Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 5546e43f7943d6edff6c6587ed4e7233e8002e28 / . / test / vpp_ikev2.py
blob: de2081268ee9cd9dcf05e20ff1754070fe89c391 [file] [log] [blame]
Filip Tehlar84962d12020-09-08 06:08:05 +0000[diff] [blame]1from ipaddress import IPv4Address, AddressValueError
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]2from vpp_object import VppObject
3from vpp_papi import VppEnum
4
5
6class AuthMethod:
7 v = {'rsa-sig': 1,
8 'shared-key': 2}
9
10 @staticmethod
11 def value(key): return AuthMethod.v[key]
12
13
14class IDType:
15 v = {'ip4-addr': 1,
Filip Tehlar84962d12020-09-08 06:08:05 +0000[diff] [blame]16 'fqdn': 2,
17 'ip6-addr': 5}
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]18
19 @staticmethod
20 def value(key): return IDType.v[key]
21
22
23class Profile(VppObject):
24 """ IKEv2 profile """
25 def __init__(self, test, profile_name):
26 self.test = test
27 self.vapi = test.vapi
28 self.profile_name = profile_name
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]29 self.udp_encap = False
Filip Tehlard7fc12f2020-10-30 04:47:44 +0000[diff] [blame]30 self.natt = True
31
32 def disable_natt(self):
33 self.natt = False
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]34
35 def add_auth(self, method, data, is_hex=False):
36 if isinstance(method, int):
37 m = method
38 elif isinstance(method, str):
39 m = AuthMethod.value(method)
40 else:
41 raise Exception('unsupported type {}'.format(method))
42 self.auth = {'auth_method': m,
43 'data': data,
44 'is_hex': is_hex}
45
46 def add_local_id(self, id_type, data):
47 if isinstance(id_type, str):
48 t = IDType.value(id_type)
49 self.local_id = {'id_type': t,
50 'data': data,
51 'is_local': True}
52
53 def add_remote_id(self, id_type, data):
54 if isinstance(id_type, str):
55 t = IDType.value(id_type)
56 self.remote_id = {'id_type': t,
57 'data': data,
58 'is_local': False}
59
60 def add_local_ts(self, start_addr, end_addr, start_port=0, end_port=0xffff,
Filip Tehlar84962d12020-09-08 06:08:05 +0000[diff] [blame]61 proto=0, is_ip4=True):
62 self.ts_is_ip4 = is_ip4
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]63 self.local_ts = {'is_local': True,
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]64 'protocol_id': proto,
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]65 'start_port': start_port,
66 'end_port': end_port,
67 'start_addr': start_addr,
68 'end_addr': end_addr}
69
70 def add_remote_ts(self, start_addr, end_addr, start_port=0,
71 end_port=0xffff, proto=0):
Filip Tehlar84962d12020-09-08 06:08:05 +0000[diff] [blame]72 try:
73 IPv4Address(start_addr)
74 is_ip4 = True
75 except AddressValueError:
76 is_ip4 = False
77 self.ts_is_ip4 = is_ip4
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]78 self.remote_ts = {'is_local': False,
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]79 'protocol_id': proto,
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]80 'start_port': start_port,
81 'end_port': end_port,
82 'start_addr': start_addr,
83 'end_addr': end_addr}
84
Filip Tehlaraf2cc642021-02-22 16:15:51 +0000[diff] [blame]85 def add_responder_hostname(self, hn):
86 self.responder_hostname = hn
87
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]88 def add_responder(self, responder):
89 self.responder = responder
90
91 def add_ike_transforms(self, tr):
92 self.ike_transforms = tr
93
94 def add_esp_transforms(self, tr):
95 self.esp_transforms = tr
96
97 def set_udp_encap(self, udp_encap):
98 self.udp_encap = udp_encap
99
100 def set_lifetime_data(self, data):
101 self.lifetime_data = data
102
103 def set_ipsec_over_udp_port(self, port):
104 self.ipsec_udp_port = {'is_set': 1,
105 'port': port}
106
107 def set_tunnel_interface(self, sw_if_index):
108 self.tun_itf = sw_if_index
109
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]110 def object_id(self):
111 return 'ikev2-profile-%s' % self.profile_name
112
113 def remove_vpp_config(self):
114 self.vapi.ikev2_profile_add_del(name=self.profile_name, is_add=False)
115
116 def add_vpp_config(self):
117 self.vapi.ikev2_profile_add_del(name=self.profile_name, is_add=True)
118 if hasattr(self, 'auth'):
119 self.vapi.ikev2_profile_set_auth(name=self.profile_name,
120 data_len=len(self.auth['data']),
121 **self.auth)
122 if hasattr(self, 'local_id'):
123 self.vapi.ikev2_profile_set_id(name=self.profile_name,
124 data_len=len(self.local_id
125 ['data']),
126 **self.local_id)
127 if hasattr(self, 'remote_id'):
128 self.vapi.ikev2_profile_set_id(name=self.profile_name,
129 data_len=len(self.remote_id
130 ['data']),
131 **self.remote_id)
132 if hasattr(self, 'local_ts'):
133 self.vapi.ikev2_profile_set_ts(name=self.profile_name,
Filip Tehlar558607d2020-07-16 07:25:56 +0000[diff] [blame]134 ts=self.local_ts)
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]135
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]136 if hasattr(self, 'remote_ts'):
137 self.vapi.ikev2_profile_set_ts(name=self.profile_name,
Filip Tehlar558607d2020-07-16 07:25:56 +0000[diff] [blame]138 ts=self.remote_ts)
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]139
140 if hasattr(self, 'responder'):
141 self.vapi.ikev2_set_responder(name=self.profile_name,
Filip Tehlar558607d2020-07-16 07:25:56 +0000[diff] [blame]142 responder=self.responder)
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]143
Filip Tehlaraf2cc642021-02-22 16:15:51 +0000[diff] [blame]144 if hasattr(self, 'responder_hostname'):
145 print(self.responder_hostname)
146 self.vapi.ikev2_set_responder_hostname(name=self.profile_name,
147 **self.responder_hostname)
148
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]149 if hasattr(self, 'ike_transforms'):
150 self.vapi.ikev2_set_ike_transforms(name=self.profile_name,
Filip Tehlar558607d2020-07-16 07:25:56 +0000[diff] [blame]151 tr=self.ike_transforms)
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]152
153 if hasattr(self, 'esp_transforms'):
154 self.vapi.ikev2_set_esp_transforms(name=self.profile_name,
155 tr=self.esp_transforms)
156
157 if self.udp_encap:
158 self.vapi.ikev2_profile_set_udp_encap(name=self.profile_name)
159
160 if hasattr(self, 'lifetime_data'):
161 self.vapi.ikev2_set_sa_lifetime(name=self.profile_name,
162 **self.lifetime_data)
163
164 if hasattr(self, 'ipsec_udp_port'):
165 self.vapi.ikev2_profile_set_ipsec_udp_port(name=self.profile_name,
166 **self.ipsec_udp_port)
167 if hasattr(self, 'tun_itf'):
168 self.vapi.ikev2_set_tunnel_interface(name=self.profile_name,
169 sw_if_index=self.tun_itf)
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]170
Filip Tehlard7fc12f2020-10-30 04:47:44 +0000[diff] [blame]171 if not self.natt:
172 self.vapi.ikev2_profile_disable_natt(name=self.profile_name)
173
Filip Tehlar12b517b2020-04-26 18:05:05 +0000[diff] [blame]174 def query_vpp_config(self):
Filip Tehlar459d17b2020-07-06 15:40:08 +0000[diff] [blame]175 res = self.vapi.ikev2_profile_dump()
176 for r in res:
177 if r.profile.name == self.profile_name:
178 return r.profile
179 return None