aboutsummaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-01-09 21:22:20 -0800
committerDamjan Marion <dmarion@me.com>2019-01-31 20:44:22 +0000
commit17dcec0b940374127f6e1e004fb3ec261a0a3709 (patch)
treef14763efd0dc07c44e9d4d1f71f2a43052dc460a /test
parent6d0106e44e7dff2c9ef0f7052c4023245e9023a8 (diff)
IPSEC: API modernisation
- use enums to enumerate the algoritms and protocols that are supported - use address_t types to simplify encode/deocde - use typedefs of entry objects to get consistency between add/del API and dump Change-Id: I7e7c58c06a150e2439633ba9dca58bc1049677ee Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test')
-rw-r--r--test/template_ipsec.py77
-rw-r--r--test/test_ipsec_ah.py28
-rw-r--r--test/test_ipsec_api.py23
-rw-r--r--test/test_ipsec_esp.py27
-rw-r--r--test/test_ipsec_nat.py14
-rw-r--r--test/vpp_ipsec.py80
-rw-r--r--test/vpp_papi_provider.py94
7 files changed, 195 insertions, 148 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index ed7c1a32129..7888a6788ab 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -8,60 +8,71 @@ from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest
from framework import VppTestCase, VppTestRunner
from util import ppp
+from vpp_papi import VppEnum
class IPsecIPv4Params(object):
+
addr_type = socket.AF_INET
addr_any = "0.0.0.0"
addr_bcast = "255.255.255.255"
addr_len = 32
is_ipv6 = 0
- remote_tun_if_host = '1.1.1.1'
- scapy_tun_sa_id = 10
- scapy_tun_spi = 1001
- vpp_tun_sa_id = 20
- vpp_tun_spi = 1000
+ def __init__(self):
+ self.remote_tun_if_host = '1.1.1.1'
+
+ self.scapy_tun_sa_id = 10
+ self.scapy_tun_spi = 1001
+ self.vpp_tun_sa_id = 20
+ self.vpp_tun_spi = 1000
- scapy_tra_sa_id = 30
- scapy_tra_spi = 2001
- vpp_tra_sa_id = 40
- vpp_tra_spi = 2000
+ self.scapy_tra_sa_id = 30
+ self.scapy_tra_spi = 2001
+ self.vpp_tra_sa_id = 40
+ self.vpp_tra_spi = 2000
- auth_algo_vpp_id = 2 # internal VPP enum value for SHA1_96
- auth_algo = 'HMAC-SHA1-96' # scapy name
- auth_key = 'C91KUR9GYMm5GfkEvNjX'
+ self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96)
+ self.auth_algo = 'HMAC-SHA1-96' # scapy name
+ self.auth_key = 'C91KUR9GYMm5GfkEvNjX'
- crypt_algo_vpp_id = 1 # internal VPP enum value for AES_CBC_128
- crypt_algo = 'AES-CBC' # scapy name
- crypt_key = 'JPjyOWBeVEQiMe7h'
+ self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_128)
+ self.crypt_algo = 'AES-CBC' # scapy name
+ self.crypt_key = 'JPjyOWBeVEQiMe7h'
class IPsecIPv6Params(object):
+
addr_type = socket.AF_INET6
addr_any = "0::0"
addr_bcast = "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
addr_len = 128
is_ipv6 = 1
- remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
- scapy_tun_sa_id = 50
- scapy_tun_spi = 3001
- vpp_tun_sa_id = 60
- vpp_tun_spi = 3000
+ def __init__(self):
+ self.remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
+
+ self.scapy_tun_sa_id = 50
+ self.scapy_tun_spi = 3001
+ self.vpp_tun_sa_id = 60
+ self.vpp_tun_spi = 3000
- scapy_tra_sa_id = 70
- scapy_tra_spi = 4001
- vpp_tra_sa_id = 80
- vpp_tra_spi = 4000
+ self.scapy_tra_sa_id = 70
+ self.scapy_tra_spi = 4001
+ self.vpp_tra_sa_id = 80
+ self.vpp_tra_spi = 4000
- auth_algo_vpp_id = 4 # internal VPP enum value for SHA_256_128
- auth_algo = 'SHA2-256-128' # scapy name
- auth_key = 'C91KUR9GYMm5GfkEvNjX'
+ self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA_256_128)
+ self.auth_algo = 'SHA2-256-128' # scapy name
+ self.auth_key = 'C91KUR9GYMm5GfkEvNjX'
- crypt_algo_vpp_id = 3 # internal VPP enum value for AES_CBC_256
- crypt_algo = 'AES-CBC' # scapy name
- crypt_key = 'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h'
+ self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_256)
+ self.crypt_algo = 'AES-CBC' # scapy name
+ self.crypt_key = 'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h'
class TemplateIpsec(VppTestCase):
@@ -101,8 +112,10 @@ class TemplateIpsec(VppTestCase):
self.tun_spd_id = 1
self.tra_spd_id = 2
- self.vpp_esp_protocol = 1
- self.vpp_ah_protocol = 0
+ self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t.
+ IPSEC_API_PROTO_ESP)
+ self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t.
+ IPSEC_API_PROTO_AH)
self.create_pg_interfaces(range(3))
self.interfaces = list(self.pg_interfaces)
diff --git a/test/test_ipsec_ah.py b/test/test_ipsec_ah.py
index 63e368c0a4a..caec8d431c5 100644
--- a/test/test_ipsec_ah.py
+++ b/test/test_ipsec_ah.py
@@ -10,6 +10,7 @@ from vpp_ipsec import VppIpsecSA, VppIpsecSpd, VppIpsecSpdEntry,\
VppIpsecSpdItfBinding
from vpp_ip_route import VppIpRoute, VppRoutePath
from vpp_ip import DpoProto
+from vpp_papi import VppEnum
class TemplateIpsecAh(TemplateIpsec):
@@ -83,6 +84,8 @@ class TemplateIpsecAh(TemplateIpsec):
remote_tun_if_host = params.remote_tun_if_host
addr_any = params.addr_any
addr_bcast = params.addr_bcast
+ e = VppEnum.vl_api_ipsec_spd_action_t
+
VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
@@ -111,28 +114,32 @@ class TemplateIpsecAh(TemplateIpsec):
remote_tun_if_host,
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
- 0, priority=10, policy=3,
+ 0, priority=10,
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
remote_tun_if_host,
remote_tun_if_host,
- 0, priority=10, policy=3).add_vpp_config()
+ 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
+ priority=10).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
remote_tun_if_host,
remote_tun_if_host,
self.pg0.local_addr[addr_type],
self.pg0.local_addr[addr_type],
- 0, priority=20, policy=3,
+ 0, priority=20,
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg0.local_addr[addr_type],
self.pg0.local_addr[addr_type],
remote_tun_if_host,
remote_tun_if_host,
- 0, priority=20, policy=3).add_vpp_config()
+ 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
+ priority=20).add_vpp_config()
def config_ah_tra(self, params):
addr_type = params.addr_type
@@ -146,17 +153,20 @@ class TemplateIpsecAh(TemplateIpsec):
crypt_key = params.crypt_key
addr_any = params.addr_any
addr_bcast = params.addr_bcast
+ flags = (VppEnum.vl_api_ipsec_sad_flags_t.
+ IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
+ e = VppEnum.vl_api_ipsec_spd_action_t
VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_ah_protocol,
- use_anti_replay=1).add_vpp_config()
+ flags=flags).add_vpp_config()
VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_ah_protocol,
- use_anti_replay=1).add_vpp_config()
+ flags=flags).add_vpp_config()
VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
addr_any, addr_bcast,
@@ -173,14 +183,16 @@ class TemplateIpsecAh(TemplateIpsec):
self.tra_if.local_addr[addr_type],
self.tra_if.remote_addr[addr_type],
self.tra_if.remote_addr[addr_type],
- 0, priority=10, policy=3,
+ 0, priority=10,
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id,
self.tra_if.local_addr[addr_type],
self.tra_if.local_addr[addr_type],
self.tra_if.remote_addr[addr_type],
self.tra_if.remote_addr[addr_type],
- 0, priority=10, policy=3).add_vpp_config()
+ 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
+ priority=10).add_vpp_config()
class TestIpsecAh1(TemplateIpsecAh, IpsecTraTests, IpsecTunTests):
diff --git a/test/test_ipsec_api.py b/test/test_ipsec_api.py
index 30496b3792f..8aea42ab3df 100644
--- a/test/test_ipsec_api.py
+++ b/test/test_ipsec_api.py
@@ -1,7 +1,8 @@
import unittest
from framework import VppTestCase, VppTestRunner
-from template_ipsec import IPsecIPv4Params
+from template_ipsec import TemplateIpsec, IPsecIPv4Params
+from vpp_papi import VppEnum
class IpsecApiTestCase(VppTestCase):
@@ -13,8 +14,10 @@ class IpsecApiTestCase(VppTestCase):
self.pg0.config_ip4()
self.pg0.admin_up()
- self.vpp_esp_protocol = 1
- self.vpp_ah_protocol = 0
+ self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t.
+ IPSEC_API_PROTO_ESP)
+ self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t.
+ IPSEC_API_PROTO_AH)
self.ipv4_params = IPsecIPv4Params()
def tearDown(self):
@@ -59,24 +62,22 @@ class IpsecApiTestCase(VppTestCase):
crypt_algo_vpp_id = params.crypt_algo_vpp_id
crypt_key = params.crypt_key
- self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
+ self.vapi.ipsec_sad_entry_add_del(scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_ah_protocol,
- self.pg0.local_addr_n[addr_type],
- self.pg0.remote_addr_n[addr_type],
- is_tunnel=1, is_tunnel_ipv6=is_ipv6)
+ self.pg0.local_addr[addr_type],
+ self.pg0.remote_addr[addr_type])
with self.vapi.assert_negative_api_retval():
self.vapi.ipsec_select_backend(
protocol=self.vpp_ah_protocol, index=0)
- self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
+ self.vapi.ipsec_sad_entry_add_del(scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_ah_protocol,
- self.pg0.local_addr_n[addr_type],
- self.pg0.remote_addr_n[addr_type],
- is_tunnel=1, is_tunnel_ipv6=is_ipv6,
+ self.pg0.local_addr[addr_type],
+ self.pg0.remote_addr[addr_type],
is_add=0)
self.vapi.ipsec_select_backend(
protocol=self.vpp_ah_protocol, index=0)
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 96e4833621a..ae62aecc2ed 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -9,6 +9,7 @@ from vpp_ipsec import VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSA,\
VppIpsecSpdItfBinding
from vpp_ip_route import VppIpRoute, VppRoutePath
from vpp_ip import DpoProto
+from vpp_papi import VppEnum
class TemplateIpsecEsp(TemplateIpsec):
@@ -94,6 +95,7 @@ class TemplateIpsecEsp(TemplateIpsec):
remote_tun_if_host = params.remote_tun_if_host
addr_any = params.addr_any
addr_bcast = params.addr_bcast
+ e = VppEnum.vl_api_ipsec_spd_action_t
VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
@@ -123,28 +125,32 @@ class TemplateIpsecEsp(TemplateIpsec):
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
0,
- priority=10, policy=3,
+ priority=10,
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
remote_tun_if_host, remote_tun_if_host,
0,
- priority=10, policy=3).add_vpp_config()
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
+ priority=10).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
remote_tun_if_host, remote_tun_if_host,
self.pg0.local_addr[addr_type],
self.pg0.local_addr[addr_type],
0,
- priority=20, policy=3,
+ priority=20,
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg0.local_addr[addr_type],
self.pg0.local_addr[addr_type],
remote_tun_if_host, remote_tun_if_host,
0,
- priority=20, policy=3).add_vpp_config()
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
+ priority=20).add_vpp_config()
def config_esp_tra(self, params):
addr_type = params.addr_type
@@ -158,17 +164,20 @@ class TemplateIpsecEsp(TemplateIpsec):
crypt_key = params.crypt_key
addr_any = params.addr_any
addr_bcast = params.addr_bcast
+ flags = (VppEnum.vl_api_ipsec_sad_flags_t.
+ IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
+ e = VppEnum.vl_api_ipsec_spd_action_t
VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
- use_anti_replay=1).add_vpp_config()
+ flags=flags).add_vpp_config()
VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
- use_anti_replay=1).add_vpp_config()
+ flags=flags).add_vpp_config()
VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
addr_any, addr_bcast,
@@ -185,14 +194,16 @@ class TemplateIpsecEsp(TemplateIpsec):
self.tra_if.local_addr[addr_type],
self.tra_if.remote_addr[addr_type],
self.tra_if.remote_addr[addr_type],
- 0, priority=10, policy=3,
+ 0, priority=10,
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id,
self.tra_if.local_addr[addr_type],
self.tra_if.local_addr[addr_type],
self.tra_if.remote_addr[addr_type],
self.tra_if.remote_addr[addr_type],
- 0, priority=10, policy=3).add_vpp_config()
+ 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
+ priority=10).add_vpp_config()
class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
diff --git a/test/test_ipsec_nat.py b/test/test_ipsec_nat.py
index 89418b108e2..cdb9cb438f2 100644
--- a/test/test_ipsec_nat.py
+++ b/test/test_ipsec_nat.py
@@ -11,6 +11,7 @@ from vpp_ipsec import VppIpsecSA, VppIpsecSpd, VppIpsecSpdEntry,\
VppIpsecSpdItfBinding
from vpp_ip_route import VppIpRoute, VppRoutePath
from vpp_ip import DpoProto
+from vpp_papi import VppEnum
class IPSecNATTestCase(TemplateIpsec):
@@ -155,6 +156,9 @@ class IPSecNATTestCase(TemplateIpsec):
crypt_key = params.crypt_key
addr_any = params.addr_any
addr_bcast = params.addr_bcast
+ flags = (VppEnum.vl_api_ipsec_sad_flags_t.
+ IPSEC_API_SAD_FLAG_UDP_ENCAP)
+ e = VppEnum.vl_api_ipsec_spd_action_t
VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
auth_algo_vpp_id, auth_key,
@@ -162,14 +166,14 @@ class IPSecNATTestCase(TemplateIpsec):
self.vpp_esp_protocol,
self.pg1.remote_addr[addr_type],
self.tun_if.remote_addr[addr_type],
- udp_encap=1).add_vpp_config()
+ flags=flags).add_vpp_config()
VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
self.tun_if.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
- udp_encap=1).add_vpp_config()
+ flags=flags).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
addr_any, addr_bcast,
@@ -198,14 +202,16 @@ class IPSecNATTestCase(TemplateIpsec):
self.tun_if.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
- 0, priority=10, policy=3,
+ 0, priority=10,
+ policy=e.IPSEC_API_SPD_ACTION_PROTECT,
is_outbound=0).add_vpp_config()
VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
self.pg1.remote_addr[addr_type],
self.pg1.remote_addr[addr_type],
self.tun_if.remote_addr[addr_type],
self.tun_if.remote_addr[addr_type],
- 0, priority=10, policy=3).add_vpp_config()
+ 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
+ priority=10).add_vpp_config()
def test_ipsec_nat_tun(self):
""" IPSec/NAT tunnel test case """
diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py
index 8c6da77cba8..1218c4bb8bb 100644
--- a/test/vpp_ipsec.py
+++ b/test/vpp_ipsec.py
@@ -1,5 +1,6 @@
from vpp_object import *
from ipaddress import ip_address
+from vpp_papi import VppEnum
try:
text_type = unicode
@@ -82,7 +83,7 @@ class VppIpsecSpdEntry(VppObject):
remote_start, remote_stop,
proto,
priority=100,
- policy=0,
+ policy=None,
is_outbound=1,
remote_port_start=0,
remote_port_stop=65535,
@@ -98,7 +99,11 @@ class VppIpsecSpdEntry(VppObject):
self.proto = proto
self.is_outbound = is_outbound
self.priority = priority
- self.policy = policy
+ if not policy:
+ self.policy = (VppEnum.vl_api_ipsec_spd_action_t.
+ IPSEC_API_SPD_ACTION_BYPASS)
+ else:
+ self.policy = policy
self.is_ipv6 = (0 if self.local_start.version == 4 else 1)
self.local_port_start = local_port_start
self.local_port_stop = local_port_stop
@@ -106,13 +111,13 @@ class VppIpsecSpdEntry(VppObject):
self.remote_port_stop = remote_port_stop
def add_vpp_config(self):
- self.test.vapi.ipsec_spd_add_del_entry(
+ self.test.vapi.ipsec_spd_entry_add_del(
self.spd.id,
self.sa_id,
- self.local_start.packed,
- self.local_stop.packed,
- self.remote_start.packed,
- self.remote_stop.packed,
+ self.local_start,
+ self.local_stop,
+ self.remote_start,
+ self.remote_stop,
protocol=self.proto,
is_ipv6=self.is_ipv6,
is_outbound=self.is_outbound,
@@ -125,13 +130,13 @@ class VppIpsecSpdEntry(VppObject):
self.test.registry.register(self, self.test.logger)
def remove_vpp_config(self):
- self.test.vapi.ipsec_spd_add_del_entry(
+ self.test.vapi.ipsec_spd_entry_add_del(
self.spd.id,
self.sa_id,
- self.local_start.packed,
- self.local_stop.packed,
- self.remote_start.packed,
- self.remote_stop.packed,
+ self.local_start,
+ self.local_stop,
+ self.remote_start,
+ self.remote_stop,
protocol=self.proto,
is_ipv6=self.is_ipv6,
is_outbound=self.is_outbound,
@@ -157,12 +162,12 @@ class VppIpsecSpdEntry(VppObject):
def query_vpp_config(self):
ss = self.test.vapi.ipsec_spd_dump(self.spd.id)
for s in ss:
- if s.sa_id == self.sa_id and \
- s.is_outbound == self.is_outbound and \
- s.priority == self.priority and \
- s.policy == self.policy and \
- s.is_ipv6 == self.is_ipv6 and \
- s.remote_start_port == self.remote_port_start:
+ if s.entry.sa_id == self.sa_id and \
+ s.entry.is_outbound == self.is_outbound and \
+ s.entry.priority == self.priority and \
+ s.entry.policy == self.policy and \
+ s.entry.remote_address_start == self.remote_start and \
+ s.entry.remote_port_start == self.remote_port_start:
return True
return False
@@ -177,8 +182,8 @@ class VppIpsecSA(VppObject):
crypto_alg, crypto_key,
proto,
tun_src=None, tun_dst=None,
- use_anti_replay=0,
- udp_encap=0):
+ flags=None):
+ e = VppEnum.vl_api_ipsec_sad_flags_t
self.test = test
self.id = id
self.spi = spi
@@ -187,22 +192,23 @@ class VppIpsecSA(VppObject):
self.crypto_alg = crypto_alg
self.crypto_key = crypto_key
self.proto = proto
- self.is_tunnel = 0
- self.is_tunnel_v6 = 0
+
self.tun_src = tun_src
self.tun_dst = tun_dst
+ if not flags:
+ self.flags = e.IPSEC_API_SAD_FLAG_NONE
+ else:
+ self.flags = flags
if (tun_src):
self.tun_src = ip_address(text_type(tun_src))
- self.is_tunnel = 1
+ self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL
if (self.tun_src.version == 6):
- self.is_tunnel_v6 = 1
+ self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6
if (tun_dst):
self.tun_dst = ip_address(text_type(tun_dst))
- self.use_anti_replay = use_anti_replay
- self.udp_encap = udp_encap
def add_vpp_config(self):
- self.test.vapi.ipsec_sad_add_del_entry(
+ self.test.vapi.ipsec_sad_entry_add_del(
self.id,
self.spi,
self.integ_alg,
@@ -210,16 +216,13 @@ class VppIpsecSA(VppObject):
self.crypto_alg,
self.crypto_key,
self.proto,
- (self.tun_src.packed if self.tun_src else []),
- (self.tun_dst.packed if self.tun_dst else []),
- is_tunnel=self.is_tunnel,
- is_tunnel_ipv6=self.is_tunnel_v6,
- use_anti_replay=self.use_anti_replay,
- udp_encap=self.udp_encap)
+ (self.tun_src if self.tun_src else []),
+ (self.tun_dst if self.tun_dst else []),
+ flags=self.flags)
self.test.registry.register(self, self.test.logger)
def remove_vpp_config(self):
- self.test.vapi.ipsec_sad_add_del_entry(
+ self.test.vapi.ipsec_sad_entry_add_del(
self.id,
self.spi,
self.integ_alg,
@@ -227,12 +230,9 @@ class VppIpsecSA(VppObject):
self.crypto_alg,
self.crypto_key,
self.proto,
- (self.tun_src.packed if self.tun_src else []),
- (self.tun_dst.packed if self.tun_dst else []),
- is_tunnel=self.is_tunnel,
- is_tunnel_ipv6=self.is_tunnel_v6,
- use_anti_replay=self.use_anti_replay,
- udp_encap=self.udp_encap,
+ (self.tun_src if self.tun_src else []),
+ (self.tun_dst if self.tun_dst else []),
+ flags=self.flags,
is_add=0)
def __str__(self):
diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py
index efe1454c934..d22cc7c4b49 100644
--- a/test/vpp_papi_provider.py
+++ b/test/vpp_papi_provider.py
@@ -3369,7 +3369,7 @@ class VppPapiProvider(object):
{'spd_index': spd_index if spd_index else 0,
'spd_index_valid': 1 if spd_index else 0})
- def ipsec_sad_add_del_entry(self,
+ def ipsec_sad_entry_add_del(self,
sad_id,
spi,
integrity_algorithm,
@@ -3379,12 +3379,8 @@ class VppPapiProvider(object):
protocol,
tunnel_src_address='',
tunnel_dst_address='',
- is_tunnel=1,
- is_tunnel_ipv6=0,
- is_add=1,
- udp_encap=0,
- use_anti_replay=0,
- use_extended_sequence_number=0):
+ flags=0,
+ is_add=1):
""" IPSEC SA add/del
:param sad_id: security association ID
:param spi: security param index of the SA in decimal
@@ -3401,31 +3397,35 @@ class VppPapiProvider(object):
crypto and ipsec algorithms
"""
return self.api(
- self.papi.ipsec_sad_add_del_entry,
- {'sad_id': sad_id,
- 'spi': spi,
- 'tunnel_src_address': tunnel_src_address,
- 'tunnel_dst_address': tunnel_dst_address,
- 'protocol': protocol,
- 'integrity_algorithm': integrity_algorithm,
- 'integrity_key_length': len(integrity_key),
- 'integrity_key': integrity_key,
- 'crypto_algorithm': crypto_algorithm,
- 'crypto_key_length': len(crypto_key) if crypto_key is not None
- else 0,
- 'crypto_key': crypto_key,
- 'is_add': is_add,
- 'is_tunnel': is_tunnel,
- 'is_tunnel_ipv6': is_tunnel_ipv6,
- 'udp_encap': udp_encap,
- 'use_extended_sequence_number': use_extended_sequence_number,
- 'use_anti_replay': use_anti_replay})
+ self.papi.ipsec_sad_entry_add_del,
+ {
+ 'is_add': is_add,
+ 'entry':
+ {
+ 'sad_id': sad_id,
+ 'spi': spi,
+ 'tunnel_src': tunnel_src_address,
+ 'tunnel_dst': tunnel_dst_address,
+ 'protocol': protocol,
+ 'integrity_algorithm': integrity_algorithm,
+ 'integrity_key': {
+ 'length': len(integrity_key),
+ 'data': integrity_key,
+ },
+ 'crypto_algorithm': crypto_algorithm,
+ 'crypto_key': {
+ 'length': len(crypto_key),
+ 'data': crypto_key,
+ },
+ 'flags': flags,
+ }
+ })
def ipsec_sa_dump(self, sa_id=None):
return self.api(self.papi.ipsec_sa_dump,
{'sa_id': sa_id if sa_id else 0xffffffff})
- def ipsec_spd_add_del_entry(self,
+ def ipsec_spd_entry_add_del(self,
spd_id,
sa_id,
local_address_start,
@@ -3464,24 +3464,28 @@ class VppPapiProvider(object):
:param is_add: (Default value = 1)
"""
return self.api(
- self.papi.ipsec_spd_add_del_entry,
- {'spd_id': spd_id,
- 'sa_id': sa_id,
- 'local_address_start': local_address_start,
- 'local_address_stop': local_address_stop,
- 'remote_address_start': remote_address_start,
- 'remote_address_stop': remote_address_stop,
- 'local_port_start': local_port_start,
- 'local_port_stop': local_port_stop,
- 'remote_port_start': remote_port_start,
- 'remote_port_stop': remote_port_stop,
- 'is_add': is_add,
- 'protocol': protocol,
- 'policy': policy,
- 'priority': priority,
- 'is_outbound': is_outbound,
- 'is_ipv6': is_ipv6,
- 'is_ip_any': is_ip_any})
+ self.papi.ipsec_spd_entry_add_del,
+ {
+ 'is_add': is_add,
+ 'entry':
+ {
+ 'spd_id': spd_id,
+ 'sa_id': sa_id,
+ 'local_address_start': local_address_start,
+ 'local_address_stop': local_address_stop,
+ 'remote_address_start': remote_address_start,
+ 'remote_address_stop': remote_address_stop,
+ 'local_port_start': local_port_start,
+ 'local_port_stop': local_port_stop,
+ 'remote_port_start': remote_port_start,
+ 'remote_port_stop': remote_port_stop,
+ 'protocol': protocol,
+ 'policy': policy,
+ 'priority': priority,
+ 'is_outbound': is_outbound,
+ 'is_ip_any': is_ip_any
+ }
+ })
def ipsec_spd_dump(self, spd_id, sa_id=0xffffffff):
return self.api(self.papi.ipsec_spd_dump,