- use user instance number in interface name
Restore the behavior of previous versions where the IPsec tunnel
interface name contained the value of the user-provided instance number.
For example, a command similar to
create ipsec tunnel local-ip . . . instance 5
would result in the creation of interface "ipsec5".
- ipsec: delete tunnel protection when asked
The "ipsec tunnel protect" command will parse a "del" argument but does
not undo the tunnel protection, leaving the SAs hanging around with
reference counts that were incremented by a previous invocation of the
command. Allow the tunnel protection to be deleted and also update the
help text to indicate that deletion is an option.
- test: ipsec: add test for ipsec interface instance
Also cleanup (unconfig) after TestIpsecItf4 NULL algo test.
Type: fix
Fixes:
dd4ccf2623b5 ("ipsec: Dedicated IPSec interface type")
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: Idb59ceafa0633040344473c9942b6536e3d941ce
if (!is_del)
ipsec_tun_protect_update (sw_if_index, &peer, sa_out, sa_ins);
+ else
+ ipsec_tun_protect_del (sw_if_index, &peer);
unformat_free (line_input);
return NULL;
{
.path = "ipsec tunnel protect",
.function = ipsec_tun_protect_cmd,
- .short_help = "ipsec tunnel protect <interface> input-sa <SA> output-sa <SA>",
+ .short_help = "ipsec tunnel protect <interface> input-sa <SA> output-sa <SA> [add|del]",
// this is not MP safe
};
/* *INDENT-ON* */
ipsec_itf->ii_mode = mode;
ipsec_itf->ii_user_instance = instance;
- if (~0 == ipsec_itf->ii_user_instance)
- ipsec_itf->ii_user_instance = t_idx;
hw_if_index = vnet_register_interface (vnm,
ipsec_itf_device_class.index,
- t_idx,
+ ipsec_itf->ii_user_instance,
ipsec_hw_interface_class.index,
t_idx);
from vpp_teib import VppTeib
from util import ppp
from vpp_papi import VppEnum
+from vpp_papi_provider import CliFailedCommandError
from vpp_acl import AclRule, VppAcl, VppAclInterface
[p.tun_sa_in])
p.tun_protect.add_vpp_config()
- def config_network(self, p):
- p.tun_if = VppIpsecInterface(self)
+ def config_network(self, p, instance=0xffffffff):
+ p.tun_if = VppIpsecInterface(self, instance=instance)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
def tearDown(self):
super(TestIpsecItf4, self).tearDown()
+ def test_tun_instance_44(self):
+ p = self.ipv4_params
+ self.config_network(p, instance=3)
+
+ with self.assertRaises(CliFailedCommandError):
+ self.vapi.cli("show interface ipsec0")
+
+ output = self.vapi.cli("show interface ipsec3")
+ self.assertTrue("unknown" not in output)
+
+ self.unconfig_network(p)
+
def test_tun_44(self):
"""IPSEC interface IPv4"""
self.verify_tun_44(p, count=n_pkts)
+ # teardown
+ self.unconfig_protect(p)
+ self.unconfig_sa(p)
+ self.unconfig_network(p)
+
class TemplateIpsecItf6(object):
""" IPsec Interface IPv6 """
VPP IPSec interface
"""
- def __init__(self, test, mode=None):
+ def __init__(self, test, mode=None, instance=0xffffffff):
super(VppIpsecInterface, self).__init__(test)
# only p2p mode is supported currently
self.mode = (VppEnum.vl_api_tunnel_mode_t.
TUNNEL_API_MODE_P2P)
+ self.instance = instance
def add_vpp_config(self):
r = self.test.vapi.ipsec_itf_create(itf={
- 'user_instance': 0xffffffff,
+ 'user_instance': self.instance,
'mode': self.mode,
})
self.set_sw_if_index(r.sw_if_index)