(line_input, "crypto-alg %U", unformat_ipsec_crypto_alg,
&sa.crypto_alg))
{
- if (sa.crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+ if (sa.crypto_alg < IPSEC_CRYPTO_ALG_NONE ||
sa.crypto_alg >= IPSEC_CRYPTO_N_ALG)
{
error = clib_error_return (0, "unsupported crypto-alg: '%U'",
else if (unformat (line_input, "integ-alg %U", unformat_ipsec_integ_alg,
&sa.integ_alg))
{
- if (sa.integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
+ if (sa.integ_alg < IPSEC_INTEG_ALG_NONE ||
sa.integ_alg >= IPSEC_INTEG_N_ALG)
{
error = clib_error_return (0, "unsupported integ-alg: '%U'",
goto done;
}
- ipsec_add_del_sa (vm, &sa, is_add);
+ ipsec_add_del_sa (vm, &sa, is_add, 0 /* enable nat traversal */ );
done:
unformat_free (line_input);
/* *INDENT-OFF* */
pool_foreach (sa, im->sad, ({
if (sa->id) {
- vlib_cli_output(vm, "sa %u spi %u mode %s protocol %s", sa->id, sa->spi,
+ vlib_cli_output(vm, "sa %u spi %u mode %s protocol %s%s", sa->id, sa->spi,
sa->is_tunnel ? "tunnel" : "transport",
- sa->protocol ? "esp" : "ah");
+ sa->protocol ? "esp" : "ah",
+ sa->udp_encap ? " udp-encap-enabled" : "");
if (sa->protocol == IPSEC_PROTOCOL_ESP) {
vlib_cli_output(vm, " crypto alg %U%s%U integrity alg %U%s%U",
format_ipsec_crypto_alg, sa->crypto_alg,
num_m_args++;
else if (unformat (line_input, "remote-spi %u", &a.remote_spi))
num_m_args++;
+ else if (unformat (line_input, "instance %u", &a.show_instance))
+ a.renumber = 1;
else if (unformat (line_input, "del"))
a.is_add = 0;
else
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (create_ipsec_tunnel_command, static) = {
.path = "create ipsec tunnel",
- .short_help = "create ipsec tunnel local-ip <addr> local-spi <spi> remote-ip <addr> remote-spi <spi>",
+ .short_help = "create ipsec tunnel local-ip <addr> local-spi <spi> remote-ip <addr> remote-spi <spi> [instance <inst_num>]",
.function = create_ipsec_tunnel_command_fn,
};
/* *INDENT-ON* */