summaryrefslogtreecommitdiffstats
path: root/ipsec/ipsec-impl
diff options
context:
space:
mode:
authorMichal Cmarada <mcmarada@cisco.com>2019-02-06 09:41:39 +0100
committerMichal Cmarada <mcmarada@cisco.com>2019-02-06 09:41:39 +0100
commit3751ef96ae1427cc8d5ecb9cbba705e837bb63ca (patch)
tree08c01465ea307e9eebcdf1e12990ebdb66961228 /ipsec/ipsec-impl
parentacf5a8a052e2f7f7c2b03c023df3dd489688cb00 (diff)
fix after changes in VPP API
- fixes for mac adress - fixes for ipaddress - fixes refactoring in ipsec Change-Id: Idc3e3557b72a5f1ac5b32b9738d90ca23ed6ed9e Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
Diffstat (limited to 'ipsec/ipsec-impl')
-rw-r--r--ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java73
-rw-r--r--ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java129
-rw-r--r--ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java48
-rw-r--r--ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizerTest.java30
-rw-r--r--ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java120
-rw-r--r--ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizerTest.java55
6 files changed, 257 insertions, 198 deletions
diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java
index 45f54cdb8..a9a20cff0 100644
--- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java
+++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java
@@ -17,7 +17,6 @@
package io.fd.hc2vpp.ipsec.read;
import com.google.common.base.Optional;
-import io.fd.hc2vpp.common.translate.util.ByteDataTranslator;
import io.fd.hc2vpp.common.translate.util.FutureJVppCustomizer;
import io.fd.hc2vpp.common.translate.util.Ipv4Translator;
import io.fd.hc2vpp.common.translate.util.Ipv6Translator;
@@ -35,6 +34,7 @@ import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetails;
import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetailsReplyDump;
import io.fd.vpp.jvpp.core.dto.IpsecSpdsDump;
import io.fd.vpp.jvpp.core.future.FutureJVppCore;
+import io.fd.vpp.jvpp.core.types.AddressFamily;
import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
@@ -134,23 +134,22 @@ public class IpsecStateSpdCustomizer extends FutureJVppCustomizer
private SpdEntries translateDetailToEntry(final IpsecSpdDetails details) {
SpdEntriesBuilder builder = new SpdEntriesBuilder();
- builder.setDirection(IpsecTrafficDirection.forValue(details.isOutbound))
- .setIsIpv6(ByteDataTranslator.INSTANCE.byteToBoolean(details.isIpv6))
- .setPriority(details.priority);
- switch (details.policy) {
- case 0:
+ builder.setDirection(IpsecTrafficDirection.forValue(details.entry.isOutbound))
+ .setPriority(details.entry.priority);
+ switch (details.entry.policy) {
+ case IPSEC_API_SPD_ACTION_BYPASS:
builder.setOperation(IpsecSpdOperation.Bypass);
break;
- case 1:
+ case IPSEC_API_SPD_ACTION_DISCARD:
builder.setOperation(IpsecSpdOperation.Discard);
break;
- case 3:
+ case IPSEC_API_SPD_ACTION_PROTECT:
builder.setOperation(IpsecSpdOperation.Protect);
- builder.setProtectSaId(details.saId);
+ builder.setProtectSaId(details.entry.saId);
break;
}
- if (builder.isIsIpv6()) {
+ if (details.entry.localAddressStart != null && details.entry.localAddressStart.af.equals(AddressFamily.ADDRESS_IP6)) {
processIpv6AddressRanges(builder, details);
} else {
processIpv4AddressRanges(builder, details);
@@ -160,40 +159,62 @@ public class IpsecStateSpdCustomizer extends FutureJVppCustomizer
}
private void processIpv4AddressRanges(final SpdEntriesBuilder builder, final IpsecSpdDetails details) {
- if (details.localStartAddr != null && details.localStartAddr.length > 0) {
+ if (details.entry.localAddressStart != null &&
+ details.entry.localAddressStart.un.getIp4().ip4Address.length > 0) {
builder.setLaddrStart(IpAddressBuilder.getDefaultInstance(
- new IpAddressNoZone(arrayToIpv4AddressNoZone(details.localStartAddr)).stringValue()));
+ new IpAddressNoZone(
+ arrayToIpv4AddressNoZone(details.entry.localAddressStart.un.getIp4().ip4Address))
+ .stringValue()));
}
- if (details.localStopAddr != null && details.localStopAddr.length > 0) {
+ if (details.entry.localAddressStop != null &&
+ details.entry.localAddressStop.un.getIp4().ip4Address.length > 0) {
builder.setLaddrStop(IpAddressBuilder.getDefaultInstance(
- new IpAddressNoZone(arrayToIpv4AddressNoZone(details.localStopAddr)).stringValue()));
+ new IpAddressNoZone(arrayToIpv4AddressNoZone(details.entry.localAddressStop.un.getIp4().ip4Address))
+ .stringValue()));
}
- if (details.remoteStartAddr != null && details.remoteStartAddr.length > 0) {
+ if (details.entry.remoteAddressStart != null &&
+ details.entry.remoteAddressStart.un.getIp4().ip4Address.length > 0) {
builder.setRaddrStart(IpAddressBuilder.getDefaultInstance(
- new IpAddressNoZone(arrayToIpv4AddressNoZone(details.remoteStartAddr)).stringValue()));
+ new IpAddressNoZone(
+ arrayToIpv4AddressNoZone(details.entry.remoteAddressStart.un.getIp4().ip4Address))
+ .stringValue()));
}
- if (details.remoteStopAddr != null && details.remoteStopAddr.length > 0) {
+ if (details.entry.remoteAddressStop != null &&
+ details.entry.remoteAddressStop.un.getIp4().ip4Address.length > 0) {
builder.setRaddrStop(IpAddressBuilder.getDefaultInstance(
- new IpAddressNoZone(arrayToIpv4AddressNoZone(details.remoteStopAddr)).stringValue()));
+ new IpAddressNoZone(
+ arrayToIpv4AddressNoZone(details.entry.remoteAddressStop.un.getIp4().ip4Address))
+ .stringValue()));
}
}
private void processIpv6AddressRanges(final SpdEntriesBuilder builder, final IpsecSpdDetails details) {
- if (details.localStartAddr != null && details.localStartAddr.length > 0) {
+ if (details.entry.localAddressStart != null &&
+ details.entry.localAddressStart.un.getIp6().ip6Address.length > 0) {
builder.setLaddrStart(IpAddressBuilder.getDefaultInstance(
- new IpAddressNoZone(arrayToIpv6AddressNoZone(details.localStartAddr)).stringValue()));
+ new IpAddressNoZone(
+ arrayToIpv6AddressNoZone(details.entry.localAddressStart.un.getIp6().ip6Address))
+ .stringValue()));
}
- if (details.localStopAddr != null && details.localStopAddr.length > 0) {
+ if (details.entry.localAddressStop != null &&
+ details.entry.localAddressStop.un.getIp6().ip6Address.length > 0) {
builder.setLaddrStop(IpAddressBuilder.getDefaultInstance(
- new IpAddressNoZone(arrayToIpv6AddressNoZone(details.localStopAddr)).stringValue()));
+ new IpAddressNoZone(arrayToIpv6AddressNoZone(details.entry.localAddressStop.un.getIp6().ip6Address))
+ .stringValue()));
}
- if (details.remoteStartAddr != null && details.remoteStartAddr.length > 0) {
+ if (details.entry.remoteAddressStart != null &&
+ details.entry.remoteAddressStart.un.getIp6().ip6Address.length > 0) {
builder.setRaddrStart(IpAddressBuilder.getDefaultInstance(
- new IpAddressNoZone(arrayToIpv6AddressNoZone(details.remoteStartAddr)).stringValue()));
+ new IpAddressNoZone(
+ arrayToIpv6AddressNoZone(details.entry.remoteAddressStart.un.getIp6().ip6Address))
+ .stringValue()));
}
- if (details.remoteStopAddr != null && details.remoteStopAddr.length > 0) {
+ if (details.entry.remoteAddressStop != null &&
+ details.entry.remoteAddressStop.un.getIp6().ip6Address.length > 0) {
builder.setRaddrStop(IpAddressBuilder.getDefaultInstance(
- new IpAddressNoZone(arrayToIpv6AddressNoZone(details.remoteStopAddr)).stringValue()));
+ new IpAddressNoZone(
+ arrayToIpv6AddressNoZone(details.entry.remoteAddressStop.un.getIp6().ip6Address))
+ .stringValue()));
}
}
diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java
index c29137d26..1822b024f 100644
--- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java
+++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java
@@ -25,12 +25,19 @@ import io.fd.hc2vpp.common.translate.util.MultiNamingContext;
import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer;
import io.fd.honeycomb.translate.write.WriteContext;
import io.fd.honeycomb.translate.write.WriteFailedException;
-import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntry;
-import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntryReply;
+import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDel;
+import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDelReply;
import io.fd.vpp.jvpp.core.future.FutureJVppCore;
+import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg;
+import io.fd.vpp.jvpp.core.types.IpsecIntegAlg;
+import io.fd.vpp.jvpp.core.types.IpsecProto;
+import io.fd.vpp.jvpp.core.types.IpsecSadEntry;
+import io.fd.vpp.jvpp.core.types.IpsecSadFlags;
+import io.fd.vpp.jvpp.core.types.Key;
import java.util.concurrent.CompletionStage;
import javax.annotation.Nonnull;
import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecSadEntriesAugmentation;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecMode;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ip.address.grouping.IpAddress;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ip.address.grouping.ip.address.Ipv4Address;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ip.address.grouping.ip.address.Ipv6Address;
@@ -87,44 +94,54 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer
private void addDelEntry(final InstanceIdentifier<SadEntries> id,
final SadEntries dataAfter,
final WriteContext writeContext, boolean adding) throws WriteFailedException {
- final IpsecSadAddDelEntry entry = new IpsecSadAddDelEntry();
+ final IpsecSadEntryAddDel request = new IpsecSadEntryAddDel();
+ request.entry = new IpsecSadEntry();
IpsecSadEntriesAugmentation augment = dataAfter.augmentation(IpsecSadEntriesAugmentation.class);
if (augment != null && augment.getSaId() != null) {
- entry.sadId = augment.getSaId();
+ request.entry.sadId = augment.getSaId();
}
if (dataAfter.getSpi() != null) {
- entry.spi = dataAfter.getSpi().intValue();
+ request.entry.spi = dataAfter.getSpi().intValue();
}
- if (dataAfter.getAntiReplayWindow() != null) {
- entry.useAntiReplay = dataAfter.getAntiReplayWindow() > 0
- ? BYTE_TRUE
- : BYTE_FALSE;
+ request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_NONE;
+ if (dataAfter.getAntiReplayWindow() != null && dataAfter.getAntiReplayWindow() > 0) {
+ request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
}
- if (dataAfter.getSaMode() != null) {
- entry.isTunnel = Integer.valueOf(dataAfter.getSaMode().getIntValue()).byteValue();
+ if (dataAfter.getSaMode() != null && dataAfter.getSaMode().equals(IpsecMode.Tunnel)) {
+ //TODO check if flags can be set at once
+ if (dataAfter.getSourceAddress() != null &&
+ dataAfter.getSourceAddress().getIpAddress() instanceof Ipv4Address) {
+ request.entry.flags = IpsecSadFlags
+ .forValue((request.entry.flags.value + IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL.value));
+ } else if (dataAfter.getSourceAddress() != null &&
+ dataAfter.getSourceAddress().getIpAddress() instanceof Ipv6Address) {
+ request.entry.flags = IpsecSadFlags
+ .forValue((request.entry.flags.value + IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6.value));
+ }
}
- entry.isAdd = adding
+ request.isAdd = adding
? ByteDataTranslator.BYTE_TRUE
: ByteDataTranslator.BYTE_FALSE;
if (dataAfter.getEsp() != null) {
- entry.protocol = 1;
- fillEspAuthentication(entry, dataAfter.getEsp());
- fillEspEncryption(entry, dataAfter.getEsp());
+ request.entry.protocol = IpsecProto.IPSEC_API_PROTO_ESP;
+ fillEspAuthentication(request, dataAfter.getEsp());
+ fillEspEncryption(request, dataAfter.getEsp());
} else if (dataAfter.getAh() != null) {
- entry.protocol = 0;
- fillAhAuthentication(entry, dataAfter.getAh());
+ request.entry.protocol = IpsecProto.IPSEC_API_PROTO_AH;
+ fillAhAuthentication(request, dataAfter.getAh());
+ fillAhEncryption(request, dataAfter.getAh());
}
- fillAddresses(entry, dataAfter);
+ fillAddresses(request, dataAfter);
- LOG.debug("IPSec config change id={} request={}", id, entry);
- final CompletionStage<IpsecSadAddDelEntryReply> ipsecSadEntryAddDellReplyFuture =
- getFutureJVpp().ipsecSadAddDelEntry(entry);
+ LOG.debug("IPSec config change id={} request={}", id, request);
+ final CompletionStage<IpsecSadEntryAddDelReply> ipsecSadEntryAddDellReplyFuture =
+ getFutureJVpp().ipsecSadEntryAddDel(request);
getReplyForWrite(ipsecSadEntryAddDellReplyFuture.toCompletableFuture(), id);
if (adding) {
- sadEntryMapping.addChild(dataAfter.key().getDirection().getName(), entry.sadId,
+ sadEntryMapping.addChild(dataAfter.key().getDirection().getName(), request.entry.sadId,
String.valueOf(dataAfter.key().getSpi()), writeContext.getMappingContext());
} else {
sadEntryMapping
@@ -133,7 +150,7 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer
}
}
- private void fillAhAuthentication(IpsecSadAddDelEntry targetEntry, Ah data) {
+ private void fillAhAuthentication(IpsecSadEntryAddDel request, Ah data) {
//0 = None, 1 = MD5-96, 2 = SHA1-96, 3 = SHA-256, 4 = SHA-384, 5=SHA-512
AuthenticationAlgorithm authAlg = data.getAuthenticationAlgorithm();
if (authAlg != null) {
@@ -142,22 +159,33 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer
integKey =
((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.ah.grouping.ah.authentication.algorithm.HmacMd596) authAlg)
.getHmacMd596().getKeyStr().stringValue();
- targetEntry.integrityAlgorithm = 1;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96;
} else if (authAlg instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.ah.grouping.ah.authentication.algorithm.HmacSha196) {
integKey =
((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.ah.grouping.ah.authentication.algorithm.HmacSha196) authAlg)
.getHmacSha196().getKeyStr().stringValue();
- targetEntry.integrityAlgorithm = 2;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96;
} else {
- targetEntry.integrityAlgorithm = 0;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_NONE;
return;
}
- targetEntry.integrityKey = integKey.getBytes();
- targetEntry.integrityKeyLength = (byte) integKey.getBytes().length;
+ request.entry.integrityKey = new Key();
+ request.entry.integrityKey.data = integKey.getBytes();
+ request.entry.integrityKey.length = (byte) integKey.getBytes().length;
+ request.entry.cryptoKey = new Key();
+ request.entry.cryptoKey.data = null;
+ request.entry.cryptoKey.length = 0 ;
}
}
- private void fillEspAuthentication(IpsecSadAddDelEntry targetEntry, Esp data) {
+ private void fillAhEncryption(IpsecSadEntryAddDel request, Ah data) {
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE;
+ request.entry.cryptoKey = new Key();
+ request.entry.cryptoKey.data = null;
+ request.entry.cryptoKey.length = 0;
+ }
+
+ private void fillEspAuthentication(IpsecSadEntryAddDel request, Esp data) {
//0 = None, 1 = MD5-96, 2 = SHA1-96, 3 = SHA-256, 4 = SHA-384, 5=SHA-512
org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.esp.grouping.esp.Authentication
authAlg = data.getAuthentication();
@@ -165,57 +193,58 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer
String integKey;
if (authAlg.getAuthenticationAlgorithm() instanceof HmacMd596) {
integKey = ((HmacMd596) authAlg.getAuthenticationAlgorithm()).getHmacMd596().getKeyStr().stringValue();
- targetEntry.integrityAlgorithm = 1;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96;
} else if (authAlg.getAuthenticationAlgorithm() instanceof HmacSha196) {
integKey =
((HmacSha196) authAlg.getAuthenticationAlgorithm()).getHmacSha196().getKeyStr().stringValue();
- targetEntry.integrityAlgorithm = 2;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96;
} else {
- targetEntry.integrityAlgorithm = 0;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_NONE;
return;
}
- targetEntry.integrityKey = integKey.getBytes();
- targetEntry.integrityKeyLength = (byte) integKey.getBytes().length;
+ request.entry.integrityKey = new Key();
+ request.entry.integrityKey.data = integKey.getBytes();
+ request.entry.integrityKey.length = (byte) integKey.getBytes().length;
}
}
- private void fillEspEncryption(IpsecSadAddDelEntry targetEntry, Esp data) {
+ private void fillEspEncryption(IpsecSadEntryAddDel request, Esp data) {
//0 = Null, 1 = AES-CBC-128, 2 = AES-CBC-192, 3 = AES-CBC-256, 4 = 3DES-CBC
if (data.getEncryption() != null && data.getEncryption().getEncryptionAlgorithm() != null) {
String cryptoKey = "";
EncryptionAlgorithm encrAlg = data.getEncryption().getEncryptionAlgorithm();
if (encrAlg instanceof Aes128Cbc) {
cryptoKey = ((Aes128Cbc) encrAlg).getAes128Cbc().getKeyStr().stringValue();
- targetEntry.cryptoAlgorithm = 1;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_128;
} else if (encrAlg instanceof Aes192Cbc) {
cryptoKey = ((Aes192Cbc) encrAlg).getAes192Cbc().getKeyStr().stringValue();
- targetEntry.cryptoAlgorithm = 2;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_192;
} else if (encrAlg instanceof Aes256Cbc) {
cryptoKey = ((Aes256Cbc) encrAlg).getAes256Cbc().getKeyStr().stringValue();
- targetEntry.cryptoAlgorithm = 3;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_256;
} else if (encrAlg instanceof DesCbc) {
cryptoKey = ((DesCbc) encrAlg).getDesCbc().getKeyStr().stringValue();
- targetEntry.cryptoAlgorithm = 4;
+ // TODO verify before the value was "4" now the result is "10"
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_DES_CBC;
} else {
- targetEntry.cryptoAlgorithm = 0;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE;
return;
}
- targetEntry.cryptoKey = cryptoKey.getBytes();
- targetEntry.cryptoKeyLength = (byte) cryptoKey.getBytes().length;
+ request.entry.cryptoKey = new Key();
+ request.entry.cryptoKey.data = cryptoKey.getBytes();
+ request.entry.cryptoKey.length = (byte) cryptoKey.getBytes().length;
}
}
- private void fillAddresses(IpsecSadAddDelEntry targetEntry, SadEntries data) {
+ private void fillAddresses(IpsecSadEntryAddDel request, SadEntries data) {
if (data.getSourceAddress() != null && data.getSourceAddress().getIpAddress() != null) {
IpAddress sourceAddr = data.getSourceAddress().getIpAddress();
if (sourceAddr instanceof Ipv4Address) {
Ipv4Address ipv4 = (Ipv4Address) sourceAddr;
- targetEntry.isTunnelIpv6 = 0;
- targetEntry.tunnelSrcAddress = ipv4AddressNoZoneToArray(ipv4.getIpv4Address().getValue());
+ request.entry.tunnelSrc = ipv4AddressToAddress(ipv4.getIpv4Address());
} else if (sourceAddr instanceof Ipv6Address) {
Ipv6Address ipv6 = (Ipv6Address) sourceAddr;
- targetEntry.isTunnelIpv6 = 1;
- targetEntry.tunnelSrcAddress = ipv6AddressNoZoneToArray(ipv6.getIpv6Address());
+ request.entry.tunnelSrc = ipv6AddressToAddress(ipv6.getIpv6Address());
}
}
@@ -224,12 +253,10 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer
if (destAddr instanceof Ipv4Address) {
Ipv4Address ipv4 = (Ipv4Address) destAddr;
- targetEntry.isTunnelIpv6 = 0;
- targetEntry.tunnelDstAddress = ipv4AddressNoZoneToArray(ipv4.getIpv4Address().getValue());
+ request.entry.tunnelDst = ipv4AddressToAddress(ipv4.getIpv4Address());
} else if (destAddr instanceof Ipv6Address) {
Ipv6Address ipv6 = (Ipv6Address) destAddr;
- targetEntry.isTunnelIpv6 = 1;
- targetEntry.tunnelDstAddress = ipv6AddressNoZoneToArray(ipv6.getIpv6Address());
+ request.entry.tunnelDst = ipv6AddressToAddress(ipv6.getIpv6Address());
}
}
}
diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java
index 771cf676a..870eeb776 100644
--- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java
+++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java
@@ -25,8 +25,10 @@ import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer;
import io.fd.honeycomb.translate.write.WriteContext;
import io.fd.honeycomb.translate.write.WriteFailedException;
import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDel;
-import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDelEntry;
+import io.fd.vpp.jvpp.core.dto.IpsecSpdEntryAddDel;
import io.fd.vpp.jvpp.core.future.FutureJVppCore;
+import io.fd.vpp.jvpp.core.types.IpsecSpdAction;
+import io.fd.vpp.jvpp.core.types.IpsecSpdEntry;
import javax.annotation.Nonnull;
import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecSpdEntriesAugmentation;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.Spd;
@@ -78,71 +80,65 @@ public class IpsecSpdCustomizer extends FutureJVppCustomizer
private void addSpdEntry(final InstanceIdentifier<Spd> id, int spdId, final SpdEntries entry)
throws WriteFailedException {
- IpsecSpdAddDelEntry request = new IpsecSpdAddDelEntry();
- request.spdId = spdId;
+ IpsecSpdEntryAddDel request = new IpsecSpdEntryAddDel();
+ request.entry = new IpsecSpdEntry();
+ request.entry.spdId = spdId;
request.isAdd = ByteDataTranslator.BYTE_TRUE;
IpsecSpdEntriesAugmentation entryAug = entry.augmentation(IpsecSpdEntriesAugmentation.class);
if (entryAug == null) {
return;
}
- if (entryAug.isIsIpv6() != null) {
- request.isIpv6 = (byte) (entryAug.isIsIpv6()
- ? 1
- : 0);
- }
if (entryAug.getDirection() != null) {
- request.isOutbound = (byte) entryAug.getDirection().getIntValue();
+ request.entry.isOutbound = (byte) entryAug.getDirection().getIntValue();
}
if (entryAug.getPriority() != null) {
- request.priority = entryAug.getPriority();
+ request.entry.priority = entryAug.getPriority();
}
if (entryAug.getOperation() != null) {
final String operation = entryAug.getOperation().getName();
if (operation.equalsIgnoreCase("bypass")) {
- request.policy = (byte) 0;
+ request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_BYPASS;
} else if (operation.equalsIgnoreCase("discard")) {
- request.policy = (byte) 1;
+ request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_DISCARD;
} else if (operation.equalsIgnoreCase("protect")) {
- request.policy = (byte) 3;
+ request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_PROTECT;
}
}
if (entryAug.getLaddrStart() != null) {
if (entryAug.getLaddrStart().getIpv4Address() != null) {
- request.localAddressStart =
- ipv4AddressNoZoneToArray(entryAug.getLaddrStart().getIpv4Address().getValue());
+ request.entry.localAddressStart = ipv4AddressToAddress(entryAug.getLaddrStart().getIpv4Address());
} else if (entryAug.getLaddrStart().getIpv6Address() != null) {
- request.localAddressStart = ipv6AddressNoZoneToArray(entryAug.getLaddrStart().getIpv6Address());
+ request.entry.localAddressStart = ipv6AddressToAddress(entryAug.getLaddrStart().getIpv6Address());
}
}
if (entryAug.getLaddrStop() != null) {
if (entryAug.getLaddrStop().getIpv4Address() != null) {
- request.localAddressStop =
- ipv4AddressNoZoneToArray(entryAug.getLaddrStop().getIpv4Address().getValue());
+ request.entry.localAddressStop = ipv4AddressToAddress(entryAug.getLaddrStop().getIpv4Address());
} else if (entryAug.getLaddrStop().getIpv6Address() != null) {
- request.localAddressStop = ipv6AddressNoZoneToArray(entryAug.getLaddrStop().getIpv6Address());
+ request.entry.localAddressStop = ipv6AddressToAddress(entryAug.getLaddrStop().getIpv6Address());
}
}
if (entryAug.getRaddrStop() != null) {
if (entryAug.getRaddrStop().getIpv4Address() != null) {
- request.remoteAddressStop =
- ipv4AddressNoZoneToArray(entryAug.getRaddrStop().getIpv4Address().getValue());
+ request.entry.remoteAddressStop = ipv4AddressToAddress(entryAug.getRaddrStop().getIpv4Address());
} else if (entryAug.getRaddrStop().getIpv6Address() != null) {
- request.remoteAddressStop = ipv6AddressNoZoneToArray(entryAug.getRaddrStop().getIpv6Address());
+ request.entry.remoteAddressStop = ipv6AddressToAddress(entryAug.getRaddrStop().getIpv6Address());
}
}
if (entryAug.getRaddrStart() != null) {
if (entryAug.getRaddrStart().getIpv4Address() != null) {
- request.remoteAddressStart =
- ipv4AddressNoZoneToArray(entryAug.getRaddrStart().getIpv4Address().getValue());
+ request.entry.remoteAddressStart = ipv4AddressToAddress(entryAug.getRaddrStart().getIpv4Address());
} else if (entryAug.getRaddrStart().getIpv6Address() != null) {
- request.remoteAddressStart = ipv6AddressNoZoneToArray(entryAug.getRaddrStart().getIpv6Address());
+ request.entry.remoteAddressStart = ipv6AddressToAddress(entryAug.getRaddrStart().getIpv6Address());
}
}
- getReplyForWrite(getFutureJVpp().ipsecSpdAddDelEntry(request).toCompletableFuture(), id);
+
+ //TODO HC2VPP-403: missing local and remote port definitions
+ getReplyForWrite(getFutureJVpp().ipsecSpdEntryAddDel(request).toCompletableFuture(), id);
}
}
diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizerTest.java
index bf08fa8c3..8c2ad09f9 100644
--- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizerTest.java
+++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizerTest.java
@@ -30,6 +30,8 @@ import io.fd.vpp.jvpp.core.dto.IpsecSpdDetails;
import io.fd.vpp.jvpp.core.dto.IpsecSpdDetailsReplyDump;
import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetails;
import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetailsReplyDump;
+import io.fd.vpp.jvpp.core.types.IpsecSpdAction;
+import io.fd.vpp.jvpp.core.types.IpsecSpdEntry;
import java.util.LinkedList;
import org.junit.Test;
import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecStateSpdAugmentation;
@@ -38,6 +40,7 @@ import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.i
import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.ipsec.state.SpdBuilder;
import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.ipsec.state.SpdKey;
import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.ipsec.state.spd.SpdEntries;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Address;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecState;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
@@ -47,11 +50,10 @@ public class IpsecStateSpdCustomizerTest extends ReaderCustomizerTest<Spd, SpdBu
private static InstanceIdentifier<Spd> SPD_IID = InstanceIdentifier.create(IpsecState.class)
.augmentation(IpsecStateSpdAugmentation.class).child(Spd.class, new SpdKey(10));
- private static final String LOCAL_ADDR_START = "192.168.11.1";
- private static final String LOCAL_ADDR_END = "192.168.11.255";
+ private static final Ipv4Address LOCAL_ADDR_START = new Ipv4Address("192.168.11.1");
+ private static final Ipv4Address LOCAL_ADDR_END = new Ipv4Address("192.168.11.255");
private static final short PORT_START = 0;
private static final short PORT_END = Short.MAX_VALUE;
- private static final int POLICY_PROTECT = 3;
private static final int SPD_ID = 10;
private static final int SA_ID = 10;
private static final int PROTOCOL = 1;
@@ -71,17 +73,17 @@ public class IpsecStateSpdCustomizerTest extends ReaderCustomizerTest<Spd, SpdBu
final IpsecSpdDetailsReplyDump spdDetailsReply = new IpsecSpdDetailsReplyDump();
LinkedList<IpsecSpdDetails> spdDetails = new LinkedList<>();
IpsecSpdDetails spdDetail = new IpsecSpdDetails();
- spdDetail.isIpv6 = BYTE_FALSE;
- spdDetail.isOutbound = BYTE_TRUE;
- spdDetail.spdId = SPD_ID;
- spdDetail.protocol = PROTOCOL;
- spdDetail.localStartAddr = ipv4AddressNoZoneToArray(LOCAL_ADDR_START);
- spdDetail.localStopAddr = ipv4AddressNoZoneToArray(LOCAL_ADDR_END);
- spdDetail.localStartPort = PORT_START;
- spdDetail.localStopPort = PORT_END;
- spdDetail.policy = POLICY_PROTECT;
- spdDetail.saId = SA_ID;
- spdDetail.priority = PRIORITY;
+ spdDetail.entry = new IpsecSpdEntry();
+ spdDetail.entry.isOutbound = BYTE_TRUE;
+ spdDetail.entry.spdId = SPD_ID;
+ spdDetail.entry.protocol = PROTOCOL;
+ spdDetail.entry.localAddressStart = ipv4AddressToAddress(LOCAL_ADDR_START);
+ spdDetail.entry.localAddressStop = ipv4AddressToAddress(LOCAL_ADDR_END);
+ spdDetail.entry.localPortStart = PORT_START;
+ spdDetail.entry.localPortStop = PORT_END;
+ spdDetail.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_PROTECT;
+ spdDetail.entry.saId = SA_ID;
+ spdDetail.entry.priority = PRIORITY;
spdDetails.add(spdDetail);
spdDetailsReply.ipsecSpdDetails = spdDetails;
when(api.ipsecSpdDump(any())).thenReturn(future(spdDetailsReply));
diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java
index e477467db..81588fea7 100644
--- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java
+++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java
@@ -16,6 +16,8 @@
package io.fd.hc2vpp.ipsec.write;
+import static io.fd.vpp.jvpp.core.types.IpsecSadFlags.IPSEC_API_SAD_FLAG_NONE;
+import static org.junit.Assert.assertEquals;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@@ -29,11 +31,19 @@ import io.fd.hc2vpp.ipsec.helpers.SchemaContextTestHelper;
import io.fd.honeycomb.test.tools.HoneycombTestRunner;
import io.fd.honeycomb.test.tools.annotations.InjectTestData;
import io.fd.honeycomb.translate.write.WriteFailedException;
-import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntry;
-import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntryReply;
+import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDel;
+import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDelReply;
+import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg;
+import io.fd.vpp.jvpp.core.types.IpsecIntegAlg;
+import io.fd.vpp.jvpp.core.types.IpsecProto;
+import io.fd.vpp.jvpp.core.types.IpsecSadEntry;
+import io.fd.vpp.jvpp.core.types.IpsecSadFlags;
+import io.fd.vpp.jvpp.core.types.IpsecSpdEntry;
+import io.fd.vpp.jvpp.core.types.Key;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Address;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Address;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IkeEncryptionAlgorithmT;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IkeIntegrityAlgorithmT;
@@ -68,8 +78,8 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements
InstanceIdentifier.create(Ipsec.class).child(Sad.class);
private static final String INTEG_KEY = "0123456789012346";
private static final String CRYPTO_KEY = "9876543210987654";
- private static final String TNL_SRC_ADDR = "192.168.1.1";
- private static final String TNL_DST_ADDR = "192.168.1.2";
+ private static final Ipv4Address TNL_SRC_ADDR = new Ipv4Address("192.168.1.1");
+ private static final Ipv4Address TNL_DST_ADDR = new Ipv4Address("192.168.1.2");
private static final int SPI_1002 = 1002;
private static final int SAD_ID = 10;
@@ -80,29 +90,30 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements
@Override
protected void setUpTest() throws Exception {
customizer = new IpsecSadEntryCustomizer(api, namingCntext);
- when(api.ipsecSadAddDelEntry(any())).thenReturn(future(new IpsecSadAddDelEntryReply()));
+ when(api.ipsecSadEntryAddDel(any())).thenReturn(future(new IpsecSadEntryAddDelReply()));
}
@Test
public void testWrite(@InjectTestData(resourcePath = "/sadEntries/addDelSadEntry.json", id = SAD_PATH) Sad sad)
throws WriteFailedException {
final SadEntries data = sad.getSadEntries().get(0);
- final IpsecSadAddDelEntry request = new IpsecSadAddDelEntry();
+ final IpsecSadEntryAddDel request = new IpsecSadEntryAddDel();
request.isAdd = BYTE_TRUE;
- request.spi = SPI_1002;
- request.sadId = SAD_ID;
- request.isTunnel = BYTE_TRUE;
- request.isTunnelIpv6 = BYTE_FALSE;
- request.integrityKey = INTEG_KEY.getBytes();
- request.integrityKeyLength = (byte) request.integrityKey.length;
- request.cryptoKey = CRYPTO_KEY.getBytes();
- request.cryptoKeyLength = (byte) request.cryptoKey.length;
- request.useAntiReplay = 0;
- request.tunnelSrcAddress = ipv4AddressNoZoneToArray(TNL_SRC_ADDR);
- request.tunnelDstAddress = ipv4AddressNoZoneToArray(TNL_DST_ADDR);
+ request.entry = new io.fd.vpp.jvpp.core.types.IpsecSadEntry();
+ request.entry.spi = SPI_1002;
+ request.entry.sadId = SAD_ID;
+ request.entry.integrityKey = new Key();
+ request.entry.integrityKey.data = INTEG_KEY.getBytes();
+ request.entry.integrityKey.length = (byte) INTEG_KEY.getBytes().length;
+ request.entry.cryptoKey = new Key();
+ request.entry.cryptoKey.data = CRYPTO_KEY.getBytes();
+ request.entry.cryptoKey.length = (byte) CRYPTO_KEY.getBytes().length;
+ request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL;
+ request.entry.tunnelSrc = ipv4AddressToAddress(TNL_SRC_ADDR);
+ request.entry.tunnelDst = ipv4AddressToAddress(TNL_DST_ADDR);
// ESP
- request.protocol = BYTE_TRUE; //0 = AH, 1 = ESP
+ request.entry.protocol = IpsecProto.IPSEC_API_PROTO_ESP;
// - auth MD5-96
// - crypto Aes-Cbc-128
testEspAuthEncrCombination(data, IkeIntegrityAlgorithmT.AuthHmacMd596,
@@ -132,10 +143,11 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements
IkeEncryptionAlgorithmT.EncrDes, request);
// AH
- request.protocol = BYTE_FALSE;
- request.cryptoAlgorithm = 0;
- request.cryptoKey = null;
- request.cryptoKeyLength = 0;
+ request.entry.protocol = IpsecProto.IPSEC_API_PROTO_AH;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE;
+ request.entry.cryptoKey = new Key();
+ request.entry.cryptoKey.data = null;
+ request.entry.cryptoKey.length = 0;
// - auth SHA1-96
testAhAuthorization(data, IkeIntegrityAlgorithmT.AuthHmacSha196, request);
// - auth MD5-96
@@ -151,20 +163,24 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements
final SadEntries after = relayAfter.getSadEntries().get(0);
final Long spi = after.getSpi();
customizer.updateCurrentAttributes(getId(IpsecTrafficDirection.Outbound, spi), before, after, writeContext);
- final IpsecSadAddDelEntry request = new IpsecSadAddDelEntry();
+ final IpsecSadEntryAddDel request = new IpsecSadEntryAddDel();
request.isAdd = BYTE_TRUE;
- request.spi = SPI_1002;
- request.sadId = SAD_ID;
- request.protocol = BYTE_FALSE;
- request.isTunnel = BYTE_FALSE;
- request.isTunnelIpv6 = BYTE_TRUE;
- request.integrityAlgorithm = 1;
- request.integrityKey = INTEG_KEY.getBytes();
- request.integrityKeyLength = (byte) request.integrityKey.length;
- request.useAntiReplay = BYTE_TRUE;
- request.tunnelSrcAddress = ipv6AddressNoZoneToArray(Ipv6Address.getDefaultInstance("2001::11"));
- request.tunnelDstAddress = ipv6AddressNoZoneToArray(Ipv6Address.getDefaultInstance("2001::12"));
- verify(api).ipsecSadAddDelEntry(request);
+ request.entry = new IpsecSadEntry();
+ request.entry.spi = SPI_1002;
+ request.entry.sadId = SAD_ID;
+ request.entry.protocol = IpsecProto.IPSEC_API_PROTO_AH;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96;
+ request.entry.integrityKey = new Key();
+ request.entry.integrityKey.data = INTEG_KEY.getBytes();
+ request.entry.integrityKey.length = (byte) INTEG_KEY.getBytes().length;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE;
+ request.entry.cryptoKey = new Key();
+ request.entry.cryptoKey.data = null;
+ request.entry.cryptoKey.length = 0;
+ request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
+ request.entry.tunnelSrc = ipv6AddressToAddress(Ipv6Address.getDefaultInstance("2001::11"));
+ request.entry.tunnelDst = ipv6AddressToAddress(Ipv6Address.getDefaultInstance("2001::12"));
+ verify(api).ipsecSadEntryAddDel(request);
}
@Test
@@ -173,11 +189,13 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements
final SadEntries data = sad.getSadEntries().get(0);
final Long spi = data.getSpi();
customizer.deleteCurrentAttributes(getId(IpsecTrafficDirection.Outbound, spi), data, writeContext);
- final IpsecSadAddDelEntry request = new IpsecSadAddDelEntry();
+ final IpsecSadEntryAddDel request = new IpsecSadEntryAddDel();
request.isAdd = BYTE_FALSE;
- request.spi = SPI_1002;
- request.sadId = SAD_ID;
- verify(api).ipsecSadAddDelEntry(request);
+ request.entry = new IpsecSadEntry();
+ request.entry.spi = SPI_1002;
+ request.entry.sadId = SAD_ID;
+ request.entry.flags = IPSEC_API_SAD_FLAG_NONE;
+ verify(api).ipsecSadEntryAddDel(request);
}
private InstanceIdentifier<SadEntries> getId(final IpsecTrafficDirection direction, final Long spi) {
@@ -185,7 +203,7 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements
}
private void testAhAuthorization(final SadEntries otherData, final IkeIntegrityAlgorithmT authAlg,
- final IpsecSadAddDelEntry request) throws WriteFailedException {
+ final IpsecSadEntryAddDel request) throws WriteFailedException {
SadEntriesBuilder builder = new SadEntriesBuilder(otherData);
builder.setEsp(null);
AhBuilder ahBuilder = new AhBuilder();
@@ -193,11 +211,11 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements
builder.setAh(ahBuilder.build());
customizer.writeCurrentAttributes(getId(IpsecTrafficDirection.Outbound, Integer.toUnsignedLong(SPI_1002)),
builder.build(), writeContext);
- verify(api).ipsecSadAddDelEntry(request);
+ verify(api).ipsecSadEntryAddDel(request);
}
private void testEspAuthEncrCombination(final SadEntries otherData, final IkeIntegrityAlgorithmT authAlg,
- final IkeEncryptionAlgorithmT encrAlg, final IpsecSadAddDelEntry request)
+ final IkeEncryptionAlgorithmT encrAlg, final IpsecSadEntryAddDel request)
throws WriteFailedException {
SadEntriesBuilder builder = new SadEntriesBuilder(otherData);
builder.setAh(null);
@@ -209,26 +227,26 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements
builder.build(), writeContext);
if (encrAlg == IkeEncryptionAlgorithmT.EncrAesCbc128) {
- request.cryptoAlgorithm = 1;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_128;
} else if (encrAlg == IkeEncryptionAlgorithmT.EncrAesCbc192) {
- request.cryptoAlgorithm = 2;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_192;
} else if (encrAlg == IkeEncryptionAlgorithmT.EncrAesCbc256) {
- request.cryptoAlgorithm = 3;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_256;
} else if (encrAlg == IkeEncryptionAlgorithmT.EncrDes) {
- request.cryptoAlgorithm = 4;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_DES_CBC;
} else {
- request.cryptoAlgorithm = 0;
+ request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE;
}
if (authAlg == IkeIntegrityAlgorithmT.AuthHmacMd596) {
- request.integrityAlgorithm = 1;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96;
} else if (authAlg == IkeIntegrityAlgorithmT.AuthHmacSha196) {
- request.integrityAlgorithm = 2;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96;
} else {
- request.integrityAlgorithm = 0;
+ request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_NONE;
}
- verify(api).ipsecSadAddDelEntry(request);
+ verify(api).ipsecSadEntryAddDel(request);
}
private Encryption getEspEncryption(IkeEncryptionAlgorithmT alg) {
diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizerTest.java
index a4b294002..da9b7425b 100644
--- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizerTest.java
+++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizerTest.java
@@ -29,9 +29,11 @@ import io.fd.honeycomb.test.tools.HoneycombTestRunner;
import io.fd.honeycomb.test.tools.annotations.InjectTestData;
import io.fd.honeycomb.translate.write.WriteFailedException;
import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDel;
-import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDelEntry;
-import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDelEntryReply;
import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDelReply;
+import io.fd.vpp.jvpp.core.dto.IpsecSpdEntryAddDel;
+import io.fd.vpp.jvpp.core.dto.IpsecSpdEntryAddDelReply;
+import io.fd.vpp.jvpp.core.types.IpsecSpdAction;
+import io.fd.vpp.jvpp.core.types.IpsecSpdEntry;
import java.util.Collections;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -56,7 +58,7 @@ public class IpsecSpdCustomizerTest extends WriterCustomizerTest implements Sche
protected void setUpTest() throws Exception {
customizer = new IpsecSpdCustomizer(api);
when(api.ipsecSpdAddDel(any())).thenReturn(future(new IpsecSpdAddDelReply()));
- when(api.ipsecSpdAddDelEntry(any())).thenReturn(future(new IpsecSpdAddDelEntryReply()));
+ when(api.ipsecSpdEntryAddDel(any())).thenReturn(future(new IpsecSpdEntryAddDelReply()));
}
@Test
@@ -69,8 +71,8 @@ public class IpsecSpdCustomizerTest extends WriterCustomizerTest implements Sche
createSpdRequest.spdId = SPD_ID;
verify(api).ipsecSpdAddDel(createSpdRequest);
- verify(api).ipsecSpdAddDelEntry(translateSpdEntry(spd.getSpdEntries().get(0), SPD_ID, true));
- verify(api).ipsecSpdAddDelEntry(translateSpdEntry(spd.getSpdEntries().get(1), SPD_ID, true));
+ verify(api).ipsecSpdEntryAddDel(translateSpdEntry(spd.getSpdEntries().get(0), SPD_ID, true));
+ verify(api).ipsecSpdEntryAddDel(translateSpdEntry(spd.getSpdEntries().get(1), SPD_ID, true));
}
@Test
@@ -81,7 +83,7 @@ public class IpsecSpdCustomizerTest extends WriterCustomizerTest implements Sche
Spd before = ipsecBefore.getSpd().get(0);
Spd after = ipsecAfter.getSpd().get(0);
customizer.updateCurrentAttributes(getSpdId(SPD_ID), before, after, writeContext);
- verify(api).ipsecSpdAddDelEntry(translateSpdEntry(after.getSpdEntries().get(0), SPD_ID, true));
+ verify(api).ipsecSpdEntryAddDel(translateSpdEntry(after.getSpdEntries().get(0), SPD_ID, true));
}
@Test
@@ -102,71 +104,64 @@ public class IpsecSpdCustomizerTest extends WriterCustomizerTest implements Sche
return InstanceIdentifier.create(Ipsec.class).child(Spd.class, new SpdKey(spdId));
}
- private IpsecSpdAddDelEntry translateSpdEntry(final SpdEntries entry, int spdId, boolean isAdd) {
- IpsecSpdAddDelEntry request = new IpsecSpdAddDelEntry();
- request.spdId = spdId;
+ private IpsecSpdEntryAddDel translateSpdEntry(final SpdEntries entry, int spdId, boolean isAdd) {
+ IpsecSpdEntryAddDel request = new IpsecSpdEntryAddDel();
+ request.entry = new IpsecSpdEntry();
+ request.entry.spdId = spdId;
request.isAdd = isAdd
? BYTE_TRUE
: BYTE_FALSE;
IpsecSpdEntriesAugmentation aug = entry.augmentation(IpsecSpdEntriesAugmentation.class);
if (aug != null) {
- if (aug.isIsIpv6() != null) {
- request.isIpv6 = (byte) (aug.isIsIpv6()
- ? 1
- : 0);
- }
if (aug.getDirection() != null) {
- request.isOutbound = (byte) aug.getDirection().getIntValue();
+ request.entry.isOutbound = (byte) aug.getDirection().getIntValue();
}
if (aug.getPriority() != null) {
- request.priority = aug.getPriority();
+ request.entry.priority = aug.getPriority();
}
if (aug.getOperation() != null) {
final String operation = aug.getOperation().getName();
if (operation.equalsIgnoreCase("bypass")) {
- request.policy = (byte) 0;
+ request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_BYPASS;
} else if (operation.equalsIgnoreCase("discard")) {
- request.policy = (byte) 1;
+ request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_DISCARD;
} else if (operation.equalsIgnoreCase("protect")) {
- request.policy = (byte) 3;
+ request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_PROTECT;
}
}
if (aug.getLaddrStart() != null) {
if (aug.getLaddrStart().getIpv4Address() != null) {
- request.localAddressStart =
- ipv4AddressNoZoneToArray(aug.getLaddrStart().getIpv4Address().getValue());
+ request.entry.localAddressStart = ipv4AddressToAddress(aug.getLaddrStart().getIpv4Address());
} else if (aug.getLaddrStart().getIpv6Address() != null) {
- request.localAddressStart = ipv6AddressNoZoneToArray(aug.getLaddrStart().getIpv6Address());
+ request.entry.localAddressStart = ipv6AddressToAddress(aug.getLaddrStart().getIpv6Address());
}
}
if (aug.getLaddrStop() != null) {
if (aug.getLaddrStop().getIpv4Address() != null) {
- request.localAddressStop = ipv4AddressNoZoneToArray(aug.getLaddrStop().getIpv4Address().getValue());
+ request.entry.localAddressStop = ipv4AddressToAddress(aug.getLaddrStop().getIpv4Address());
} else if (aug.getLaddrStop().getIpv6Address() != null) {
- request.localAddressStop = ipv6AddressNoZoneToArray(aug.getLaddrStop().getIpv6Address());
+ request.entry.localAddressStop = ipv6AddressToAddress(aug.getLaddrStop().getIpv6Address());
}
}
if (aug.getRaddrStop() != null) {
if (aug.getRaddrStop().getIpv4Address() != null) {
- request.remoteAddressStop =
- ipv4AddressNoZoneToArray(aug.getRaddrStop().getIpv4Address().getValue());
+ request.entry.remoteAddressStop = ipv4AddressToAddress(aug.getRaddrStop().getIpv4Address());
} else if (aug.getRaddrStop().getIpv6Address() != null) {
- request.remoteAddressStop = ipv6AddressNoZoneToArray(aug.getRaddrStop().getIpv6Address());
+ request.entry.remoteAddressStop = ipv6AddressToAddress(aug.getRaddrStop().getIpv6Address());
}
}
if (aug.getRaddrStart() != null) {
if (aug.getRaddrStart().getIpv4Address() != null) {
- request.remoteAddressStart =
- ipv4AddressNoZoneToArray(aug.getRaddrStart().getIpv4Address().getValue());
+ request.entry.remoteAddressStart = ipv4AddressToAddress(aug.getRaddrStart().getIpv4Address());
} else if (aug.getRaddrStart().getIpv6Address() != null) {
- request.remoteAddressStart = ipv6AddressNoZoneToArray(aug.getRaddrStart().getIpv6Address());
+ request.entry.remoteAddressStart = ipv6AddressToAddress(aug.getRaddrStart().getIpv6Address());
}
}
}