diff options
author | Eric Kinzie <ekinzie@labn.net> | 2020-10-13 20:02:11 -0400 |
---|---|---|
committer | Neale Ranns <nranns@cisco.com> | 2020-10-16 12:32:31 +0000 |
commit | 609d579ed27d78e3fd5f430fb9893edda19ba6e4 (patch) | |
tree | dbc5750d730ae5088ef96348fd8c34292906673c /test | |
parent | c1b94c835396d4b81b9dea99a5306ed7836bde39 (diff) |
ipsec: fix instance, and cli del for new ipsec interface
- use user instance number in interface name
Restore the behavior of previous versions where the IPsec tunnel
interface name contained the value of the user-provided instance number.
For example, a command similar to
create ipsec tunnel local-ip . . . instance 5
would result in the creation of interface "ipsec5".
- ipsec: delete tunnel protection when asked
The "ipsec tunnel protect" command will parse a "del" argument but does
not undo the tunnel protection, leaving the SAs hanging around with
reference counts that were incremented by a previous invocation of the
command. Allow the tunnel protection to be deleted and also update the
help text to indicate that deletion is an option.
- test: ipsec: add test for ipsec interface instance
Also cleanup (unconfig) after TestIpsecItf4 NULL algo test.
Type: fix
Fixes: dd4ccf2623b5 ("ipsec: Dedicated IPSec interface type")
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: Idb59ceafa0633040344473c9942b6536e3d941ce
Diffstat (limited to 'test')
-rw-r--r-- | test/test_ipsec_tun_if_esp.py | 22 | ||||
-rw-r--r-- | test/vpp_ipsec.py | 5 |
2 files changed, 23 insertions, 4 deletions
diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py index a722ce77bb1..9d01b93114e 100644 --- a/test/test_ipsec_tun_if_esp.py +++ b/test/test_ipsec_tun_if_esp.py @@ -21,6 +21,7 @@ from vpp_sub_interface import L2_VTR_OP, VppDot1QSubint from vpp_teib import VppTeib from util import ppp from vpp_papi import VppEnum +from vpp_papi_provider import CliFailedCommandError from vpp_acl import AclRule, VppAcl, VppAclInterface @@ -2512,8 +2513,8 @@ class TemplateIpsecItf4(object): [p.tun_sa_in]) p.tun_protect.add_vpp_config() - def config_network(self, p): - p.tun_if = VppIpsecInterface(self) + def config_network(self, p, instance=0xffffffff): + p.tun_if = VppIpsecInterface(self, instance=instance) p.tun_if.add_vpp_config() p.tun_if.admin_up() @@ -2555,6 +2556,18 @@ class TestIpsecItf4(TemplateIpsec, def tearDown(self): super(TestIpsecItf4, self).tearDown() + def test_tun_instance_44(self): + p = self.ipv4_params + self.config_network(p, instance=3) + + with self.assertRaises(CliFailedCommandError): + self.vapi.cli("show interface ipsec0") + + output = self.vapi.cli("show interface ipsec3") + self.assertTrue("unknown" not in output) + + self.unconfig_network(p) + def test_tun_44(self): """IPSEC interface IPv4""" @@ -2644,6 +2657,11 @@ class TestIpsecItf4(TemplateIpsec, self.verify_tun_44(p, count=n_pkts) + # teardown + self.unconfig_protect(p) + self.unconfig_sa(p) + self.unconfig_network(p) + class TemplateIpsecItf6(object): """ IPsec Interface IPv6 """ diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py index f012a4a1e84..f9dcdf09f1a 100644 --- a/test/vpp_ipsec.py +++ b/test/vpp_ipsec.py @@ -376,16 +376,17 @@ class VppIpsecInterface(VppInterface): VPP IPSec interface """ - def __init__(self, test, mode=None): + def __init__(self, test, mode=None, instance=0xffffffff): super(VppIpsecInterface, self).__init__(test) # only p2p mode is supported currently self.mode = (VppEnum.vl_api_tunnel_mode_t. TUNNEL_API_MODE_P2P) + self.instance = instance def add_vpp_config(self): r = self.test.vapi.ipsec_itf_create(itf={ - 'user_instance': 0xffffffff, + 'user_instance': self.instance, 'mode': self.mode, }) self.set_sw_if_index(r.sw_if_index) |