Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
ipsec: cli: add missing flags for SA add
[vpp.git] / src / vnet / ipsec / ipsec_cli.c
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 01d4b75..0d1ab03 100644 (file)
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -144,6 +144,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
       else if (unformat (line_input, "tunnel-dst %U",
                         unformat_ip46_address, &tun_dst, IP46_TYPE_ANY))
        ;
+      else if (unformat (line_input, "inbound"))
+       flags |= IPSEC_SA_FLAG_IS_INBOUND;
+      else if (unformat (line_input, "use-anti-replay"))
+       flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
+      else if (unformat (line_input, "use-esn"))
+       flags |= IPSEC_SA_FLAG_USE_ESN;
       else if (unformat (line_input, "udp-encap"))
        flags |= IPSEC_SA_FLAG_UDP_ENCAP;
       else
@@ -153,6 +159,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
          goto done;
        }
     }
+  if ((flags & IPSEC_SA_FLAG_IS_INBOUND)
+      && !(flags & IPSEC_SA_FLAG_IS_TUNNEL))
+    {
+      error = clib_error_return (0, "inbound specified on non-tunnel SA");
+      goto done;
+    }
 
   if (!(m_args & 1))
     {
Vector Packet Processing