From 609d579ed27d78e3fd5f430fb9893edda19ba6e4 Mon Sep 17 00:00:00 2001 From: Eric Kinzie Date: Tue, 13 Oct 2020 20:02:11 -0400 Subject: ipsec: fix instance, and cli del for new ipsec interface - use user instance number in interface name Restore the behavior of previous versions where the IPsec tunnel interface name contained the value of the user-provided instance number. For example, a command similar to create ipsec tunnel local-ip . . . instance 5 would result in the creation of interface "ipsec5". - ipsec: delete tunnel protection when asked The "ipsec tunnel protect" command will parse a "del" argument but does not undo the tunnel protection, leaving the SAs hanging around with reference counts that were incremented by a previous invocation of the command. Allow the tunnel protection to be deleted and also update the help text to indicate that deletion is an option. - test: ipsec: add test for ipsec interface instance Also cleanup (unconfig) after TestIpsecItf4 NULL algo test. Type: fix Fixes: dd4ccf2623b5 ("ipsec: Dedicated IPSec interface type") Signed-off-by: Eric Kinzie Signed-off-by: Christian Hopps Change-Id: Idb59ceafa0633040344473c9942b6536e3d941ce --- test/test_ipsec_tun_if_esp.py | 22 ++++++++++++++++++++-- test/vpp_ipsec.py | 5 +++-- 2 files changed, 23 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py index a722ce77bb1..9d01b93114e 100644 --- a/test/test_ipsec_tun_if_esp.py +++ b/test/test_ipsec_tun_if_esp.py @@ -21,6 +21,7 @@ from vpp_sub_interface import L2_VTR_OP, VppDot1QSubint from vpp_teib import VppTeib from util import ppp from vpp_papi import VppEnum +from vpp_papi_provider import CliFailedCommandError from vpp_acl import AclRule, VppAcl, VppAclInterface @@ -2512,8 +2513,8 @@ class TemplateIpsecItf4(object): [p.tun_sa_in]) p.tun_protect.add_vpp_config() - def config_network(self, p): - p.tun_if = VppIpsecInterface(self) + def config_network(self, p, instance=0xffffffff): + p.tun_if = VppIpsecInterface(self, instance=instance) p.tun_if.add_vpp_config() p.tun_if.admin_up() @@ -2555,6 +2556,18 @@ class TestIpsecItf4(TemplateIpsec, def tearDown(self): super(TestIpsecItf4, self).tearDown() + def test_tun_instance_44(self): + p = self.ipv4_params + self.config_network(p, instance=3) + + with self.assertRaises(CliFailedCommandError): + self.vapi.cli("show interface ipsec0") + + output = self.vapi.cli("show interface ipsec3") + self.assertTrue("unknown" not in output) + + self.unconfig_network(p) + def test_tun_44(self): """IPSEC interface IPv4""" @@ -2644,6 +2657,11 @@ class TestIpsecItf4(TemplateIpsec, self.verify_tun_44(p, count=n_pkts) + # teardown + self.unconfig_protect(p) + self.unconfig_sa(p) + self.unconfig_network(p) + class TemplateIpsecItf6(object): """ IPsec Interface IPv6 """ diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py index f012a4a1e84..f9dcdf09f1a 100644 --- a/test/vpp_ipsec.py +++ b/test/vpp_ipsec.py @@ -376,16 +376,17 @@ class VppIpsecInterface(VppInterface): VPP IPSec interface """ - def __init__(self, test, mode=None): + def __init__(self, test, mode=None, instance=0xffffffff): super(VppIpsecInterface, self).__init__(test) # only p2p mode is supported currently self.mode = (VppEnum.vl_api_tunnel_mode_t. TUNNEL_API_MODE_P2P) + self.instance = instance def add_vpp_config(self): r = self.test.vapi.ipsec_itf_create(itf={ - 'user_instance': 0xffffffff, + 'user_instance': self.instance, 'mode': self.mode, }) self.set_sw_if_index(r.sw_if_index) -- cgit 1.2.3-korg