X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_cli.c;h=2c7a923adc37079a3fa5ae99f122509bf40e2327;hb=f16e9a550;hp=b708e50378c58e56416b891c20b154300321be28;hpb=751bb131ef504b64fe82f393df21dba95ca92e97;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index b708e50378c..2c7a923adc3 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -86,9 +86,6 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
 			     vlib_cli_command_t * cmd)
 {
   unformat_input_t _line_input, *line_input = &_line_input;
-  ip46_address_t tun_src = { }, tun_dst =
-  {
-  };
   ipsec_crypto_alg_t crypto_alg;
   ipsec_integ_alg_t integ_alg;
   ipsec_protocol_t proto;
@@ -101,8 +98,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
   u16 udp_src, udp_dst;
   int is_add, rv;
   u32 m_args = 0;
-  ip_dscp_t dscp;
-  u32 tx_table_id;
+  tunnel_t tun = {};
 
   salt = 0;
   error = NULL;
@@ -112,8 +108,6 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
   integ_alg = IPSEC_INTEG_ALG_NONE;
   crypto_alg = IPSEC_CRYPTO_ALG_NONE;
   udp_src = udp_dst = IPSEC_UDP_PORT_NONE;
-  dscp = IP_DSCP_CS0;
-  tx_table_id = 0;
 
   if (!unformat_user (input, unformat_line_input, line_input))
     return 0;
@@ -149,22 +143,16 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
       else if (unformat (line_input, "integ-alg %U",
 			 unformat_ipsec_integ_alg, &integ_alg))
 	;
-      else if (unformat (line_input, "tunnel-src %U",
-			 unformat_ip46_address, &tun_src, IP46_TYPE_ANY))
+      else if (unformat (line_input, " %U", unformat_tunnel, &tun))
 	{
 	  flags |= IPSEC_SA_FLAG_IS_TUNNEL;
-	  if (!ip46_address_is_ip4 (&tun_src))
+	  if (AF_IP6 == tunnel_get_af (&tun))
 	    flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6;
 	}
-      else if (unformat (line_input, "tunnel-dst %U",
-			 unformat_ip46_address, &tun_dst, IP46_TYPE_ANY))
-	;
       else if (unformat (line_input, "udp-src-port %d", &i))
 	udp_src = i;
       else if (unformat (line_input, "udp-dst-port %d", &i))
 	udp_dst = i;
-      else if (unformat (line_input, "tx-table-id %d", &tx_table_id))
-	;
       else if (unformat (line_input, "inbound"))
 	flags |= IPSEC_SA_FLAG_IS_INBOUND;
       else if (unformat (line_input, "use-anti-replay"))
@@ -173,6 +161,8 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
 	flags |= IPSEC_SA_FLAG_USE_ESN;
       else if (unformat (line_input, "udp-encap"))
 	flags |= IPSEC_SA_FLAG_UDP_ENCAP;
+      else if (unformat (line_input, "async"))
+	flags |= IPSEC_SA_FLAG_IS_ASYNC;
       else
 	{
 	  error = clib_error_return (0, "parse error: '%U'",
@@ -200,12 +190,9 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
 	  error = clib_error_return (0, "missing spi");
 	  goto done;
 	}
-      rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg,
-				  &ck, integ_alg, &ik, flags,
-				  tx_table_id, clib_host_to_net_u32 (salt),
-				  &tun_src, &tun_dst,
-				  TUNNEL_ENCAP_DECAP_FLAG_NONE, dscp,
-				  &sai, udp_src, udp_dst);
+      rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg, &ck, integ_alg,
+				  &ik, flags, clib_host_to_net_u32 (salt),
+				  udp_src, udp_dst, &tun, &sai);
     }
   else
     {
@@ -213,7 +200,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
     }
 
   if (rv)
-    error = clib_error_return (0, "failed");
+    error = clib_error_return (0, "failed: %d", rv);
 
 done:
   unformat_free (line_input);
@@ -429,10 +416,11 @@ ipsec_sa_show_all (vlib_main_t * vm, ipsec_main_t * im, u8 detail)
   u32 sai;
 
   /* *INDENT-OFF* */
-  pool_foreach_index (sai, im->sad)  {
-    vlib_cli_output(vm, "%U", format_ipsec_sa, sai,
-                    (detail ? IPSEC_FORMAT_DETAIL : IPSEC_FORMAT_BRIEF));
-  }
+  pool_foreach_index (sai, ipsec_sa_pool)
+    {
+      vlib_cli_output (vm, "%U", format_ipsec_sa, sai,
+		       (detail ? IPSEC_FORMAT_DETAIL : IPSEC_FORMAT_BRIEF));
+    }
   /* *INDENT-ON* */
 }
 
@@ -536,7 +524,6 @@ static clib_error_t *
 clear_ipsec_sa_command_fn (vlib_main_t * vm,
 			   unformat_input_t * input, vlib_cli_command_t * cmd)
 {
-  ipsec_main_t *im = &ipsec_main;
   u32 sai = ~0;
 
   while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
@@ -550,14 +537,15 @@ clear_ipsec_sa_command_fn (vlib_main_t * vm,
   if (~0 == sai)
     {
       /* *INDENT-OFF* */
-      pool_foreach_index (sai, im->sad)  {
-        ipsec_sa_clear(sai);
-      }
+      pool_foreach_index (sai, ipsec_sa_pool)
+	{
+	  ipsec_sa_clear (sai);
+	}
       /* *INDENT-ON* */
     }
   else
     {
-      if (pool_is_free_index (im->sad, sai))
+      if (pool_is_free_index (ipsec_sa_pool, sai))
 	return clib_error_return (0, "unknown SA index: %d", sai);
       else
 	ipsec_sa_clear (sai);
@@ -954,7 +942,6 @@ set_async_mode_command_fn (vlib_main_t * vm, unformat_input_t * input,
 				   format_unformat_error, line_input));
     }
 
-  vnet_crypto_request_async_mode (async_enable);
   ipsec_set_async_mode (async_enable);
 
   unformat_free (line_input);