X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=resources%2Flibraries%2Fpython%2FIPsecUtil.py;h=19995e547de2465d7a8e1575d45df25920c14460;hb=82315071628b1ee70d699699cafb5afa425e135f;hp=8ecfbc3d986203a1094d8161fde8e195b9cada1f;hpb=163b0ddd64020535a65e8923491d568726936129;p=csit.git diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py index 8ecfbc3d98..19995e547d 100644 --- a/resources/libraries/python/IPsecUtil.py +++ b/resources/libraries/python/IPsecUtil.py @@ -1890,123 +1890,6 @@ class IPsecUtil: ) scp_node(nodes[dut], script_filename, script_filename) - @staticmethod - def vpp_ipsec_create_tunnel_interfaces_in_containers( - nodes: dict, - if1_ip_addr: str, - if2_ip_addr: str, - n_tunnels: int, - crypto_alg: CryptoAlg, - integ_alg: Optional[IntegAlg], - raddr_ip1: str, - raddr_ip2: str, - raddr_range: int, - n_instances: int, - ) -> None: - """Create multiple IPsec tunnel interfaces between two VPP nodes. - - :param nodes: VPP nodes to create tunnel interfaces. - :param if1_ip_addr: VPP node 1 interface IP4 address. - :param if2_ip_addr: VPP node 2 interface IP4 address. - :param n_tunnels: Number of tunnell interfaces to create. - :param crypto_alg: The encryption algorithm name. - :param integ_alg: The integrity algorithm name. - :param raddr_ip1: Policy selector remote IPv4 start address for the - first tunnel in direction node1->node2. - :param raddr_ip2: Policy selector remote IPv4 start address for the - first tunnel in direction node2->node1. - :param raddr_range: Mask specifying range of Policy selector Remote - IPv4 addresses. Valid values are from 1 to 32. - :param n_instances: Number of containers. - :type nodes: dict - :type if1_ip_addr: str - :type if2_ip_addr: str - :type n_tunnels: int - :type crypto_alg: CryptoAlg - :type integ_alg: Optional[IntegAlg] - :type raddr_ip1: str - :type raddr_ip2: str - :type raddr_range: int - :type n_instances: int - """ - spi_1 = 100000 - spi_2 = 200000 - addr_incr = 1 << (32 - raddr_range) - - dut1_scripts = IPsecUtil._create_ipsec_script_files("DUT1", n_instances) - dut2_scripts = IPsecUtil._create_ipsec_script_files("DUT2", n_instances) - - for cnf in range(0, n_instances): - dut1_scripts[cnf].write( - "create loopback interface\nset interface state loop0 up\n\n" - ) - dut2_scripts[cnf].write( - f"ip route add {if1_ip_addr}/8 via" - f" {ip_address(if2_ip_addr) + cnf + 100} memif1/{cnf + 1}\n\n" - ) - - for tnl in range(0, n_tunnels): - cnf = tnl % n_instances - ckey = getattr( - gen_key(IPsecUtil.get_crypto_alg_key_len(crypto_alg)), "hex" - ) - integ = "" - ikey = getattr( - gen_key(IPsecUtil.get_integ_alg_key_len(integ_alg)), "hex" - ) - if integ_alg: - integ = ( - f"integ-alg {integ_alg.alg_name}" - f" local-integ-key {ikey}" - f" remote-integ-key {ikey}" - ) - # Configure tunnel end point(s) on left side - dut1_scripts[cnf].write( - "set interface ip address loop0" - f" {ip_address(if1_ip_addr) + tnl * addr_incr}/32\n" - "create ipsec tunnel" - f" local-ip {ip_address(if1_ip_addr) + tnl * addr_incr}" - f" local-spi {spi_1 + tnl}" - f" remote-ip {ip_address(if2_ip_addr) + cnf}" - f" remote-spi {spi_2 + tnl}" - f" crypto-alg {crypto_alg.alg_name}" - f" local-crypto-key {ckey}" - f" remote-crypto-key {ckey}" - f" instance {tnl // n_instances}" - f" salt 0x0 {integ}\n" - f"set interface unnumbered ipip{tnl // n_instances} use loop0\n" - f"set interface state ipip{tnl // n_instances} up\n" - f"ip route add {ip_address(raddr_ip2)+tnl}/32" - f" via ipip{tnl // n_instances}\n\n" - ) - # Configure tunnel end point(s) on right side - dut2_scripts[cnf].write( - f"set ip neighbor memif1/{cnf + 1}" - f" {ip_address(if1_ip_addr) + tnl * addr_incr}" - f" 02:02:00:00:{17:02X}:{cnf:02X} static\n" - f"create ipsec tunnel local-ip {ip_address(if2_ip_addr) + cnf}" - f" local-spi {spi_2 + tnl}" - f" remote-ip {ip_address(if1_ip_addr) + tnl * addr_incr}" - f" remote-spi {spi_1 + tnl}" - f" crypto-alg {crypto_alg.alg_name}" - f" local-crypto-key {ckey}" - f" remote-crypto-key {ckey}" - f" instance {tnl // n_instances}" - f" salt 0x0 {integ}\n" - f"set interface unnumbered ipip{tnl // n_instances}" - f" use memif1/{cnf + 1}\n" - f"set interface state ipip{tnl // n_instances} up\n" - f"ip route add {ip_address(raddr_ip1) + tnl}/32" - f" via ipip{tnl // n_instances}\n\n" - ) - - IPsecUtil._close_and_copy_ipsec_script_files( - "DUT1", nodes, n_instances, dut1_scripts - ) - IPsecUtil._close_and_copy_ipsec_script_files( - "DUT2", nodes, n_instances, dut2_scripts - ) - @staticmethod def vpp_ipsec_add_multiple_tunnels( nodes: dict,