rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg,
&ck, integ_alg, &ik, flags,
0, clib_host_to_net_u32 (salt),
- &tun_src, &tun_dst, NULL);
+ &tun_src, &tun_dst, NULL,
+ IPSEC_UDP_PORT_NONE);
else
rv = ipsec_sa_unlock_id (id);
static walk_rc_t
ipsec_tun_protect_show_one (index_t itpi, void *ctx)
{
- vlib_cli_output (ctx, "%U", format_ipsec_tun_protect, itpi);
+ vlib_cli_output (ctx, "%U", format_ipsec_tun_protect_index, itpi);
return (WALK_CONTINUE);
}
ipsec_spd_bindings_show_all (vm, im);
ipsec_tun_protect_walk (ipsec_tun_protect_show_one, vm);
+ vlib_cli_output (vm, "IPSec async mode: %s",
+ (im->async_mode ? "on" : "off"));
+
return 0;
}
unformat_input_t _line_input, *line_input = &_line_input;
ip46_address_t local_ip = ip46_address_initializer;
ip46_address_t remote_ip = ip46_address_initializer;
- ipsec_crypto_alg_t crypto_alg;
- ipsec_integ_alg_t integ_alg;
+ ip_address_t nh = IP_ADDRESS_V4_ALL_0S;
+ ipsec_crypto_alg_t crypto_alg = IPSEC_CRYPTO_ALG_NONE;
+ ipsec_integ_alg_t integ_alg = IPSEC_INTEG_ALG_NONE;
ipsec_sa_flags_t flags;
u32 local_spi, remote_spi, salt, table_id, fib_index;
u32 instance = ~0;
;
else if (unformat (line_input, "del"))
is_add = 0;
+ else if (unformat (line_input, "nh &U", unformat_ip_address, &nh))
+ ;
else
{
error = clib_error_return (0, "unknown input `%U'",
ipip_add_tunnel (ipv6_set ? IPIP_TRANSPORT_IP6 : IPIP_TRANSPORT_IP4,
instance, &local_ip, &remote_ip, fib_index,
TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
- &sw_if_index);
+ TUNNEL_MODE_P2P, &sw_if_index);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_local_sa_id (sw_if_index),
local_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
&lck, integ_alg, &lik, flags, table_id,
clib_host_to_net_u32 (salt), &local_ip,
- &remote_ip, NULL);
+ &remote_ip, NULL, IPSEC_UDP_PORT_NONE);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_remote_sa_id (sw_if_index),
remote_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
&rck, integ_alg, &rik,
(flags | IPSEC_SA_FLAG_IS_INBOUND), table_id,
clib_host_to_net_u32 (salt), &remote_ip,
- &local_ip, NULL);
+ &local_ip, NULL, IPSEC_UDP_PORT_NONE);
rv |=
- ipsec_tun_protect_update_one (sw_if_index,
+ ipsec_tun_protect_update_one (sw_if_index, &nh,
ipsec_tun_mk_local_sa_id (sw_if_index),
ipsec_tun_mk_remote_sa_id
(sw_if_index));
{
unformat_input_t _line_input, *line_input = &_line_input;
u32 sw_if_index, is_del, sa_in, sa_out, *sa_ins = NULL;
+ ip_address_t peer = { };
vnet_main_t *vnm;
is_del = 0;
else if (unformat (line_input, "%U",
unformat_vnet_sw_interface, vnm, &sw_if_index))
;
+ else if (unformat (line_input, "%U", unformat_ip_address, &peer))
+ ;
else
return (clib_error_return (0, "unknown input '%U'",
format_unformat_error, line_input));
}
if (!is_del)
- ipsec_tun_protect_update (sw_if_index, sa_out, sa_ins);
+ ipsec_tun_protect_update (sw_if_index, &peer, sa_out, sa_ins);
unformat_free (line_input);
return NULL;
VLIB_INIT_FUNCTION (ipsec_cli_init);
+static clib_error_t *
+set_async_mode_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ int async_enable = 0;
+
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "on"))
+ async_enable = 1;
+ else if (unformat (line_input, "off"))
+ async_enable = 0;
+ else
+ return (clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, line_input));
+ }
+
+ vnet_crypto_request_async_mode (async_enable);
+ ipsec_set_async_mode (async_enable);
+
+ unformat_free (line_input);
+ return (NULL);
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (set_async_mode_command, static) = {
+ .path = "set ipsec async mode",
+ .short_help = "set ipsec async mode on|off",
+ .function = set_async_mode_command_fn,
+};
+/* *INDENT-ON* */
/*
* fd.io coding-style-patch-verification: ON
Code Review / vpp.git / blobdiff