X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=resources%2Flibraries%2Fpython%2FIPsecUtil.py;h=214764d2332edf9f68cd24632ba69a9be435a0d8;hb=6c2ca55d7ad00605976d96b14d83786a35f383c2;hp=07caad03dca1342db20235017e57a7ebeb29a5d2;hpb=872481a0f65472e8d40f7503f9fc7e5766c428eb;p=csit.git diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py index 07caad03dc..214764d233 100644 --- a/resources/libraries/python/IPsecUtil.py +++ b/resources/libraries/python/IPsecUtil.py @@ -36,7 +36,8 @@ from resources.libraries.python.VPPUtil import VPPUtil from resources.libraries.python.FlowUtil import FlowUtil -IPSEC_UDP_PORT_NONE = 0xffff +IPSEC_UDP_PORT_DEFAULT = 4500 +IPSEC_REPLAY_WINDOW_DEFAULT = 64 def gen_key(length): @@ -450,7 +451,7 @@ class IPsecUtil: src_addr = u"" dst_addr = u"" - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" err_msg = f"Failed to add Security Association Database entry " \ f"on host {node[u'host']}" sad_entry = dict( @@ -471,8 +472,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), protocol=int(IPsecProto.IPSEC_API_PROTO_ESP), - udp_src_port=4500, # default value in api - udp_dst_port=4500 # default value in api + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) with PapiSocketExecutor(node) as papi_exec: @@ -547,7 +549,7 @@ class IPsecUtil: IPsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 ) - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" err_msg = f"Failed to add Security Association Database entry " \ f"on host {node[u'host']}" @@ -569,8 +571,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), protocol=int(IPsecProto.IPSEC_API_PROTO_ESP), - udp_src_port=4500, # default value in api - udp_dst_port=4500, # default value in api + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) with PapiSocketExecutor(node, is_async=True) as papi_exec: @@ -1227,7 +1230,7 @@ class IPsecUtil: # Configure IPSec SAD entries ckeys = [bytes()] * existing_tunnels ikeys = [bytes()] * existing_tunnels - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" c_key = dict( length=0, data=None @@ -1255,8 +1258,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), salt=0, - udp_src_port=IPSEC_UDP_PORT_NONE, - udp_dst_port=IPSEC_UDP_PORT_NONE, + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) for i in range(existing_tunnels, n_tunnels): @@ -1466,7 +1470,7 @@ class IPsecUtil: ] ) # Configure IPSec SAD entries - cmd = u"ipsec_sad_entry_add" + cmd = u"ipsec_sad_entry_add_v2" c_key = dict( length=0, data=None @@ -1494,8 +1498,9 @@ class IPsecUtil: dscp=int(IpDscp.IP_API_DSCP_CS0), ), salt=0, - udp_src_port=IPSEC_UDP_PORT_NONE, - udp_dst_port=IPSEC_UDP_PORT_NONE, + udp_src_port=IPSEC_UDP_PORT_DEFAULT, + udp_dst_port=IPSEC_UDP_PORT_DEFAULT, + anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT, ) args = dict(entry=sad_entry) for i in range(existing_tunnels, n_tunnels): @@ -2033,10 +2038,8 @@ class IPsecUtil: :param node: DUT node. :type node: dict """ - cmds = [ - u"ipsec_sa_v4_dump" - ] - PapiSocketExecutor.dump_and_log(node, cmds) + cmd = "ipsec_sa_v5_dump" + PapiSocketExecutor.dump_and_log(node, [cmd]) @staticmethod def vpp_ipsec_flow_enale_rss(node, proto, type, function="default"):