From 609d579ed27d78e3fd5f430fb9893edda19ba6e4 Mon Sep 17 00:00:00 2001 From: Eric Kinzie Date: Tue, 13 Oct 2020 20:02:11 -0400 Subject: ipsec: fix instance, and cli del for new ipsec interface - use user instance number in interface name Restore the behavior of previous versions where the IPsec tunnel interface name contained the value of the user-provided instance number. For example, a command similar to create ipsec tunnel local-ip . . . instance 5 would result in the creation of interface "ipsec5". - ipsec: delete tunnel protection when asked The "ipsec tunnel protect" command will parse a "del" argument but does not undo the tunnel protection, leaving the SAs hanging around with reference counts that were incremented by a previous invocation of the command. Allow the tunnel protection to be deleted and also update the help text to indicate that deletion is an option. - test: ipsec: add test for ipsec interface instance Also cleanup (unconfig) after TestIpsecItf4 NULL algo test. Type: fix Fixes: dd4ccf2623b5 ("ipsec: Dedicated IPSec interface type") Signed-off-by: Eric Kinzie Signed-off-by: Christian Hopps Change-Id: Idb59ceafa0633040344473c9942b6536e3d941ce --- src/vnet/ipsec/ipsec_cli.c | 4 +++- src/vnet/ipsec/ipsec_itf.c | 4 +--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 937e0f6b2e4..7d265f7e64d 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -997,6 +997,8 @@ ipsec_tun_protect_cmd (vlib_main_t * vm, if (!is_del) ipsec_tun_protect_update (sw_if_index, &peer, sa_out, sa_ins); + else + ipsec_tun_protect_del (sw_if_index, &peer); unformat_free (line_input); return NULL; @@ -1010,7 +1012,7 @@ VLIB_CLI_COMMAND (ipsec_tun_protect_cmd_node, static) = { .path = "ipsec tunnel protect", .function = ipsec_tun_protect_cmd, - .short_help = "ipsec tunnel protect input-sa output-sa ", + .short_help = "ipsec tunnel protect input-sa output-sa [add|del]", // this is not MP safe }; /* *INDENT-ON* */ diff --git a/src/vnet/ipsec/ipsec_itf.c b/src/vnet/ipsec/ipsec_itf.c index 756bc19fbef..6724eab73a8 100644 --- a/src/vnet/ipsec/ipsec_itf.c +++ b/src/vnet/ipsec/ipsec_itf.c @@ -294,12 +294,10 @@ ipsec_itf_create (u32 user_instance, tunnel_mode_t mode, u32 * sw_if_indexp) ipsec_itf->ii_mode = mode; ipsec_itf->ii_user_instance = instance; - if (~0 == ipsec_itf->ii_user_instance) - ipsec_itf->ii_user_instance = t_idx; hw_if_index = vnet_register_interface (vnm, ipsec_itf_device_class.index, - t_idx, + ipsec_itf->ii_user_instance, ipsec_hw_interface_class.index, t_idx); -- cgit 1.2.3-korg