return cli + "\n" + str(self.cli(cli))
def _convert_mac(self, mac):
- return int(mac.replace(":", ""), 16) << 16
+ return mac.replace(':', '').decode('hex')
def show_version(self):
""" """
is_ipv6=0,
encap_vrf_id=0,
decap_next_index=0xFFFFFFFF,
- vni=0):
+ vni=0,
+ instance=0xFFFFFFFF):
"""
:param dst_addr:
:param decap_next_index: (Default value = 0xFFFFFFFF)
:param mcast_sw_if_index: (Default value = 0xFFFFFFFF)
:param vni: (Default value = 0)
+ :param instance: (Default value = 0xFFFFFFFF)
"""
return self.api(self.papi.vxlan_add_del_tunnel,
'mcast_sw_if_index': mcast_sw_if_index,
'encap_vrf_id': encap_vrf_id,
'decap_next_index': decap_next_index,
- 'vni': vni})
+ 'vni': vni,
+ 'instance': instance})
def geneve_add_del_tunnel(
self,
'tag1': tag1,
'tag2': tag2})
+ def sw_interface_set_l2_emulation(
+ self,
+ sw_if_index,
+ enable=1):
+ """L2 Emulation
+ :param sw_if_index - interface the operation is applied to
+
+ """
+ return self.api(self.papi.l2_emulation,
+ {'sw_if_index': sw_if_index,
+ 'enable': enable})
+
def sw_interface_set_flags(self, sw_if_index, admin_up_down):
"""
{'sw_if_index': sw_if_index,
'admin_up_down': admin_up_down})
+ def sw_interface_set_mtu(self, sw_if_index, mtu):
+ """
+ :param sw_if_index:
+ :param mtu:
+
+ """
+ return self.api(self.papi.sw_interface_set_mtu,
+ {'sw_if_index': sw_if_index,
+ 'mtu': mtu})
+
+ def sw_interface_set_mac_address(self, sw_if_index, mac):
+ return self.api(self.papi.sw_interface_set_mac_address,
+ {'sw_if_index': sw_if_index,
+ 'mac_address': mac})
+
def create_subif(self, sw_if_index, sub_id, outer_vlan, inner_vlan,
no_tags=0, one_tag=0, two_tags=0, dot1ad=0, exact_match=0,
default_sub=0, outer_vlan_id_any=0, inner_vlan_id_any=0):
next_hop_n_out_labels=0,
next_hop_out_label_stack=[],
next_hop_via_label=MPLS_LABEL_INVALID,
+ next_hop_id=0xFFFFFFFF,
is_resolve_host=0,
is_resolve_attached=0,
classify_table_index=0xFFFFFFFF,
is_local=0,
is_classify=0,
is_multipath=0,
- is_l2_bridged=0,
+ is_dvr=0,
+ is_udp_encap=0,
is_source_lookup=0):
"""
:param is_multipath: (Default value = 0)
:param is_resolve_host: (Default value = 0)
:param is_resolve_attached: (Default value = 0)
- :param is_l2_bridged: (Default value = 0)
+ :param is_dvr: (Default value = 0)
:param is_source_lookup: (Default value = 0)
:param next_hop_weight: (Default value = 1)
'is_multipath': is_multipath,
'is_resolve_host': is_resolve_host,
'is_resolve_attached': is_resolve_attached,
- 'is_l2_bridged': is_l2_bridged,
+ 'is_dvr': is_dvr,
'is_source_lookup': is_source_lookup,
+ 'is_udp_encap': is_udp_encap,
'next_hop_weight': next_hop_weight,
'dst_address_length': dst_address_length,
'dst_address': dst_address,
+ 'next_hop_id': next_hop_id,
'next_hop_address': next_hop_address,
'next_hop_n_out_labels': next_hop_n_out_labels,
'next_hop_via_label': next_hop_via_label,
src_address,
dst_address,
outer_fib_id=0,
- is_teb=0,
+ tunnel_type=0,
+ instance=0xFFFFFFFF,
+ session_id=0,
is_add=1,
is_ip6=0):
""" Add a GRE tunnel
:param src_address:
:param dst_address:
:param outer_fib_id: (Default value = 0)
+ :param tunnel_type: (Default value = 0)
+ :param instance: (Default value = 0xFFFFFFFF)
+ :param session_id: (Defalt value = 0)
:param is_add: (Default value = 1)
:param is_ipv6: (Default value = 0)
- :param is_teb: (Default value = 0)
"""
return self.api(
self.papi.gre_add_del_tunnel,
{'is_add': is_add,
'is_ipv6': is_ip6,
- 'teb': is_teb,
+ 'tunnel_type': tunnel_type,
+ 'instance': instance,
'src_address': src_address,
'dst_address': dst_address,
- 'outer_fib_id': outer_fib_id}
+ 'outer_fib_id': outer_fib_id,
+ 'session_id': session_id}
+ )
+
+ def udp_encap_add_del(self,
+ id,
+ src_ip,
+ dst_ip,
+ src_port,
+ dst_port,
+ table_id=0,
+ is_add=1,
+ is_ip6=0):
+ """ Add a GRE tunnel
+ :param id: user provided ID
+ :param src_ip:
+ :param dst_ip:
+ :param src_port:
+ :param dst_port:
+ :param outer_fib_id: (Default value = 0)
+ :param is_add: (Default value = 1)
+ :param is_ipv6: (Default value = 0)
+ """
+
+ return self.api(
+ self.papi.udp_encap_add_del,
+ {'id': id,
+ 'is_add': is_add,
+ 'is_ip6': is_ip6,
+ 'src_ip': src_ip,
+ 'dst_ip': dst_ip,
+ 'src_port': src_port,
+ 'dst_port': dst_port,
+ 'table_id': table_id}
)
+ def udp_encap_dump(self):
+ return self.api(self.papi.udp_encap_dump, {})
+
def mpls_fib_dump(self):
return self.api(self.papi.mpls_fib_dump, {})
:param next_hop_weight: (Default value = 1)
"""
-
return self.api(
self.papi.mpls_route_add_del,
{'mr_label': label,
addr_only=1,
vrf_id=0,
protocol=0,
+ twice_nat=0,
+ out2in_only=0,
+ tag="",
is_add=1):
"""Add/delete NAT44 static mapping
:param addr_only: 1 if address only mapping, 0 if address and port
:param vrf_id: VRF ID
:param protocol: IP protocol (Default value = 0)
+ :param twice_nat: 1 if translate external host address and port
+ :param out2in_only: if 1 rule is matching only out2in direction
+ :param tag: Opaque string tag
:param is_add: 1 if add, 0 if delete (Default value = 1)
"""
return self.api(
'external_port': external_port,
'external_sw_if_index': external_sw_if_index,
'vrf_id': vrf_id,
+ 'protocol': protocol,
+ 'twice_nat': twice_nat,
+ 'out2in_only': out2in_only,
+ 'tag': tag})
+
+ def nat44_add_del_identity_mapping(
+ self,
+ ip='0',
+ sw_if_index=0xFFFFFFFF,
+ port=0,
+ addr_only=1,
+ vrf_id=0,
+ protocol=0,
+ tag='',
+ is_add=1):
+ """Add/delete NAT44 identity mapping
+
+ :param ip: IP address (Default value = 0)
+ :param sw_if_index: Interface instead of IP address
+ :param port: Port number (Default value = 0)
+ :param addr_only: 1 if address only mapping, 0 if address and port
+ :param vrf_id: VRF ID
+ :param protocol: IP protocol (Default value = 0)
+ :param tag: Opaque string tag
+ :param is_add: 1 if add, 0 if delete (Default value = 1)
+ """
+ return self.api(
+ self.papi.nat44_add_del_identity_mapping,
+ {'is_add': is_add,
+ 'addr_only': addr_only,
+ 'ip_address': ip,
+ 'port': port,
+ 'sw_if_index': sw_if_index,
+ 'vrf_id': vrf_id,
+ 'tag': tag,
'protocol': protocol})
def nat44_add_del_address_range(
first_ip_address,
last_ip_address,
is_add=1,
- vrf_id=0xFFFFFFFF):
+ vrf_id=0xFFFFFFFF,
+ twice_nat=0):
"""Add/del NAT44 address range
:param first_ip_address: First IP address
:param last_ip_address: Last IP address
:param vrf_id: VRF id for the address range
+ :param twice_nat: twice NAT address for extenal hosts
:param is_add: 1 if add, 0 if delete (Default value = 1)
"""
return self.api(
{'first_ip_address': first_ip_address,
'last_ip_address': last_ip_address,
'vrf_id': vrf_id,
+ 'twice_nat': twice_nat,
'is_add': is_add})
def nat44_address_dump(self):
"""
return self.api(self.papi.nat44_static_mapping_dump, {})
+ def nat44_identity_mapping_dump(self):
+ """Dump NAT44 identity mappings
+ :return: Dictionary of NAT44 identity mappings
+ """
+ return self.api(self.papi.nat44_identity_mapping_dump, {})
+
def nat_show_config(self):
"""Show NAT plugin config
:return: NAT plugin config parameters
def nat44_add_interface_addr(
self,
sw_if_index,
+ twice_nat=0,
is_add=1):
"""Add/del NAT44 address from interface
:param sw_if_index: Software index of the interface
+ :param twice_nat: twice NAT address for extenal hosts
:param is_add: 1 if add, 0 if delete (Default value = 1)
"""
- return self.api(self.papi.nat44_add_del_interface_addr,
- {'is_add': is_add, 'sw_if_index': sw_if_index})
+ return self.api(
+ self.papi.nat44_add_del_interface_addr,
+ {'is_add': is_add,
+ 'sw_if_index': sw_if_index,
+ 'twice_nat': twice_nat})
def nat44_interface_addr_dump(self):
"""Dump NAT44 addresses interfaces
external_port,
protocol,
vrf_id=0,
+ twice_nat=0,
+ out2in_only=0,
+ tag='',
local_num=0,
locals=[],
is_add=1):
"""Add/delete NAT44 load balancing static mapping
+ :param twice_nat: 1 if translate external host address and port
+ :param tag: Opaque string tag
:param is_add - 1 if add, 0 if delete
"""
return self.api(
'external_port': external_port,
'protocol': protocol,
'vrf_id': vrf_id,
+ 'twice_nat': twice_nat,
+ 'out2in_only': out2in_only,
+ 'tag': tag,
'local_num': local_num,
'locals': locals})
'vrf_id': vrf_id,
'is_in': is_in})
+ def nat44_forwarding_enable_disable(
+ self,
+ enable):
+ """Enable/disable forwarding for NAT44
+
+ :param enable: 1 for enable, 0 for disable
+ """
+ return self.api(
+ self.papi.nat44_forwarding_enable_disable,
+ {'enable': enable})
+
+ def nat_set_reass(
+ self,
+ timeout=2,
+ max_reass=1024,
+ max_frag=5,
+ drop_frag=0,
+ is_ip6=0):
+ """Set NAT virtual fragmentation reassembly
+
+ :param timeout: reassembly timeout (Default 2sec)
+ :param max_reass: maximum concurrent reassemblies (Default 1024)
+ :param max_frag: maximum fragmets per reassembly (Default 5)
+ :param drop_frag: if 0 translate fragments, otherwise drop fragments
+ :param is_ip6: 1 if IPv6, 0 if IPv4
+ """
+ return self.api(
+ self.papi.nat_set_reass,
+ {'timeout': timeout,
+ 'max_reass': max_reass,
+ 'max_frag': max_frag,
+ 'drop_frag': drop_frag,
+ 'is_ip6': is_ip6})
+
+ def nat_get_reass(self):
+ """Get NAT virtual fragmentation reassembly configuration
+
+ :return: NAT virtual fragmentation reassembly configuration
+ """
+ return self.api(self.papi.nat_get_reass, {})
+
+ def nat_reass_dump(self):
+ """Dump NAT virtual fragmentation reassemblies
+
+ :return: Dictionary of NAT virtual fragmentation reassemblies
+ """
+ return self.api(self.papi.nat_reass_dump, {})
+
def nat_det_add_del_map(
self,
in_addr,
"""
return self.api(self.papi.nat64_prefix_dump, {})
+ def nat64_add_interface_addr(
+ self,
+ sw_if_index,
+ is_add=1):
+ """Add/del NAT64 address from interface
+
+ :param sw_if_index: Software index of the interface
+ :param is_add: 1 if add, 0 if delete (Default value = 1)
+ """
+ return self.api(self.papi.nat64_add_del_interface_addr,
+ {'is_add': is_add, 'sw_if_index': sw_if_index})
+
+ def dslite_set_aftr_addr(self, ip6, ip4):
+ """Set DS-Lite AFTR addresses
+
+ :param ip4: IPv4 address
+ :param ip6: IPv6 address
+ """
+ return self.api(
+ self.papi.dslite_set_aftr_addr,
+ {'ip4_addr': ip4,
+ 'ip6_addr': ip6})
+
+ def dslite_set_b4_addr(self, ip6, ip4):
+ """Set DS-Lite B4 IPv6 address
+
+ :param ip4: IPv4 address
+ :param ip6: IPv6 address
+ """
+ return self.api(
+ self.papi.dslite_set_b4_addr,
+ {'ip4_addr': ip4,
+ 'ip6_addr': ip6})
+
+ def dslite_add_del_pool_addr_range(
+ self,
+ start_addr,
+ end_addr,
+ is_add=1):
+ """Add/del address range to DS-Lite pool
+
+ :param start_addr: First IP address
+ :param end_addr: Last IP address
+ :param is_add: 1 if add, 0 if delete (Default value = 1)
+ """
+ return self.api(
+ self.papi.dslite_add_del_pool_addr_range,
+ {'start_addr': start_addr,
+ 'end_addr': end_addr,
+ 'is_add': is_add})
+
+ def nat66_add_del_interface(
+ self,
+ sw_if_index,
+ is_inside=1,
+ is_add=1):
+ """Enable/disable NAT66 feature on the interface
+ :param sw_if_index: Index of the interface
+ :param is_inside: 1 if inside, 0 if outside (Default value = 1)
+ :param is_add: 1 if add, 0 if delete (Default value = 1)
+ """
+ return self.api(
+ self.papi.nat66_add_del_interface,
+ {'sw_if_index': sw_if_index,
+ 'is_inside': is_inside,
+ 'is_add': is_add})
+
+ def nat66_add_del_static_mapping(
+ self,
+ in_ip,
+ out_ip,
+ vrf_id=0,
+ is_add=1):
+ """Add/delete NAT66 static mapping
+
+ :param in_ip: Inside IPv6 address
+ :param out_ip: Outside IPv6 address
+ :param vrf_id: VRF ID (Default value = 0)
+ :param is_add: 1 if add, 0 if delete (Default value = 1)
+ """
+ return self.api(
+ self.papi.nat66_add_del_static_mapping,
+ {'local_ip_address': in_ip,
+ 'external_ip_address': out_ip,
+ 'vrf_id': vrf_id,
+ 'is_add': is_add})
+
+ def nat66_interface_dump(self):
+ """Dump interfaces with NAT66 feature
+ :return: Dictionary of interfaces with NAT66 feature
+ """
+ return self.api(self.papi.nat66_interface_dump, {})
+
+ def nat66_static_mapping_dump(self):
+ """Dump NAT66 static mappings
+ :return: Dictionary of NAT66 static mappings
+ """
+ return self.api(self.papi.nat66_static_mapping_dump, {})
+
def control_ping(self):
self.api(self.papi.control_ping)
'l2_table_index': l2_table_index,
'is_add': is_add})
+ def output_acl_set_interface(
+ self,
+ is_add,
+ sw_if_index,
+ ip4_table_index=0xFFFFFFFF,
+ ip6_table_index=0xFFFFFFFF,
+ l2_table_index=0xFFFFFFFF):
+ """
+ :param is_add:
+ :param sw_if_index:
+ :param ip4_table_index: (Default value = 0xFFFFFFFF)
+ :param ip6_table_index: (Default value = 0xFFFFFFFF)
+ :param l2_table_index: (Default value = 0xFFFFFFFF)
+ """
+
+ return self.api(
+ self.papi.output_acl_set_interface,
+ {'sw_if_index': sw_if_index,
+ 'ip4_table_index': ip4_table_index,
+ 'ip6_table_index': ip6_table_index,
+ 'l2_table_index': l2_table_index,
+ 'is_add': is_add})
+
def set_ipfix_exporter(
self,
collector_address,
def dhcp_proxy_set_vss(self,
table_id,
- fib_id,
- oui,
+ vss_type=255,
+ vpn_ascii_id="",
+ oui=0,
+ vpn_index=0,
is_add=1,
is_ip6=0):
return self.api(
self.papi.dhcp_proxy_set_vss,
{
'tbl_id': table_id,
- 'fib_id': fib_id,
- 'is_ipv6': is_ip6,
- 'is_add': is_add,
+ 'vss_type': vss_type,
+ 'vpn_ascii_id': vpn_ascii_id,
'oui': oui,
+ 'vpn_index': vpn_index,
+ 'is_add': is_add,
+ 'is_ipv6': is_ip6,
})
def dhcp_client(self,
hostname,
client_id='',
is_add=1,
+ set_broadcast_flag=1,
want_dhcp_events=0):
return self.api(
self.papi.dhcp_client_config,
'client_id': client_id,
'is_add': is_add,
'want_dhcp_event': want_dhcp_events,
+ 'set_broadcast_flag': set_broadcast_flag,
'pid': os.getpid(),
})
grp_address,
grp_address_length,
e_flags,
+ next_hop_afi,
next_hop_sw_if_index,
i_flags,
+ bier_imp=0,
rpf_id=0,
table_id=0,
is_add=1,
is_ipv6=0,
is_local=0):
"""
+ IP Multicast Route add/del
"""
return self.api(
self.papi.ip_mroute_add_del,
'is_add': is_add,
'is_ipv6': is_ipv6,
'is_local': is_local,
+ 'bier_imp': bier_imp,
+ 'next_hop_afi': next_hop_afi,
'grp_address_length': grp_address_length,
'grp_address': grp_address,
'src_address': src_address})
def ip_mfib_dump(self):
return self.api(self.papi.ip_mfib_dump, {})
+ def ip6_mfib_dump(self):
+ return self.api(self.papi.ip6_mfib_dump, {})
+
def lisp_enable_disable(self, is_enabled):
return self.api(
self.papi.lisp_enable_disable,
psid_offset=0,
psid_length=0,
is_translation=0,
+ is_rfc6052=0,
mtu=1280):
return self.api(
self.papi.map_add_domain,
'psid_offset': psid_offset,
'psid_length': psid_length,
'is_translation': is_translation,
+ 'is_rfc6052': is_rfc6052,
'mtu': mtu
})
'acls': acls},
expected_retval=expected_retval)
+ def acl_interface_set_etype_whitelist(self, sw_if_index,
+ n_input, whitelist,
+ expected_retval=0):
+ return self.api(self.papi.acl_interface_set_etype_whitelist,
+ {'sw_if_index': sw_if_index,
+ 'count': len(whitelist),
+ 'n_input': n_input,
+ 'whitelist': whitelist},
+ expected_retval=expected_retval)
+
+ def acl_interface_add_del(self,
+ sw_if_index,
+ acl_index,
+ is_add=1):
+ """ Add/Delete ACL to/from interface
+
+ :param sw_if_index:
+ :param acl_index:
+ :param is_add: (Default value = 1)
+ """
+
+ return self.api(self.papi.acl_interface_add_del,
+ {'is_add': is_add,
+ 'is_input': 1,
+ 'sw_if_index': sw_if_index,
+ 'acl_index': acl_index})
+
def acl_dump(self, acl_index, expected_retval=0):
return self.api(self.papi.acl_dump,
{'acl_index': acl_index},
'nh': nh,
'is_add': is_add,
'is_ip6': is_ip6})
+
+ def bier_table_add_del(self,
+ bti,
+ mpls_label,
+ is_add=1):
+ """ BIER Table add/del """
+ return self.api(
+ self.papi.bier_table_add_del,
+ {'bt_tbl_id': {"bt_set": bti.set_id,
+ "bt_sub_domain": bti.sub_domain_id,
+ "bt_hdr_len_id": bti.hdr_len_id},
+ 'bt_label': mpls_label,
+ 'bt_is_add': is_add})
+
+ def bier_table_dump(self):
+ return self.api(self.papi.bier_table_dump, {})
+
+ def bier_route_add_del(self,
+ bti,
+ bp,
+ paths,
+ is_add=1):
+ """ BIER Route add/del """
+ return self.api(
+ self.papi.bier_route_add_del,
+ {'br_tbl_id': {"bt_set": bti.set_id,
+ "bt_sub_domain": bti.sub_domain_id,
+ "bt_hdr_len_id": bti.hdr_len_id},
+ 'br_bp': bp,
+ 'br_n_paths': len(paths),
+ 'br_paths': paths,
+ 'br_is_add': is_add})
+
+ def bier_route_dump(self, bti):
+ return self.api(
+ self.papi.bier_route_dump,
+ {'br_tbl_id': {"bt_set": bti.set_id,
+ "bt_sub_domain": bti.sub_domain_id,
+ "bt_hdr_len_id": bti.hdr_len_id}})
+
+ def bier_imp_add(self,
+ bti,
+ src,
+ ibytes,
+ is_add=1):
+ """ BIER Imposition Add """
+ return self.api(
+ self.papi.bier_imp_add,
+ {'bi_tbl_id': {"bt_set": bti.set_id,
+ "bt_sub_domain": bti.sub_domain_id,
+ "bt_hdr_len_id": bti.hdr_len_id},
+ 'bi_src': src,
+ 'bi_n_bytes': len(ibytes),
+ 'bi_bytes': ibytes})
+
+ def bier_imp_del(self, bi_index):
+ """ BIER Imposition del """
+ return self.api(
+ self.papi.bier_imp_del,
+ {'bi_index': bi_index})
+
+ def bier_imp_dump(self):
+ return self.api(self.papi.bier_imp_dump, {})
+
+ def bier_disp_table_add_del(self,
+ bdti,
+ is_add=1):
+ """ BIER Disposition Table add/del """
+ return self.api(
+ self.papi.bier_disp_table_add_del,
+ {'bdt_tbl_id': bdti,
+ 'bdt_is_add': is_add})
+
+ def bier_disp_table_dump(self):
+ return self.api(self.papi.bier_disp_table_dump, {})
+
+ def bier_disp_entry_add_del(self,
+ bdti,
+ bp,
+ payload_proto,
+ next_hop_afi,
+ next_hop,
+ next_hop_tbl_id=0,
+ next_hop_rpf_id=~0,
+ next_hop_is_ip4=1,
+ is_add=1):
+ """ BIER Route add/del """
+ lstack = []
+ while (len(lstack) < 16):
+ lstack.append({})
+ return self.api(
+ self.papi.bier_disp_entry_add_del,
+ {'bde_tbl_id': bdti,
+ 'bde_bp': bp,
+ 'bde_payload_proto': payload_proto,
+ 'bde_n_paths': 1,
+ 'bde_paths': [{'next_hop': next_hop,
+ 'table_id': next_hop_tbl_id,
+ 'afi': next_hop_afi,
+ 'rpf_id': next_hop_rpf_id,
+ 'n_labels': 0,
+ 'label_stack': lstack}],
+ 'bde_is_add': is_add})
+
+ def bier_disp_entry_dump(self, bdti):
+ return self.api(
+ self.papi.bier_disp_entry_dump,
+ {'bde_tbl_id': bdti})
+
+ def add_node_next(self, node_name, next_name):
+ """ Set the next node for a given node request
+
+ :param node_name:
+ :param next_name:
+ """
+ return self.api(self.papi.add_node_next,
+ {'node_name': node_name,
+ 'next_name': next_name})
+
+ def session_enable_disable(self, is_enabled):
+ return self.api(
+ self.papi.session_enable_disable,
+ {'is_enable': is_enabled})
+
+ def ipsec_spd_add_del(self, spd_id, is_add=1):
+ """ SPD add/del - Wrapper to add or del ipsec SPD
+ Sample CLI : 'ipsec spd add 1'
+
+ :param spd_id - SPD ID to be created in the vpp . mandatory
+ :param is_add - create (1) or delete(0) SPD (Default 1 - add) .
+ optional
+ :returns: reply from the API
+ """
+ return self.api(
+ self.papi.ipsec_spd_add_del, {
+ 'spd_id': spd_id, 'is_add': is_add})
+
+ def ipsec_interface_add_del_spd(self, spd_id, sw_if_index, is_add=1):
+ """ IPSEC interface SPD add/del - \
+ Wrapper to associate/disassociate SPD to interface in VPP
+ Sample CLI : 'set interface ipsec spd GigabitEthernet0/6/0 1'
+
+ :param spd_id - SPD ID to associate with the interface . mandatory
+ :param sw_if_index - Interface Index which needs to ipsec \
+ association mandatory
+ :param is_add - add(1) or del(0) association with interface \
+ (Default 1 - add) . optional
+ :returns: reply from the API
+ """
+ return self.api(
+ self.papi.ipsec_interface_add_del_spd, {
+ 'spd_id': spd_id,
+ 'sw_if_index': sw_if_index, 'is_add': is_add})
+
+ def ipsec_sad_add_del_entry(self,
+ sad_id,
+ spi,
+ tunnel_src_address='',
+ tunnel_dst_address='',
+ protocol=0,
+ integrity_algorithm=2,
+ integrity_key_length=0,
+ integrity_key='C91KUR9GYMm5GfkEvNjX',
+ crypto_algorithm=1,
+ crypto_key_length=0,
+ crypto_key='JPjyOWBeVEQiMe7h',
+ is_add=1,
+ is_tunnel=1):
+ """ IPSEC SA add/del
+ Sample CLI : 'ipsec sa add 10 spi 1001 esp \
+ crypto-key 4a506a794f574265564551694d653768 \
+ crypto-alg aes-cbc-128 \
+ integ-key 4339314b55523947594d6d3547666b45764e6a58 \
+ integ-alg sha1-96 tunnel-src 192.168.100.3 \
+ tunnel-dst 192.168.100.2'
+ Sample CLI : 'ipsec sa add 20 spi 2001 \
+ integ-key 4339314b55523947594d6d3547666b45764e6a58 \
+ integ-alg sha1-96'
+
+ :param sad_id - Security Association ID to be \
+ created or deleted. mandatory
+ :param spi - security param index of the SA in decimal. mandatory
+ :param tunnel_src_address - incase of tunnel mode outer src address .\
+ mandatory for tunnel mode
+ :param tunnel_dst_address - incase of transport mode \
+ outer dst address. mandatory for tunnel mode
+ :param protocol - AH(0) or ESP(1) protocol (Default 0 - AH). optional
+ :param integrity_algorithm - value range 1-6 Default(2 - SHA1_96).\
+ optional **
+ :param integrity_key - value in string \
+ (Default C91KUR9GYMm5GfkEvNjX).optional
+ :param integrity_key_length - length of the key string in bytes\
+ (Default 0 - integrity disabled). optional
+ :param crypto_algorithm - value range 1-11 Default \
+ (1- AES_CBC_128).optional **
+ :param crypto_key - value in string(Default JPjyOWBeVEQiMe7h).optional
+ :param crypto_key_length - length of the key string in bytes\
+ (Default 0 - crypto disabled). optional
+ :param is_add - add(1) or del(0) ipsec SA entry(Default 1 - add) .\
+ optional
+ :param is_tunnel - tunnel mode (1) or transport mode(0) \
+ (Default 1 - tunnel). optional
+ :returns: reply from the API
+ :** reference /vpp/src/vnet/ipsec/ipsec.h file for enum values of
+ crypto and ipsec algorithms
+ """
+ return self.api(
+ self.papi.ipsec_sad_add_del_entry,
+ {'sad_id': sad_id,
+ 'spi': spi,
+ 'tunnel_src_address': tunnel_src_address,
+ 'tunnel_dst_address': tunnel_dst_address,
+ 'protocol': protocol,
+ 'integrity_algorithm': integrity_algorithm,
+ 'integrity_key_length': integrity_key_length,
+ 'integrity_key': integrity_key,
+ 'crypto_algorithm': crypto_algorithm,
+ 'crypto_key_length': crypto_key_length,
+ 'crypto_key': crypto_key,
+ 'is_add': is_add,
+ 'is_tunnel': is_tunnel})
+
+ def ipsec_spd_add_del_entry(self,
+ spd_id,
+ local_address_start,
+ local_address_stop,
+ remote_address_start,
+ remote_address_stop,
+ local_port_start=0,
+ local_port_stop=65535,
+ remote_port_start=0,
+ remote_port_stop=65535,
+ protocol=0,
+ sa_id=10,
+ policy=0,
+ priority=100,
+ is_outbound=1,
+ is_add=1,
+ is_ip_any=0):
+ """ IPSEC policy SPD add/del -
+ Wrapper to configure ipsec SPD policy entries in VPP
+ Sample CLI : 'ipsec policy add spd 1 inbound priority 10 action \
+ protect sa 20 local-ip-range 192.168.4.4 - 192.168.4.4 \
+ remote-ip-range 192.168.3.3 - 192.168.3.3'
+
+ :param spd_id - SPD ID for the policy . mandatory
+ :param local_address_start - local-ip-range start address . mandatory
+ :param local_address_stop - local-ip-range stop address . mandatory
+ :param remote_address_start - remote-ip-range start address . mandatory
+ :param remote_address_stop - remote-ip-range stop address . mandatory
+ :param local_port_start - (Default 0) . optional
+ :param local_port_stop - (Default 65535). optional
+ :param remote_port_start - (Default 0). optional
+ :param remote_port_stop - (Default 65535). optional
+ :param protocol - Any(0), AH(51) & ESP(50) protocol (Default 0 - Any).
+ optional
+ :param sa_id - Security Association ID for mapping it to SPD
+ (default 10). optional
+ :param policy - bypass(0), discard(1), resolve(2) or protect(3)action
+ (Default 0 - bypass). optional
+ :param priotity - value for the spd action (Default 100). optional
+ :param is_outbound - flag for inbound(0) or outbound(1)
+ (Default 1 - outbound). optional
+ :param is_add flag - for addition(1) or deletion(0) of the spd
+ (Default 1 - addtion). optional
+ :returns: reply from the API
+ """
+ return self.api(
+ self.papi.ipsec_spd_add_del_entry,
+ {'spd_id': spd_id,
+ 'local_address_start': local_address_start,
+ 'local_address_stop': local_address_stop,
+ 'remote_address_start': remote_address_start,
+ 'remote_address_stop': remote_address_stop,
+ 'local_port_start': local_port_start,
+ 'local_port_stop': local_port_stop,
+ 'remote_port_start': remote_port_start,
+ 'remote_port_stop': remote_port_stop,
+ 'is_add': is_add,
+ 'protocol': protocol,
+ 'policy': policy,
+ 'priority': priority,
+ 'is_outbound': is_outbound,
+ 'sa_id': sa_id,
+ 'is_ip_any': is_ip_any})
+
+ def app_namespace_add(self,
+ namespace_id,
+ ip4_fib_id=0,
+ ip6_fib_id=0,
+ sw_if_index=0xFFFFFFFF,
+ secret=0):
+ return self.api(
+ self.papi.app_namespace_add_del,
+ {'secret': secret,
+ 'sw_if_index': sw_if_index,
+ 'ip4_fib_id': ip4_fib_id,
+ 'ip6_fib_id': ip6_fib_id,
+ 'namespace_id': namespace_id,
+ 'namespace_id_len': len(namespace_id)})
+
+ def punt_socket_register(self, l4_port, pathname, header_version=1,
+ is_ip4=1, l4_protocol=0x11):
+ """ Punt to socket """
+ return self.api(self.papi.punt_socket_register,
+ {'is_ip4': is_ip4,
+ 'l4_protocol': l4_protocol,
+ 'l4_port': l4_port,
+ 'pathname': pathname,
+ 'header_version': header_version})
+
+ def ip_reassembly_set(self, timeout_ms, max_reassemblies,
+ expire_walk_interval_ms, is_ip6=0):
+ """ Set IP reassembly parameters """
+ return self.api(self.papi.ip_reassembly_set,
+ {'is_ip6': is_ip6,
+ 'timeout_ms': timeout_ms,
+ 'expire_walk_interval_ms': expire_walk_interval_ms,
+ 'max_reassemblies': max_reassemblies})
+
+ def ip_reassembly_get(self, is_ip6=0):
+ """ Get IP reassembly parameters """
+ return self.api(self.papi.ip_reassembly_get, {'is_ip6': is_ip6})
+
+ def gbp_endpoint_add_del(self, is_add, sw_if_index, addr, is_ip6, epg):
+ """ GBP endpoint Add/Del """
+ return self.api(self.papi.gbp_endpoint_add_del,
+ {'is_add': is_add,
+ 'endpoint': {
+ 'is_ip6': is_ip6,
+ 'sw_if_index': sw_if_index,
+ 'address': addr,
+ 'epg_id': epg}})
+
+ def gbp_endpoint_dump(self):
+ """ GBP endpoint Dump """
+ return self.api(self.papi.gbp_endpoint_dump, {})
+
+ def gbp_contract_add_del(self, is_add, src_epg, dst_epg, acl_index):
+ """ GBP contract Add/Del """
+ return self.api(self.papi.gbp_contract_add_del,
+ {'is_add': is_add,
+ 'contract': {
+ 'acl_index': acl_index,
+ 'src_epg': src_epg,
+ 'dst_epg': dst_epg}})
+
+ def gbp_contract_dump(self):
+ """ GBP contract Dump """
+ return self.api(self.papi.gbp_contract_dump, {})
+
+ def ipip_6rd_add_tunnel(self, fib_index, ip6_prefix, ip6_prefix_len,
+ ip4_prefix, ip4_prefix_len, ip4_src,
+ security_check):
+ """ 6RD tunnel Add """
+ return self.api(self.papi.ipip_6rd_add_tunnel,
+ {'fib_index': fib_index,
+ 'ip6_prefix': ip6_prefix,
+ 'ip6_prefix_len': ip6_prefix_len,
+ 'ip4_prefix': ip4_prefix,
+ 'ip4_prefix_len': ip4_prefix_len,
+ 'ip4_src': ip4_src,
+ 'security_check': security_check})
+
+ def ipip_6rd_del_tunnel(self, sw_if_index):
+ """ 6RD tunnel Delete """
+ return self.api(self.papi.ipip_6rd_del_tunnel,
+ {'sw_if_index': sw_if_index})
+
+ def ipip_add_tunnel(self, src_address, dst_address, is_ipv6=1,
+ instance=0xFFFFFFFF, fib_index=0):
+ """ IPIP tunnel Add/Del """
+ return self.api(self.papi.ipip_add_tunnel,
+ {'is_ipv6': is_ipv6,
+ 'instance': instance,
+ 'src_address': src_address,
+ 'dst_address': dst_address,
+ 'fib_index': fib_index})
+
+ def ipip_del_tunnel(self, sw_if_index):
+ """ IPIP tunnel Delete """
+ return self.api(self.papi.ipip_del_tunnel,
+ {'sw_if_index': sw_if_index})