From: Christian Hopps <chopps@labn.net>
Date: Fri, 17 Jul 2020 13:53:18 +0000 (-0400)
Subject: ipsec: cli: add missing flags for SA add
X-Git-Tag: v21.01-rc0~29
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=99975388a2106e65965a7661ac21a34af288aa7b;p=vpp.git

ipsec: cli: add missing flags for SA add

Add missing cli options for setting IPsec SA flags, inbound,
use-anti-replay, and use-esn.

Type: fix
Change-Id: Ia7a91b4b0a12be9e4dd0e684be3e04d8ccafb9d4
Signed-off-by: Christian Hopps <chopps@labn.net>
---

diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 01d4b759d27..0d1ab033aec 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -144,6 +144,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
       else if (unformat (line_input, "tunnel-dst %U",
 			 unformat_ip46_address, &tun_dst, IP46_TYPE_ANY))
 	;
+      else if (unformat (line_input, "inbound"))
+	flags |= IPSEC_SA_FLAG_IS_INBOUND;
+      else if (unformat (line_input, "use-anti-replay"))
+	flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
+      else if (unformat (line_input, "use-esn"))
+	flags |= IPSEC_SA_FLAG_USE_ESN;
       else if (unformat (line_input, "udp-encap"))
 	flags |= IPSEC_SA_FLAG_UDP_ENCAP;
       else
@@ -153,6 +159,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
 	  goto done;
 	}
     }
+  if ((flags & IPSEC_SA_FLAG_IS_INBOUND)
+      && !(flags & IPSEC_SA_FLAG_IS_TUNNEL))
+    {
+      error = clib_error_return (0, "inbound specified on non-tunnel SA");
+      goto done;
+    }
 
   if (!(m_args & 1))
     {