Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 609d579ed27d78e3fd5f430fb9893edda19ba6e4^! / . / test / test_ipsec_tun_if_esp.py
commit609d579ed27d78e3fd5f430fb9893edda19ba6e4[log] [tgz]
authorEric Kinzie <ekinzie@labn.net>Tue Oct 13 20:02:11 2020 -0400
committerNeale Ranns <nranns@cisco.com>Fri Oct 16 12:32:31 2020 +0000
treedbc5750d730ae5088ef96348fd8c34292906673c
parentc1b94c835396d4b81b9dea99a5306ed7836bde39 [diff] [blame]
ipsec: fix instance, and cli del for new ipsec interface

- use user instance number in interface name

Restore the behavior of previous versions where the IPsec tunnel
interface name contained the value of the user-provided instance number.
For example, a command similar to

	create ipsec tunnel local-ip . . . instance 5

would result in the creation of interface "ipsec5".

- ipsec: delete tunnel protection when asked

The "ipsec tunnel protect" command will parse a "del" argument but does
not undo the tunnel protection, leaving the SAs hanging around with
reference counts that were incremented by a previous invocation of the
command. Allow the tunnel protection to be deleted and also update the
help text to indicate that deletion is an option.

- test: ipsec: add test for ipsec interface instance

Also cleanup (unconfig) after TestIpsecItf4 NULL algo test.

Type: fix
Fixes: dd4ccf2623b5 ("ipsec: Dedicated IPSec interface type")
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: Idb59ceafa0633040344473c9942b6536e3d941ce

diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py
index a722ce7..9d01b93 100644
--- a/test/test_ipsec_tun_if_esp.py
+++ b/test/test_ipsec_tun_if_esp.py

@@ -21,6 +21,7 @@
 from vpp_teib import VppTeib
 from util import ppp
 from vpp_papi import VppEnum
+from vpp_papi_provider import CliFailedCommandError
 from vpp_acl import AclRule, VppAcl, VppAclInterface
 
 
@@ -2512,8 +2513,8 @@
                                            [p.tun_sa_in])
         p.tun_protect.add_vpp_config()
 
-    def config_network(self, p):
-        p.tun_if = VppIpsecInterface(self)
+    def config_network(self, p, instance=0xffffffff):
+        p.tun_if = VppIpsecInterface(self, instance=instance)
 
         p.tun_if.add_vpp_config()
         p.tun_if.admin_up()
@@ -2555,6 +2556,18 @@
     def tearDown(self):
         super(TestIpsecItf4, self).tearDown()
 
+    def test_tun_instance_44(self):
+        p = self.ipv4_params
+        self.config_network(p, instance=3)
+
+        with self.assertRaises(CliFailedCommandError):
+            self.vapi.cli("show interface ipsec0")
+
+        output = self.vapi.cli("show interface ipsec3")
+        self.assertTrue("unknown" not in output)
+
+        self.unconfig_network(p)
+
     def test_tun_44(self):
         """IPSEC interface IPv4"""
 
@@ -2644,6 +2657,11 @@
 
         self.verify_tun_44(p, count=n_pkts)
 
+        # teardown
+        self.unconfig_protect(p)
+        self.unconfig_sa(p)
+        self.unconfig_network(p)
+
 
 class TemplateIpsecItf6(object):
     """ IPsec Interface IPv6 """