IPSEC-AH: anti-replay testing

[vpp.git] / src / vnet / ipsec / ipsec_cli.c

diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index ee7dd40..f965514 100644 (file)
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -167,10 +167,10 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
     sa.integ_key_len = sizeof (sa.integ_key);
 
   if (ck)
-    strncpy ((char *) sa.crypto_key, (char *) ck, sa.crypto_key_len);
+    memcpy (sa.crypto_key, ck, sa.crypto_key_len);
 
   if (ik)
-    strncpy ((char *) sa.integ_key, (char *) ik, sa.integ_key_len);
+    memcpy (sa.integ_key, ik, sa.integ_key_len);
 
   if (is_add)
     {
@@ -462,10 +462,12 @@ show_ipsec_command_fn (vlib_main_t * vm,
   /* *INDENT-OFF* */
   pool_foreach (sa, im->sad, ({
     if (sa->id) {
-      vlib_cli_output(vm, "sa %u spi %u mode %s protocol %s%s", sa->id, sa->spi,
+      vlib_cli_output(vm, "sa %u spi %u mode %s protocol %s%s%s%s", sa->id, sa->spi,
                       sa->is_tunnel ? "tunnel" : "transport",
                       sa->protocol ? "esp" : "ah",
-                     sa->udp_encap ? " udp-encap-enabled" : "");
+                     sa->udp_encap ? " udp-encap-enabled" : "",
+                      sa->use_anti_replay ? " anti-replay" : "",
+                      sa->use_esn ? " extended-sequence-number" : "");
       if (sa->protocol == IPSEC_PROTOCOL_ESP) {
         vlib_cli_output(vm, "  crypto alg %U%s%U integrity alg %U%s%U",
                         format_ipsec_crypto_alg, sa->crypto_alg,