u16 udp_src, udp_dst;
int is_add, rv;
u32 m_args = 0;
+ ip_dscp_t dscp;
salt = 0;
error = NULL;
integ_alg = IPSEC_INTEG_ALG_NONE;
crypto_alg = IPSEC_CRYPTO_ALG_NONE;
udp_src = udp_dst = IPSEC_UDP_PORT_NONE;
+ dscp = IP_DSCP_CS0;
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg,
&ck, integ_alg, &ik, flags,
0, clib_host_to_net_u32 (salt),
- &tun_src, &tun_dst, &sai, udp_src, udp_dst);
+ &tun_src, &tun_dst,
+ TUNNEL_ENCAP_DECAP_FLAG_NONE, dscp,
+ &sai, udp_src, udp_dst);
}
else
{
local_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
&lck, integ_alg, &lik, flags, table_id,
clib_host_to_net_u32 (salt), &local_ip,
- &remote_ip, NULL, IPSEC_UDP_PORT_NONE,
- IPSEC_UDP_PORT_NONE);
+ &remote_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE,
+ IP_DSCP_CS0, NULL,
+ IPSEC_UDP_PORT_NONE, IPSEC_UDP_PORT_NONE);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_remote_sa_id (sw_if_index),
remote_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
&rck, integ_alg, &rik,
(flags | IPSEC_SA_FLAG_IS_INBOUND), table_id,
clib_host_to_net_u32 (salt), &remote_ip,
- &local_ip, NULL, IPSEC_UDP_PORT_NONE,
- IPSEC_UDP_PORT_NONE);
+ &local_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE,
+ IP_DSCP_CS0, NULL,
+ IPSEC_UDP_PORT_NONE, IPSEC_UDP_PORT_NONE);
rv |=
ipsec_tun_protect_update_one (sw_if_index, &nh,
ipsec_tun_mk_local_sa_id (sw_if_index),
if (!is_del)
ipsec_tun_protect_update (sw_if_index, &peer, sa_out, sa_ins);
+ else
+ ipsec_tun_protect_del (sw_if_index, &peer);
unformat_free (line_input);
return NULL;
{
.path = "ipsec tunnel protect",
.function = ipsec_tun_protect_cmd,
- .short_help = "ipsec tunnel protect <interface> input-sa <SA> output-sa <SA>",
+ .short_help = "ipsec tunnel protect <interface> input-sa <SA> output-sa <SA> [add|del]",
// this is not MP safe
};
/* *INDENT-ON* */
/* *INDENT-ON* */
static int
-ipsec_tun_protect4_hash_show_one (clib_bihash_kv_8_8_t * kv, void *arg)
+ipsec_tun_protect4_hash_show_one (clib_bihash_kv_8_16_t * kv, void *arg)
{
ipsec4_tunnel_kv_t *ikv = (ipsec4_tunnel_kv_t *) kv;
vlib_main_t *vm = arg;
}
static int
-ipsec_tun_protect6_hash_show_one (clib_bihash_kv_24_8_t * kv, void *arg)
+ipsec_tun_protect6_hash_show_one (clib_bihash_kv_24_16_t * kv, void *arg)
{
ipsec6_tunnel_kv_t *ikv = (ipsec6_tunnel_kv_t *) kv;
vlib_main_t *vm = arg;
{
vlib_cli_output (vm, "IPv4:");
- clib_bihash_foreach_key_value_pair_8_8
+ clib_bihash_foreach_key_value_pair_8_16
(&im->tun4_protect_by_key, ipsec_tun_protect4_hash_show_one, vm);
vlib_cli_output (vm, "IPv6:");
- clib_bihash_foreach_key_value_pair_24_8
+ clib_bihash_foreach_key_value_pair_24_16
(&im->tun6_protect_by_key, ipsec_tun_protect6_hash_show_one, vm);
}