feat(api): Use newest API messages after rls2402

[csit.git] / resources / libraries / python / IPsecUtil.py

diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 07caad0..214764d 100644 (file)
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -36,7 +36,8 @@ from resources.libraries.python.VPPUtil import VPPUtil
 from resources.libraries.python.FlowUtil import FlowUtil
 
 
-IPSEC_UDP_PORT_NONE = 0xffff
+IPSEC_UDP_PORT_DEFAULT = 4500
+IPSEC_REPLAY_WINDOW_DEFAULT = 64
 
 
 def gen_key(length):
@@ -450,7 +451,7 @@ class IPsecUtil:
             src_addr = u""
             dst_addr = u""
 
-        cmd = u"ipsec_sad_entry_add"
+        cmd = u"ipsec_sad_entry_add_v2"
         err_msg = f"Failed to add Security Association Database entry " \
             f"on host {node[u'host']}"
         sad_entry = dict(
@@ -471,8 +472,9 @@ class IPsecUtil:
                 dscp=int(IpDscp.IP_API_DSCP_CS0),
             ),
             protocol=int(IPsecProto.IPSEC_API_PROTO_ESP),
-            udp_src_port=4500,  # default value in api
-            udp_dst_port=4500  # default value in api
+            udp_src_port=IPSEC_UDP_PORT_DEFAULT,
+            udp_dst_port=IPSEC_UDP_PORT_DEFAULT,
+            anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT,
         )
         args = dict(entry=sad_entry)
         with PapiSocketExecutor(node) as papi_exec:
@@ -547,7 +549,7 @@ class IPsecUtil:
                     IPsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6
                 )
 
-        cmd = u"ipsec_sad_entry_add"
+        cmd = u"ipsec_sad_entry_add_v2"
         err_msg = f"Failed to add Security Association Database entry " \
             f"on host {node[u'host']}"
 
@@ -569,8 +571,9 @@ class IPsecUtil:
                 dscp=int(IpDscp.IP_API_DSCP_CS0),
             ),
             protocol=int(IPsecProto.IPSEC_API_PROTO_ESP),
-            udp_src_port=4500,  # default value in api
-            udp_dst_port=4500,  # default value in api
+            udp_src_port=IPSEC_UDP_PORT_DEFAULT,
+            udp_dst_port=IPSEC_UDP_PORT_DEFAULT,
+            anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT,
         )
         args = dict(entry=sad_entry)
         with PapiSocketExecutor(node, is_async=True) as papi_exec:
@@ -1227,7 +1230,7 @@ class IPsecUtil:
             # Configure IPSec SAD entries
             ckeys = [bytes()] * existing_tunnels
             ikeys = [bytes()] * existing_tunnels
-            cmd = u"ipsec_sad_entry_add"
+            cmd = u"ipsec_sad_entry_add_v2"
             c_key = dict(
                 length=0,
                 data=None
@@ -1255,8 +1258,9 @@ class IPsecUtil:
                     dscp=int(IpDscp.IP_API_DSCP_CS0),
                 ),
                 salt=0,
-                udp_src_port=IPSEC_UDP_PORT_NONE,
-                udp_dst_port=IPSEC_UDP_PORT_NONE,
+                udp_src_port=IPSEC_UDP_PORT_DEFAULT,
+                udp_dst_port=IPSEC_UDP_PORT_DEFAULT,
+                anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT,
             )
             args = dict(entry=sad_entry)
             for i in range(existing_tunnels, n_tunnels):
@@ -1466,7 +1470,7 @@ class IPsecUtil:
                 ]
             )
             # Configure IPSec SAD entries
-            cmd = u"ipsec_sad_entry_add"
+            cmd = u"ipsec_sad_entry_add_v2"
             c_key = dict(
                 length=0,
                 data=None
@@ -1494,8 +1498,9 @@ class IPsecUtil:
                     dscp=int(IpDscp.IP_API_DSCP_CS0),
                 ),
                 salt=0,
-                udp_src_port=IPSEC_UDP_PORT_NONE,
-                udp_dst_port=IPSEC_UDP_PORT_NONE,
+                udp_src_port=IPSEC_UDP_PORT_DEFAULT,
+                udp_dst_port=IPSEC_UDP_PORT_DEFAULT,
+                anti_replay_window_size=IPSEC_REPLAY_WINDOW_DEFAULT,
             )
             args = dict(entry=sad_entry)
             for i in range(existing_tunnels, n_tunnels):
@@ -2033,10 +2038,8 @@ class IPsecUtil:
         :param node: DUT node.
         :type node: dict
         """
-        cmds = [
-            u"ipsec_sa_v4_dump"
-        ]
-        PapiSocketExecutor.dump_and_log(node, cmds)
+        cmd = "ipsec_sa_v5_dump"
+        PapiSocketExecutor.dump_and_log(node, [cmd])
 
     @staticmethod
     def vpp_ipsec_flow_enale_rss(node, proto, type, function="default"):