X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Fvpp_ipsec.py;h=aa2a05d1068929674227f69436e24370b0dd9068;hb=af2cc6425;hp=985f6d4dc4ebbc93456fc98ce4ba9248181b224e;hpb=abc5660c61698fa29252dc202358002a97f2608c;p=vpp.git

diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py
index 985f6d4dc4e..aa2a05d1068 100644
--- a/test/vpp_ipsec.py
+++ b/test/vpp_ipsec.py
@@ -1,6 +1,7 @@
 from vpp_object import VppObject
 from ipaddress import ip_address
 from vpp_papi import VppEnum
+from vpp_interface import VppInterface
 
 try:
     text_type = unicode
@@ -127,6 +128,7 @@ class VppIpsecSpdEntry(VppObject):
             remote_port_stop=self.remote_port_stop)
         self.stat_index = rv.stat_index
         self.test.registry.register(self, self.test.logger)
+        return self
 
     def remove_vpp_config(self):
         self.test.vapi.ipsec_spd_entry_add_del(
@@ -191,8 +193,9 @@ class VppIpsecSA(VppObject):
                  crypto_alg, crypto_key,
                  proto,
                  tun_src=None, tun_dst=None,
-                 flags=None, salt=0, udp_src=None,
-                 udp_dst=None):
+                 flags=None, salt=0, tun_flags=None,
+                 dscp=None,
+                 udp_src=None, udp_dst=None, hop_limit=None):
         e = VppEnum.vl_api_ipsec_sad_flags_t
         self.test = test
         self.id = id
@@ -204,6 +207,7 @@ class VppIpsecSA(VppObject):
         self.proto = proto
         self.salt = salt
 
+        self.table_id = 0
         self.tun_src = tun_src
         self.tun_dst = tun_dst
         if not flags:
@@ -219,6 +223,25 @@ class VppIpsecSA(VppObject):
             self.tun_dst = ip_address(text_type(tun_dst))
         self.udp_src = udp_src
         self.udp_dst = udp_dst
+        self.tun_flags = (VppEnum.vl_api_tunnel_encap_decap_flags_t.
+                          TUNNEL_API_ENCAP_DECAP_FLAG_NONE)
+        if tun_flags:
+            self.tun_flags = tun_flags
+        self.dscp = VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_CS0
+        if dscp:
+            self.dscp = dscp
+        self.hop_limit = 255
+        if hop_limit:
+            self.hop_limit = hop_limit
+
+    def tunnel_encode(self):
+        return {'src': (self.tun_src if self.tun_src else []),
+                'dst': (self.tun_dst if self.tun_dst else []),
+                'encap_decap_flags': self.tun_flags,
+                'dscp': self.dscp,
+                'hop_limit': self.hop_limit,
+                'table_id': self.table_id
+                }
 
     def add_vpp_config(self):
         entry = {
@@ -235,8 +258,7 @@ class VppIpsecSA(VppObject):
                 'length': len(self.crypto_key),
             },
             'protocol': self.proto,
-            'tunnel_src': (self.tun_src if self.tun_src else []),
-            'tunnel_dst': (self.tun_dst if self.tun_dst else []),
+            'tunnel': self.tunnel_encode(),
             'flags': self.flags,
             'salt': self.salt
         }
@@ -245,12 +267,13 @@ class VppIpsecSA(VppObject):
             entry['udp_src_port'] = self.udp_src
         if self.udp_dst:
             entry['udp_dst_port'] = self.udp_dst
-        r = self.test.vapi.ipsec_sad_entry_add_del(is_add=1, entry=entry)
+        r = self.test.vapi.ipsec_sad_entry_add_del_v3(is_add=1, entry=entry)
         self.stat_index = r.stat_index
         self.test.registry.register(self, self.test.logger)
+        return self
 
     def remove_vpp_config(self):
-        r = self.test.vapi.ipsec_sad_entry_add_del(
+        r = self.test.vapi.ipsec_sad_entry_add_del_v3(
             is_add=0,
             entry={
                 'sad_id': self.id,
@@ -266,9 +289,7 @@ class VppIpsecSA(VppObject):
                     'length': len(self.crypto_key),
                 },
                 'protocol': self.proto,
-                'tunnel_src': (self.tun_src if self.tun_src else []),
-                'tunnel_dst': (self.tun_dst if self.tun_dst else []),
-                'flags': self.flags,
+                'tunnel': self.tunnel_encode(),
                 'salt': self.salt
             })
 
@@ -278,7 +299,7 @@ class VppIpsecSA(VppObject):
     def query_vpp_config(self):
         e = VppEnum.vl_api_ipsec_sad_flags_t
 
-        bs = self.test.vapi.ipsec_sa_dump()
+        bs = self.test.vapi.ipsec_sa_v3_dump()
         for b in bs:
             if b.entry.sad_id == self.id:
                 # if udp encap is configured then the ports should match
@@ -368,3 +389,43 @@ class VppIpsecTunProtect(VppObject):
                self.nh == str(b.tun.nh):
                 return True
         return False
+
+
+class VppIpsecInterface(VppInterface):
+    """
+    VPP IPSec interface
+    """
+
+    def __init__(self, test, mode=None, instance=0xffffffff):
+        super(VppIpsecInterface, self).__init__(test)
+
+        self.mode = mode
+        if not self.mode:
+            self.mode = (VppEnum.vl_api_tunnel_mode_t.
+                         TUNNEL_API_MODE_P2P)
+        self.instance = instance
+
+    def add_vpp_config(self):
+        r = self.test.vapi.ipsec_itf_create(itf={
+            'user_instance': self.instance,
+            'mode': self.mode,
+        })
+        self.set_sw_if_index(r.sw_if_index)
+        self.test.registry.register(self, self.test.logger)
+        return self
+
+    def remove_vpp_config(self):
+        self.test.vapi.ipsec_itf_delete(sw_if_index=self._sw_if_index)
+
+    def query_vpp_config(self):
+        ts = self.test.vapi.ipsec_itf_dump(sw_if_index=0xffffffff)
+        for t in ts:
+            if t.tunnel.sw_if_index == self._sw_if_index:
+                return True
+        return False
+
+    def __str__(self):
+        return self.object_id()
+
+    def object_id(self):
+        return "ipsec-%d" % self._sw_if_index