diff options
author | Neale Ranns <nranns@cisco.com> | 2019-01-09 21:22:20 -0800 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-01-31 20:44:22 +0000 |
commit | 17dcec0b940374127f6e1e004fb3ec261a0a3709 (patch) | |
tree | f14763efd0dc07c44e9d4d1f71f2a43052dc460a /test | |
parent | 6d0106e44e7dff2c9ef0f7052c4023245e9023a8 (diff) |
IPSEC: API modernisation
- use enums to enumerate the algoritms and protocols that are supported
- use address_t types to simplify encode/deocde
- use typedefs of entry objects to get consistency between add/del API and dump
Change-Id: I7e7c58c06a150e2439633ba9dca58bc1049677ee
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/template_ipsec.py | 77 | ||||
-rw-r--r-- | test/test_ipsec_ah.py | 28 | ||||
-rw-r--r-- | test/test_ipsec_api.py | 23 | ||||
-rw-r--r-- | test/test_ipsec_esp.py | 27 | ||||
-rw-r--r-- | test/test_ipsec_nat.py | 14 | ||||
-rw-r--r-- | test/vpp_ipsec.py | 80 | ||||
-rw-r--r-- | test/vpp_papi_provider.py | 94 |
7 files changed, 195 insertions, 148 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py index ed7c1a32129..7888a6788ab 100644 --- a/test/template_ipsec.py +++ b/test/template_ipsec.py @@ -8,60 +8,71 @@ from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest from framework import VppTestCase, VppTestRunner from util import ppp +from vpp_papi import VppEnum class IPsecIPv4Params(object): + addr_type = socket.AF_INET addr_any = "0.0.0.0" addr_bcast = "255.255.255.255" addr_len = 32 is_ipv6 = 0 - remote_tun_if_host = '1.1.1.1' - scapy_tun_sa_id = 10 - scapy_tun_spi = 1001 - vpp_tun_sa_id = 20 - vpp_tun_spi = 1000 + def __init__(self): + self.remote_tun_if_host = '1.1.1.1' + + self.scapy_tun_sa_id = 10 + self.scapy_tun_spi = 1001 + self.vpp_tun_sa_id = 20 + self.vpp_tun_spi = 1000 - scapy_tra_sa_id = 30 - scapy_tra_spi = 2001 - vpp_tra_sa_id = 40 - vpp_tra_spi = 2000 + self.scapy_tra_sa_id = 30 + self.scapy_tra_spi = 2001 + self.vpp_tra_sa_id = 40 + self.vpp_tra_spi = 2000 - auth_algo_vpp_id = 2 # internal VPP enum value for SHA1_96 - auth_algo = 'HMAC-SHA1-96' # scapy name - auth_key = 'C91KUR9GYMm5GfkEvNjX' + self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96) + self.auth_algo = 'HMAC-SHA1-96' # scapy name + self.auth_key = 'C91KUR9GYMm5GfkEvNjX' - crypt_algo_vpp_id = 1 # internal VPP enum value for AES_CBC_128 - crypt_algo = 'AES-CBC' # scapy name - crypt_key = 'JPjyOWBeVEQiMe7h' + self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_128) + self.crypt_algo = 'AES-CBC' # scapy name + self.crypt_key = 'JPjyOWBeVEQiMe7h' class IPsecIPv6Params(object): + addr_type = socket.AF_INET6 addr_any = "0::0" addr_bcast = "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" addr_len = 128 is_ipv6 = 1 - remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111' - scapy_tun_sa_id = 50 - scapy_tun_spi = 3001 - vpp_tun_sa_id = 60 - vpp_tun_spi = 3000 + def __init__(self): + self.remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111' + + self.scapy_tun_sa_id = 50 + self.scapy_tun_spi = 3001 + self.vpp_tun_sa_id = 60 + self.vpp_tun_spi = 3000 - scapy_tra_sa_id = 70 - scapy_tra_spi = 4001 - vpp_tra_sa_id = 80 - vpp_tra_spi = 4000 + self.scapy_tra_sa_id = 70 + self.scapy_tra_spi = 4001 + self.vpp_tra_sa_id = 80 + self.vpp_tra_spi = 4000 - auth_algo_vpp_id = 4 # internal VPP enum value for SHA_256_128 - auth_algo = 'SHA2-256-128' # scapy name - auth_key = 'C91KUR9GYMm5GfkEvNjX' + self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA_256_128) + self.auth_algo = 'SHA2-256-128' # scapy name + self.auth_key = 'C91KUR9GYMm5GfkEvNjX' - crypt_algo_vpp_id = 3 # internal VPP enum value for AES_CBC_256 - crypt_algo = 'AES-CBC' # scapy name - crypt_key = 'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h' + self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_256) + self.crypt_algo = 'AES-CBC' # scapy name + self.crypt_key = 'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h' class TemplateIpsec(VppTestCase): @@ -101,8 +112,10 @@ class TemplateIpsec(VppTestCase): self.tun_spd_id = 1 self.tra_spd_id = 2 - self.vpp_esp_protocol = 1 - self.vpp_ah_protocol = 0 + self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t. + IPSEC_API_PROTO_ESP) + self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t. + IPSEC_API_PROTO_AH) self.create_pg_interfaces(range(3)) self.interfaces = list(self.pg_interfaces) diff --git a/test/test_ipsec_ah.py b/test/test_ipsec_ah.py index 63e368c0a4a..caec8d431c5 100644 --- a/test/test_ipsec_ah.py +++ b/test/test_ipsec_ah.py @@ -10,6 +10,7 @@ from vpp_ipsec import VppIpsecSA, VppIpsecSpd, VppIpsecSpdEntry,\ VppIpsecSpdItfBinding from vpp_ip_route import VppIpRoute, VppRoutePath from vpp_ip import DpoProto +from vpp_papi import VppEnum class TemplateIpsecAh(TemplateIpsec): @@ -83,6 +84,8 @@ class TemplateIpsecAh(TemplateIpsec): remote_tun_if_host = params.remote_tun_if_host addr_any = params.addr_any addr_bcast = params.addr_bcast + e = VppEnum.vl_api_ipsec_spd_action_t + VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, @@ -111,28 +114,32 @@ class TemplateIpsecAh(TemplateIpsec): remote_tun_if_host, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], - 0, priority=10, policy=3, + 0, priority=10, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], remote_tun_if_host, remote_tun_if_host, - 0, priority=10, policy=3).add_vpp_config() + 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, + priority=10).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, remote_tun_if_host, self.pg0.local_addr[addr_type], self.pg0.local_addr[addr_type], - 0, priority=20, policy=3, + 0, priority=20, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg0.local_addr[addr_type], self.pg0.local_addr[addr_type], remote_tun_if_host, remote_tun_if_host, - 0, priority=20, policy=3).add_vpp_config() + 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, + priority=20).add_vpp_config() def config_ah_tra(self, params): addr_type = params.addr_type @@ -146,17 +153,20 @@ class TemplateIpsecAh(TemplateIpsec): crypt_key = params.crypt_key addr_any = params.addr_any addr_bcast = params.addr_bcast + flags = (VppEnum.vl_api_ipsec_sad_flags_t. + IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY) + e = VppEnum.vl_api_ipsec_spd_action_t VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_ah_protocol, - use_anti_replay=1).add_vpp_config() + flags=flags).add_vpp_config() VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_ah_protocol, - use_anti_replay=1).add_vpp_config() + flags=flags).add_vpp_config() VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id, addr_any, addr_bcast, @@ -173,14 +183,16 @@ class TemplateIpsecAh(TemplateIpsec): self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], self.tra_if.remote_addr[addr_type], - 0, priority=10, policy=3, + 0, priority=10, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id, self.tra_if.local_addr[addr_type], self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], self.tra_if.remote_addr[addr_type], - 0, priority=10, policy=3).add_vpp_config() + 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, + priority=10).add_vpp_config() class TestIpsecAh1(TemplateIpsecAh, IpsecTraTests, IpsecTunTests): diff --git a/test/test_ipsec_api.py b/test/test_ipsec_api.py index 30496b3792f..8aea42ab3df 100644 --- a/test/test_ipsec_api.py +++ b/test/test_ipsec_api.py @@ -1,7 +1,8 @@ import unittest from framework import VppTestCase, VppTestRunner -from template_ipsec import IPsecIPv4Params +from template_ipsec import TemplateIpsec, IPsecIPv4Params +from vpp_papi import VppEnum class IpsecApiTestCase(VppTestCase): @@ -13,8 +14,10 @@ class IpsecApiTestCase(VppTestCase): self.pg0.config_ip4() self.pg0.admin_up() - self.vpp_esp_protocol = 1 - self.vpp_ah_protocol = 0 + self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t. + IPSEC_API_PROTO_ESP) + self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t. + IPSEC_API_PROTO_AH) self.ipv4_params = IPsecIPv4Params() def tearDown(self): @@ -59,24 +62,22 @@ class IpsecApiTestCase(VppTestCase): crypt_algo_vpp_id = params.crypt_algo_vpp_id crypt_key = params.crypt_key - self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi, + self.vapi.ipsec_sad_entry_add_del(scapy_tun_sa_id, scapy_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_ah_protocol, - self.pg0.local_addr_n[addr_type], - self.pg0.remote_addr_n[addr_type], - is_tunnel=1, is_tunnel_ipv6=is_ipv6) + self.pg0.local_addr[addr_type], + self.pg0.remote_addr[addr_type]) with self.vapi.assert_negative_api_retval(): self.vapi.ipsec_select_backend( protocol=self.vpp_ah_protocol, index=0) - self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi, + self.vapi.ipsec_sad_entry_add_del(scapy_tun_sa_id, scapy_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_ah_protocol, - self.pg0.local_addr_n[addr_type], - self.pg0.remote_addr_n[addr_type], - is_tunnel=1, is_tunnel_ipv6=is_ipv6, + self.pg0.local_addr[addr_type], + self.pg0.remote_addr[addr_type], is_add=0) self.vapi.ipsec_select_backend( protocol=self.vpp_ah_protocol, index=0) diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 96e4833621a..ae62aecc2ed 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -9,6 +9,7 @@ from vpp_ipsec import VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSA,\ VppIpsecSpdItfBinding from vpp_ip_route import VppIpRoute, VppRoutePath from vpp_ip import DpoProto +from vpp_papi import VppEnum class TemplateIpsecEsp(TemplateIpsec): @@ -94,6 +95,7 @@ class TemplateIpsecEsp(TemplateIpsec): remote_tun_if_host = params.remote_tun_if_host addr_any = params.addr_any addr_bcast = params.addr_bcast + e = VppEnum.vl_api_ipsec_spd_action_t VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, auth_algo_vpp_id, auth_key, @@ -123,28 +125,32 @@ class TemplateIpsecEsp(TemplateIpsec): self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], 0, - priority=10, policy=3, + priority=10, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], remote_tun_if_host, remote_tun_if_host, 0, - priority=10, policy=3).add_vpp_config() + policy=e.IPSEC_API_SPD_ACTION_PROTECT, + priority=10).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, remote_tun_if_host, remote_tun_if_host, self.pg0.local_addr[addr_type], self.pg0.local_addr[addr_type], 0, - priority=20, policy=3, + priority=20, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg0.local_addr[addr_type], self.pg0.local_addr[addr_type], remote_tun_if_host, remote_tun_if_host, 0, - priority=20, policy=3).add_vpp_config() + policy=e.IPSEC_API_SPD_ACTION_PROTECT, + priority=20).add_vpp_config() def config_esp_tra(self, params): addr_type = params.addr_type @@ -158,17 +164,20 @@ class TemplateIpsecEsp(TemplateIpsec): crypt_key = params.crypt_key addr_any = params.addr_any addr_bcast = params.addr_bcast + flags = (VppEnum.vl_api_ipsec_sad_flags_t. + IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY) + e = VppEnum.vl_api_ipsec_spd_action_t VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - use_anti_replay=1).add_vpp_config() + flags=flags).add_vpp_config() VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - use_anti_replay=1).add_vpp_config() + flags=flags).add_vpp_config() VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id, addr_any, addr_bcast, @@ -185,14 +194,16 @@ class TemplateIpsecEsp(TemplateIpsec): self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], self.tra_if.remote_addr[addr_type], - 0, priority=10, policy=3, + 0, priority=10, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id, self.tra_if.local_addr[addr_type], self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], self.tra_if.remote_addr[addr_type], - 0, priority=10, policy=3).add_vpp_config() + 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, + priority=10).add_vpp_config() class TestIpsecEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests): diff --git a/test/test_ipsec_nat.py b/test/test_ipsec_nat.py index 89418b108e2..cdb9cb438f2 100644 --- a/test/test_ipsec_nat.py +++ b/test/test_ipsec_nat.py @@ -11,6 +11,7 @@ from vpp_ipsec import VppIpsecSA, VppIpsecSpd, VppIpsecSpdEntry,\ VppIpsecSpdItfBinding from vpp_ip_route import VppIpRoute, VppRoutePath from vpp_ip import DpoProto +from vpp_papi import VppEnum class IPSecNATTestCase(TemplateIpsec): @@ -155,6 +156,9 @@ class IPSecNATTestCase(TemplateIpsec): crypt_key = params.crypt_key addr_any = params.addr_any addr_bcast = params.addr_bcast + flags = (VppEnum.vl_api_ipsec_sad_flags_t. + IPSEC_API_SAD_FLAG_UDP_ENCAP) + e = VppEnum.vl_api_ipsec_spd_action_t VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, auth_algo_vpp_id, auth_key, @@ -162,14 +166,14 @@ class IPSecNATTestCase(TemplateIpsec): self.vpp_esp_protocol, self.pg1.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], - udp_encap=1).add_vpp_config() + flags=flags).add_vpp_config() VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.remote_addr[addr_type], self.pg1.remote_addr[addr_type], - udp_encap=1).add_vpp_config() + flags=flags).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, addr_any, addr_bcast, @@ -198,14 +202,16 @@ class IPSecNATTestCase(TemplateIpsec): self.tun_if.remote_addr[addr_type], self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], - 0, priority=10, policy=3, + 0, priority=10, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], - 0, priority=10, policy=3).add_vpp_config() + 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, + priority=10).add_vpp_config() def test_ipsec_nat_tun(self): """ IPSec/NAT tunnel test case """ diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py index 8c6da77cba8..1218c4bb8bb 100644 --- a/test/vpp_ipsec.py +++ b/test/vpp_ipsec.py @@ -1,5 +1,6 @@ from vpp_object import * from ipaddress import ip_address +from vpp_papi import VppEnum try: text_type = unicode @@ -82,7 +83,7 @@ class VppIpsecSpdEntry(VppObject): remote_start, remote_stop, proto, priority=100, - policy=0, + policy=None, is_outbound=1, remote_port_start=0, remote_port_stop=65535, @@ -98,7 +99,11 @@ class VppIpsecSpdEntry(VppObject): self.proto = proto self.is_outbound = is_outbound self.priority = priority - self.policy = policy + if not policy: + self.policy = (VppEnum.vl_api_ipsec_spd_action_t. + IPSEC_API_SPD_ACTION_BYPASS) + else: + self.policy = policy self.is_ipv6 = (0 if self.local_start.version == 4 else 1) self.local_port_start = local_port_start self.local_port_stop = local_port_stop @@ -106,13 +111,13 @@ class VppIpsecSpdEntry(VppObject): self.remote_port_stop = remote_port_stop def add_vpp_config(self): - self.test.vapi.ipsec_spd_add_del_entry( + self.test.vapi.ipsec_spd_entry_add_del( self.spd.id, self.sa_id, - self.local_start.packed, - self.local_stop.packed, - self.remote_start.packed, - self.remote_stop.packed, + self.local_start, + self.local_stop, + self.remote_start, + self.remote_stop, protocol=self.proto, is_ipv6=self.is_ipv6, is_outbound=self.is_outbound, @@ -125,13 +130,13 @@ class VppIpsecSpdEntry(VppObject): self.test.registry.register(self, self.test.logger) def remove_vpp_config(self): - self.test.vapi.ipsec_spd_add_del_entry( + self.test.vapi.ipsec_spd_entry_add_del( self.spd.id, self.sa_id, - self.local_start.packed, - self.local_stop.packed, - self.remote_start.packed, - self.remote_stop.packed, + self.local_start, + self.local_stop, + self.remote_start, + self.remote_stop, protocol=self.proto, is_ipv6=self.is_ipv6, is_outbound=self.is_outbound, @@ -157,12 +162,12 @@ class VppIpsecSpdEntry(VppObject): def query_vpp_config(self): ss = self.test.vapi.ipsec_spd_dump(self.spd.id) for s in ss: - if s.sa_id == self.sa_id and \ - s.is_outbound == self.is_outbound and \ - s.priority == self.priority and \ - s.policy == self.policy and \ - s.is_ipv6 == self.is_ipv6 and \ - s.remote_start_port == self.remote_port_start: + if s.entry.sa_id == self.sa_id and \ + s.entry.is_outbound == self.is_outbound and \ + s.entry.priority == self.priority and \ + s.entry.policy == self.policy and \ + s.entry.remote_address_start == self.remote_start and \ + s.entry.remote_port_start == self.remote_port_start: return True return False @@ -177,8 +182,8 @@ class VppIpsecSA(VppObject): crypto_alg, crypto_key, proto, tun_src=None, tun_dst=None, - use_anti_replay=0, - udp_encap=0): + flags=None): + e = VppEnum.vl_api_ipsec_sad_flags_t self.test = test self.id = id self.spi = spi @@ -187,22 +192,23 @@ class VppIpsecSA(VppObject): self.crypto_alg = crypto_alg self.crypto_key = crypto_key self.proto = proto - self.is_tunnel = 0 - self.is_tunnel_v6 = 0 + self.tun_src = tun_src self.tun_dst = tun_dst + if not flags: + self.flags = e.IPSEC_API_SAD_FLAG_NONE + else: + self.flags = flags if (tun_src): self.tun_src = ip_address(text_type(tun_src)) - self.is_tunnel = 1 + self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL if (self.tun_src.version == 6): - self.is_tunnel_v6 = 1 + self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 if (tun_dst): self.tun_dst = ip_address(text_type(tun_dst)) - self.use_anti_replay = use_anti_replay - self.udp_encap = udp_encap def add_vpp_config(self): - self.test.vapi.ipsec_sad_add_del_entry( + self.test.vapi.ipsec_sad_entry_add_del( self.id, self.spi, self.integ_alg, @@ -210,16 +216,13 @@ class VppIpsecSA(VppObject): self.crypto_alg, self.crypto_key, self.proto, - (self.tun_src.packed if self.tun_src else []), - (self.tun_dst.packed if self.tun_dst else []), - is_tunnel=self.is_tunnel, - is_tunnel_ipv6=self.is_tunnel_v6, - use_anti_replay=self.use_anti_replay, - udp_encap=self.udp_encap) + (self.tun_src if self.tun_src else []), + (self.tun_dst if self.tun_dst else []), + flags=self.flags) self.test.registry.register(self, self.test.logger) def remove_vpp_config(self): - self.test.vapi.ipsec_sad_add_del_entry( + self.test.vapi.ipsec_sad_entry_add_del( self.id, self.spi, self.integ_alg, @@ -227,12 +230,9 @@ class VppIpsecSA(VppObject): self.crypto_alg, self.crypto_key, self.proto, - (self.tun_src.packed if self.tun_src else []), - (self.tun_dst.packed if self.tun_dst else []), - is_tunnel=self.is_tunnel, - is_tunnel_ipv6=self.is_tunnel_v6, - use_anti_replay=self.use_anti_replay, - udp_encap=self.udp_encap, + (self.tun_src if self.tun_src else []), + (self.tun_dst if self.tun_dst else []), + flags=self.flags, is_add=0) def __str__(self): diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py index efe1454c934..d22cc7c4b49 100644 --- a/test/vpp_papi_provider.py +++ b/test/vpp_papi_provider.py @@ -3369,7 +3369,7 @@ class VppPapiProvider(object): {'spd_index': spd_index if spd_index else 0, 'spd_index_valid': 1 if spd_index else 0}) - def ipsec_sad_add_del_entry(self, + def ipsec_sad_entry_add_del(self, sad_id, spi, integrity_algorithm, @@ -3379,12 +3379,8 @@ class VppPapiProvider(object): protocol, tunnel_src_address='', tunnel_dst_address='', - is_tunnel=1, - is_tunnel_ipv6=0, - is_add=1, - udp_encap=0, - use_anti_replay=0, - use_extended_sequence_number=0): + flags=0, + is_add=1): """ IPSEC SA add/del :param sad_id: security association ID :param spi: security param index of the SA in decimal @@ -3401,31 +3397,35 @@ class VppPapiProvider(object): crypto and ipsec algorithms """ return self.api( - self.papi.ipsec_sad_add_del_entry, - {'sad_id': sad_id, - 'spi': spi, - 'tunnel_src_address': tunnel_src_address, - 'tunnel_dst_address': tunnel_dst_address, - 'protocol': protocol, - 'integrity_algorithm': integrity_algorithm, - 'integrity_key_length': len(integrity_key), - 'integrity_key': integrity_key, - 'crypto_algorithm': crypto_algorithm, - 'crypto_key_length': len(crypto_key) if crypto_key is not None - else 0, - 'crypto_key': crypto_key, - 'is_add': is_add, - 'is_tunnel': is_tunnel, - 'is_tunnel_ipv6': is_tunnel_ipv6, - 'udp_encap': udp_encap, - 'use_extended_sequence_number': use_extended_sequence_number, - 'use_anti_replay': use_anti_replay}) + self.papi.ipsec_sad_entry_add_del, + { + 'is_add': is_add, + 'entry': + { + 'sad_id': sad_id, + 'spi': spi, + 'tunnel_src': tunnel_src_address, + 'tunnel_dst': tunnel_dst_address, + 'protocol': protocol, + 'integrity_algorithm': integrity_algorithm, + 'integrity_key': { + 'length': len(integrity_key), + 'data': integrity_key, + }, + 'crypto_algorithm': crypto_algorithm, + 'crypto_key': { + 'length': len(crypto_key), + 'data': crypto_key, + }, + 'flags': flags, + } + }) def ipsec_sa_dump(self, sa_id=None): return self.api(self.papi.ipsec_sa_dump, {'sa_id': sa_id if sa_id else 0xffffffff}) - def ipsec_spd_add_del_entry(self, + def ipsec_spd_entry_add_del(self, spd_id, sa_id, local_address_start, @@ -3464,24 +3464,28 @@ class VppPapiProvider(object): :param is_add: (Default value = 1) """ return self.api( - self.papi.ipsec_spd_add_del_entry, - {'spd_id': spd_id, - 'sa_id': sa_id, - 'local_address_start': local_address_start, - 'local_address_stop': local_address_stop, - 'remote_address_start': remote_address_start, - 'remote_address_stop': remote_address_stop, - 'local_port_start': local_port_start, - 'local_port_stop': local_port_stop, - 'remote_port_start': remote_port_start, - 'remote_port_stop': remote_port_stop, - 'is_add': is_add, - 'protocol': protocol, - 'policy': policy, - 'priority': priority, - 'is_outbound': is_outbound, - 'is_ipv6': is_ipv6, - 'is_ip_any': is_ip_any}) + self.papi.ipsec_spd_entry_add_del, + { + 'is_add': is_add, + 'entry': + { + 'spd_id': spd_id, + 'sa_id': sa_id, + 'local_address_start': local_address_start, + 'local_address_stop': local_address_stop, + 'remote_address_start': remote_address_start, + 'remote_address_stop': remote_address_stop, + 'local_port_start': local_port_start, + 'local_port_stop': local_port_stop, + 'remote_port_start': remote_port_start, + 'remote_port_stop': remote_port_stop, + 'protocol': protocol, + 'policy': policy, + 'priority': priority, + 'is_outbound': is_outbound, + 'is_ip_any': is_ip_any + } + }) def ipsec_spd_dump(self, spd_id, sa_id=0xffffffff): return self.api(self.papi.ipsec_spd_dump, |