u32 id, spi, salt;
int is_add, rv;
+ salt = 0;
error = NULL;
is_add = 0;
flags = IPSEC_SA_FLAG_NONE;
rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg,
&ck, integ_alg, &ik, flags,
0, clib_host_to_net_u32 (salt),
- &tun_src, &tun_dst, NULL);
+ &tun_src, &tun_dst, NULL,
+ IPSEC_UDP_PORT_NONE);
else
rv = ipsec_sa_unlock_id (id);
static walk_rc_t
ipsec_tun_protect_show_one (index_t itpi, void *ctx)
{
- vlib_cli_output (ctx, "%U", format_ipsec_tun_protect, itpi);
+ vlib_cli_output (ctx, "%U", format_ipsec_tun_protect_index, itpi);
return (WALK_CONTINUE);
}
unformat_input_t _line_input, *line_input = &_line_input;
ip46_address_t local_ip = ip46_address_initializer;
ip46_address_t remote_ip = ip46_address_initializer;
- ipsec_crypto_alg_t crypto_alg;
- ipsec_integ_alg_t integ_alg;
+ ip_address_t nh = IP_ADDRESS_V4_ALL_0S;
+ ipsec_crypto_alg_t crypto_alg = IPSEC_CRYPTO_ALG_NONE;
+ ipsec_integ_alg_t integ_alg = IPSEC_INTEG_ALG_NONE;
ipsec_sa_flags_t flags;
u32 local_spi, remote_spi, salt, table_id, fib_index;
u32 instance = ~0;
;
else if (unformat (line_input, "del"))
is_add = 0;
+ else if (unformat (line_input, "nh &U", unformat_ip_address, &nh))
+ ;
else
{
error = clib_error_return (0, "unknown input `%U'",
/* create an ip-ip tunnel, then the two SA, then bind them */
rv =
ipip_add_tunnel (ipv6_set ? IPIP_TRANSPORT_IP6 : IPIP_TRANSPORT_IP4,
- instance, &local_ip, &remote_ip, fib_index, 0,
- &sw_if_index);
+ instance, &local_ip, &remote_ip, fib_index,
+ TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
+ TUNNEL_MODE_P2P, &sw_if_index);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_local_sa_id (sw_if_index),
local_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
&lck, integ_alg, &lik, flags, table_id,
clib_host_to_net_u32 (salt), &local_ip,
- &remote_ip, NULL);
+ &remote_ip, NULL, IPSEC_UDP_PORT_NONE);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_remote_sa_id (sw_if_index),
remote_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
&rck, integ_alg, &rik,
(flags | IPSEC_SA_FLAG_IS_INBOUND), table_id,
clib_host_to_net_u32 (salt), &remote_ip,
- &local_ip, NULL);
+ &local_ip, NULL, IPSEC_UDP_PORT_NONE);
rv |=
- ipsec_tun_protect_update_one (sw_if_index,
+ ipsec_tun_protect_update_one (sw_if_index, &nh,
ipsec_tun_mk_local_sa_id (sw_if_index),
ipsec_tun_mk_remote_sa_id
(sw_if_index));
{
unformat_input_t _line_input, *line_input = &_line_input;
u32 sw_if_index, is_del, sa_in, sa_out, *sa_ins = NULL;
+ ip_address_t peer = { };
vnet_main_t *vnm;
is_del = 0;
else if (unformat (line_input, "%U",
unformat_vnet_sw_interface, vnm, &sw_if_index))
;
+ else if (unformat (line_input, "%U", unformat_ip_address, &peer))
+ ;
else
return (clib_error_return (0, "unknown input '%U'",
format_unformat_error, line_input));
}
if (!is_del)
- ipsec_tun_protect_update (sw_if_index, sa_out, sa_ins);
+ ipsec_tun_protect_update (sw_if_index, &peer, sa_out, sa_ins);
unformat_free (line_input);
return NULL;