flow: add IPSec ESP/AH flow

[vpp.git] / src / vnet / flow / flow_cli.c

diff --git a/src/vnet/flow/flow_cli.c b/src/vnet/flow/flow_cli.c
index 364b475..98007a7 100644 (file)
--- a/src/vnet/flow/flow_cli.c
+++ b/src/vnet/flow/flow_cli.c
@@ -276,11 +276,12 @@ test_flow (vlib_main_t * vm, unformat_input_t * input,
   } action = FLOW_UNKNOWN_ACTION;
   u32 hw_if_index = ~0, flow_index = ~0;
   int rv;
-  u32 prot = 0, teid = 0, session_id = 0;
+  u32 prot = 0, teid = 0, session_id = 0, spi = 0;
   vnet_flow_type_t type = VNET_FLOW_TYPE_IP4_N_TUPLE;
   bool is_gtpc_set = false;
   bool is_gtpu_set = false;
   bool is_l2tpv3oip_set = false;
+  bool is_ipsec_esp_set = false, is_ipsec_ah_set = false;
   vnet_flow_type_t outer_type = VNET_FLOW_TYPE_UNKNOWN;
   vnet_flow_type_t inner_type = VNET_FLOW_TYPE_UNKNOWN;
   bool outer_ip4_set = false, inner_ip4_set = false;
@@ -363,6 +364,13 @@ test_flow (vlib_main_t * vm, unformat_input_t * input,
          if (prot == IP_PROTOCOL_L2TP)
            is_l2tpv3oip_set = true;
        }
+      else if (unformat (line_input, "spi %u", &spi))
+       {
+         if (prot == IP_PROTOCOL_IPSEC_ESP)
+           is_ipsec_esp_set = true;
+         else if (prot == IP_PROTOCOL_IPSEC_AH)
+           is_ipsec_ah_set = true;
+       }
       else if (unformat (line_input, "index %u", &flow_index))
        ;
       else if (unformat (line_input, "next-node %U", unformat_vlib_node, vm,
@@ -489,6 +497,10 @@ test_flow (vlib_main_t * vm, unformat_input_t * input,
                type = VNET_FLOW_TYPE_IP4_GTPU;
              else if (is_l2tpv3oip_set)
                type = VNET_FLOW_TYPE_IP4_L2TPV3OIP;
+             else if (is_ipsec_esp_set)
+               type = VNET_FLOW_TYPE_IP4_IPSEC_ESP;
+             else if (is_ipsec_ah_set)
+               type = VNET_FLOW_TYPE_IP4_IPSEC_AH;
            }
          else if (inner_type == VNET_FLOW_TYPE_IP4_N_TUPLE)
            {
@@ -539,6 +551,22 @@ test_flow (vlib_main_t * vm, unformat_input_t * input,
          flow.ip4_l2tpv3oip.protocol = prot;
          flow.ip4_l2tpv3oip.session_id = session_id;
          break;
+       case VNET_FLOW_TYPE_IP4_IPSEC_ESP:
+         clib_memcpy (&flow.ip4_ipsec_esp.src_addr, &ip4s,
+                      sizeof (ip4_address_and_mask_t));
+         clib_memcpy (&flow.ip4_ipsec_esp.dst_addr, &ip4d,
+                      sizeof (ip4_address_and_mask_t));
+         flow.ip4_ipsec_esp.protocol = prot;
+         flow.ip4_ipsec_esp.spi = spi;
+         break;
+       case VNET_FLOW_TYPE_IP4_IPSEC_AH:
+         clib_memcpy (&flow.ip4_ipsec_ah.src_addr, &ip4s,
+                      sizeof (ip4_address_and_mask_t));
+         clib_memcpy (&flow.ip4_ipsec_ah.dst_addr, &ip4d,
+                      sizeof (ip4_address_and_mask_t));
+         flow.ip4_ipsec_ah.protocol = prot;
+         flow.ip4_ipsec_ah.spi = spi;
+         break;
        case VNET_FLOW_TYPE_IP4_N_TUPLE:
        case VNET_FLOW_TYPE_IP4_GTPC:
        case VNET_FLOW_TYPE_IP4_GTPU: