p.is_ipv6 = (itype == IP46_TYPE_IP6);
p.protocol = mp->entry.protocol;
- /* leave the ports in network order */
- p.rport.start = mp->entry.remote_port_start;
- p.rport.stop = mp->entry.remote_port_stop;
- p.lport.start = mp->entry.local_port_start;
- p.lport.stop = mp->entry.local_port_stop;
+ p.rport.start = ntohs (mp->entry.remote_port_start);
+ p.rport.stop = ntohs (mp->entry.remote_port_stop);
+ p.lport.start = ntohs (mp->entry.local_port_start);
+ p.lport.stop = ntohs (mp->entry.local_port_stop);
rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
&mp->entry.remote_address_start);
ip_address_encode (&p->raddr.stop, IP46_TYPE_ANY,
&mp->entry.remote_address_stop);
- mp->entry.local_port_start = p->lport.start;
- mp->entry.local_port_stop = p->lport.stop;
- mp->entry.remote_port_start = p->rport.start;
- mp->entry.remote_port_stop = p->rport.stop;
+ mp->entry.local_port_start = htons (p->lport.start);
+ mp->entry.local_port_stop = htons (p->lport.stop);
+ mp->entry.remote_port_start = htons (p->rport.start);
+ mp->entry.remote_port_stop = htons (p->rport.stop);
mp->entry.protocol = p->protocol;
mp->entry.policy = ipsec_spd_action_encode (p->policy);
mp->entry.sa_id = htonl (p->sa_id);
{
p.lport.start = tmp;
p.lport.stop = tmp2;
- p.lport.start = clib_host_to_net_u16 (p.lport.start);
- p.lport.stop = clib_host_to_net_u16 (p.lport.stop);
}
else
if (unformat (line_input, "remote-port-range %u - %u", &tmp, &tmp2))
{
p.rport.start = tmp;
p.rport.stop = tmp2;
- p.rport.start = clib_host_to_net_u16 (p.rport.start);
- p.rport.stop = clib_host_to_net_u16 (p.rport.stop);
}
else
{
ipsec_main_t *im = &ipsec_main;
ipsec_policy_t *p;
vlib_counter_t counts;
+ ip46_type_t ip_type;
p = pool_elt_at_index (im->policies, pi);
{
s = format (s, " sa %u", p->sa_id);
}
+ if (p->is_ipv6)
+ {
+ ip_type = IP46_TYPE_IP6;
+ }
s = format (s, "\n local addr range %U - %U port range %u - %u",
- format_ip46_address, &p->laddr.start, IP46_TYPE_ANY,
- format_ip46_address, &p->laddr.stop, IP46_TYPE_ANY,
- clib_net_to_host_u16 (p->lport.start),
- clib_net_to_host_u16 (p->lport.stop));
+ format_ip46_address, &p->laddr.start, ip_type,
+ format_ip46_address, &p->laddr.stop, ip_type,
+ p->lport.start, p->lport.stop);
s = format (s, "\n remote addr range %U - %U port range %u - %u",
- format_ip46_address, &p->raddr.start, IP46_TYPE_ANY,
- format_ip46_address, &p->raddr.stop, IP46_TYPE_ANY,
- clib_net_to_host_u16 (p->rport.start),
- clib_net_to_host_u16 (p->rport.stop));
+ format_ip46_address, &p->raddr.start, ip_type,
+ format_ip46_address, &p->raddr.stop, ip_type,
+ p->rport.start, p->rport.stop);
vlib_get_combined_counter (&ipsec_spd_policy_counters, pi, &counts);
s = format (s, "\n packets %u bytes %u", counts.packets, counts.bytes);
if (PREDICT_FALSE (p->protocol && (p->protocol != pr)))
continue;
- if (ra < p->raddr.start.ip4.as_u32)
+ if (ra < clib_net_to_host_u32 (p->raddr.start.ip4.as_u32))
continue;
- if (ra > p->raddr.stop.ip4.as_u32)
+ if (ra > clib_net_to_host_u32 (p->raddr.stop.ip4.as_u32))
continue;
- if (la < p->laddr.start.ip4.as_u32)
+ if (la < clib_net_to_host_u32 (p->laddr.start.ip4.as_u32))
continue;
- if (la > p->laddr.stop.ip4.as_u32)
+ if (la > clib_net_to_host_u32 (p->laddr.stop.ip4.as_u32))
continue;
if (PREDICT_FALSE
p0 = ipsec6_output_policy_match (spd0,
&ip6_0->src_address,
&ip6_0->dst_address,
- udp0->src_port,
- udp0->dst_port, ip6_0->protocol);
+ clib_net_to_host_u16
+ (udp0->src_port),
+ clib_net_to_host_u16
+ (udp0->dst_port), ip6_0->protocol);
}
else
{
#endif
p0 = ipsec_output_policy_match (spd0, ip0->protocol,
- ip0->src_address.as_u32,
- ip0->dst_address.as_u32,
- udp0->src_port, udp0->dst_port);
+ clib_net_to_host_u32
+ (ip0->src_address.as_u32),
+ clib_net_to_host_u32
+ (ip0->dst_address.as_u32),
+ clib_net_to_host_u16
+ (udp0->src_port),
+ clib_net_to_host_u16
+ (udp0->dst_port));
}
tcp0 = (void *) udp0;
typedef struct
{
- /* Ports stored in network byte order */
u16 start, stop;
} port_range_t;
Code Review / vpp.git / commitdiff