ipsec: Add 'detail' option to 'sh ipsec sa'

[vpp.git] / src / vnet / ipsec / ipsec_cli.c

diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index a5972bb..0bc7aea 100644 (file)
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -344,13 +344,14 @@ VLIB_CLI_COMMAND (ipsec_policy_add_del_command, static) = {
 /* *INDENT-ON* */
 
 static void
-ipsec_sa_show_all (vlib_main_t * vm, ipsec_main_t * im)
+ipsec_sa_show_all (vlib_main_t * vm, ipsec_main_t * im, u8 detail)
 {
   u32 sai;
 
   /* *INDENT-OFF* */
   pool_foreach_index (sai, im->sad, ({
-    vlib_cli_output(vm, "%U", format_ipsec_sa, sai, IPSEC_FORMAT_BRIEF);
+    vlib_cli_output(vm, "%U", format_ipsec_sa, sai,
+                    (detail ? IPSEC_FORMAT_DETAIL : IPSEC_FORMAT_BRIEF));
   }));
   /* *INDENT-ON* */
 }
@@ -404,7 +405,7 @@ show_ipsec_command_fn (vlib_main_t * vm,
 {
   ipsec_main_t *im = &ipsec_main;
 
-  ipsec_sa_show_all (vm, im);
+  ipsec_sa_show_all (vm, im, 0);
   ipsec_spd_show_all (vm, im);
   ipsec_spd_bindings_show_all (vm, im);
   ipsec_tunnel_show_all (vm, im);
@@ -426,17 +427,20 @@ show_ipsec_sa_command_fn (vlib_main_t * vm,
 {
   ipsec_main_t *im = &ipsec_main;
   u32 sai = ~0;
+  u8 detail = 0;
 
   while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
     {
       if (unformat (input, "%u", &sai))
        ;
+      if (unformat (input, "detail"))
+       detail = 1;
       else
        break;
     }
 
   if (~0 == sai)
-    ipsec_sa_show_all (vm, im);
+    ipsec_sa_show_all (vm, im, detail);
   else
     vlib_cli_output (vm, "%U", format_ipsec_sa, sai, IPSEC_FORMAT_DETAIL);
 
@@ -942,6 +946,58 @@ VLIB_CLI_COMMAND (ipsec_tun_protect_show_node, static) =
 };
 /* *INDENT-ON* */
 
+static clib_error_t *
+ipsec_tun_protect_hash_show (vlib_main_t * vm,
+                            unformat_input_t * input,
+                            vlib_cli_command_t * cmd)
+{
+  ipsec_main_t *im = &ipsec_main;
+
+  {
+    ipsec_tun_lkup_result_t value;
+    ipsec4_tunnel_key_t key;
+
+    vlib_cli_output (vm, "IPv4:");
+
+    /* *INDENT-OFF* */
+    hash_foreach(key.as_u64, value.as_u64, im->tun4_protect_by_key,
+    ({
+      vlib_cli_output (vm, " %U", format_ipsec4_tunnel_key, &key);
+      vlib_cli_output (vm, "  tun:%d sa:%d", value.tun_index, value.sa_index);
+    }));
+    /* *INDENT-ON* */
+  }
+
+  {
+    ipsec_tun_lkup_result_t value;
+    ipsec6_tunnel_key_t *key;
+
+    vlib_cli_output (vm, "IPv6:");
+
+    /* *INDENT-OFF* */
+    hash_foreach_mem(key, value.as_u64, im->tun6_protect_by_key,
+    ({
+      vlib_cli_output (vm, " %U", format_ipsec6_tunnel_key, key);
+      vlib_cli_output (vm, "  tun:%d sa:%d", value.tun_index, value.sa_index);
+    }));
+    /* *INDENT-ON* */
+  }
+
+  return NULL;
+}
+
+/**
+ * show IPSEC tunnel protection hash tables
+ */
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (ipsec_tun_protect_hash_show_node, static) =
+{
+  .path = "show ipsec protect-hash",
+  .function = ipsec_tun_protect_hash_show,
+  .short_help =  "show ipsec protect-hash",
+};
+/* *INDENT-ON* */
+
 clib_error_t *
 ipsec_cli_init (vlib_main_t * vm)
 {