summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorEric Kinzie <ekinzie@labn.net>2020-10-13 20:02:11 -0400
committerNeale Ranns <nranns@cisco.com>2020-10-16 12:32:31 +0000
commit609d579ed27d78e3fd5f430fb9893edda19ba6e4 (patch)
treedbc5750d730ae5088ef96348fd8c34292906673c /test
parentc1b94c835396d4b81b9dea99a5306ed7836bde39 (diff)
ipsec: fix instance, and cli del for new ipsec interface
- use user instance number in interface name Restore the behavior of previous versions where the IPsec tunnel interface name contained the value of the user-provided instance number. For example, a command similar to create ipsec tunnel local-ip . . . instance 5 would result in the creation of interface "ipsec5". - ipsec: delete tunnel protection when asked The "ipsec tunnel protect" command will parse a "del" argument but does not undo the tunnel protection, leaving the SAs hanging around with reference counts that were incremented by a previous invocation of the command. Allow the tunnel protection to be deleted and also update the help text to indicate that deletion is an option. - test: ipsec: add test for ipsec interface instance Also cleanup (unconfig) after TestIpsecItf4 NULL algo test. Type: fix Fixes: dd4ccf2623b5 ("ipsec: Dedicated IPSec interface type") Signed-off-by: Eric Kinzie <ekinzie@labn.net> Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: Idb59ceafa0633040344473c9942b6536e3d941ce
Diffstat (limited to 'test')
-rw-r--r--test/test_ipsec_tun_if_esp.py22
-rw-r--r--test/vpp_ipsec.py5
2 files changed, 23 insertions, 4 deletions
diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py
index a722ce77bb1..9d01b93114e 100644
--- a/test/test_ipsec_tun_if_esp.py
+++ b/test/test_ipsec_tun_if_esp.py
@@ -21,6 +21,7 @@ from vpp_sub_interface import L2_VTR_OP, VppDot1QSubint
from vpp_teib import VppTeib
from util import ppp
from vpp_papi import VppEnum
+from vpp_papi_provider import CliFailedCommandError
from vpp_acl import AclRule, VppAcl, VppAclInterface
@@ -2512,8 +2513,8 @@ class TemplateIpsecItf4(object):
[p.tun_sa_in])
p.tun_protect.add_vpp_config()
- def config_network(self, p):
- p.tun_if = VppIpsecInterface(self)
+ def config_network(self, p, instance=0xffffffff):
+ p.tun_if = VppIpsecInterface(self, instance=instance)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
@@ -2555,6 +2556,18 @@ class TestIpsecItf4(TemplateIpsec,
def tearDown(self):
super(TestIpsecItf4, self).tearDown()
+ def test_tun_instance_44(self):
+ p = self.ipv4_params
+ self.config_network(p, instance=3)
+
+ with self.assertRaises(CliFailedCommandError):
+ self.vapi.cli("show interface ipsec0")
+
+ output = self.vapi.cli("show interface ipsec3")
+ self.assertTrue("unknown" not in output)
+
+ self.unconfig_network(p)
+
def test_tun_44(self):
"""IPSEC interface IPv4"""
@@ -2644,6 +2657,11 @@ class TestIpsecItf4(TemplateIpsec,
self.verify_tun_44(p, count=n_pkts)
+ # teardown
+ self.unconfig_protect(p)
+ self.unconfig_sa(p)
+ self.unconfig_network(p)
+
class TemplateIpsecItf6(object):
""" IPsec Interface IPv6 """
diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py
index f012a4a1e84..f9dcdf09f1a 100644
--- a/test/vpp_ipsec.py
+++ b/test/vpp_ipsec.py
@@ -376,16 +376,17 @@ class VppIpsecInterface(VppInterface):
VPP IPSec interface
"""
- def __init__(self, test, mode=None):
+ def __init__(self, test, mode=None, instance=0xffffffff):
super(VppIpsecInterface, self).__init__(test)
# only p2p mode is supported currently
self.mode = (VppEnum.vl_api_tunnel_mode_t.
TUNNEL_API_MODE_P2P)
+ self.instance = instance
def add_vpp_config(self):
r = self.test.vapi.ipsec_itf_create(itf={
- 'user_instance': 0xffffffff,
+ 'user_instance': self.instance,
'mode': self.mode,
})
self.set_sw_if_index(r.sw_if_index)