"""
ckey = crypto_key.encode('hex')
ikey = integ_key.encode('hex')
- tunnel = ''
- if tunnel_src is not None and tunnel_dst is not None:
- tunnel = 'tunnel_src {0} tunnel_dst {1}'.format(tunnel_src,
- tunnel_dst)
+ tunnel = 'tunnel_src {0} tunnel_dst {1}'.format(tunnel_src, tunnel_dst)\
+ if tunnel_src is not None and tunnel_dst is not None else ''
+
out = VatExecutor.cmd_from_template(node,
"ipsec/ipsec_sad_add_entry.vat",
sad_id=sad_id, spi=spi,
out[0],
err_msg='Add SAD entry failed on {0}'.format(node['host']))
+ @staticmethod
+ def vpp_ipsec_sa_set_key(node, sa_id, crypto_key, integ_key):
+ """Update Security Association (SA) keys.
+
+ :param node: VPP node to update SA keys.
+ :param sa_id: SAD entry ID.
+ :param crypto_key: The encryption key string.
+ :param integ_key: The integrity key string.
+ :type node: dict
+ :type sa_id: int
+ :type crypto_key: str
+ :type integ_key: str
+ """
+ ckey = crypto_key.encode('hex')
+ ikey = integ_key.encode('hex')
+
+ out = VatExecutor.cmd_from_template(node,
+ "ipsec/ipsec_sa_set_key.vat",
+ sa_id=sa_id,
+ ckey=ckey, ikey=ikey)
+ VatJsonUtil.verify_vat_retval(
+ out[0],
+ err_msg='Update SA key failed on {0}'.format(node['host']))
+
@staticmethod
def vpp_ipsec_add_spd(node, spd_id):
"""Create Security Policy Database on the VPP node.
:type spd_id: int
:type interface: str or int
"""
- if isinstance(interface, basestring):
- sw_if_index = Topology.get_interface_sw_index(node, interface)
- else:
- sw_if_index = interface
+ sw_if_index = Topology.get_interface_sw_index(node, interface)\
+ if isinstance(interface, basestring) else interface
+
out = VatExecutor.cmd_from_template(node,
"ipsec/ipsec_interface_add_spd.vat",
spd_id=spd_id, sw_if_id=sw_if_index)
:type sa_id: int
:type laddr_range: string
:type raddr_range: string
- :type proto: intPolicyAction
+ :type proto: int
:type lport_range: string
:type rport_range: string
"""