remote_port_stop=self.remote_port_stop)
self.stat_index = rv.stat_index
self.test.registry.register(self, self.test.logger)
+ return self
def remove_vpp_config(self):
self.test.vapi.ipsec_spd_entry_add_del(
tun_src=None, tun_dst=None,
flags=None, salt=0, tun_flags=None,
dscp=None,
- udp_src=None, udp_dst=None):
+ udp_src=None, udp_dst=None, hop_limit=None):
e = VppEnum.vl_api_ipsec_sad_flags_t
self.test = test
self.id = id
self.proto = proto
self.salt = salt
+ self.table_id = 0
self.tun_src = tun_src
self.tun_dst = tun_dst
if not flags:
if (tun_src):
self.tun_src = ip_address(text_type(tun_src))
self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL
- if (self.tun_src.version == 6):
- self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6
if (tun_dst):
self.tun_dst = ip_address(text_type(tun_dst))
self.udp_src = udp_src
self.dscp = VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_CS0
if dscp:
self.dscp = dscp
+ self.hop_limit = 255
+ if hop_limit:
+ self.hop_limit = hop_limit
+
+ def tunnel_encode(self):
+ return {'src': (self.tun_src if self.tun_src else []),
+ 'dst': (self.tun_dst if self.tun_dst else []),
+ 'encap_decap_flags': self.tun_flags,
+ 'dscp': self.dscp,
+ 'hop_limit': self.hop_limit,
+ 'table_id': self.table_id
+ }
def add_vpp_config(self):
entry = {
'length': len(self.crypto_key),
},
'protocol': self.proto,
- 'tunnel_src': (self.tun_src if self.tun_src else []),
- 'tunnel_dst': (self.tun_dst if self.tun_dst else []),
- 'tunnel_flags': self.tun_flags,
- 'dscp': self.dscp,
+ 'tunnel': self.tunnel_encode(),
'flags': self.flags,
'salt': self.salt
}
entry['udp_src_port'] = self.udp_src
if self.udp_dst:
entry['udp_dst_port'] = self.udp_dst
- r = self.test.vapi.ipsec_sad_entry_add_del_v2(is_add=1, entry=entry)
+ r = self.test.vapi.ipsec_sad_entry_add(entry=entry)
self.stat_index = r.stat_index
self.test.registry.register(self, self.test.logger)
return self
def remove_vpp_config(self):
- r = self.test.vapi.ipsec_sad_entry_add_del_v2(
- is_add=0,
- entry={
- 'sad_id': self.id,
- 'spi': self.spi,
- 'integrity_algorithm': self.integ_alg,
- 'integrity_key': {
- 'length': len(self.integ_key),
- 'data': self.integ_key,
- },
- 'crypto_algorithm': self.crypto_alg,
- 'crypto_key': {
- 'data': self.crypto_key,
- 'length': len(self.crypto_key),
- },
- 'protocol': self.proto,
- 'tunnel_src': (self.tun_src if self.tun_src else []),
- 'tunnel_dst': (self.tun_dst if self.tun_dst else []),
- 'flags': self.flags,
- 'salt': self.salt
- })
+ self.test.vapi.ipsec_sad_entry_del(id=self.id)
def object_id(self):
return "ipsec-sa-%d" % self.id
def query_vpp_config(self):
e = VppEnum.vl_api_ipsec_sad_flags_t
- bs = self.test.vapi.ipsec_sa_v2_dump()
+ bs = self.test.vapi.ipsec_sa_v3_dump()
for b in bs:
if b.entry.sad_id == self.id:
# if udp encap is configured then the ports should match
# +1 to skip main thread
return c[worker+1][self.stat_index]
+ def get_lost(self, worker=None):
+ c = self.test.statistics.get_counter("/net/ipsec/sa/lost")
+ if worker is None:
+ total = 0
+ for t in c:
+ total += t[self.stat_index]
+ return total
+ else:
+ # +1 to skip main thread
+ return c[worker+1][self.stat_index]
+
class VppIpsecTunProtect(VppObject):
"""
})
self.set_sw_if_index(r.sw_if_index)
self.test.registry.register(self, self.test.logger)
+ ts = self.test.vapi.ipsec_itf_dump(sw_if_index=self._sw_if_index)
+ self.instance = ts[0].itf.user_instance
return self
def remove_vpp_config(self):
def query_vpp_config(self):
ts = self.test.vapi.ipsec_itf_dump(sw_if_index=0xffffffff)
for t in ts:
- if t.tunnel.sw_if_index == self._sw_if_index:
+ if t.itf.sw_if_index == self._sw_if_index:
return True
return False
return self.object_id()
def object_id(self):
- return "ipsec-%d" % self._sw_if_index
+ return "ipsec%d" % self.instance