u16 udp_src, udp_dst;
int is_add, rv;
u32 m_args = 0;
- tunnel_t tun;
+ tunnel_t tun = {};
salt = 0;
error = NULL;
else if (unformat (line_input, "integ-alg %U",
unformat_ipsec_integ_alg, &integ_alg))
;
- else if (unformat (line_input, " %U", unformat_tunnel, &tun))
+ else if (unformat (line_input, "%U", unformat_tunnel, &tun))
{
flags |= IPSEC_SA_FLAG_IS_TUNNEL;
if (AF_IP6 == tunnel_get_af (&tun))
flags |= IPSEC_SA_FLAG_USE_ESN;
else if (unformat (line_input, "udp-encap"))
flags |= IPSEC_SA_FLAG_UDP_ENCAP;
+ else if (unformat (line_input, "async"))
+ flags |= IPSEC_SA_FLAG_IS_ASYNC;
else
{
error = clib_error_return (0, "parse error: '%U'",
goto done;
}
}
- if ((flags & IPSEC_SA_FLAG_IS_INBOUND)
- && !(flags & IPSEC_SA_FLAG_IS_TUNNEL))
- {
- error = clib_error_return (0, "inbound specified on non-tunnel SA");
- goto done;
- }
if (!(m_args & 1))
{
}
if (rv)
- error = clib_error_return (0, "failed");
+ error = clib_error_return (0, "failed: %d", rv);
done:
unformat_free (line_input);
};
/* *INDENT-ON* */
+static clib_error_t *
+ipsec_sa_bind_cli (vlib_main_t *vm, unformat_input_t *input,
+ vlib_cli_command_t *cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ u32 id = ~0;
+ u32 worker = ~0;
+ bool bind = 1;
+ int rv;
+ clib_error_t *error = NULL;
+
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "unbind"))
+ bind = 0;
+ else if (id == ~0 && unformat (line_input, "%u", &id))
+ ;
+ else if (unformat (line_input, "%u", &worker))
+ ;
+ else
+ {
+ error = clib_error_return (0, "parse error: '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
+ }
+
+ if (id == ~0)
+ {
+ error = clib_error_return (0, "please specify SA ID");
+ goto done;
+ }
+
+ if (bind && ~0 == worker)
+ {
+ error = clib_error_return (0, "please specify worker to bind to");
+ goto done;
+ }
+
+ rv = ipsec_sa_bind (id, worker, bind);
+ switch (rv)
+ {
+ case VNET_API_ERROR_INVALID_VALUE:
+ error = clib_error_return (0, "please specify a valid SA ID");
+ break;
+ case VNET_API_ERROR_INVALID_WORKER:
+ error = clib_error_return (0, "please specify a valid worker index");
+ break;
+ }
+
+done:
+ unformat_free (line_input);
+
+ return error;
+}
+
+VLIB_CLI_COMMAND (ipsec_sa_bind_cmd, static) = {
+ .path = "ipsec sa bind",
+ .short_help = "ipsec sa [unbind] <sa-id> <worker>",
+ .function = ipsec_sa_bind_cli,
+};
+
static clib_error_t *
ipsec_spd_add_del_command_fn (vlib_main_t * vm,
unformat_input_t * input,
clib_memset (&p, 0, sizeof (p));
p.lport.stop = p.rport.stop = ~0;
remote_range_set = local_range_set = is_outbound = 0;
+ p.protocol = IPSEC_POLICY_PROTOCOL_ANY;
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
u32 sai;
/* *INDENT-OFF* */
- pool_foreach_index (sai, im->sad) {
- vlib_cli_output(vm, "%U", format_ipsec_sa, sai,
- (detail ? IPSEC_FORMAT_DETAIL : IPSEC_FORMAT_BRIEF));
- }
+ pool_foreach_index (sai, ipsec_sa_pool)
+ {
+ vlib_cli_output (vm, "%U", format_ipsec_sa, sai,
+ (detail ? IPSEC_FORMAT_DETAIL : IPSEC_FORMAT_BRIEF));
+ }
/* *INDENT-ON* */
}
pool_foreach_index (spdi, im->spds) {
vlib_cli_output(vm, "%U", format_ipsec_spd, spdi);
}
+
+ if (im->output_flow_cache_flag)
+ {
+ vlib_cli_output (vm, "%U", format_ipsec_out_spd_flow_cache);
+ }
+ if (im->input_flow_cache_flag)
+ {
+ vlib_cli_output (vm, "%U", format_ipsec_in_spd_flow_cache);
+ }
/* *INDENT-ON* */
}
clear_ipsec_sa_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
{
- ipsec_main_t *im = &ipsec_main;
u32 sai = ~0;
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
if (~0 == sai)
{
/* *INDENT-OFF* */
- pool_foreach_index (sai, im->sad) {
- ipsec_sa_clear(sai);
- }
+ pool_foreach_index (sai, ipsec_sa_pool)
+ {
+ ipsec_sa_clear (sai);
+ }
/* *INDENT-ON* */
}
else
{
- if (pool_is_free_index (im->sad, sai))
+ if (pool_is_free_index (ipsec_sa_pool, sai))
return clib_error_return (0, "unknown SA index: %d", sai);
else
ipsec_sa_clear (sai);
}
/* *INDENT-ON* */
vlib_cli_output (vm, "%v", s);
- _vec_len (s) = 0;
+ vec_set_len (s, 0);
vlib_cli_output (vm, "IPsec ESP backends available:");
s = format (s, "%=25s %=25s %=10s\n", "Name", "Index", "Active");
ipsec_esp_backend_t *eb;
{
vlib_clear_combined_counters (&ipsec_spd_policy_counters);
vlib_clear_combined_counters (&ipsec_sa_counters);
+ for (int i = 0; i < IPSEC_SA_N_ERRORS; i++)
+ vlib_clear_simple_counters (&ipsec_sa_err_counters[i]);
return (NULL);
}
format_unformat_error, line_input));
}
- vnet_crypto_request_async_mode (async_enable);
ipsec_set_async_mode (async_enable);
unformat_free (line_input);
Code Review / vpp.git / blobdiff