p.id = ntohl (mp->entry.spd_id);
p.priority = ntohl (mp->entry.priority);
- p.is_outbound = mp->entry.is_outbound;
itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start);
ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop);
p.is_ipv6 = (itype == IP46_TYPE_IP6);
p.protocol = mp->entry.protocol;
- p.rport.start = ntohs (mp->entry.remote_port_start);
- p.rport.stop = ntohs (mp->entry.remote_port_stop);
- p.lport.start = ntohs (mp->entry.local_port_start);
- p.lport.stop = ntohs (mp->entry.local_port_stop);
+ /* leave the ports in network order */
+ p.rport.start = mp->entry.remote_port_start;
+ p.rport.stop = mp->entry.remote_port_stop;
+ p.lport.start = mp->entry.local_port_start;
+ p.lport.stop = mp->entry.local_port_stop;
rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
goto out;
}
p.sa_id = ntohl (mp->entry.sa_id);
+ rv =
+ ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy,
+ &p.type);
+ if (rv)
+ goto out;
rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index);
if (rv)
mp->entry.spd_id = htonl (p->id);
mp->entry.priority = htonl (p->priority);
- mp->entry.is_outbound = p->is_outbound;
+ mp->entry.is_outbound = ((p->type == IPSEC_SPD_POLICY_IP6_OUTBOUND) ||
+ (p->type == IPSEC_SPD_POLICY_IP4_OUTBOUND));
ip_address_encode (&p->laddr.start, IP46_TYPE_ANY,
&mp->entry.local_address_start);
&mp->entry.remote_address_start);
ip_address_encode (&p->raddr.stop, IP46_TYPE_ANY,
&mp->entry.remote_address_stop);
- mp->entry.local_port_start = htons (p->lport.start);
- mp->entry.local_port_stop = htons (p->lport.stop);
- mp->entry.remote_port_start = htons (p->rport.start);
- mp->entry.remote_port_stop = htons (p->rport.stop);
+ mp->entry.local_port_start = p->lport.start;
+ mp->entry.local_port_stop = p->lport.stop;
+ mp->entry.remote_port_start = p->rport.start;
+ mp->entry.remote_port_stop = p->rport.stop;
mp->entry.protocol = p->protocol;
mp->entry.policy = ipsec_spd_action_encode (p->policy);
mp->entry.sa_id = htonl (p->sa_id);
{
vl_api_registration_t *reg;
ipsec_main_t *im = &ipsec_main;
- ipsec_spd_policy_t ptype;
+ ipsec_spd_policy_type_t ptype;
ipsec_policy_t *policy;
ipsec_spd_t *spd;
uword *p;