u32 id, spi, salt;
int is_add, rv;
+ salt = 0;
error = NULL;
is_add = 0;
flags = IPSEC_SA_FLAG_NONE;
static walk_rc_t
ipsec_tun_protect_show_one (index_t itpi, void *ctx)
{
- vlib_cli_output (ctx, "%U", format_ipsec_tun_protect, itpi);
+ vlib_cli_output (ctx, "%U", format_ipsec_tun_protect_index, itpi);
return (WALK_CONTINUE);
}
unformat_input_t _line_input, *line_input = &_line_input;
ip46_address_t local_ip = ip46_address_initializer;
ip46_address_t remote_ip = ip46_address_initializer;
+ ip_address_t nh = IP_ADDRESS_V4_ALL_0S;
ipsec_crypto_alg_t crypto_alg;
ipsec_integ_alg_t integ_alg;
ipsec_sa_flags_t flags;
;
else if (unformat (line_input, "del"))
is_add = 0;
+ else if (unformat (line_input, "nh &U", unformat_ip_address, &nh))
+ ;
else
{
error = clib_error_return (0, "unknown input `%U'",
/* create an ip-ip tunnel, then the two SA, then bind them */
rv =
ipip_add_tunnel (ipv6_set ? IPIP_TRANSPORT_IP6 : IPIP_TRANSPORT_IP4,
- instance, &local_ip, &remote_ip, fib_index, 0,
- &sw_if_index);
+ instance, &local_ip, &remote_ip, fib_index,
+ TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
+ TUNNEL_MODE_P2P, &sw_if_index);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_local_sa_id (sw_if_index),
local_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
clib_host_to_net_u32 (salt), &remote_ip,
&local_ip, NULL);
rv |=
- ipsec_tun_protect_update_one (sw_if_index,
+ ipsec_tun_protect_update_one (sw_if_index, &nh,
ipsec_tun_mk_local_sa_id (sw_if_index),
ipsec_tun_mk_remote_sa_id
(sw_if_index));
case 0:
break;
case VNET_API_ERROR_INVALID_VALUE:
- if (is_add)
- error = clib_error_return (0,
- "IPSec tunnel interface already exists...");
- else
- error = clib_error_return (0, "IPSec tunnel interface not exists...");
+ error = clib_error_return (0,
+ "IPSec tunnel interface already exists...");
goto done;
default:
error = clib_error_return (0, "ipsec_register_interface returned %d",
{
unformat_input_t _line_input, *line_input = &_line_input;
u32 sw_if_index, is_del, sa_in, sa_out, *sa_ins = NULL;
+ ip_address_t peer = { };
vnet_main_t *vnm;
is_del = 0;
else if (unformat (line_input, "%U",
unformat_vnet_sw_interface, vnm, &sw_if_index))
;
+ else if (unformat (line_input, "%U", unformat_ip_address, &peer))
+ ;
else
return (clib_error_return (0, "unknown input '%U'",
format_unformat_error, line_input));
}
if (!is_del)
- ipsec_tun_protect_update (sw_if_index, sa_out, sa_ins);
+ ipsec_tun_protect_update (sw_if_index, &peer, sa_out, sa_ins);
unformat_free (line_input);
return NULL;