class IPsecProto(IntEnum):
"""IPsec protocol."""
- ESP = 1
- SEC_AH = 0
+ IPSEC_API_PROTO_ESP = 50
+ IPSEC_API_PROTO_AH = 51
class IPsecSadFlags(IntEnum):
:returns: IPsecProto enum ESP object.
:rtype: IPsecProto
"""
- return int(IPsecProto.ESP)
+ return int(IPsecProto.IPSEC_API_PROTO_ESP)
@staticmethod
def ipsec_proto_ah():
:returns: IPsecProto enum AH object.
:rtype: IPsecProto
"""
- return int(IPsecProto.SEC_AH)
+ return int(IPsecProto.IPSEC_API_PROTO_AH)
@staticmethod
def vpp_ipsec_select_backend(node, protocol, index=1):
flags=flags,
tunnel_src=str(src_addr),
tunnel_dst=str(dst_addr),
- protocol=int(IPsecProto.ESP)
+ protocol=int(IPsecProto.IPSEC_API_PROTO_ESP)
)
args = dict(
- is_add=1,
+ is_add=True,
entry=sad_entry
)
with PapiSocketExecutor(node) as papi_exec:
flags=flags,
tunnel_src=str(src_addr),
tunnel_dst=str(dst_addr),
- protocol=int(IPsecProto.ESP)
+ protocol=int(IPsecProto.IPSEC_API_PROTO_ESP)
)
args = dict(
- is_add=1,
+ is_add=True,
entry=sad_entry
)
with PapiSocketExecutor(node) as papi_exec:
err_msg = f"Failed to add Security Policy Database " \
f"on host {node[u'host']}"
args = dict(
- is_add=1,
+ is_add=True,
spd_id=int(spd_id)
)
with PapiSocketExecutor(node) as papi_exec:
err_msg = f"Failed to add interface {interface} to Security Policy " \
f"Database {spd_id} on host {node[u'host']}"
args = dict(
- is_add=1,
+ is_add=True,
sw_if_index=InterfaceUtil.get_interface_index(node, interface),
spd_id=int(spd_id)
)
spd_entry = dict(
spd_id=int(spd_id),
priority=int(priority),
- is_outbound=0 if inbound else 1,
+ is_outbound=not inbound,
sa_id=int(sa_id) if sa_id else 0,
policy=action.policy_int_repr,
protocol=int(proto) if proto else 0,
else 65535
)
args = dict(
- is_add=1,
+ is_add=True,
entry=spd_entry
)
with PapiSocketExecutor(node) as papi_exec:
spd_entry = dict(
spd_id=int(spd_id),
priority=int(priority),
- is_outbound=0 if inbound else 1,
+ is_outbound=not inbound,
sa_id=int(sa_id) if sa_id else 0,
policy=IPsecUtil.policy_action_protect().policy_int_repr,
protocol=0,
local_port_stop=65535
)
args = dict(
- is_add=1,
+ is_add=True,
entry=spd_entry
)
)
cmd2 = u"ipsec_tunnel_if_add_del"
args2 = dict(
- is_add=1,
+ is_add=True,
local_ip=None,
remote_ip=None,
local_spi=0,
# Configure IPsec tunnel interfaces
cmd2 = u"ipsec_tunnel_if_add_del"
args2 = dict(
- is_add=1,
+ is_add=True,
local_ip=IPUtil.create_ip_address_object(if2_ip),
remote_ip=None,
local_spi=0,
Code Review / csit.git / blobdiff