vec_foreach (i, spd->policies[IPSEC_SPD_POLICY_IP4_INBOUND_PROTECT])
{
p = pool_elt_at_index (im->policies, *i);
- s = pool_elt_at_index (im->sad, p->sa_index);
+ s = ipsec_sa_get (p->sa_index);
if (spi != s->spi)
continue;
vec_foreach (i, spd->policies[IPSEC_SPD_POLICY_IP6_INBOUND_PROTECT])
{
p = pool_elt_at_index (im->policies, *i);
- s = pool_elt_at_index (im->sad, p->sa_index);
+ s = ipsec_sa_get (p->sa_index);
if (spi != s->spi)
continue;
if (PREDICT_TRUE ((p0 != NULL)))
{
ipsec_bypassed += 1;
+
pi0 = p0 - im->policies;
+ vlib_increment_combined_counter (
+ &ipsec_spd_policy_counters, thread_index, pi0, 1,
+ clib_net_to_host_u16 (ip0->length));
+
goto trace0;
}
else
if (PREDICT_TRUE ((p0 != NULL)))
{
ipsec_dropped += 1;
+
pi0 = p0 - im->policies;
+ vlib_increment_combined_counter (
+ &ipsec_spd_policy_counters, thread_index, pi0, 1,
+ clib_net_to_host_u16 (ip0->length));
+
next[0] = IPSEC_INPUT_NEXT_DROP;
goto trace0;
}
if (PREDICT_TRUE ((p0 != NULL)))
{
ipsec_bypassed += 1;
+
pi0 = p0 - im->policies;
+ vlib_increment_combined_counter (
+ &ipsec_spd_policy_counters, thread_index, pi0, 1,
+ clib_net_to_host_u16 (ip0->length));
+
goto trace1;
}
else
if (PREDICT_TRUE ((p0 != NULL)))
{
ipsec_dropped += 1;
+
pi0 = p0 - im->policies;
+ vlib_increment_combined_counter (
+ &ipsec_spd_policy_counters, thread_index, pi0, 1,
+ clib_net_to_host_u16 (ip0->length));
+
next[0] = IPSEC_INPUT_NEXT_DROP;
goto trace1;
}