assertEquals; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @@ -29,11 +31,19 @@ import io.fd.hc2vpp.ipsec.helpers.SchemaContextTestHelper; import io.fd.honeycomb.test.tools.HoneycombTestRunner; import io.fd.honeycomb.test.tools.annotations.InjectTestData; import io.fd.honeycomb.translate.write.WriteFailedException; -import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntry; -import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntryReply; +import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDel; +import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDelReply; +import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg; +import io.fd.vpp.jvpp.core.types.IpsecIntegAlg; +import io.fd.vpp.jvpp.core.types.IpsecProto; +import io.fd.vpp.jvpp.core.types.IpsecSadEntry; +import io.fd.vpp.jvpp.core.types.IpsecSadFlags; +import io.fd.vpp.jvpp.core.types.IpsecSpdEntry; +import io.fd.vpp.jvpp.core.types.Key; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Address; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Address; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IkeEncryptionAlgorithmT; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IkeIntegrityAlgorithmT; @@ -68,8 +78,8 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements InstanceIdentifier.create(Ipsec.class).child(Sad.class); private static final String INTEG_KEY = "0123456789012346"; private static final String CRYPTO_KEY = "9876543210987654"; - private static final String TNL_SRC_ADDR = "192.168.1.1"; - private static final String TNL_DST_ADDR = "192.168.1.2"; + private static final Ipv4Address TNL_SRC_ADDR = new Ipv4Address("192.168.1.1"); + private static final Ipv4Address TNL_DST_ADDR = new Ipv4Address("192.168.1.2"); private static final int SPI_1002 = 1002; private static final int SAD_ID = 10; @@ -80,29 +90,30 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements @Override protected void setUpTest() throws Exception { customizer = new IpsecSadEntryCustomizer(api, namingCntext); - when(api.ipsecSadAddDelEntry(any())).thenReturn(future(new IpsecSadAddDelEntryReply())); + when(api.ipsecSadEntryAddDel(any())).thenReturn(future(new IpsecSadEntryAddDelReply())); } @Test public void testWrite(@InjectTestData(resourcePath = "/sadEntries/addDelSadEntry.json", id = SAD_PATH) Sad sad) throws WriteFailedException { final SadEntries data = sad.getSadEntries().get(0); - final IpsecSadAddDelEntry request = new IpsecSadAddDelEntry(); + final IpsecSadEntryAddDel request = new IpsecSadEntryAddDel(); request.isAdd = BYTE_TRUE; - request.spi = SPI_1002; - request.sadId = SAD_ID; - request.isTunnel = BYTE_TRUE; - request.isTunnelIpv6 = BYTE_FALSE; - request.integrityKey = INTEG_KEY.getBytes(); - request.integrityKeyLength = (byte) request.integrityKey.length; - request.cryptoKey = CRYPTO_KEY.getBytes(); - request.cryptoKeyLength = (byte) request.cryptoKey.length; - request.useAntiReplay = 0; - request.tunnelSrcAddress = ipv4AddressNoZoneToArray(TNL_SRC_ADDR); - request.tunnelDstAddress = ipv4AddressNoZoneToArray(TNL_DST_ADDR); + request.entry = new io.fd.vpp.jvpp.core.types.IpsecSadEntry(); + request.entry.spi = SPI_1002; + request.entry.sadId = SAD_ID; + request.entry.integrityKey = new Key(); + request.entry.integrityKey.data = INTEG_KEY.getBytes(); + request.entry.integrityKey.length = (byte) INTEG_KEY.getBytes().length; + request.entry.cryptoKey = new Key(); + request.entry.cryptoKey.data = CRYPTO_KEY.getBytes(); + request.entry.cryptoKey.length = (byte) CRYPTO_KEY.getBytes().length; + request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL; + request.entry.tunnelSrc = ipv4AddressToAddress(TNL_SRC_ADDR); + request.entry.tunnelDst = ipv4AddressToAddress(TNL_DST_ADDR); // ESP - request.protocol = BYTE_TRUE; //0 = AH, 1 = ESP + request.entry.protocol = IpsecProto.IPSEC_API_PROTO_ESP; // - auth MD5-96 // - crypto Aes-Cbc-128 testEspAuthEncrCombination(data, IkeIntegrityAlgorithmT.AuthHmacMd596, @@ -132,10 +143,11 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements IkeEncryptionAlgorithmT.EncrDes, request); // AH - request.protocol = BYTE_FALSE; - request.cryptoAlgorithm = 0; - request.cryptoKey = null; - request.cryptoKeyLength = 0; + request.entry.protocol = IpsecProto.IPSEC_API_PROTO_AH; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE; + request.entry.cryptoKey = new Key(); + request.entry.cryptoKey.data = null; + request.entry.cryptoKey.length = 0; // - auth SHA1-96 testAhAuthorization(data, IkeIntegrityAlgorithmT.AuthHmacSha196, request); // - auth MD5-96 @@ -151,20 +163,24 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements final SadEntries after = relayAfter.getSadEntries().get(0); final Long spi = after.getSpi(); customizer.updateCurrentAttributes(getId(IpsecTrafficDirection.Outbound, spi), before, after, writeContext); - final IpsecSadAddDelEntry request = new IpsecSadAddDelEntry(); + final IpsecSadEntryAddDel request = new IpsecSadEntryAddDel(); request.isAdd = BYTE_TRUE; - request.spi = SPI_1002; - request.sadId = SAD_ID; - request.protocol = BYTE_FALSE; - request.isTunnel = BYTE_FALSE; - request.isTunnelIpv6 = BYTE_TRUE; - request.integrityAlgorithm = 1; - request.integrityKey = INTEG_KEY.getBytes(); - request.integrityKeyLength = (byte) request.integrityKey.length; - request.useAntiReplay = BYTE_TRUE; - request.tunnelSrcAddress = ipv6AddressNoZoneToArray(Ipv6Address.getDefaultInstance("2001::11")); - request.tunnelDstAddress = ipv6AddressNoZoneToArray(Ipv6Address.getDefaultInstance("2001::12")); - verify(api).ipsecSadAddDelEntry(request); + request.entry = new IpsecSadEntry(); + request.entry.spi = SPI_1002; + request.entry.sadId = SAD_ID; + request.entry.protocol = IpsecProto.IPSEC_API_PROTO_AH; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96; + request.entry.integrityKey = new Key(); + request.entry.integrityKey.data = INTEG_KEY.getBytes(); + request.entry.integrityKey.length = (byte) INTEG_KEY.getBytes().length; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE; + request.entry.cryptoKey = new Key(); + request.entry.cryptoKey.data = null; + request.entry.cryptoKey.length = 0; + request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY; + request.entry.tunnelSrc = ipv6AddressToAddress(Ipv6Address.getDefaultInstance("2001::11")); + request.entry.tunnelDst = ipv6AddressToAddress(Ipv6Address.getDefaultInstance("2001::12")); + verify(api).ipsecSadEntryAddDel(request); } @Test @@ -173,11 +189,13 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements final SadEntries data = sad.getSadEntries().get(0); final Long spi = data.getSpi(); customizer.deleteCurrentAttributes(getId(IpsecTrafficDirection.Outbound, spi), data, writeContext); - final IpsecSadAddDelEntry request = new IpsecSadAddDelEntry(); + final IpsecSadEntryAddDel request = new IpsecSadEntryAddDel(); request.isAdd = BYTE_FALSE; - request.spi = SPI_1002; - request.sadId = SAD_ID; - verify(api).ipsecSadAddDelEntry(request); + request.entry = new IpsecSadEntry(); + request.entry.spi = SPI_1002; + request.entry.sadId = SAD_ID; + request.entry.flags = IPSEC_API_SAD_FLAG_NONE; + verify(api).ipsecSadEntryAddDel(request); } private InstanceIdentifier<SadEntries> getId(final IpsecTrafficDirection direction, final Long spi) { @@ -185,7 +203,7 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements } private void testAhAuthorization(final SadEntries otherData, final IkeIntegrityAlgorithmT authAlg, - final IpsecSadAddDelEntry request) throws WriteFailedException { + final IpsecSadEntryAddDel request) throws WriteFailedException { SadEntriesBuilder builder = new SadEntriesBuilder(otherData); builder.setEsp(null); AhBuilder ahBuilder = new AhBuilder(); @@ -193,11 +211,11 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements builder.setAh(ahBuilder.build()); customizer.writeCurrentAttributes(getId(IpsecTrafficDirection.Outbound, Integer.toUnsignedLong(SPI_1002)), builder.build(), writeContext); - verify(api).ipsecSadAddDelEntry(request); + verify(api).ipsecSadEntryAddDel(request); } private void testEspAuthEncrCombination(final SadEntries otherData, final IkeIntegrityAlgorithmT authAlg, - final IkeEncryptionAlgorithmT encrAlg, final IpsecSadAddDelEntry request) + final IkeEncryptionAlgorithmT encrAlg, final IpsecSadEntryAddDel request) throws WriteFailedException { SadEntriesBuilder builder = new SadEntriesBuilder(otherData); builder.setAh(null); @@ -209,26 +227,26 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements builder.build(), writeContext); if (encrAlg == IkeEncryptionAlgorithmT.EncrAesCbc128) { - request.cryptoAlgorithm = 1; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_128; } else if (encrAlg == IkeEncryptionAlgorithmT.EncrAesCbc192) { - request.cryptoAlgorithm = 2; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_192; } else if (encrAlg == IkeEncryptionAlgorithmT.EncrAesCbc256) { - request.cryptoAlgorithm = 3; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_256; } else if (encrAlg == IkeEncryptionAlgorithmT.EncrDes) { - request.cryptoAlgorithm = 4; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_DES_CBC; } else { - request.cryptoAlgorithm = 0; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE; } if (authAlg == IkeIntegrityAlgorithmT.AuthHmacMd596) { - request.integrityAlgorithm = 1; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96; } else if (authAlg == IkeIntegrityAlgorithmT.AuthHmacSha196) { - request.integrityAlgorithm = 2; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96; } else { - request.integrityAlgorithm = 0; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_NONE; } - verify(api).ipsecSadAddDelEntry(request); + verify(api).ipsecSadEntryAddDel(request); } private Encryption getEspEncryption(IkeEncryptionAlgorithmT alg) { diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizerTest.java index a4b294002..da9b7425b 100644 --- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizerTest.java +++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizerTest.java @@ -29,9 +29,11 @@ import io.fd.honeycomb.test.tools.HoneycombTestRunner; import io.fd.honeycomb.test.tools.annotations.InjectTestData; import io.fd.honeycomb.translate.write.WriteFailedException; import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDel; -import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDelEntry; -import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDelEntryReply; import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDelReply; +import io.fd.vpp.jvpp.core.dto.IpsecSpdEntryAddDel; +import io.fd.vpp.jvpp.core.dto.IpsecSpdEntryAddDelReply; +import io.fd.vpp.jvpp.core.types.IpsecSpdAction; +import io.fd.vpp.jvpp.core.types.IpsecSpdEntry; import java.util.Collections; import org.junit.Test; import org.junit.runner.RunWith; @@ -56,7 +58,7 @@ public class IpsecSpdCustomizerTest extends WriterCustomizerTest implements Sche protected void setUpTest() throws Exception { customizer = new IpsecSpdCustomizer(api); when(api.ipsecSpdAddDel(any())).thenReturn(future(new IpsecSpdAddDelReply())); - when(api.ipsecSpdAddDelEntry(any())).thenReturn(future(new IpsecSpdAddDelEntryReply())); + when(api.ipsecSpdEntryAddDel(any())).thenReturn(future(new IpsecSpdEntryAddDelReply())); } @Test @@ -69,8 +71,8 @@ public class IpsecSpdCustomizerTest extends WriterCustomizerTest implements Sche createSpdRequest.spdId = SPD_ID; verify(api).ipsecSpdAddDel(createSpdRequest); - verify(api).ipsecSpdAddDelEntry(translateSpdEntry(spd.getSpdEntries().get(0), SPD_ID, true)); - verify(api).ipsecSpdAddDelEntry(translateSpdEntry(spd.getSpdEntries().get(1), SPD_ID, true)); + verify(api).ipsecSpdEntryAddDel(translateSpdEntry(spd.getSpdEntries().get(0), SPD_ID, true)); + verify(api).ipsecSpdEntryAddDel(translateSpdEntry(spd.getSpdEntries().get(1), SPD_ID, true)); } @Test @@ -81,7 +83,7 @@ public class IpsecSpdCustomizerTest extends WriterCustomizerTest implements Sche Spd before = ipsecBefore.getSpd().get(0); Spd after = ipsecAfter.getSpd().get(0); customizer.updateCurrentAttributes(getSpdId(SPD_ID), before, after, writeContext); - verify(api).ipsecSpdAddDelEntry(translateSpdEntry(after.getSpdEntries().get(0), SPD_ID, true)); + verify(api).ipsecSpdEntryAddDel(translateSpdEntry(after.getSpdEntries().get(0), SPD_ID, true)); } @Test @@ -102,71 +104,64 @@ public class IpsecSpdCustomizerTest extends WriterCustomizerTest implements Sche return InstanceIdentifier.create(Ipsec.class).child(Spd.class, new SpdKey(spdId)); } - private IpsecSpdAddDelEntry translateSpdEntry(final SpdEntries entry, int spdId, boolean isAdd) { - IpsecSpdAddDelEntry request = new IpsecSpdAddDelEntry(); - request.spdId = spdId; + private IpsecSpdEntryAddDel translateSpdEntry(final SpdEntries entry, int spdId, boolean isAdd) { + IpsecSpdEntryAddDel request = new IpsecSpdEntryAddDel(); + request.entry = new IpsecSpdEntry(); + request.entry.spdId = spdId; request.isAdd = isAdd ? BYTE_TRUE : BYTE_FALSE; IpsecSpdEntriesAugmentation aug = entry.augmentation(IpsecSpdEntriesAugmentation.class); if (aug != null) { - if (aug.isIsIpv6() != null) { - request.isIpv6 = (byte) (aug.isIsIpv6() - ? 1 - : 0); - } if (aug.getDirection() != null) { - request.isOutbound = (byte) aug.getDirection().getIntValue(); + request.entry.isOutbound = (byte) aug.getDirection().getIntValue(); } if (aug.getPriority() != null) { - request.priority = aug.getPriority(); + request.entry.priority = aug.getPriority(); } if (aug.getOperation() != null) { final String operation = aug.getOperation().getName(); if (operation.equalsIgnoreCase("bypass")) { - request.policy = (byte) 0; + request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_BYPASS; } else if (operation.equalsIgnoreCase("discard")) { - request.policy = (byte) 1; + request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_DISCARD; } else if (operation.equalsIgnoreCase("protect")) { - request.policy = (byte) 3; + request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_PROTECT; } } if (aug.getLaddrStart() != null) { if (aug.getLaddrStart().getIpv4Address() != null) { - request.localAddressStart = - ipv4AddressNoZoneToArray(aug.getLaddrStart().getIpv4Address().getValue()); + request.entry.localAddressStart = ipv4AddressToAddress(aug.getLaddrStart().getIpv4Address()); } else if (aug.getLaddrStart().getIpv6Address() != null) { - request.localAddressStart = ipv6AddressNoZoneToArray(aug.getLaddrStart().getIpv6Address()); + request.entry.localAddressStart = ipv6AddressToAddress(aug.getLaddrStart().getIpv6Address()); } } if (aug.getLaddrStop() != null) { if (aug.getLaddrStop().getIpv4Address() != null) { - request.localAddressStop = ipv4AddressNoZoneToArray(aug.getLaddrStop().getIpv4Address().getValue()); + request.entry.localAddressStop = ipv4AddressToAddress(aug.getLaddrStop().getIpv4Address()); } else if (aug.getLaddrStop().getIpv6Address() != null) { - request.localAddressStop = ipv6AddressNoZoneToArray(aug.getLaddrStop().getIpv6Address()); + request.entry.localAddressStop = ipv6AddressToAddress(aug.getLaddrStop().getIpv6Address()); } } if (aug.getRaddrStop() != null) { if (aug.getRaddrStop().getIpv4Address() != null) { - request.remoteAddressStop = - ipv4AddressNoZoneToArray(aug.getRaddrStop().getIpv4Address().getValue()); + request.entry.remoteAddressStop = ipv4AddressToAddress(aug.getRaddrStop().getIpv4Address()); } else if (aug.getRaddrStop().getIpv6Address() != null) { - request.remoteAddressStop = ipv6AddressNoZoneToArray(aug.getRaddrStop().getIpv6Address()); + request.entry.remoteAddressStop = ipv6AddressToAddress(aug.getRaddrStop().getIpv6Address()); } } if (aug.getRaddrStart() != null) { if (aug.getRaddrStart().getIpv4Address() != null) { - request.remoteAddressStart = - ipv4AddressNoZoneToArray(aug.getRaddrStart().getIpv4Address().getValue()); + request.entry.remoteAddressStart = ipv4AddressToAddress(aug.getRaddrStart().getIpv4Address()); } else if (aug.getRaddrStart().getIpv6Address() != null) { - request.remoteAddressStart = ipv6AddressNoZoneToArray(aug.getRaddrStart().getIpv6Address()); + request.entry.remoteAddressStart = ipv6AddressToAddress(aug.getRaddrStart().getIpv6Address()); } } } |