- pool_foreach (spd, im->spds, ({
- vlib_cli_output(vm, "spd %u", spd->id);
-
- vlib_cli_output(vm, " outbound policies");
- vec_foreach(i, spd->ipv4_outbound_policies)
- {
- p = pool_elt_at_index(spd->policies, *i);
- vlib_cli_output(vm, " priority %d action %U protocol %s%s",
- p->priority,
- format_ipsec_policy_action, p->policy,
- p->protocol ?
- format(0, "%U", format_ip_protocol, p->protocol) :
- (u8 *) "any",
- p->policy == IPSEC_POLICY_ACTION_PROTECT ?
- format(0, " sa %u", p->sa_id) :
- (u8 *) "");
- vlib_cli_output(vm, " local addr range %U - %U port range %u - %u",
- format_ip4_address, &p->laddr.start.ip4,
- format_ip4_address, &p->laddr.stop.ip4,
- p->lport.start, p->lport.stop);
- vlib_cli_output(vm, " remte addr range %U - %U port range %u - %u",
- format_ip4_address, &p->raddr.start.ip4,
- format_ip4_address, &p->raddr.stop.ip4,
- p->rport.start, p->rport.stop);
- vlib_cli_output(vm, " packets %u bytes %u", p->counter.packets,
- p->counter.bytes);
- };
- vec_foreach(i, spd->ipv6_outbound_policies)
- {
- p = pool_elt_at_index(spd->policies, *i);
- vlib_cli_output(vm, " priority %d action %U protocol %s%s",
- p->priority,
- format_ipsec_policy_action, p->policy,
- p->protocol ?
- format(0, "%U", format_ip_protocol, p->protocol) :
- (u8 *) "any",
- p->policy == IPSEC_POLICY_ACTION_PROTECT ?
- format(0, " sa %u", p->sa_id) :
- (u8 *) "");
- vlib_cli_output(vm, " local addr range %U - %U port range %u - %u",
- format_ip6_address, &p->laddr.start.ip6,
- format_ip6_address, &p->laddr.stop.ip6,
- p->lport.start, p->lport.stop);
- vlib_cli_output(vm, " remote addr range %U - %U port range %u - %u",
- format_ip6_address, &p->raddr.start.ip6,
- format_ip6_address, &p->raddr.stop.ip6,
- p->rport.start, p->rport.stop);
- vlib_cli_output(vm, " packets %u bytes %u", p->counter.packets,
- p->counter.bytes);
- };
- vlib_cli_output(vm, " inbound policies");
- vec_foreach(i, spd->ipv4_inbound_protect_policy_indices)
- {
- p = pool_elt_at_index(spd->policies, *i);
- vlib_cli_output(vm, " priority %d action %U protocol %s%s",
- p->priority,
- format_ipsec_policy_action, p->policy,
- p->protocol ?
- format(0, "%U", format_ip_protocol, p->protocol) :
- (u8 *) "any",
- p->policy == IPSEC_POLICY_ACTION_PROTECT ?
- format(0, " sa %u", p->sa_id) :
- (u8 *) "");
- vlib_cli_output(vm, " local addr range %U - %U port range %u - %u",
- format_ip4_address, &p->laddr.start.ip4,
- format_ip4_address, &p->laddr.stop.ip4,
- p->lport.start, p->lport.stop);
- vlib_cli_output(vm, " remte addr range %U - %U port range %u - %u",
- format_ip4_address, &p->raddr.start.ip4,
- format_ip4_address, &p->raddr.stop.ip4,
- p->rport.start, p->rport.stop);
- vlib_cli_output(vm, " packets %u bytes %u", p->counter.packets,
- p->counter.bytes);
- };
- vec_foreach(i, spd->ipv4_inbound_policy_discard_and_bypass_indices)
- {
- p = pool_elt_at_index(spd->policies, *i);
- vlib_cli_output(vm, " priority %d action %U protocol %s%s",
- p->priority,
- format_ipsec_policy_action, p->policy,
- p->protocol ?
- format(0, "%U", format_ip_protocol, p->protocol) :
- (u8 *) "any",
- p->policy == IPSEC_POLICY_ACTION_PROTECT ?
- format(0, " sa %u", p->sa_id) :
- (u8 *) "");
- vlib_cli_output(vm, " local addr range %U - %U port range %u - %u",
- format_ip4_address, &p->laddr.start.ip4,
- format_ip4_address, &p->laddr.stop.ip4,
- p->lport.start, p->lport.stop);
- vlib_cli_output(vm, " remte addr range %U - %U port range %u - %u",
- format_ip4_address, &p->raddr.start.ip4,
- format_ip4_address, &p->raddr.stop.ip4,
- p->rport.start, p->rport.stop);
- vlib_cli_output(vm, " packets %u bytes %u", p->counter.packets,
- p->counter.bytes);
- };
- vec_foreach(i, spd->ipv6_inbound_protect_policy_indices)
- {
- p = pool_elt_at_index(spd->policies, *i);
- vlib_cli_output(vm, " priority %d action %U protocol %s%s",
- p->priority,
- format_ipsec_policy_action, p->policy,
- p->protocol ?
- format(0, "%U", format_ip_protocol, p->protocol) :
- (u8 *) "any",
- p->policy == IPSEC_POLICY_ACTION_PROTECT ?
- format(0, " sa %u", p->sa_id) :
- (u8 *) "");
- vlib_cli_output(vm, " local addr range %U - %U port range %u - %u",
- format_ip6_address, &p->laddr.start.ip6,
- format_ip6_address, &p->laddr.stop.ip6,
- p->lport.start, p->lport.stop);
- vlib_cli_output(vm, " remote addr range %U - %U port range %u - %u",
- format_ip6_address, &p->raddr.start.ip6,
- format_ip6_address, &p->raddr.stop.ip6,
- p->rport.start, p->rport.stop);
- vlib_cli_output(vm, " packets %u bytes %u", p->counter.packets,
- p->counter.bytes);
- };
- vec_foreach(i, spd->ipv6_inbound_policy_discard_and_bypass_indices)
- {
- p = pool_elt_at_index(spd->policies, *i);
- vlib_cli_output(vm, " priority %d action %U protocol %s%s",
- p->priority,
- format_ipsec_policy_action, p->policy,
- p->protocol ?
- format(0, "%U", format_ip_protocol, p->protocol) :
- (u8 *) "any",
- p->policy == IPSEC_POLICY_ACTION_PROTECT ?
- format(0, " sa %u", p->sa_id) :
- (u8 *) "");
- vlib_cli_output(vm, " local addr range %U - %U port range %u - %u",
- format_ip6_address, &p->laddr.start.ip6,
- format_ip6_address, &p->laddr.stop.ip6,
- p->lport.start, p->lport.stop);
- vlib_cli_output(vm, " remote addr range %U - %U port range %u - %u",
- format_ip6_address, &p->raddr.start.ip6,
- format_ip6_address, &p->raddr.stop.ip6,
- p->rport.start, p->rport.stop);
- vlib_cli_output(vm, " packets %u bytes %u", p->counter.packets,
- p->counter.bytes);
- };
- }));