From 3751ef96ae1427cc8d5ecb9cbba705e837bb63ca Mon Sep 17 00:00:00 2001 From: Michal Cmarada Date: Wed, 6 Feb 2019 09:41:39 +0100 Subject: fix after changes in VPP API - fixes for mac adress - fixes for ipaddress - fixes refactoring in ipsec Change-Id: Idc3e3557b72a5f1ac5b32b9738d90ca23ed6ed9e Signed-off-by: Michal Cmarada --- .../hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java | 73 +++++++----- .../ipsec/write/IpsecSadEntryCustomizer.java | 129 +++++++++++++-------- .../fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java | 48 ++++---- 3 files changed, 147 insertions(+), 103 deletions(-) (limited to 'ipsec/ipsec-impl/src/main/java/io/fd') diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java index 45f54cdb8..a9a20cff0 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateSpdCustomizer.java @@ -17,7 +17,6 @@ package io.fd.hc2vpp.ipsec.read; import com.google.common.base.Optional; -import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; import io.fd.hc2vpp.common.translate.util.FutureJVppCustomizer; import io.fd.hc2vpp.common.translate.util.Ipv4Translator; import io.fd.hc2vpp.common.translate.util.Ipv6Translator; @@ -35,6 +34,7 @@ import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetails; import io.fd.vpp.jvpp.core.dto.IpsecSpdsDetailsReplyDump; import io.fd.vpp.jvpp.core.dto.IpsecSpdsDump; import io.fd.vpp.jvpp.core.future.FutureJVppCore; +import io.fd.vpp.jvpp.core.types.AddressFamily; import java.util.LinkedList; import java.util.List; import java.util.stream.Collectors; @@ -134,23 +134,22 @@ public class IpsecStateSpdCustomizer extends FutureJVppCustomizer private SpdEntries translateDetailToEntry(final IpsecSpdDetails details) { SpdEntriesBuilder builder = new SpdEntriesBuilder(); - builder.setDirection(IpsecTrafficDirection.forValue(details.isOutbound)) - .setIsIpv6(ByteDataTranslator.INSTANCE.byteToBoolean(details.isIpv6)) - .setPriority(details.priority); - switch (details.policy) { - case 0: + builder.setDirection(IpsecTrafficDirection.forValue(details.entry.isOutbound)) + .setPriority(details.entry.priority); + switch (details.entry.policy) { + case IPSEC_API_SPD_ACTION_BYPASS: builder.setOperation(IpsecSpdOperation.Bypass); break; - case 1: + case IPSEC_API_SPD_ACTION_DISCARD: builder.setOperation(IpsecSpdOperation.Discard); break; - case 3: + case IPSEC_API_SPD_ACTION_PROTECT: builder.setOperation(IpsecSpdOperation.Protect); - builder.setProtectSaId(details.saId); + builder.setProtectSaId(details.entry.saId); break; } - if (builder.isIsIpv6()) { + if (details.entry.localAddressStart != null && details.entry.localAddressStart.af.equals(AddressFamily.ADDRESS_IP6)) { processIpv6AddressRanges(builder, details); } else { processIpv4AddressRanges(builder, details); @@ -160,40 +159,62 @@ public class IpsecStateSpdCustomizer extends FutureJVppCustomizer } private void processIpv4AddressRanges(final SpdEntriesBuilder builder, final IpsecSpdDetails details) { - if (details.localStartAddr != null && details.localStartAddr.length > 0) { + if (details.entry.localAddressStart != null && + details.entry.localAddressStart.un.getIp4().ip4Address.length > 0) { builder.setLaddrStart(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv4AddressNoZone(details.localStartAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv4AddressNoZone(details.entry.localAddressStart.un.getIp4().ip4Address)) + .stringValue())); } - if (details.localStopAddr != null && details.localStopAddr.length > 0) { + if (details.entry.localAddressStop != null && + details.entry.localAddressStop.un.getIp4().ip4Address.length > 0) { builder.setLaddrStop(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv4AddressNoZone(details.localStopAddr)).stringValue())); + new IpAddressNoZone(arrayToIpv4AddressNoZone(details.entry.localAddressStop.un.getIp4().ip4Address)) + .stringValue())); } - if (details.remoteStartAddr != null && details.remoteStartAddr.length > 0) { + if (details.entry.remoteAddressStart != null && + details.entry.remoteAddressStart.un.getIp4().ip4Address.length > 0) { builder.setRaddrStart(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv4AddressNoZone(details.remoteStartAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv4AddressNoZone(details.entry.remoteAddressStart.un.getIp4().ip4Address)) + .stringValue())); } - if (details.remoteStopAddr != null && details.remoteStopAddr.length > 0) { + if (details.entry.remoteAddressStop != null && + details.entry.remoteAddressStop.un.getIp4().ip4Address.length > 0) { builder.setRaddrStop(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv4AddressNoZone(details.remoteStopAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv4AddressNoZone(details.entry.remoteAddressStop.un.getIp4().ip4Address)) + .stringValue())); } } private void processIpv6AddressRanges(final SpdEntriesBuilder builder, final IpsecSpdDetails details) { - if (details.localStartAddr != null && details.localStartAddr.length > 0) { + if (details.entry.localAddressStart != null && + details.entry.localAddressStart.un.getIp6().ip6Address.length > 0) { builder.setLaddrStart(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv6AddressNoZone(details.localStartAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv6AddressNoZone(details.entry.localAddressStart.un.getIp6().ip6Address)) + .stringValue())); } - if (details.localStopAddr != null && details.localStopAddr.length > 0) { + if (details.entry.localAddressStop != null && + details.entry.localAddressStop.un.getIp6().ip6Address.length > 0) { builder.setLaddrStop(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv6AddressNoZone(details.localStopAddr)).stringValue())); + new IpAddressNoZone(arrayToIpv6AddressNoZone(details.entry.localAddressStop.un.getIp6().ip6Address)) + .stringValue())); } - if (details.remoteStartAddr != null && details.remoteStartAddr.length > 0) { + if (details.entry.remoteAddressStart != null && + details.entry.remoteAddressStart.un.getIp6().ip6Address.length > 0) { builder.setRaddrStart(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv6AddressNoZone(details.remoteStartAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv6AddressNoZone(details.entry.remoteAddressStart.un.getIp6().ip6Address)) + .stringValue())); } - if (details.remoteStopAddr != null && details.remoteStopAddr.length > 0) { + if (details.entry.remoteAddressStop != null && + details.entry.remoteAddressStop.un.getIp6().ip6Address.length > 0) { builder.setRaddrStop(IpAddressBuilder.getDefaultInstance( - new IpAddressNoZone(arrayToIpv6AddressNoZone(details.remoteStopAddr)).stringValue())); + new IpAddressNoZone( + arrayToIpv6AddressNoZone(details.entry.remoteAddressStop.un.getIp6().ip6Address)) + .stringValue())); } } diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java index c29137d26..1822b024f 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java @@ -25,12 +25,19 @@ import io.fd.hc2vpp.common.translate.util.MultiNamingContext; import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer; import io.fd.honeycomb.translate.write.WriteContext; import io.fd.honeycomb.translate.write.WriteFailedException; -import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntry; -import io.fd.vpp.jvpp.core.dto.IpsecSadAddDelEntryReply; +import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDel; +import io.fd.vpp.jvpp.core.dto.IpsecSadEntryAddDelReply; import io.fd.vpp.jvpp.core.future.FutureJVppCore; +import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg; +import io.fd.vpp.jvpp.core.types.IpsecIntegAlg; +import io.fd.vpp.jvpp.core.types.IpsecProto; +import io.fd.vpp.jvpp.core.types.IpsecSadEntry; +import io.fd.vpp.jvpp.core.types.IpsecSadFlags; +import io.fd.vpp.jvpp.core.types.Key; import java.util.concurrent.CompletionStage; import javax.annotation.Nonnull; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecSadEntriesAugmentation; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecMode; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ip.address.grouping.IpAddress; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ip.address.grouping.ip.address.Ipv4Address; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ip.address.grouping.ip.address.Ipv6Address; @@ -87,44 +94,54 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer private void addDelEntry(final InstanceIdentifier id, final SadEntries dataAfter, final WriteContext writeContext, boolean adding) throws WriteFailedException { - final IpsecSadAddDelEntry entry = new IpsecSadAddDelEntry(); + final IpsecSadEntryAddDel request = new IpsecSadEntryAddDel(); + request.entry = new IpsecSadEntry(); IpsecSadEntriesAugmentation augment = dataAfter.augmentation(IpsecSadEntriesAugmentation.class); if (augment != null && augment.getSaId() != null) { - entry.sadId = augment.getSaId(); + request.entry.sadId = augment.getSaId(); } if (dataAfter.getSpi() != null) { - entry.spi = dataAfter.getSpi().intValue(); + request.entry.spi = dataAfter.getSpi().intValue(); } - if (dataAfter.getAntiReplayWindow() != null) { - entry.useAntiReplay = dataAfter.getAntiReplayWindow() > 0 - ? BYTE_TRUE - : BYTE_FALSE; + request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_NONE; + if (dataAfter.getAntiReplayWindow() != null && dataAfter.getAntiReplayWindow() > 0) { + request.entry.flags = IpsecSadFlags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY; } - if (dataAfter.getSaMode() != null) { - entry.isTunnel = Integer.valueOf(dataAfter.getSaMode().getIntValue()).byteValue(); + if (dataAfter.getSaMode() != null && dataAfter.getSaMode().equals(IpsecMode.Tunnel)) { + //TODO check if flags can be set at once + if (dataAfter.getSourceAddress() != null && + dataAfter.getSourceAddress().getIpAddress() instanceof Ipv4Address) { + request.entry.flags = IpsecSadFlags + .forValue((request.entry.flags.value + IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL.value)); + } else if (dataAfter.getSourceAddress() != null && + dataAfter.getSourceAddress().getIpAddress() instanceof Ipv6Address) { + request.entry.flags = IpsecSadFlags + .forValue((request.entry.flags.value + IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6.value)); + } } - entry.isAdd = adding + request.isAdd = adding ? ByteDataTranslator.BYTE_TRUE : ByteDataTranslator.BYTE_FALSE; if (dataAfter.getEsp() != null) { - entry.protocol = 1; - fillEspAuthentication(entry, dataAfter.getEsp()); - fillEspEncryption(entry, dataAfter.getEsp()); + request.entry.protocol = IpsecProto.IPSEC_API_PROTO_ESP; + fillEspAuthentication(request, dataAfter.getEsp()); + fillEspEncryption(request, dataAfter.getEsp()); } else if (dataAfter.getAh() != null) { - entry.protocol = 0; - fillAhAuthentication(entry, dataAfter.getAh()); + request.entry.protocol = IpsecProto.IPSEC_API_PROTO_AH; + fillAhAuthentication(request, dataAfter.getAh()); + fillAhEncryption(request, dataAfter.getAh()); } - fillAddresses(entry, dataAfter); + fillAddresses(request, dataAfter); - LOG.debug("IPSec config change id={} request={}", id, entry); - final CompletionStage ipsecSadEntryAddDellReplyFuture = - getFutureJVpp().ipsecSadAddDelEntry(entry); + LOG.debug("IPSec config change id={} request={}", id, request); + final CompletionStage ipsecSadEntryAddDellReplyFuture = + getFutureJVpp().ipsecSadEntryAddDel(request); getReplyForWrite(ipsecSadEntryAddDellReplyFuture.toCompletableFuture(), id); if (adding) { - sadEntryMapping.addChild(dataAfter.key().getDirection().getName(), entry.sadId, + sadEntryMapping.addChild(dataAfter.key().getDirection().getName(), request.entry.sadId, String.valueOf(dataAfter.key().getSpi()), writeContext.getMappingContext()); } else { sadEntryMapping @@ -133,7 +150,7 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer } } - private void fillAhAuthentication(IpsecSadAddDelEntry targetEntry, Ah data) { + private void fillAhAuthentication(IpsecSadEntryAddDel request, Ah data) { //0 = None, 1 = MD5-96, 2 = SHA1-96, 3 = SHA-256, 4 = SHA-384, 5=SHA-512 AuthenticationAlgorithm authAlg = data.getAuthenticationAlgorithm(); if (authAlg != null) { @@ -142,22 +159,33 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer integKey = ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.ah.grouping.ah.authentication.algorithm.HmacMd596) authAlg) .getHmacMd596().getKeyStr().stringValue(); - targetEntry.integrityAlgorithm = 1; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96; } else if (authAlg instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.ah.grouping.ah.authentication.algorithm.HmacSha196) { integKey = ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.ah.grouping.ah.authentication.algorithm.HmacSha196) authAlg) .getHmacSha196().getKeyStr().stringValue(); - targetEntry.integrityAlgorithm = 2; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96; } else { - targetEntry.integrityAlgorithm = 0; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_NONE; return; } - targetEntry.integrityKey = integKey.getBytes(); - targetEntry.integrityKeyLength = (byte) integKey.getBytes().length; + request.entry.integrityKey = new Key(); + request.entry.integrityKey.data = integKey.getBytes(); + request.entry.integrityKey.length = (byte) integKey.getBytes().length; + request.entry.cryptoKey = new Key(); + request.entry.cryptoKey.data = null; + request.entry.cryptoKey.length = 0 ; } } - private void fillEspAuthentication(IpsecSadAddDelEntry targetEntry, Esp data) { + private void fillAhEncryption(IpsecSadEntryAddDel request, Ah data) { + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE; + request.entry.cryptoKey = new Key(); + request.entry.cryptoKey.data = null; + request.entry.cryptoKey.length = 0; + } + + private void fillEspAuthentication(IpsecSadEntryAddDel request, Esp data) { //0 = None, 1 = MD5-96, 2 = SHA1-96, 3 = SHA-256, 4 = SHA-384, 5=SHA-512 org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.esp.grouping.esp.Authentication authAlg = data.getAuthentication(); @@ -165,57 +193,58 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer String integKey; if (authAlg.getAuthenticationAlgorithm() instanceof HmacMd596) { integKey = ((HmacMd596) authAlg.getAuthenticationAlgorithm()).getHmacMd596().getKeyStr().stringValue(); - targetEntry.integrityAlgorithm = 1; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_MD5_96; } else if (authAlg.getAuthenticationAlgorithm() instanceof HmacSha196) { integKey = ((HmacSha196) authAlg.getAuthenticationAlgorithm()).getHmacSha196().getKeyStr().stringValue(); - targetEntry.integrityAlgorithm = 2; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96; } else { - targetEntry.integrityAlgorithm = 0; + request.entry.integrityAlgorithm = IpsecIntegAlg.IPSEC_API_INTEG_ALG_NONE; return; } - targetEntry.integrityKey = integKey.getBytes(); - targetEntry.integrityKeyLength = (byte) integKey.getBytes().length; + request.entry.integrityKey = new Key(); + request.entry.integrityKey.data = integKey.getBytes(); + request.entry.integrityKey.length = (byte) integKey.getBytes().length; } } - private void fillEspEncryption(IpsecSadAddDelEntry targetEntry, Esp data) { + private void fillEspEncryption(IpsecSadEntryAddDel request, Esp data) { //0 = Null, 1 = AES-CBC-128, 2 = AES-CBC-192, 3 = AES-CBC-256, 4 = 3DES-CBC if (data.getEncryption() != null && data.getEncryption().getEncryptionAlgorithm() != null) { String cryptoKey = ""; EncryptionAlgorithm encrAlg = data.getEncryption().getEncryptionAlgorithm(); if (encrAlg instanceof Aes128Cbc) { cryptoKey = ((Aes128Cbc) encrAlg).getAes128Cbc().getKeyStr().stringValue(); - targetEntry.cryptoAlgorithm = 1; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_128; } else if (encrAlg instanceof Aes192Cbc) { cryptoKey = ((Aes192Cbc) encrAlg).getAes192Cbc().getKeyStr().stringValue(); - targetEntry.cryptoAlgorithm = 2; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_192; } else if (encrAlg instanceof Aes256Cbc) { cryptoKey = ((Aes256Cbc) encrAlg).getAes256Cbc().getKeyStr().stringValue(); - targetEntry.cryptoAlgorithm = 3; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_256; } else if (encrAlg instanceof DesCbc) { cryptoKey = ((DesCbc) encrAlg).getDesCbc().getKeyStr().stringValue(); - targetEntry.cryptoAlgorithm = 4; + // TODO verify before the value was "4" now the result is "10" + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_DES_CBC; } else { - targetEntry.cryptoAlgorithm = 0; + request.entry.cryptoAlgorithm = IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_NONE; return; } - targetEntry.cryptoKey = cryptoKey.getBytes(); - targetEntry.cryptoKeyLength = (byte) cryptoKey.getBytes().length; + request.entry.cryptoKey = new Key(); + request.entry.cryptoKey.data = cryptoKey.getBytes(); + request.entry.cryptoKey.length = (byte) cryptoKey.getBytes().length; } } - private void fillAddresses(IpsecSadAddDelEntry targetEntry, SadEntries data) { + private void fillAddresses(IpsecSadEntryAddDel request, SadEntries data) { if (data.getSourceAddress() != null && data.getSourceAddress().getIpAddress() != null) { IpAddress sourceAddr = data.getSourceAddress().getIpAddress(); if (sourceAddr instanceof Ipv4Address) { Ipv4Address ipv4 = (Ipv4Address) sourceAddr; - targetEntry.isTunnelIpv6 = 0; - targetEntry.tunnelSrcAddress = ipv4AddressNoZoneToArray(ipv4.getIpv4Address().getValue()); + request.entry.tunnelSrc = ipv4AddressToAddress(ipv4.getIpv4Address()); } else if (sourceAddr instanceof Ipv6Address) { Ipv6Address ipv6 = (Ipv6Address) sourceAddr; - targetEntry.isTunnelIpv6 = 1; - targetEntry.tunnelSrcAddress = ipv6AddressNoZoneToArray(ipv6.getIpv6Address()); + request.entry.tunnelSrc = ipv6AddressToAddress(ipv6.getIpv6Address()); } } @@ -224,12 +253,10 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer if (destAddr instanceof Ipv4Address) { Ipv4Address ipv4 = (Ipv4Address) destAddr; - targetEntry.isTunnelIpv6 = 0; - targetEntry.tunnelDstAddress = ipv4AddressNoZoneToArray(ipv4.getIpv4Address().getValue()); + request.entry.tunnelDst = ipv4AddressToAddress(ipv4.getIpv4Address()); } else if (destAddr instanceof Ipv6Address) { Ipv6Address ipv6 = (Ipv6Address) destAddr; - targetEntry.isTunnelIpv6 = 1; - targetEntry.tunnelDstAddress = ipv6AddressNoZoneToArray(ipv6.getIpv6Address()); + request.entry.tunnelDst = ipv6AddressToAddress(ipv6.getIpv6Address()); } } } diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java index 771cf676a..870eeb776 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSpdCustomizer.java @@ -25,8 +25,10 @@ import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer; import io.fd.honeycomb.translate.write.WriteContext; import io.fd.honeycomb.translate.write.WriteFailedException; import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDel; -import io.fd.vpp.jvpp.core.dto.IpsecSpdAddDelEntry; +import io.fd.vpp.jvpp.core.dto.IpsecSpdEntryAddDel; import io.fd.vpp.jvpp.core.future.FutureJVppCore; +import io.fd.vpp.jvpp.core.types.IpsecSpdAction; +import io.fd.vpp.jvpp.core.types.IpsecSpdEntry; import javax.annotation.Nonnull; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecSpdEntriesAugmentation; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.Spd; @@ -78,71 +80,65 @@ public class IpsecSpdCustomizer extends FutureJVppCustomizer private void addSpdEntry(final InstanceIdentifier id, int spdId, final SpdEntries entry) throws WriteFailedException { - IpsecSpdAddDelEntry request = new IpsecSpdAddDelEntry(); - request.spdId = spdId; + IpsecSpdEntryAddDel request = new IpsecSpdEntryAddDel(); + request.entry = new IpsecSpdEntry(); + request.entry.spdId = spdId; request.isAdd = ByteDataTranslator.BYTE_TRUE; IpsecSpdEntriesAugmentation entryAug = entry.augmentation(IpsecSpdEntriesAugmentation.class); if (entryAug == null) { return; } - if (entryAug.isIsIpv6() != null) { - request.isIpv6 = (byte) (entryAug.isIsIpv6() - ? 1 - : 0); - } if (entryAug.getDirection() != null) { - request.isOutbound = (byte) entryAug.getDirection().getIntValue(); + request.entry.isOutbound = (byte) entryAug.getDirection().getIntValue(); } if (entryAug.getPriority() != null) { - request.priority = entryAug.getPriority(); + request.entry.priority = entryAug.getPriority(); } if (entryAug.getOperation() != null) { final String operation = entryAug.getOperation().getName(); if (operation.equalsIgnoreCase("bypass")) { - request.policy = (byte) 0; + request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_BYPASS; } else if (operation.equalsIgnoreCase("discard")) { - request.policy = (byte) 1; + request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_DISCARD; } else if (operation.equalsIgnoreCase("protect")) { - request.policy = (byte) 3; + request.entry.policy = IpsecSpdAction.IPSEC_API_SPD_ACTION_PROTECT; } } if (entryAug.getLaddrStart() != null) { if (entryAug.getLaddrStart().getIpv4Address() != null) { - request.localAddressStart = - ipv4AddressNoZoneToArray(entryAug.getLaddrStart().getIpv4Address().getValue()); + request.entry.localAddressStart = ipv4AddressToAddress(entryAug.getLaddrStart().getIpv4Address()); } else if (entryAug.getLaddrStart().getIpv6Address() != null) { - request.localAddressStart = ipv6AddressNoZoneToArray(entryAug.getLaddrStart().getIpv6Address()); + request.entry.localAddressStart = ipv6AddressToAddress(entryAug.getLaddrStart().getIpv6Address()); } } if (entryAug.getLaddrStop() != null) { if (entryAug.getLaddrStop().getIpv4Address() != null) { - request.localAddressStop = - ipv4AddressNoZoneToArray(entryAug.getLaddrStop().getIpv4Address().getValue()); + request.entry.localAddressStop = ipv4AddressToAddress(entryAug.getLaddrStop().getIpv4Address()); } else if (entryAug.getLaddrStop().getIpv6Address() != null) { - request.localAddressStop = ipv6AddressNoZoneToArray(entryAug.getLaddrStop().getIpv6Address()); + request.entry.localAddressStop = ipv6AddressToAddress(entryAug.getLaddrStop().getIpv6Address()); } } if (entryAug.getRaddrStop() != null) { if (entryAug.getRaddrStop().getIpv4Address() != null) { - request.remoteAddressStop = - ipv4AddressNoZoneToArray(entryAug.getRaddrStop().getIpv4Address().getValue()); + request.entry.remoteAddressStop = ipv4AddressToAddress(entryAug.getRaddrStop().getIpv4Address()); } else if (entryAug.getRaddrStop().getIpv6Address() != null) { - request.remoteAddressStop = ipv6AddressNoZoneToArray(entryAug.getRaddrStop().getIpv6Address()); + request.entry.remoteAddressStop = ipv6AddressToAddress(entryAug.getRaddrStop().getIpv6Address()); } } if (entryAug.getRaddrStart() != null) { if (entryAug.getRaddrStart().getIpv4Address() != null) { - request.remoteAddressStart = - ipv4AddressNoZoneToArray(entryAug.getRaddrStart().getIpv4Address().getValue()); + request.entry.remoteAddressStart = ipv4AddressToAddress(entryAug.getRaddrStart().getIpv4Address()); } else if (entryAug.getRaddrStart().getIpv6Address() != null) { - request.remoteAddressStart = ipv6AddressNoZoneToArray(entryAug.getRaddrStart().getIpv6Address()); + request.entry.remoteAddressStart = ipv6AddressToAddress(entryAug.getRaddrStart().getIpv6Address()); } } - getReplyForWrite(getFutureJVpp().ipsecSpdAddDelEntry(request).toCompletableFuture(), id); + + //TODO HC2VPP-403: missing local and remote port definitions + getReplyForWrite(getFutureJVpp().ipsecSpdEntryAddDel(request).toCompletableFuture(), id); } } -- cgit 1.2.3-korg