def vpp_ipsec_add_sad_entries(node,
n_entries,
sad_id,
spi,
crypto_alg,
crypto_key,
integ_alg,
integ_key,
tunnel_src=None,
tunnel_dst=None):
"""Create multiple Security Association Database entries on VPP node.
:param node: VPP node to add SAD entry on.
:param n_entries: Number of SAD entries to be created.
:param sad_id: First SAD entry ID. All subsequent SAD entries will have
id incremented by 1.
:param spi: Security Parameter Index of first SAD entry. All subsequent
SAD entries will have spi incremented by 1.
:param crypto_alg: The encryption algorithm name.
:param crypto_key: The encryption key string.
:param integ_alg: The integrity algorithm name.
:param integ_key: The integrity key string.
:param tunnel_src: Tunnel header source IPv4 or IPv6 address. If not
specified ESP transport mode is used.
:param tunnel_dst: Tunnel header destination IPv4 or IPv6 address. If
not specified ESP transport mode is used.
:type node: dict
:type n_entries: int
:type sad_id: int
:type spi: int
:type crypto_alg: CryptoAlg
:type crypto_key: str
:type integ_alg: IntegAlg
:type integ_key: str
:type tunnel_src: str
:type tunnel_dst: str
"""
tmp_filename = '/tmp/ipsec_sad_{0}_add_del_entry.script'.format(sad_id)
ckey = crypto_key.encode('hex')
ikey = integ_key.encode('hex')
tunnel = 'tunnel_src {0} tunnel_dst {1}'.format(tunnel_src, tunnel_dst)\
if tunnel_src is not None and tunnel_dst is not None else ''
integ = 'integ_alg {0} integ_key {1}'.format(integ_alg.alg_name, ikey)\
if crypto_alg.alg_name != 'aes-gcm-128' else ''
with open(tmp_filename, 'w') as tmp_file:
for i in range(0, n_entries):
buf_str = 'ipsec_sad_add_del_entry esp sad_id {0} spi {1} ' \
'crypto_alg {2} crypto_key {3} {4} {5}\n'.format(
sad_id+i, spi+i, crypto_alg.alg_name, ckey, integ,
tunnel)
tmp_file.write(buf_str)
vat = VatExecutor()
vat.execute_script(tmp_filename,
node,
timeout=300,
json_out=False,
copy_on_execute=True)
os.remove(tmp_filename)
def vpp_show_hardware_detail(node):
"""Run "show hardware-interfaces detail" debug CLI command.
:param node: Node to run command on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("show_hardware_detail.vat", node, json_out=False)
def vpp_clear_runtime(node):
"""Run "clear runtime" CLI command.
:param node: Node to run command on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("clear_runtime.vat", node, json_out=False)
def vpp_show_errors(node):
"""Run "show errors" debug CLI command.
:param node: Node to run command on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("show_errors.vat", node, json_out=False)
def vpp_show_version_verbose(node):
"""Run "show version verbose" CLI command.
:param node: Node to run command on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("show_version_verbose.vat", node, json_out=False)
def vpp_api_trace_dump(node):
"""Run "api trace custom-dump" CLI command.
:param node: Node to run command on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("api_trace_dump.vat", node, json_out=False)
def show_event_logger_on_dut(node):
"""Show event logger on the DUT node.
:param node: DUT node to show traces on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("show_event_logger.vat", node, json_out=False)
def dump_memif(node):
"""Dump Memif data for the given node.
:param node: Given node to show Memif data on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("memif_dump.vat", node, json_out=False)
def vpp_show_runtime_verbose(node):
"""Run "show runtime verbose" CLI command.
:param node: Node to run command on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("show_runtime_verbose.vat", node, json_out=False)
vat.script_should_have_passed()
def vpp_clear_errors_counters(node):
"""Clear errors counters on VPP node.
:param node: Node to clear errors counters on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script('clear_errors.vat', node)
vat.script_should_have_passed()
def vpp_show_vhost(node):
"""Get vhost-user data for the given node.
:param node: VPP node to get interface data from.
:type node: dict
:returns: nothing
"""
vat = VatExecutor()
vat.execute_script("show_vhost.vat", node, json_out=False)
def vpp_clear_hardware_counters(node):
"""Clear interface hardware counters on VPP node.
:param node: Node to clear hardware counters on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script('clear_hardware.vat', node)
vat.script_should_have_passed()
def vpp_enable_barrier_traces_on_dut(node):
"""Enable vpp barrier traces on the DUT node.
:param node: DUT node to set up.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("test_threads_barrier_elog.vat",
node,
json_out=False)
def show_packet_trace_on_all_duts(nodes):
"""Show VPP packet trace.
:param nodes: Nodes from which the packet trace will be displayed.
:type nodes: list
"""
for node in nodes.values():
if node['type'] == NodeType.DUT:
vat = VatExecutor()
vat.execute_script("show_trace.vat", node, json_out=False)
def vpp_show_crypto_device_mapping(node):
"""Run "show crypto device mapping" CLI command.
:param node: Node to run command on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("show_crypto_device_mapping.vat",
node,
json_out=False)
def clear_packet_trace_on_all_duts(nodes):
"""Clear VPP packet trace.
:param nodes: Nodes where the packet trace will be cleared.
:type nodes: list
"""
for node in nodes.values():
if node['type'] == NodeType.DUT:
vat = VatExecutor()
vat.execute_script("clear_trace.vat", node, json_out=False)
def vpp_ipsec_spd_add_entries(node, n_entries, spd_id, priority, inbound,
sa_id, raddr_ip):
"""Create multiple Security Policy Database entries on the VPP node.
:param node: VPP node to add SPD entries on.
:param n_entries: Number of SPD entries to be added.
:param spd_id: SPD ID to add entries on.
:param priority: SPD entries priority, higher number = higher priority.
:param inbound: If True policy is for inbound traffic, otherwise
outbound.
:param sa_id: SAD entry ID for first entry. Each subsequent entry will
SAD entry ID incremented by 1.
:param raddr_ip: Policy selector remote IPv4 start address for the first
entry. Remote IPv4 end address will be calculated depending on
raddr_range parameter. Each subsequent entry will have start address
next after IPv4 end address of previous entry.
:type node: dict
:type n_entries: int
:type spd_id: int
:type priority: int
:type inbound: bool
:type sa_id: int
:type raddr_ip: string
"""
tmp_filename = '/tmp/ipsec_spd_{0}_add_del_entry.script'.format(sa_id)
with open(tmp_filename, 'w') as tmp_file:
for i in range(0, n_entries):
raddr_s = ip_address(unicode(raddr_ip)) + i
raddr_e = ip_address(unicode(raddr_ip)) + (i + 1) - 1
tunnel = (
'exec ipsec policy add spd {spd_id} priority {priority} '
'{direction} action protect sa {sa_id} '
'remote-ip-range {raddr_s} - {raddr_e} '
'local-ip-range 0.0.0.0 - 255.255.255.255\n'.format(
spd_id=spd_id,
priority=priority,
direction='inbound' if inbound else 'outbound',
sa_id=sa_id + i,
raddr_s=raddr_s,
raddr_e=raddr_e))
tmp_file.write(tunnel)
vat = VatExecutor()
vat.execute_script(tmp_filename,
node,
timeout=300,
json_out=False,
copy_on_execute=True)
os.remove(tmp_filename)
def vpp_get_nat_static_mappings(node):
"""Get NAT static mappings from VPP node.
:param node: VPP node.
:type node: dict
:returns: List of static mappings.
:rtype: list
:raises RuntimeError: If the output is not as expected.
"""
vat = VatExecutor()
# JSON output not supported for this command
vat.execute_script('snat/snat_mapping_dump.vat', node, json_out=False)
stdout = vat.get_script_stdout()
lines = stdout.split("\n")
data = []
# lines[0,1] are table and column headers
for line in lines[2::]:
# Ignore extra data after NAT table
if "snat_static_mapping_dump error: Misc" in line or "vat#" in line:
continue
items = line.split(" ")
while "" in items:
items.remove("")
if len(items) == 0:
continue
elif len(items) == 4:
# no ports were returned
data.append({
"local_address": items[0],
"remote_address": items[1],
"vrf": items[2],
"protocol": items[3]
})
elif len(items) == 6:
data.append({
"local_address": items[0],
"local_port": items[1],
"remote_address": items[2],
"remote_port": items[3],
"vrf": items[4],
"protocol": items[5]
})
else:
raise RuntimeError("Unexpected output from snat_mapping_dump.")
return data
def vpp_show_interfaces(node):
"""Run "show interface" CLI command.
:param node: Node to run command on.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("show_interface.vat", node, json_out=False)
try:
vat.script_should_have_passed()
except AssertionError:
raise RuntimeError(
'Failed to get VPP interfaces on host: {name}'.format(
name=node['host']))
def vpp_ipsec_spd_add_entries(node, n_entries, spd_id, priority, inbound,
sa_id, raddr_ip, raddr_range):
"""Create multiple Security Policy Database entries on the VPP node.
:param node: VPP node to add SPD entries on.
:param n_entries: Number of SPD entries to be added.
:param spd_id: SPD ID to add entries on.
:param priority: SPD entries priority, higher number = higher priority.
:param inbound: If True policy is for inbound traffic, otherwise
outbound.
:param sa_id: SAD entry ID for first entry. Each subsequent entry will
SAD entry ID incremented by 1.
:param raddr_ip: Policy selector remote IPv4 start address for the first
entry. Remote IPv4 end address will be calculated depending on
raddr_range parameter. Each subsequent entry will have start address
next after IPv4 end address of previous entry.
:param raddr_range: Mask specifying range of Policy selector Remote IPv4
addresses. Valid values are from 1 to 32.
:type node: dict
:type n_entries: int
:type spd_id: int
:type priority: int
:type inbound: bool
:type sa_id: int
:type raddr_ip: string
:type raddr_range: int
"""
tmp_filename = '/tmp/ipsec_spd_{0}_add_del_entry.script'.format(sa_id)
direction = 'inbound' if inbound else 'outbound'
addr_incr = 1 << (32 - raddr_range)
addr_ip = int(ip_address(unicode(raddr_ip)))
start_str = 'ipsec_spd_add_del_entry spd_id {0} priority {1} {2} ' \
'action protect sa_id'.format(spd_id, priority, direction)
with open(tmp_filename, 'w') as tmp_file:
for i in range(0, n_entries):
r_ip_s = ip_address(addr_ip + addr_incr * i)
r_ip_e = ip_address(addr_ip + addr_incr * (i + 1) - 1)
buf_str = '{0} {1} raddr_start {2} raddr_stop {3}\n'.format(
start_str, sa_id + i, r_ip_s, r_ip_e)
tmp_file.write(buf_str)
vat = VatExecutor()
vat.execute_script(tmp_filename,
node,
timeout=300,
json_out=False,
copy_on_execute=True)
os.remove(tmp_filename)
def vpp_ipsec_set_ip_route(node, n_tunnels, tunnel_src, traffic_addr,
tunnel_dst, interface, raddr_range):
"""Set IP address and route on interface.
:param node: VPP node to add config on.
:param n_tunnels: Number of tunnels to create.
:param tunnel_src: Tunnel header source IPv4 or IPv6 address.
:param traffic_addr: Traffic destination IP address to route.
:param tunnel_dst: Tunnel header destination IPv4 or IPv6 address.
:param interface: Interface key on node 1.
:param raddr_range: Mask specifying range of Policy selector Remote IPv4
addresses. Valid values are from 1 to 32.
:type node: dict
:type n_tunnels: int
:type tunnel_src: str
:type traffic_addr: str
:type tunnel_dst: str
:type interface: str
:type raddr_range: int
"""
tmp_filename = '/tmp/ipsec_set_ip.script'
addr_incr = 1 << (32 - raddr_range)
with open(tmp_filename, 'w') as tmp_file:
for i in range(0, n_tunnels):
conf = (
'exec set interface ip address {interface} {laddr}/24\n'
'exec ip route add {taddr}/32 via {raddr} {interface}\n'.
format(
interface=Topology.get_interface_name(node, interface),
laddr=ip_address(unicode(tunnel_src)) + i * addr_incr,
raddr=ip_address(unicode(tunnel_dst)) + i * addr_incr,
taddr=ip_address(unicode(traffic_addr)) + i))
tmp_file.write(conf)
vat = VatExecutor()
vat.execute_script(tmp_filename,
node,
timeout=300,
json_out=False,
copy_on_execute=True)
os.remove(tmp_filename)
def vpp_get_nat_interfaces(node):
"""Get list of interfaces configured with NAT from VPP node.
:param node: VPP node.
:type node: dict
:returns: List of interfaces on the node that are configured with NAT.
:rtype: list
:raises RuntimeError: If the output is not as expected.
"""
vat = VatExecutor()
# JSON output not supported for this command
vat.execute_script('snat/snat_interface_dump.vat',
node,
json_out=False)
stdout = vat.get_script_stdout()
lines = stdout.split("\n")
data = []
for line in lines:
items = line.split(" ")
for trash in ("", "vat#"):
while trash in items:
items.remove(trash)
if len(items) == 0:
continue
elif len(items) == 3:
data.append({
# items[0] is the table header - "sw_if_index"
"sw_if_index": items[1],
"direction": items[2]
})
else:
raise RuntimeError(
"Unexpected output from snat_interface_dump.")
return data
def vpp_enable_traces_on_dut(node):
"""Enable vpp packet traces on the DUT node.
:param node: DUT node to set up.
:type node: dict
"""
vat = VatExecutor()
vat.execute_script("enable_dpdk_traces.vat", node, json_out=False)
vat.execute_script("enable_vhost_user_traces.vat",
node,
json_out=False)
vat.execute_script("enable_memif_traces.vat", node, json_out=False)
def vpp_ipsec_add_sad_entries(node,
n_entries,
sad_id,
spi,
crypto_alg,
crypto_key,
integ_alg,
integ_key,
tunnel_src=None,
tunnel_dst=None):
"""Create multiple Security Association Database entries on VPP node.
:param node: VPP node to add SAD entry on.
:param n_entries: Number of SAD entries to be created.
:param sad_id: First SAD entry ID. All subsequent SAD entries will have
id incremented by 1.
:param spi: Security Parameter Index of first SAD entry. All subsequent
SAD entries will have spi incremented by 1.
:param crypto_alg: The encryption algorithm name.
:param crypto_key: The encryption key string.
:param integ_alg: The integrity algorithm name.
:param integ_key: The integrity key string.
:param tunnel_src: Tunnel header source IPv4 or IPv6 address. If not
specified ESP transport mode is used.
:param tunnel_dst: Tunnel header destination IPv4 or IPv6 address. If
not specified ESP transport mode is used.
:type node: dict
:type n_entries: int
:type sad_id: int
:type spi: int
:type crypto_alg: CryptoAlg
:type crypto_key: str
:type integ_alg: IntegAlg
:type integ_key: str
:type tunnel_src: str
:type tunnel_dst: str
"""
tmp_filename = '/tmp/ipsec_sad_{0}_add_del_entry.script'.format(sad_id)
addr_incr = 1 << (32 - 24)
with open(tmp_filename, 'w') as tmp_file:
for i in range(0, n_entries):
integ = ''
if not crypto_alg.alg_name.startswith('aes-gcm-'):
integ = (
'integ-alg {integ_alg} integ-key {integ_key}'.format(
integ_alg=integ_alg.alg_name, integ_key=integ_key))
tunnel = ('tunnel-src {laddr} tunnel-dst {raddr}'.format(
laddr=ip_address(unicode(tunnel_src)) + i * addr_incr,
raddr=ip_address(unicode(tunnel_dst)) + i * addr_incr)
if tunnel_src and tunnel_dst is not None else '')
conf = ('exec ipsec sa add {sad_id} esp spi {spi} '
'crypto-alg {crypto_alg} crypto-key {crypto_key} '
'{integ} {tunnel}\n'.format(
sad_id=sad_id + i,
spi=spi + i,
crypto_alg=crypto_alg.alg_name,
crypto_key=crypto_key,
integ=integ,
tunnel=tunnel))
tmp_file.write(conf)
vat = VatExecutor()
vat.execute_script(tmp_filename,
node,
timeout=300,
json_out=False,
copy_on_execute=True)
os.remove(tmp_filename)
def vpp_ipsec_create_tunnel_interfaces(node1, node2, if1_ip_addr,
if2_ip_addr, if1_key, if2_key,
n_tunnels, crypto_alg, crypto_key,
integ_alg, integ_key, raddr_ip1,
raddr_ip2, raddr_range):
"""Create multiple IPsec tunnel interfaces between two VPP nodes.
:param node1: VPP node 1 to create tunnel interfaces.
:param node2: VPP node 2 to create tunnel interfaces.
:param if1_ip_addr: VPP node 1 interface IP4 address.
:param if2_ip_addr: VPP node 2 interface IP4 address.
:param if1_key: VPP node 1 interface key from topology file.
:param if2_key: VPP node 2 interface key from topology file.
:param n_tunnels: Number of tunnell interfaces to create.
:param crypto_alg: The encryption algorithm name.
:param crypto_key: The encryption key string.
:param integ_alg: The integrity algorithm name.
:param integ_key: The integrity key string.
:param raddr_ip1: Policy selector remote IPv4 start address for the
first tunnel in direction node1->node2.
:param raddr_ip2: Policy selector remote IPv4 start address for the
first tunnel in direction node2->node1.
:param raddr_range: Mask specifying range of Policy selector Remote IPv4
addresses. Valid values are from 1 to 32.
:type node1: dict
:type node2: dict
:type if1_ip_addr: str
:type if2_ip_addr: str
:type if1_key: str
:type if2_key: str
:type n_tunnels: int
:type crypto_alg: CryptoAlg
:type crypto_key: str
:type integ_alg: IntegAlg
:type integ_key: str
:type raddr_ip1: string
:type raddr_ip2: string
:type raddr_range: int
"""
spi_1 = 10000
spi_2 = 20000
raddr_ip1_i = int(ip_address(unicode(raddr_ip1)))
raddr_ip2_i = int(ip_address(unicode(raddr_ip2)))
addr_incr = 1 << (32 - raddr_range)
tmp_fn1 = '/tmp/ipsec_create_tunnel_dut1.config'
tmp_fn2 = '/tmp/ipsec_create_tunnel_dut2.config'
ckey = crypto_key.encode('hex')
ikey = integ_key.encode('hex')
vat = VatExecutor()
with open(tmp_fn1, 'w') as tmp_f1, open(tmp_fn2, 'w') as tmp_f2:
for i in range(0, n_tunnels):
integ = ''
if crypto_alg.alg_name != 'aes-gcm-128':
integ = 'integ_alg {integ_alg} '\
'local_integ_key {local_integ_key} '\
'remote_integ_key {remote_integ_key} '\
.format(integ_alg=integ_alg.alg_name,
local_integ_key=ikey,
remote_integ_key=ikey)
dut1_tunnel = 'ipsec_tunnel_if_add_del '\
'local_spi {local_spi} '\
'remote_spi {remote_spi} '\
'crypto_alg {crypto_alg} '\
'local_crypto_key {local_crypto_key} '\
'remote_crypto_key {remote_crypto_key} '\
'{integ} '\
'local_ip {local_ip} '\
'remote_ip {remote_ip}\n'\
.format(local_spi=spi_1+i,
remote_spi=spi_2+i,
crypto_alg=crypto_alg.alg_name,
local_crypto_key=ckey,
remote_crypto_key=ckey,
integ=integ,
local_ip=if1_ip_addr,
remote_ip=if2_ip_addr)
dut2_tunnel = 'ipsec_tunnel_if_add_del '\
'local_spi {local_spi} '\
'remote_spi {remote_spi} '\
'crypto_alg {crypto_alg} '\
'local_crypto_key {local_crypto_key} '\
'remote_crypto_key {remote_crypto_key} '\
'{integ} '\
'local_ip {local_ip} '\
'remote_ip {remote_ip}\n'\
.format(local_spi=spi_2+i,
remote_spi=spi_1+i,
crypto_alg=crypto_alg.alg_name,
local_crypto_key=ckey,
remote_crypto_key=ckey,
integ=integ,
local_ip=if2_ip_addr,
remote_ip=if1_ip_addr)
tmp_f1.write(dut1_tunnel)
tmp_f2.write(dut2_tunnel)
vat.execute_script(tmp_fn1,
node1,
timeout=300,
json_out=False,
copy_on_execute=True)
vat.execute_script(tmp_fn2,
node2,
timeout=300,
json_out=False,
copy_on_execute=True)
os.remove(tmp_fn1)
os.remove(tmp_fn2)
with open(tmp_fn1, 'w') as tmp_f1, open(tmp_fn2, 'w') as tmp_f2:
for i in range(0, n_tunnels):
raddr_ip1 = ip_address(raddr_ip1_i + addr_incr * i)
raddr_ip2 = ip_address(raddr_ip2_i + addr_incr * i)
dut1_if = Topology.get_interface_name(node1, if1_key)
dut1 = 'ip_add_del_route {raddr}/{mask} via {addr} ipsec{i}\n'\
'exec set interface unnumbered ipsec{i} use {uifc}\n'\
'sw_interface_set_flags ipsec{i} admin-up\n'\
.format(raddr=raddr_ip2, mask=raddr_range,
addr=if2_ip_addr, i=i, uifc=dut1_if)
dut2_if = Topology.get_interface_name(node2, if2_key)
dut2 = 'ip_add_del_route {raddr}/{mask} via {addr} ipsec{i}\n'\
'exec set interface unnumbered ipsec{i} use {uifc}\n'\
'sw_interface_set_flags ipsec{i} admin-up\n'\
.format(raddr=raddr_ip1, mask=raddr_range,
addr=if1_ip_addr, i=i, uifc=dut2_if)
tmp_f1.write(dut1)
tmp_f2.write(dut2)
vat.execute_script(tmp_fn1,
node1,
timeout=300,
json_out=False,
copy_on_execute=True)
vat.execute_script(tmp_fn2,
node2,
timeout=300,
json_out=False,
copy_on_execute=True)
os.remove(tmp_fn1)
os.remove(tmp_fn2)
def vpp_ipsec_create_tunnel_interfaces(nodes, if1_ip_addr, if2_ip_addr,
if1_key, if2_key, n_tunnels,
crypto_alg, integ_alg, raddr_ip1,
raddr_ip2, raddr_range):
"""Create multiple IPsec tunnel interfaces between two VPP nodes.
:param nodes: VPP nodes to create tunnel interfaces.
:param if1_ip_addr: VPP node 1 interface IP4 address.
:param if2_ip_addr: VPP node 2 interface IP4 address.
:param if1_key: VPP node 1 interface key from topology file.
:param if2_key: VPP node 2 interface key from topology file.
:param n_tunnels: Number of tunnell interfaces to create.
:param crypto_alg: The encryption algorithm name.
:param integ_alg: The integrity algorithm name.
:param raddr_ip1: Policy selector remote IPv4 start address for the
first tunnel in direction node1->node2.
:param raddr_ip2: Policy selector remote IPv4 start address for the
first tunnel in direction node2->node1.
:param raddr_range: Mask specifying range of Policy selector Remote IPv4
addresses. Valid values are from 1 to 32.
:type nodes: dict
:type if1_ip_addr: str
:type if2_ip_addr: str
:type if1_key: str
:type if2_key: str
:type n_tunnels: int
:type crypto_alg: CryptoAlg
:type integ_alg: IntegAlg
:type raddr_ip1: string
:type raddr_ip2: string
:type raddr_range: int
"""
spi_1 = 100000
spi_2 = 200000
addr_incr = 1 << (32 - raddr_range)
tmp_fn1 = '/tmp/ipsec_create_tunnel_dut1.config'
tmp_fn2 = '/tmp/ipsec_create_tunnel_dut2.config'
vat = VatExecutor()
with open(tmp_fn1, 'w') as tmp_f1, open(tmp_fn2, 'w') as tmp_f2:
for i in range(0, n_tunnels):
ckey = gen_key(IPsecUtil.get_crypto_alg_key_len(crypto_alg))
ikey = gen_key(IPsecUtil.get_integ_alg_key_len(integ_alg))
integ = ''
if not crypto_alg.alg_name.startswith('aes-gcm-'):
integ = ('integ_alg {integ_alg} '
'local_integ_key {local_integ_key} '
'remote_integ_key {remote_integ_key} '.format(
integ_alg=integ_alg.alg_name,
local_integ_key=ikey,
remote_integ_key=ikey))
tmp_f1.write(
'exec set interface ip address {uifc} {laddr}/24\n'
'ipsec_tunnel_if_add_del '
'local_spi {local_spi} '
'remote_spi {remote_spi} '
'crypto_alg {crypto_alg} '
'local_crypto_key {local_crypto_key} '
'remote_crypto_key {remote_crypto_key} '
'{integ} '
'local_ip {laddr} '
'remote_ip {raddr}\n'.format(
local_spi=spi_1 + i,
remote_spi=spi_2 + i,
crypto_alg=crypto_alg.alg_name,
local_crypto_key=ckey,
remote_crypto_key=ckey,
integ=integ,
laddr=ip_address(unicode(if1_ip_addr)) + i * addr_incr,
raddr=ip_address(unicode(if2_ip_addr)) + i * addr_incr,
uifc=Topology.get_interface_name(
nodes['DUT1'], if1_key)))
tmp_f2.write(
'exec set interface ip address {uifc} {laddr}/24\n'
'ipsec_tunnel_if_add_del '
'local_spi {local_spi} '
'remote_spi {remote_spi} '
'crypto_alg {crypto_alg} '
'local_crypto_key {local_crypto_key} '
'remote_crypto_key {remote_crypto_key} '
'{integ} '
'local_ip {laddr} '
'remote_ip {raddr}\n'.format(
local_spi=spi_2 + i,
remote_spi=spi_1 + i,
crypto_alg=crypto_alg.alg_name,
local_crypto_key=ckey,
remote_crypto_key=ckey,
integ=integ,
laddr=ip_address(unicode(if2_ip_addr)) + i * addr_incr,
raddr=ip_address(unicode(if1_ip_addr)) + i * addr_incr,
uifc=Topology.get_interface_name(
nodes['DUT2'], if2_key)))
vat.execute_script(tmp_fn1,
nodes['DUT1'],
timeout=300,
json_out=False,
copy_on_execute=True)
vat.execute_script(tmp_fn2,
nodes['DUT2'],
timeout=300,
json_out=False,
copy_on_execute=True)
os.remove(tmp_fn1)
os.remove(tmp_fn2)
with open(tmp_fn1, 'w') as tmp_f1, open(tmp_fn2, 'w') as tmp_f2:
for i in range(0, n_tunnels):
tmp_f1.write(
'exec set interface unnumbered ipsec{i} use {uifc}\n'
'exec set interface state ipsec{i} up\n'
'exec ip route add {taddr}/32 via {raddr} ipsec{i}\n'.
format(taddr=ip_address(unicode(raddr_ip2)) + i,
raddr=ip_address(unicode(if2_ip_addr)) +
i * addr_incr,
i=i,
uifc=Topology.get_interface_name(
nodes['DUT1'], if1_key)))
tmp_f2.write(
'exec set interface unnumbered ipsec{i} use {uifc}\n'
'exec set interface state ipsec{i} up\n'
'exec ip route add {taddr}/32 via {raddr} ipsec{i}\n'.
format(taddr=ip_address(unicode(raddr_ip1)) + i,
raddr=ip_address(unicode(if1_ip_addr)) +
i * addr_incr,
i=i,
uifc=Topology.get_interface_name(
nodes['DUT2'], if2_key)))
vat.execute_script(tmp_fn1,
nodes['DUT1'],
timeout=300,
json_out=False,
copy_on_execute=True)
vat.execute_script(tmp_fn2,
nodes['DUT2'],
timeout=300,
json_out=False,
copy_on_execute=True)
os.remove(tmp_fn1)
os.remove(tmp_fn2)
